A sandboxed IT/OT hack lab/ICS cyber range where the goal is the disruption of a stable cyclic physical automation.
This project is currently approaching stability but will still change regularly. The current state of the physical build is:
The components are:
- Moxa IA240-LX with old (and vulnerable) firmware
- NETGEAR ProSAFE GS105 Gigabit switch
- Koyo CLICK C0-11DRE-D PLC
- A model factory automation
This project is for my own learning and enjoyment as well as to support capture the flag events with friends. It obviously relies on a real-world automation so isn't a simple clone-and-build repository. As such, please understand I won't be providing support for what is in here, I'm simply sharing it to benefit anyone who might find it interesting or helpful for their project.
You goal is blow up a factory!
This is what we know:
- There's a Moxa IA240-LX on the 192.168.0.0/16 network, with a Shellshock-vulnerable Apache instance.
- There's a PLC on the network at 192.168.0.10.
- The Moxa is supervising the a PLC in the control of the factory.
Reset the Moxa to factory settings, or at least reset the Moxa root password
to 'root' and reboot (reset.sh
will help with that).
Run the chaos_craig.sh
script to set up the random elements and start the
factory.
This project wouldn't have been possible without the following people's advice, patience, laser cutting and spare parts: