POC详情: 9d52c528222573c13ebd1b794dd0eba9a358069d

来源
https://github.com/kienquoc102/CVE-2018-9995-2
关联漏洞
标题: TBK DVR4104和DVR4216 安全漏洞 (CVE-2018-9995)
描述:TBK DVR4104和DVR4216都是高清数字录像机设备。 TBK DVR4104和DVR4216中存在安全漏洞。远程攻击者可借助Cookie: uid=admin包头利用该漏洞绕过身份验证。
介绍
#  [Tool] CVE-2018-9995-2

	[*] CVE:            CVE-2018-9995
	[*] Exploit Author: Fernandez Ezequiel ( @capitan_alfa ) 
	[*] Modify:         Kien Quoc
	[*] Version:        2.0

	
## Install Python3
        apt-get install git
        pip3 install requests
        pip3 install colorama
        sudo apt update
        apt-get install python3

## Quick start
```
     git clone https://github.com/kienquoc102/CVE-2018-9995-2
     cd CVE-2018-9995-2
     python3 exploit.py
     *and then enter IP and port (excluding http://ip:port)*
     Example: ( Host: 192.168.x.x )
              ( Port: 81 )
     and wait for hack.


```
![DVR_indoor_1](screenshot/indoor/in_x.png)
![DVR_indoor_2](screenshot/indoor/in_x1.png)
![DVR_indoor_3](screenshot/indoor/in_1.png)
![DVR_indoor_4](screenshot/indoor/in_2.png)
![DVR_indoor_5](screenshot/indoor/in_3.png)
![DVR_indoor_6](screenshot/indoor/in_4.png)
![DVR_indoor_7](screenshot/indoor/in_5.png)
<img src="https://github.com/kienquoc102/CVE-2018-9995-2/blob/master/in_8.jpg">


# Hack successfully:
<img src="https://github.com/kienquoc102/CVE-2018-9995-2/blob/master/main1.jpg">


## The camera Company Has a Security Error:
	Novo
	CeNova
	QSee
	Pulnix
	XVR 5 in 1 (title: "XVR Login")
	Securus,  - Security. Never Compromise !! - 
	Night OWL
	DVR Login
	HVR Login
	MDVR Login
	Zeisic


### Login Main:
![DVR_login_1](screenshot/loginFront/login_1.png)
![DVR_login_2](screenshot/loginFront/login_2.png)
![DVR_login_3](screenshot/loginFront/login_3.png)
![DVR_login_4](screenshot/loginFront/login_4.png)
![DVR_login_5](screenshot/loginFront/login_5.png)
![DVR_login_6](screenshot/loginFront/login_6.png)
![DVR_login_7](screenshot/loginFront/login_7.png)
![DVR_login_8](screenshot/loginFront/login_9.png)
![DVR_login_10](screenshot/loginFront/login_10.png)


# Dorks: 
        Zoomeye.org: "/login.rsp"
        Shodan: "login.rsp"
        Google: intitle:"DVR Login"
                intitle:"NVR Login"
	            intitle:"XVR Login"
	            intitle:"AHD Login"

![DVR_dorks_0](screenshot/cow/zoomEyes.jpg) 
![DVR_dorks_2](screenshot/cow/shodan_1.png) 
![DVR_dorks_1](screenshot/cow/google_1.png) 
![DVR_dorks_3](screenshot/cow/shodan_2.png)


Tks for Read :XD
文件快照

 [4.0K]  /data/pocs/9d52c528222573c13ebd1b794dd0eba9a358069d
├── [1.7K]  exploit.py
├── [239K]  in_8.jpg
├── [ 23K]  main1.jpg
├── [2.2K]  README.md
└── [4.0K]  screenshot
    ├── [4.0K]  cow
    │   ├── [ 70K]  google_1.png
    │   ├── [ 71K]  shodan_1.png
    │   ├── [187K]  shodan_2.png
    │   └── [ 91K]  zoomEyes.jpg
    ├── [4.0K]  indoor
    │   ├── [537K]  in_1.png
    │   ├── [296K]  in_2.png
    │   ├── [358K]  in_3.png
    │   ├── [586K]  in_4.png
    │   ├── [508K]  in_5.png
    │   ├── [239K]  in_8.jpg
    │   ├── [422K]  in_x1.png
    │   └── [714K]  in_x.png
    ├── [4.0K]  loginFront
    │   ├── [ 24K]  login_10.png
    │   ├── [ 27K]  login_1.png
    │   ├── [ 68K]  login_2.png
    │   ├── [ 68K]  login_3.png
    │   ├── [ 49K]  login_4.png
    │   ├── [ 70K]  login_5.png
    │   ├── [ 95K]  login_6.png
    │   ├── [164K]  login_7.png
    │   ├── [ 32K]  login_8.png
    │   └── [ 32K]  login_9.png
    └── [4.0K]  v
        └── [4.0K]  tbk_vision
            ├── [219K]  indoor_1.png
            └── [ 42K]  login_1.png

6 directories, 28 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。