Welcome back Cyber Warriors! šµļø
Last time we learnt about SHODAN, what it does and even did an example search where we landed on one of Maseno University's router Login in page. To search for devices in Kenya we searched country:"KE" and got 170,000+ results. All these internet facing and thus accessibe remotely; Mostly unintentionally or simply through negligence and poor opsec.
In this post, we will get deeper into the trenches. We will combine searches to narrow down our results and use this new knowledge to find some cctvs and webcams.
Cyber Morans, roll up your sleeves and lets do this!šŖ
Narrow down your search š
Just like in google, you can combine searches to narrow down to a specific result...well in this case, target.
Routers
searching country:"KE" brings all the result from Kenya. but say we only want tp-link routers in the country ? Well, how about tp-link country:"KE" š
From 170,000+ to 589 search results. Now remember these are the tp-link routers that internet facing due to their configuration. Ofcourse there are more tp-link routers in the country, just visit almost every SME, hostel and most home routers.
Why tp-link?
For the exact same reason that makes them popular is also why they are so easy to attack. You see, tp-link, as are most routers in the modern day, are plug-and-play devices. this means you simply connect them and start using, with little (mostly none at all) configuration. They come with default passwords that most people dont even bother to ever change in their lifetime. A simple google search for tp-link default credentials and BAM! you can log in remotely to these routers.
For tp-link the default creds are admin/admin. The funny thing is, so is TENDA, Linksys, ZTE, Netcomm, ASUS and D-link among many....many more š¤
PS: ā These are NOT the WIFI passwords. These are the devices' themselves login credentials ie. for a TENDA router, you will go to its default page (http://192.168.0.1) and there is where these default logins come in. From this page, you can change the router configs/settings, including changing the credentials.
Why bother to hack a router?
Well, the question should be why not? š¤
Alter DNS settings: The most common reason actors hack routers is to change the DNS settings. Commonly refered to as DNS hijacking. By doing this, a hacker can redirect your internet traffic (every single thing you do/transmit on that compromised network) without you realizing it, setting up a potentially devastating pharming and phishing attacks š
Cameras (CCTVs, webcams, ipcameras...) š„
CCTV cameras are everywhere today. States have created entire ecosystems around these devices like China and S.Korea. Commonly referred to as surveillance states, Governments and Corporates keep a close eye on everyone with added technologies like facial recognition and AI to isolate specific people.
On a lighter note š, lots of people and companies have installed CCTV cameras for security or management purposes. However, tons of these devices have not been reconfigured and still use their default logins. Are you ready?
On SHODAN type CCTV country:"KE" and hit search! š
First: notice on the left 'TOP ORGANIZATION' and again our Universities reign supreme. To explain, 13 cctv devices belonging to Catholic University of EA (CUEA) šØāš are visible on SHODAN. This means with a little probing (ie social engineering or bruteforce) to retrieve the creds (or try default creds) and you can monitor the activities in the University like Student movements, lecturers, security, schedules etc.
Second: 18 devices appear. when you visit the first search result we land here: š
another internet facing Log in page. If you probe deeper š§ into the search results you just might come across that has no/default login creds. I could'nt find one in Kenya but i did find one of a supermarket in Modimolle, Limpopo, some Kilometers north of Soweto, SA.
I may have had to much and actually traced the exact location where the footage is streaming from; 0510 Kerk St. šµļøāāļø
Other Combinations to narrow down a search even further;
If I want to find webcamxp in Kenya and only using port 8080, I can construct a query like; webcamxp country:'KE' port:8080
We could look for those webcamxp's in Nyeri on the subnet 192.168.0.0./16 by entering; webcamxp city:Nyeri net:192.168.0.0/16
As you can see, the Shodan search filters enable us to be VERY specific in finding Internet connected devices.
In the next one, we will use SHODAN to find vulnerable systems in Kenya and how they can simply be exploited. We will also find SCADA ICS systems controlling various infrastructure in Kenya and Africa. SCADA ICS systems are Industrial Control systems that are used to run the industrial infrastructure; I'm talking Dams, powerplants, railways, Manufacturing and processing plants etc.š²
As you might have guessed, these systems should'nt be public facing due to the nature of what they do. And yet, they are! I will show you how in the next one. Thank you for your time, Like and leave a comment and as always, stay awesome! š šŖ
click here to advance to the next part. š š š š š š š š š š
Comments