Good afternoon friends. Today we will see hacking Advantech Webaccess Dashboard 8.0 with Metasploit. Advantech WebAccess is a 100% web based SCADA software. It is a cross-platform, cross-browser data access experience and a user interface based on HTML5 technology. With WebAccess, users can build an information management platform and improve the effectiveness of vertical markets development and management.
SCADA (Supervisory Control And Data Acquisition) is a system for remote monitoring and control that operates with coded signals over communication channels. Vulnerabilities in SCADA systems are considered very serious as they are used in monitoring various industrial and infrastructure processes like power generation, water treatment, oil and gas pipelines, electrical power transmission and distribution, wind farms and large communication systems.
The version 8.0 of this Adavantech Webaccess suffers from arbitrary file upload vulnerability. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess and that too without the need of authentication. Start Metasploit and load the exploit as shown below.
Set the target IP address and check whether the target is vulnerable.
If the target is vulnerable a shown above, set the required payload. We are trying to get a shell in our target.
Execute the exploit by typing command “run”. The exploit will run and …………
a command shell will be opened on our target as shown below. See it was very easy to get into a SCADA system.