Shodan Hacks

admin 2024年4月21日18:45:01评论11 views字数 8035阅读26分47秒阅读模式

由于微信公众号推送机制的改变避免错过文章麻烦您将公众号设为星标感谢您的支持!

Shodan Hacks

想要学习:【漏洞挖掘,内网渗透OSCP,车联网,二进制】的朋友欢迎加入知识星球一起学习。如果不满意,72小时内可在APP内无条件自助退款。

Shodan Hacks

-->进入正题啦

Shodan Hacks

Google 索引 www 服务器上托管的页面和材料。Shodan 索引所有连接到互联网的设备。不仅是网络服务器,还有打印机和网络设备、网络摄像头、网络电话、洗衣机、冰箱、加油站泵、整个物联网和其他连接到互联网的奇怪东西。这就像运行 nmap 并对整个互联网进行主动侦察。借助Shodan,我们可以检查情报收集(OSINT)阶段的信息,不留下我们情报的痕迹,而不会引起我们的目标的怀疑。

基本 Shodan 查询
一些基础查询:

city: - Find devices in a particular city. Example: city:“México”城市: - 查找特定城市中的设备。示例:城市:“墨西哥”country: - Find devices in a particular country. Example: country:“MX”国家/地区: - 查找特定国家/地区的设备。示例:国家/地区:“MX”geo: - Find devices by giving geographical coordinates. Example: geo:“89.256487,20.111111”geo: - 通过给出地理坐标查找设备。示例:地理:“89.256487,20.111111”hostname: - Find devices matching the hostname. Example: server: “gws” hostname:“google”主机名: - 查找与主机名匹配的设备。示例:服务器:“gws”主机名:“google”net: - Find devices based on an IP address or /x CIDR. Example: **net:**210.214.0.0/16net: - 根据 IP 地址或 /x CIDR 查找设备。示例:**网络:**210.214.0.0/16os: - Find devices based on operating system. Example: os:“Windows IIS”os: - 根据操作系统查找设备。示例:os:“Windows IIS”port: - Find devices based on open ports. Example: apache **port:**8080端口:- 根据开放端口查找设备。示例:apache **端口:**8080

shodan官方文档:https://help.shodan.io/the-basics/search-query-fundamentals

IP 摄像机默认密码目录

想要获取全部默认密码请公众号回复关键词:制造商列表默认密码

ACTi: admin/123456 or Admin/123456Amcrest: admin/adminAmerican Dynamics: admin/admin or admin/9999 Arecont Vision: noneAvertX: admin/1234...............

下面这些是我之前使用过的 Shodan Dorks 的一些示例(每行一个)。将其复制粘贴到网络浏览器并检查查询是如何构建的

https://www.shodan.io/search?query=Hipcam RealServer/V1.0https://www.shodan.io/search?query=”Active Management Technology”https://www.shodan.io/search?query=Server%3A+uc-httpd+1.0.0https://www.shodan.io/search?query=http.html%3A%2Fdana-nahttps://www.shodan.io/search?query=http.title%3A%22Index+of+%2F%22+http.html%3A%22.pem%22https://www.shodan.io/search?query=%22220%22+%22230+Login+successful.%22+port%3A21https://www.shodan.io/search?query=HP-ILO-4+%21%22HP-ILO-4%2F2.53%22+%21%22HP-ILO-4%2F2.54%22+%21%22HP-ILO-4%2F2.55%22+%21%22HP-ILO-4%2F2.60%22+%21%22HP-ILO-4%2F2.61%22+%21%22HP-ILO-4%2F2.62%22+%21%22HP-iLO-4%2F2.70%22+port%3A1900https://www.shodan.io/search?query=%22Docker+Containers%3A%22+port%3A2375https://www.shodan.io/search?query=%22MongoDB+Server+Information%22+port%3A27017+-authenticationhttps://www.shodan.io/search?query=Microsoft-IIS/6.0 – CVE-2017-7269 (https://github.com/edwardz246003/IIS_exploit)https://www.shodan.io/search?query=’Microsoft-IIS/7.5′ ‘It works!’ -‘Content-Type’ -‘Set-Cookie’ – Hunting Red Team Empire C2 Infrastructurehttps://www.shodan.io/search?query=Hipcam RealServer/V1.0https://www.shodan.io/search?query=”Active Management Technology”https://www.shodan.io/search?query=”Standard Manageability” – CVE-2017-5689https://www.shodan.io/search?query=GoAhead 5ccc069c403ebaf9f0171e9517f40e41 – CVE-2017-8221,CVE-2017-8222,CVE-2017-8223,CVE-2017-8224,CVE-2017-8225https://www.shodan.io/search?query=title:”RAKO Bridge Control Panel”https://www.shodan.io/search?query=PK5001Z login org:”CenturyLink” – CVE-2016-10401https://www.shodan.io/search?query=Server%3A+uc-httpd+1.0.0https://www.shodan.io/search?query=http.favicon.hash%3A1485257654 – SonarQube installationshttps://www.shodan.io/search?query=title%3ASecuritySpy – SecuritySpy web cam portalshttps://www.shodan.io/search?query=port%3A2375+product%3A%22Docker%22 – Docker installationshttps://www.shodan.io/search?query=port%3A%222379%22+product%3A%22etcd%22 – elweb.co/the-security-footgun-in-etcd/https://www.shodan.io/search?query=http.favicon.hash%381586312 – Default Jenkins installationshttps://www.shodan.io/search?query=WASRemoteRuntimeVersion – IBM WebSphere version disclosurehttps://www.shodan.io/search?query=var+isDefaultPwd+%3D+%271%27%3B – CVE-2018-7900https://www.shodan.io/search?query=http.html%3A%2Fdana-nahttps://www.shodan.io/search?query=http.title%3A%22Index+of+%2F%22+http.html%3A%22.pem%22https://www.shodan.io/search?query=%22220%22+%22230+Login+successful.%22+port%3A21https://www.shodan.io/search?query=%22Intel%28R%29+Active+Management+Technology%22+port%3A623%2C664%2C16992%2C16993%2C16994%2C16995 – Intel Active Management CVE-201(7|9|8)https://www.shodan.io/search?query=HP-ILO-4+%21%22HP-ILO-4%2F2.53%22+%21%22HP-ILO-4%2F2.54%22+%21%22HP-ILO-4%2F2.55%22+%21%22HP-ILO-4%2F2.60%22+%21%22HP-ILO-4%2F2.61%22+%21%22HP-ILO-4%2F2.62%22+%21%22HP-iLO-4%2F2.70%22+port%3A1900https://www.shodan.io/search?query=%22Docker+Containers%3A%22+port%3A2375https://www.shodan.io/search?query=%22MongoDB+Server+Information%22+port%3A27017+-authenticationhttps://www.shodan.io/search?query=http.title%3A%22Priv8+Mailer%22 – Detect PHP Mailerhttps://www.shodan.io/search?query=http.favicon.hash%3A116323821 – Detect Spring Boothttps://www.shodan.io/search?query=http.favicon.hash%3A-335242539 – Detect F5 BIG-IP deviceshttps://www.shodan.io/search?query=http.favicon.hash%3A442749392 – Detect Microsoft Exchange 2010https://www.shodan.io/search?query=http.favicon.hash%3A679065580 – Detect Loxone Smart Homeshttps://www.shodan.io/search?query=aclara+port%3A%2280%22 – Detect Aclara Smart Meterhttps://www.shodan.io/search?query=PLC+name%3A+S7_Turbine – Detect S7 PLC Turbinehttps://www.shodan.io/search?query=os%3A%22Playstation+4%22 – Detect Sony Playstation 4 systemshttps://www.shodan.io/search?query=title%3A%22octoprint%22 – Detect RaspberryPi Octoprint 3D printershttps://www.shodan.io/search?query=http.html_hash%3A-1467534799 – Detect Predator The Thief malwarehttps://images.shodan.io/?query=port%3A554+rtsp

Shodan dork 列表

Citrix - Find Citrix Gateway. Example: title:"citrix gateway"Citrix - 查找 Citrix Gateway。示例:title:"citrix gateway"Wifi Passwords - Helps to find the cleartext wifi passwords in Shodan. Example: html:"def_wirelesspassword"Wifi 密码 - 帮助在 Shodan 中查找明文 wifi 密码。示例:html:"def_wirelesspassword"Surveillance Cams - With username admin and password. Example: NETSurveillance uc-httpd监控摄像头 - 使用用户名 admin 和密码。示例:NETSurveillance uc-httpdFuel Pumps connected to internet - No auth required to access CLI terminal. Example: "privileged command" GET燃油泵连接到互联网 - 访问 CLI 终端无需身份验证。示例: "privileged command" GETWindows RDP Password - But may contain secondary windows auth. Example: "x03x00x00x0bx06xd0x00x00x124x00"Windows RDP 密码 - 但可能包含辅助 Windows 身份验证。示例: "x03x00x00x0bx06xd0x00x00x124x00"Mongo DB servers - It may give info about mongo db servers and dashboard. Example: "MongoDB Server Information" port:27017 -authenticationMongo DB 服务器 - 它可能提供有关 mongo db 服务器和仪表板的信息。示例: "MongoDB Server Information" port:27017 -authenticationFTP servers allowing anonymous access - Complete Anon access. Example: "220" "230 Login successful." port:21允许匿名访问的 FTP 服务器 - 完全匿名访问。示例: "220" "230 Login successful." port:21Jenkins - Jenkins Unrestricted Dashboard. Example: x-jenkins 200Jenkins - Jenkins 无限制仪表板。示例:x-jenkins 200Hacked routers - Routers which got compromised. Example: hacked-router-help-sos被黑客入侵的路由器 - 遭到入侵的路由器。示例:hacked-router-help-sosOpen ATM - May allow for ATM Access availability. Example: NCR Port:"161"开放 ATM - 可能允许 ATM 访问可用性。示例:NCR Port:"161"Telnet Access - NO password required for telnet access. Example: port:23 console gatewayTelnet 访问 - Telnet 访问不需要密码。示例:port:23 console gatewayMisconfigured Wordpress Sites - The wp-config.php if accessed can give out the database credentials. Example: http.html:"* The wp-config.php creation script uses this file"配置错误的 WordPress 站点 - 如果访问 wp-config.php,可能会泄露数据库凭据。示例:http.html:"* The wp-config.php creation script uses this file"Hiring - Find sites hiring. Example: "X-Recruiting:"招聘 - 查找招聘网站。示例: "X-Recruiting:"Android Root Bridge - Find android root bridges with port 5555. Example: "Android Debug Bridge" "Device" port:5555Android 根桥 - 查找端口 5555 的 Android 根桥。示例: "Android Debug Bridge" "Device" port:5555Etherium Miners - Shows the miners running ETH. Example: "ETH - Total speed"以太坊矿工 - 显示运行 ETH 的矿工。示例: "ETH - Total speed"Tesla Powerpack charging Status - Helps to find the charging status of tesla powerpack. Example: http.title:"Tesla PowerPack System" http.component:"d3" -ga3ca4f2Tesla Powerpack 充电状态 - 帮助查找 Tesla Powerpack 的充电状态。示例:http.title:"Tesla PowerPack System" http.component:"d3" -ga3ca4f2

Automation 自动化

(1)theHarvester 是一个使用起来非常简单,但功能强大且有效的工具,旨在用于项目的早期阶段。渗透测试或红队参与。将其用于开源情报 (OSINT) 收集,以帮助确定公司在互联网上的外部威胁情况。该工具使用以下方式收集电子邮件、姓名、子域、IP 和 URL多个公共数据源,其中还包括 Shodan。
(2)
ReconDog 侦察瑞士军刀 - 它是许多工具的前端,可以在一处获得结果。向导+CLA界面(命令行参数界面)。可以从 STDIN(管道输入)中提取目标并对其进行操作。所有信息均通过 API 提取,不与目标直接联系。检测蜜罐选项使用 shodan.io 检查目标是否是蜜罐

喜欢朋友可以点点赞转发转发。

免责声明:本公众号不承担任何由于传播、利用本公众号所发布内容而造成的任何后果及法律责任。未经许可,不得转载。

原文始发于微信公众号(重生者安全团队):Shodan Hacks

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2024年4月21日18:45:01
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   Shodan Hackshttps://cn-sec.com/archives/2677722.html

发表评论

匿名网友 填写信息