SamoletMaj

  • Well, i went the UDP route and wow… let just say i have my work cutout trying to secure the control system against fairly simple attacks.

    And i’m also proud to say i wrote my first metasploit module in ruby 😀

    The only built in security options on the controller are basically write protect the entire thing, which turns into an admin nightmare…[Read more]

  • I completely agree, part of my testing is with the SCADA which includes the PC’s and yes, it was ridiculously easy so i am drafting some action plans to patch those up.

    And you are correct on the clear text also, i found some via UDP.

    All that being said i want to push the envelope a bit more and i want to learn or at least educate myself on…[Read more]

  • Oh lord, serendipity……
    I went back to look at some exploits i had downloaded in the past
    And decided to look trough some of the code and i found a notefrom the developer
    To compile with -static, did that and presto, root shell…

    Typical case of RTFM…

    Mission acomplished.

    Thank you all for the comments i am really looking forward…[Read more]

  • Yes it is very funny…

    i have tried pretty much every kernel exploit out there written for my specific kernel and it has worked for a ton of guys, just not me! I’ve been at it for about 6 days off the uname and nada…

    i’m moving on to another angle, and i am waiting for a response from IACRB… i will post up.

  • Cool i will re-focus on doing the escalation.

    I did run exploits for the specific os on the running kernel but i did not modify any of them.
    I also ran exploits to specific versions of services.

    Thanks for the Tip aweSEC, i tried to do a good Job enumerating but again i am afraid to be in a situation of : “i don’t know what i don’t…[Read more]

  • Good info, i will shoot them an email to ask…

    does anyone have any pointers as to what angle to pursue for the local exploit?

    I have downloaded, complied and ran about 30 to 50 different exploits with no success, i also spent a considerable amount of time exploring remote options with metasploit also with no success…

    i’ve tried to attack…[Read more]

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?