Web
Nmap discovered a Web server on the target port 8080
The running service is unknown at this time
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/dvr4]
└─$ curl -I -X OPTIONS http://$IP:8080/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=15, max=4
Content-Type: text/html
Content-Length: 985
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/dvr4]
└─$ curl -I http://$IP:8080/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=15, max=4
Content-Type: text/html
Content-Length: 985
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/dvr4]
└─$ curl -i http://$IP:8080/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=15, max=4
Content-Type: text/html
Content-Length: 985
<HTML>
<HEAD>
<TITLE>
Argus Surveillance DVR
</TITLE>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<meta name="GENERATOR" content="Actual Drawing 6.0 (http://www.pysoft.com) [PYSOFTWARE]">
<frameset frameborder="no" border="0" rows="75,*,88">
<frame name="Top" frameborder="0" scrolling="auto" noresize src="CamerasTopFrame.html" marginwidth="0" marginheight="0">
<frame name="ActiveXFrame" frameborder="0" scrolling="auto" noresize src="ActiveXIFrame.html" marginwidth="0" marginheight="0">
<frame name="CamerasTable" frameborder="0" scrolling="auto" noresize src="CamerasBottomFrame.html" marginwidth="0" marginheight="0">
<noframes>
<p>This page uses frames, but your browser doesn't support them.</p>
</noframes>
</frameset>
</HEAD>
<BODY bgcolor="#CDDBFF" text="#000000" link="#000000" vlink="#000000" alink="#000000" topmargin=0, leftmargin=0, rightmargin=0, marginheight=0, marginwidth=0>
</BODY>
</HTML>Argus Surveillance DVR
/Practice/DVR4/2-Enumeration/attachments/Pasted-image-20250416192058.png)
Webroot
This appears to be an instance of Argus Surveillance DVR
Argus Surveillance DVR is a CCTV software
No camera
/Practice/DVR4/2-Enumeration/attachments/{611C5957-96A3-4A17-B73B-22986D2F98C0}.png)
/Practice/DVR4/2-Enumeration/attachments/{6E58D375-F5DB-4185-ABBE-864D2A725E76}.png)
/Practice/DVR4/2-Enumeration/attachments/Pasted-image-20250416192309.png)
/Practice/DVR4/2-Enumeration/attachments/{751CCD7B-8568-4990-A1D8-A5607A9E89E7}.png)
Clicking into the link leads to a configuration page
Users
/Practice/DVR4/2-Enumeration/attachments/{2D979CBD-B371-43C8-A5EB-4D127E6C5EFC}.png)
The /Users.html endpoint reveals 2 users; Administrator and Viewer
Version Information
/Practice/DVR4/2-Enumeration/attachments/{4523ECC4-6540-4458-AEB7-BE2F8A342A8A}.png)
The /About.html endpoint reveals the version information; 4.0
Vulnerabilities
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/dvr4]
└─$ searchsploit Argus Surveillance DVR 4.0
-------------------------------------------------------- ---------------------------------
Exploit Title | Path
-------------------------------------------------------- ---------------------------------
Argus Surveillance DVR 4.0 - Unquoted Service Path | windows/local/50261.txt
Argus Surveillance DVR 4.0 - Weak Password Encryption | windows/local/50130.py
Argus Surveillance DVR 4.0.0.0 - Directory Traversal | windows_x86/webapps/45296.txt
Argus Surveillance DVR 4.0.0.0 - Privilege Escalation | windows_x86/local/45312.c
-------------------------------------------------------- ---------------------------------
Shellcodes: No Results
Papers: No ResultsIt would appear that the target Argus Surveillance DVR instance suffers from many vulnerabilities, including CVE-2018-15745