Water Power Plant SCADA System Exploit - Hex00010 - Finder

1. Re - Linking all of my old ' guest ' pastebins to one main account so i dont have to search for all of them through google
2.  
3.  
4. Main PasteBin Link -> http://pastebin.com/UPCjHYij
5. -------------------------------------------------------------------------------------------------------
6.  
7. /**
8. * ClearScada Exploit - Finder - 2012 - DO NOT SHARE
9. * International SCADA Exploit Finder
10. * Status: Public
11. *
12. * Programmed by: Hex00010
13. *
14. */
15.  
16. Hello everyone
17.  
18. Today i present you with the SCADA Exploit that can find Servers using the ClearSCADA product.
19.  
20. this is a demonstration proof of concept exploit - this exploit is more informational - Unauthentication
21. it uses a client/server.
22.  
23. this exploit is in response to the SCADA EXPLOITS - Hex00010 - Water - Power Plant located here
24.  
25. http://pastebin.com/SjHSWfkV
26.  
27.  
28.  
29. Server -> reads 5,000 ip's at a time - once those 5k are up it loads a new set of 5k ( also can run multiple ip's if configured through the server correctly for Parallel Data Processing
30.  
31. opcode 0 - request a server
32. opcode 1 - the servers result (0 for invalid, 1 for valid)
33.  
34. Opens Port on : 8081
35.  
36. Each server has its own pre-defined ip list
37.  
38.  
39.  
40. Server Machine 1: host 100mb of ip's
41. Server Machine 2: host 600mb of ip's
42.  
43.  
44.  
45. Client Machine 1 -> connects to host 1 - Scans 5k - ends - restarts - if found valid -> print - else - continue - end
46.  
47. Client Machine 2 -> connects to host 1 - Scans 5k - ends - restarts - if found valid -> print - else - continue - end
48.  
49. Each machine scans its own subnet
50.  
51.  
52. Supports Server Clustering to maximize scanning times
53.  
54.  
55. Supports SSL Scanning
56.  
57. -----------------------------------------------------------------------------------------------------------
58.  
59.  
60.  
61.  
62. Client ->
63.  
64. Reads IP Addresses from the server and displays if there valid or not in a file
65. Reads Server Header Information
66.  
67.  
68.  
69.  
70.  
71.  
72.  
73. Features:
74.  
75. Server - Pools the clients, Accepts unlimited connections, Queues the server ip list.
76. Client - Asynchronous processing - Request an ip whilst the other threads are processing. Checks the header for clearscada.
77. == SETUP ==
78. In main directory, for the CLIENT
79. Edit src/ServerConnection.java
80. Change 127.0.0.1 to the SERVERS ip. Save.
81. Go back to the parent of src
82. Make folder bin
83.  
84. javac -d bin src/*.java
85.  
86. == Copy contents of 'bin' to the shells / servers you want to set up the thread on ==
87. java -Xmx512m ScadaMain [THREADS]
88.  
89. == For the SERVER ==
90. In the 'Server' directory make bin folder
91. javac -d bin src/*.java
92.  
93. == Copy contents of bin to the main server ==
94. [sudo ]java -Xmx2048m Server
95.  
96.  
97.  
98. --------------------------------------------------------------------------------------------------------------
99.  
100.  
101. Run IPGen to generate all of the ip addresses - writes to ip's.txt
102.  
103.  
104.  
105. Download Link: http://www.mediafire.com/?xtxaw9qoq779mkx