Industrial Intrusion
Escaneo inicial:
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 9.6p1 Ubuntu 3ubuntu13.11 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 256 e0:56:95:a6:1f:1b:74:36:0c:80:b4:5a:e6:a3:85:f9 (ECDSA)
|_ 256 c9:a4:8c:f9:cc:f9:78:8e:87:c2:fc:d6:89:2f:17:47 (ED25519)
80/tcp open http Werkzeug httpd 3.1.3 (Python 3.12.3)
|_http-title: Gate Monitor
|_http-server-header: Werkzeug/3.1.3 Python/3.12.3
102/tcp open iso-tsap Siemens S7 PLC
| fingerprint-strings:
| TerminalServerCookie:
|_ Cookie: mstshash=nmap
| s7-info:
| Module: 6ES7 315-2EH14-0AB0
| Basic Hardware: 6ES7 315-2EH14-0AB0
| Version: 3.2.6
| System Name: SNAP7-SERVER
| Module Type: CPU 315-2 PN/DP
| Serial Number: S C-C2UR28922012
|_ Copyright: Original Siemens Equipment
502/tcp open modbus Modbus TCP
1880/tcp open vsat-control?
| fingerprint-strings:
| DNSVersionBindReqTCP, RPCCheck:
| HTTP/1.1 400 Bad Request
| Connection: close
| GetRequest:
| HTTP/1.1 200 OK
| Access-Control-Allow-Origin: *
| Content-Type: text/html; charset=utf-8
| Content-Length: 1733
| ETag: W/"6c5-hGVEFL4qpfS9qVbAlfbm9AL7VT0"
| Date: Mon, 30 Jun 2025 15:19:33 GMT
| Connection: close
| <!DOCTYPE html>
| <html>
| <head>
| <meta charset="utf-8">
| <meta http-equiv="X-UA-Compatible" content="IE=edge">
| <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=0">
| <meta name="apple-mobile-web-app-capable" content="yes">
| <meta name="mobile-web-app-capable" content="yes">
| <!--
| Copyright OpenJS Foundation and other contributors, https://openjsf.org/
| Licensed under the Apache License, Version 2.0 (the "License");
| this file except in compliance with the License.
| obtain a copy of the License at
| http://www.apache.org/licenses/LICENSE-2.0
| Unless required by applicable law or agreed to in writing, softwa
| HTTPOptions:
| HTTP/1.1 204 No Content
| Access-Control-Allow-Origin: *
| Access-Control-Allow-Methods: GET,PUT,POST,DELETE
| Vary: Access-Control-Request-Headers
| Content-Length: 0
| Date: Mon, 30 Jun 2025 15:19:34 GMT
| Connection: close
| RTSPRequest:
| HTTP/1.1 204 No Content
| Access-Control-Allow-Origin: *
| Access-Control-Allow-Methods: GET,PUT,POST,DELETE
| Vary: Access-Control-Request-Headers
| Content-Length: 0
| Date: Mon, 30 Jun 2025 15:19:35 GMT
|_ Connection: close
8080/tcp open http Werkzeug httpd 2.3.7 (Python 3.12.3)
| http-title: Site doesn't have a title (text/html; charset=utf-8).
|_Requested resource was /login
|_http-server-header: Werkzeug/2.3.7 Python/3.12.3
44818/tcp open EtherNetIP-2?
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port1880-TCP:V=7.95%I=7%D=6/30%Time=6862AB05%P=x86_64-pc-linux-gnu%r(Ge
SF:tRequest,799,"HTTP/1\.1\x20200\x20OK\r\nAccess-Control-Allow-Origin:\x2
SF:0\*\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nContent-Length:\
SF:x201733\r\nETag:\x20W/\"6c5-hGVEFL4qpfS9qVbAlfbm9AL7VT0\"\r\nDate:\x20M
SF:on,\x2030\x20Jun\x202025\x2015:19:33\x20GMT\r\nConnection:\x20close\r\n
SF:\r\n<!DOCTYPE\x20html>\n<html>\n<head>\n<meta\x20charset=\"utf-8\">\n<m
SF:eta\x20http-equiv=\"X-UA-Compatible\"\x20content=\"IE=edge\">\n<meta\x2
SF:0name=\"viewport\"\x20content=\"width=device-width,\x20initial-scale=1,Revisamos la web (puerto 80):
Según el escaneo tambien verificamos que en el puerto 1880 es claramente contenido HTML servido vÃa HTTP. No hay ninguna indicación de que esté usando HTTPS (nada de certificados, ni cifrado). Y de hecho responde con código 200 OK, lo que confirma que sà es HTTP plano.
Tenemos otra web en el puerto 8080:
Revisando la web del puerto 1880 no encontré mucho, por ello realizare un escaneo de directorios:
Entramos al /ui
Apagamos los dos botones y:
Last updated