Giter VIP home page Giter VIP logo

hisilicon-dvr-telnet's Introduction

hisilicon-dvr-telnet

PoC materials for article https://habr.com/en/post/486856/

❤️ ❤️ ❤️

You can say thanks to the author by donations to these wallets:

  • ETH: 0xB71250010e8beC90C5f9ddF408251eBA9dD7320e
  • BTC:
    • Legacy: 1N89PRvG1CSsUk9sxKwBwudN6TjTPQ1N8a
    • Segwit: bc1qc0hcyxc000qf0ketv4r44ld7dlgmmu73rtlntw

hisilicon-dvr-telnet's People

Contributors

snawoot avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

nicholas1126 sk3lk0 bin4ry lokori polytronicgr pirenga yaba keke1023 prahs ostrichsec fruxlabs wxh0000mm 0x6b7966 akpotter yetiddbb dgem butterflyhack kiroleg startagain2016 lkoranda bhass1 zxlben h1d3r burtb inspectordidi a1kaid tadryanom corbolais steffikerst gkfnf jbagel2 barondj maomiaomi lubyruffy r4b3rt bh2uol jermainlaforce atorninja h4lo shiv50084 leonw7 jrhopper kiang70 sintrb tachibana51 zmdprogrom wizkidorg somespy joss13aws phatdatpq asiacny dason2u cppstar awesome-consumer-iot tryweirder andy9100 southerneast ubis sandi2382 rjdza yuuunagi petrogolovnya coding2000 flor1n nospam2k

hisilicon-dvr-telnet's Issues

Error!

I tried but it didn't open the port instead it says can i know what's the reason for this error?

root@localhost:~/hisilicon-dvr-telnet# ./hs-dvr-telnet 192.168.10.11 2wj9fsa2

Sent OpenTelnet:OpenOnce command.
randNum:97615224
challenge=976152242wj9fsa2
verify:OK
Retry:Internet
Open failed.

Help Hacking my DVR163

Hello, i have a chinese DVR with this FW:
http://download.dvr163.com/NVR/normal--NVR/FWHI36D_20200821_W-NVR_K8208-W_3_0_8_3_9013160200.rar
Can you help me to hack this? i need ssh or telnet for enabling FTP etc.

the log of Nmap:

PORT     STATE SERVICE           VERSION

80/tcp    open  http              nginx

|_http-favicon: Unknown favicon MD5: F066B751B858F75EF46536F5B357972B

| http-methods: 

|_  Supported Methods: GET

|_http-title: Site doesn't have a title (text/html).

3702/tcp  open  ws-discovery?

10000/tcp open  snet-sensor-mgmt?

| fingerprint-strings: 

|   DNSStatusRequestTCP, DNSVersionBindReqTCP, Help, Kerberos, LDAPBindReq, LDAPSearchReq, LPDString, RPCCheck, SIPOptions, SMBProgNeg, SSLSessionReq, TLSSessionReq, TerminalServerCookie, X11Probe: 

|     HTTP/1.0 403 Forbidden

|     content-type: text/html

|     content-length: 38

|_    <html><body><h1>403</h1></body></html>

1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :

SF-Port10000-TCP:V=7.80%I=7%D=11/10%Time=5FAA65B6%P=i686-pc-windows-window

SF:s%r(RPCCheck,6D,"HTTP/1\.0\x20403\x20Forbidden\r\ncontent-type:\x20text

SF:/html\r\ncontent-length:\x2038\r\n\r\n<html><body><h1>403</h1></body></

SF:html>")%r(DNSVersionBindReqTCP,6D,"HTTP/1\.0\x20403\x20Forbidden\r\ncon

SF:tent-type:\x20text/html\r\ncontent-length:\x2038\r\n\r\n<html><body><h1

SF:>403</h1></body></html>")%r(DNSStatusRequestTCP,6D,"HTTP/1\.0\x20403\x2

SF:0Forbidden\r\ncontent-type:\x20text/html\r\ncontent-length:\x2038\r\n\r

SF:\n<html><body><h1>403</h1></body></html>")%r(Help,6D,"HTTP/1\.0\x20403\

SF:x20Forbidden\r\ncontent-type:\x20text/html\r\ncontent-length:\x2038\r\n

SF:\r\n<html><body><h1>403</h1></body></html>")%r(SSLSessionReq,6D,"HTTP/1

SF:\.0\x20403\x20Forbidden\r\ncontent-type:\x20text/html\r\ncontent-length

SF::\x2038\r\n\r\n<html><body><h1>403</h1></body></html>")%r(TerminalServe

SF:rCookie,6D,"HTTP/1\.0\x20403\x20Forbidden\r\ncontent-type:\x20text/html

SF:\r\ncontent-length:\x2038\r\n\r\n<html><body><h1>403</h1></body></html>

SF:")%r(TLSSessionReq,6D,"HTTP/1\.0\x20403\x20Forbidden\r\ncontent-type:\x

SF:20text/html\r\ncontent-length:\x2038\r\n\r\n<html><body><h1>403</h1></b

SF:ody></html>")%r(Kerberos,6D,"HTTP/1\.0\x20403\x20Forbidden\r\ncontent-t

SF:ype:\x20text/html\r\ncontent-length:\x2038\r\n\r\n<html><body><h1>403</

SF:h1></body></html>")%r(SMBProgNeg,6D,"HTTP/1\.0\x20403\x20Forbidden\r\nc

SF:ontent-type:\x20text/html\r\ncontent-length:\x2038\r\n\r\n<html><body><

SF:h1>403</h1></body></html>")%r(X11Probe,6D,"HTTP/1\.0\x20403\x20Forbidde

SF:n\r\ncontent-type:\x20text/html\r\ncontent-length:\x2038\r\n\r\n<html><

SF:body><h1>403</h1></body></html>")%r(LPDString,6D,"HTTP/1\.0\x20403\x20F

SF:orbidden\r\ncontent-type:\x20text/html\r\ncontent-length:\x2038\r\n\r\n

SF:<html><body><h1>403</h1></body></html>")%r(LDAPSearchReq,6D,"HTTP/1\.0\

SF:x20403\x20Forbidden\r\ncontent-type:\x20text/html\r\ncontent-length:\x2

SF:038\r\n\r\n<html><body><h1>403</h1></body></html>")%r(LDAPBindReq,6D,"H

SF:TTP/1\.0\x20403\x20Forbidden\r\ncontent-type:\x20text/html\r\ncontent-l

SF:ength:\x2038\r\n\r\n<html><body><h1>403</h1></body></html>")%r(SIPOptio

SF:ns,6D,"HTTP/1\.0\x20403\x20Forbidden\r\ncontent-type:\x20text/html\r\nc

SF:ontent-length:\x2038\r\n\r\n<html><body><h1>403</h1></body></html>");

verify:OK + Refuse:Internet

Trying to apply the exploit on a Digoo DG-XME, with the lastest available firmware:

$ ./hs-dvr-telnet LOCAL_IP_REMOVED 2wj9fsa2 Sent OpenTelnet:OpenOnce command. randNum:89661916 challenge=896619162wj9fsa2 verify:OK Refuse:Internet Open failed.

Any guess why the exploit gets the authentication and the message refusing it?

Refuse:Internet from Fisotech box

I've ran the PoC on my Fisotech box and this is the output I'm getting:

Sent OpenTelnet:OpenOnce command.
randNum:78314453
challenge=783144532wj9fsa2
verify:OK
Refuse:Internet
Open failed.

I'm not sure if it's helpful or not, it's probably just the version of the software on the box, but the version is: V4.03.R11.345B1142.10001.131900.00000.

Does that mean my DVR is not susceptible to the 0day?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.