We want engineers and IT professionals in the critical infrastructure to demo the Project Basecamp Metasploit Modules. It’s a very easy and powerful demo for management and anyone else who is downplaying the fragility and insecurity of PLC’s. Here’s a video to show just how easy it is.
The first 7:35 of the video involves downloading and installing Metasploit. This is a bit tedious and can be skipped by most loyal blog readers, but it’s my fault it’s in the video. I asked Reid to show the whole process from download to exploit. Those of you who have never used Metasploit may benefit a bit from seeing just how easy it is to download and get started with this powerful tool.
After 7:35 the video gets very interesting beginning with the legitimate Unity software interface and uploading ladder logic to the Modicon Quantum mode. Then Reid shows how to find and use the Modicon Metasploit Modules from Project Basecamp. He demonstrates stopping the PLC and uploading rogue ladder logic, all in less than seven minutes.
[vimeo 41382228 w=500&h=331]