mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-22 20:53:37 +00:00
Translated ['network-services-pentesting/47808-udp-bacnet.md'] to cn
This commit is contained in:
parent
06445ae383
commit
c59e99ac77
1 changed files with 21 additions and 26 deletions
|
@ -6,7 +6,7 @@
|
||||||
|
|
||||||
* 如果您想看到您的**公司在HackTricks中做广告**或**下载PDF格式的HackTricks**,请查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
|
* 如果您想看到您的**公司在HackTricks中做广告**或**下载PDF格式的HackTricks**,请查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
|
||||||
* 获取[**官方PEASS & HackTricks周边产品**](https://peass.creator-spring.com)
|
* 获取[**官方PEASS & HackTricks周边产品**](https://peass.creator-spring.com)
|
||||||
* 发现[**PEASS家族**](https://opensea.io/collection/the-peass-family),我们的独家[**NFTs**](https://opensea.io/collection/the-peass-family)
|
* 探索[**PEASS家族**](https://opensea.io/collection/the-peass-family),我们的独家[**NFTs**](https://opensea.io/collection/the-peass-family)
|
||||||
* **加入** 💬 [**Discord群**](https://discord.gg/hRep4RUj7f) 或 [**电报群**](https://t.me/peass) 或 **关注**我们的**Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**。**
|
* **加入** 💬 [**Discord群**](https://discord.gg/hRep4RUj7f) 或 [**电报群**](https://t.me/peass) 或 **关注**我们的**Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**。**
|
||||||
* 通过向[**HackTricks**](https://github.com/carlospolop/hacktricks)和[**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github仓库提交PR来分享您的黑客技巧。
|
* 通过向[**HackTricks**](https://github.com/carlospolop/hacktricks)和[**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github仓库提交PR来分享您的黑客技巧。
|
||||||
|
|
||||||
|
@ -15,7 +15,7 @@
|
||||||
|
|
||||||
# 协议信息
|
# 协议信息
|
||||||
|
|
||||||
**BACnet**是一种用于建筑自动化和控制(BAC)网络的**通信协议**,利用**ASHRAE**、**ANSI**和**ISO 16484-5标准**协议。它促进建筑自动化和控制系统之间的通信,实现诸如暖通空调控制、照明控制、门禁控制和火灾检测系统等应用之间的信息交换。BACnet确保互操作性,使计算机化的建筑自动化设备能够通信,无论它们提供的具体服务是什么。
|
**BACnet**是一种用于建筑自动化和控制(BAC)网络的**通信协议**,利用**ASHRAE**、**ANSI**和**ISO 16484-5标准**协议。它促进建筑自动化和控制系统之间的通信,实现诸如暖通空调控制、照明控制、门禁控制和火灾检测系统等应用之间的信息交换。BACnet确保互操作性,使计算机化建筑自动化设备能够通信,无论它们提供的具体服务是什么。
|
||||||
|
|
||||||
**默认端口:** 47808
|
**默认端口:** 47808
|
||||||
```text
|
```text
|
||||||
|
@ -27,37 +27,32 @@ PORT STATE SERVICE
|
||||||
## 手动
|
## 手动
|
||||||
```bash
|
```bash
|
||||||
pip3 install BAC0
|
pip3 install BAC0
|
||||||
|
pip3 install netifaces
|
||||||
|
|
||||||
import BAC0
|
import BAC0
|
||||||
bbmdIP = '<IP>:47808'
|
import time
|
||||||
bbmdTTL = 900
|
|
||||||
bacnet = BAC0.connect(bbmdAddress=bbmdIP, bbmdTTL=bbmdTTL) #Connect
|
myIP = '<Your IP>/<MASK>' #You need to be on the same subnet as the bacnet device. Example: '192.168.1.4/24'
|
||||||
bacnet.vendorName.strValue
|
bacnet = BAC0.connect(ip=myIP)
|
||||||
#I couldn't find how to obtain the same data as nmap with this library or any other
|
bacnet.whois() #Broadcast request of bacnet devices
|
||||||
#talk me if you know how please
|
time.sleep(5) #Wait for devices to respond
|
||||||
|
for i, (deviceId, companyId, devIp, numDeviceId) in enumerate(bacnet.devices):
|
||||||
|
print(f"-------- Device #{numDeviceId} --------")
|
||||||
|
print(f"Device: {deviceId}")
|
||||||
|
print(f"IP: {devIp}")
|
||||||
|
print(f"Company: {companyId}")
|
||||||
|
readDevice = bacnet.readMultiple(f"{devIp} device {numDeviceId} all")
|
||||||
|
print(f"Model Name: {readDevice[11]}")
|
||||||
|
print(f"Version: {readDevice[2]}")
|
||||||
|
# print(readDevice) #List all available info about the device
|
||||||
```
|
```
|
||||||
## 自动
|
## 自动化
|
||||||
```bash
|
```bash
|
||||||
nmap --script bacnet-info --script-args full=yes -sU -n -sV -p 47808 <IP>
|
nmap --script bacnet-info --script-args full=yes -sU -n -sV -p 47808 <IP>
|
||||||
```
|
```
|
||||||
这个脚本并不尝试作为外部设备加入BACnet网络,而是直接向可寻址的IP设备发送BACnet请求。
|
这个脚本并不尝试作为外部设备加入BACnet网络,而是直接向一个可通过IP地址访问的设备发送BACnet请求。
|
||||||
|
|
||||||
## Shodan
|
## Shodan
|
||||||
|
|
||||||
* `port:47808 instance`
|
* `port:47808 instance`
|
||||||
* `"Instance ID" "Vendor Name"`
|
* `"Instance ID" "Vendor Name"`
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<details>
|
|
||||||
|
|
||||||
<summary><strong>从零开始学习AWS黑客技术,成为专家</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
|
|
||||||
|
|
||||||
支持HackTricks的其他方式:
|
|
||||||
|
|
||||||
* 如果您想看到您的**公司在HackTricks中做广告**或**下载PDF格式的HackTricks**,请查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
|
|
||||||
* 获取[**官方PEASS & HackTricks周边产品**](https://peass.creator-spring.com)
|
|
||||||
* 探索[**PEASS家族**](https://opensea.io/collection/the-peass-family),我们的独家[**NFTs**](https://opensea.io/collection/the-peass-family)
|
|
||||||
* **加入** 💬 [**Discord群**](https://discord.gg/hRep4RUj7f) 或 [**电报群**](https://t.me/peass) 或 **关注**我们的**Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
|
|
||||||
* 通过向[**HackTricks**](https://github.com/carlospolop/hacktricks)和[**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github仓库提交PR来分享您的黑客技巧。
|
|
||||||
|
|
||||||
</details>
|
|
||||||
|
|
Loading…
Reference in a new issue