{"uuid": "2659e877-9e91-4559-a71c-f40bd88be00e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-12542", "type": "seen", "source": "https://t.me/VasileiadisAnastasis/631", "content": "GaugeTech Electricity Meters\n\"Server: EIG Embedded Web Server\" \"200 Document follows\"\n\nSiemens Industrial Automation\n\"Siemens, SIMATIC\" port:161\n\nSiemens HVAC Controllers\n\"Server: Microsoft-WinCE\" \"Content-Length: 12581\"\n\nDoor / Lock Access Controllers\n\"HID VertX\" port:4070\n\nRailroad Management\n\"log off\" \"select the appropriate\"\n\nTesla Powerpack charging Status:\nHelps to find the charging status of tesla powerpack. http.title:\"Tesla PowerPack System\" http.component:\"d3\" -ga3ca4f2\n\nXZERES Wind Turbine\ntitle:\"xzeres wind\"\n\nPIPS Automated License Plate Reader\n\"html:\"PIPS Technology ALPR Processors\"\"\n\nModbus\n\"port:502\"\n\nNiagara Fox\n\"port:1911,4911 product:Niagara\"\n\nGE-SRTP\n\"port:18245,18246 product:\"general electric\"\"\n\nMELSEC-Q\n\"port:5006,5007 product:mitsubishi\"\n\nCODESYS\n\"port:2455 operating system\"\n\nS7\n\"port:102\"\n\nBACnet\n\"port:47808\"\n\nHART-IP\n\"port:5094 hart-ip\"\n\nOmron FINS\n\"port:9600 response code\"\n\nIEC 60870-5-104\n\"port:2404 asdu address\"\n\nDNP3\n\"port:20000 source address\"\n\nEtherNet/IP\n\"port:44818\"\n\nPCWorx\n\"port:1962 PLC\"\n\nCrimson v3.0\n\"port:789 product:\"Red Lion Controls\"\n\nProConOS\n\"port:20547 PLC\"\n\nRemote Desktop\nUnprotected VNC\n\"authentication disabled\" port:5900,5901 \"authentication disabled\" \"RFB 003.008\"\n\nWindows RDP\n99.99% are secured by a secondary Windows login screen.\n\n\"\\x03\\x00\\x00\\x0b\\x06\\xd0\\x00\\x00\\x124\\x00\"\n\nC2 Infrastructure\nCobaltStrike Servers\nproduct:\"cobalt strike team server\" product:\"Cobalt Strike Beacon\" ssl.cert.serial:146473198 - default certificate serial number ssl.jarm:07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1 ssl:foren.zik\n\nBrute Ratel\nhttp.html_hash:-1957161625 product:\"Brute Ratel C4\"\n\nCovenant\nssl:\u201dCovenant\u201d http.component:\u201dBlazor\u201d\n\nMetasploit\nssl:\"MetasploitSelfSignedCA\"\n\nNetwork Infrastructure\nHacked routers:\nRouters which got compromised hacked-router-help-sos\n\nRedis open instances\nproduct:\"Redis key-value store\"\n\nCitrix:\nFind Citrix Gateway. title:\"citrix gateway\"\n\n\ud83d\udc33Weave Scope Dashboards\nCommand-line access inside Kubernetes pods and Docker containers, and real-time visualization/monitoring of the entire infrastructure.\n\ntitle:\"Weave Scope\" http.favicon.hash:567176827\n\nJenkins CI\n\"X-Jenkins\" \"Set-Cookie: JSESSIONID\" http.title:\"Dashboard\"\n\nJenkins:\nJenkins Unrestricted Dashboard x-jenkins 200\n\nDocker APIs\n\"Docker Containers:\" port:2375\n\nDocker Private Registries\n\"Docker-Distribution-Api-Version: registry\" \"200 OK\" -gitlab\n\nPi-hole Open DNS Servers\n\"dnsmasq-pi-hole\" \"Recursion: enabled\"\n\nDNS Servers with recursion\n\"port: 53\" Recursion: Enabled\n\nAlready Logged-In as root via Telnet\n\"root@\" port:23 -login -password -name -Session\n\nTelnet Access:\nNO password required for telnet access. port:23 console gateway\n\nPolycom video-conference system no-auth shell\n\"polycom command shell\"\n\nNPort serial-to-eth / MoCA devices without password\nnport -keyin port:23\n\n\"Android Debug Bridge\" \"Device\" port:5555\n\nLantronix Serial-to-Ethernet Adapter Leaking Telnet Passwords\nLantronix password port:30718 -secured\n\nCitrix Virtual Apps\n\"Citrix Applications:\" port:1604\n\nCisco Smart Install\nVulnerable (kind of \"by design,\" but especially when exposed).\n\n\"smart install client active\"\n\nPBX IP Phone Gateways\nPBX \"gateway console\" -password port:23\n\nPolycom Video Conferencing\nhttp.title:\"- Polycom\" \"Server: lighttpd\" \"Polycom Command Shell\" -failed port:23\n\nTelnet Configuration:\n\"Polycom Command Shell\" -failed port:23\n\nExample: Polycom Video Conferencing\n\nBomgar Help Desk Portal\n\"Server: Bomgar\" \"200 OK\"\n\nIntel Active Management CVE-2017-5689\n\"Intel(R) Active Management Technology\" port:623,664,16992,16993,16994,16995 \u201dActive Management Technology\u201d\n\nHP iLO 4 CVE-2017-12542\nHP-ILO-4 !\"HP-ILO-4/2.53\" !\"HP-ILO-4/2.54\" !\"HP-ILO-4/2.55\" !\"HP-ILO-4/2.60\" !\"HP-ILO-4/2.61\" !\"HP-ILO-4/2.62\" !\"HP-iLO-4/2.70\" port:1900\n\nLantronix ethernet adapter\u2019s admin interface without password\n\"Press Enter for Setup Mode port:9999\"\n\nWifi Passwords:\nHelps to find the cleartext wifi passwords in Shodan. html:\"def_wirelesspassword\"", "creation_timestamp": "2024-04-02T20:22:47.000000Z"}