SCADA/ICS Hacking in Cyber Warfare: Hacking Gas Stations in Russia
 

Welcome back, aspiring cyberwarriors.




As the war rages on, Russia's gas exports have taken on heightened significance. This resource is literally and figuratively fueling Putin's war efforts, which only underscores the need for attacks on this sector's infrastructure.




In this article, in collaboration with a student from Cyber Cossacks School - Citadel--we’ll show one vulnerability of Russian gas stations.




https://static.wixstatic.com/media/6...,q_80/file.png





Background




There is an accounting software used by gas stations in Russia. If we successfully disrupt the server we can significantly impact overall performance of the facility. Most of these servers are located in Russia, and we estimate around 30-40 are exploitable.




To find these servers onShodan, simply search: Mmadm country:"ru"




https://static.wixstatic.com/media/6...,q_80/file.png


Most of these servers have port 50000 open.




https://static.wixstatic.com/media/6...,q_80/file.png


When accessed via a browser, you'll typically see an authorization form, likely generated by an .htaccess*file. The default credentials are typically admin:admin.




After logging in, you'll notice it's a reporting management system.

https://static.wixstatic.com/media/6...,q_80/file.png


In the reporting section, you'll find the establishment's name—in this case, Tatneft Gas Station 2093.




https://static.wixstatic.com/media/6...,q_80/file.png


After a second search on Google, we found his address - Moscow region, Ramensky district, Mikhnevo, 30153.




https://static.wixstatic.com/media/6...,q_80/file.png


The vulnerability lies in the web system's insecurity, allowing you to configure which processes are displayed. This is where you can plant a reverse shell.




Here's a breakdown of its components:




-l: Listen mode, used for inbound connections.

-v: Verbose mode, provides more detailed output.

-n: Do not perform DNS lookups on names of hosts.

-p 443: Specify the port number to listen on (443 in this case).







https://static.wixstatic.com/media/6...,q_80/file.png


Next, for privilege escalation, we can exploit the pkexec vulnerability (CVE-2021-4034) to gain a root shell.




https://static.wixstatic.com/media/6...,q_80/file.png


Summary




The war on Ukraine has highlighted the complex interplay of energy resources, economic power, and military capabilities in modern geopolitics. As hackers, we wield a force that can tip the scales in favor of the underdog. Through digital means, we bypass traditional power structures, striking vulnerabilities that larger forces overlook, and exposing weaknesses in seemingly mundane systems. In the age of cyber warfare, influence isn't confined to war rooms or battlefields. A group of dedicated resistance fighters can disrupt the mechanisms of control, challenge entrenched powers and redefine the modern battleground.