Dvr4 🔸

Enumeration

Web page at port 8080 shows an Argus Surveillance web.

There is a path traversal vulnerability.

We have two users; we can try id_rsa keys.

Get the flag.

Searching for argus vulns, we see the weak password encryption.

So we get the administrator hash.

We have 14WatchD0g and ImWatchingY0u.

The last character is missing, and looking at the code it says...

So we can try all special characters.

Now try psexec.

Get the flag.