Added Modbus error handling.

It now checks for error and displays the appropriate error message. The only error simulated was "ILLEGAL ADDRESS", don't know how to test for others.
2014-05-05 23:21:54 +02:00 · 2014-05-05 23:21:54 +02:00 · 1f3466a3a3
parent d3045814a2
commit 1f3466a3a3
1 changed files with 34 additions and 4 deletions
--- a/modules/auxiliary/scanner/scada/modbusclient.rb
+++ b/modules/auxiliary/scanner/scada/modbusclient.rb
@ -93,6 +93,24 @@ class Metasploit3 < Msf::Auxiliary
    packet_data
  end

+  def handle_error(response)
+    case response.reverse.unpack("c")[0].to_i
+    when 1
+      print_error("Error : ILLEGAL FUNCTION")
+    when 2
+      print_error("Error : ILLEGAL DATA ADDRESS")
+    when 3
+      print_error("Error : ILLEGAL DATA VALUE")
+    when 4
+      print_error("Error : SLAVE DEVICE FAILURE")
+    when 6
+      print_error("Error : SLAVE DEVICE BUSY")
+    else
+      print_error("Unknown error")
+    end
+    return
+  end
+
  def read_coil
    @function_code = 1
    print_status("Sending READ COIL...")
@ -100,9 +118,12 @@ class Metasploit3 < Msf::Auxiliary
    if response.nil?
      print_error("No answer for the READ COIL")
      return
-    end
+    elsif response.unpack("C*")[-2] == 129
+      handle_error(response)
+    else
      print_good("Coil value at address #{datastore['DATA_ADDRESS']} : " + response.reverse.unpack("c").to_s.gsub('[', '').gsub(']', ''))
    end
+  end

  def read_register
    @function_code = 3
@ -111,10 +132,13 @@ class Metasploit3 < Msf::Auxiliary
    if response.nil?
      print_error("No answer for the READ REGISTER")
      return
-    end
+    elsif response.unpack("C*")[-2] == 131
+      handle_error(response)
+    else
    value = response.split[0][9..10].to_s.unpack("n").to_s.gsub('[', '').gsub(']','')
    print_good("Register value at address #{datastore['DATA_ADDRESS']} : " + value)
    end
+  end

  def write_coil
    @function_code = 5
@ -131,9 +155,12 @@ class Metasploit3 < Msf::Auxiliary
    if response.nil?
      print_error("No answer for the WRITE COIL")
      return
-    end
+    elsif response.unpack("C*")[-2] == 133
+      handle_error(response)
+    else
      print_good("Value #{datastore['DATA']} successfully written at coil address #{datastore['DATA_ADDRESS']}")
    end
+  end

  def write_register
    @function_code = 6
@ -146,9 +173,12 @@ class Metasploit3 < Msf::Auxiliary
    if response.nil?
      print_error("No answer for the WRITE REGISTER")
      return
-    end
+     elsif response.unpack("C*")[-2] == 134
+      handle_error(response)
+    else
      print_good("Value #{datastore['DATA']} successfully written at registry address #{datastore['DATA_ADDRESS']}")
    end
+  end

  def run
    @modbus_counter = 0x0000 # used for modbus frames