"Minecraft Server" "protocol 340" port:25565 Http.html:"* The wp-config.php creation script uses this file" pem with any extension or a filename like phpinfo.php.Įxposed wp-config.php files containing database credentials. OctoPrint 3D Printer Controllers mag_right → "Serial Number:" "Built:" "Server: HP HTTP"Ĭrestron Smart Home Controllers mag_right → ("webcam 7" OR "webcamXP") ponent:"mootools" -401 "Set-Cookie: iomega=" -"manage/login.html" -http.title:"Log In"īuffalo TeraStation NAS Drives mag_right → Iomega / LenovoEMC NAS Drives mag_right → "Authentication: disabled" "Shared this folder to access QuickBooks files OverNetwork" -unix port:445įTP Servers with Anonymous Login mag_right → "Authentication: disabled" NETLOGON SYSVOL -unix port:445Ĭoncerning default network shares of QuickBooks files: mag_right → Specifically domain controllers: mag_right → Produces ~500,000 results.narrow down by adding "Documents" or "Videos", etc. "X-AspNet-Version" http.title:"Outlook" -"x-owa-version" "x-owa-version" "IE=EmulateIE7" "Server: Microsoft-IIS/7.0" Intel Active Management CVE-2017-5689 mag_right → Http.title:"- Polycom" "Server: lighttpd" Vulnerable (kind of "by design," but especially when exposed). Lantronix Serial-to-Ethernet Adapter Leaking Telnet Passwords mag_right → "Android Debug Bridge" "Device" port:5555
#Logitech media server shodan search update#
"Docker-Distribution-Api-Version: registry" "200 OK" -gitlabĪlready Logged-In as root via Telnet mag_right port:23 -login -password -name -SessionĪ tangential result of Google's sloppy fractured update approach. "X-Jenkins" "Set-Cookie: JSESSIONID" http.title:"Dashboard" Like the infamous phpMyAdmin but for MongoDB. "MongoDB Server Information" port:27017 -authentication "\x03\x00\x00\x0b\x06\xd0\x00\x00\x124\x00"Ĭommand-line access inside Kubernetes pods and Docker containers, and real-time visualization/monitoring of the entire infrastructure.
#Logitech media server shodan search windows#
***Shodan Images is a great supplementary tool to browse screenshots, by the way! mag_right →ĩ9.99% are secured by a secondary Windows login screen. **Door / Lock Access Controllers mag_right → "Server: Microsoft-WinCE" "Content-Length: 12581" Siemens Industrial Automation mag_right → "Server: EIG Embedded Web Server" "200 Document follows" ***GaugeTech Electricity Meters mag_right → Secured by default, thankfully, but these 1,700+ machines still have no business being on the internet. ***C4 Max Commercial Vehicle GPS Trackers mag_right → ***Example: CAREL PlantVisor Refrigeration Units "Server: CarelDataServer" "200 Document follows" ***CAREL PlantVisor Refrigeration Units mag_right → Submarine Mission Control Dashboards mag_right →
Shodan made a pretty sweet Ship Tracker that maps ship locations in real time, too! **Example: Tesla PowerPack Charging Status Http.title:"Tesla PowerPack System" ponent:"d3" -ga3ca4f2 ***Tesla PowerPack Charging Status mag_right → The term "intercept subject" refers to the subscriber of a telecommunications service whose communications and/or intercept related information (IRI) has been lawfully authorized to be intercepted and delivered to some agency. Lawful intercept is the lawfully authorized interception and monitoring of communications of an intercept subject. To that end, I hope this list spreads awareness (and, quite frankly, pant-wetting fear) rather than harm.Īnd as always, discover and disclose responsibly! nerd_face **The world and its devices are quickly becoming more connected through the shiny new Internet of Things Sh*t - and exponentially more dangerous as a result. For your own legal benefit, do not attempt to login (even with default passwords) if they aren't! Narrow down results by adding filters like country:US or org:"Harvard University" or hostname:"" to the end. **You can assume these queries only return unsecured/open instances when possible. Most search filters require a Shodan account. Some return facepalm-inducing results, while others return serious and/or ancient vulnerabilities in the wild. Over time, I've collected an assortment of interesting, funny, and depressing search queries to plug into Shodan, the (literal) internet search engine.
0 kommentar(er)
