POC详情: ef68d0b098f7e7c19a1124378456d404459fa6fc

来源
https://github.com/Cyb0r9/DVR-Exploiter
关联漏洞
标题: TBK DVR4104和DVR4216 安全漏洞 (CVE-2018-9995)
描述:TBK DVR4104和DVR4216都是高清数字录像机设备。 TBK DVR4104和DVR4216中存在安全漏洞。远程攻击者可借助Cookie: uid=admin包头利用该漏洞绕过身份验证。
描述
DVR-Exploiter a Bash Script Program Exploit The DVR's Based on CVE-2018-9995
介绍
# DVR-Exploiter
	[*] Exploit Title:       DVR Credentials Exposed 
	[*] Date:                09/04/2018
	[*] Exploit Author:      Fernandez Ezequiel
	[*] DVR-Exploiter By:    Belahsan Ouerghi  
	[*] Contact:             www.facebook.com/ouerghi.belahsan
	[*] Youtube Tutorial:	 https://www.youtube.com/watch?v=vdnATjE_4II
	[*] Dorks:               		       intitle:"DVR Login"
		                                       html:"/login.rsp"
		                                      "Server: GNU rsp/1.1"
![DVR_wall](Screenshots/dvr.png) 
                                             
## tested in DVR :
	Novo
	CeNova
	QSee
	Pulnix
	XVR 5 in 1 (title: "XVR Login")
	Securus,  - Security. Never Compromise !! - 
	Night OWL
	DVR Login
	HVR Login
	MDVR Login
  ## Installation : 
  ```
  $ git clone https://github.com/TunisianEagles/DVR-Exploiter.git
  $ cd DVR-Exploiter
  $ chmod +x DVR-Exploiter.sh
  $ ./DVR-Exploiter.sh
  ```
  ## Details
  [ After Running Choose The Host Example : 1 = 127.0.0.1 {IP } , / 2 = www.xxxxxxxx.com  ]
 * Don't Forget To Install The Plugin Of The DVR 
  # Screenshots
  ![DVR_wall](Screenshots/42332530_2136094803102242_4151826855046938624_o.jpg)
  ![DVR_wall](Screenshots/in_x1.png)
  ![DVR_wall](Screenshots/1.png) 
  ![DVR_wall](Screenshots/2.png) 
  ![DVR_wall](Screenshots/3.png) 
  ![DVR_wall](Screenshots/4.png) 
  ![DVR_wall](Screenshots/5.png) 
  ![DVR_wall](Screenshots/6.png) 
  ![DVR_wall](Screenshots/7.png) 
  ![DVR_wall](Screenshots/8.png) 
  ![DVR_wall](Screenshots/9.png) 
  ![DVR_wall](Screenshots/10.png) 
  ![DVR_wall](Screenshots/11.png) 
  ![DVR_wall](Screenshots/12.png) 
  ![DVR_wall](Screenshots/13.jpg) 

  # Tutorial :
https://www.yeahhub.com/exploitation-dvr-cameras-cve-2018-9995-tutorial/
文件快照

 [4.0K]  /data/pocs/ef68d0b098f7e7c19a1124378456d404459fa6fc
├── [1.8K]  DVR-Exploiter.sh
├── [1.7K]  README.md
└── [4.0K]  Screenshots
    ├── [187K]  10.png
    ├── [ 70K]  11.png
    ├── [ 71K]  12.png
    ├── [ 91K]  13.jpg
    ├── [164K]  1.png
    ├── [ 95K]  2.png
    ├── [ 24K]  3.png
    ├── [227K]  42332530_2136094803102242_4151826855046938624_o.jpg
    ├── [ 32K]  4.png
    ├── [ 70K]  5.png
    ├── [ 49K]  6.png
    ├── [ 68K]  7.png
    ├── [ 68K]  8.png
    ├── [ 27K]  9.png
    ├── [   1]  a
    ├── [ 31K]  dvr.png
    └── [422K]  in_x1.png

1 directory, 19 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。