country domination - causing chaos and wrecking havoc
DESCRIPTION
How to own a countryTRANSCRIPT
![Page 2: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/2.jpg)
Who Am I ?
• Tiago Henriques• @balgan• 24• BSc• MSc• CEH• CHFI
• CISSP• MCSA• CISA• CISM• CPT• CCNA
file:///C:/Users/balgan/Downloads/11545_192585389754_513599754_3020198_333349_n.jpg
Team Leader of these guise
Currently employed by these guise
![Page 3: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/3.jpg)
What will we talk about today?
![Page 4: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/4.jpg)
I AM NOT
RESPONSIBLE FOR ANY ILLEGAL ACTS OR ACTIONS THAT YOU PRACTICE OR ANYONE THAT LEARNS SOMETHING FROM TODAY’S PRESENTATION.
![Page 5: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/5.jpg)
Causing Chaos.
If you guys were an attacker that was out to cause real damage or get profit, how would you go on about it ?
This is what I would do, control as many machines in that country, penetrate critical systems and get as much info as possible.
And that’s what am gonna talk about today.
![Page 6: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/6.jpg)
Business
When a client asks for a pentestWe present them with these
![Page 7: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/7.jpg)
Business
![Page 8: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/8.jpg)
Business
![Page 9: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/9.jpg)
Business
![Page 10: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/10.jpg)
BusinessAnd that’s all really neat and pretty, however there are 2 problems with that! These guys don’t give a f***.
Management Blackhats
FOCU
S
![Page 11: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/11.jpg)
ManagementCares about:
• Money• Money• Money
Does:• Will lie for PCI DSS• Approves every single thing even if it
doesn’t match security department goals but gets them moneys.
This shit gives us, security peeps, headaches!
![Page 12: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/12.jpg)
BlackhatsI managed to acquire video footage that shows these guys in action and their vision of the world, lets have a sneek peek!
![Page 13: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/13.jpg)
Video - Blackhats
![Page 14: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/14.jpg)
Tonight only, I ask one thing of u
Leave your whitehats and CISSPs at home, and embark on a journey with me to make the world…
![Page 15: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/15.jpg)
SHODAN
SHODAN is a search engine that lets you find specific computers (routers, servers, etc.) using a variety of filters. Some have also described it as a public port scan directory or a search engine of banners.
Another way of putting it would be:
![Page 16: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/16.jpg)
Is the
Of these
![Page 17: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/17.jpg)
Now combine this:
With these:
![Page 18: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/18.jpg)
And you get a lot of these
![Page 19: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/19.jpg)
Also if you do anything ilegal and get caught, you’ll get one of these:
![Page 20: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/20.jpg)
SHODAN
Now its when u ask
![Page 21: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/21.jpg)
Shodan
http://www.shodanhq.com/
![Page 22: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/22.jpg)
SHODAN
Accessing that website will give u a bar, where you can type queries and obtain results.
Your queries, can ask for PORTS, Countries, strings contained in the banners, and all sorts of other things
Following is a sample set of queries that can lead to some interesting results:
![Page 23: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/23.jpg)
SHODAN QUERIES
• http://www.shodanhq.com/?q=cisco-IOS• http://www.shodanhq.com/?q=IIS+4.0• http://www.shodanhq.com/?q=Xerver• http://www.shodanhq.com/?q=Fuji+xerox• http://www.shodanhq.com/?q=JetDirect• http://www.shodanhq.com/?q=Netgear• http://www.shodanhq.com/?q=%22Anonymous+access+allowed%22• http://www.shodanhq.com/?q=Golden+FTP+Server
![Page 24: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/24.jpg)
SHODAN QUERIES + combined country?Awesome!
Saturday, 9th of June 2012
![Page 25: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/25.jpg)
SHODAN QUERIES + combined country
Port: 3306 country:PT
![Page 26: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/26.jpg)
SHODAN QUERIES + combined country?Awesome!
Wednesday, 6th of June 2012
![Page 27: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/27.jpg)
SHODAN QUERIES + combined country
BigIP country:PT
![Page 28: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/28.jpg)
SHODAN QUERIES + combined country?Awesome!
Tuesday, March 13, 2012
![Page 29: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/29.jpg)
SHODAN QUERIES + combined country
port:3389 -allowed country:PT
![Page 30: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/30.jpg)
SHODAN QUERIES + combined country?Awesome!
![Page 31: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/31.jpg)
SHODAN QUERIES OF AWESOMENESSSAP Web Application Server (ICM)
Worldwide
Portugal
![Page 32: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/32.jpg)
SHODAN QUERIES OF AWESOMENESSSAP NetWeaver Application Server
Worldwide
Portugal
![Page 33: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/33.jpg)
SHODAN QUERIES OF AWESOMENESSSAP Web Application Server
Worldwide
Portugal
![Page 34: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/34.jpg)
SHODAN QUERIES OF AWESOMENESSSAP J2EE Engine
Worldwide
Portugal
![Page 35: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/35.jpg)
SHODAN QUERIES OF AWESOMENESS
![Page 36: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/36.jpg)
SHODAN QUERIES OF AWESOMENESSport:23 country:PT
Worldwide
Portugal
![Page 37: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/37.jpg)
SHODAN QUERIES OF AWESOMENESSport:23 country:PT
Username:adminPassword:smcadmin
![Page 38: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/38.jpg)
SHODAN QUERIES OF AWESOMENESSport:23 list of built-in commands
Worldwide
Not a big number, however just telnet in and you get shell…
![Page 39: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/39.jpg)
SHODAN QUERIES OF AWESOMENESSport:161 country:PT
Worldwide
Portugal
![Page 40: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/40.jpg)
SHODAN QUERIES OF AWESOMENESSWhat sort of info do I get with SNMP ?
• Windows RUNNING PROCESSES 1.3.6.1.2.1.25.4.2.1.2 • Windows INSTALLED SOFTWARE 1.3.6.1.2.1.25.6.3.1.2 • Windows SYSTEM INFO 1.3.6.1.2.1.1.1 • Windows HOSTNAME 1.3.6.1.2.1.1.5 • Windows DOMAIN 1.3.6.1.4.1.77.1.4.1• Windows UPTIME 1.3.6.1.2.1.1.3 • Windows USERS 1.3.6.1.4.1.77.1.2.25• Windows SHARES 1.3.6.1.4.1.77.1.2.27• Windows DISKS 1.3.6.1.2.1.25.2.3.1.3• Windows SERVICES 1.3.6.1.4.1.77.1.2.3.1.1• Windows LISTENING TCP PORTS 1.3.6.1.2.1.6.13.1.3.0.0.0.0• Windows LISTENING UDP PORTS 1.3.6.1.2.1.7.5.1.2.0.0.0.0
![Page 41: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/41.jpg)
SHODAN QUERIES OF AWESOMENESSWhat sort of info do I get with SNMP ?
• Linux RUNNING PROCESSES 1.3.6.1.2.1.25.4.2.1.2 • Linux SYSTEM INFO 1.3.6.1.2.1.1.1 • Linux HOSTNAME 1.3.6.1.2.1.1.5 • Linux UPTIME 1.3.6.1.2.1.1.3 • Linux MOUNTPOINTS 1.3.6.1.2.1.25.2.3.1.3 • Linux RUNNING SOFTWARE PATHS 1.3.6.1.2.1.25.4.2.1.4 • Linux LISTENING UDP PORTS 1.3.6.1.2.1.7.5.1.2.0.0.0.0 • Linux LISTENING TCP PORTS 1.3.6.1.2.1.6.13.1.3.0.0.0.0
![Page 42: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/42.jpg)
SHODAN QUERIES OF AWESOMENESSWhat sort of info do I get with SNMP ?
• Cisco LAST TERMINAL USERS 1.3.6.1.4.1.9.9.43.1.1.6.1.8 • Cisco INTERFACES 1.3.6.1.2.1.2.2.1.2 • Cisco SYSTEM INFO 1.3.6.1.2.1.1.1 • Cisco HOSTNAME 1.3.6.1.2.1.1.5 • Cisco SNMPcommunities 1.3.6.1.6.3.12.1.3.1.4 • Cisco UPTIME 1.3.6.1.2.1.1.3 • Cisco IP ADDRESSES 1.3.6.1.2.1.4.20.1.1 • Cisco INTERFACE DESCRIPTIONS 1.3.6.1.2.1.31.1.1.1.18 • Cisco HARDWARE 1.3.6.1.2.1.47.1.1.1.1.2 • Cisco TACACS SERVER 1.3.6.1.4.1.9.2.1.5 • Cisco LOGMESSAGES 1.3.6.1.4.1.9.9.41.1.2.3.1.5 • Cisco PROCESSES 1.3.6.1.4.1.9.9.109.1.2.1.1.2 • Cisco SNMP TRAP SERVER 1.3.6.1.6.3.12.1.2.1.7
![Page 43: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/43.jpg)
SHODAN QUERIES OF AWESOMENESS
![Page 44: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/44.jpg)
SHODAN QUERIES OF AWESOMENESScisco country:PT
Worldwide
Portugal
![Page 45: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/45.jpg)
SHODAN QUERIES OF AWESOMENESScisco country:PT
![Page 46: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/46.jpg)
Cisco
![Page 47: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/47.jpg)
Cisco – GRE TUNNELING
![Page 48: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/48.jpg)
SHODAN QUERIES OF AWESOMENESSport:1900 country:PT
Worldwide
Portugal
![Page 49: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/49.jpg)
SHODAN QUERIES OF AWESOMENESS
So, What is UPNP?
![Page 50: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/50.jpg)
SHODAN QUERIES OF AWESOMENESSSo, What uses UPNP?
![Page 51: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/51.jpg)
SHODAN QUERIES OF AWESOMENESSHackz
![Page 52: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/52.jpg)
SHODAN QUERIES OF AWESOMENESSHackz
![Page 53: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/53.jpg)
SHODAN QUERIES OF AWESOMENESS
UPNP zomg time
![Page 54: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/54.jpg)
SHODAN QUERIES OF AWESOMENESS
UPNP Remote command execution
![Page 55: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/55.jpg)
SHODAN QUERIES OF AWESOMENESS
Oh and by the way…
![Page 56: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/56.jpg)
SHODAN QUERIES OF AWESOMENESS
Another funny thing about UPNP, isthat you can get the MAC ADDR and SSID its using
And then….
![Page 57: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/57.jpg)
SHODAN (MORE INTERESTING) QUERIES
• http://www.shodanhq.com/?q=PLC• http://www.shodanhq.com/?q=allen+bradley• http://www.shodanhq.com/?q=fanuc• http://www.shodanhq.com/?q=Rockwell• http://www.shodanhq.com/?q=Cimplicity• http://www.shodanhq.com/?q=Omron• http://www.shodanhq.com/?q=Novatech• http://www.shodanhq.com/?q=Citect• http://www.shodanhq.com/?q=RTU• http://www.shodanhq.com/?q=Modbus+Bridge• http://www.shodanhq.com/?q=modicon• http://www.shodanhq.com/?q=bacnet• http://www.shodanhq.com/?q=telemetry+gateway• http://www.shodanhq.com/?q=SIMATIC• http://www.shodanhq.com/?q=hmi• http://www.shodanhq.com/?q=siemens+-...er+-Subscriber• http://www.shodanhq.com/?q=scada+RTS• http://www.shodanhq.com/?q=SCHNEIDER
SCADA
![Page 58: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/58.jpg)
SHODAN (MORE INTERESTING) QUERIESSCADA
PORTUGAL?
![Page 59: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/59.jpg)
SHODAN (MORE INTERESTING) QUERIESSCADA Portugal
![Page 60: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/60.jpg)
SHODAN (MORE INTERESTING) QUERIESSCADA Portugal
![Page 61: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/61.jpg)
SHODAN (MORE INTERESTING) QUERIESSCADA Portugal
![Page 62: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/62.jpg)
SHODAN (MORE INTERESTING) QUERIESSCADA Portugal
![Page 63: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/63.jpg)
If you want to quickly check for stuff (web related) that has no authentication, use NMAP!
A little tip…
![Page 64: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/64.jpg)
First, let’s get wkhtmltoimage:
wget http://wkhtmltopdf.googlecode.com/files/wkhtmltoimage-0.11.0_rc1-static-i386.tar.bz2tar -jxvf wkhtmltoimage-0.11.0_rc1-static-i386.tar.bz2cp wkhtmltoimage-i386 /usr/local/bin/
Next, let’s get and install the Nmap module:git clone git://github.com/SpiderLabs/Nmap-Tools.gitcd Nmap-Tools/NSE/cp http-screenshot.nse /usr/local/share/nmap/scripts/nmap --script-updatedb
A little tip…
![Page 65: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/65.jpg)
Then, do your shodan search and use:
A little tip…
This automatically exports a list of ips u can import into nmap
![Page 66: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/66.jpg)
Then…
A little tip…
![Page 67: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/67.jpg)
And nmap, will automatically take screen shots of the first pages that appear and store them, then u just need to look at those!
A little tip…
![Page 68: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/68.jpg)
To end…
![Page 69: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/69.jpg)
SCARY SHIT!
DEFACE 1 SCARY?
NO!
![Page 70: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/70.jpg)
SCARY SHIT!
DEFACE 2 SCARY?
Well… disturbing, scary? Not so much!
![Page 71: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/71.jpg)
SCARY SHIT!
![Page 72: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/72.jpg)
SCARY SHIT!
![Page 73: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/73.jpg)
SCARY SHIT!
![Page 74: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/74.jpg)
Shodan – the bad part
• Imports nmap scans from their servers, so its not always 100% updated! Confirmed this by correlating some of the shodan results with our personal results!
• For example on mysql servers, Shodan would find 785, where our results showed 3000+
![Page 75: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/75.jpg)
Shodan – the good part
• Good querying system
• If port scanning is illegal in your country, you’re out of trouble if u use shodan, because ur just querying data acquired by them.
![Page 76: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/76.jpg)
Kudos
Aaron @f1nux
GF
Luis Grangeia
![Page 77: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/77.jpg)
Resources
http://secanalysis.com/interesting-shodan-searches/
blog.spiderlabs.com/2012/06/using-nmap-to-screenshot-web-services.html
http://www.youtube.com/watch?v=LPgZU7ZNIjQ - Defcon 18 2010 SHODAN for Penetration Testers Michael Schearer
![Page 78: Country domination - Causing chaos and wrecking havoc](https://reader035.vdocuments.us/reader035/viewer/2022062513/5558c48ad8b42a235c8b46d9/html5/thumbnails/78.jpg)
50% discount for students and AP2SI peeps