{"id":1513,"date":"2024-07-02T13:15:22","date_gmt":"2024-07-02T10:15:22","guid":{"rendered":"https:\/\/zerontek.com\/zt\/?p=1513"},"modified":"2024-07-02T13:17:12","modified_gmt":"2024-07-02T10:17:12","slug":"finding-wago-750-88x-plc-using-google","status":"publish","type":"post","link":"https:\/\/zerontek.com\/zt\/2024\/07\/02\/finding-wago-750-88x-plc-using-google\/","title":{"rendered":"Finding WAGO 750-88x PLC Using Google"},"content":{"rendered":"\n

Welcome to the 16th installment of \u201cOT Hunt<\/a>\u201d where we delve into the world of ICS\/OT devices connected to the internet. The primary aim of this series is to raise awareness within the ICS community and serve as a wake-up call for both asset owners and ICS\/OT vendors to fortify their assets against potential cyber threats.<\/p>\n\n\n\n

In our last article, we discussed the WAGO PLC 750-88x and how to find it on Shodan. If you missed it, you can check it out here<\/a>. This time, we’ll take a different approach and try to find the WAGO PLC 750-88x using Google, completely free of charge. This method provides juicier information and demonstrates the power of OSINT using Google filters.<\/p>\n\n\n\n

This OSINT technique exposes web interfaces for PLCs connected and managed from the internet. Use the following search queries to find web-based management interfaces of WAGO PLCs. Here\u2019s how you can do it:<\/p>\n\n\n\n

Technique 1: Search by Model Number<\/strong><\/p>\n\n\n\n

To find WAGO 750-880, use:<\/p>\n\n\n\n

intitle:\"WAGO Ethernet web-based-management\" intext:\"750-880\"\n<\/code><\/pre>\n\n\n\n
Technique 2: List or Find Existing Firmware<\/strong><\/p>\n\n\n\n
To discover firmware revision details, use:<\/p>\n\n\n\n
intitle:\"WAGO Ethernet web-based-management\" intext:\"Firmware revision\"\n<\/code><\/pre>\n\n\n\n
Technique 3: Search by MAC Address<\/strong><\/p>\n\n\n\n
Finding devices by their MAC address can be done with:<\/p>\n\n\n\n
intitle:\"WAGO Ethernet web-based-management\" intext:\"Mac address\"\n<\/code><\/pre>\n\n\n\n
Technique 4: Search by Order\/Version Number<\/strong><\/p>\n\n\n\n
You can search for specific order or version numbers using:<\/p>\n\n\n\n
intitle:\"WAGO Ethernet web-based-management\" intext:\"Order number\"\n<\/code><\/pre>\n\n\n\n
Technique 5: List\/Find Internal IP<\/strong><\/p>\n\n\n\n
To find internal IP addresses, use:<\/p>\n\n\n\n
intitle:\"WAGO Ethernet web-based-management\" intext:\"IP address\"\n<\/code><\/pre>\n\n\n\n
Critical infrastructure security and safety are crucial. Some asset owners have their PLCs connected to the internet. As demonstrated, by looking at the PLC web management website, you can obtain a lot of information about the PLC, its network, and other important details like version numbers, which may be vulnerable or unpatched, leading to potential exploits with a little research on how to do that. Login forms exist too; they could be exploited with some web hacking techniques. Check OWASP Top 10<\/a> for a list of common web security issues.<\/p>\n\n\n\n
In closing, I invite you to explore our project, ICSRank<\/a> \u2014 a unique tool tailored for the ICS\/OT domain, exemplifying our commitment to enhancing ICS\/OT cybersecurity. With its capabilities to Discover, Assess, and Secure, ICSRank stands as a vital resource in fortifying ICS\/OT environments against cyber threats.<\/p>\n","protected":false},"excerpt":{"rendered":"
Welcome to the 16th installment of \u201cOT Hunt\u201d where we delve into the world of ICS\/OT devices connected to the internet. The primary aim of this series is to raise awareness within the ICS community and serve as a wake-up call for both asset owners and ICS\/OT vendors to fortify their assets against potential cyber […]<\/p>\n","protected":false},"author":2,"featured_media":1518,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,212,3,81,168,48,67,174],"tags":[7,13,6,75,169,47,255],"class_list":["post-1513","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","category-google-dorks","category-ics-security","category-osint","category-ot-hunt","category-ot-security","category-plc","category-wago","tag-cyber-security","tag-ics","tag-ics-security","tag-icsrank","tag-ot-hunt","tag-ot-security","tag-wago-750-88x"],"_links":{"self":[{"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/posts\/1513","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/comments?post=1513"}],"version-history":[{"count":4,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/posts\/1513\/revisions"}],"predecessor-version":[{"id":1517,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/posts\/1513\/revisions\/1517"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/media\/1518"}],"wp:attachment":[{"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/media?parent=1513"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/categories?post=1513"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/tags?post=1513"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}