Alden's Blog Home

Shodan Stories Day 62: Night at the Kino in Winnenden

Posted on Mar 6, 2019

Today I wanted to find a webcam but not because I needed an easy target, but rather so that I could find a webcam that would lead me to its precise location. I mulled about in Shodan’s image viewer until I found an interesting result, and lo and behold, it’s another webcam server made by Steven Wu (see days 38 and 47 if that name doesn’t ring a bell). Thank you, Steven Wu, for your really terribly insecure webcam server.

A Kino on 87.128.13.137

The result I picked was both appealing for what I saw through the webcam, but also for its Shodan-given location: Winnenden, Germany, a tiny town of 28,000. Now, for what I saw through the webcam. Sure looks like a move theater lobby right? Now in a 28,000 person town, there couldn’t be too many movie theaters right? Turns out that in Winnenden, there’s only one, Olympia Kino (kino is German for movie theater). IP address location services are notoriously inaccurate, however, so how could I be sure that this was the one? I decided to give the IP address an nmap to see if I could get any info.

➜  sandbox git:(master) ✗ nmap 87.128.13.137
Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-06 22:32 EST
Nmap scan report for p57800d89.dip0.t-ipconnect.de (87.128.13.137)
Host is up (0.15s latency).
Not shown: 934 closed ports, 59 filtered ports
PORT     STATE SERVICE
22/tcp   open  ssh
81/tcp   open  hosts2-ns
82/tcp   open  xfer
83/tcp   open  mit-ml-dev
85/tcp   open  mit-ml-dev
443/tcp  open  https
5900/tcp open  vnc

Nmap done: 1 IP address (1 host up) scanned in 606.43 seconds

The webcam I was originally looking at was on port 82, so I decided to look at 81. Another one of Steven Wu’s finest, this time of what must be the building’s electrical closet. Why put a webcam here? Maybe to monitor the knobs? Make sure they aren’t turning themselves?

I was hoping 83 and 85 were webcams as well, but they were garden variety authentication logins. 443 had a less garden-variety login. The router! Now as we all know the Lancom 1781VAW is the ideal choice for small and medium-sized businesses needing VPN networking and wireless connections for mobile clients. I’m not sure why they would need VPN networking, but they might have just chosen this router because Lancom seems to have considerable market share for business routers in Germany.

That leaves the VNC server, but unfortunately for me their VNC server is not wide open like the one I found all the way back on day 1. Out of options on the network, I tried looking for images of the kino on social media to see if any matched up to the lobby view I was getting. I did find one picture of the Olympia Kino lobby. Doesn’t look a whole lot like the lobby I’m seeing in the webcam, the floor is quite different and the door setup is different as well. I do see some club mates in the fridge.

For awhile I started looking around at all the movie theaters in nearby towns, but once I got through about a half dozen I decided it was a fool’s errand. I may never know for sure what movie theater this was, and I just have to live with that. See you tomorrow.