type: guide
title: "09-pentesting_real_modicon_hardware"
source: "Inbox import"
tags:
  - topic/techint
  - topic/osint
  - method/review
processed: true
status: seedling

09-pentesting_real_modicon_hardware

Nota importada desde Inbox durante consolidacion bulk.

Pentesting Real Modicon Hardware

MOSTLY - the process, methods, and command are similar if not identical to previous section covered. So from here on we will only introduce new material and just mention previously covered materials [p] in Petest Platform.

Host and Port fingerprinting [p]

Discover hosts with netdiscover

sudo nmap 10.1.0.11 -Pn -p 1-65535 -oN tcp.txt -> discover host ports with NMAP and output to a file

NMAP scripts [p]

find /usr/share/nmap/ -name modbus*.nse to search for nmap modbus scripts

find /usr/share/nmap/ -name modicon*.nse to search for nmap modicon scripts

sudo nmap 10.1.0.11 -Pn -p 502 --script modicon-info.nse -oN modicon-info.txt

Metasploit [p]

use banner grabbing module
use find unit id
use modbus detect
use modicon command module -

PLCSCAN [p]

sudo python2 plcscan.py 10.1.0.11

Modbus Command Line

modbus read 10.1.0.11 %MW0 10

modbus write 10.1.0.11 %MW0 00000000000 -> 11 memory block written

returns the memory blocks read

FINISH

Back to Table of Contents

Themes

tema-curso-ics-pentesting