MCPcopy Index your code
hub / github.com/Conan924/PostHikvision

github.com/Conan924/PostHikvision @V1.0

Chat with this repo
repository ↗ · DeepWiki ↗ · release V1.0 ↗ · + Follow
20 symbols 39 edges 2 files 0 documented · 0%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

PostHikvision

哥斯拉Hikvision综合安防后渗透插件,运行中心/web前台/MinIO 配置提取(解密)重置密码,还原密码。

功能简介

当你在 Hikvision综合安防拥有一个哥斯拉webshell之后,你可以使用 PostHikvision 后渗透插件:

  1. 获取详情
  2. 从指定路径(自动获取)获取配置文件的详细信息。
  3. 提取信息
  4. 从配置文件中自动提取敏感信息,并尝试解密。
  5. 部分密文解密存在bug,需用海康专项解密工具
  6. SQL 查询
  7. 哥斯拉低版本execSql存在bug,采用execCommand实现更通用
  8. 默认查询并提取密码和盐值,懒人化。
  9. 重置密码
  10. 修改指定用户的密码,支持重置为默认密码。
  11. 还原密码
  12. 根据提供的原始密码和盐值,恢复用户的密码。

使用说明

下载哥斯拉插件Jar包

然后打开哥斯拉 点击配置->点击插件配置->点击添加并选择你下载的Jar包

部分功能演示

获取详情

image-20241003203206647

提取信息

image-20241003203242907

sql查询

image-20241003203325665

重置密码

image-20241003203359544

还原密码

image-20241003203437741

参考文章

https://github.com/wafinfo/DecryptTools

https://beichendream.github.io/godzillaApi/

Core symbols most depended-on inside this repo

extractLineValue
called by 12
src/shells/plugins/conan/PostHikvision.java
getRootPath
called by 8
src/shells/plugins/conan/PostHikvision.java
DecryptData
called by 3
src/shells/plugins/conan/ISECUREController.java
getSHA256
called by 2
src/shells/plugins/conan/ISECUREController.java
extractRelevantInfo
called by 1
src/shells/plugins/conan/PostHikvision.java
init
called by 1
src/shells/plugins/conan/PostHikvision.java
byte2Hex
called by 1
src/shells/plugins/conan/ISECUREController.java
PostHikvision
called by 0
src/shells/plugins/conan/PostHikvision.java

Shape

Method 18
Class 2

Languages

Java100%

Modules by API surface

src/shells/plugins/conan/PostHikvision.java13 symbols
src/shells/plugins/conan/ISECUREController.java7 symbols

For agents

$ claude mcp add PostHikvision \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact

Ask about this repo answers extend the page