type: guide
title: "03-pentest_platform_overview"
source: "Inbox import"
tags:
  - topic/techint
  - topic/osint
  - method/review
processed: true
status: seedling

03-pentest_platform_overview

Nota importada desde Inbox durante consolidacion bulk.

Pentest Platform overview

change MAC address of Unbuntu VM with first 6 characters being 00000B
on Ubuntu PLC VM start the honeypot with:
sudo python3 -m honeypots --setup telnet,http,smb,vnc,snmp
on Kali PLC start terminal

netdiscover

scan network with:
sudo netdiscover -r 10.1.0.0/24

NMAP fingerprinting

after finding the hosts, we can discover ports:

sudo nmap -Pn 10.1.0.100 -sU -F -> faster scan of UDP ports
sudo nmap -Pn 10.1.0.100 -p 161 -> specific port
sudo nmap -Pn 10.1.0.100 -p 1-65535 -> all ports

Enumerate with snmp-check

snmp-check 10.1.0.100

Metasploit: the Pentesters Toolkit

THE toolkit for Pentesting.

Start Metasploit with:
sudo msfconsole

Then in metasploit use:
set and setg

Module commands:

search
use
info
options

example:

search modbus and returns all the module that can be used
use 6 -> number to use the modbusclient
info -> to get info on the in use module
set RHOSTS 10.1.0.11 -> set remote host of modbus host

Open Source Tools

plcscan

navigate with cd to plcscan folder
my plcscan folder is in ~\gits\plcscan
sudo python2 plcscan.py 10.1.0.11

ICS Security Scripts

navigate with cd to ICSSecurityScripts folder
my plcscan folder is in ~\gits\ICSSecurityScripts
sudo python3 SiemensScan.py

modbus

modbus [OPTIONS] SUBCOMMANDS [ARG] -> subcommands include read,write,dump

Next Section -> PLC Practical 1

Back to Table of Contents

Themes

tema-curso-ics-pentesting