Including industrial routers

[ahcorde]

This is a WIP PR.

I'm looking for industrial routers. This first iteration is lto ook for eWON routes.

We probably need to rework a little bit this tool. The initial aim of this tool was to focus only in ROS fingerprinting. But we need to extend this tool to make it more useful including for example industrial routers or other middlewares.

Tomorrow we can discuss how to extend it

DO NOT MERGE

[vmayoral]

Looks pretty good to me! Can you provide a command line dump of how does it look to use your extension?

[ahcorde]

Just for the records:

eWon credentials (user/password): adm/adm -> http://80.11.165.82:81

🍭

[vmayoral]

Wow! Any robot behind the router?

El El dom, 4 nov 2018 a las 22:08, Alejandro Hernández Cordero < notifications@github.com> escribió:

Just for the records:

eWon credentials (user/password): adm/adm -> http://80.11.165.82:81

🍭

— You are receiving this because you commented.

Reply to this email directly, view it on GitHub https://github.com/aliasrobotics/aztarna/pull/15#issuecomment-435706470, or mute the thread https://github.com/notifications/unsubscribe-auth/ABT8DmV9z0GPWeUHyVXjKU-A58CGGkH-ks5ur1dogaJpZM4YNdUO .

[ahcorde]

No in this one. I guess this is a SCADA system

I'm trying to enter in the routes with the default credendials and trying to get something else automatically. Not as easy as I was expecting.

[ahcorde]

Moxa routes includes a web form to login into the router. I don't know how to do it with python code.

By the way I didn't find any of these kind of routers that have default credentials:

User: admin Pass: moxa

[vmayoral]

This is pretty great, I'm testing different things. Can you merge it and work in master?

[ahcorde]

I prefer to work in this branch. I just merged with master

[vmayoral]

Ok, I will be making some changes in master then. You'll need to pull and rebase at the end.

[ahcorde]

Westermo routers:

user: admin pass: westermo

[ahcorde]

Not all westermo routers are returning in the header field WWW-authenticate which is need it to detect this kind of routers.

ideas?

I tried several westermo routers and all of them were using default credentials.

[LanderU]

Moxa routes includes a web form to login into the router. I don't know how to do it with python code.

Maybe using GET and POST methods?

[XabierPB]

Why is the www-authenticate header necessary to detect them?

[ahcorde]

The header should looks like this:

HTTP/1.1 401 Unauthorized
Server: GoAhead-Webs
Date: Wed Nov 21 15:19:38 2018
WWW-Authenticate: Basic realm="Westermo MRD-455"
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html

But some of them are not returning this field with aiohttp

[ahcorde]

Thanks @XabierPB and @olaldiko . Fixed

[XabierPB]

Hummm you are right. I think that is because the web server is using a more modern authentication type, which does not include that header field. Could you provide a sample of the "bad" header pls?:

PD: Basic auth is b-passable!

[ahcorde]

this IP for example: 80.27.6.40

[XabierPB]

[vmayoral]

@ahcorde if we're pushing this, we need it merged. Can you please give it a try?