Shodan (Demo)

00:00

Hey, everyone, welcome back to the course. So in this video, we're just gonna go over a brief introduction to showdown. We'll just perform a couple of basic searches. But showdown, if you're not familiar with it, is essentially a search engine that allows us to find devices that are connected to the Internet, specifically things like Internet of things, devices,

00:16

eso this could be things like webcams, Uh,

00:19

some other searches or things like routers and modems, industrial control system items. Right. So SCADA devices out there that are connected to the web, maybe with their H m I being connected in access via rdp, and that's left exposed with maybe like, default credentials or something s so a lot of different things that we can find

00:38

out here on showed in.

00:40

So before we perform research, let's just check out the Explorer option here. This is gonna show us some of the most common searches out there, so we just select explore, you'll see that people commonly search for things like Cam's etcetera. Let's just click on default passwords and you'll see a number of devices that are using default credentials out there.

00:59

We could see them all over the world. We could get some additional information on left side here. Of what services are

01:03

are they running? What are the some of the top products? So are they Apache? Are they link? Are they Cisco? What types of devices? What countries have some of the most devices exposed with default credentials, We can also select the device itself. We could go to the device. I don't recommend that unless you are in a VM, which I'm not right now.

01:23

You can select the device to get more information about it

01:26

and we could see a information of when when was this device added here on showdown. So when? When was the last time it was seeing that? Hey, it's still using those default credentials. For example, we could see information around host names, etcetera, etcetera so we could get some good information just from some simple searching here on showdown.

01:46

So let's just go back up to our query box here,

01:49

and I'm gonna go ahead and search for V N. C. And we'll see what kind of information we get back here so we could see that a number of devices are using DNC viewer. We could segment out by a particular country if we wanted to. We could do it by services. Um, let's just do here in the U. S. Looks like, uh,

02:06

we've got the top rider operating systems. Well, so let's just do here in the US and see

02:10

some of the devices we have. We'll take a look at, uh, let's do this one here. And so again, we could get some information around the host name etcetera for this particular device.

02:21

So we could also do simple searches like specifying filters like the city or the country. We could also pass it like geo location coordinates. So GPS coordinates we could find certain values that matched a particular hosting. So if we're looking for a particular device at a certain organization, we can pass it that data

02:39

and potentially

02:40

find devices on that particular or GTA. So, for example, we can we'll just go ahead and search. We'll look for Apache servers here where I'm at, which is in Houston, So we'll just do Apache City. And we'll specify that city as Houston and we'll see what kind of ah Apache servers are potentially open

03:00

here in the city. That I'm located in and you could specify this. So if you wanted to target, say, like San Francisco, for example,

03:06

and try to find vulnerable devices, you can find those here just by adding in San Francisco and looking for the particular thing that you need, Right? So, for example, Apache servers. So we see here we have some devices found

03:19

This one will just take a look at this particular one. We could see things like the I P address information. We can also see some vulnerabilities on this one. So this was a good one. Select. Here. You notice to show some potential vulnerabilities on this. Devices are quite a few on this one, but this is what we're looking for, right? This is what we're looking for us an attacker. We could find vulnerable devices out there,

03:38

and then we can attack those and

03:39

use them for our needs. Or we can find them for a particular organization and exploit those as part of our pen tests against that organization.

03:49

We can also find things like particular servers. So let's just go back up to the top here and let's just look for ah Google Web servers so we'll just do server. Are Colin there? We'll look for GWS so we'll just look for the Google Web servers

04:03

and we'll do host name

04:06

and we'll dio Google

04:09

and we'll see what kind of information we get back here. We could also search for we didn't get any results on that

04:15

and user error on that one. I forgot to put the space between the colon and GWS. So we see that there are some, uh, service that we identified here again. Similar thing here. We can look at it and identify things like the i p address, potential vulnerabilities, etcetera, etcetera on this particular device,

04:31

we could also like if we know a particular sub net of our target we could look for the vice is on that particular sub net. So just as an example,

04:43

well, look for Cisco devices on this particular subject here and see if there's any devices found. I'm just pulling kind of a random one out of the blue here, and we don't see anything there on that sub net, so I could go around a search for different subjects, but that's perfectly fine.

04:57

So in this video, we just went through some brief searches on Showdown. Some of the information that we can get back and why an attacker might want to use showdown again. This is a very, very light introduction to showdown. There's a lot of different