Change first 6 digits of Mac address of Ubuntu PLC VM to:
001C06 xxxxxx

Search at Shodan Dashboard for port: 102 Siemens SIMATIC 6ES7

Use ICS OSINT Dorks with inurl intitle to search for Siemens S7 PLC

Most used dork is
Portal/Portal.mwsi and use inurl:/Portal/Portal.mwsi

search for default credentials for Siemens devices in ICS OSINT spreadsheet

On Ubuntu VM start conpot with:
conpot -f --template default

Switch to Kali linux and check network with ifconfig should give the host IP address.
Then run netdiscover -r 10.1.0.0/24

This gives the conpot address to be `0.1.0.11

sudo nmap 10.1.0.11 -Pn -p 1-65535 to scan all hosts.

sudo nmap 10.1.0.11 -Pn -sU -p 16100 to scan udp port 16100 on the host.

snmp-check -p 16100 10.1.0.11

Next Section -> PLC Practical 2

Back to Table of Contents