Using SHODAN to find insecure Servers, Routers and gain ROOT access

SHODAN lets you find servers/ routers/ etc. by using the simple search bar up above. Most of the data in the index covers web servers at the moment, but there is some data on FTP, Telnet and SSH services as well. SHODAN is the brainchild of John Matherly aka @achillean

Lets say you want to find servers running the ‘Apache’ web daemon. A simple attempt would be to use:

apache

You can also narrow down the results using the following search parameters:

country:2-letter country code

hostname:full or partial host name

net:IP range using CIDR notation (ex: 18.7.7.0/24 )

port:21, 22, 23 or 80

How about something really bad. Hopefully, the webmasters below are taking steps to upgrade from IIS 4

Get all web (port:80) hosts running ‘IIS 4.0′ in United States (country:US)

IIS 4.0 country:US port:80

Gain root shell access exploiting built in shell (ash)

The query below is not confirmed but shows the power of SHODAN. Thanks to HDMoore

http://shodan.surtri.com/?q=port:23+”list+of+built-in+commands”

Similar Posts:

• Nigerian Scammer moves to London, England
• Demonstration of Windows XP Privilege Escalation Exploit
• How to edit any Webpage on the fly using JavaScript
• Generate Secure Passwords using the Enigma Code Machine
• How to develop ShellCode, a crucial point of any exploit software

Print PDF