CCTV DVR Login Scanning Utility
Description
This module tests for standalone CCTV DVR video surveillance deployments specifically by MicroDigital, HIVISION, CTRing, and numerous other rebranded devices that are utilizing default vendor passwords. Additionally, this module has the ability to brute force user accounts. Such CCTV DVR video surveillance deployments support remote viewing through Central Management Software (CMS) via the CMS Web Client, an IE ActiveX control hosted over HTTP, or through Win32 or mobile CMS client software. By default, remote authentication is handled over port 5920/TCP with video streaming over 5921/TCP. After successful authentication over 5920/TCP this module will then attempt to determine if the IE ActiveX control is listening on the default HTTP port (80/TCP).
Author(s)
- Justin Cacak
Development
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use auxiliary/scanner/misc/cctv_dvr_login
msf auxiliary(cctv_dvr_login) > show actions
...actions...
msf auxiliary(cctv_dvr_login) > set ACTION < action-name >
msf auxiliary(cctv_dvr_login) > show options
...show and set options...
msf auxiliary(cctv_dvr_login) > run 
- Collect and share all the information you need to conduct a successful and efficient penetration test
- Simulate complex attacks against your systems and users
- Test your defenses to make sure they’re ready
- Automate Every Step of Your Penetration Test
Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.
– Jim O’Gorman | President, Offensive Security