前言
使用metasploit寻找SCADA服务
一、SCADA系统
SCADA系统是ICS系统,通常用在一些很关键的环境中,例如一些大型企业中,负责各种生产过程
二、使用步骤
需要在shodan网站注册一个账号,并且拿到APIKEY
msf6 exploit(windows/smb/ms08_067_netapi) > use auxiliary/gather/shodan_search
msf6 auxiliary(gather/shodan_search) > options
Module options (auxiliary/gather/shodan_search):
Name Current Setting Required Description
---- --------------- -------- -----------
DATABASE false no Add search results to the database
MAXPAGE 1 yes Max amount of pages to collect
OUTFILE no A filename to store the list of IPs
QUERY yes Keywords you want to search for
REGEX .* yes Regex search for a specific IP/City/Country/Hostname
SHODAN_APIKEY yes The SHODAN API key
msf6 auxiliary(gather/shodan_search) > set shodan_apikey PxNNh5geye5sghZgWFKiji05gxxxxxx
shodan_apikey => PxNNh5geye5sghZgWFKiji05gxxxxxx
msf6 auxiliary(gather/shodan_search) > set query rockwell
query => rockwell
msf6 auxiliary(gather/shodan_search) > run
[*] Total: 6967 on 70 pages. Showing: 1 page(s)
[*] Collecting data, please wait...
Search Results
==============
IP:Port City Country Hostname
------- ---- ------- --------
100.16.175.195:44818 Sykesville United States pool-100-16-175-195.bltmmd.fios.verizon.net
108.82.2.12:44818 Novi United States adsl-108-82-2-12.dsl.wotnoh.sbcglobal.net
120.157.18.188:44818 Melbourne Australia
122.176.102.146:44818 Delhi India abts-north-static-146.102.176.122.airtelbroadband.in
124.199.70.151:44818 Tainan Taiwan 124-199-70-151.HINET-IP.hinet.net
129.2.27.114:44818 College Park United States 129-2-27-114.wireless.umd.edu
129.2.27.131:44818 College Park United States 129-2-27-131.wireless.umd.edu
129.2.27.157:44818 College Park United States 129-2-27-157.wireless.umd.edu
129.2.27.175:44818 College Park United States 129-2-27-175.wireless.umd.edu
129.2.27.30:44818 College Park United States 129-2-27-30.wireless.umd.edu
....
[*] Auxiliary module execution completed
总结
本人介绍了如果使用metasploit寻找网上的SCADA服务,仅供学习