Tags: modbus scada 

Rating: 5.0

Lighttheway was a medium rated challenge. We we're given an ip address. Initial nmap scan showed, port 22, 80, and 502 as open ports. Website was hosted on port 80 showing a vehicle and traffic lights. We had to change the lights in a way that would allow the vehicle to go through the highlighted path. Also port 502 was open, which is related to modbus, and as it doesn't have any authentication, and allows to read and write data to coils and registers, changing the values of coils at correct addresses provided the flag. Metasploit module was used to manually read the coil values. Then, pyModbusTCP module was used to write all the values to the coils. Detailed writeup is on my blog.

Original writeup (https://biplav.xyz/posts/lighttheway/).