Water Power Plant SCADA System Exploit - Hex00010 - Finder

1. /**
2. * ClearScada Exploit - Finder - 2012 - DO NOT SHARE
3. * International SCADA Exploit Finder
4. * Status: Public
5. *
6. * Programmed by: Hex00010
7. *
8. */
9.  
10. Hello everyone
11.  
12. Today i present you with the SCADA Exploit that can find Servers using the ClearSCADA product.
13.  
14. this is a demonstration proof of concept exploit - this exploit is more informational - Unauthentication
15. it uses a client/server.
16.  
17. this exploit is in response to the SCADA EXPLOITS - Hex00010 - Water - Power Plant located here
18.  
19. http://pastebin.com/SjHSWfkV
20.  
21.  
22.  
23. Server -> reads 5,000 ip's at a time - once those 5k are up it loads a new set of 5k ( also can run multiple ip's if configured through the server correctly for Parallel Data Processing
24.  
25. opcode 0 - request a server
26. opcode 1 - the servers result (0 for invalid, 1 for valid)
27.  
28. Opens Port on : 8081
29.  
30. Each server has its own pre-defined ip list
31.  
32.  
33.  
34. Server Machine 1: host 100mb of ip's
35. Server Machine 2: host 600mb of ip's
36.  
37.  
38.  
39. Client Machine 1 -> connects to host 1 - Scans 5k - ends - restarts - if found valid -> print - else - continue - end
40.  
41. Client Machine 2 -> connects to host 1 - Scans 5k - ends - restarts - if found valid -> print - else - continue - end
42.  
43. Each machine scans its own subnet
44.  
45.  
46. Supports Server Clustering to maximize scanning times
47.  
48.  
49. Supports SSL Scanning
50.  
51. -----------------------------------------------------------------------------------------------------------
52.  
53.  
54.  
55.  
56. Client ->
57.  
58. Reads IP Addresses from the server and displays if there valid or not in a file
59. Reads Server Header Information
60.  
61.  
62.  
63.  
64.  
65.  
66.  
67. Features:
68.  
69. Server - Pools the clients, Accepts unlimited connections, Queues the server ip list.
70. Client - Asynchronous processing - Request an ip whilst the other threads are processing. Checks the header for clearscada.
71. == SETUP ==
72. In main directory, for the CLIENT
73. Edit src/ServerConnection.java
74. Change 127.0.0.1 to the SERVERS ip. Save.
75. Go back to the parent of src
76. Make folder bin
77.  
78. javac -d bin src/*.java
79.  
80. == Copy contents of 'bin' to the shells / servers you want to set up the thread on ==
81. java -Xmx512m ScadaMain [THREADS]
82.  
83. == For the SERVER ==
84. In the 'Server' directory make bin folder
85. javac -d bin src/*.java
86.  
87. == Copy contents of bin to the main server ==
88. [sudo ]java -Xmx2048m Server
89.  
90.  
91.  
92. --------------------------------------------------------------------------------------------------------------
93.  
94.  
95. Run IPGen to generate all of the ip addresses - writes to ip's.txt
96.  
97.  
98.  
99. Download Link: http://www.mediafire.com/?xtxaw9qoq779mkx