How to dominate a country

4,127 views
3,993 views

Published on

1 Comment
0 Likes
Statistics
Notes
  • Be the first to like this

No Downloads
Views
Total views
4,127
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
81
Comments
1
Likes
0
Embeds 0
No embeds

No notes for slide
  • Everyonehad a different set ofopinions.
  • http://en.wikipedia.org/wiki/Security_through_obscurity
  • Althoughnothuge, itsstillnearly 6milipaddrs
  • -iL – file withips-ao saved output-sSSYN Stealth Scan-sVServiceDetection-p21 port-T5 Supadupa ultra fast-PN dontping
  • --host-timeout 1501 – waittheminimum time onhost-n don’t do DNS resolution--min-parallelism 10 - probes (instances)–min-hostgroup 400 - eachprobe does 400 hostsatthe time
  • --host-timeout 1501 – waittheminimum time onhost-n don’t do DNS resolution--min-parallelism 10 - probes (instances)–min-hostgroup 400 - eachprobe does 400 hostsatthe time
  • http://stackoverflow.com/questions/10531618/how-to-retrieve-both-tcp-and-udp-ports-with-nmap
  • Servernetcatrunningudpport 11111Clientchecks for serviceonport 11111
  • Source:http://blog.stalkr.net/2010/05/udp-scan-with-icmp-port-unreachable-and.html
  • Source:http://blog.stalkr.net/2010/05/udp-scan-with-icmp-port-unreachable-and.html
  • Imgsource:http://i.i.com.com/cnwk.1d/i/tim/2012/06/19/Raspberry_Pi_35332544_05_1.jpg
  • Imgsource: http://elinux.org/R-Pi_Hub
  • Imgsource: http://elinux.org/R-Pi_Hub
  • http://www.youtube.com/watch?v=WUhOnX8qt3I
  • http://www.shodanhq.com/?q=Xerver (REF: http://www.exploit-db.com/exploits/9718)http://www.shodanhq.com/?q=Golden+FTP+Server (REF: http://www.exploit-db.com/exploits/10258)
  • https://community.rapid7.com/community/metasploit/blog/2012/06/11/scanning-for-vulnerable-f5-bigips-with-metasploithttps://community.rapid7.com/community/metasploit/blog/2012/06/25/press-f5-for-root-shell
  • SAP applications, provide the capability to manage financial, asset, and cost accounting, production operations and materials, personnel, plants, and archived documents.
  • SNMP
  • Source:http://opasylum.net/WikiTreason/pentest/scanners/snmp/snmpenum/windows.txt
  • Source:http://opasylum.net/WikiTreason/pentest/scanners/snmp/snmpenum/windows.txt
  • Source:http://opasylum.net/WikiTreason/pentest/scanners/snmp/snmpenum/windows.txt
  • SNMP
  • SNMP
  • SNMP
  • SNMP
  • SNMP
  • UPNP
  • UPNP
  • Explain FIREWALL THINGIE
  • UPNP
  • UPNP
  • UPNP
  • UPNP
  • UPNP
  • UPNP
  • Source:http://blog.spiderlabs.com/2012/06/using-nmap-to-screenshot-web-services.html
  • Source:http://blog.spiderlabs.com/2012/06/using-nmap-to-screenshot-web-services.html
  • Source:http://blog.spiderlabs.com/2012/06/using-nmap-to-screenshot-web-services.html
  • Source:http://blog.spiderlabs.com/2012/06/using-nmap-to-screenshot-web-services.html
  • SNMP
  • SNMP
  • SNMP
  • SNMP
  • SNMP
  • SNMP
  • SNMP
  • How to dominate a country

    1. 1. HOW TO DOMINATE A COUNTRY. Codebits 2012 T.H.,J.F.,T.M.,F.R. @PTCoreSec
    2. 2. WHAT ARE YOU ?We are:• Security Researchers• Security enthusiasts• Students, corporate sheep (read: auditors), programmers, pentesters• Beer lovers We are not :• Lulzsec• Anonymous• Hacking group• And no we wont help you hack you girlfriends facebook! • Ok… that depends on the amount of beer involved! 
    3. 3. WHO ARE YOU ?• Tiago Henriques • Tiago Martins • Team founder and leader @ PTCoreSec • Team vice-founder @ PTCoreSec • Pentester/Researcher @ 7Elements • Researcher • @Balgan • @Gank_101 • Filipe Reis • Jean Figueiredo • Programmer @ PTCoreSec • Network security researcher @ PTCoreSec • Intern @ Layer8 • Netsec admin @ Tecnocom • @fjdreis • @klinzter
    4. 4. WHO ARE YOU ?
    5. 5. TOPICS
    6. 6. WE ARE NOTRESPONSIBLE FOR ANY ILLEGALACTS OR ACTIONS PRACTICED BYYOU OR ANYONE THAT LEARNSSOMETHING FROM TODAY’SPRESENTATION.
    7. 7. CAUSING CHAOS.Q:If you guys were an attacker thatwas out to cause real damage or getprofit, how would you go on about it ?A:This is what we would do, control asmany machines in that country,penetrate critical systems and get asmuch intel/info as possible.
    8. 8. CAUSING CHAOS.And that’s what we are gonna talk about today!
    9. 9. HOW IT ALL GOT STARTEDWe’re hackers! We love knowing how to break things and howothers would go on about breaking things!The difference between us and others is simple:• We want to break things legally and find a way to fix things.• We want to learn about new things and help people.
    10. 10. PORT SCANNING….
    11. 11. HOW IT ALL GOT STARTEDWe saw some talks that really inspired us given by two great people HD Moore Fyodor
    12. 12. HOWEVER…We also ran into a bit of a problem…Portscanning might or might not be illegal in Portugal!No one is actually sure, and we talked with multiple people: • Police • Sysadmins • Researchers • Security professionals
    13. 13. WHAT TO DO ? • So, if you can’t port scan, how do u find out what ur enemies attack surface is ? • How do u know out if the entire infrastructure u rely on everyday is vulnerable or safe? • Security by obscurity? Right that works well….But like I said before…we’re hackers, so we hacked the law and rules and bentthem to our favor!
    14. 14. WHAT TO DO ?• Port scanning isn’t illegal in 2 nice places! Sweden and USA!• So we got 2 friends of ours who knew nothing of portscanning and wanted to learn, taught them how to portscan the big internets, and then they sent the raw results to us…
    15. 15. PORT SCANNING • Tools of the trade: • Nmap • Wkhtmltoimage • Python • Scapy • Linux • NodeJS • MongoDB • C • Redbull + Lots of nights awake + Frustration
    16. 16. PORT SCANNING - PROCESS1. Get Portugal’s CIDRs2. Decide on a set of services you consider important3. Check which ip’s have those port’s open Actual scanning.4. Check versions running of those services
    17. 17. PORT SCANNING - PROCESS1. Get Portugal’s CIDRsThere are two places where you can get these: • http://software77.net/geo-ip/ • ftp://ftp.ripe.net/pub/stats/ripencc/delegated-ripencc-latest 2.80.0.0/14 62.48.192.0/18 81.90.48.0/20 5.43.0.0/18 62.169.64.0/18 81.92.192.0/20 5.44.192.0/20 62.249.0.0/19 81.92.208.0/20 5.158.0.0/18 77.54.0.0/16 81.193.0.0/16 5.159.216.0/21 77.91.200.0/21 82.102.0.0/18 5.172.144.0/21 78.29.128.0/18 82.154.0.0/15 31.22.128.0/17 78.130.0.0/17 83.132.0.0/16 37.28.192.0/18 78.137.192.0/18 83.144.128.0/18 37.189.0.0/16 79.168.0.0/15 83.174.0.0/18 46.50.0.0/17 80.172.0.0/16 83.223.160.0/19 46.182.32.0/21 80.243.80.0/20 83.240.128.0/17 46.189.128.0/17 81.20.240.0/20 84.18.224.0/19 62.28.0.0/16 81.84.0.0/16 84.23.192.0/19 62.48.128.0/18 81.90.48.0/20 84.90.0.0/15
    18. 18. PORT SCANNING - PROCESS2. Decide on a set of services you consider importantID Port Number TCP/UDP Service 11 1900UDP UPNP 1 80TCP http 12 2869TCP UPNP 2 443TCP https 13 5353UDP MDNS 3 8080TCP http alternative 14 137TCP Netbios 4 21TCP FTP 15 25TCP SMTP 5 22TCP SSH 16 110TCP POP3 6 23TCP Telnet 17 143TCP IMAP 7 53UDP DNS 18 3306TCP Mysql 8 445TCP Samba 19 5900TCP VNC Server 9 139TCP Samba 20 17185UDP VoIP 10 161UDP SNMP 21 3389TCP Rdesktop 22 8082TCP TR 069
    19. 19. PORT SCANNING - PROCESS3. Check which ip’s have those port’s open4. Check versions running of those services This is where it get’s tricky!
    20. 20. PORT SCANNING - PROCESS• Portugal on the internet…. 5,822,240 allocated ip’s Dynamic ips GPRS
    21. 21. PORT SCANNING - PROCESS• So as we mentioned, we devided the actual scanning into two parts! And you might be wondering why… Common nmap scan for TCPnmap -iL ipswithftp -oA port21-FTP-with-Services -sS -sV -p21 -T5 -PN The problem of this, is that DNS resolution and –sV (Service detection) are very slow. So how do we solve this problem? We obviously want the domains the ips are associated with, and the versions of the services running.
    22. 22. PORT SCANNING - PROCESS• Do the fast things on the 6 mil ips and then do the slow stuff merely on the ips that are running the service we want to analyse. • nmap -iL CIDRSPT.txt -oA port21-FTP -sS -p21 -T5 -PN --host-timeout 1501 –min-hostgroup 400 --min-parallelism 10 -n• Then we will have the list of ips that have FTP running on port 21 on 3 files: • Port21-FTP.xml • Port21-FTP.gnmap • Port21-FTP.nmap• Extract ips from gnmap: cat port21-FTP.gnmap | grep -w "21/open" | awk {print $2} > IPSWITHFTP.TXT
    23. 23. PORT SCANNING - PROCESS• Do the show things only the ips that have our service running. • nmap -iL IPSWITHFTP.txt -oA port21-FTP-FINAL -sV -p21 -T5 -PN --host-timeout 1501 –min-hostgroup 400 --min-parallelism 10• Then we will have the list of ips that have FTP running on port 21 AND the version of those services on 3 files: • Port21-FTP-FINAL.xml • Port21-FTP-FINAL.gnmap • Port21-FTP-FINAL.nmap
    24. 24. PORT SCANNING - PROCESS• However…we still have UDP… and let me tell u….
    25. 25. PORT SCANNING - PROCESSNmap also has a UDP mode… -sU however it doesn’t work very wellwithout -sV (read: its shit!), when testing it on our lab we noticed thatmost of the times nmap wasn’t able to detect if there was a servicerunning or not.The reason for this is: “UDP scanning is slow as open/filtered portstypically dont respond so nmap has to time out and then retransmitwhilst closed ports will send a ICMP port unreachable error, whichsystems typically rate limit.”When we started, it took us around 4 Weeks to scan UDP on theentire country on 1 port….
    26. 26. PORT SCANNING - PROCESS Solution ? SCAPY!ServerClientService running on port:11111
    27. 27. PORT SCANNING - PROCESSResult of that script ?On lab testing….
    28. 28. PORT SCANNING - PROCESSResult of that script ?On internet testing….
    29. 29. PORT SCANNING - PROCESSWhen we started, it took us around +4 Weeks to scan UDP on the entire country on 1 portusing NMap…. -We took this as a baseline first run to improve…Our second run, we used python+scapy and it went down!!1 week – well not bad for a second run, but 1 week for a port ?Our third run, we used python+multithreading fu + scapy + blackmamba – 3 days – and thiswas the best we brought it down to without bringing in the big guns (read: “asking HD Moorefor help”) Forth run – C Yup entire .pt (1 port ) scanned in 4 minutes and 45 seconds.
    30. 30. PORT SCANNING - ENDSo we had our kick assfriends, send us our kick assraw results… now what do wedo with them ?
    31. 31. PORT SCANNING - ENDTerminals are fun, BUT we want an easier wayto look at our data…So…. We wrote a tool:Presenting for the first time:Nmap Query Center!
    32. 32. PORT SCANNING - END DEMO TIME!
    33. 33. Store processed Nmap scans scan data run here Socket.io Express NodeJSNmap Minion Scan Mongo DB NodeJS Importer Process raw nmap data to json so we can better process the Show all the pretty information data to the client
    34. 34. PORT SCANNING - ENDWell that’s it folks…Thank you for coming
    35. 35. PORT SCANNING – ENDJust kidding! We did promise afew more things didn’t we ?
    36. 36. PORT SCANNING – THE PROJECTWhile we were preparing forcodebits…We received something in themail….
    37. 37. PORT SCANNING – THE PROJECT Raspi
    38. 38. PORT SCANNING – THE PROJECT And it got us thinking… Port scanning, doesn’t require a great CPU, nor a huge amount of ram…
    39. 39. PORT SCANNING – THE PROJECTSo we decided to create adistributed port scanningproject…
    40. 40. PORT SCANNING – THE PROJECT We grabbed theAnd added a custom set ofscripts to it…
    41. 41. PORT SCANNING – THE PROJECT
    42. 42. PORT SCANNING – HOW DOES IT WORK? Step 1 – PTCoreSec admins request a job (scan) on the backend. Step 2 – Server side checks current number of live raspi minions. Step 3 – Server divides de CIDRS by the different clients and sends them over. Step 4 – Clients (minions) do the scans and XMLRPC send them back to the server. Step 5 – Server imports these scans into the MongoDB backend.
    43. 43. Part 2
    44. 44. BUSINESSWhen a client asks for a pentestWe present them with these
    45. 45. BUSINESS
    46. 46. BUSINESS
    47. 47. BUSINESS
    48. 48. BUSINESSAnd that’s all really neat and pretty,however there are 2 problems with that!These guys don’t give a f***. Management Blackhats
    49. 49. MANAGEMENTCares about: • Money • Money • MoneyDoes: • Will lie for PCI DSS/ISO27001/{Compliance} This shit gives us, • Approves every single thing even if it doesn’t security peeps, match security department goals but gets them headaches! moneys.
    50. 50. BLACKHATSI managed to acquire video footagethat shows these guys in action andtheir vision of the world, lets have asneek peek!
    51. 51. VIDEO - BLACKHATS
    52. 52. I ASK ONLY ONE THING OF ULeave your whitehats at home, and
    53. 53. SHODANSHODAN is a search engine that lets you find specific computers (routers,servers, etc.) using a variety of filters. Some have also described it as a publicport scan directory or a search engine of banners. Another way of putting it would be:
    54. 54. Is theOf these
    55. 55. Now combine this: With these:
    56. 56. And you get a lot of these
    57. 57. Also if you do anything ilegal and getcaught, you’ll get one of these:
    58. 58. SHODAN Now its when u ask
    59. 59. SHODAN http://www.shodanhq.com/
    60. 60. SHODANAccessing that website will give u a bar, where you can type queries andobtain results.Your queries, can ask for PORTS, Countries, strings contained in thebanners, and all sorts of other things Following is a sample set of queries that can lead to some interesting results:
    61. 61. SHODAN QUERIES• http://www.shodanhq.com/?q=cisco-IOS• http://www.shodanhq.com/?q=IIS+4.0• http://www.shodanhq.com/?q=Xerver• http://www.shodanhq.com/?q=Fuji+xerox• http://www.shodanhq.com/?q=JetDirect• http://www.shodanhq.com/?q=Netgear• http://www.shodanhq.com/?q=%22Anonymous+access+allowed%22• http://www.shodanhq.com/?q=Golden+FTP+Server
    62. 62. SHODAN QUERIES + COMBINED COUNTRY?AWESOME! Saturday, 9th of June 2012
    63. 63. SHODAN QUERIES + COMBINED COUNTRY Port: 3306 country:PT
    64. 64. SHODAN QUERIES + COMBINED COUNTRY?AWESOME! Wednesday, 6th of June 2012
    65. 65. SHODAN QUERIES + COMBINED COUNTRY BigIP country:PT
    66. 66. SHODAN QUERIES + COMBINED COUNTRY?AWESOME! Tuesday, March 13, 2012
    67. 67. SHODAN QUERIES + COMBINED COUNTRY port:3389 -allowed country:PT
    68. 68. SHODAN QUERIES + COMBINED COUNTRY?AWESOME!
    69. 69. SHODAN QUERIES OF AWESOMENESS SAP Web Application Server (ICM) Worldwide Portugal
    70. 70. SHODAN QUERIES OF AWESOMENESS SAP NetWeaver Application Server Worldwide Portugal
    71. 71. SHODAN QUERIES OF AWESOMENESS SAP Web Application Server Worldwide Portugal
    72. 72. SHODAN QUERIES OF AWESOMENESS SAP J2EE Engine Worldwide Portugal
    73. 73. SHODAN QUERIES OF AWESOMENESS
    74. 74. SHODAN QUERIES OF AWESOMENESS port:23 country:PT Worldwide Portugal
    75. 75. SHODAN QUERIES OF AWESOMENESS port:23 country:PT Username:admin Password:smcadmin
    76. 76. SHODAN QUERIES OF AWESOMENESS port:23 list of built-in commands Worldwide Not a big number, however just telnet in and you get shell…
    77. 77. SHODAN QUERIES OF AWESOMENESS port:161 country:PT Worldwide Portugal
    78. 78. SHODAN QUERIES OF AWESOMENESS What sort of info do I get with SNMP ?• Windows RUNNING PROCESSES 1.3.6.1.2.1.25.4.2.1.2• Windows INSTALLED SOFTWARE 1.3.6.1.2.1.25.6.3.1.2• Windows SYSTEM INFO 1.3.6.1.2.1.1.1• Windows HOSTNAME 1.3.6.1.2.1.1.5• Windows DOMAIN 1.3.6.1.4.1.77.1.4.1• Windows UPTIME 1.3.6.1.2.1.1.3• Windows USERS 1.3.6.1.4.1.77.1.2.25• Windows SHARES 1.3.6.1.4.1.77.1.2.27• Windows DISKS 1.3.6.1.2.1.25.2.3.1.3• Windows SERVICES 1.3.6.1.4.1.77.1.2.3.1.1• Windows LISTENING TCP PORTS 1.3.6.1.2.1.6.13.1.3.0.0.0.0• Windows LISTENING UDP PORTS 1.3.6.1.2.1.7.5.1.2.0.0.0.0
    79. 79. SHODAN QUERIES OF AWESOMENESS What sort of info do I get with SNMP ?• Linux RUNNING PROCESSES 1.3.6.1.2.1.25.4.2.1.2• Linux SYSTEM INFO 1.3.6.1.2.1.1.1• Linux HOSTNAME 1.3.6.1.2.1.1.5• Linux UPTIME 1.3.6.1.2.1.1.3• Linux MOUNTPOINTS 1.3.6.1.2.1.25.2.3.1.3• Linux RUNNING SOFTWARE PATHS 1.3.6.1.2.1.25.4.2.1.4• Linux LISTENING UDP PORTS 1.3.6.1.2.1.7.5.1.2.0.0.0.0• Linux LISTENING TCP PORTS 1.3.6.1.2.1.6.13.1.3.0.0.0.0
    80. 80. SHODAN QUERIES OF AWESOMENESS What sort of info do I get with SNMP ?• Cisco LAST TERMINAL USERS 1.3.6.1.4.1.9.9.43.1.1.6.1.8• Cisco INTERFACES 1.3.6.1.2.1.2.2.1.2• Cisco SYSTEM INFO 1.3.6.1.2.1.1.1• Cisco HOSTNAME 1.3.6.1.2.1.1.5• Cisco SNMPcommunities 1.3.6.1.6.3.12.1.3.1.4• Cisco UPTIME 1.3.6.1.2.1.1.3• Cisco IP ADDRESSES 1.3.6.1.2.1.4.20.1.1• Cisco INTERFACE DESCRIPTIONS 1.3.6.1.2.1.31.1.1.1.18• Cisco HARDWARE 1.3.6.1.2.1.47.1.1.1.1.2• Cisco TACACS SERVER 1.3.6.1.4.1.9.2.1.5• Cisco LOGMESSAGES 1.3.6.1.4.1.9.9.41.1.2.3.1.5• Cisco PROCESSES 1.3.6.1.4.1.9.9.109.1.2.1.1.2• Cisco SNMP TRAP SERVER 1.3.6.1.6.3.12.1.2.1.7
    81. 81. SHODAN QUERIES OF AWESOMENESS
    82. 82. SHODAN QUERIES OF AWESOMENESS cisco country:PT Worldwide Portugal
    83. 83. SHODAN QUERIES OF country:PT cisco AWESOMENESS
    84. 84. CISCO
    85. 85. CISCO – GRE TUNNELING
    86. 86. SHODAN QUERIES OF AWESOMENESS port:1900 country:PT Worldwide Portugal
    87. 87. SHODAN QUERIES OF AWESOMENESS So, What is UPNP?
    88. 88. SHODAN QUERIES OF AWESOMENESS So, What uses UPNP?
    89. 89. SHODAN QUERIES OF AWESOMENESS Hackz
    90. 90. SHODAN QUERIES OF AWESOMENESS Hackz
    91. 91. SHODAN QUERIES OF AWESOMENESS UPNP zomg time
    92. 92. SHODAN QUERIES OF AWESOMENESS UPNP Remote command execution
    93. 93. SHODAN QUERIES OF AWESOMENESS Oh and by the way…
    94. 94. SHODAN QUERIES OF AWESOMENESSAnother funny thing about UPNP, isthat you can get the MAC ADDR andSSID its usingAnd then….
    95. 95. SHODAN (MORE INTERESTING) QUERIES SCADA• http://www.shodanhq.com/?q=PLC• http://www.shodanhq.com/?q=allen+bradley• http://www.shodanhq.com/?q=fanuc• http://www.shodanhq.com/?q=Rockwell• http://www.shodanhq.com/?q=Cimplicity• http://www.shodanhq.com/?q=Omron• http://www.shodanhq.com/?q=Novatech• http://www.shodanhq.com/?q=Citect• http://www.shodanhq.com/?q=RTU• http://www.shodanhq.com/?q=Modbus+Bridge• http://www.shodanhq.com/?q=modicon• http://www.shodanhq.com/?q=bacnet• http://www.shodanhq.com/?q=telemetry+gateway• http://www.shodanhq.com/?q=SIMATIC• http://www.shodanhq.com/?q=hmi• http://www.shodanhq.com/?q=siemens+-...er+-Subscriber• http://www.shodanhq.com/?q=scada+RTS• http://www.shodanhq.com/?q=SCHNEIDER
    96. 96. SHODAN (MORE INTERESTING) QUERIES PORTUGAL? SCADA
    97. 97. SHODAN (MORE INTERESTING) QUERIES SCADA Portugal
    98. 98. SHODAN (MORE INTERESTING) QUERIES SCADA Portugal
    99. 99. SHODAN (MORE INTERESTING) QUERIES SCADA Portugal
    100. 100. SHODAN (MORE INTERESTING) QUERIES SCADA Portugal
    101. 101. SHODAN (MORE INTERESTING) QUERIESCameras…. Simply connected online and without authentication…
    102. 102. A LITTLE TIP…If you want to quickly check for stuff(web related) that has noauthentication, use NMAP!
    103. 103. A LITTLE TIP…First, let’s get wkhtmltoimage:wget http://wkhtmltopdf.googlecode.com/files/wkhtmltoimage-0.11.0_rc1-static-i386.tar.bz2tar -jxvf wkhtmltoimage-0.11.0_rc1-static-i386.tar.bz2cp wkhtmltoimage-i386 /usr/local/bin/Next, let’s get and install the Nmap module:git clone git://github.com/SpiderLabs/Nmap-Tools.gitcd Nmap-Tools/NSE/cp http-screenshot.nse /usr/local/share/nmap/scripts/nmap --script-updatedb
    104. 104. A LITTLE TIP…Then, do your shodan search and use:This automatically exports a list of ips ucan import into nmap
    105. 105. A LITTLE TIP…Then…
    106. 106. A LITTLE TIP…And nmap, will automatically take screenshots of the first pages that appear andstore them, then u just need to look atthose!
    107. 107. To end…
    108. 108. OPEN PORTS!
    109. 109. SCARY SHIT! DEFACE 1 SCARY? NO!
    110. 110. SCARY SHIT!DEFACE 2 SCARY?Well… disturbing, scary? Not so much!
    111. 111. SCARY SHIT!
    112. 112. SCARY SHIT!
    113. 113. SCARY SHIT!
    114. 114. SHODAN – THE BAD PART• Imports nmap scans from their servers on a rotational basis, so its not always 100% updated! Confirmed this by correlating some of the shodan results with our personal results!• For example on mysql servers, Shodan would find 785, where our results showed 3000+
    115. 115. SHODAN – THE GOOD PART• Good querying system• If port scanning is illegal in your country, you’re out of trouble if u use shodan, because ur just querying data acquired by them.
    116. 116. Kudos Girlfriends / Wives Aaron @f1nux HD MooreCodebits organization
    117. 117. Resources http://secanalysis.com/interesting-shodan-searches/ blog.spiderlabs.com/2012/06/using-nmap-to-screenshot-web-services.htmlhttp://www.youtube.com/watch?v=LPgZU7ZNIjQ - Defcon 18 2010 SHODAN for Penetration Testers Michael Schearer http://www.youtube.com/watch?v=Tg9ZAvynjdk – HD Moore – Empirical Exploitation http://www.youtube.com/watch?v=b-uPh99whw4 – HD Moore – Wild West
    118. 118. Requestshttps://www.facebook.com/ptcoresec Rate our talk @ codebits.eu
    119. 119. Test our toolwww.infosec.pt ptcoresec0 jguw8r6msf ptcoresec4 k48fg1wj7t ptcoresec3 35q4lr2wxq ptcoresec2 uhrptvkm28 ptcoresec1 pwqc9azmwl ptcoresec6 dt9onrpnb8 ptcoresec9 l744jjy6g2 ptcoresec7 9on68zqfm5 ptcoresec8 xfw9wqqf6f

    ×