SCADA/ICS Hacking in Cyber Warfare: Hacking Gas Stations in Russia

[Cartographer]

Welcome back, aspiring cyberwarriors.




As the war rages on, Russia's gas exports have taken on heightened significance. This resource is literally and figuratively fueling Putin's war efforts, which only underscores the need for attacks on this sector's infrastructure.




In this article, in collaboration with a student from Cyber Cossacks School - Citadel--we’ll show one vulnerability of Russian gas stations.










Background




There is an accounting software used by gas stations in Russia. If we successfully disrupt the server we can significantly impact overall performance of the facility. Most of these servers are located in Russia, and we estimate around 30-40 are exploitable.




To find these servers onShodan, simply search: Mmadm country:"ru"







Most of these servers have port 50000 open.







When accessed via a browser, you'll typically see an authorization form, likely generated by an .htaccess*file. The default credentials are typically admin:admin.




After logging in, you'll notice it's a reporting management system.




In the reporting section, you'll find the establishment's name—in this case, Tatneft Gas Station 2093.







After a second search on Google, we found his address - Moscow region, Ramensky district, Mikhnevo, 30153.







The vulnerability lies in the web system's insecurity, allowing you to configure which processes are displayed. This is where you can plant a reverse shell.




Here's a breakdown of its components:




-l: Listen mode, used for inbound connections.

-v: Verbose mode, provides more detailed output.

-n: Do not perform DNS lookups on names of hosts.

-p 443: Specify the port number to listen on (443 in this case).










Next, for privilege escalation, we can exploit the pkexec vulnerability (CVE-2021-4034) to gain a root shell.







Summary




The war on Ukraine has highlighted the complex interplay of energy resources, economic power, and military capabilities in modern geopolitics. As hackers, we wield a force that can tip the scales in favor of the underdog. Through digital means, we bypass traditional power structures, striking vulnerabilities that larger forces overlook, and exposing weaknesses in seemingly mundane systems. In the age of cyber warfare, influence isn't confined to war rooms or battlefields. A group of dedicated resistance fighters can disrupt the mechanisms of control, challenge entrenched powers and redefine the modern battleground.