Shodan: Service Update

I’ve recently been able to add a bunch of new services to the Shodan crawling infrastructure thanks to the help of @shawnmer and @bill_e_ghote. With the addition of these ports, Shodan is now also looking at more than 40 different ports! Here are the new services that you can search on:

IPMI

IPMI is used to remotely manage servers at a low-level. It allows you to install a new operating system, change BIOS settings and much more over the Internet. There have been a few discoveries in this area recently and I expect to hear more about this service’s security issues in the future.

VNC and PCAnywhere

I would expect most people that use Shodan are familiar with VNC and have at least heard of Symantec’s PCAnywhere product. They let you connect to your desktop/ workstation from anywhere in the world and it will behave as if you’re on-site (all keyboard/ mouse events are transmitted).

Microsoft SQL Server

Shodan already crawls for PostgreSQL (5432), MySQL (3306), Redis (6379) and MongoDB (27017) so it made sense to flesh out the database coverage by adding MS-SQL. Here’s an example banner to give you an idea of what information the daemon returns:

ServerName;WIN-8TRESDJWT43;InstanceName;MSSQLSERVER;IsClustered;No;Version;8.00.194;tcp;1433;np;\\WIN-8TRESDJWT43\pipe\sql\query

LDAP

This was a quick addition requested by @bill_e_ghote and the output for it isn’t being fully processed yet. It means that you will need to do your own parsing of the raw data that Shodan provides at the moment, but it should still provide a good starting point to see who has LDAP publicly available. For example, this is how a LDAP banner looks like at the moment:

0\x84\x00\x00\x00\x10\x02\x01\x01a\x84\x00\x00\x00\x07\n\x01\x00\x04\x00\x04\x00

That sums up the latest set of services that I’ve added to Shodan! And if you want me to look for a specific service that I’m not indexing yet, please let me know by either contacting on Twitter (@achillean) or via email (jmath@shodan.io).

Advertisements

One comment

  1. billeghote

    Looking forward to grabbing the LDAP data once it is fully processed. I expect to follow up by further testing to see which LDAP services allow anonymous bind and download of directory data. Depending on the server and related data, may be quite revealing.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s