Gaining access to SCADA systems seems like challenge. When you do research on targets, and learn about how they are setup by engineers, it can be more simple.
Hacking into database is a lot different then hacking into SCADA systems, because with this system, you can interact with real world, and you’re playing with real life machinery. But with database, is like numbers on a computer, and it can be saved with backups etc.
Today im going to look @ i.LON echelon scada systems.
Ok, I will begin on how I found them.
First you start with IP-range scans. But you need the ranges yes? So you make scanner to pick out specific ranges.
Here is an example of my ISP find:
So you start like this, for your target.
Then you find servers with the web header as: WindRiver-WebServer
Then you look at the www-auth: Basic realm-”i.LON”
This already tells you they run echelon Smart server 2.0 Which is vulnerable to 2 0days released. One released little while ago, and one is new.
To learn more about the i.LON systems, look here: http://www.lon-catalog.ru/
To see source code for WindRiver firewalls and more, here is a chinese website I stumbled on: WindRiver-Firewall-Source
After finding target, you use the arbituary code exploit, (if u cant find it, then you wont need it).
Then you should have the admin panel to change everything on the box:
This certain system, is mainly for heating purposes. Is like boiler, air conditioners etc.
I also had control over a couple of apartments heating:
So, there is no point to this blog today. But just to show it is very easy to affect real life, just with shit laptop + shit connection haha ))).