工具分享 工控安全

分享一个施耐德以太网模块的老版本固件

获取方式

Unity OS Loader于NOE 771 01模块远程上传(V3.60版本固件FTP使用默认口令认证,OS Loader远程上传时不需要口令及设备MAC地址确认)

用途思考

1、静态部分可以用作防站(蜜罐)
image001_1
2、熟悉PLC内部文件架构
3、固件二进制分析

文件列表

commandList.lst
FLASH0
FLASH0/bin
FLASH0/ftp
FLASH0/fw
FLASH0/gdt
FLASH0/rdt
FLASH0/webloader.ini
FLASH0/wwwroot
FLASH0/bin/$TMP_EMPTY_DIR
FLASH0/ftp/$TMP_EMPTY_DIR
FLASH0/fw/crashlog.txt
FLASH0/fw/fw.ini //固件版本
FLASH0/fw/hw.ini
FLASH0/gdt/$TMP_EMPTY_DIR
FLASH0/rdt/password.rde //调用密码
FLASH0/wwwroot/cgi-bin
FLASH0/wwwroot/classes
FLASH0/wwwroot/conf
FLASH0/wwwroot/html
FLASH0/wwwroot/images
FLASH0/wwwroot/index.htm //web首页文件
FLASH0/wwwroot/lib
FLASH0/wwwroot/SchneiderTFE.zip //施耐德MIB文件
FLASH0/wwwroot/secure
FLASH0/wwwroot/unsecure
FLASH0/wwwroot/cgi-bin/$TMP_EMPTY_DIR
FLASH0/wwwroot/classes/jvmver.jar //JAVA APP
FLASH0/wwwroot/classes/RDE.jar //JAVA APP
FLASH0/wwwroot/classes/SAComm.jar //JAVA APP
FLASH0/wwwroot/classes/SysDiag.jar //JAVA APP
FLASH0/wwwroot/classes/webcfg.jar //JAVA APP
FLASH0/wwwroot/classes/webdiag.jar //JAVA APP
FLASH0/wwwroot/classes/XMLParser.jar//JAVA APP
FLASH0/wwwroot/classes/xmlrpc-1.1.jar //JAVA APP
FLASH0/wwwroot/conf/bootp
FLASH0/wwwroot/conf/dhcp
FLASH0/wwwroot/conf/diag
FLASH0/wwwroot/conf/exec
FLASH0/wwwroot/conf/fw
FLASH0/wwwroot/conf/Gcnftcop.sys
FLASH0/wwwroot/conf/glbdata
FLASH0/wwwroot/conf/ioscanner
FLASH0/wwwroot/conf/snmp
FLASH0/wwwroot/conf/bootp/$TMP_EMPTY_DIR
FLASH0/wwwroot/conf/dhcp/$TMP_EMPTY_DIR
FLASH0/wwwroot/conf/diag/$TMP_EMPTY_DIR
FLASH0/wwwroot/conf/exec/kerVer
FLASH0/wwwroot/conf/exec/NOE77101.bin //Quantum Ethernet Executive firmware Ver. 3.60
FLASH0/wwwroot/conf/fw/fw.ini
FLASH0/wwwroot/conf/glbdata/glbdata.ini
FLASH0/wwwroot/conf/ioscanner/$TMP_EMPTY_DIR
FLASH0/wwwroot/conf/snmp/snmp.ini
FLASH0/wwwroot/html/config.js //定义了WEB界面title可做通用设备识别
FLASH0/wwwroot/html/english
FLASH0/wwwroot/html/images
FLASH0/wwwroot/html/lib
FLASH0/wwwroot/html/english/control
FLASH0/wwwroot/html/english/diagnostic
FLASH0/wwwroot/html/english/documentation
FLASH0/wwwroot/html/english/header.htm
FLASH0/wwwroot/html/english/home
FLASH0/wwwroot/html/english/index.htm
FLASH0/wwwroot/html/english/maintenance
FLASH0/wwwroot/html/english/monitoring
FLASH0/wwwroot/html/english/setup
FLASH0/wwwroot/html/english/control/index.htm
FLASH0/wwwroot/html/english/control/menu.htm
FLASH0/wwwroot/html/english/diagnostic/index.htm
FLASH0/wwwroot/html/english/diagnostic/menu.htm
FLASH0/wwwroot/html/english/documentation/index.htm
FLASH0/wwwroot/html/english/documentation/menu.htm
FLASH0/wwwroot/html/english/home/home.htm
FLASH0/wwwroot/html/english/home/index.htm
FLASH0/wwwroot/html/english/home/menu.htm
FLASH0/wwwroot/html/english/maintenance/index.htm
FLASH0/wwwroot/html/english/maintenance/menu.htm
FLASH0/wwwroot/html/english/monitoring/index.htm
FLASH0/wwwroot/html/english/monitoring/menu.htm
FLASH0/wwwroot/html/english/setup/index.htm
FLASH0/wwwroot/html/english/setup/menu.htm
FLASH0/wwwroot/html/images/noe77101.jpg //产品型号图片
FLASH0/wwwroot/html/images/Telemecanique.gif
FLASH0/wwwroot/html/images/TelemecaniquePocketPC.gif
FLASH0/wwwroot/html/lib/css
FLASH0/wwwroot/html/lib/images
FLASH0/wwwroot/html/lib/js
FLASH0/wwwroot/html/lib/css/header.css
FLASH0/wwwroot/html/lib/css/main.css
FLASH0/wwwroot/html/lib/css/menu.css
FLASH0/wwwroot/html/lib/images/left.gif
FLASH0/wwwroot/html/lib/images/moins.gif
FLASH0/wwwroot/html/lib/images/plus.gif
FLASH0/wwwroot/html/lib/images/right.gif
FLASH0/wwwroot/html/lib/js/header.js
FLASH0/wwwroot/html/lib/js/home.js
FLASH0/wwwroot/html/lib/js/index.js
FLASH0/wwwroot/html/lib/js/menu.js
FLASH0/wwwroot/html/lib/js/tools.js
FLASH0/wwwroot/images/eight_io.gif
FLASH0/wwwroot/images/empty.gif
FLASH0/wwwroot/images/hiendcpu.gif
FLASH0/wwwroot/images/logo.gif
FLASH0/wwwroot/images/miniplc.gif
FLASH0/wwwroot/images/module.gif
FLASH0/wwwroot/lib/home.js
FLASH0/wwwroot/lib/main.css
FLASH0/wwwroot/lib/main.js
FLASH0/wwwroot/secure/embedded
FLASH0/wwwroot/secure/system
FLASH0/wwwroot/secure/user
FLASH0/wwwroot/secure/embedded/bandwidth.htm
FLASH0/wwwroot/secure/embedded/chkdsk.htm
FLASH0/wwwroot/secure/embedded/classes
FLASH0/wwwroot/secure/embedded/dhcp_node_config.htm
FLASH0/wwwroot/secure/embedded/format_flash.htm
FLASH0/wwwroot/secure/embedded/french
FLASH0/wwwroot/secure/embedded/ftp_passwd_config.htm
FLASH0/wwwroot/secure/embedded/german
FLASH0/wwwroot/secure/embedded/globaldata.htm
FLASH0/wwwroot/secure/embedded/http_passwd_config.htm
FLASH0/wwwroot/secure/embedded/images
FLASH0/wwwroot/secure/embedded/ioscanning.htm
FLASH0/wwwroot/secure/embedded/messaging.htm
FLASH0/wwwroot/secure/embedded/reboot.htm
FLASH0/wwwroot/secure/embedded/set_readonly.htm
FLASH0/wwwroot/secure/embedded/smtpconf.htm
FLASH0/wwwroot/secure/embedded/smtpdiag.htm
FLASH0/wwwroot/secure/embedded/spanish
FLASH0/wwwroot/secure/embedded/support.htm
FLASH0/wwwroot/secure/embedded/web_page_Ver.ini
FLASH0/wwwroot/secure/embedded/classes/$TMP_EMPTY_DIR
FLASH0/wwwroot/secure/embedded/french/$TMP_EMPTY_DIR
FLASH0/wwwroot/secure/embedded/german/$TMP_EMPTY_DIR
FLASH0/wwwroot/secure/embedded/images/$TMP_EMPTY_DIR
FLASH0/wwwroot/secure/embedded/spanish/$TMP_EMPTY_DIR
FLASH0/wwwroot/secure/system/ctrlstat.htm
FLASH0/wwwroot/secure/system/ethernet.htm
FLASH0/wwwroot/secure/system/plccfg.htm
FLASH0/wwwroot/secure/system/rde.htm
FLASH0/wwwroot/secure/system/riostat.htm
FLASH0/wwwroot/secure/user/$TMP_EMPTY_DIR
FLASH0/wwwroot/unsecure/user
FLASH0/wwwroot/unsecure/user/$TMP_EMPTY_DIR

固件下载(noe77101_OS.bin)

About Z-0ne

Leave a Reply

Your email address will not be published. Required fields are marked *

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据