目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1020

100%
请我们喝杯咖啡

CVE-2018-17240 PoC — Netwave IP camera 安全漏洞

来源
https://github.com/Xewdy444/Netgrave
关联漏洞
标题:Netwave IP camera 安全漏洞 (CVE-2018-17240)
Description:Netwave IP camera是Netwave的一款网络摄像头。 Netwave IP camera 存在安全漏洞,该漏洞源于//proc/kcore 存在内存转储问题。未经身份验证的攻击者利用该漏洞可以从网络配置中窃取敏感信息。
Description
A tool for retrieving login credentials from Netwave IP cameras using a memory dump vulnerability (CVE-2018-17240)
介绍
# Netgrave 
A tool for retrieving login credentials from Netwave IP cameras using a memory dump vulnerability (CVE-2018-17240). This project was inspired by [expcamera](https://github.com/vanpersiexp/expcamera) and offers performance and efficiency improvements. This tool works for all platforms as it does not use any Linux CLI tools through shell commands like expcamera does.

## CVE-2018-17240
On Linux systems, `/proc/kcore` is a virtual file that provides a direct mapping to the system's physical memory, allowing read access to the entire kernel's virtual memory space. Some Netwave IP cameras expose this file publicly via its web server, allowing unauthenticated users to retrieve the memory dump of the device, exposing sensitive information such as login credentials.

---

This tool will first attempt to find the device ID in the memory dump. Once this has been found, it likely means that the credentials are nearby and will begin searching for them.

## Host Options

### Specifying Hosts
This tool supports two different ways to specify hosts to check for the vulnerability.

#### `--host`
The first way is to specify a single host using the `--host` option. This option can be specified multiple times to check multiple hosts. The hosts should be in the `ip:port` format.

#### `--file`
The second way is to specify a file containing a list of hosts in the `ip:port` format using the `--file` option.

---

### Retrieving Hosts
This tool supports retrieving hosts from Censys, Shodan, and ZoomEye to check for the vulnerability.

#### `--censys`
You can retrieve hosts from the Censys API by using the `--censys` option. This option requires the `CENSYS_API_ID` and `CENSYS_API_SECRET` environment variables to be set.

#### `--shodan`
You can retrieve hosts from the Shodan API by using the `--shodan` option. This option requires the `SHODAN_API_KEY` environment variable to be set.

#### `--zoomeye`
You can retrieve hosts from the ZoomEye API by using the `--zoomeye` option. This option requires the `ZOOMEYE_API_KEY` environment variable to be set.

## Installation
    $ pip install -r requirements.txt

## Usage
```
Usage: main.py [-h] (--host HOST | -f FILE | --censys | --shodan | --zoomeye) [-n NUMBER] [-c CONCURRENT] [-t TIMEOUT] [-o OUTPUT]

A tool for retrieving login credentials from Netwave IP cameras using a memory dump vulnerability (CVE-2018-17240)

Options:
  -h, --help            show this help message and exit
  --host HOST           A host to check, can be specified multiple times
  -f, --file FILE       A file containing the hosts to check
  --censys              Retrieve hosts from the Censys API using the API ID and secret specified with the CENSYS_API_ID and CENSYS_API_SECRET environment variables
  --shodan              Retrieve hosts from the Shodan API using the API key specified with the SHODAN_API_KEY environment variable
  --zoomeye             Retrieve hosts from the ZoomEye API using the API key specified with the ZOOMEYE_API_KEY environment variable
  -n, --number NUMBER   The number of hosts to retrieve from the IoT search engine, by default 100
  -c, --concurrent CONCURRENT
                        The number of hosts to check concurrently, by default 25
  -t, --timeout TIMEOUT
                        The timeout in seconds for retrieving the credentials from the memory dump of each host, by default 300
  -o, --output OUTPUT   The file to write the credentials to, by default credentials.txt
```

## Disclaimer
This tool is for educational purposes only. The contributors of this project will not be held liable for any damages or legal issues that may arise from the use of this tool. Use at your own risk.
文件快照

 [4.0K]  /data/pocs/c5d3890e92eeb494b5d0555f0c384ad25a035c92
├── [1.0K]  LICENSE
├── [4.8K]  main.py
├── [3.6K]  README.md
├── [ 155]  requirements.txt
└── [4.0K]  utils
    ├── [ 611]  __init__.py
    ├── [ 12K]  netwave_device.py
    ├── [4.0K]  search_engines
    │   ├── [4.1K]  censys.py
    │   ├── [ 413]  __init__.py
    │   ├── [1.4K]  search_engine.py
    │   ├── [2.9K]  shodan.py
    │   └── [3.1K]  zoomeye.py
    └── [5.2K]  utils.py

2 directories, 12 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
    3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →