Forum Thread: Use Hikxploit to Hack Hikvision Security Cameras

In the age of security a lot of device are still vulnerable, this because a lot of them are not updated to the last version of the software.

A lot of hikvision's cameras are still vulnerable with some kind of exploit that allow access from an hidden backdoor in the software, allowing an attacker to change all user's password with one of your choice

So with this python script we will be able to scan, using shodan or censys.io, all of the cameras running that version of the software.

Step 1: Download Hikxploit

first you wanna download the tool from the official repository on github by doing
git clone github.com/M0tHs3C/Hikxploit.git
then you wanna go in the directory
cd Hikxploit
and then install the requirements
pip install -r requirements.txt
after that you are ready to go.

Step 2: Starting Hikxploit

you can then start the tool by doing
python hikxploit_win.py
you will need to be registered on shodan and censys.io to use their api to get the list of device
when you have choose the site to research with just type the number and then give a query to scan the internet
i highly suggest using "App-webs 200 OK" as its always worked for me
after that you will only need to

  • first

scan for up host from the list that you have downloaded

  • second

scan for effective vulnerable device

and then you have the ability to choose different options such as mass-exploiting all the device on the vuln file or picking one or one random

Get The Weekly Null Byte Newsletter

Never miss a Null Byte guide.

Be the First to Respond

Share Your Thoughts

  • Hot
  • Active