当前位置:网站首页>Vertical and horizontal network shooting range community Modbus Protocol

Vertical and horizontal network shooting range community Modbus Protocol

2022-06-21 20:50:00 Fangtingzi

notes : Just their own learning records , If there is anything wrong, please point out


Modbus agreement :

Hackers enter the control network of a factory through an external network , Then it attacked the operator station system in the industrial control network , Finally, the normal business was destroyed through the industrial control agreement . We get the network traffic packets of the operator standing before and after the attack , We need to analyze the clues in the traffic , find FLAG,flag In the form of flag{}

Get the flow analysis file , Observe that he actually reads the coil and saves registers and input registers , Read discrete register , The problem is that he broke the normal business through the agreement , It is the function code that writes or modifies the register data , At present, there are three register function codes learned ,03,06,16.

03: Read 
06: Write single 
16: Write multiple 

Use wireshark Statement to query whether he has written something .

 sentence :modbus.func_code==06

No, 06 Of packets
 Insert picture description here

Reading function code 16

 sentence :modbus.func_code==16

You can see that it writes to multiple registers , And it returns an exception , View the data written , obtain flag:TheModbusProtocolIsFunny!
 Insert picture description here

原网站

版权声明
本文为[Fangtingzi]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/172/202206211905055691.html