Vertical and horizontal network shooting range community Modbus Protocol

notes ： Just their own learning records , If there is anything wrong, please point out

Modbus agreement ：

Hackers enter the control network of a factory through an external network , Then it attacked the operator station system in the industrial control network , Finally, the normal business was destroyed through the industrial control agreement . We get the network traffic packets of the operator standing before and after the attack , We need to analyze the clues in the traffic , find FLAG,flag In the form of flag{}

Get the flow analysis file , Observe that he actually reads the coil and saves registers and input registers , Read discrete register , The problem is that he broke the normal business through the agreement , It is the function code that writes or modifies the register data , At present, there are three register function codes learned ,03,06,16.

03： Read 
06： Write single 
16： Write multiple 

Use wireshark Statement to query whether he has written something .

 sentence ：modbus.func_code==06

No, 06 Of packets

Reading function code 16

 sentence ：modbus.func_code==16

You can see that it writes to multiple registers , And it returns an exception , View the data written , obtain flag：TheModbusProtocolIsFunny!