关联漏洞
标题:
多款Hikvision产品安全漏洞
(CVE-2017-7921)
描述:Hikvision DS-2CD2xx2F-I Series等都是中国海康威视(Hikvision)公司的网络摄像头产品。 多款Hikvision产品中存在身份验证漏洞。攻击者可利用该漏洞提升权限,获取敏感信息的访问权限。以下产品和版本受到影响:Hikvision DS-2CD2xx2F-I Series 5.2.0 build 140721版本至5.4.0 build 160530版本;DS-2CD2xx0F-I Series 5.2.0 build 140721版本至5.4.0 Build 16040
介绍
# hikvision_CVE-2017-7921_auth_bypass_config_decryptor
This python file will decrypt the configurationFile used by hikvision cameras vulnerable to CVE-2017-7921.
https://www.checkpoint.com/defense/advisories/public/2017/cpai-2017-0876.html/
# Description
Hikvision IP Cameras Authentication Bypass (CVE-2017-7921)
Basically, hikvision cameras that are vulnerable to the CVE listed above, can have several routes exposed by using a simple base64 string supplied as an argument in the url.
For example:
`/System/configurationFile?auth=YWRtaW46MTEK`
This would allow an unauthenticated user to download the config file for the camera which includes user information. This configuration file uses weak encryption and a static key by default.
The python script supplied, will decrypt this configuration file.
I also supply a sample generated example configuration file for you to test.
# How To Use
`./decrypt_configurationFile.py <nameofdownloadedconfig>`
# Dependencies:
`sudo python3 -m pip install pycryptodome`
**Tested on Ubunut 20.04 with python 3.8.5**
文件快照
[4.0K] /data/pocs/c19123c8e35a5556717d6fd850de15b26a71bec7
├── [867K] configurationFile
├── [1.2K] decrypt_configurationFile.py
├── [1.0K] LICENSE
└── [1.0K] README.md
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。