Pastebin launched a little side project called HostCabi.net, check it out ;-)Don't like ads? PRO users don't see any ads ;-)
Public Pastes
Guest

SCADA EXPLOITS - Hex00010 - Water - Power Plant

By: a guest on Jan 30th, 2012  |  syntax: None  |  size: 1.21 KB  |  hits: 4,253  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. Found  2 Exploits in 2 major SCADA production Software  
  2.      
  3.      
  4. #1. Software allows  File upload
  5.      
  6.      
  7. I was able to  upload a  .exe file  and with a RPC  injected   code  i was  able to inclde a  backdoor in there
  8.      
  9. I was able to open up metasploit ans start sniffing the network then running the auto attack - gaining further access - i was able to  install and hide my detection
  10.      
  11.      
  12. It also allows SQL Injection against the SCADA Database
  13.      
  14.      
  15. The second exploit
  16.      
  17.      
  18. Allows you to edit all System logs , Shut Down SCADA Server , Modify Data , Etc etc etc
  19.      
  20.      
  21. I will be writing a script for you that will help you out even more  
  22.      
  23.      
  24. I am able to  identify  thousands of these systems around the world right now - i have created a script that allows me to  detect systems  around the world
  25.      
  26.      
  27.      
  28.     If you are interested in these Exploits  please  message on the twitter status below
  29.      
  30.      
  31. Thanks
  32.      
  33. Hex00010
  34.  
  35.  
  36.  
  37.  
  38. NOTE:  This was done on a test  product machine as well
  39.  
  40.  
  41. Also  other SCADA systems around the world  including
  42.  
  43.  
  44. Water Power Plants as well are using it
  45.  
  46.  
  47. Proof Here: http://i41.tinypic.com/5pihc7.png
create a new version of this paste RAW Paste Data