Showing posts with label IE ActiveX control. Show all posts
Showing posts with label IE ActiveX control. Show all posts

Saturday, July 16, 2011

Active X & Direct X Troubleshooting for Windows 2000 & XP

Time by Time I got call from Technician/Engineers/Sr. Engineers/Managers says” Hi Arindam I got your ref from XYZ actually we facing problem with Active X Component installing on Windows XP PC/Laptop “. Yes many sites in India on the Internet use Active X or Direct X controls to display web content. If you are having the following issues, the below instructions offer possible solutions. Before applying this you must knowing PC administrator Password.



Issues:
  • Active X or Direct X Will Not Load
  • WINXP IE Service Pack 2 Not Allowing Load
The following applies to Windows 2000 and Windows XP, and is meant to be used by experienced PC users ONLY.
  • Open Internet Explorer, click on Tools, click on Internet Options
  • Click on the Security Tab
  • Click to Highlight Internet, click Custom Level button
    • .NET framework-Run Authenticode not signed—click to ENABLE
    • Run components signed with Authenticode—- click to ENABLE
    • ActiveX controls and plug-ins
      • Automatic prompting for ActiveX controls—- click to ENABLE
      • Binary and scripting behaviors—- click to ENABLE
      • Download signed ActiveX controls—- click to ENABLED
      • Download unsigned ActiveX controls—- click to ENABLED
      • Init and script ActiveX controls not marked as safe—- click to ENABLED
      • Run ActiveX controls and plug-ins—- click to ENABLE
      • Script ActiveX controls marked safe for scripting—- click to ENABLED
  • Downloads
    • Auto prompt for downloads—- click to DISABLE
    • File downloads— click to ENABLE
    • Font download—- click to ENABLE
  • Java VM
    • Java permissions—— click to HIGH SAFETY
    • Access data sources across domains—- click to DISABLE
    • Allow META REFRESH—- click to ENABLE
    • Allow scripting of IE web-browser controls—- click to DISABLE
    • Allow scripting of windows without size or position—- click to DISABLE
    • Allow web pages to use restricted protocols for active— click to PROMPT
    • Display mixed content—– click to PROMPT
    • Don’t prompt for client certificate selection —— click to DISABLE
    • Drag and drop or paste files—– click to ENABLE
    • Installation of desktop items—-PROMPT
    • Launch programs and files in an IFRAME—- click to PROMPT
    • Navigate sub-frames across different domains— click to ENABLE
    • Open files based on content, not file extensions—- click to ENABLE
    • Software channel permissions—– click to MEDIUM SAFETY
    • Submit non-encrypted form date—- click to ENABLE
    • Use Pop-Up blocker—- click to ENABLE
    • User data persistence—– click to ENABLE
    • Web site in less privileged web content zone can navigate—- click to ENABLE
  • Scripting
    • Active scripting—– click to ENABLE
    • Allow paste operations via script—– click to ENABLE
    • Scripting of Java applets—- click to ENABLE
  • User Authentication
    • Logon
      • click to Automatic logon only in Intranet zone

Friday, September 17, 2010

Hacking CCTV Security Video Surveillance Systems with Metasploit

A new module for the Metasploit Framework, CCTV DVR Login Scanning Utility*, discovers and tests the security of standalone CCTV (Closed Circuit Television) video surveillance systems. Such systems are frequently deployed in retail stores, living communities, personal residences, and business environments as part of their physical security program. However, many of these systems are vulnerable to exploitation that can allow attackers remote access. Such remote access, enabled by default, can allow not only the ability to view real-time video, but control of the cameras (if supported), and provide access to archived footage.

Most owners of CCTV video surveillance systems may not even be fully aware of the device's remote access capabilities as monitoring may be conducted exclusively via the local video console. This further increases the likelihood of attackers gaining/persisting remote access, with no indication to the owner that their video surveillance system and archived footage may be accessed remotely.

Here at Gotham Digital Science, we often encounter video surveillance systems during penetration testing engagements – some of which may be exposed to the Internet, either intentionally or by accident. With any video surveillance system it is often interesting (and sometimes very important) to find out exactly what cameras are monitoring/recording within the environment. Furthermore, access to such systems can often be utilized to support physical security testing initiatives.

This module targets standalone CCTV video surveillance systems by MicroDigital, HIKVISION, CTRing, and a substantial number of other rebranded devices.

msf > use auxiliary/scanner/misc/cctv_dvr_loginmsf auxiliary(cctv_dvr_login) > set RHOSTS 10.10.1.14RHOSTS => 10.10.1.14msf auxiliary(cctv_dvr_login) > exploit

[*] 10.10.1.14:5920 CCTV_DVR - [001/133] - Trying username:'admin' with password:''
[-] 10.10.1.14:5920 CCTV_DVR - [001/133] - Failed login as: 'admin'
[*] 10.10.1.14:5920 CCTV_DVR - [002/133] - Trying username:'user' with password:''
[-] 10.10.1.14:5920 CCTV_DVR - [002/133] - Invalid user: 'user'
[*] 10.10.1.14:5920 CCTV_DVR - [003/133] - Trying username:'admin' with password:'admin'
[-] 10.10.1.14:5920 CCTV_DVR - [003/133] - Failed login as: 'admin'
[*] 10.10.1.14:5920 CCTV_DVR - [004/133] - Trying username:'admin' with       password:'1111'
[+] 10.10.1.14:5920 Successful login: 'admin' : '1111'
[*] Confirmed IE ActiveX HTTP interface (CtrWeb.cab v1,1,3,1): http://10.10.1.14:80
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
*CCTV DVR Login Scanning Utility:
This module tests for standalone CCTV DVR video surveillance deployments specifically by MicroDigital, HIKVISION, CTRing, and numerous other rebranded devices that are utilizing default vendor passwords. Additionally, this module has the ability to brute force user accounts. Such CCTV DVR video surveillance deployments support remote viewing through Central Management Software (CMS) via the CMS Web Client, an IE ActiveX control hosted over HTTP, or through Win32 or mobile CMS client software. By default, remote authentication is handled over port 5920/TCP with video streaming over 5921/TCP. After successful authentication over 5920/TCP this module will then attempt to determine if the IE ActiveX control is listening on the default HTTP port (80/TCP).
Module Name : auxiliary/scanner/misc/cctv_dvr_login
Authors: Mr. Justin Cacak