IEC104 Client for Metasploit #10386
IEC104 Client for Metasploit #10386
Conversation
|
Cool, thank you! All we need to do now is review and testing, and then we can get this merged. |
|
|
||
| # creates and STARTDT Activation frame -> answer should be a STARTDT confirmation | ||
| def startcon | ||
| apci_data = "\x68" |
There was a problem hiding this comment.
Prefer << over +=. One appends, the other makes a whole new string.
If you run 'rubocop' on this file, it should highlight most of them.
| response = send_frame(stopcon) | ||
| if response.nil? | ||
| print_error("Terminating Connection") | ||
| return |
There was a problem hiding this comment.
indentation (also, rubocop will highlight this)
|
I found a few code nits, but these can also automatically be highlighted by the rubocop tool. Would suggest running that and fixing the reasonable suggestions that it produces (I usually aim for getting it under 10 or so complaints) |
This commit incorporates suggested formatting changes based on feedback and rubocop tool run: Corrected indentation issues Using "<<" instead of "+=" for string append Modified if/else branches as per tool suggestion
|
Thanks for the suggestions! I have now made the requested amendments. |
Release NotesA IEC104 client protocol module is now available. It implements a control standard used for telecontrol (supervisory control and data acquisition) in electrical engineering and power system automation applications. |
|
Thanks @michaelj0hn |
|
Congratz! @michaelj0hn |
IEC104 Client for Metasploit
IEC 60870 part 5 is one of the IEC 60870 set of standards which define systems used for telecontrol (supervisory control and data acquisition) in electrical engineering and power system automation applications. Part 5 provides a communication profile for sending basic telecontrol messages between two systems, which uses permanent directly connected data circuits between the systems. The IEC Technical Committee 57 (Working Group 03) have developed a protocol standard for telecontrol, teleprotection, and associated telecommunications for electric power systems. The result of this work is IEC 60870-5. Five documents specify the base IEC 60870-5:
IEC 60870-5-104 (IEC 104) protocol is an extension of IEC 101 protocol with the changes in transport, network, link & physical layer services to suit the complete network access. The standard uses an open TCP/IP interface to network to have connectivity to the LAN (Local Area Network) and routers with different facility (ISDN, X.25, Frame relay etc.) can be used to connect to the WAN (Wide Area Network). Application layer of IEC 104 is preserved same as that of IEC 101 with some of the data types and facilities not used. There are two separate link layers defined in the standard, which is suitable for data transfer over Ethernet & serial line (PPP - Point-to-Point Protocol). The control field data of IEC104 contains various types of mechanisms for effective handling of network data synchronization.
Verification
List the steps needed to make sure this thing works
msfconsoleuse auxiliary/client/iec104/iec104RHOST <TARGET>, replacing<TARGET>with the IP address you wish to attack.show optionsrunInstall
Create a new folder for the IEC104 module, place script in new folder
Usage
Selection of module in msfconsole
Show module options
Usage Examples
Example of sending IEC104 general interrogation command
This is using thde default setting for command type, address and value, this is connecting to an local IEC104 server simulator for demo purposes
Example sending switching command
IOA address to be switched is "5", the command type is a double command "46", command is for switching off without time value "5"
Using local IEC 104 server simulator