Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Hacking SCADA Systems
- With the discovery of stuxnet and all the subsequent interest in industrial control systems it's worthwhile to learn a bit on how to exploit these for our own purposes. For now it's a copypaste of various information on ICS products. Eventually I will rewrite it as a fluent tutorial, but until then you can use this article as a starting point in your own research.
- Contents
- [hide]
- 1 Terminology
- 2 Default Passwords
- 3 Google Dorks
- 4 Vulnerabilities and Other Resources
- Terminology
- PLC: Programmable Logic Controller
- RTU: Remote Terminal Unit
- HMI: Human-Machine Interface
- Default Passwords
- These should always be your first try if you come across an HMI listed. Due to the fact that the amount of attention these systems have received has only been true recently many of these HMIs still have their defaults. These can be accessed using a web panel, telnet, or VNC. Links to support documents have been provided to familiarize yourself with these systems.
- Schneider Electrics
- pcfactory:pcfactory
- loader:fwdownload
- ntpupdate:ntpupdate
- sysdiag:factorycast@schneider
- test:testingpw
- USER:USER
- USER:USERUSER
- webserver:webpages
- fdrusers:sresurdf
- nic2212:poiuypoiuy
- nimrohs2212:qwertyqwerty
- nip2212:fcsdfcsd
- ftpuser:ftpuser
- noe77111_v500:RcSyyebczS
- AUTCSE:RybQRceeSd
- AUT_CSE:cQdd9debez
- target:RcQbRbzRyc
- [1]
- Siemens Simatic
- Administrator:100
- [2]
- Siemens WinCC
- WinCCConnect:2WSXcder
- WinCCAdmin:2WSXcder
- [3]
- WAGO
- admin:wago
- [4]
- Google Dorks
- These will be added to as I go along, but are just a couple you can try out to search for HMIs.
- inurl:/plc/webvisu.htm
- "Miniweb on" "Control Functions" -filetype:pdf
- Vulnerabilities and Other Resources
- Vulnerabilities in some SCADA server softwares
- Metasploit Modules for SCADA-related Vulnerabilities
- SIMATIC HMI panels - some default Simatic HMIs you can play around with
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement