Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2025-02-17 06:28:27 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/network-services-pentesting/47808-udp-bacnet.md
Translator workflow 6af5d4e1a0 Translated to German
2024-02-10 15:36:32 +00:00

5.7 KiB
Raw Blame History

Lernen Sie AWS-Hacking von Null auf Held mit htARTE (HackTricks AWS Red Team Expert)!

Andere Möglichkeiten, HackTricks zu unterstützen:

Protokollinformationen

BACnet ist ein Kommunikationsprotokoll für Gebäudeautomatisierungs- und -steuerungsnetzwerke (BAC), das das ASHRAE, ANSI und das ISO 16484-5-Standardprotokoll nutzt. Es erleichtert die Kommunikation zwischen Gebäudeautomatisierungs- und -steuerungssystemen und ermöglicht Anwendungen wie HVAC-Steuerung, Lichtsteuerung, Zugangskontrolle und Brandmeldeanlagen den Austausch von Informationen. BACnet gewährleistet Interoperabilität und ermöglicht es computergesteuerten Gebäudeautomatisierungsgeräten, unabhängig von den spezifischen Diensten, die sie bereitstellen, zu kommunizieren.

Standardport: 47808

PORT      STATE SERVICE
47808/udp open  BACNet -- Building Automation and Control NetworksEnumerate

Enumeration

Manuell

pip3 install BAC0
import BAC0
bbmdIP = '<IP>:47808'
bbmdTTL = 900
bacnet = BAC0.connect(bbmdAddress=bbmdIP, bbmdTTL=bbmdTTL) #Connect
bacnet.vendorName.strValue
#I couldn't find how to obtain the same data as nmap with this library or any other
#talk me if you know how please

Automatisch

Introduction

BACnet (Building Automation and Control Networks) is a communication protocol widely used in building automation systems. It allows devices such as HVAC systems, lighting controls, and security systems to communicate with each other.

UDP Port 47808

BACnet uses UDP (User Datagram Protocol) as its transport protocol, and it typically operates on port 47808. This port is commonly associated with BACnet traffic.

Scanning for BACnet Devices

To identify BACnet devices on a network, you can use tools such as bacnet_scan or bacpypes. These tools send BACnet discovery requests to the network and listen for responses from BACnet devices.

Enumerating BACnet Objects

Once you have identified a BACnet device, you can enumerate its objects using tools like bacnet_enum or bacnet_mstp_enum. These tools send BACnet read property requests to the device and retrieve information about its objects.

Exploiting BACnet Vulnerabilities

BACnet devices can be vulnerable to various security issues, such as weak authentication, default credentials, and insecure configurations. Exploiting these vulnerabilities can allow an attacker to gain unauthorized access to the device or manipulate its functionality.

Mitigating BACnet Security Risks

To mitigate the security risks associated with BACnet devices, it is important to follow security best practices. This includes implementing strong authentication mechanisms, changing default credentials, and regularly updating device firmware to patch any known vulnerabilities.

Conclusion

BACnet is a widely used communication protocol in building automation systems. Understanding how to scan for BACnet devices, enumerate their objects, and exploit vulnerabilities can help in securing these systems against potential attacks. By following security best practices, the risks associated with BACnet can be effectively mitigated.

nmap --script bacnet-info --script-args full=yes -sU -n -sV -p 47808 <IP>

Dieses Skript versucht nicht, sich als fremdes Gerät in ein BACnet-Netzwerk einzufügen, sondern sendet einfach BACnet-Anfragen direkt an ein IP-adressierbares Gerät.

Shodan

  • port:47808 instance
  • "Instanz-ID" "Herstellername"
Lernen Sie AWS-Hacking von Null auf Held mit htARTE (HackTricks AWS Red Team Expert)!

Andere Möglichkeiten, HackTricks zu unterstützen: