This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Summary | |
The MOBOTIX S14 Camera did not implement any mechanism to avoid cross-site request forgery (CSRF) attacks. | |
Impact | |
Successful exploitation of this vulnerability can lead to the takeover of the device. | |
Deatils | |
The MOBOTIX S14 Camera did not implement any mechanism to avoid cross-site request forgery attacks. | |
This can lead to allow a local account password to be changed without the knowledge of the authenticated user. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
import requests, signal, sys, argparse | |
from requests.auth import HTTPBasicAuth | |
p = argparse.ArgumentParser("./camera.py -h <ip> -p <port>", version="0.1") | |
p.add_argument("-ip", "--ipaddress", dest="ipaddress", help="Enter an ipaddress") | |
p.add_argument("-p", "--port", dest="port", default="8081", help="Enter a port") | |
args = p.parse_args() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Default Web Management Interface Credentials (https://www.use-ip.co.uk/forum/threads/mobotix-default-password.76/) - CVE-2009-5154 | |
In a default state, the admin's hash was - Wx3P0QA1/y1bg, this was cracked to reveal 'meinsm'. | |
See: https://gist.github.com/llandeilocymro/430bdd50266e03c75e6116c3e80bf78f for PoC in python. | |
Administrator Credentials stored in weak hashing format - CVE-2019-7673 | |
In a default state, the admin's hash was found to be - Wx3P0QA1/y1bg. This is a DES hash and isn't considered secure. | |
Clear text credentials / Basic authentication - CVE-2019-7675. | |
The default management application was delivered over HTTP and used basic authentication. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
> [Description - CVE-2018-10723] | |
> Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in | |
> api/schema.sql. | |
> | |
> ------------------------------------------ | |
> | |
> [Additional Information] | |
> Here is the extract of the hardcoded credential (from schema.sql): INSERT INTO `directus_users` (`id`, | |
> `status`, | |
> `first_name`, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /usr/bin/python | |
# EDW - NCCGroup | |
# wrapper to safely get hashes from a box | |
# needs winexe, smbclient and creddump7 | |
# v0.2 Rich - added colors, pth-winexe, pth-smbexec and scan over a range | |
# v0.3 EDW - added threading | |
import os | |
import optparse | |
import signal |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /usr/bin/perl -w | |
# EDW | |
# Quick little script to rattle through a sudoers file and make recommendations | |
if ($^O eq "MSWin32") { print "Windows....really....use *nix\n"; exit; } | |
$file = "/etc/sudoers"; | |
$line="\="x50; | |
if ($#ARGV != 0) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /usr/bin/perl -w | |
# EDW | |
# Quick little script to rattle through a sshd_config file and make recommendations | |
if ($^O eq "MSWin32") { print "Windows....really....use *nix\n"; exit; } | |
$file = "/etc/ssh/sshd_config"; | |
$line="\="x50; | |
if ($#ARGV != 0) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /usr/bin/python | |
# EDW - looks for default tomcat and ssh creds. | |
import logging | |
import paramiko | |
import os, sys | |
import optparse | |
import threading | |
from socket import * | |
try: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# EDW - ACF2 Username Enumeration | |
import sys | |
import time | |
import optparse | |
import re | |
import signal | |
from telnetlib import Telnet | |
from socket import * |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# EDW - OpenSSH Username enum | |
import sys | |
import paramiko | |
import time | |
import optparse | |
import re | |
import signal | |
from socket import * |