infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added Modbus error handling. 

It now checks for error and displays the appropriate error message.
The only error simulated was "ILLEGAL ADDRESS", don't know how
to test for others.
bug/bundler_fix
Arnaud SOULLIE 2014-05-05 23:21:54 +02:00
parent d3045814a2
commit 1f3466a3a3
1 changed files with 34 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
modules/auxiliary/scanner/scada/modbusclient.rb
View File

@ -93,6 +93,24 @@ class Metasploit3 < Msf::Auxiliary
packet_data packet_data
end end
def handle_error(response)
case response.reverse.unpack("c")[0].to_i
when 1
print_error("Error : ILLEGAL FUNCTION")
when 2
print_error("Error : ILLEGAL DATA ADDRESS")
when 3
print_error("Error : ILLEGAL DATA VALUE")
when 4
print_error("Error : SLAVE DEVICE FAILURE")
when 6
print_error("Error : SLAVE DEVICE BUSY")
else
print_error("Unknown error")
end
return
end
def read_coil def read_coil
@function_code = 1 @function_code = 1
print_status("Sending READ COIL...") print_status("Sending READ COIL...")
@ -100,9 +118,12 @@ class Metasploit3 < Msf::Auxiliary
if response.nil? if response.nil?
print_error("No answer for the READ COIL") print_error("No answer for the READ COIL")
return return
end elsif response.unpack("C*")[-2] == 129
handle_error(response)
else
print_good("Coil value at address #{datastore['DATA_ADDRESS']} : " + response.reverse.unpack("c").to_s.gsub('[', '').gsub(']', '')) print_good("Coil value at address #{datastore['DATA_ADDRESS']} : " + response.reverse.unpack("c").to_s.gsub('[', '').gsub(']', ''))
end end
end
def read_register def read_register
@function_code = 3 @function_code = 3
@ -111,10 +132,13 @@ class Metasploit3 < Msf::Auxiliary
if response.nil? if response.nil?
print_error("No answer for the READ REGISTER") print_error("No answer for the READ REGISTER")
return return
end elsif response.unpack("C*")[-2] == 131
handle_error(response)
else
value = response.split[0][9..10].to_s.unpack("n").to_s.gsub('[', '').gsub(']','') value = response.split[0][9..10].to_s.unpack("n").to_s.gsub('[', '').gsub(']','')
print_good("Register value at address #{datastore['DATA_ADDRESS']} : " + value) print_good("Register value at address #{datastore['DATA_ADDRESS']} : " + value)
end end
end
def write_coil def write_coil
@function_code = 5 @function_code = 5
@ -131,9 +155,12 @@ class Metasploit3 < Msf::Auxiliary
if response.nil? if response.nil?
print_error("No answer for the WRITE COIL") print_error("No answer for the WRITE COIL")
return return
end elsif response.unpack("C*")[-2] == 133
handle_error(response)
else
print_good("Value #{datastore['DATA']} successfully written at coil address #{datastore['DATA_ADDRESS']}") print_good("Value #{datastore['DATA']} successfully written at coil address #{datastore['DATA_ADDRESS']}")
end end
end
def write_register def write_register
@function_code = 6 @function_code = 6
@ -146,9 +173,12 @@ class Metasploit3 < Msf::Auxiliary
if response.nil? if response.nil?
print_error("No answer for the WRITE REGISTER") print_error("No answer for the WRITE REGISTER")
return return
end elsif response.unpack("C*")[-2] == 134
handle_error(response)
else
print_good("Value #{datastore['DATA']} successfully written at registry address #{datastore['DATA_ADDRESS']}") print_good("Value #{datastore['DATA']} successfully written at registry address #{datastore['DATA_ADDRESS']}")
end end
end
def run def run
@modbus_counter = 0x0000 # used for modbus frames @modbus_counter = 0x0000 # used for modbus frames