HackTricks
Search…
Pentesting
Powered By GitBook
47808/udp - Pentesting BACNet

Protocol Information

BACnet is a communications protocol for Building Automation and Control (BAC) networks that leverage the ASHRAE, ANSI, and ISO 16484-5 standard[1] protocol.
BACnet was designed to allow communication of building automation and control systems for applications such as heating, ventilating, and air-conditioning control (HVAC), lighting control, access control, and fire detection systems and their associated equipment. The BACnet protocol provides mechanisms for computerized building automation devices to exchange information, regardless of the particular building service they perform. From Wikipedia
Default port: 47808
1
PORT STATE SERVICE
2
47808/udp open BACNet -- Building Automation and Control NetworksEnumerate
Copied!

Enumeration

Manual

1
pip3 install BAC0
2
import BAC0
3
bbmdIP = '<IP>:47808'
4
bbmdTTL = 900
5
bacnet = BAC0.connect(bbmdAddress=bbmdIP, bbmdTTL=bbmdTTL) #Connect
6
bacnet.vendorName.strValue
7
#I couldn't find how to obtain the same data as nmap with this library or any other
8
#talk me if you know how please
Copied!

Automatic

1
nmap --script bacnet-info --script-args full=yes -sU -n -sV -p 47808 <IP>
Copied!
This script does not attempt to join a BACnet network as a foreign device, it simply sends BACnet requests directly to an IP addressable device.

Shodan

    port:47808 instance
    "Instance ID" "Vendor Name"
Last modified 1yr ago