Shodan Keyword Search for Friday, May 31st

After spending a lot of research time on Shodan, the ‘computer search engine’, I have acquired quite an extensive keyword search term list – 6 pages and growing! Shodan is great for finding tons of systems online, and is great for pentesting, but you need to know what keywords to use. So I thought I would pass some along to my readers.

I haven’t really found a good list online, and there is already an extensive search database for Google keywords (called the Google Haking Database or Google Dorks), so I figured every Friday I will share some of them, making Fridays “Shodan Dork Day“.

So without further ado, here are the search terms for May 31st:

OPERATING SYSTEMS/ SERVERS

• IIS/2.0
• IIS/3.0
• IIS/4.0
• IIS/5.0
• Windows NT 4.0
• Microsoft-Windows-NT/5.1
• os:Mac 200 ok
• title:”Mac OS X Server”
• iTools
  
• rumpus
  
• iPhone
• SMSLockSys (iPhone)
• Raspberri Pi

For the record, I will not share SCADA search terms (there are already lists of these out there) or some of the other questionable keywords that I have found.

This is for educational purposes only. Some of the Shodan searches reveal unsecure systems. Never try to alter, hack or crack systems that you do not own or have permission to access.

Surf responsibly…

Chinese Hackers Steal Designs for top US Military Tech – Now What?

(Aegis BMD scenario pictured above from the Missile Defense Agency).

According to a government report, Chinese hackers successfully stole designs for some of our most used military hardware, this includes the mainstay FA-18 fighter jet and the BlackHawk helicopter. But that is not all, they also got away with designs for several missile systems including the Navy’s Aegis Balistic Missile Defense (BMD) system.

The report stated that the designs for more than two dozen military systems were stolen.

These included the:

• UH-60 BlackHawk
• F-35 Joint Strike Fighter
• FA-18 Hornet
• V-22 Osprey
• Patriot Missile Defense System
• Terminal High Altitude Area Defense (THAAD) Anti-Ballistic Missile system
• Aegis Ballistic Missile Defense (BMD) System

In essence the Chinese have stolen billions (if not Trillions) of dollars worth of weapon research and design. Worse yet, they now know the capabilities of many of our offensive and defensive weapons.

But with all the buzz on securing our military systems, how could the Chinese infiltrate classified systems and pilfer some of our greatest secrets? According to former Navy Admiral Jamie Barnett during a Fox News interview, our military systems are hardened pretty good, and were not the source of the data leak.

The data was stolen from military contractors and subcontractors.

Since the US has been working on hardening our military systems, Chinese hackers have modified their tactics and have switched to attacking military contractors. And even though these contractors have fairly good physical security, the Chinese were still able to extract military hardware designs.

So what do we do now?

Whatever changes that have been made to harden military systems need to include military contractors, or any organizations that are trusted with classified military plans. Most likely communication, encryption and codes will need to be changed so hardware in the field can not be compromised.

Our missile defense systems will need to be analyzed to determined what China could have gained by having the designs and capabilities will need to be modified so they are not made obsolete.

Counter hacking has been brought up many times in the past. Would it be feasible to counter hack to recover or destroy stolen data? Or create honeypots, legit looking sites that contain bogus but tantalizing information, that contain malware or backdoors that could infect attacking systems allowing us to connect back into them or other capabilities.

Finally, there needs to be some sort of political repercussions against China. We have already handed them our manufacturing capabilities over the last few decades, they now have many of our military secrets. The cyber bleeding needs to stop.

Buffer Overflow Exploit found in Nginx Server 1.3.9-1.4.0

Earlier this month Nginx disclosed that there was a buffer exploit vulnerability in some versions of their product. Recently, Metasploit released an exploit module for the vulnerability.

Nginx, the ever popular opensource HTTP Server and Proxy publicly disclosed that a Buffer Overflow was discovered in versions 1.3.9 – 1.4.0. According to Shodan there are almost 3 million servers on the web that use Nginx with almost 12,000 running the affected versions.

A notification from Nginx stated that a specially crafted request could trigger a stack-based buffer overflow:

The exploit released by Metasploit can take advantage of the overflow to run a payload that could include a remote shell:

This module exploits a stack buffer overflow in versions 1.3.9 to 1.4.0 of nginx. The exploit first triggers an integer overflow in the ngx_http_parse_chunked() by supplying an overly long hex value as chunked block size. This value is later used when determining the number of bytes to read into a stack buffer, thus the overflow becomes possible.

The issue has been fixed in Nginx 1.4.1 & 1.5.0 and a patch is available (see Nginx announcement above).

Remembering our Troops

Prayers and Blessing to our military families and friends on this day that we honor our troops that have paid the ultimate price for our freedom.

Prayers and thanks go out to all of our active duty troops and veterans that stand in the gap to protect our nation from harm.

Thank you for your service!