Dvr4 🔸

Enumeration

web page at 8080 shows a argus surveillance web

There is a path traversal vulnerability

We have two users, we can try id_rsa keys

Get the flag

Searching for argus vulns we see the weak password encryption

So we get the administrator hash

We have 14WatchD0g and ImWatchingY0u

The last character is missing and looking at the code it says

So we can try all special characters

Now try psexec

Get the flag