command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

Overview

CVE-2021-36260

CVE-2021-36260 POC command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

Exploit Title: Hikvision Web Server Build 210702 - Command Injection Exploit Author: bashis Vendor Homepage: https://www.hikvision.com/ Version: 1.0 CVE: CVE-2021-36260 Reference: https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html

All credit to Watchful_IP

Note:

  1. This code will not verify if remote is Hikvision device or not.
  2. Most of my interest in this code has been concentrated on how to reliably detect vulnerable and/or exploitable devices. Some devices are easy to detect, verify and exploit the vulnerability, other devices may be vulnerable but not so easy to verify and exploit. I think the combined verification code should have very high accuracy.
  3. 'safe check' (--check) will try write and read for verification 'unsafe check' (--reboot) will try reboot the device for verification

[Examples] Safe vulnerability/verify check: $./CVE-2021-36260.py --rhost 192.168.57.20 --rport 8080 --check

Safe and unsafe vulnerability/verify check: (will only use 'unsafe check' if not verified with 'safe check') $./CVE-2021-36260.py --rhost 192.168.57.20 --rport 8080 --check --reboot

Unsafe vulnerability/verify check: $./CVE-2021-36260.py --rhost 192.168.57.20 --rport 8080 --reboot

Launch and connect to SSH shell: $./CVE-2021-36260.py --rhost 192.168.57.20 --rport 8080 --shell

Execute command: $./CVE-2021-36260.py --rhost 192.168.57.20 --rport 8080 --cmd "ls -l"

Execute blind command: $./CVE-2021-36260.py --rhost 192.168.57.20 --rport 8080 --cmd_blind "reboot"

Owner
Aiminsun
Aiminsun
ThePhish: an automated phishing email analysis tool

ThePhish ThePhish is an automated phishing email analysis tool based on TheHive, Cortex and MISP. It is a web application written in Python 3 and base

675 Jan 03, 2023
An Advanced Local Network IP Scanner, made in python of course!

██╗██████╗    ██████╗ █████╗ █████╗ ███╗ ██╗███╗ ██╗███████╗██████╗ ██║██╔══██╗  ██╔════╝██╔══██╗██╔══██╗████╗ ██║████╗ ██║██╔════╝██╔══██

Polsulpicien 2 Dec 18, 2021
Password List Creator Simple !

Password List Creator Simple !

MR.D3F417 4 Jan 27, 2022
The Multi-Tool Web Vulnerability Scanner.

🟥 RapidScan v1.2 - The Multi-Tool Web Vulnerability Scanner RapidScan has been ported to Python3 i.e. v1.2. The Python2.7 codebase is available on v1

skavngr 1.3k Dec 31, 2022
A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

This project is no longer maintained March 2020 Update: Please go see the amazing Pysa tutorial that should get you up to speed finding security vulne

2.1k Dec 25, 2022
Sentinel-1 SAR time series analysis for OSINT use

SARveillance Sentinel-1 SAR time series analysis for OSINT use. Description Generates a time lapse GIF of the Sentinel-1 satellite images for the loca

21 Dec 09, 2022
Auto Tor Ip Changer

AutoTor Auto Tor Ip Changer for Linux! git clone https://github.com/Arest7/AutoTor cd AutoTor pip install -r requirements.txt python3 AutoTor.py follo

Ken Ryuguji 3 Jan 23, 2022
Automated tool to find & created Exploit Poc for Clickjacking Vulnerability

ClickJackPoc This tool will help you automate finding Clickjacking Vulnerability by just passing a file containing list of Targets . Once the Target i

Chirag Agrawal 24 Dec 19, 2022
🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

BhavKaran 1.5k Dec 28, 2022
TightVNC Vulnerability.

CVE-2022-23967 In TightVNC 1.3.10, there is an integer signedness error and resultant heap-based buffer overflow in InitialiseRFBConnection in rfbprot

MaherAzzouzi 15 Jul 11, 2022
AttractionFinder - 2022 State Qualified FBLA Attraction Finder Application

Attraction Finder Developers: Riyon Praveen, Aaron Bijoy, & Yash Vora How It Wor

$ky 2 Feb 09, 2022
Scan your logs for CVE-2021-44228 related activity and report the attackers

jndiRep - CVE-2021-44228 Basically a bad grep on even worse drugs. search for malicious strings decode payloads print results to stdout or file report

js-on 2 Nov 24, 2022
ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)

ExProlog ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065) Usage: exprolog.py [OPTIONS] ExProlog -

Herwono W. Wijaya 130 Dec 15, 2022
On the 11/11/21 the apache 2.4.49-2.4.50 remote command execution POC has been published online and this is a loader so that you can mass exploit servers using this.

ApacheRCE ApacheRCE is a small little python script that will allow you to input the apache version 2.4.49-2.4.50 and then input a list of ip addresse

3 Dec 04, 2022
Python library to remotely extract credentials on a set of hosts.

Python library to remotely extract credentials on a set of hosts.

Pixis 1.5k Dec 31, 2022
Unauthenticated Sqlinjection that leads to dump data base but this one impersonated Admin and drops a interactive shell

Unauthenticated Sqlinjection that leads to dump database but this one impersonated Admin and drops a interactive shell

sam 16 Nov 09, 2022
GitHub Advance Security Compliance Action

advanced-security-compliance This Action was designed to allow users to configure their Risk threshold for security issues reported by GitHub Code Sca

Mathew Payne 121 Dec 14, 2022
Fuzz introspector is a tool to help fuzzer developers to get an understanding of their fuzzer’s performance and identify any potential blockers.

Fuzz introspector Fuzz introspector is a tool to help fuzzer developers to get an understanding of their fuzzer’s performance and identify any potenti

Open Source Security Foundation (OpenSSF) 221 Jan 01, 2023
USSR-Scanner - USSR Scanner with python

Purposes ? Hey there is abosolutely no need to do this we do it only to irritate

Binary.club 2 Jan 24, 2022
FIVE, Vulnerability Scanner And Mass Exploiter, made for pentesting.

$ FIVE - FIVE is a Pentesting Framework to Test the Security & Integrity of a Website, or Multiple Websites. $ Info FIVE Was Made After Vulnnr to Prod

Neon 24 Dec 10, 2021