In this demo video, we'll explore a practical scenario where an unauthenticated VNC connection is exploited to gain access to a remote SCADA HMI .Use responsibly.
ICS NMAP #8 : DNP3 Enumeration
DNP3 (Distributed Network Protocol version 3) is a widely used communications protocol in the field of industrial automation, particularly in the utility sector for supervisory control and data acquisition (SCADA) systems. However, it's important to note that DNP3 itself is not specific to PLCs but rather serves as a protocol for communication between various devices, including PLCs, RTUs (Remote Terminal Units), and SCADA systems.
DNP3 provides robust and reliable communication over both serial and IP networks, with features like time synchronization, event reporting, and error detection. It's highly resilient to noisy and unreliable communication channels, making it suitable for use in challenging industrial environments. Additionally, DNP3 supports advanced security features such as authentication, encryption, and data integrity checks, ensuring the confidentiality and integrity of critical infrastructure systems.
NMAP script : nmap --script dnp3-info -p 20000 10.10.10.10
#IoT #nmap #dnp3 #OT #pentesting
...
https://www.youtube.com/watch?v=OStNMAUDP1c
CVE-2023-34039 ,Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
Fofa query: "VMWare Aria"
Target Enum: nuclei -t CVE-2023-34039.yaml -u 10.10.10.10
Exploit: python3 exploit.py -t http://10.10.10.10.
https://github.com/sinsinology/CVE-2023-34039
#cve-2023-34039 #auth_bypass #vmware
...
https://www.youtube.com/watch?v=v5E_T5EkG3I
ICS NMAP #1 : OMRON FINS Enumeration
The Omron protocol is a communication standard used to exchange data between Omron programmable logic controllers (PLCs) and other devices. PLCs are industrial computers used to automate processes in manufacturing, controlling machinery and equipment. Omron PLCs utilize various programming languages and communication protocols to interact with sensors, actuators, and other devices in industrial settings. The Omron protocol facilitates reliable and efficient data exchange, enabling seamless integration and control of automation systems.
NMAP script : nmap --script omron-info -sU -p 9600 10.10.10.10
#IoT #nmap #omron #pentesting
...
https://www.youtube.com/watch?v=E9EZCwh3xpU
Shortscan is designed to quickly determine which files with short filenames exist on an IIS webserver. Once a short filename has been identified the tool will try to automatically identify the full filename. All credit goes to the original creator , github repo available in the video. Use responsibly.
Fofa query:server="Microsoft-IIS"
Exploit: shortscan target-ip -F
#IIS #shortscan #enumeration
...
https://www.youtube.com/watch?v=Bd_POCmv3Fs
A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown code block of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation with an unknown input leads to a access control vulnerability. The CWE definition for the vulnerability is CWE-284. The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Fofa Query : body="app.2fe6356cdd1ddd0eb8d6317d1a48d379.css"
Target Enum: nuclei -t CVE-2023-4169.yaml -u 10.10.10.10
Exploit : https://github.com/thedarknessdied/CVE-2023-4169_CVE-2023-3306_CVE-2023-4415
#IoT_hacking #ruijie #auth_bypass
...
https://www.youtube.com/watch?v=BD2FHb1CjEM
In this second video we install a number of commonly used tools for enumeration and password cracking.
#kalilinuxtools #pentesting
davidtancredi.gitbook.io/pentesting-notes/
github.com/r3dcl1ff
linkedin.com/in/davidtancredi1337
...
https://www.youtube.com/watch?v=rL0prT9EicE
ICS NMAP #2 : BACNet Enumeration
BACnet (Building Automation and Control Networks) protocol is a standard communication protocol used in building automation and control systems (BACS). It enables interoperability between various devices such as HVAC systems, lighting controls, and security systems, allowing them to exchange data seamlessly. BACnet facilitates monitoring, control, and management of building systems, promoting energy efficiency and operational optimization. It employs a client-server architecture, with devices communicating through a network, typically over Ethernet or RS-485. BACnet supports various data types and services, ensuring compatibility and flexibility in diverse building automation applications.
NMAP script : nmap --script bacnet-info -sU -p 47808 10.10.10.10
#IoT #nmap #bacnet #pentesting
...
https://www.youtube.com/watch?v=v4AaAWsorTM
Odoo is an open-source, all-in-one business management software suite. It offers a wide range of integrated applications for various business needs, including CRM, sales, inventory, accounting, and more. Thousands of odoo installations are misconfigured to allow unauthenticated access to the underlying database.
shodan-query: title:"Odoo"
Target enum: nuclei -t odoo-unprotected-database.yaml -u 10.10.10.10
#odoo #cve #bug_bounty #bugbountytips
...
https://www.youtube.com/watch?v=L0LC4qlmtjA