Hey today I am going to show you some shodan queries to get the best out of shodan . You can also read my other articles. Lets get started
Search for Open Databases
MongoDB, Elasticsearch etc does not use authentication by default . In this post I will focus on Elasticsearch . Elasticsearch uses port 9200 . Type “Elasticsearch port:9200” in your search bar and you will find all the databases .
I tried connecting to one of the database with curl . To my suprise some hacker had deleted all the data and I am not the hacker that deleted it . It had this in the database
Search for ADB open ports
In shodan you can find open ADB ports which are exposed to the internet. You can find ADB ports by using this query “Android Debug Bridge” . Here is a little screenshot . If you are lucky you can get root shell
Search for vulnerable FTP servers
Seacrch for “Vsftpd 2.3.4” . This ftp server has a backdoor command execution vulnerability .
Search for vulnerable asus routers
Some high end asus router has ftp service . You can just plugin your external hard drive and use the router as a NAS . The ftp server has anonymous login enabled by default . Use this query to search for it “port:21 country:US asus -530” . Kids don’t do bad stuffs . This is for educational purposes only
Search for tesla powerpacks
Search for tesla powerpacks in shodan with this command “http.title:”Tesla PowerPack System” . Tesla fixed it I guess
This post is for educational purposes only . I do not promote such activities . Please read my other articles
https://medium.com/@ciph3r/how-i-could-have-downloaded-data-of-11000-people-2f047c7107df
https://medium.com/@ciph3r/how-i-got-trapped-in-a-honeypot-996e776c78d1
https://medium.com/@ciph3r/how-to-steal-saved-browser-passwords-7de394448816
