My article How to Hack a Building Automation System is one of my most read articles. However, one of the criticism's I received was that it didn't go into how to actually hack a BAS. Being that December is Data Security Month, I am going to walk you through the a BAS Hack on a system I have here in my house.
BAS hacking is very similar to web application hacking and we will follow a similar hack cycle:
- BAS Hacking 101 Target Selection:First we will utilize various tools to select our target. That will be the focus of the article
- BAS Hacking 101 Scanning Next we will scan our target for vulnerabilities, we will utilize port scanning, banner grabbing, and code evaluation to see what we can learn about our target. We will also utilize some of the tools we learned in BAS Hacking 101 Target Selection.
- BAS Hacking 101 Exploiting: Now we will attempt to exploit the BAS, we will utilize proxies to attempt to capture sessions, we will attempt to root our device, and we will attempt to gain administrative access to the BAS.
- BAS Hacking 101 Clean Up: Here we will attempt to clean up our presence via audit trails and the like as well as utilizing root-kits to gain permanent access.
To perform this series you will need the following:
- A BAS Supervisory device: Preferably a device that utilizes Java and is IP Based.
- A copy of BackTrack boot-able you can get that here, this will have all your tools in one boot-able disk.
- A virtual environment from which to run your tools, I use Virtual Box.
- A copy of Linux, I use Ubuntu 12.4, in case you want to run your tools off an installed OS.
- The following tools NMAP, Nessus, Metasploit, Jack the Ripper, and Google Hack DB.
- Potentially depending on how the course goes you may need Notepad+ so we can write Java and Python scripts.
- A working knowledge of SQL, Linux, and Network Protocols. (Don't worry if you don't have them you will by the end of the series).
Over the next several days I will be working on the first article.