infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use metadata format for actions

bug/bundler_fix
jvazquez-r7 2014-05-01 09:52:55 -05:00
parent e386855e0e
commit bd124c85cb
1 changed files with 17 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
modules/auxiliary/scanner/scada/modbusclient.rb
View File

@ -14,8 +14,8 @@ class Metasploit3 < Msf::Auxiliary
'Name' => 'Modbus Client Utility',
'Description' => %q{
This module allows reading and writing data to a PLC using the Modbus protocol.
This module is based on the 'modiconstop.rb' Basecamp module from
DigitalBond, as well as the mbtget perl script.
This module is based on the 'modiconstop.rb' Basecamp module from DigitalBond,
as well as the mbtget perl script.
},
'Author' =>
[
@ -23,12 +23,15 @@ class Metasploit3 < Msf::Auxiliary
'Arnaud SOULLIE <arnaud.soullie[at]solucom.fr>' # new code that allows read/write
],
'License' => MSF_LICENSE,
'Actions' => [AuxiliaryAction.new('READ_COIL', {'Description' => "Read one bit from a coil"}),
AuxiliaryAction.new('WRITE_COIL', {'Description' => "Write one bit to a coil"}),
AuxiliaryAction.new('READ_REGISTER', {'Description' => "Read one word from a register"}),
AuxiliaryAction.new('WRITE_REGISTER', {'Description' => "Write one word to a register"})
]
'Actions' =>
[
['READ_COIL', { 'Description' => 'Read one bit from a coil' } ],
['WRITE_COIL', { 'Description' => 'Write one bit to a coil' } ],
['READ_REGISTER', { 'Description' => 'Read one word from a register' } ],
['WRITE_REGISTER', { 'Description' => 'Write one word to a register' } ],
]
))
register_options(
[
Opt::RPORT(502),
@ -48,8 +51,7 @@ class Metasploit3 < Msf::Auxiliary
end
def make_read_payload
payload = ""
payload += [datastore['UNIT_NUMBER']].pack("c")
payload = [datastore['UNIT_NUMBER']].pack("c")
payload += [@function_code].pack("c")
payload += [datastore['DATA_ADDRESS']].pack("n")
payload += [1].pack("n")
@ -60,12 +62,11 @@ class Metasploit3 < Msf::Auxiliary
packet_data += [payload.size].pack("c") # size byte
packet_data += payload
return packet_data
packet_data
end
def make_write_coil_payload(data)
payload = ""
payload += [datastore['UNIT_NUMBER']].pack("c")
payload = [datastore['UNIT_NUMBER']].pack("c")
payload += [@function_code].pack("c")
payload += [datastore['DATA_ADDRESS']].pack("n")
payload += [data].pack("c")
@ -77,7 +78,7 @@ class Metasploit3 < Msf::Auxiliary
packet_data += [payload.size].pack("c") # size byte
packet_data += payload
return packet_data
packet_data
end
def make_write_register_payload(data)
@ -93,7 +94,7 @@ class Metasploit3 < Msf::Auxiliary
packet_data += [payload.size].pack("c") # size byte
packet_data += payload
return packet_data
packet_data
end
def run
@ -104,13 +105,11 @@ class Metasploit3 < Msf::Auxiliary
@function_code = 1
response = send_frame(make_read_payload)
print_good("Coil value at address #{datastore['DATA_ADDRESS']} : " + response.reverse.unpack("c").to_s.gsub('[', '').gsub(']', ''))
when "READ_REGISTER"
@function_code = 3
response = send_frame(make_read_payload)
value = response.split[0][9..10].to_s.unpack("n").to_s.gsub('[', '').gsub(']','')
print_good("Register value at address #{datastore['DATA_ADDRESS']} : " + value)
when "WRITE_COIL"
@function_code = 5
if datastore['DATA'] == 0
@ -123,7 +122,6 @@ class Metasploit3 < Msf::Auxiliary
end
response = send_frame(make_write_coil_payload(data))
print_good("Value #{datastore['DATA']} successfully written at coil address #{datastore['DATA_ADDRESS']}")
when "WRITE_REGISTER"
@function_code = 6
if datastore['DATA'] < 0 || datastore['DATA'] > 65535
@ -132,10 +130,10 @@ class Metasploit3 < Msf::Auxiliary
end
response = send_frame(make_write_register_payload(datastore['DATA']))
print_good("Value #{datastore['DATA']} successfully written at registry address #{datastore['DATA_ADDRESS']}")
else
print_error("Invalid ACTION")
return
end
disconnect
end
end