In this section, we will discuss how we can breach the security of SCADA systems. We have plenty of frameworks that can test SCADA systems but discussing them will push us beyond the scope of this book. So, keeping it simple, we will restrict our discussion only specific to SCADA exploitation carried out using Metasploit.
Let's understand the basics of exploiting SCADA systems. SCADA systems can be compromised using a variety of exploits in Metasploit, which were added recently to the framework. In addition, some of the SCADA servers that are located might have default username and passwords, which rarely exist these days, but still there may be a possibility.
Let's try finding some SCADA servers. We can achieve this using an excellent resource, that is, http://www.shodanhq.com. Let's see what various SCADA servers we can get from the website.
First, we need to create an account for the website. After registering, we can refer to an excellent...