Time
3 hours 55 minutes
Difficulty
Advanced
CEU/CPE
5

Video Description

In this lab, Subject Matter Expert Dean Pompilio demonstrates the features and the uses for a Web site called Shodan (www.shodan.io). You need to register and create an account to fully use this Web site. Shodan crawls the Internet and identifies IP addresses that have a service running. Then it does a banner grab of the service that is running, and it saves the banner information. You can search on a keyword or an IP address to find the services that are running. You will learn how to use the explore link to find out more about popular recent searches, and you are encouraged to read the site's blog. The blog is for people who want more information or who want to share their projects SME Pompilio describes the idea of gathering IP addresses of your target in the context of Shodan. He demonstrates using the Web site for a penetration test or audit by identifying your target organization and their IP addresses. Then Shodan can be used to find the location and all the services that are running. You will be working within the IP address range that your target is using and you will not be working randomly. Shodan helps to define the attack surface for your particular penetration test of an audit target.

Video Transcription

00:05
Hello, everyone, this is Dean Pompilio.
00:09
I am your subject matter expert for social engineering.
00:14
In this video,
00:15
I'm going to be demonstrating a website called Showed in
00:20
You're Ella's showed in dot Io
00:24
and I urge you to create an account register with this website. If you think you'll end up using it,
00:31
you need to register in order to return more than one page of search results. So keep that in mind.
00:39
Anyways, we can see from this changing banner here
00:42
this this website
00:44
crawls the the Internet
00:47
and identifies a different I P addresses. I have some kind of service running,
00:52
and then it just doesn't banner grab of that service to determine
00:56
what the service's and and it saves that banner information. So when you do a search for a particular keyword or foreign I p address,
01:06
the key word will show up everywhere.
01:08
There's a system with that service running.
01:11
If you search for an I P address,
01:12
you'll see all of the service is running on that particular
01:17
system.
01:19
So there's an Explorer link here that
01:23
I can show you a little bit more about popular searches, things, things that are recent,
01:27
and you can, you know, certainly drill down a little bit more and explore that
01:33
there's also a blogged.
01:38
And this is for people that want to get more information or or share what they've been working on.
01:47
We could see where all the users are.
01:52
So it might be worth doing if you really want to dig in deeper.
01:57
But for our purposes, what I'd like to describe
02:00
is the the idea of information gathering.
02:05
So if you are doing a pen tester, social engineering audit,
02:10
you're going to identify the organization you're going to do who is? Look up, for instance, to get to my P addresses, you're gonna try to find out
02:19
all the domain names that the organization has using Maybe a tool like multi. Go. Make sure you check out the multi go
02:25
demonstration that I that I do.
02:30
And
02:30
once you've got the I P address, then you can You can go to something like showed an There's other sites that will offer similar functionality, but this one's really nice.
02:40
So I'm going to use an I P address
02:43
that I discovered earlier. This is in Chico, California and as you see it locates
02:50
on Ah a map where this with this I p address exists,
02:53
we can see that there's several service is running on this particular system,
02:59
an FTP server,
03:02
and then it looks like
03:05
perhaps a couple of different website or Web servers rather
03:10
so we can get into, Ah, some.
03:13
It looks like some file systems on that Web server. It's not really going to the Web page
03:25
that might be stuck. Let that run for a moment.
03:28
I was interested, though, is the Webcam X p. If you do a search for this term,
03:34
you can certainly turn up lots of Web cams that may not have any authentication.
03:38
And
03:39
really, that's a huge benefit for the pen tester
03:44
because they confined
03:46
another avenue, another channel,
03:49
to generate information about the target.
03:53
In this case, this particular, uh, target in Chico, California
04:00
looks like they've got a camera in some kind of a control room. Maybe this is a telescope.
04:05
It's kinda hard to tell. Sometimes these pan tilt zoom buttons are operational and you can move the camera around.
04:14
But we're not really concerned with that right now,
04:17
so let's go look at another I P address.
04:19
Remember, you're gathering I p addresses of your
04:24
of your pen testing target,
04:26
so we'll try this one.
04:34
This one is in Russia.
04:36
Looks like they have a webcam running as well.
04:41
And we see this is the banner grab information
04:44
and server identifies itself as webcam X p. That's why the
04:48
A search for that keyword found this particular device that's on a public facing website.
05:00
So if we go to the link,
05:03
we can see what the Webcam is looking at,
05:06
and this one appears to be looking at
05:10
the outside of a building. We've got three different sources for this camera, or there's three different cameras.
05:15
So depending on what kind of equipment
05:17
is installed,
05:20
you can get different views.
05:24
A lot of people use these systems for their for their homes, in addition to using them for their businesses.
05:29
So worked with wise. If you are implementing
05:31
a network addressable security system, make sure that you haven't properly protected.
05:39
This is making the job a little too easy for the for the social engineer or just even for any regular hacker
05:45
that's trying thio
05:47
to some work.
05:49
Try another one here.
05:58
This is in McKinney, Texas,
06:03
So look at this. See what this webcam is? I think this one's point to get a park.
06:08
Yeah, there it is.
06:10
So the point is not to just randomly browse around i p addresses and webcams you want to be working with in the i p address
06:18
range that your target actually
06:23
is using.
06:26
And if you go to the Explorer link, you can certainly find lots of other information that you congrats about that target. That's why it's important to get the i P. Address. Put that into show Dan and see what service is. Show up.
06:40
And this helps to define the attack surface for that particular,
06:46
um,
06:46
target of the pen test.
06:50
Okay, so I hope you'll enjoy using showed. And I think if you can create an account,
06:56
hang out in the blog's who what people are doing. You could learn a little bit about the community. So def definitely help you doing your digital information gathering phase.
07:04
All right. Thank you. And I'll see you in the next video.

Up Next

Social Engineering and Manipulation

In this online, self-paced Social Engineering and Manipulation training class, you will learn how some of the most elegant social engineering attacks take place. Learn to perform these scenarios and what is done during each step of the attack.

Instructed By

Instructor Profile Image
Dean Pompilio
CEO of SteppingStone Solutions
Instructor