-edit WARNING edit-
I am not responsible to whatever idiocy anyone does with this information. Please use proxies/tor/whatever.
-/edit-
Hello!
I've always wanted to contribute to this community (And promised to do so when i met the admin about 7 years ago)
Anyway here's a BRIEF - very poorly structured - tutorial on SHODAN.
1. What Is Shodan?
I'm sure You all know about googledorks; Specific google search queries that expose sensitive information (Password files, login panels, php shells, etc..). Imagine using that to search for DEVICES connected to the internet. That's what shodan does.
Wikipedia:
Shodan is a search engine that lets you find specific types of computers (routers, servers, etc.) in the internet using a variety of filters. Some have also described it as a search engine of service banners, which are meta-data the server sends back to the client.
Using Shodan, You can expose a whole variety of devices.. Scada systems(suicide mission), Security cameras, root shells on devices (i.e Android), etc..
Enough talk.. lets get to the juicy stuff.
2. Juicy Stuffses
Using some quick research, I found out about an android webcam server app called -drumroll- Android Webcam Server !
So I went to
http://shodanhq.com and searched for: android webcam server (
http://www.shodanhq.com/search?q=android+webcam+server )
Results pop up ! GREAT !! I pick the first result, and i get an authentication screen... that's not good.
Another google search shows me that this cam does not have default login credentials, so no hope testing there.
So then I searched for "Android webcam server 200" .. Why 200 ?
"200 OK
Standard response for successful HTTP requests. The actual response will depend on the request method used. In a GET request, the response will contain an entity corresponding to the requested resource. In a POST request the response will contain an entity describing or containing the result of the action.
"
Pretty self explanatory..
I click on the first result and...
BOOM!
Won't go into much more detail.. Just some things you must know:
Free accounts have a limit on the number of results per query (You can view more results with some smart querying, like adding country:LB or other attributes to narrow your search), They also dont have full access to the port:xx feature (such as telnet).
Know this: Searching for devices that require authentication, but HAVE default usernames and passwords, will at WORST give out a 1/10 ratio of devices with default credentials.
Some of my fav. queries:
boa ipcam (admin:123456)
dcs 5220 200 (200 -> no auth popup)
root@android:/ #
default password
iomega 200 (juicy extrenal hard discs)
everything related to dreambox (cable TV with web interface.. default credentials)
If you like this, tell me and i'll restructure it so it doesn't look like a piece of crap..
Cheerz.