Home > Automation, Exploitation, Penetration Testing, Pentest Scripts > CVE-2013-6117 – Tool (Multithreaded and Extremely Fast)

CVE-2013-6117 – Tool (Multithreaded and Extremely Fast)

July 23, 2018 Leave a comment Go to comments

I wrote a simple script in Go to test if the target Dahua DVR device is vulnerable to authentication bypass flaw (CVE-2013-6117).

Dahua DVRs listen on TCP port 37777 by default.

If it is vulnerable, it will dump the credentials along with the dynamic dns name (DynDNS).

Some system administrators might use the same password for other systems. Therefore, a penetration tester might be able to use the credentials obtained from the DVR to gain further access into the network by accessing other systems or applications.

As the script is written in Go, it makes the tool extremely fast.

For more information regarding this vulnerability, you might want to check out https://depthsecurity.com/blog/dahua-dvr-authentication-bypass-cve-2013-6117.

Screen Shot 2018-07-24 at 2.06.12 AM.png
The script can be downloaded from https://github.com/milo2012/CVE-2013-6117.

 

Categories: Automation, Exploitation, Penetration Testing, Pentest Scripts
  1. No comments yet.
  1. No trackbacks yet.

Leave a comment