Hi, thanks to researcher “bashis” who was able to create the latest backdoor to TVT (DVR) boxes I’ve been trying to use his research/python script against my own TVT unit but what he wrote doesn’t seem to work. The only thing that seems to work is if you change the default password in his script to “admin” and “123456” versus using that long base64 hash, then it works…??? So this makes no sense to me since the script is also supposed to crack the username/password, unless I’m reading this wrong.
#credentials = ‘admin:123456’| # Default login/password
credentials = ‘admin:{12213BD1-69C7-4862-843D-260500D1DA40}’ # Hardcoded HTTP/HTTPS API l/p
The python script is quite interesting as he uses some of the previous researches:
PoC: https://github.com/mcw0/PoC
Python PoC: https://github.com/mcw0/PoC/blob/master/TVT-PoC.py
So can I get some help?
Does this GIT solution only work if the DVR is set to “admin/123456”, or does it actually get to the root level of the box?
For obvious reasons i won’t give my public IP, but anyone who wants to venture on this project to explore more, feel free to look at Shodan, and just search for TVT and you’ll see 100’s of public units where in some cases, login/password is still the default. By no means do I want you or anyone to change stuff, but more simply to test what a “researcher” has done, cliamed, and to actually test it out.
note: the TVT box should be before April 2018 as I believe the release date of this was April 9th, 2018.
Any takers? to help me validate bashis’ python script?