CVE-2017-7921 exploit. Allows admin password retrieval and automatic snapshot download.# CVE-2017-7921 exploit
This script allows interaction with a CVE-2017-7921 vulnerable camera to perform the following operations:
1. Download and decrypt a configuration file, containing the camera's admin's password.
2. Continuously download images every second.
3. Convert a series of downloaded images into a video.
## Requirements
- Python 3.x
- Packages listed in `requirements.txt`. Install with:
```bash
pip install -r requirements.txt
```
## Usage
The script takes the following arguments:
- `-p IP:PORT`: To download and decrypt the configuration file.
- `-s IP:PORT`: To download images every second. Images are saved in the `snapshots/IP:PORT/` folder.
- `-c IP:PORT`: Converts images from the specified camera into a video.
- `-t`: Uses Tor for all requests. Ensure you have Tor service running.
Usage examples:
```bash
python script.py -p 192.168.1.10:8080
python script.py -s 192.168.1.10:8080 -t
python script.py -c 192.168.1.10:8080
```
Image download can be stopped by pressing `Ctrl+C`.
Also image downloading does a check if the downloaded image is very similar to the previous one to avoid saving the same image multiple times.
## Warning
Ensure you have permission to interact with the surveillance camera. Misuse of this script can be illegal and ethically wrong. Use responsibly.
[4.0K] /data/pocs/5aa78bc6f196dc92686dd892d9d8aa0d47f14243
├── [1.3K] README.md
├── [ 41] requeriments.txt
└── [8.5K] script.py
0 directories, 3 files