Home > Automation, Exploitation, Penetration Testing, Pentest Scripts > CVE-2013-6117 – Tool (Multithreaded and Extremely Fast)

CVE-2013-6117 – Tool (Multithreaded and Extremely Fast)

I wrote a simple script in Go to test if the target Dahua DVR device is vulnerable to authentication bypass flaw (CVE-2013-6117).

Dahua DVRs listen on TCP port 37777 by default.

If it is vulnerable, it will dump the credentials along with the dynamic dns name (DynDNS).

Some system administrators might use the same password for other systems. Therefore, a penetration tester might be able to use the credentials obtained from the DVR to gain further access into the network by accessing other systems or applications.

As the script is written in Go, it makes the tool extremely fast.

For more information regarding this vulnerability, you might want to check out https://depthsecurity.com/blog/dahua-dvr-authentication-bypass-cve-2013-6117.

Screen Shot 2018-07-24 at 2.06.12 AM.png
The script can be downloaded from https://github.com/milo2012/CVE-2013-6117.

 

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: