04/11/12

Vulnerable SCADA Systems -Dorks

Here are some useful queries:

  • http://www.shodanhq.com/?q=port:161+country:US+simatic
  • http://www.shodanhq.com/?q=PLC
  • http://www.shodanhq.com/?q=allen+bradley
  • http://www.shodanhq.com/?q=fanuc
  • http://www.shodanhq.com/?q=Rockwell
  • http://www.shodanhq.com/?q=Cimplicity
  • http://www.shodanhq.com/?q=Omron
  • http://www.shodanhq.com/?q=Novatech
  • http://www.shodanhq.com/?q=Citect
  • http://www.shodanhq.com/?q=RTU
  • http://www.shodanhq.com/?q=Modbus+Bridge

    gAtO fool U -nO -sI

  • http://www.shodanhq.com/?q=modicon
  • http://www.shodanhq.com/?q=bacnet
  • http://www.shodanhq.com/?q=telemetry+gateway
  • http://www.shodanhq.com/?q=SIMATIC
  • http://www.shodanhq.com/?q=hmi
  • http://www.shodanhq.com/?q=siemens+-…er+-Subscriber
  • http://www.shodanhq.com/?q=scada+RTS
  • http://www.shodanhq.com/?q=SCHNEIDER
  • http://www.shodanhq.com/?q=port%3A161+simatic
  • http://www.shodanhq.com/?q=telemetry+gateway
  • http://www.shodanhq.com/?q=%22cisco-ios%22%20%22last-modified%22

Erk.. How to exploit?

  1. Default password (uhukk uhukk WinCC)
  2. http://reversemode.com/index.php?option=com_content&task=view&id=65&Itemid=1
  3. http://www.elladodelmal.com/2010/05/shodan-y-sistemas-scada.html
  4. [..]

What else to exploit ?

http://osvdb.org/search/search?search[vuln_title]=SCADA

INTRODUCTION TO SCADA HACKING

hi guys wassup today i will tell you about SCADA hacking some other reosurces

so first what is SCADA ? its abbreviated as Supervisory Control and Data Acquisition so basically there are lots of hardwares in it ans used in power grids, Dams and many other industires. they use primitive softwares that are easy to exploit. remember Stuxnet that exploited Iran`s windows computer to exploit iran`s nuclear facility which was of Siemens. same way there are lots of companies who make SCADA and for ease of use and to control them from remote places they have internet connection
so basically there are PLC (programmable logic contoller) which are exploited mostly. the I/O cycles are controlled by RISC (Reduced instruction set computing) processor

PLCs use RISC processors to run continuous, cyclical programs and they take time in their I/O cycle to talk to the SCADA unit and receive instructions from the SCADA to modify its instruction sets or operating parameters. SCADA typically operates by evaluating the input data and determine if it is within an allowable set of parameters

1st how to find vulnerable SCADA devices
you must know what an HTTP header does and also that we can know that what software or authentication a server is running. with the use of that we will find vulnerable SCADA devices. A website called Shodanhq does and makes our work easy
from that a specific code(something like dorks) we can get lots of SCADA

2nd exploits
SCADA exploits are hard to get  coz no one shares that sometimes you need to make your own but you can get some from exploit Db or there is are modules by metasploit to exploit some of them are here or here 

RESOURCES
1. shodanhq.com
2. scadahacker.com
3. SCADA dorks list 
4.SCADA security research and tools 

warning SCADA hacking is a very very  dangerous it can get people killed and lot of property damage… and end up in your life in jail for longer time and
this article is for education purposes only

http://technomaina.blogspot.com/2012/04/introduction-to-scada-hacking.html