Wednesday, January 16, 2013

S4x13 Releases: S7 password offline bruteforce tool

As you know S7 protocol, used to communication between Engineering Stations, SCADA, HMI and PLC can be protected by password.

On-line authentication is a simple challenge-response protocol.
  • Password hashed (SHA1) on client (TIA Portal)
  • Server (PLC) provide 20 byte challenge
  • Client calculate HMAC-SHA1(challenge, SHA1(password) as response

Enjoy our special S4x13 release by Alexander Timorin, Dmitry Sklyarov
Parameters are hardcoded, sorry.
cfg_pcap_file = 'path to .pcap file'
cfg_dictionary_file = 'path to dictionary file'

Feel free to contribute.

1 comment:

  1. Hello Everybody,
    My name is Mrs Sharon Sim. I live in Singapore and i am a happy woman today? and i told my self that any lender that rescue my family from our poor situation, i will refer any person that is looking for loan to him, he gave me happiness to me and my family, i was in need of a loan of $250,000.00 to start my life all over as i am a single mother with 3 kids I met this honest and GOD fearing man loan lender that help me with a loan of $250,000.00 SG. Dollar, he is a GOD fearing man, if you are in need of loan and you will pay back the loan please contact him tell him that is Mrs Sharon, that refer you to him. contact Dr Purva Pius, call/whats-App Contact Number +918929509036 via email:( Thank you.