Last year I performed a penetration test and found a command injection zero-day in a critical application. The advistory link can be found in my advisories, but the advisory itself holds no information on the actual vulnerability. An anonymized version of the bug can be found as a hacking challenge at the bottom of this article. Can you spot the deadly bug in the code? What would be your payload?
With Triton malware eating away at power networks, and America and Iran giving each other the business, it would seem to be like hacking such systems requires out of this world knowledge. But this is far from the truth.
Can we fix all the bugs, shut all the backdoors and mitigate all flaws before something really nasty happens? Probably not. However, we can enjoy intellectual solace from the fruits of our world leaders’ whippersnappering.
I hereby present a case of a - fixed - vulnerability that was present in an ICS system. The code has been anonymized, like I do with all Spot The Bug challenges. However, I hope it gives an insight into the human factor of these systems, and how easy it can be to exploit such a system. With that, the hope is that you're inspired to help with the quest into securing a better world, because that also, we hope, is less hard than it may seem.