Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-12-12 06:12:55 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/network-services-pentesting/47808-udp-bacnet.md

53 lines
2.7 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 协议信息
**BACnet** 是一个用于建筑自动化和控制BAC网络的[通信协议](https://en.wikipedia.org/wiki/Communications_protocol),它利用了 [ASHRAE](https://en.wikipedia.org/wiki/ASHRAE)、[ANSI](https://en.wikipedia.org/wiki/ANSI) 和 [ISO](https://en.wikipedia.org/wiki/International_Organization_for_Standardization) 16484-5 标准[\[1\]](https://en.wikipedia.org/wiki/BACnet#cite_note-1) 协议。
BACnet 被设计用于允许[建筑自动化](https://en.wikipedia.org/wiki/Building_automation)和控制系统的通信,适用于如供暖、通风和空调控制([HVAC](https://en.wikipedia.org/wiki/HVAC)、照明控制、出入控制以及火灾检测系统及其相关设备的应用。BACnet 协议提供了机制,用于计算机化的建筑自动化设备交换信息,无论它们执行的是哪种特定的建筑服务。
来自 [Wikipedia](https://en.wikipedia.org/wiki/BACnet)
**默认端口:** 47808
```text
PORT STATE SERVICE
47808/udp open BACNet -- Building Automation and Control NetworksEnumerate
```
# 枚举
## 手动
```bash
pip3 install BAC0
import BAC0
bbmdIP = '<IP>:47808'
bbmdTTL = 900
bacnet = BAC0.connect(bbmdAddress=bbmdIP, bbmdTTL=bbmdTTL) #Connect
bacnet.vendorName.strValue
#I couldn't find how to obtain the same data as nmap with this library or any other
#talk me if you know how please
```
## 自动
```bash
nmap --script bacnet-info --script-args full=yes -sU -n -sV -p 47808 <IP>
```
```markdown
此脚本不尝试作为外来设备加入BACnet网络它只是直接向可通过IP地址访问的设备发送BACnet请求。
## Shodan
* `port:47808 instance`
* `"Instance ID" "Vendor Name"`
<details>
<summary><strong>从零开始学习AWS黑客技术成为</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong></strong></summary>
支持HackTricks的其他方式
* 如果您希望在HackTricks中看到您的**公司广告**或**下载HackTricks的PDF**,请查看[**订阅计划**](https://github.com/sponsors/carlospolop)
* 获取[**官方的PEASS & HackTricks商品**](https://peass.creator-spring.com)
* 发现[**PEASS家族**](https://opensea.io/collection/the-peass-family),我们独家的[**NFTs系列**](https://opensea.io/collection/the-peass-family)
* **加入** 💬 [**Discord群组**](https://discord.gg/hRep4RUj7f) 或 [**telegram群组**](https://t.me/peass) 或在 **Twitter** 🐦 上**关注**我 [**@carlospolopm**](https://twitter.com/carlospolopm)**。**
* **通过向** [**HackTricks**](https://github.com/carlospolop/hacktricks) 和 [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github仓库提交PR来分享您的黑客技巧。
</details>
```
Reference in a new issue View git blame Copy permalink