PCWorx devices can be mapped on the network as they allow unauthenticated requests that return system information such as PLC type, model number, and firmware details.
This recipe shows you how to enumerate PCWorx devices with Nmap.
Open your terminal and enter the following Nmap command:
$ nmap -Pn -sT -p1962 --script pcworx-info <target>
pcworx-info script will obtain device information, as shown next:
PORT STATE SERVICE 1962/tcp open pcworx | pcworx-info: | PLC Type: ILC 330 ETH | Model Number: 2737193 | Firmware Version: 3.95T | Firmware Date: Mar 2 2012 |_ Firmware Time: 09:39:02
pcworx-info script detects PCWorx devices and gathers information about the device such as type, model number, and firmware information. In the previous command, we checked TCP port
-p1962), used a full TCP connection (
-sT), and disabled host discovery (
-Pn) to reduce the number of custom packets...