sixnet-tools
#Security Testing#Offensive Security
A modern post-exploitation command and control framework with a client-server architecture and extensibility features.
Tool for Exploiting Sixnet RTUs: An Overview
Supervisory Control and Data Acquisition (SCADA) networks and devices serve as the computational brains that manage and control the nation’s critical infrastructure.
They monitor and control industrial machinery and systems
They monitor and control industrial machinery in various settings, including power plants, oil and gas pipelines, assembly lines, and other similar environments.
There exist programmable logic controllers and remote terminal units on SCADA networks
Programmable logic controllers and remote terminal units are present on these SCADA networks, yet they are severely deficient in some of the most fundamental security processes and controls.
This paper and the associated project
This paper and the associated project aim to highlight a specific weakness found at the application level of Sixnet SCADA devices.
The tool described in this project
The tool described in this project is developed in Python and enables an attacker to easily obtain root level access to these Sixnet devices with minimal effort.
Understanding the Project: Key Components of a Basic SCADA Network
A basic SCADA network consists of three key aspects that are essential for its functionality.
The network is the medium for communication
The network itself serves as the medium through which the endpoints communicate with one another.
These Networks Are Quite Similar
These networks are quite similar to corporate local area networks (LANs) or wide area networks (WANs) and may include various routing and switching components. Ideally, a SCADA network is a fully isolated subnet within a larger corporate network, ensuring it remains unreachable from the internet. Another aspect...
