Alden’s ITP Home

  • Shodan Stories Day 71: Transfering Files in Moscow, Macommet, and Open Source Mirrors

    Today I just wanted to find a working public FTP server. So I searched “FTP”, and went with the first result I found, this one in Moscow. FTP Server on 195.128.64.25 FTP seems like an ancient technology but I had a job just a few years ago where we would use it all of the time, and I frequently use it to move files to my servers when I can’t be bothered to remember the correct scp syntax.

    Read more…
  • Shodan Stories Day 70: Engineering Consulting in Tangier, WampServer, CORS the Silent Killer, and You'll Always Have a Job with PHP

    Today I truly cast a stone into the sea blindfolded, and decided to see what typing in just any old random IP address into Shodan would bring up. WampServer on 197.230.101.90 I’m not sure what force compelled me to type 197.230.101.90, but it was indeed in Shodan and looked like it was running a website (80 and 443 were serving HTTP) and SQL databases (3306, the mySQL database port and 5432, the PostgreSQL port were both running).

    Read more…
  • Shodan Stories Day 68: A Construction Site in Northern Illinois

    Busy today so I found an IP camera. This time I got one of my all time favorites, an AXIS camera, this one with a 4K resolution and 700° pan/tilt control. AXIS Q6128-E Network Camera on 107.85.76.185 Shodan couldn’t identify where it was beyond “United States”, and I found that was likely because it was connected to the network via a mobile Sierra AirLink router, the kind we’ve seen several times now.

    Read more…
  • Shodan Stories Day 67: Taking Care of Feet in Buenos Aires, Good Old Apache Webservers, and the Forgotten History of the Directory Index

    I saw a great search on Shodan the other day, one just for Apache Webservers. Apache is a true classic, a webserver now 24 years old that had a big hand in the expansion of the early web. It’s still among the most popular servers today; it’s estimated that 20% of all current websites are running Apache. So I was expecting to see a lot of results, and indeed Shodan could identify at least 320,000 IP addresses running Apache.

    Read more…
  • Shodan Stories Day 66: Making Cement in Tuban

    Today I saw a search just for everything that’s a customer of PT Telkom Indonesia, an Indonesian ISP. Tuban Cement Factory on 180.250.182.241 I ended up picking the first result because I saw on Shodan, in the town of Tuban on Java, that it was running this warning on the telnet port, 23. ***************************************************************************** PT Holcim Indonesia Tbk Astinet Router to STO Kerek Tuban Plant WARNING: This is a private system.

    Read more…
  • Shodan Stories Day 65: My Wifi Enabled Smart Projector Helped Me Rekindle My Marriage's Lost Spark in Beijing

    Today I wanted to find any kind of Alexa-compatible device, be it WiFi plug, smart bulb, or whatever, so I searched in Shodan for “alexa”. After looking at the results for awhile I found that there was a particular type of object that showed up that I thought was worth looking into further, what looked like a “smart projector”. Optoma on 54.223.86.54 The actual search I used to narrow down on the projectors was “alxtest/alexa”, which was part of the name in the webserver these projectors were running.

    Read more…
  • Shodan Stories Day 64: Pro DJing in Antofagasta, Iomega NAS, and a Torrenting Minimalist

    Today I saw a search for Iomega (now Lenovo EMC) Network Attached Storage, probably because these devices have been show to have huge security flaws (or the novelty of finding devices that still have “Iomega” written into their cookie code even after the brand had been incorporated into Lenovo). But I thought it would be a nice change from all of the Synology NAS we’ve been seeing. Lenovo EMC NAS on 190.

    Read more…
  • Shodan Stories Day 63: Securities Trading in Hong Kong, Ghidra vs IDA Pro, and the Ever Popular Insecure Java Debugger

    There’s been a lot of hubbub in the infosec world the past couple of days because the NSA released one of their reverse engineering tools, Ghidra, as an open source toolkit. This is huge news because the closest tool in functionality, IDA Pro, is $1200 a year for a license, but also raised a question: would you trust software from the NSA, even if it’s hosted on Github? I’m starting with this preamble because of a default setting in Ghidra.

    Read more…
  • Shodan Stories Day 62: Night at the Kino in Winnenden

    Today I wanted to find a webcam but not because I needed an easy target, but rather so that I could find a webcam that would lead me to its precise location. I mulled about in Shodan’s image viewer until I found an interesting result, and lo and behold, it’s another webcam server made by Steven Wu (see days 38 and 47 if that name doesn’t ring a bell). Thank you, Steven Wu, for your really terribly insecure webcam server.

    Read more…
  • Shodan Stories Day 61: Printing Skulls in Springfield, Tautulli Plex, and OctoPrint

    Today’s episode is again taken off of the recent searches. I saw someone searching for “octoprint -login -authenticate”, and decided I’d take a look. Turns out OctoPrint is a web interface for 3D printers that let you remotely monitor and control your in progress jobs. So I’d be finding 3D printers, a whole dimension up from the paper printer I found back on day 31. A Wanhao Duplicator i3 3D Printer on 173.

    Read more…