DVR-Exploiter a Bash Script Program Exploit The DVR’s Based on CVE-2018-999. 

[*] Exploit Title:       DVR Credentials Exposed 
[*] Date:                09/04/2018
[*] Exploit Author:      Fernandez Ezequiel
[*] DVR-Exploiter By:    Belahsan Ouerghi  
[*] Contact:             www.facebook.com/ouerghi.belahsan
[*] Youtube Tutorial:	 https://www.youtube.com/watch?v=vdnATjE_4II
[*] Dorks:               		       intitle:"DVR Login"
	                                       html:"/login.rsp"
	                                      "Server: GNU rsp/1.1"

Tested In DVR

Novo
CeNova
QSee
Pulnix
XVR 5 in 1 (title: "XVR Login")
Securus,  - Security. Never Compromise !! - 
Night OWL
DVR Login
HVR Login
MDVR Login

DVR-Exploiter Installation

$ git clone https://github.com/TunisianEagles/DVR-Exploiter.git
$ cd DVR-Exploiter
$ ./DVR-Exploiter.s

Also ReadNmap-Bootstrap-XSL : A Nmap XSL implementation with Bootstrap

Details

[ After Running Choose The Host Example : 1 = 127.0.0.1 {IP } , / 2 = www.xxxxxxxx.com ]

  • Don’t Forget To Install The Plugin Of The DVR

Screenshot