search

SySS-Research / slig

Siemens LOGO!8 PLC Password Hacking Proof-of-Concept-Tool
40 stars 19 forks source link

Problem with key? #3

Open eapel opened 9 months ago

eapel commented 9 months ago

This ist the output `>nmap --script slig.nse -p 10005 192.168.0.201 Starting Nmap 7.93 ( https://nmap.org ) at 2023-11-02 15:40 Mitteleuropõische Zeit NSOCK ERROR [0.0490s] ssl_init_helper(): OpenSSL legacy provider failed to load.

Nmap scan report for 192.168.0.201 Host is up (0.0048s latency).

PORT STATE SERVICE 10005/tcp open stel | slig: Gathered Siemens LOGO!8 access details and passwords | User: xYB | Password: 20Y | Enabled: Invalid | User: ZjzP | Password: Mt | Enabled: Invalid | User: XisD | Password: 7nHN | Enabled: Invalid | User: hgQPB | Password: RJ | Enabled: Invalid | Protection: Invalid | Program password: gQPgQP |_MMC serial: _g>\xABQP\xAB\xB6_g>\xABQP\xAB

Nmap done: 1 IP address (1 host up) scanned in 0.38 seconds`

The users and the passwords are strange. Could it be a problem with the keys?

With this passwords I can not get access to the Logo from the software.

yoanjones commented 5 months ago

I have a very similar issue:-

Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-03-07 13:56 GMT Nmap scan report for 192.168.1.1 Host is up (0.0063s latency).

PORT STATE SERVICE 10005/tcp open stel | slig: Gathered Siemens LOGO!8 access details and passwords | User: xYBw | Password: HM | Enabled: Invalid | User: Zjzkk | Password: UD | Enabled: Invalid | User: XisD | Password: jHN | Enabled: Invalid | User: hgQP | Password: oHd1 | Enabled: Invalid | Protection: Invalid | Program password: 51zgQP |_MMC serial: _g>\xABQP\xAB\xB6_g>\xABQP\xAB

Nmap done: 1 IP address (1 host up) scanned in 0.11 seconds

juansonnn commented 2 months ago

Same issue here.

The Readme says

Requirements nmap key (see slig.nse)

What about the key???

I've been exploring this, without really knowing what I am doing. Ive download the software Logo confort, get the file classes.jar inside JADX software, get the key, transform it to binary, put in the script and no Luck.

juansonnn commented 2 months ago

You need to decompile LOGO8 Comfort software.

Find the classes.jar file, and inside of it find the key. The key is in decimal, you need to convert it to binary and then to hex. And that's the answer.

-- classes.jar -> DE.siemens.ad.logo.util -> LogoMath.keyForBinFile
yoanjones commented 1 month ago

This is the answer! Did you have to remove the key?

You need to decompile LOGO8 Comfort software.

Find the classes.jar file, and inside of it find the key. The key is in decimal, you need to convert it to binary and then to hex. And that's the answer.

-- classes.jar -> DE.siemens.ad.logo.util -> LogoMath.keyForBinFile
juansonnn commented 1 month ago

This is the answer! Did you have to remove the key?

You need to decompile LOGO8 Comfort software.

Find the classes.jar file, and inside of it find the key. The key is in decimal, you need to convert it to binary and then to hex. And that's the answer.

-- classes.jar -> DE.siemens.ad.logo.util -> LogoMath.keyForBinFile

No, just put the key in the script