PDA

View Full Version : Introduction to SCADA and pentesting it



rjcrystal
04-12-2012, 01:12 AM
hi guys this is my first post so please ignore any mistakes
so first what is SCADA ? its abbreviated as Supervisory Control and Data Acquisition so basically there are lots of hardwares in it and is used in power grids, Dams and many other industries. they use primitive softwares that are easy to exploit. remember Stuxnet that exploited Iran`s windows computer to exploit iran`s nuclear facility which was of Siemens. same way there are lots of companies who make SCADA and for ease of use and to control them from remote places they have internet connection

so basically there are PLC (programmable logic contoller) which are exploited mostly. the I/O cycles are controlled by RISC (Reduced instruction set computing) processor

PLCs use RISC processors to run continuous, cyclical programs and they take time in their I/O cycle to talk to the SCADA unit and receive instructions from the SCADA to modify its instruction sets or operating parameters. SCADA typically operates by evaluating the input data and determine if it is within an allowable set of parameters.

1st Shodan ****** Vulnerable SCADA devices
hackers know what an HTTP header does... and also that a hacker can identify that what software or authentication a server is running. with the use of that hackers find vulnerable SCADA devices. A website called Shodanhq (http://www.shodanhq.com/) does it and makes their work easy
from that a specific code(something like dorks) hackers can get lots of vulnerable SCADA devices

2nd exploits
SCADA exploits are hard to get :( coz no one shares that sometimes you need to make your own but you can get some from exploit Db or there is are modules by metasploit to exploit some of them are here (http://www.metasploit.com/modules/exploit/windows/scada/realwin_on_fc_binfile_a) or here (http://www.scadahacker.com/resources/msf-scada.html)

RESOURCES
1. shodanhq.com
2. scadahacker.com
3. SCADA dorks list (http://blog.xanda.org/2010/11/10/find-vulnerable-scada-systems-with-shodan/)
4.SCADA security research and tools (http://www.digitalbond.com/)

warning SCADA hacking is a very dangerous it can get people killed and lot of property damage...
this article is for education purposes only

Alkapone
01-29-2013, 04:46 AM
Thankyou for this tutorial its nice to finally see something new on the hacker scene other then your regular bullshit tutorials

THis is something new - I as well Audit SCADA systems and have found exploits for the ILON systems

as well as the ClearSCADA software to

and have found many SCADA systems that did not require authentication to certain areas such as the Databases just like ClearSCADA History System

Thanks