Tryhackme is a popular hacker training website in recent times. Tryhackme has tons of hacker training courses, not free of course. The price is quite steep at 10$/month. Tryhackme also has a lot of rooms that train in specific areas. One of those Rooms is Shodan.io. So in order for the ad to have the budget to buy the course, just work hard on surfing the web and click ads.
| Join the channel Telegram of the AnonyViet 👉 Link 👈 |
Admin: Another advertisement?
Me: Advertise for web admin.
Admin: Well then, keep going.
Through the following article will help you take the test and practice to better understand how to use Shodan.io site
Your task in this Room is very simple. Just read and answer the questions to complete the tasks.
Task 1: Introducing Shodan
Shodan.io is the search engine for anything on the Internet. With shodan.io you can publicly search and access cameras and Pi-holes or even a coffee machine, a lightbulb, and so on and so forth.
Before learning about Shodan.io, one must learn IP and ASN what was before.
IP (Internet Protocol) means network protocol address. Your computer has an IP just like your house has a house number and street name. Hardware devices in the network that want to connect and communicate with each other must have an IP address.
Tryhackme’s IP is 142.93.194.248
Autonomous system number (ASN) is the global identifier of a series of IP addresses. If you are a very very large company like Google, you will probably have your own ASN for all the IP addresses you own.
You can use ultratools to look up ASN by IP. I will get Google’s ASN, please pay attention to use Owner, get the ASN of which only shows Google.
Notice the upper left corner. That black number is the ASN. Now we know that Google’s ASN is AS15169.
Now we pass shodan.io, Remember to register first to be able to search. In the search box, we type ASN:[điền ASN ta muốn tìm kiếm].
It will give us all the results it finds. Imagine, you find the ASN code of a webcam company. Then we do a search on shodan and we’ll find out where all of their webcams are and much more fun, hehe.
Task 2: Getting Started
I will not answer the questions in the task. I want you guys to find the answer on your own.
Verses 1 and 2 you can get in ultratools.
Verses 3 to 6 are all in the shodan.
Task 3: Filters
In the Shodan home page, you can tap “explorer” to see the most searched results. One of those results is the webcam.
Note: It is legal to view some publicly accessible webcams. It’s illegal to try to hack into a webcam with a password. Depending on the country in which you access the webcam, there are different laws. You probably don’t want a second actress.
One of the most voted searches is the database search MYSQL.
Shodan also has a MySQL-specific filter: product:MySQL
Now you can use 2 filters at the same time, ASN and MySQL.
That ASN belongs to Tryhackme. Which Tryhackme’s server is DigitalOcean’s.
Shodan has a lot of powerful filters. My favorite filter is filter vuln, This filter allows you to search for vulnerable IP addresses.
Let’s say I want to find an IP address that is vulnerable to attacks like Eternal Blue:
vuln:ms17-010
However, this filter is only allowed to be used by business users, to prevent users of this filter from breaking.
Here are some filters you can use on Shodan:
- City
- Country
- Geo (coordinates)
- Hostname
- net (based on IP/CIDR)
- os (find the operating system)
- port
- before/after (timeline)
Task 4: Google & Filters
What is the top operating system for MySQL servers in Google’s ASN?
Search: ASN:AS15169 product:MySQL
3rd most popular country for MySQL servers?
Search: Same as above
What is the most popular protocol of nginx?
Search: ASN:AS15169 product:nginx
Most popular city?
Search: ASN:AS15169 country:”US”
Google ASN’s most popular OS in Oaland?
Search: ASN:AS15169 country:”US” city:”oakland”
Is it because Tryhackme hasn’t updated yet? The answer is probably
Windows Server 2008 but Tryhackme received Windows Server 2012.
Using keyword Webcam from explorer, Google has Webcam or not?
Search: ASN:AS15169 webcam
This question has not been updated yet. It should have been, but the answer is now (no).
I searched too much now shodan has run out of search, hihi.
Task 5: Exploring the Shodan API
Shodan.io has an API. If you want to explore Shodan’s API, read posts on how to use the API to hack Pi-Holes.
The API allows you to programmatically search Shodan and get back a list of IP addresses
