Argus Surveillance DVR 4.0

The Argus Surveillance DVR 4.0 web application allows for Local File Inclusion when backspacing with ..%2F, which is jut ../ url encoded.

Argus Surveillance DVR 4.0.0.0 - Directory TraversalExploit Database

Focus on this exploit if you encournter it, the others are elevation exploits. Look around for different services that we can look for credentials, maybe SAM, maybe ssh, maybe FTP.

Also look keep attention at the application and the users. Although this could not be the case, the application could display users that we could use to brute force services.

Take a look at DVR4.

We were able get the User/.ssh/id_rsa and use that to log in to the ssh server.

Examples of Argus Exploitation

https://app.gitbook.com/s/v5OsoS0EWRil2VLfWYhH/exploitation