关联漏洞
标题:
多款Hikvision产品安全漏洞
(CVE-2017-7921)
描述:Hikvision DS-2CD2xx2F-I Series等都是中国海康威视(Hikvision)公司的网络摄像头产品。 多款Hikvision产品中存在身份验证漏洞。攻击者可利用该漏洞提升权限,获取敏感信息的访问权限。以下产品和版本受到影响:Hikvision DS-2CD2xx2F-I Series 5.2.0 build 140721版本至5.4.0 build 160530版本;DS-2CD2xx0F-I Series 5.2.0 build 140721版本至5.4.0 Build 16040
描述
CVE-2017-7921 exploit. Allows admin password retrieval and automatic snapshot download.
介绍
# CVE-2017-7921 exploit
This script allows interaction with a CVE-2017-7921 vulnerable camera to perform the following operations:
1. Download and decrypt a configuration file, containing the camera's admin's password.
2. Continuously download images every second.
3. Convert a series of downloaded images into a video.
## Requirements
- Python 3.x
- Packages listed in `requirements.txt`. Install with:
```bash
pip install -r requirements.txt
```
## Usage
The script takes the following arguments:
- `-p IP:PORT`: To download and decrypt the configuration file.
- `-s IP:PORT`: To download images every second. Images are saved in the `snapshots/IP:PORT/` folder.
- `-c IP:PORT`: Converts images from the specified camera into a video.
- `-t`: Uses Tor for all requests. Ensure you have Tor service running.
Usage examples:
```bash
python script.py -p 192.168.1.10:8080
python script.py -s 192.168.1.10:8080 -t
python script.py -c 192.168.1.10:8080
```
Image download can be stopped by pressing `Ctrl+C`.
Also image downloading does a check if the downloaded image is very similar to the previous one to avoid saving the same image multiple times.
## Warning
Ensure you have permission to interact with the surveillance camera. Misuse of this script can be illegal and ethically wrong. Use responsibly.
文件快照
[4.0K] /data/pocs/3cf8af9a25a525749aff1058b3c261f391176052
├── [1.3K] README.md
├── [ 41] requeriments.txt
└── [8.5K] script.py
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。