IIoT

This is a cloud data analytics platform used by the gas power plant. Specifically it is used to analyze data from vibration sensors attached to the turbines.

The default password for the vibration sensor is available in the manual which is viewable without authentication on the main page.

MQTT

The MQTT broker requires authentication.

Run ARPspoof to pretend to be the router.

Viewing the publish message packet.

Viewing the connect command packet reveals the username and password.

Viewing the published topics.

Since we know the topic name (vibration) it is also possible to send fake data

mosquitto_pub -h cloud.vulniphyd.com -t 'vibration' -u cloudiphyd -P cloudiphyd -m 1000

This could be mitigated by configuring MQTT to use TLS.

PreviousBACnet NextCTF

Last updated 1 year ago