LebGeeks

A community for technology geeks in Lebanon.

You are not logged in.

#1 June 20 2014

marid
Member

Shodan

-edit WARNING edit-
I am not responsible to whatever idiocy anyone does with this information. Please use proxies/tor/whatever.
-/edit-


Hello!
I've always wanted to contribute to this community (And promised to do so when i met the admin about 7 years ago)
Anyway here's a BRIEF - very poorly structured - tutorial on SHODAN.

1. What Is Shodan?

I'm sure You all know about googledorks; Specific google search queries that expose sensitive information (Password files, login panels, php shells, etc..). Imagine using that to search for DEVICES connected to the internet. That's what shodan does.

Wikipedia:
Shodan is a search engine that lets you find specific types of computers (routers, servers, etc.) in the internet using a variety of filters. Some have also described it as a search engine of service banners, which are meta-data the server sends back to the client.

Using Shodan, You can expose a whole variety of devices.. Scada systems(suicide mission), Security cameras, root shells on devices (i.e Android), etc..
Enough talk.. lets get to the juicy stuff.

2. Juicy Stuffses

Using some quick research, I found out about an android webcam server app called -drumroll- Android Webcam Server !
So I went to http://shodanhq.com and searched for: android webcam server ( http://www.shodanhq.com/search?q=android+webcam+server )
Results pop up ! GREAT !! I pick the first result, and i get an authentication screen... that's not good.
Another google search shows me that this cam does not have default login credentials, so no hope testing there.
So then I searched for "Android webcam server 200" .. Why 200 ?

"200 OK
Standard response for successful HTTP requests. The actual response will depend on the request method used. In a GET request, the response will contain an entity corresponding to the requested resource. In a POST request the response will contain an entity describing or containing the result of the action.
"
Pretty self explanatory..
I click on the first result and...
Untitled.jpg
BOOM!

Won't go into much more detail.. Just some things you must know:
Free accounts have a limit on the number of results per query (You can view more results with some smart querying, like adding country:LB or other attributes to narrow your search), They also dont have full access to the port:xx feature (such as telnet).
Know this: Searching for devices that require authentication, but HAVE default usernames and passwords, will at WORST give out a 1/10 ratio of devices with default credentials.

Some of my fav. queries:
boa ipcam (admin:123456)
dcs 5220 200 (200 -> no auth popup)
root@android:/ #
default password
iomega 200 (juicy extrenal hard discs)
everything related to dreambox (cable TV with web interface.. default credentials)

If you like this, tell me and i'll restructure it so it doesn't look like a piece of crap..
Cheerz.

Last edited by marid (June 20 2014)

Offline

#2 June 20 2014

NuclearVision
Member

Re: Shodan

Most of connections are closed, are under on live check/trace?
Nvm figured it out, might be the best educational post I ever came across thanks marid!

Last edited by NuclearVision (June 20 2014)

Offline

#3 June 20 2014

marid
Member

Re: Shodan

NuclearVision wrote:

Most of connections are closed, are under on live check/trace?
Nvm figured it out, might be the best educational post I ever came across thanks marid!

Cheers, I could go into much more details about what shodan is capable of, maybe when i'm not actually posting from work.

Offline

#4 June 20 2014

NuclearVision
Member

Re: Shodan

the search box is very moody though, sometimes it works sometimes it does not, i get the invalid query syntax, for the same query you could get it to work once, and once it yields an error :3

Offline

Board footer