Posted on Leave a comment

Hacking Advantech Web access 8.0 with Metasploit

Hello aspiring hackers. In this how to, we will see hacking Advantech Web access Dashboard 8.0 with Metasploit. Advantech Web Access is a 100% web based SCADA software. It is a cross-platform, cross-browser data access experience and a user interface based on HTML5 technology. With Web Access, users can build an information management platform and improve the effectiveness of vertical markets development and management.

       SCADA (Supervisory Control And Data Acquisition) is a system for remote monitoring and control that operates with coded signals over communication channels.  Vulnerabilities in  SCADA systems are considered very serious as they are used in monitoring various industrial and infrastructure processes like power generation, water treatment, oil and gas pipelines, electrical power transmission and distribution, wind farms and large communication systems.

The version 8.0 of this Advantech Web access suffers from arbitrary file upload vulnerability. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech Web Access and that too without the need of authentication. Start Metasploit and load the exploit as shown below.

Set the target IP address and check whether the target is vulnerable.

If the target is vulnerable a shown above, set the required payload. We are trying to get a shell in our target.

Execute the exploit by typing command “run”. The exploit will run and …………

a command shell will be opened on our target as shown below. See it was very easy to get into a SCADA system.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.