Weaponising Shodan for Fun and Profit - Jeya Seelan

Transcript

1. WEAPONISING SHODAN FOR FUN AND PROFIT By Jeya Seelan S

   KNOW HOW EP 1

2. WHO AM I? Jeya Seelan Security Researcher focusing on Offensive

   Security Co-Lead At WAP Chennai Lazy Bug Hunter

3. AGENDA SHODAN 101 DEMO TIME SEARCH QUERY FUNDAMENTALS HOW SHODAN

   WORKS? ACCESSING SHODAN SEARCH USING HASHES QUESTION TIME

4. Shodan is a Search Engine for Internet-connected devices. Its Completely

   different from a Normal search Engines such as Google,Yahoo etc.. A Normal Web Search Engines Crawls and Indexes only the Websites.

5. Shodan scans the whole Internet and Indexes the services and

   metadata that are publicly accessible on each and every IP address. Shodan gathers information about all devices directly connected to the Internet from small desktops up to nuclear power plants

6. How Shodan Works? A Distributed Banner Grabber Banner grabbing is

   the art of Gathering Metadata Information about a system or a service. Here Shodan Uses large and widely distributed Banners Grabbers (aka Crawlers) that scans for all possible IP addresses and Ports. FYI : IPV4 address - 4,294,967,296 Ports - 65535

7. How Shodan Works? Example Banner Grabbing

8. How Shodan Works? Crawlers Algorithm 1. Generate a random IPv4

   address 2. Generate a random port to test from the list of ports that Shodan understands 3. Check the random IPv4 address on the random port and grab a banner 4. Goto 1

9. How Shodan Works? Meta Data Gathering In Addition to Banner

   Grabbing Techniques Shodan also collects and indexes Meta-data about a particular IP and services. These are Hostname ASN Number Organisation Info ISP Details IP Uptime SSL Properties SSH Properties Location Details Product details HTML Details

10. SEARCH QUERY FUNDAMENTALS Initially, When you search in Shodan it

    searches only Text not the Meta-data In order to search the meta-data there is something called as Search Filters Eg: If you search for Tesla it will search in the banner for the text not the Assets owned by Tesla

11. SEARCH QUERY FUNDAMENTALS Filters Filters are used to narrow down

    the search results. Let's see some Filters org: shows results organization that owns the IP Ex: org:"Google Inc" inet: shows results under the given IP Range Ex: inet:69.36.132.0/24

12. SEARCH QUERY FUNDAMENTALS os: Filters based upon Operating system Ex:

    os: Ubuntu vuln: Filters based on CVE-ID Ex: vuln: CVE- product: Filters results about a specific product http.title: Shows matching HTTP Title ssl: Searches SSL data

13. WEB INTERFACE ACCESSING SHODAN 3 DIFFERENT WAYS SHODAN CLI SHODAN

    API easy_install shodan

14. DEMO TIME

15. DISCLAIMER !!! All the Upcoming Demos are for Informational and

    Educational purposes only. The author is not Responsible for any misuse of the given information.

16. EXAMPLES TESLA ENERGY STATION http.title:"Tesla Energy" http.title:"Tesla PowerPack System"

17. EXAMPLES wIND TURBINES http.title:"Nordex Control" 3d pRINTERS title:"OctoPrint" -title:"Login" http.favicon.hash:1307375944

18. EXAMPLES MONGODB DATABASE "Set-Cookie: mongo-express=" "200 OK" ELECTRONIC BILLBOARDS "Server:

    Prismview Player"

19. EXAMPLES WEBCAMS ("webcam 7" OR "webcamXP") http.component:"mootools" -401 OPEN FTP

    SERVERS "220" "230 Login successful." port:21

20. EXAMPLES PRINTERS "Serial Number:" "Built:" "Server: HP HTTP" There are

    Endless Possibilities on what you can find on shodan. As results depend upon what you search for and How you use the filters

21. SEARCH USING HASHES Every banner contains a hash property which

    is the numeric hash. This can be utilized to search relative hosts with same hash value. Some of the commonly used methods are FAVICON HASH HTML HASH SECURITY TXT HASH

22. FAVICON HASH A favicon, also known as a shortcut icon,

    website icon, associated with a particular website or web page. These are icons present in every sites. By calculating the hash value for this we can find more related assets.

23. FAVICON HASH import mmh3 import requests import codecs response =

    requests.get('https://www.google.com/favicon.ico') favicon = codecs.encode(response.content,"base64") hash = mmh3.hash(favicon) print(hash) PYTHON CODE

24. FOr Further References https://github.com/jakejarvis/awesome-shodan-queries 1 https://developer.shodan.io/ 2 https://www.amazon.in/Complete-Guide-Shodan-Visualize- Intelligence-ebook/dp/B01CDIU880 3

25. QUESTIONS TIME

26. Reach me on ! @j.e.y.a_s.e.e.l.a.n @jeyaseelans @jeyaseelans86 @dramatic_admin

27. THANK YOU ! TEAM WE ARE PLYMOUTHS