Using SHODAN to find insecure Servers, Routers and gain ROOT access

SHODAN lets you find servers/ routers/ etc. by using the simple search bar up above. Most of the data in the index covers web servers at the moment, but there is some data on FTP, Telnet and SSH services as well.
Lets say you want to find servers running the ‘Apache’ web daemon. A simple attempt would be to use:
apache
How about finding only apache servers running version 2.2.3?
apache 2.2.3
You can also narrow down the results using the following search parameters:
country:2-letter country code
hostname:full or partial host name
net:IP range using CIDR notation (ex: 18.7.7.0/24 )
port:21, 22, 23 or 80
For example: get all web (port:80) hosts running ‘apache’ in switzerland (country:CH) that also have ‘.ch’ in any of their domain names:
apache country:CH port:80 hostname:.ch

SHODAN lets you find servers/ routers/ etc. by using the simple search bar up above. Most of the data in the index covers web servers at the moment, but there is some data on FTP, Telnet and SSH services as well. SHODAN is the brainchild of John Matherly aka @achillean

Lets say you want to find servers running the ‘Apache’ web daemon. A simple attempt would be to use:

apache

You can also narrow down the results using the following search parameters:

country:2-letter country code

hostname:full or partial host name

net:IP range using CIDR notation (ex: 18.7.7.0/24 )

port:21, 22, 23 or 80

How about something really bad. Hopefully, the webmasters below are taking steps to upgrade from IIS 4

Get all web (port:80) hosts running ‘IIS 4.0’ in United States (country:US)

IIS 4.0 country:US port:80

Gain root shell access exploiting built in shell (ash)

The query below is not confirmed but shows the power of SHODAN. Thanks to HDMoore

http://shodan.surtri.com/?q=port:23+”list+of+built-in+commands”


Similar Posts:

Tags: , ,
  1. Wow. It would be interesting to see what else can shodan find. Definitely queried Microsoft.com to see if they host using Apache 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.