Today i am going to tell you how to Find Vulnerable Targets Using Shodan
THIS IS FOR EDUCATIONAL PURPOSE ONLY, I AM NOT RESPONSIBLE FOR ANY
ILLEGAL ACTIVITIES DONE BY VISITORS, THIS IS FOR ETHICAL PURPOSE ONLY
Sometimes,
we don't have a specific target in mind, but rather we are simply looking for
vulnerable and easy-to-hack targets anywhere on the planet. Wouldn't be great
if we had a search engine like Google that could help us find these targets?
Well, we do, and it's called Shodan!
What
Is Shodan?
Some have described Shodan as a search engine for hackers, and
have even called it "the world's most dangerous search engine".
It was developed byJohn Matherly in
2009, and unlike other search engines, it looks for specific information that
can be invaluable to hackers.
Shodan pulls service banners (see my tutorial on fingerprinting server for more on banners) from servers and devices on the web, mostly
port 80, but also ports 21 (ftp), 22 (SSH), 23 (telnet), 161 (SNMP), and 5060
(SIP).
What
Can Shodan Show Us?
Since
almost every new device now has a web interface (maybe even your refrigerator)
to ease remote management, we can access innumerable web-enabled servers,
network devices, home security systems, etc.
Shodan
can find us webcams, traffic signals, video projectors, routers, home heating
systems, and SCADA systems that, for instance, control nuclear power plants and
electrical grids. If it has a web interface, Shodan can find it!
Although
many of these systems communicate over port 80 using HTTP, many use telnet or
other protocols over other ports. Keep that in mind when trying to connect to
them.
Now
let's take a look at this fascinating and nefarious search engine!
Step
1: Create a Shodan Account
First, let's start by navigating to shodanhq.com.
When we do, we'll be greeted by an opening screen like that below.
Shodan
requires that you register to use all of its features, but the service is free
unless you need to use some of its advanced features.
Step
2: Search on Shodan
Once
we have registered, we can either do custom searches or we can go to the
"Search Directory" and see some of the most common and recent
searches. If you are new to Shodan, I recommend that you browse "Popular
Searches" first.
Step
3: Find Unprotected Webcams
Among
the devices we can find on Shodan are innumerable, unprotected webcams. Here is
one of many that I found on Shodan. This one is inside an airplane hangar in
Norway. Notice that it has java controls to tilt and pan that you can use from
the web so that you can scan and zoom-in throughout the hangar.
Step
4: Find Traffic Lights
There
are so many devices that can be found on Shodan that the list would fill this
entire article. One of the most intriguing things we can find are traffic
signals and the cameras that monitor traffic at lighted intersections (some
states now use these cameras to record your license plate number and send you a
ticket if they detect you speeding or running a red light).
Careful
here! Messing with or hacking traffic signals can cause fatalities and may be
illegal. Here I show a listing of the "Red Light enforcement cameras"
from Shodan.
Step
5: Find Routers
Shodan
catalogues thousands, if not millions, of routers, many of which are
unprotected. Here's a screenshot of one I found and logged into the
administrator account with the username of "admin" and password of
"admin".
Step
6: Find SCADA Systems
Among
the scariest and potentially most damaging uses of Shodan is finding SCADA
(supervisory control and data acquisition) devices with web interfaces. SCADA
devices are those that control such things as the electrical grid, water
plants, waste treatment plants, nuclear power plants, etc.
These
SCADA devices are the most likely targets in a cyber-terrorism or cyber warfare
scenario, where two combatants are attempting to disable the other's
infrastructure. Obviously, if one combatant can disable the others electrical
grid, power and water plants, etc., it won't to take long to bring their
adversary to their knees.
A
cursory search of SCADA devices brought me to IP address of a hydroelectric
plant in Genoa, Italy.
Step
7: Find the Default Passwords
Many of these sites and interfaces use default passwords.
Fortunately for us, there are many resources on the web that list the default
passwords for all devices. Here is one at www.phenoelit.org/dpl/dpl.html.
There are literally hundreds of these sites on the web. Simply Google
"default passwords".
As
many consumers and system administrators are careless and don't change the
default passwords, often you can gain access to these devices simply using
these lists to find the default admin username and password.
========== Hacking Don't Need Agreements ==========
Just Remember One Thing You Don't Need To Seek Anyone's Permission To Hack Anything Or Anyone As Long As It Is Ethical, This Is The Main Principle Of Hacking Dream
Thank You for Reading My Post, I Hope It Will Be Useful For You
I Will Be Very Happy To Help You So For Queries or Any Problem Comment Below Or You Can Mail Me At BhanuHacks@gmail.com
No comments:
Post a Comment