Assalamualaikum, Ramdaan Mubarak Everyone. This write up is about getting more juicy staffs of a target via SHODAN
Usually we all use shodan for getting more results of a target. Sometimes using shodan we get internal staffs too. That's what motivate me to use shodan everytime cause I got two bounties via shodan.
Without any further due let's move into the main part.
A simple shodan dork eg; org:"orgname" give lots of information about the target. While I was searching a program via shodan. I came to know sometimes hash filter gives more juicy informations.
In a public program it's easy to get hash filter. eg; http.favicon.hash:-1337
But while I was hunting a private program I wondering how to get this hash filter to get some more info?
First it was a bit difficult for me cause I need to know about the number value. How it works? Where it comes from? How to generate it?
After researching a little bit, I get to know it's Murmur hash ( murmur2 ) and I can generate it from the /favicon.ico response.
I am learning python from some time ago. It took me some time to write a simple python code. :3
Can be found in GITHUB
https://github.com/eternyle/ShodanIsh
But bad luck is after writing this I get to know someone done this before me. :') Check it out
Drop that, let's move further. -_-
Let's run the tool: python shodanish.py
Obviously, I got some internal portals from this dork.
Dork:
http.favicon.hash-:-1337
From results, I get an interesting portal.
First thing I attempted was default credentials then tried with SQLi Login Bypass, Parameter tempering, Access control and hydra too. But this time no luck :(
Next I did a dir search with the SecLists *big.txt
I was greedy enough this time to get more files *_* so, did dirsearch again with a private wordlist. ( *big.txt also gave almost same results )
The output :
From this dir search I got lots of interesting files including db.sql. These are enough to for submitting the report.
Thank you all for reading this write up. Hope you are doing well in this quarantine. May Allah help us to get out of this pandemic.
2 Comments
Lucky Nugget Casino Review - VNTOPBET クイーンカジノ クイーンカジノ betway betway bet365 bet365 535Play live spades game online - Shootercasino
ReplyDeleteHow you find that the ip address is owned by which company??
ReplyDeletePost a Comment