Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Global Logfile of (IN)security Using SHODAN to change the world.

Published byGaige Nellums Modified over 10 years ago

Similar presentations

Presentation on theme: "1 Global Logfile of (IN)security Using SHODAN to change the world."— Presentation transcript:

1 1 Global Logfile of (IN)security Using SHODAN to change the world.

2 Who the hell… Éireann Leverett BEng: Software Engineering and Artificial Intelligence MPhil: Advanced Computer Science …and I have some alphabet soup after my name. I am primarily here because I used SHODAN to find tens of thousands of industrial system devices directly connected to the internet. This is not about that. This is about using SHODAN for empirical computer science research, security metrics, and mitigation. 2

3 GR33TZ Shawn Merdinger, Bob Radvanovsky, Ruben Santamarta, Mike Davis, Michael Milvich, Reid Wightman, Alexandre Dulanoy, Morgan Marquis-Debois, Shailendra Fuloria, Arthur Gervais, Colin Cassidy, Ben Miller, Billy Rios, Terry McCorkle, Carlos Hollman And of course: John Matherly @achillean www.shodanhq.com/promo/hacklu 3

4 Filtering the ocean of data 4

5 List o’ Filters o Freetext o Host o Net o City o Country o Port o OS 5 o Before/After o Geo o Hostname o Org (ASN) o Title o ISP o Assigned o peered o HTML

6 Hack the filters! The country filter is ISO-3166-2 Which is not TLD or Country And has some surprises like A0. A1. A2 AQ Take down AQ! Damn Terroirists! (Antarctica) 6

7 The Undocumented Filters! ORG http://www.shodanhq.com/search?q=org%3A%22Akamai+Technologies%22 Title http://www.shodanhq.com/search?q=title%3A%22Test%22 Coming Soon: ISP HTML 7

8 SSL/TLS Filters  Cert Version  Cert Bits  Cert Issuer  Cert Subject  Cipher Name  Cipher Bits  Cipher Protocol 8

9 Setting up the API (Linux) sudo apt-get install python-setuptools easy_install shodan easy_install –U shodan 9

10 Inspirational Dorks! Throughout this workshop I will drop inspirational queries to keep things interesting. You can have a copy of the slides, so don’t panic and write them down. I have carefully chosen queries that don’t just tell you ‘here is a device’ but suggest some other problem or interesting research question… 10

11 Surveillence/Censorship Dorks 1.http://www.shodanhq.com/search?q=port%3A137%20caleahttp://www.shodanhq.com/search?q=port%3A137%20calea 2.http://www.shodanhq.com/search?q=C7200-ADVIPSERVICESK9_LI-Mhttp://www.shodanhq.com/search?q=C7200-ADVIPSERVICESK9_LI-M 3.http://www.shodanhq.com/search?q=Blue+Coat+PacketShaperhttp://www.shodanhq.com/search?q=Blue+Coat+PacketShaper 11

12 Common Coding Pitfalls Paging through results Matches are not all the data; use host.get() Regular expressions (Groups) Multiple net filters Check your encodings before serialisation Exploits can be cached Don’t forget to search both Metasploit and ExploitDB (They use different API calls) 12

13 Luckily…I haz code templatez!!! 13

14 Comedy Queries 1.http://www.shodanhq.com/search?q=%22I%27m+a+teapot.%22http://www.shodanhq.com/search?q=%22I%27m+a+teapot.%22 2.http://www.shodanhq.com/search?q=port%3A23+Nyancathttp://www.shodanhq.com/search?q=port%3A23+Nyancat 14

15 Storing the data Serialise the data if you want to analyse it later. I pickle it in python. Watch your encodings. For example, you want to keep devices but re-run exploit searches. 15

16 Statefullness! Configuration state: 1.http://www.shodanhq.com/search?q=%22Default%3A+admin%2Fpassword%22http://www.shodanhq.com/search?q=%22Default%3A+admin%2Fpassword%22 2.http://www.shodanhq.com/search?q=PUBLICLY-KNOWN+CREDENTIALShttp://www.shodanhq.com/search?q=PUBLICLY-KNOWN+CREDENTIALS Run time state: 1.http://www.shodanhq.com/search?q=%5Cx04Hosthttp://www.shodanhq.com/search?q=%5Cx04Host 16

17 Complimentary sources of Info ERIPP Team Cymru IP to ASN Lookup Rwhois DNS && rDNS Google hacks 17

18 Network Oddities: http://www.shodanhq.com/search?q=255.255.255.255 18

19 Working with CERTs Many of you know more about this than me… My experience is be patient, maintain dialog, and ask what would assist them. Try to teach them what you do, and then leave them alone. 19

20 Reserved Spaces 1.http://www.shodanhq.com/search?q=net%3A0.0.0.0%2F8http://www.shodanhq.com/search?q=net%3A0.0.0.0%2F8 2.http://www.shodanhq.com/search?q=net%3A10.0.0.0%2F8http://www.shodanhq.com/search?q=net%3A10.0.0.0%2F8 3.http://www.shodanhq.com/search?q=net%3A127.0.0.0%2F8http://www.shodanhq.com/search?q=net%3A127.0.0.0%2F8 4.http://www.shodanhq.com/search?q=net%3A169.254.0.0%2F16http://www.shodanhq.com/search?q=net%3A169.254.0.0%2F16 5.http://www.shodanhq.com/search?q=net%3A172.16.0.0%2F12http://www.shodanhq.com/search?q=net%3A172.16.0.0%2F12 6.http://www.shodanhq.com/search?q=net%3A100.64.0.0%2F10http://www.shodanhq.com/search?q=net%3A100.64.0.0%2F10 20

21 DISCUSSION TIME! 21

22 Staring into the void 1.http://www.shodanhq.com/search?q=net%3A192.0.0.0%2F24http://www.shodanhq.com/search?q=net%3A192.0.0.0%2F24 2.http://www.shodanhq.com/search?q=net%3A198.18.0.0%2F15http://www.shodanhq.com/search?q=net%3A198.18.0.0%2F15 3.http://www.shodanhq.com/search?q=net%3A240.0.0.0%2F4http://www.shodanhq.com/search?q=net%3A240.0.0.0%2F4 22

23 Preparing Reports For CERTs De-Duplicate IPs Add ASNs Use CSV Add Abuse Emails Add Exploits Exchange keys Get them to sign keys later 23

24 Devices 1.http://www.shodanhq.com/search?q=SMSLockSyshttp://www.shodanhq.com/search?q=SMSLockSys 2.http://www.shodanhq.com/search?q=port%3A23+switchhttp://www.shodanhq.com/search?q=port%3A23+switch 24

25 Services 1.http://www.shodanhq.com/search?q=port%3A23+%22list+of+built+in+commands%22http://www.shodanhq.com/search?q=port%3A23+%22list+of+built+in+commands%22 2.http://www.shodanhq.com/search?q=port%3A23+Anonymous+ftp+is+still+availablehttp://www.shodanhq.com/search?q=port%3A23+Anonymous+ftp+is+still+available 25

26 SSL/TLS 1.http://www.shodanhq.com/search?q=cipher_protocol%3ATLSv1+cipher_name%3ANULL-SHAhttp://www.shodanhq.com/search?q=cipher_protocol%3ATLSv1+cipher_name%3ANULL-SHA 2.http://www.shodanhq.com/search?q=cipher_protocol%3ATLSv1+cipher_name%3ANULL-MD5http://www.shodanhq.com/search?q=cipher_protocol%3ATLSv1+cipher_name%3ANULL-MD5 26

27 Session ID Research! http://www.shodanhq.com/search?q=PHPSESSID%3D http://www.shodanhq.com/search?q=+AIROS_SESSIONID%3D http://www.shodanhq.com/search?q=JSESSIONID%3D 27

28 Broad Ideas Profile an ISP/ASN/Country Examine the state of surveillance Comparison of countries Comparison of SSL Uniqueness of session IDS 28

29 Conclusions Network oddities Host oddities Config State Runtime State Political State Location or connection types Cipher types 29

30 Conclusions SHODAN is for more than just finding cool boxen. You can research AT SCALE, CHEAPLY. Think about researching THE WHOLE THING and outputting metrics that will help us all. Then go to cool places and talk about it! 30

31 Thanks for coming (if you did)! Email:eireann (.) leverett [AT] ioactive (dot) co (dot) uk Twitter:@blackswanburst PGP: C97C1513

Download ppt "1 Global Logfile of (IN)security Using SHODAN to change the world."

Similar presentations

EPrints 2.0 / March 4 th 2002 / Glasgow / Chris Gutteridge Introduction to EPrints 2.0 March 4 th 2002 Glasgow Christopher Gutteridge from the Department.

EPrints 2.0 / March 4 th 2002 / Glasgow / Chris Gutteridge Introduction to EPrints 2.0 March 4 th 2002 Glasgow Christopher Gutteridge from the Department.
How Does the Internet Work? A Basic Introduction to the Worlds Biggest Computer Network.

How Does the Internet Work? A Basic Introduction to the Worlds Biggest Computer Network.
Introduction to the Internet

Introduction to the Internet
Internet Eugen Kvasnak, PhD. Department of Medical Biophysics and Informatics 3rd Medical Faculty of Charles University.

Internet Eugen Kvasnak, PhD. Department of Medical Biophysics and Informatics 3rd Medical Faculty of Charles University.
Internet Applications INTERNET APPLICATIONS. Internet Applications Domain Name Service Proxy Service Mail Service Web Service.

Internet Applications INTERNET APPLICATIONS. Internet Applications Domain Name Service Proxy Service Mail Service Web Service.
WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.

WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.
Staying in Sync with Cloud 2 Device Messaging. About Me Chris Risner Twitter: chrisrisner.

Staying in Sync with Cloud 2 Device Messaging. About Me Chris Risner Twitter: chrisrisner.
World IPv6 Day David Freedman UKNOF19 - Leeds Access Networks.

World IPv6 Day David Freedman UKNOF19 - Leeds Access Networks.
SSL Implementation Guide Onno W. Purbo

SSL Implementation Guide Onno W. Purbo
The Internet Useful Definitions and Concepts About the Internet.

The Internet Useful Definitions and Concepts About the Internet.
Introduction to VoIP Communications Multimedia Systems.

Introduction to VoIP Communications Multimedia Systems.
1 Introduction on the Architecture of End to End Multihoming Masataka Ohta Tokyo Institute of Technology

1 Introduction on the Architecture of End to End Multihoming Masataka Ohta Tokyo Institute of Technology
Reverse DNS Delegations, Templates and RWS Andy Newton Chief Engineer.

Reverse DNS Delegations, Templates and RWS Andy Newton Chief Engineer.
Basic Network Training. Cable/DSL Modem The modem is the first link in the chain It is usually provided by the ISP and often has a coax cable connector.

Basic Network Training. Cable/DSL Modem The modem is the first link in the chain It is usually provided by the ISP and often has a coax cable connector.
This presentation will guide you though the initial stages of installation, through to producing your first report Click your mouse to advance the presentation.

This presentation will guide you though the initial stages of installation, through to producing your first report Click your mouse to advance the presentation.
Web Server Configuration Alokes Chattopadhyay Computer & Informatics Centre IIT Kharagpur.

Web Server Configuration Alokes Chattopadhyay Computer & Informatics Centre IIT Kharagpur.
INTRODUCTION TO THE INTERNET CA095.  What is the internet?  Website vs Webpage  Web Address / Internet Protocol  Language of the Internet  Web Browser.

INTRODUCTION TO THE INTERNET CA095.  What is the internet?  Website vs Webpage  Web Address / Internet Protocol  Language of the Internet  Web Browser.
What Is the Internet? A network of networks, joining many government, university and private computers together and providing an infrastructure for the.

What Is the Internet? A network of networks, joining many government, university and private computers together and providing an infrastructure for the.
How Web Servers and the Internet Work by by: Marshall Brainby: Marshall Brain

How Web Servers and the Internet Work by by: Marshall Brainby: Marshall Brain
Network Services Networking for Home & Small Business.

Network Services Networking for Home & Small Business.

Similar presentations

Ads by Google