{"vulnerability": "CVE-2017-12542", "sightings": [{"uuid": "dce88336-ab99-465b-9bac-ccbf05d65d4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-12542", "type": "published-proof-of-concept", "source": "Telegram/Xr5BEMPIRTUXMyC-epT6zatDmVm-MjIk_shJz3VkKTg4ZZ0", "content": "", "creation_timestamp": "2025-10-14T03:00:08.000000Z"}, {"uuid": "90e28cc6-1921-4453-8eb9-121078e77c01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-12542", "type": "seen", "source": "https://t.me/ics_cert/458", "content": "\u26d4\ufe0f \u0647\u0634\u062f\u0627\u0631 \u062f\u0631 \u062e\u0635\u0648\u0635 \u06a9\u0646\u062a\u0631\u0644 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0633\u0631\u0648\u06cc\u0633 HP-INTEGERATED LIGHTS OUT  (ILO) \u0648 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u0646\u0627\u062f\u0631\u0633\u062a \u0622\u0646\n\n\u0628\u0631\u0631\u0633\u06cc \u0633\u0647  \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc  HP-Integerated lights out \u0628\u0627 \u0634\u0646\u0627\u0633\u0647\u200c\u0647\u0627\u06cc CVE-2017-12542\u060c CVE-2018-7105 \u060cCVE-2018-7078 \u062f\u0631 \u0633\u0637\u062d \u06a9\u0634\u0648\u0631 \u0646\u0634\u0627\u0646 \u0645\u06cc\u200c\u062f\u0647\u062f\u060c \u0628\u0631\u062e\u06cc \u0627\u0632 \u0634\u0628\u06a9\u0647\u200c\u0647\u0627\u06cc \u06a9\u0634\u0648\u0631 \u062f\u0631 \u0628\u0631\u0627\u0628\u0631 \u0627\u06cc\u0646 \u0636\u0639\u0641\u200c\u0647\u0627 \u0628\u0647 \u062f\u0631\u0633\u062a\u06cc \u0645\u062d\u0627\u0641\u0638\u062a \u0646\u0634\u062f\u0647\u200c\u0627\u0646\u062f. \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u0646\u0627\u062f\u0631\u0633\u062a\u060c \u0639\u062f\u0645 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0628\u0647 \u0645\u0648\u0642\u0639 \u0648 \u0639\u062f\u0645 \u0627\u0639\u0645\u0627\u0644 \u0633\u06cc\u0627\u0633\u062a\u200c\u0647\u0627\u06cc \u0635\u062d\u06cc\u062d \u0627\u0645\u0646\u06cc\u062a\u06cc \u062f\u0631 \u0647\u0646\u06af\u0627\u0645 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 HP Integrated Lights-Out \u0627\u0632 \u062f\u0644\u0627\u06cc\u0644 \u0627\u0635\u0644\u06cc \u0627\u06cc\u0646 \u0636\u0639\u0641 \u062f\u0631 \u0634\u0628\u06a9\u0647\u200c\u0647\u0627\u06cc \u06a9\u0634\u0648\u0631 \u0645\u06cc\u200c\u0628\u0627\u0634\u062f. \n\n\u0628\u0647 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f:\n\n- \u0627\u06af\u0631 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0627\u06cc\u0646 \u0633\u0631\u0648\u06cc\u0633 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0627\u06cc\u0646\u062a\u0631\u0646\u062a \u0636\u0631\u0648\u0631\u06cc \u0646\u06cc\u0633\u062a\u060c \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0622\u0646 \u0631\u0627 \u0645\u062d\u062f\u0648\u062f \u0628\u0647 \u0634\u0628\u06a9\u0647 \u062f\u0627\u062e\u0644\u06cc \u062e\u0648\u062f \u0646\u0645\u0627\u06cc\u0646\u062f.\n\n- \u0628\u0627 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u062e\u0648\u062f \u0645\u0637\u0645\u0626\u0646 \u0634\u0648\u0646\u062f \u06a9\u0647 \u062a\u062d\u062a \u062a\u0627\u062b\u06cc\u0631 \u0627\u06cc\u0646 \u0633\u0647 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0642\u0631\u0627\u0631 \u0646\u062f\u0627\u0631\u0646\u062f.\n\n- \u0628\u0627 \u062a\u0648\u062c\u0647 \u0628\u0647 \u0627\u0645\u06a9\u0627\u0646 \u0646\u0641\u0648\u0630 \u0628\u0647 \u0627\u06cc\u0646 \u0633\u0631\u0648\u06cc\u0633 \u062a\u0648\u0633\u0637 \u06af\u0631\u0647\u200c\u0647\u0627\u06cc \u0627\u0644\u0648\u062f\u0647 \u0634\u062f\u0647 \u0634\u0628\u06a9\u0647 \u062f\u0627\u062e\u0644\u06cc\u060c \u0633\u06cc\u0627\u0633\u062a\u200c\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u0633\u062e\u062a \u06af\u06cc\u0631\u0627\u0646\u0647\u200c\u0627\u06cc \u0627\u0632 \u062c\u0645\u0644\u0647 vlan\u0628\u0646\u062f\u06cc \u0645\u062c\u0632\u0627 \u0628\u0631\u0627\u06cc \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0627\u06cc\u0646 \u0633\u0631\u0648\u06cc\u0633 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0634\u0628\u06a9\u0647 \u062f\u0627\u062e\u0644\u06cc \u0627\u06a9\u06cc\u062f\u0627 \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc\u0634\u0648\u062f.\n\n- \u0628\u0627 \u062a\u0646\u0638\u06cc\u0645 \u062a\u062c\u0647\u06cc\u0632\u0627\u062a \u0627\u0645\u0646\u06cc\u062a\u06cc \u0648 \u0631\u0648\u06cc\u062f\u0627\u062f\u0646\u06af\u0627\u0631\u06cc \u062d\u0633\u0627\u0633\u06cc\u062a \u0648\u06cc\u0698\u0647 \u0646\u0633\u0628\u062a \u0628\u0647 \u062a\u0644\u0627\u0634 \u0628\u0631\u0627\u06cc \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u067e\u0648\u0631\u062a\u200c\u0647\u0627\u06cc ILO \u06cc\u0627 SSH \u0633\u0631\u0648\u0631\u0647\u0627 \u062f\u0631 \u0646\u0638\u0631 \u06af\u0631\u0641\u062a\u0647 \u0634\u0648\u062f.\n\ud83d\udc6e\u200d\u2640\ufe0f\ud83d\udc6e\u200d\u2640\ufe0f \u0628\u0627\u0632\u0646\u0634\u0631 \u0645\u0637\u0627\u0644\u0628 \u0627\u06cc\u0646 \u06a9\u0627\u0646\u0627\u0644 \u0635\u0631\u0641\u0627 \u0628\u0627 \u0630\u06a9\u0631 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u06a9\u0627\u0645\u0644 \u06a9\u0627\u0646\u0627\u0644 \u0645\u062c\u0627\u0632 \u0645\u06cc\u0628\u0627\u0634\u062f.\n\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\n\u0627\u062f\u0645\u06cc\u0646:\nhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u062a\u0648\u06cc\u06cc\u062a\u0631:\nhttps://twitter.com/icscerti", "creation_timestamp": "2021-07-13T08:42:36.000000Z"}, {"uuid": "a1321e02-b30c-4eb5-9e7a-cb29c793c127", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-12542", "type": "published-proof-of-concept", "source": "https://t.me/w2hack/112", "content": "\u0421\u0435\u0433\u043e\u0434\u043d\u044f \u0443 \u043d\u0430\u0441 \u0432 \u043b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u0442\u0435\u043e\u0440\u0435\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0440\u0430\u0437\u0431\u043e\u0440 \u0438 \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0430\u0446\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0434\u0432\u0443\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 (CVE-2017-12542 \u0438 CVE-2013-4805) \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435  \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c\u0438 iLO  \u043e\u0442 \u0432\u0435\u043d\u0434\u043e\u0440\u0430 HP\n\n#demonstration\n\nhttp://telegra.ph/Ataka-na-servera-HP-cherez-uyazvimosti-ILO-CVE-2017-12542-i-CVE-2013-4805-08-10", "creation_timestamp": "2020-06-29T11:04:47.000000Z"}, {"uuid": "1054384d-9794-4a32-912f-3fa060964dc3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-12542", "type": "exploited", "source": "https://t.me/tengkorakcybercrewz/709", "content": "\"port:23 console gateway\" Polycom video-conference system no-auth shell \"\"polycom command shell\"\" NPort serial-to-eth / MoCA devices without password \"nport -keyin port:23\" Android Root Bridges\n\nA tangential result of Google's sloppy fractured update approach. \ud83d\ude44 More information here. \"\"Android Debug Bridge\" \"Device\" port:5555\" Lantronix Serial-to-Ethernet Adapter Leaking Telnet Passwords \"Lantronix password port:30718 -secured\" Citrix Virtual Apps \"\"Citrix Applications:\" port:1604\" Cisco Smart Install\n\nVulnerable (kind of \"by design,\" but especially when exposed). \"\"smart install client active\"\" PBX IP Phone Gateways \"PBX \"gateway console\" -password port:23\" Polycom Video Conferencing \"http.title:\"- Polycom\" \"Server: lighttpd\"\" \"\"Polycom Command Shell\" -failed port:23\" Telnet Configuration: \"\"Polycom Command Shell\" -failed port:23\"\n\nExample: Polycom Video Conferencing Bomgar Help Desk Portal \"\"Server: Bomgar\" \"200 OK\"\" Intel Active Management CVE-2017-5689 \"\"Intel(R) Active Management Technology\" port:623,664,16992,16993,16994,16995\" \"\"Active Management Technology\"\" HP iLO 4 CVE-2017-12542 \"HP-ILO-4 !\"HP-ILO-4/2.53\" !\"HP-ILO-4/2.54\" !\"HP-ILO-4/2.55\" !\"HP-ILO-4/2.60\" !\"HP-ILO-4/2.61\" !\"HP-ILO-4/2.62\" !\"HP-iLO-4/2.70\" port:1900\" Lantronix ethernet adapter's admin interface without password \"\"Press Enter for Setup Mode port:9999\"\" Wifi Passwords:\n\nHelps to find the cleartext wifi passwords in Shodan. \"html:\"def_wirelesspassword\"\" Misconfigured Wordpress Sites:\n\nThe wp-config.php if accessed can give out the database credentials. \"http.html:\"* The wp-config.php creation script uses this file\"\" Outlook Web Access: Exchange 2007 \"\"x-owa-version\" \"IE=EmulateIE7\" \"Server: Microsoft-IIS/7.0\"\" Exchange 2010 \"\"x-owa-version\" \"IE=EmulateIE7\" http.favicon.hash:442749392\" Exchange 2013 / 2016 \"\"X-AspNet-Version\" http.title:\"Outlook\" -\"x-owa-version\"\" Lync / Skype for Business \"\"X-MS-Server-Fqdn\"\" Network Attached Storage (NAS) SMB (Samba) File Shares\n\nProduces ~500,000 results...narrow down by adding \"Documents\" or \"Videos\", etc. \"\"Authentication: disabled\" port:445\" Specifically domain controllers: \"\"Authentication: disabled\" NETLOGON SYSVOL -unix port:445\" Concerning default network shares of QuickBooks files: \"\"Authentication: disabled\" \"Shared this folder to access QuickBooks files OverNetwork\" -unix port:445\" FTP Servers with Anonymous Login \"\"220\" \"230 Login successful.\" port:21\" Iomega / LenovoEMC NAS Drives \"\"Set-Cookie: iomega=\" -\"manage/login.html\" -http.title:\"Log In\"\" Buffalo TeraStation NAS Drives \"Redirecting sencha port:9000\" Logitech Media Servers \"\"Server: Logitech Media Server\" \"200 OK\"\"\n\nExample: Logitech Media Servers Plex Media Servers \"\"X-Plex-Protocol\" \"200 OK\" port:32400\" Tautulli / PlexPy Dashboards \"\"CherryPy/5.1.0\" \"/home\"\" Home router attached USB \"\"IPC$ all storage devices\"\" Webcams Generic camera search \"title:camera\" Webcams with screenshots \"webcam has_screenshot:true\" D-Link webcams \"\"d-Link Internet Camera, 200 OK\"\" Hipcam \"\"Hipcam RealServer/V1.0\"\" Yawcams \"\"Server: yawcam\" \"Mime-Type: text/html\"\" webcamXP/webcam7 \"(\"webcam 7\" OR \"webcamXP\") http.component:\"mootools\" -401\" Android IP Webcam Server \"\"Server: IP Webcam Server\" \"200 OK\"\" Security DVRs \"html:\"DVR_H264 ActiveX\"\" Surveillance Cams:\n\nWith username:admin and password: :P \"NETSurveillance uc-httpd\" \"Server: uc-httpd 1.0.0\" Printers &amp; Copiers: HP Printers \"\"Serial Number:\" \"Built:\" \"Server: HP HTTP\"\" Xerox Copiers/Printers \"ssl:\"Xerox Generic Root\"\" Epson Printers \"\"SERVER: EPSON_Linux UPnP\" \"200 OK\"\" \"\"Server: EPSON-HTTP\" \"200 OK\"\" Canon Printers \"\"Server: KS_HTTP\" \"200 OK\"\" \"\"Server: CANON HTTP Server\"\" Home Devices Yamaha Stereos \"\"Server: AV_Recei[...]", "creation_timestamp": "2024-03-18T14:36:35.000000Z"}, {"uuid": "e2d63905-779d-41d5-81cc-90da50c75270", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-12542", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:09:53.000000Z"}, {"uuid": "d5bb4af0-d0ca-4063-8b37-24e760d9bf5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-12542", "type": "seen", "source": "Telegram/oeyie75zG3_SNoWDIOM3WDpmeZVlUWQtaEBffFXwL3uuPw", "content": "", "creation_timestamp": "2024-03-18T14:36:32.000000Z"}, {"uuid": "36573e2a-9937-42c0-9892-d3327d1d9ba9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-12542", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/4206", "content": "\"port:23 console gateway\" Polycom video-conference system no-auth shell \"\"polycom command shell\"\" NPort serial-to-eth / MoCA devices without password \"nport -keyin port:23\" Android Root Bridges\n\nA tangential result of Google's sloppy fractured update approach. \ud83d\ude44 More information here. \"\"Android Debug Bridge\" \"Device\" port:5555\" Lantronix Serial-to-Ethernet Adapter Leaking Telnet Passwords \"Lantronix password port:30718 -secured\" Citrix Virtual Apps \"\"Citrix Applications:\" port:1604\" Cisco Smart Install\n\nVulnerable (kind of \"by design,\" but especially when exposed). \"\"smart install client active\"\" PBX IP Phone Gateways \"PBX \"gateway console\" -password port:23\" Polycom Video Conferencing \"http.title:\"- Polycom\" \"Server: lighttpd\"\" \"\"Polycom Command Shell\" -failed port:23\" Telnet Configuration: \"\"Polycom Command Shell\" -failed port:23\"\n\nExample: Polycom Video Conferencing Bomgar Help Desk Portal \"\"Server: Bomgar\" \"200 OK\"\" Intel Active Management CVE-2017-5689 \"\"Intel(R) Active Management Technology\" port:623,664,16992,16993,16994,16995\" \"\"Active Management Technology\"\" HP iLO 4 CVE-2017-12542 \"HP-ILO-4 !\"HP-ILO-4/2.53\" !\"HP-ILO-4/2.54\" !\"HP-ILO-4/2.55\" !\"HP-ILO-4/2.60\" !\"HP-ILO-4/2.61\" !\"HP-ILO-4/2.62\" !\"HP-iLO-4/2.70\" port:1900\" Lantronix ethernet adapter's admin interface without password \"\"Press Enter for Setup Mode port:9999\"\" Wifi Passwords:\n\nHelps to find the cleartext wifi passwords in Shodan. \"html:\"def_wirelesspassword\"\" Misconfigured Wordpress Sites:\n\nThe wp-config.php if accessed can give out the database credentials. \"http.html:\"* The wp-config.php creation script uses this file\"\" Outlook Web Access: Exchange 2007 \"\"x-owa-version\" \"IE=EmulateIE7\" \"Server: Microsoft-IIS/7.0\"\" Exchange 2010 \"\"x-owa-version\" \"IE=EmulateIE7\" http.favicon.hash:442749392\" Exchange 2013 / 2016 \"\"X-AspNet-Version\" http.title:\"Outlook\" -\"x-owa-version\"\" Lync / Skype for Business \"\"X-MS-Server-Fqdn\"\" Network Attached Storage (NAS) SMB (Samba) File Shares\n\nProduces ~500,000 results...narrow down by adding \"Documents\" or \"Videos\", etc. \"\"Authentication: disabled\" port:445\" Specifically domain controllers: \"\"Authentication: disabled\" NETLOGON SYSVOL -unix port:445\" Concerning default network shares of QuickBooks files: \"\"Authentication: disabled\" \"Shared this folder to access QuickBooks files OverNetwork\" -unix port:445\" FTP Servers with Anonymous Login \"\"220\" \"230 Login successful.\" port:21\" Iomega / LenovoEMC NAS Drives \"\"Set-Cookie: iomega=\" -\"manage/login.html\" -http.title:\"Log In\"\" Buffalo TeraStation NAS Drives \"Redirecting sencha port:9000\" Logitech Media Servers \"\"Server: Logitech Media Server\" \"200 OK\"\"\n\nExample: Logitech Media Servers Plex Media Servers \"\"X-Plex-Protocol\" \"200 OK\" port:32400\" Tautulli / PlexPy Dashboards \"\"CherryPy/5.1.0\" \"/home\"\" Home router attached USB \"\"IPC$ all storage devices\"\" Webcams Generic camera search \"title:camera\" Webcams with screenshots \"webcam has_screenshot:true\" D-Link webcams \"\"d-Link Internet Camera, 200 OK\"\" Hipcam \"\"Hipcam RealServer/V1.0\"\" Yawcams \"\"Server: yawcam\" \"Mime-Type: text/html\"\" webcamXP/webcam7 \"(\"webcam 7\" OR \"webcamXP\") http.component:\"mootools\" -401\" Android IP Webcam Server \"\"Server: IP Webcam Server\" \"200 OK\"\" Security DVRs \"html:\"DVR_H264 ActiveX\"\" Surveillance Cams:\n\nWith username:admin and password: :P \"NETSurveillance uc-httpd\" \"Server: uc-httpd 1.0.0\" Printers &amp; Copiers: HP Printers \"\"Serial Number:\" \"Built:\" \"Server: HP HTTP\"\" Xerox Copiers/Printers \"ssl:\"Xerox Generic Root\"\" Epson Printers \"\"SERVER: EPSON_Linux UPnP\" \"200 OK\"\" \"\"Server: EPSON-HTTP\" \"200 OK\"\" Canon Printers \"\"Server: KS_HTTP\" \"200 OK\"\" \"\"Server: CANON HTTP Server\"\" Home Devices Yamaha Stereos \"\"Server: AV_Recei[...]", "creation_timestamp": "2024-03-18T14:36:35.000000Z"}, {"uuid": "c885a8bc-40e2-4a20-a8ff-20d81ed08aa3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-12542", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/hp/hp_ilo_create_admin_account.rb", "content": "", "creation_timestamp": "2018-05-29T15:50:33.000000Z"}, {"uuid": "351cae77-2c72-41a7-99ac-e4527da23fc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-12542", "type": "seen", "source": "https://t.me/ETHICALHACKERSCOMMUNITY2/3830", "content": "\"DICOM Server Response\" port:104 GaugeTech Electricity Meters \"Server: EIG Embedded Web Server\" \"200 Document follows\" Siemens Industrial Automation \"Siemens, SIMATIC\" port:161 Siemens HVAC Controllers \"Server: Microsoft-WinCE\" \"Content-Length: 12581\" Door / Lock Access Controllers \"HID VertX\" port:4070 Railroad Management \"log off\" \"select the appropriate\" Tesla Powerpack charging Status: Helps to find the charging status of tesla powerpack. http.title:\"Tesla PowerPack System\" http.component:\"d3\" -ga3ca4f2 XZERES Wind Turbine title:\"xzeres wind\" PIPS Automated (https://www.kitploit.com/search/label/Automated) License Plate Reader \"html:\"PIPS Technology ALPR Processors\"\" Modbus \"port:502\" Niagara Fox \"port:1911,4911 product:Niagara\" GE-SRTP \"port:18245,18246 product:\"general electric\"\" MELSEC-Q \"port:5006,5007 product:mitsubishi\" CODESYS \"port:2455 operating system\" S7 \"port:102\" BACnet \"port:47808\" HART-IP \"port:5094 hart-ip\" Omron FINS \"port:9600 response code\" IEC 60870-5-104 \"port:2404 asdu address\" DNP3 \"port:20000 source address\" EtherNet/IP \"port:44818\" PCWorx \"port:1962 PLC\" Crimson v3.0 \"port:789 product:\"Red Lion Controls\" ProConOS \"port:20547 PLC\" Remote Desktop Unprotected VNC \"authentication disabled\" port:5900,5901 \"authentication disabled\" \"RFB 003.008\" Windows RDP 99.99% are secured by a secondary Windows login screen. \"\\x03\\x00\\x00\\x0b\\x06\\xd0\\x00\\x00\\x124\\x00\" C2 Infrastructure CobaltStrike Servers product:\"cobalt strike team server\" product:\"Cobalt Strike Beacon\" ssl.cert.serial:146473198 - default certificate serial number ssl.jarm:07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1 ssl:foren.zik Brute Ratel http.html_hash:-1957161625 product:\"Brute Ratel C4\" Covenant ssl:\"Covenant\" http.component:\"Blazor\" Metasploit ssl:\"MetasploitSelfSignedCA\" Network Infrastructure Hacked routers: Routers which got compromised hacked-router-help-sos Redis open instances product:\"Redis key-value store\" Citrix: Find Citrix Gateway. title:\"citrix gateway\" Weave Scope Dashboards Command-line access inside Kubernetes (https://www.kitploit.com/search/label/Kubernetes) pods and Docker containers, and real-time visualization/monitoring of the entire infrastructure. title:\"Weave Scope\" http.favicon.hash:567176827 Jenkins CI \"X-Jenkins\" \"Set-Cookie: JSESSIONID\" http.title:\"Dashboard\" Jenkins: Jenkins Unrestricted Dashboard x-jenkins 200 Docker APIs \"Docker Containers:\" port:2375 Docker Private Registries \"Docker-Distribution-Api-Version: registry\" \"200 OK\" -gitlab Pi-hole Open DNS Servers \"dnsmasq-pi-hole\" \"Recursion: enabled\" DNS Servers with recursion \"port: 53\" Recursion: Enabled Already Logged-In as root via Telnet \"root@\" port:23 -login -password -name -Session Telnet Access: NO password required for telnet access. port:23 console gateway Polycom video-conference system no-auth shell \"polycom command shell\" NPort serial-to-eth / MoCA devices without password nport -keyin port:23 Android Root Bridges A tangential result of Google's sloppy fractured update approach. \ud83d\ude44 More information here. \"Android Debug Bridge\" \"Device\" port:5555 Lantronix Serial-to-Ethernet Adapter Leaking Telnet Passwords Lantronix password port:30718 -secured Citrix Virtual Apps \"Citrix Applications:\" port:1604 Cisco Smart Install Vulnerable (kind of \"by design,\" but especially when exposed). \"smart install client active\" PBX IP Phone Gateways PBX \"gateway console\" -password port:23 Polycom Video Conferencing http.title:\"- Polycom\" \"Server: lighttpd\" \"Polycom Command Shell\" -failed port:23 Telnet Configuration: \"Polycom Command Shell\" -failed port:23 Example: Polycom Video Conferencing Bomgar Help Desk Portal \"Server: Bomgar\" \"200 OK\" Intel Active Management (https://www.kitploit.com/search/label/Management) CVE-2017-5689 \"Intel(R) Active Management Technology\" port:623,664,16992,16993,16994,16995 \"Active Management Technology\" HP iLO 4 CVE-2017-12542 HP-ILO-4 !\"HP-ILO-4/2.53\" !\"HP-ILO-4/2.54\" !\"HP-ILO-4/2.55\" !\"HP-ILO-4/2.60\" !\"HP-ILO-4/2.61\"", "creation_timestamp": "2024-03-18T12:04:27.000000Z"}, {"uuid": "2659e877-9e91-4559-a71c-f40bd88be00e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-12542", "type": "seen", "source": "https://t.me/VasileiadisAnastasis/631", "content": "GaugeTech Electricity Meters\n\"Server: EIG Embedded Web Server\" \"200 Document follows\"\n\nSiemens Industrial Automation\n\"Siemens, SIMATIC\" port:161\n\nSiemens HVAC Controllers\n\"Server: Microsoft-WinCE\" \"Content-Length: 12581\"\n\nDoor / Lock Access Controllers\n\"HID VertX\" port:4070\n\nRailroad Management\n\"log off\" \"select the appropriate\"\n\nTesla Powerpack charging Status:\nHelps to find the charging status of tesla powerpack. http.title:\"Tesla PowerPack System\" http.component:\"d3\" -ga3ca4f2\n\nXZERES Wind Turbine\ntitle:\"xzeres wind\"\n\nPIPS Automated License Plate Reader\n\"html:\"PIPS Technology ALPR Processors\"\"\n\nModbus\n\"port:502\"\n\nNiagara Fox\n\"port:1911,4911 product:Niagara\"\n\nGE-SRTP\n\"port:18245,18246 product:\"general electric\"\"\n\nMELSEC-Q\n\"port:5006,5007 product:mitsubishi\"\n\nCODESYS\n\"port:2455 operating system\"\n\nS7\n\"port:102\"\n\nBACnet\n\"port:47808\"\n\nHART-IP\n\"port:5094 hart-ip\"\n\nOmron FINS\n\"port:9600 response code\"\n\nIEC 60870-5-104\n\"port:2404 asdu address\"\n\nDNP3\n\"port:20000 source address\"\n\nEtherNet/IP\n\"port:44818\"\n\nPCWorx\n\"port:1962 PLC\"\n\nCrimson v3.0\n\"port:789 product:\"Red Lion Controls\"\n\nProConOS\n\"port:20547 PLC\"\n\nRemote Desktop\nUnprotected VNC\n\"authentication disabled\" port:5900,5901 \"authentication disabled\" \"RFB 003.008\"\n\nWindows RDP\n99.99% are secured by a secondary Windows login screen.\n\n\"\\x03\\x00\\x00\\x0b\\x06\\xd0\\x00\\x00\\x124\\x00\"\n\nC2 Infrastructure\nCobaltStrike Servers\nproduct:\"cobalt strike team server\" product:\"Cobalt Strike Beacon\" ssl.cert.serial:146473198 - default certificate serial number ssl.jarm:07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1 ssl:foren.zik\n\nBrute Ratel\nhttp.html_hash:-1957161625 product:\"Brute Ratel C4\"\n\nCovenant\nssl:\u201dCovenant\u201d http.component:\u201dBlazor\u201d\n\nMetasploit\nssl:\"MetasploitSelfSignedCA\"\n\nNetwork Infrastructure\nHacked routers:\nRouters which got compromised hacked-router-help-sos\n\nRedis open instances\nproduct:\"Redis key-value store\"\n\nCitrix:\nFind Citrix Gateway. title:\"citrix gateway\"\n\n\ud83d\udc33Weave Scope Dashboards\nCommand-line access inside Kubernetes pods and Docker containers, and real-time visualization/monitoring of the entire infrastructure.\n\ntitle:\"Weave Scope\" http.favicon.hash:567176827\n\nJenkins CI\n\"X-Jenkins\" \"Set-Cookie: JSESSIONID\" http.title:\"Dashboard\"\n\nJenkins:\nJenkins Unrestricted Dashboard x-jenkins 200\n\nDocker APIs\n\"Docker Containers:\" port:2375\n\nDocker Private Registries\n\"Docker-Distribution-Api-Version: registry\" \"200 OK\" -gitlab\n\nPi-hole Open DNS Servers\n\"dnsmasq-pi-hole\" \"Recursion: enabled\"\n\nDNS Servers with recursion\n\"port: 53\" Recursion: Enabled\n\nAlready Logged-In as root via Telnet\n\"root@\" port:23 -login -password -name -Session\n\nTelnet Access:\nNO password required for telnet access. port:23 console gateway\n\nPolycom video-conference system no-auth shell\n\"polycom command shell\"\n\nNPort serial-to-eth / MoCA devices without password\nnport -keyin port:23\n\n\"Android Debug Bridge\" \"Device\" port:5555\n\nLantronix Serial-to-Ethernet Adapter Leaking Telnet Passwords\nLantronix password port:30718 -secured\n\nCitrix Virtual Apps\n\"Citrix Applications:\" port:1604\n\nCisco Smart Install\nVulnerable (kind of \"by design,\" but especially when exposed).\n\n\"smart install client active\"\n\nPBX IP Phone Gateways\nPBX \"gateway console\" -password port:23\n\nPolycom Video Conferencing\nhttp.title:\"- Polycom\" \"Server: lighttpd\" \"Polycom Command Shell\" -failed port:23\n\nTelnet Configuration:\n\"Polycom Command Shell\" -failed port:23\n\nExample: Polycom Video Conferencing\n\nBomgar Help Desk Portal\n\"Server: Bomgar\" \"200 OK\"\n\nIntel Active Management CVE-2017-5689\n\"Intel(R) Active Management Technology\" port:623,664,16992,16993,16994,16995 \u201dActive Management Technology\u201d\n\nHP iLO 4 CVE-2017-12542\nHP-ILO-4 !\"HP-ILO-4/2.53\" !\"HP-ILO-4/2.54\" !\"HP-ILO-4/2.55\" !\"HP-ILO-4/2.60\" !\"HP-ILO-4/2.61\" !\"HP-ILO-4/2.62\" !\"HP-iLO-4/2.70\" port:1900\n\nLantronix ethernet adapter\u2019s admin interface without password\n\"Press Enter for Setup Mode port:9999\"\n\nWifi Passwords:\nHelps to find the cleartext wifi passwords in Shodan. html:\"def_wirelesspassword\"", "creation_timestamp": "2024-04-02T20:22:47.000000Z"}, {"uuid": "9db337b3-3d55-4acc-8b64-56bde857ceaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-12542", "type": "exploited", "source": "https://t.me/VasileiadisAnastasis/634", "content": "GaugeTech Electricity Meters\n\"Server: EIG Embedded Web Server\" \"200 Document follows\"\n\nSiemens Industrial Automation\n\"Siemens, SIMATIC\" port:161\n\nSiemens HVAC Controllers\n\"Server: Microsoft-WinCE\" \"Content-Length: 12581\"\n\nDoor / Lock Access Controllers\n\"HID VertX\" port:4070\n\nRailroad Management\n\"log off\" \"select the appropriate\"\n\nTesla Powerpack charging Status:\nHelps to find the charging status of tesla powerpack. http.title:\"Tesla PowerPack System\" http.component:\"d3\" -ga3ca4f2\n\nXZERES Wind Turbine\ntitle:\"xzeres wind\"\n\nPIPS Automated License Plate Reader\n\"html:\"PIPS Technology ALPR Processors\"\"\n\nModbus\n\"port:502\"\n\nNiagara Fox\n\"port:1911,4911 product:Niagara\"\n\nGE-SRTP\n\"port:18245,18246 product:\"general electric\"\"\n\nMELSEC-Q\n\"port:5006,5007 product:mitsubishi\"\n\nCODESYS\n\"port:2455 operating system\"\n\nS7\n\"port:102\"\n\nBACnet\n\"port:47808\"\n\nHART-IP\n\"port:5094 hart-ip\"\n\nOmron FINS\n\"port:9600 response code\"\n\nIEC 60870-5-104\n\"port:2404 asdu address\"\n\nDNP3\n\"port:20000 source address\"\n\nEtherNet/IP\n\"port:44818\"\n\nPCWorx\n\"port:1962 PLC\"\n\nCrimson v3.0\n\"port:789 product:\"Red Lion Controls\"\n\nProConOS\n\"port:20547 PLC\"\n\n\ud83d\udd30Remote Desktop\n\nUnprotected VNC\n\"authentication disabled\" port:5900,5901 \"authentication disabled\" \"RFB 003.008\"\n\nWindows RDP\n99.99% are secured by a secondary Windows login screen.\n\n\"\\x03\\x00\\x00\\x0b\\x06\\xd0\\x00\\x00\\x124\\x00\"\n\n\ud83d\udd30C2 Infrastructure\n\nCobaltStrike Servers\nproduct:\"cobalt strike team server\" product:\"Cobalt Strike Beacon\" ssl.cert.serial:146473198 - default certificate serial number ssl.jarm:07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1 ssl:foren.zik\n\nBrute Ratel\nhttp.html_hash:-1957161625 product:\"Brute Ratel C4\"\n\nCovenant\nssl:\u201dCovenant\u201d http.component:\u201dBlazor\u201d\n\nMetasploit\nssl:\"MetasploitSelfSignedCA\"\n\n\ud83d\udd30Network Infrastructure\n\nHacked routers:\nRouters which got compromised hacked-router-help-sos\n\nRedis open instances\nproduct:\"Redis key-value store\"\n\nCitrix:\nFind Citrix Gateway. title:\"citrix gateway\"\n\n\ud83d\udc33Weave Scope Dashboards\nCommand-line access inside Kubernetes pods and Docker containers, and real-time visualization/monitoring of the entire infrastructure.\n\ntitle:\"Weave Scope\" http.favicon.hash:567176827\n\nJenkins CI\n\"X-Jenkins\" \"Set-Cookie: JSESSIONID\" http.title:\"Dashboard\"\n\nJenkins:\nJenkins Unrestricted Dashboard x-jenkins 200\n\nDocker APIs\n\"Docker Containers:\" port:2375\n\nDocker Private Registries\n\"Docker-Distribution-Api-Version: registry\" \"200 OK\" -gitlab\n\nPi-hole Open DNS Servers\n\"dnsmasq-pi-hole\" \"Recursion: enabled\"\n\nDNS Servers with recursion\n\"port: 53\" Recursion: Enabled\n\nAlready Logged-In as root via Telnet\n\"root@\" port:23 -login -password -name -Session\n\nTelnet Access:\nNO password required for telnet access. port:23 console gateway\n\nPolycom video-conference system no-auth shell\n\"polycom command shell\"\n\nNPort serial-to-eth / MoCA devices without password\nnport -keyin port:23\n\n\"Android Debug Bridge\" \"Device\" port:5555\n\nLantronix Serial-to-Ethernet Adapter Leaking Telnet Passwords\nLantronix password port:30718 -secured\n\nCitrix Virtual Apps\n\"Citrix Applications:\" port:1604\n\nCisco Smart Install\nVulnerable (kind of \"by design,\" but especially when exposed).\n\n\"smart install client active\"\n\nPBX IP Phone Gateways\nPBX \"gateway console\" -password port:23\n\nPolycom Video Conferencing\nhttp.title:\"- Polycom\" \"Server: lighttpd\" \"Polycom Command Shell\" -failed port:23\n\nTelnet Configuration:\n\"Polycom Command Shell\" -failed port:23\n\nExample: Polycom Video Conferencing\n\nBomgar Help Desk Portal\n\"Server: Bomgar\" \"200 OK\"\n\nIntel Active Management CVE-2017-5689\n\"Intel(R) Active Management Technology\" port:623,664,16992,16993,16994,16995 \u201dActive Management Technology\u201d\n\nHP iLO 4 CVE-2017-12542\nHP-ILO-4 !\"HP-ILO-4/2.53\" !\"HP-ILO-4/2.54\" !\"HP-ILO-4/2.55\" !\"HP-ILO-4/2.60\" !\"HP-ILO-4/2.61\" !\"HP-ILO-4/2.62\" !\"HP-iLO-4/2.70\" port:1900\n\nLantronix ethernet adapter\u2019s admin interface without password\n\"Press Enter for Setup Mode port:9999\"\n\nWifi Passwords:\nHelps to find the cleartext wifi passwords in Shodan. html:\"def_wirelesspassword\"", "creation_timestamp": "2024-04-02T15:27:21.000000Z"}, {"uuid": "facbdf6e-6517-4eed-8e05-6c92be46928b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-12542", "type": "exploited", "source": "https://t.me/itsecalert/105", "content": "\u26a0\ufe0f  Ransomware has been released for HPE iLO 4  v. &lt; 2.53 \n\nThe bug is probably related to an old vulnerability. The new trojan will crypt your hard drive and/or delete data the ransom is around 2BTC for the key.\n\nUpdate your iLO4 now and only allow remote management interfaces only through a secure VPN.\n\nMore information: https://yt.gl/8o9fe \nold CVE: https://yt.gl/n8khm\n(severity: \ud83d\udd36 high) \n\n#alert #vulnerability #severityhigh #hp #ilo4 #ransomware #CVE-2017-12542\nThanks to @nekocentral for the alert. \nFeel free to discuss this issue in @itsectalk\nFollow us on LinkedIn and share directly with your network! \nhttps://www.linkedin.com/company/18509395/", "creation_timestamp": "2018-04-27T23:53:47.000000Z"}, {"uuid": "fe4b88f5-7b44-4b93-b154-7b2ecdb93db2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-12542", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:43.000000Z"}]}