hacktricks/network-services-pentesting/47808-udp-bacnet.md

{% hint style="success" %}
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Support HackTricks</summary>

* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}


# Informations sur le protocole

**BACnet** est un **protocole de communication** pour les réseaux d'automatisation et de contrôle des bâtiments (BAC) qui s'appuie sur le **protocole standard ASHRAE**, **ANSI** et **ISO 16484-5**. Il facilite la communication entre les systèmes d'automatisation et de contrôle des bâtiments, permettant aux applications telles que le contrôle HVAC, le contrôle de l'éclairage, le contrôle d'accès et les systèmes de détection d'incendie d'échanger des informations. BACnet garantit l'interopérabilité et permet aux dispositifs d'automatisation des bâtiments informatisés de communiquer, quel que soit les services spécifiques qu'ils fournissent.

**Port par défaut :** 47808
```text
PORT      STATE SERVICE
47808/udp open  BACNet -- Building Automation and Control NetworksEnumerate
```
# Énumération

## Manuel
```bash
pip3 install BAC0
pip3 install netifaces

import BAC0
import time

myIP = '<Your IP>/<MASK>' #You need to be on the same subnet as the bacnet device. Example: '192.168.1.4/24'
bacnet = BAC0.connect(ip=myIP)
bacnet.whois() #Broadcast request of bacnet devices
time.sleep(5)  #Wait for devices to respond
for i, (deviceId, companyId, devIp, numDeviceId) in enumerate(bacnet.devices):
print(f"-------- Device #{numDeviceId} --------")
print(f"Device:     {deviceId}")
print(f"IP:         {devIp}")
print(f"Company:    {companyId}")
readDevice = bacnet.readMultiple(f"{devIp} device {numDeviceId} all")
print(f"Model Name: {readDevice[11]}")
print(f"Version:    {readDevice[2]}")
# print(readDevice) #List all available info about the device
```
## Automatique
```bash
nmap --script bacnet-info --script-args full=yes -sU -n -sV -p 47808 <IP>
```
Ce script ne tente pas de rejoindre un réseau BACnet en tant que dispositif étranger, il envoie simplement des requêtes BACnet directement à un dispositif accessible par IP.

## Shodan

* `port:47808 instance`
* `"Instance ID" "Vendor Name"`


{% hint style="success" %}
Apprenez et pratiquez le Hacking AWS :<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Apprenez et pratiquez le Hacking GCP : <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Supportez HackTricks</summary>

* Consultez les [**plans d'abonnement**](https://github.com/sponsors/carlospolop) !
* **Rejoignez le** 💬 [**groupe Discord**](https://discord.gg/hRep4RUj7f) ou le [**groupe telegram**](https://t.me/peass) ou **suivez-nous sur** **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Partagez des astuces de hacking en soumettant des PR aux** [**HackTricks**](https://github.com/carlospolop/hacktricks) et [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) dépôts github.

</details>
{% endhint %}
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:41 +00:00			`{% hint style="success" %}`
			`Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[HackTricks Training AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\`
			`Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[HackTricks Training GCP Red Team Expert (GRTE)<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`
Translated ['network-services-pentesting/11211-memcache/memcache-command 2024-02-08 22:29:39 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:41 +00:00			`<details>`
Translated ['network-services-pentesting/11211-memcache/memcache-command 2024-02-08 22:29:39 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:41 +00:00			`<summary>Support HackTricks</summary>`
Translated ['network-services-pentesting/11211-memcache/memcache-command 2024-02-08 22:29:39 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:41 +00:00			`* Check the [subscription plans](https://github.com/sponsors/carlospolop)!`
			`* Join the 💬 [Discord group](https://discord.gg/hRep4RUj7f) or the [telegram group](https://t.me/peass) or follow us on Twitter 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
			`* Share hacking tricks by submitting PRs to the [HackTricks](https://github.com/carlospolop/hacktricks) and [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repos.`
Translated ['network-services-pentesting/11211-memcache/memcache-command 2024-02-08 22:29:39 +00:00
			`</details>`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:41 +00:00			`{% endhint %}`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00

Translated ['network-services-pentesting/11211-memcache/memcache-command 2024-02-08 22:29:39 +00:00			`# Informations sur le protocole`

Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:41 +00:00			BACnet est un protocole de communication pour les réseaux d'automatisation et de contrôle des bâtiments (BAC) qui s'appuie sur le protocole standard ASHRAE, ANSI et ISO 16484-5. Il facilite la communication entre les systèmes d'automatisation et de contrôle des bâtiments, permettant aux applications telles que le contrôle HVAC, le contrôle de l'éclairage, le contrôle d'accès et les systèmes de détection d'incendie d'échanger des informations. BACnet garantit l'interopérabilité et permet aux dispositifs d'automatisation des bâtiments informatisés de communiquer, quel que soit les services spécifiques qu'ils fournissent.
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['network-services-pentesting/10000-network-data-management-p 2024-01-05 23:03:58 +00:00			`Port par défaut : 47808`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```text
			`PORT STATE SERVICE`
			`47808/udp open BACNet -- Building Automation and Control NetworksEnumerate`
			```
Translated to French 2023-06-03 13:10:46 +00:00			`# Énumération`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated to French 2023-06-03 13:10:46 +00:00			`## Manuel`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```bash
			`pip3 install BAC0`
Translated ['network-services-pentesting/47808-udp-bacnet.md'] to fr 2024-02-14 10:09:19 +00:00			`pip3 install netifaces`

GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`import BAC0`
Translated ['network-services-pentesting/47808-udp-bacnet.md'] to fr 2024-02-14 10:09:19 +00:00			`import time`

			`myIP = '<Your IP>/<MASK>' #You need to be on the same subnet as the bacnet device. Example: '192.168.1.4/24'`
			`bacnet = BAC0.connect(ip=myIP)`
			`bacnet.whois() #Broadcast request of bacnet devices`
			`time.sleep(5) #Wait for devices to respond`
			`for i, (deviceId, companyId, devIp, numDeviceId) in enumerate(bacnet.devices):`
			`print(f"-------- Device #{numDeviceId} --------")`
			`print(f"Device: {deviceId}")`
			`print(f"IP: {devIp}")`
			`print(f"Company: {companyId}")`
			`readDevice = bacnet.readMultiple(f"{devIp} device {numDeviceId} all")`
			`print(f"Model Name: {readDevice[11]}")`
			`print(f"Version: {readDevice[2]}")`
			`# print(readDevice) #List all available info about the device`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```
Translated to French 2023-06-03 13:10:46 +00:00			`## Automatique`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```bash
			`nmap --script bacnet-info --script-args full=yes -sU -n -sV -p 47808 <IP>`
			```
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:41 +00:00			`Ce script ne tente pas de rejoindre un réseau BACnet en tant que dispositif étranger, il envoie simplement des requêtes BACnet directement à un dispositif accessible par IP.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
fix mess 2 2022-05-01 12:49:36 +00:00			`## Shodan`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
			* `port:47808 instance`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:41 +00:00			* `"Instance ID" "Vendor Name"`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00

Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:41 +00:00			`{% hint style="success" %}`
			`Apprenez et pratiquez le Hacking AWS :<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[HackTricks Training AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\`
			`Apprenez et pratiquez le Hacking GCP : <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[HackTricks Training GCP Red Team Expert (GRTE)<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:41 +00:00			`<details>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:41 +00:00			`<summary>Supportez HackTricks</summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:41 +00:00			`* Consultez les [plans d'abonnement](https://github.com/sponsors/carlospolop) !`
			`* Rejoignez le 💬 [groupe Discord](https://discord.gg/hRep4RUj7f) ou le [groupe telegram](https://t.me/peass) ou suivez-nous sur Twitter 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
			`* Partagez des astuces de hacking en soumettant des PR aux [HackTricks](https://github.com/carlospolop/hacktricks) et [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) dépôts github.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:23:41 +00:00			`{% endhint %}`