Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/cuerz/cve-2021-36260
海康威视RCE漏洞 批量检测和利用工具
https://github.com/cuerz/cve-2021-36260
cve-2021-36260 exploit
Last synced: about 2 months ago
JSON representation
海康威视RCE漏洞 批量检测和利用工具
- Host: GitHub
- URL: https://github.com/cuerz/cve-2021-36260
- Owner: Cuerz
- Created: 2022-08-03T17:27:59.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2022-08-05T19:57:30.000Z (over 2 years ago)
- Last Synced: 2023-04-09T01:37:25.902Z (over 1 year ago)
- Topics: cve-2021-36260, exploit
- Language: Python
- Homepage:
- Size: 12.7 KB
- Stars: 66
- Watchers: 1
- Forks: 16
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# 海康威视 CVE-2021-36260 RCE 漏洞
## 漏洞描述
攻击者利用该漏洞可以用无限制的 root shell 来完全控制设备,即使设备的所有者受限于有限的受保护 shell(psh)。除了入侵 IP 摄像头外,还可以访问和攻击内部网络。
## FOFA
```
header="Hikvision"
app="HIKVISION-视频监控"
```
## 使用方法
```
python ./CVE-2021-36260.py -u http://192.168.1.1:8080 --check
python ./CVE-2021-36260.py -u http://192.168.1.1:8080 --cmd "ls -la"
python ./CVE-2021-36260.py -f target.txt
optional arguments:
-h, --help show this help message and exit
-u URL, --url URL Start scanning url
-f FILE, --file FILE read the url from the file
--check Check if vulnerable
--cmd CMD execute cmd (i.e: "ls -l")
```
可批量挖掘src