BAS Hacking 101 Overview


BAS Hacking 101 Overview

My article How to Hack a Building Automation System is one of my most read articles. However, one of the criticism’s I received was that it didn’t go into how to actually hack a BAS. Being that December is Data Security Month, I am going to walk you through the a BAS Hack on a system I have here in my house.

BAS hacking is very similar to web application hacking and we will follow a similar hack cycle:

  1. BAS Hacking 101 Target Selection:First we will utilize various tools to select our target. That will be the focus of the article
  2. BAS Hacking 101 Scanning Next we will scan our target for vulnerabilities, we will utilize port scanning, banner grabbing, and code evaluation to see what we can learn about our target. We will also utilize some of the tools we learned in BAS Hacking 101 Target Selection.
  3. BAS Hacking 101 Exploiting: Now we will attempt to exploit the BAS, we will utilize proxies to attempt to capture sessions, we will attempt to root our device, and we will attempt to gain administrative access to the BAS.
  4. BAS Hacking 101 Clean Up: Here we will attempt to clean up our presence via audit trails and the like as well as utilizing root-kits to gain permanent access.

To perform this series you will need the following:

  1. A BAS Supervisory device: Preferably a device that utilizes Java and is IP Based.
  2. A copy of BackTrack boot-able you can get that here, this will have all your tools in one boot-able disk.
  3. A virtual environment from which to run your tools, I use Virtual Box.
  4. A copy of Linux, I use Ubuntu 12.4, in case you want to run your tools off an installed OS.
  5. The following tools NMAP, Nessus, Metasploit, Jack the Ripper, and Google Hack DB.
  6. Potentially depending on how the course goes you may need Notepad+ so we can write Java and Python scripts.
  7. A working knowledge of SQL, Linux, and Network Protocols. (Don’t worry if you don’t have them you will by the end of the series).

Over the next several days I will be working on the first article. Be sure to subscribe so you get notified as soon as the articles are up.

Until Later,



The following two tabs change content below.
Phil Zito
I am a Building Technologies Consultant with over a decade of experience in building automation, integration, energy management, and business management. I leverage my expertise around Building Systems to help clients develop solutions that are open, expandable, and that achieve business outcomes based on client needs. I specialize in understanding legacy and current technologies in order to develop specifications, and RFP's for cost effective building and enterprise solutions. My spare time is spent with family as well as reading. I enjoy writing and speaking and I actively seek opportunities to do both.
Phil Zito

Latest posts by Phil Zito (see all)

2 Trackbacks & Pingbacks

  1. BAS Hacking 101 Overview | Strategic HR
  2. BAS Hacking 101: Scanning and Enumeration | Building Automation Monthly

Leave a comment

Your email address will not be published.