[oss] [CTF Games] Echivalare
Alexandru Razvan Caciulescu
alexandru.razvan.c at gmail.com
Thu Nov 17 23:35:05 EET 2016
Hi,
I participated with 2 other colleagues in the following CTF: EESTEC
Olympics v7 Security Challenge by Enevo
Result: First Prize
Description: The same scenario presented 1 day before at DefCamp was
reused for this challenge by Enevo (since they designed it), but with
a small adjustment. Since this challenge had only ~8h (instead of 24h
like DefCamp) we were presented with a connection to the network.
The scenario simulated an industrial setup: a train , power plant,
sensors and pressure pump, all connected through a network and
controlled by several PLCs. The setup was recreated in real life at
miniature scale and we had physical access to it for inspection.
Our tasks included reconnaissance, gaining access and compromising the
functionality in any way.
Conclusion:
1. We mapped out the entire network, pairing each IP address with a
physical device. This is why we had access to the replica and actual
PLCs, we had to identify the brand and model in order to find known
vulnerabilities.
2. Found a poorly configured FTP server and managed to log in as
anonymous, gaining access to the data.
3. Discovered industrial protocols on the devices such as modbus and
IEC 60870. Managed to crash the entire communication between the
devices by crashing the main PLC which was listening on port 2404 for
instructions defined by IEC 60870 standard.
4. Figured out we can read/write data using the modbus protocol (port
502) on 2 other PLCs.
Cheers,
Alexandru Caciulescu, SRIC
More information about the oss
mailing list