System Shock: The Shodan computer search engine I’m Viss. I do security research. I’ve presented at: Defcon/BlackHat/ToorCon(s)/ BSides/BarCamp/OWASP/ HITB Thursday, April 11, 13
Time for some RESPECT.
I am here because of someone elses misfortune. It’s great for me, but horrible for them. I just want to acknowledge that. Thursday, April 11, 13
Credentials: •Aaaaahahahahhahahaha •HHAHAHAhahahAHAhaha! •omg rofl lolz hahaha seriously •I can’t seriously do this slide with a straight face •I read an nmap book once •I totally stole this idea from zfasel and I owe him booze for it. •my CISSP code of ethics mandates I report you
Thursday, April 11, 13
Who here has NOT heard of Shodan?
Thursday, April 11, 13
Who here knows what TCP Banners are?
Thursday, April 11, 13
Any python coders in here? You guys are gonna love this :D
Thursday, April 11, 13
Shodan is like google but for tcp banners. It also has a python API You can bridge that API to tools ... like metasploit. Or armitage and cortana Or you can just screenshot the entire net Thursday, April 11, 13
Find an interesting query. Believe me - there is enough absurdity on the internet - its VERY EASY TO FIND. 2-3 steps of refinement = goldmines
Thursday, April 11, 13
My first forray into this: TONS AND TONS OF WEBCAMS.
Thursday, April 11, 13
Webcams! .. speaking of goldmines..
Thursday, April 11, 13
Who watches the watchers?
Thursday, April 11, 13
Who watches the watchers?
Meeeeeeee >:D
Thursday, April 11, 13
Now for more meta
a camera in the business that makes the cameras, watching people MAKE THE CAMERAS I’m watching them with
Thursday, April 11, 13
Scada gear on webcams!
Thursday, April 11, 13
Other stuff on webcams!
Thursday, April 11, 13
But most cameras are boring
Thursday, April 11, 13
This thing!
... (no idea)
Thursday, April 11, 13
A um.. “T-2000” ! .. ... whats a T-2000?.. relion?
Thursday, April 11, 13
Its a hydrogen fuel cell.
Thursday, April 11, 13
Looks industrial!
Thursday, April 11, 13
Gets used a lot in .mil...
Thursday, April 11, 13
This is how you use it
Thursday, April 11, 13
So where do you find these things in meatspace?
Thursday, April 11, 13
Oh..
Thursday, April 11, 13
Wind farms!
Thursday, April 11, 13
Lighting, HVAC, Alarms
Thursday, April 11, 13
More hvac/lighting
Thursday, April 11, 13
Power meters?
Thursday, April 11, 13
Heat pumps
Thursday, April 11, 13
Bigger heat pumps
Thursday, April 11, 13
REALLY REALLY big heat pumps
Thursday, April 11, 13
Private residences?!
Thursday, April 11, 13
... with trending data?!
Thursday, April 11, 13
Water heaters
Thursday, April 11, 13
Familiar displays!
Thursday, April 11, 13
Larger industrial systems
Thursday, April 11, 13
Contents under presure
Thursday, April 11, 13
Overall, security is a joke.
Thursday, April 11, 13
Overall, security is a joke.
Thursday, April 11, 13
So what can one do with these sorts of findings? It’s like a fountain of information disclosure.
Thursday, April 11, 13
Level One: Simple recon
Thursday, April 11, 13
What details can we see?
Thursday, April 11, 13
Quick observations..
Thursday, April 11, 13
We’ve got their scent!
Thursday, April 11, 13
They smell all the way to google maps!
Thursday, April 11, 13
Level Two: Interactions
Thursday, April 11, 13
DISCLAIMER: I didn’t have any idea this happened until someone showed me a gallery of screencaps...
Thursday, April 11, 13
Simple social engineering
Thursday, April 11, 13
Thursday, April 11, 13
Massive coolers
Thursday, April 11, 13
Massive coolers with details!
Thursday, April 11, 13
Some scada keeps logs!
Thursday, April 11, 13
Massive power/UPS gear.
Thursday, April 11, 13
VNC Touchpanels
Thursday, April 11, 13
Level Three: Stuff that can be abused and is actually kind of scary
Thursday, April 11, 13
Lonworks devices
Thursday, April 11, 13
Its stackable! Like devo hats!
Thursday, April 11, 13
....
Thursday, April 11, 13
....
Thursday, April 11, 13
Thursday, April 11, 13
Thursday, April 11, 13
So I can control the: power, lights, hvac ice skating rink, garage doors water pressure and boilers Of something like 36 businesses all in one town?
Thursday, April 11, 13
What about phones? Phones indexed by shodan!
Thursday, April 11, 13
Stoplights.
Thursday, April 11, 13
AUTOPLATE. Not red-light cameras.. something else
Thursday, April 11, 13
PIPS: The company that makes autoplate.
Thursday, April 11, 13
PIPS: want license plates?
Thursday, April 11, 13
DakTronics.
Thursday, April 11, 13
DakTronics.
Thursday, April 11, 13
Ruggedcom!
Thursday, April 11, 13
Ruggedcom!
Thursday, April 11, 13
Malware on safari?
Thursday, April 11, 13
kW? .. wat.
Thursday, April 11, 13
Thursday, April 11, 13
I put that on twitter. A day later DHS called my cellphone. Thursday, April 11, 13
Also, that UI was built in frontpage. Thursday, April 11, 13
YES, FRONTPAGE. ON SCADA. Thursday, April 11, 13
AND SOMEONE BOUGHT IT Thursday, April 11, 13
THEN PUT IT ON THE INTERNEtkajelj kalsjknbflkajbe gkbja Thursday, April 11, 13
*ahem* Thursday, April 11, 13
You’d think they’d LEARN.
Thursday, April 11, 13
.. but they dont.
Thursday, April 11, 13
.. they really dont.
Thursday, April 11, 13
.. they really dont.
Thursday, April 11, 13
Satellite systems
Thursday, April 11, 13
NAS storage arrays
Thursday, April 11, 13
“LaserWash” Car Wash Systems
Thursday, April 11, 13
Humidifiers
Thursday, April 11, 13
Humidifiers
Thursday, April 11, 13
Emergency Telco gear
Thursday, April 11, 13
Emergency Telco gear
Thursday, April 11, 13
wait what?
Thursday, April 11, 13
.. .speakers?
Thursday, April 11, 13
A massive wine cooler
Thursday, April 11, 13
A massive wine cooler Text
Thursday, April 11, 13
Science!
Thursday, April 11, 13
Science!
Thursday, April 11, 13
Science!
Thursday, April 11, 13
Science!
Thursday, April 11, 13
Science!
Thursday, April 11, 13
Science!
Thursday, April 11, 13
Almost all of those are offline now. THANK YOU CERN :D Thursday, April 11, 13
Ski trip, anyone?
Thursday, April 11, 13
Massive solar arrays
Thursday, April 11, 13
Massive solar arrays
Thursday, April 11, 13
Massive solar arrays
Thursday, April 11, 13
Massive solar arrays
Thursday, April 11, 13
TraceVue
Thursday, April 11, 13
Home Automation
Thursday, April 11, 13
.gov oopsies
Thursday, April 11, 13
.gov oopsies
Thursday, April 11, 13
.gov oopsies
Thursday, April 11, 13
.gov oopsies
Thursday, April 11, 13
... a fishery?
Thursday, April 11, 13
... a fishery?
Thursday, April 11, 13
I’m in your scadas..
Thursday, April 11, 13
Wait, no, lobster chillmode
Thursday, April 11, 13
Cant forget the champagne!
Thursday, April 11, 13
Swimming pools!
Thursday, April 11, 13
Swimming pools!
Thursday, April 11, 13
Swimming pools!
Thursday, April 11, 13
... really? An acid pump?
Thursday, April 11, 13
... really? An acid pump?
Thursday, April 11, 13
Thursday, April 11, 13
so 80s style horror flick scenario
(these are actually defcon goons in a pile..) Thursday, April 11, 13
so jason vorhees shows up...
Thursday, April 11, 13
But his victims are soup.
Thursday, April 11, 13
He’s gonna be PISSED.
Thursday, April 11, 13
So, Say you find stuff on your banjo dinosaur knitting adventure A lot of stuff. 50,000+ results...wat do? h/t @travisgoodspeed Thursday, April 11, 13
Screenshot All THE THINGS! :D Thursday, April 11, 13
50k sites by hand sucks
screenshots are WAY faster! :D Thursday, April 11, 13
I had help too
https://github.com/PaulMcMillan/eagleeye2 Thursday, April 11, 13
you can do this with vnc
Thursday, April 11, 13
Maybe you want to pwn Pipe output to metasploit/armitage/teamserver!
Thursday, April 11, 13
The best defense is a good offense, right? Run this stuff on yourself. The attackers already do.
Thursday, April 11, 13
Spot outliers. Does your staff setup EC2 instances without approval from the business? Other sites? What else is connected to the internet, with YOUR COMPANIES NAME on it, that you don’t know about? Who actually LIKES random, unknown liability?
Thursday, April 11, 13
Some cool new features: You can search by:::: org: city: country: state: net: Thursday, April 11, 13
You guys are awesome Thank you for letting me rant! github.com/Viss/Eagleeye github.com/PaulMcMillan/eagleeye2 Twitter: @Viss atenlabs.com Thursday, April 11, 13