Exploring the Dark Side of Shodan — Part II
Firstly, I would like to thank my audience for showing so much support to the first part of this article. I have decided to go forward with a second part just because you guys liked it so much !! I hope you like this one too….
Top Search Queries of Shodan I came across
- Already logged in as root via telnet
"root@" port:23 -login -password -name -Session
It’s 2023…. and people are still using the Telnet service 😆. Seriously?
With the above search query, I can login to Telnet as root user of the machine.
Like that 👀………..
Command used on Kali to log into telnet : telnet [IP]
2. Exposed Wordpress files which contain database credentials
http.html:"* The wp-config.php creation script uses this file"
The file might give credentials which can be used further to login elsewhere ….
Lets look at one of the files,
The password is defined and the authorization key as well as the salt is given in this file.
Lets look at another wp-config file,
In this too, sensitive data has been exposed…..
3. Get Access to Surveillance Cams with Login and Password
NETSurveillance uc-httpd Server: uc-httpd 1.0.0
Some of these are tagged as honeypots… so be CAREFUL!!
I opened one of the IPs and went to the website hosted on port 8080,
Even though the password isn’t in plaintext, good knowledge of cryptography will help you crack this….
4. Manage MongoDB without Authentication
"Set-Cookie: mongo-express=""200 OK"
Lets open a link and see
Lets view admin
Lets view system.users
lets try to delete admin.root
Its safe to say, there is no limits involved when it comes to using Shodan. I must remind you guys, while all this looks fun, it is important to use Shodan ethically and responsibly.
Connect with me on Linkedin and lets learn together :)
https://www.linkedin.com/in/aayush-dasgupta/
Link to Part I of the Shodan Series -
Follow me for more such articles ;)
