jake/jarv.is
jake/jarv.is
1
Fork 0
mirror of https://github.com/jakejarvis/jarv.is.git synced 2025-04-27 13:56:22 -04:00
Code Issues

non-selectable line numbers on code fences

Browse Source
This commit is contained in:
Jake Jarvis 2019-12-04 11:25:46 -05:00
parent 1747bdd149
commit 552b62f571
Signed by: jake
GPG Key ID: 2B0C9CF251E69A39
9 changed files with 141 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
assets/sass/components/_syntax.scss
View File

@ -30,9 +30,9 @@ div.highlight span {
font-weight: bold;
}
// TODO: line numbers
&.ln {
// line numbers
&.lnt {
color: #999999;
margin-right: 1.5em;
user-select: none; // maybe add prefixes? https://caniuse.com/#feat=user-select-none
}
}

30
assets/sass/pages/_single.scss
View File

@ -79,6 +79,7 @@ main#single {
div.embed.video-player {
position: relative;
padding-bottom: 56.25%;
margin: 1em auto;
height: 0;
overflow: hidden;
@ -102,24 +103,35 @@ main#single {
border: 0;
}
code {
// all code
div.highlight, code {
// https://markdotto.com/2018/02/07/github-system-fonts/
font-family: "SFMono-Regular", "Consolas", "Liberation Mono", "Menlo", "Courier", monospace;
font-size: 0.9em;
padding: 0.2em;
background: $color-super-duper-light;
border: 1px solid $color-super-light;
font-size: 0.9em;
page-break-inside: avoid;
}
pre code {
display: block;
padding: 1em 1.5em;
line-height: 1.6;
// inline code in paragraphs
p code {
border: 1px solid $color-super-light;
padding: 0.2em;
}
// code fences
div.highlight {
border: 1px solid $color-super-light;
border-left: 3px solid $color-links;
line-height: 1.6;
max-width: 100%;
overflow-x: scroll;
page-break-inside: avoid;
object-fit: scale-down;
font-size: 1em;
margin: 1em 0;
}
div.highlight pre {
display: block;
margin-left: 1.5em;
}
}

2
content/_index.html
View File

@ -1,6 +1,6 @@
---
title: "Jake Jarvis Front-End Web Developer in Boston, MA"
date: 2019-12-01 16:46:17-0400
date: 2019-12-03 11:22:05-0400
type: home
---

10
content/notes/finding-candidates-subdomain-takeovers/index.md
View File

@ -45,19 +45,19 @@ Conveniently, [Rapid7](https://www.rapid7.com/) publishes a monthly list for us
One of their free monthly datasets is called [Forward DNS](https://opendata.rapid7.com/sonar.fdns_v2/), where you'll find `.json` files named `xxxx-fdns_cname.json.gz`. Within the [`subtake`](https://github.com/jakejarvis/subtake) repository, there's an automated script named [`sonar.sh`](https://github.com/jakejarvis/subtake/blob/master/sonar.sh), which downloads the dataset for you and outputs a simple text file of CNAMEs pointed to any of the services listed above. Once you've [cloned the `subtake` repository](https://github.com/jakejarvis/subtake) and grabbed the timestamp part of the filename (the string that precedes `-fdns_cname.json.gz`), usage of the script is as follows:
```bash
```bash {linenos=false}
./sonar.sh 2019-03-30-1553989414 sonar_output.txt
```
This new text file contains *both active and abandoned* subdomains pointing to any of the services listed above -- we still need to narrow it down to the takeover candidates by attempting to actually resolve each of them, which is where `subtake` comes into play. To install `subtake`, make sure [Go is installed first](https://golang.org/doc/install#install) and run the following:
```bash
```bash {linenos=false}
go get github.com/jakejarvis/subtake
```
For a detailed description of the different options you can play around with, see the [full readme on GitHub](https://github.com/jakejarvis/subtake#usage) -- but here's a simple example command that uses 50 threads to take the CNAMEs listed in `sonar_output.txt` and outputs potentially vulnerable subdomains to `vulnerable.txt`.
```bash
```bash {linenos=false}
subtake -f sonar_output.txt -c fingerprints.json -t 50 -ssl -a -o vulnerable.txt
```
@ -65,7 +65,7 @@ This could take quite a while -- up to a day, depending on your CPU, memory, and
I also have a collection of root domains of companies offering bounties through [HackerOne](https://hackerone.com/directory/) or [Bugcrowd](https://bugcrowd.com/programs) at a [different GitHub repository](https://github.com/jakejarvis/bounty-domains/). Using the [`grep`-friendly text file](https://github.com/jakejarvis/bounty-domains/blob/master/grep.txt), it's easy to use [`grep`](http://man7.org/linux/man-pages/man1/grep.1.html) to narrow down your `vulnerable.txt` list even more:
```bash
```bash {linenos=false}
grep -f grep.txt vulnerable.txt
```
@ -75,7 +75,6 @@ In my view, takeovers are a fantastic way to begin a side hustle in bug bounties
Since you have this luxury of time, it becomes ***extremely important*** that you let your adrenaline subside and follow [responsible disclosure](https://www.bugcrowd.com/resource/what-is-responsible-disclosure/) guidelines -- especially in the creation of a "proof of concept" file with your username at an obscure location, **not** at `index.html`. I won't go over the details of writing a report because [Patrik Hudak](https://twitter.com/0xpatrik) wrote another [great post about it here](https://0xpatrik.com/takeover-proofs/). This is an example of one of my own reports (company name censored because it has not been publicly disclosed) on [Bugcrowd](https://bugcrowd.com/programs):
> I have found three subdomains of ********.com vulnerable to takeovers via unclaimed endpoints at [Azure's Traffic Manager](https://azure.microsoft.com/en-us/services/traffic-manager/). I have claimed these endpoints and redirected them to a blank page to prevent a bad actor from doing so in the meantime, and hosted a POC file at obscure URLs. These are the following domains I discovered and the outdated endpoints on Azure to which they point:
>
> xxxx.********.com --> aaa.trafficmanager.net
@ -96,7 +95,6 @@ Since you have this luxury of time, it becomes ***extremely important*** that yo
>
> Please let me know when you've received this report and I'll delete the endpoints from my personal Azure account, so you can either reclaim them or remove the subdomains entirely from your DNS records. Thanks!
I removed the company's name because an important part of responsible *disclosure* is the *disclosure*, or lack thereof. Until the company explicitly gives permission to publicly disclose the vulnerability after patching it -- and there are built-in features on both HackerOne and Bugcrowd to request this -- it's **not okay** to talk about it publicly.
The `poc-d4ca9e8ceb.html` proof-of-concept file contained this single, hidden line:

24
content/notes/how-to-backup-linux-server/index.md
View File

@ -62,27 +62,27 @@ Restic might be included in your OS's default repositories (it is on Ubuntu) but
Find the latest version of Restic on their [GitHub releases page](https://github.com/restic/restic/releases/latest). Since I'm assuming this is a Linux server, we only want the file ending in `_linux_amd64.bz2`. (For a 32-bit Linux server, find `_linux_386.bz2`. Windows, macOS, and BSD binaries are also there.) Right-click and copy the direct URL for that file and head over to your server's command line to download it into your home directory:
```bash
```bash {linenos=false}
cd ~
wget https://github.com/restic/restic/releases/download/v0.9.5/restic_0.9.5_linux_amd64.bz2
```
Next, we'll unzip the download in place:
```bash
```bash {linenos=false}
bunzip2 restic_*
```
This should leave us with a single file: the Restic binary. In order to make Restic available system-wide and accessible with a simple `restic` command, we need to move it into the `/usr/local/bin` folder, which requires `sudo` access:
```bash
```bash {linenos=false}
sudo mv restic_* /usr/local/bin/restic
sudo chmod a+x /usr/local/bin/restic
```
Now's a good time to run `restic` to make sure we're good to move on. If you see the version number we downloaded, you're all set!
```bash
```bash {linenos=false}
restic version
```
@ -95,14 +95,14 @@ If you haven't already [created a new S3 bucket](https://docs.aws.amazon.com/qui
We need to store these keys as environment variables named `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`. For now, we'll set these temporarily until we automate everything in the next step.
```bash
```bash {linenos=false}
export AWS_ACCESS_KEY_ID="your AWS access key"
export AWS_SECRET_ACCESS_KEY="your AWS secret"
```
We'll also need to tell Restic where the bucket is located and set a secure password to encrypt the backups. You can generate a super-secure 32-character password by running `openssl rand -base64 32` — just make sure you store it somewhere safe!
```bash
```bash {linenos=false}
export RESTIC_REPOSITORY="s3:s3.amazonaws.com/your-bucket-name"
export RESTIC_PASSWORD="passw0rd123-just-kidding"
```
@ -112,7 +112,7 @@ export RESTIC_PASSWORD="passw0rd123-just-kidding"
Now we're ready to have Restic initialize the repository. This saves a `config` file in your S3 bucket and starts the encryption process right off the bat. You only need to run this once.
```bash
```bash {linenos=false}
restic init
```
@ -123,7 +123,7 @@ If successful, you should see a message containing `created restic backend`. If
Now that the hard parts are done, creating a backup (or "snapshot" in Restic terms) is as simple as a one-line command. All we need to specify is the directory you want to backup.
```bash
```bash {linenos=false}
restic backup /srv/important/data
```
@ -153,7 +153,7 @@ I highly recommend adding one final command to the end of the file: Restic's `fo
This command keeps one snapshot from each of the last **six hours**, one snapshot from each of the last **seven days**, one snapshot from each of the last **four weeks**, and one snapshot from each of the last **twelve months**.
```bash
```bash {linenos=false}
restic forget -q --prune --keep-hourly 6 --keep-daily 7 --keep-weekly 4 --keep-monthly 12
```
@ -161,13 +161,13 @@ Reading [the documentation](https://restic.readthedocs.io/en/latest/060_forget.h
Save the shell script and close the editor. Don't forget to make the script we just wrote actually executable:
```bash
```bash {linenos=false}
chmod +x backup.sh
```
Lastly, we need to set the actual cron job. To do this, run `sudo crontab -e` and add the following line to the end:
```bash
```bash {linenos=false}
0 * * * * /root/backup.sh
```
@ -184,7 +184,7 @@ Take note of the next time that your new cron job *should* run, so we can check
To restore a snapshot to a certain location, grab the ID from `restic snapshots` and use `restore` like so:
```bash
```bash {linenos=false}
restic restore 420x69abc --target ~/restored_files
```

10
content/notes/how-to-pull-request-fork-github/index.md
View File

@ -36,7 +36,7 @@ Assuming you're using GitHub, this step is easy. Just find the repository you're
GitHub will automatically redirect you to the forked repository under your username. This is the repository you need to clone to your local development environment, **not** the original. Grab the URL GitHub provides under the green "Clone or Download" button and plug it into the command below.
```bash
```bash {linenos=false}
git clone git@github.com:jakejarvis/react-native.git
```
@ -51,7 +51,7 @@ Switch directories to the forked repository you just cloned and run the followin
This links the fork back to the original repository as a remote, which we'll name `upstream`, and then fetch it.
```bash
```bash {linenos=false}
git remote add --track master upstream git@github.com:facebook/react-native.git
git fetch upstream
```
@ -61,7 +61,7 @@ git fetch upstream
It's possible to make changes directly to the `master` branch, but this might FUBAR things down the road for complicated reasons. It's best to [`checkout`](https://git-scm.com/docs/git-checkout) a new branch for **each** change/improvement you want to make. Replace `fix-readme-typo` with a more descriptive name for your changes, like `add-mobile-site` or `update-dependencies`.
```bash
```bash {linenos=false}
git checkout -b fix-readme-typo upstream/master
```
@ -75,14 +75,14 @@ This is either the easiest part or the hardest part, depending on how you look a
You're probably used to these commands. Add the files you've changed and commit them with a descriptive message.
```bash
```bash {linenos=false}
git add .
git commit -m "Fix grammar mistakes in the readme file"
```
The one difference is the branch you're pushing to. You likely usually push to `master`, but in this case, we're pushing to the branch with the name you created in step 4.
```bash
```bash {linenos=false}
git push -u origin fix-readme-typo
```

12
content/notes/how-to-shrink-linux-virtual-disk-vmware/index.md
View File

@ -38,7 +38,7 @@ Once you're ready, here's how to shrink your Linux-based VM:
The open-source version of VMware Tools for Linux, [open-vm-tools](https://github.com/vmware/open-vm-tools), has added a simple command to automate the above steps in the latest version. Make sure you have the latest update through either apt or yum, and then run the following command in the **guest** terminal:
```bash
```bash {linenos=false}
vmware-toolbox-cmd disk shrink /
```
@ -50,7 +50,7 @@ Thank you to [commenter Susanna](https://jake.wordpress.com/2018/12/04/how-to-sh
Boot up your Linux virtual machine. We'll start by optimizing the OS as much as possible before shrinking it. In addition to manually deleting files you no longer use, running this command in your terminal can free up a little more space by removing some installation caches left behind by old versions of software you've installed and updated:
```bash
```bash {linenos=false}
sudo apt-get clean
```
@ -59,7 +59,7 @@ sudo apt-get clean
This step is the crucial one. In order for VMware to detect the newly free space, we need to free it up ourselves using a little trickery. We're going to have Linux overwrite the free space with a file full of zeros the size of this file will be the size of however much space we're freeing up (5 GB, in the example above) and then delete it. These commands will create the file, wait a moment, and then delete the file:
```bash
```bash {linenos=false}
cat /dev/zero > zero.fill
sync
sleep 1
@ -84,13 +84,13 @@ Now, we're going to run our final command in our **host** terminal, so open that
We're going to feed this command the exact location of the VMDK file we're shrinking. You can either do this by typing the **full path** to it, or by simply dragging the VMDK file onto the terminal after typing the first part of the command (up to and including "-d"). The "-d" argument will defragment the disk.
```bash
```bash {linenos=false}
/Applications/VMware\ Fusion.app/Contents/Library/vmware-vdiskmanager -d <path to your .VMDK file>
```
The final command should look something like this, with your VMDK file instead:
```bash
```bash {linenos=false}
/Applications/VMware\ Fusion.app/Contents/Library/vmware-vdiskmanager -d /Users/jake/Documents/Virtual\ Machines/Debian9.vmwarevm/Virtual\ Disk.vmdk
```
@ -98,7 +98,7 @@ If you've done this correctly, you'll see it defragmenting the file, and then re
After the defragmentation completes, we need to finally shrink the image. We do this by running the same command as you did above, but replacing the "-d" with "-k" as follows:
```bash
```bash {linenos=false}
/Applications/VMware\ Fusion.app/Contents/Library/vmware-vdiskmanager -k <path to the same .VMDK file>
```

144
content/notes/shodan-search-queries/index.md
View File

@ -52,7 +52,7 @@ The world and its devices are quickly becoming more connected through the shiny
### Samsung Electronic Billboards [🔎 &#x2192;](https://www.shodan.io/search?query=%22Server%3A+Prismview+Player%22)
```
```plaintext {linenos=false}
"Server: Prismview Player"
```
@ -61,7 +61,7 @@ The world and its devices are quickly becoming more connected through the shiny
### Gas Station Pump Controllers [🔎 &#x2192;](https://www.shodan.io/search?query=%22in-tank+inventory%22+port%3A10001)
```
```plaintext {linenos=false}
"in-tank inventory" port:10001
```
@ -70,7 +70,7 @@ The world and its devices are quickly becoming more connected through the shiny
### Automatic License Plate Readers [🔎 &#x2192;](https://www.shodan.io/search?query=P372+%22ANPR+enabled%22)
```
```plaintext {linenos=false}
P372 "ANPR enabled"
```
@ -79,21 +79,21 @@ P372 "ANPR enabled"
### Traffic Light Controllers / Red Light Cameras [🔎 &#x2192;](https://www.shodan.io/search?query=mikrotik+streetlight)
```
```plaintext {linenos=false}
mikrotik streetlight
```
### Voting Machines in the United States [🔎 &#x2192;](https://www.shodan.io/search?query=%22voter+system+serial%22+country%3AUS)
```
```plaintext {linenos=false}
"voter system serial" country:US
```
### Telcos Running [Cisco Lawful Intercept](https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/lawful/intercept/book/65LIch1.html) Wiretaps [🔎 &#x2192;](https://www.shodan.io/search?query=%22Cisco+IOS%22+%22ADVIPSERVICESK9_LI-M%22)
```
```plaintext {linenos=false}
"Cisco IOS" "ADVIPSERVICESK9_LI-M"
```
@ -104,14 +104,14 @@ Wiretapping mechanism outlined by Cisco in [RFC 3924](https://tools.ietf.org/htm
### Prison Pay Phones [🔎 &#x2192;](https://www.shodan.io/search?query=%22%5B2J%5BH+Encartele+Confidential%22)
```
```plaintext {linenos=false}
"[2J[H Encartele Confidential"
```
### [Tesla PowerPack](https://www.tesla.com/powerpack) Charging Status [🔎 &#x2192;](https://www.shodan.io/search?query=http.title%3A%22Tesla+PowerPack+System%22+http.component%3A%22d3%22+-ga3ca4f2)
```
```plaintext {linenos=false}
http.title:"Tesla PowerPack System" http.component:"d3" -ga3ca4f2
```
@ -120,7 +120,7 @@ http.title:"Tesla PowerPack System" http.component:"d3" -ga3ca4f2
### Electric Vehicle Chargers [🔎 &#x2192;](https://www.shodan.io/search?query=%22Server%3A+gSOAP%2F2.8%22+%22Content-Length%3A+583%22)
```
```plaintext {linenos=false}
"Server: gSOAP/2.8" "Content-Length: 583"
```
@ -129,7 +129,7 @@ http.title:"Tesla PowerPack System" http.component:"d3" -ga3ca4f2
Shodan made a pretty sweet [Ship Tracker](https://shiptracker.shodan.io/) that maps ship locations in real time, too!
```
```plaintext {linenos=false}
"Cobham SATCOM" OR ("Sailor" "VSAT")
```
@ -138,14 +138,14 @@ Shodan made a pretty sweet [Ship Tracker](https://shiptracker.shodan.io/) that m
### Submarine Mission Control Dashboards [🔎 &#x2192;](https://www.shodan.io/search?query=title%3A%22Slocum+Fleet+Mission+Control%22)
```
```plaintext {linenos=false}
title:"Slocum Fleet Mission Control"
```
### [CAREL PlantVisor](https://www.carel.com/product/plantvisor) Refrigeration Units [🔎 &#x2192;](https://www.shodan.io/search?query=%22Server%3A+CarelDataServer%22+%22200+Document+follows%22)
```
```plaintext {linenos=false}
"Server: CarelDataServer" "200 Document follows"
```
@ -154,14 +154,14 @@ title:"Slocum Fleet Mission Control"
### [Nordex Wind Turbine](http://www.nordex-online.com/en/products-services/wind-turbines.html) Farms [🔎 &#x2192;](https://www.shodan.io/search?query=http.title%3A%22Nordex+Control%22+%22Windows+2000+5.0+x86%22+%22Jetty%2F3.1+%28JSP+1.1%3B+Servlet+2.2%3B+java+1.6.0_14%29%22)
```
```plaintext {linenos=false}
http.title:"Nordex Control" "Windows 2000 5.0 x86" "Jetty/3.1 (JSP 1.1; Servlet 2.2; java 1.6.0_14)"
```
### [C4 Max](https://www.mobile-devices.com/our-products/c4-max/) Commercial Vehicle GPS Trackers [🔎 &#x2192;](https://www.shodan.io/search?query=%22%5B1m%5B35mWelcome+on+console%22)
```
```plaintext {linenos=false}
"[1m[35mWelcome on console"
```
@ -172,14 +172,14 @@ http.title:"Nordex Control" "Windows 2000 5.0 x86" "Jetty/3.1 (JSP 1.1; Servlet
Secured by default, thankfully, but these 1,700+ machines still [have no business](https://documents.trendmicro.com/assets/rpt/rpt-securing-connected-hospitals.pdf) being on the internet.
```
```plaintext {linenos=false}
"DICOM Server Response" port:104
```
### [GaugeTech](https://electroind.com/all-products/) Electricity Meters [🔎 &#x2192;](https://www.shodan.io/search?query=%22Server%3A+EIG+Embedded+Web+Server%22+%22200+Document+follows%22)
```
```plaintext {linenos=false}
"Server: EIG Embedded Web Server" "200 Document follows"
```
@ -188,28 +188,28 @@ Secured by default, thankfully, but these 1,700+ machines still [have no busines
### Siemens Industrial Automation [🔎 &#x2192;](https://www.shodan.io/search?query=%22Siemens%2C+SIMATIC%22+port%3A161)
```
```plaintext {linenos=false}
"Siemens, SIMATIC" port:161
```
### Siemens HVAC Controllers [🔎 &#x2192;](https://www.shodan.io/search?query=%22Server%3A+Microsoft-WinCE%22+%22Content-Length%3A+12581%22)
```
```plaintext {linenos=false}
"Server: Microsoft-WinCE" "Content-Length: 12581"
```
### Door / Lock Access Controllers [🔎 &#x2192;](https://www.shodan.io/search?query=%22HID+VertX%22+port%3A4070)
```
```plaintext {linenos=false}
"HID VertX" port:4070
```
### Railroad Management [🔎 &#x2192;](https://www.shodan.io/search?query=%22log+off%22+%22select+the+appropriate%22)
```
```plaintext {linenos=false}
"log off" "select the appropriate"
```
@ -224,20 +224,20 @@ Secured by default, thankfully, but these 1,700+ machines still [have no busines
### Unprotected VNC [🔎 &#x2192;](https://www.shodan.io/search?query=%22authentication+disabled%22+%22RFB+003.008%22)
```
```plaintext {linenos=false}
"authentication disabled" "RFB 003.008"
```
[Shodan Images](https://images.shodan.io/) is a great supplementary tool to browse screenshots, by the way! [🔎 &#x2192;](https://images.shodan.io/?query=%22authentication+disabled%22+%21screenshot.label%3Ablank)
{{< image src="images/vnc.png" alt="Example: Unprotected VNC" caption="The first result right now. 😞" >}}
{{< image src="images/vnc.png" width="500" alt="Example: Unprotected VNC" caption="The first result right now. 😞" >}}
### Windows RDP [🔎 &#x2192;](https://www.shodan.io/search?query=%22%5Cx03%5Cx00%5Cx00%5Cx0b%5Cx06%5Cxd0%5Cx00%5Cx00%5Cx124%5Cx00%22)
99.99% are secured by a secondary Windows login screen.
```
```plaintext {linenos=false}
"\x03\x00\x00\x0b\x06\xd0\x00\x00\x124\x00"
```
@ -254,7 +254,7 @@ Secured by default, thankfully, but these 1,700+ machines still [have no busines
Older versions were insecure by default. [Very scary.](https://krebsonsecurity.com/tag/mongodb/)
```
```plaintext {linenos=false}
"MongoDB Server Information" port:27017 -authentication
```
@ -265,7 +265,7 @@ Older versions were insecure by default. [Very scary.](https://krebsonsecurity.c
Like the [infamous phpMyAdmin](https://www.cvedetails.com/vulnerability-list/vendor_id-784/Phpmyadmin.html) but for MongoDB.
```
```plaintext {linenos=false}
"Set-Cookie: mongo-express=" "200 OK"
```
@ -274,7 +274,7 @@ Like the [infamous phpMyAdmin](https://www.cvedetails.com/vulnerability-list/ven
### Jenkins CI [🔎 &#x2192;](https://www.shodan.io/search?query=%22X-Jenkins%22+%22Set-Cookie%3A+JSESSIONID%22+http.title%3A%22Dashboard%22)
```
```plaintext {linenos=false}
"X-Jenkins" "Set-Cookie: JSESSIONID" http.title:"Dashboard"
```
@ -283,21 +283,21 @@ Like the [infamous phpMyAdmin](https://www.cvedetails.com/vulnerability-list/ven
### Docker APIs [🔎 &#x2192;](https://www.shodan.io/search?query=%22Docker+Containers%3A%22+port%3A2375)
```
```plaintext {linenos=false}
"Docker Containers:" port:2375
```
### [Pi-hole](https://pi-hole.net/) Open DNS Servers [🔎 &#x2192;](https://www.shodan.io/search?query=%22dnsmasq-pi-hole%22+%22Recursion%3A+enabled%22)
```
```plaintext {linenos=false}
"dnsmasq-pi-hole" "Recursion: enabled"
```
### Already Logged-In as `root` via Telnet [🔎 &#x2192;](https://www.shodan.io/search?query=%22root%40%22+port%3A23+-login+-password+-name+-Session)
```
```plaintext {linenos=false}
"root@" port:23 -login -password -name -Session
```
@ -306,21 +306,21 @@ Like the [infamous phpMyAdmin](https://www.cvedetails.com/vulnerability-list/ven
A tangential result of Google's dumb fractured update approach. 🙄 [More information here.](https://medium.com/p/root-bridge-how-thousands-of-internet-connected-android-devices-now-have-no-security-and-are-b46a68cb0f20)
```
```plaintext {linenos=false}
"Android Debug Bridge" "Device" port:5555
```
### Lantronix Serial-to-Ethernet Adapter [Leaking Telnet Passwords](https://www.bleepingcomputer.com/news/security/thousands-of-serial-to-ethernet-devices-leak-telnet-passwords/) [🔎 &#x2192;](https://www.shodan.io/search?query=Lantronix+password+port%3A30718+-secured)
```
```plaintext {linenos=false}
Lantronix password port:30718 -secured
```
### Citrix Virtual Apps [🔎 &#x2192;](https://www.shodan.io/search?query=%22Citrix+Applications%3A%22+port%3A1604)
```
```plaintext {linenos=false}
"Citrix Applications:" port:1604
```
@ -331,7 +331,7 @@ Lantronix password port:30718 -secured
[Vulnerable](https://2016.zeronights.ru/wp-content/uploads/2016/12/CiscoSmartInstall.v3.pdf) (kind of "by design," but especially when exposed).
```
```plaintext {linenos=false}
"smart install client active"
```
@ -339,20 +339,20 @@ Lantronix password port:30718 -secured
### PBX IP Phone Gateways [🔎 &#x2192;](https://www.shodan.io/search?query=PBX+%22gateway+console%22+-password+port%3A23)
```
```plaintext {linenos=false}
PBX "gateway console" -password port:23
```
### [Polycom](https://www.polycom.com/hd-video-conferencing.html) Video Conferencing [🔎 &#x2192;](https://www.shodan.io/search?query=http.title%3A%22-+Polycom%22+%22Server%3A+lighttpd%22)
```
```plaintext {linenos=false}
http.title:"- Polycom" "Server: lighttpd"
```
Telnet Configuration: [🔎 &#x2192;](https://www.shodan.io/search?query=%22Polycom+Command+Shell%22+-failed+port%3A23)
```
```plaintext {linenos=false}
"Polycom Command Shell" -failed port:23
```
@ -361,21 +361,21 @@ Telnet Configuration: [🔎 &#x2192;](https://www.shodan.io/search?query=%22Poly
### [Bomgar Help Desk](https://www.beyondtrust.com/remote-support/integrations) Portal [🔎 &#x2192;](https://www.shodan.io/search?query=%22Server%3A+Bomgar%22+%22200+OK%22)
```
```plaintext {linenos=false}
"Server: Bomgar" "200 OK"
```
### Intel Active Management [CVE-2017-5689](https://www.exploit-db.com/exploits/43385) [🔎 &#x2192;](https://www.shodan.io/search?query=%22Intel%28R%29+Active+Management+Technology%22+port%3A623%2C664%2C16992%2C16993%2C16994%2C16995)
```
```plaintext {linenos=false}
"Intel(R) Active Management Technology" port:623,664,16992,16993,16994,16995
```
### HP iLO 4 [CVE-2017-12542](https://nvd.nist.gov/vuln/detail/CVE-2017-12542) [🔎 &#x2192;](https://www.shodan.io/search?query=HP-ILO-4+%21%22HP-ILO-4%2F2.53%22+%21%22HP-ILO-4%2F2.54%22+%21%22HP-ILO-4%2F2.55%22+%21%22HP-ILO-4%2F2.60%22+%21%22HP-ILO-4%2F2.61%22+%21%22HP-ILO-4%2F2.62%22+port%3A1900)
```
```plaintext {linenos=false}
HP-ILO-4 !"HP-ILO-4/2.53" !"HP-ILO-4/2.54" !"HP-ILO-4/2.55" !"HP-ILO-4/2.60" !"HP-ILO-4/2.61" !"HP-ILO-4/2.62" port:1900
```
@ -384,7 +384,7 @@ HP-ILO-4 !"HP-ILO-4/2.53" !"HP-ILO-4/2.54" !"HP-ILO-4/2.55" !"HP-ILO-4/2.60" !"H
#### Exchange 2007 [🔎 &#x2192;](https://www.shodan.io/search?query=%22x-owa-version%22+%22IE%3DEmulateIE7%22+%22Server%3A+Microsoft-IIS%2F7.0%22)
```
```plaintext {linenos=false}
"x-owa-version" "IE=EmulateIE7" "Server: Microsoft-IIS/7.0"
```
@ -392,7 +392,7 @@ HP-ILO-4 !"HP-ILO-4/2.53" !"HP-ILO-4/2.54" !"HP-ILO-4/2.55" !"HP-ILO-4/2.60" !"H
#### Exchange 2010 [🔎 &#x2192;](https://www.shodan.io/search?query=%22x-owa-version%22+%22IE%3DEmulateIE7%22+http.favicon.hash%3A442749392)
```
```plaintext {linenos=false}
"x-owa-version" "IE=EmulateIE7" http.favicon.hash:442749392
```
@ -400,7 +400,7 @@ HP-ILO-4 !"HP-ILO-4/2.53" !"HP-ILO-4/2.54" !"HP-ILO-4/2.55" !"HP-ILO-4/2.60" !"H
#### Exchange 2013 / 2016 [🔎 &#x2192;](https://www.shodan.io/search?query=%22X-AspNet-Version%22+http.title%3A%22Outlook%22+-%22x-owa-version%22)
```
```plaintext {linenos=false}
"X-AspNet-Version" http.title:"Outlook" -"x-owa-version"
```
@ -409,7 +409,7 @@ HP-ILO-4 !"HP-ILO-4/2.53" !"HP-ILO-4/2.54" !"HP-ILO-4/2.55" !"HP-ILO-4/2.60" !"H
### Lync / Skype for Business [🔎 &#x2192;](https://www.shodan.io/search?query=%22X-MS-Server-Fqdn%22)
```
```plaintext {linenos=false}
"X-MS-Server-Fqdn"
```
@ -426,27 +426,27 @@ HP-ILO-4 !"HP-ILO-4/2.53" !"HP-ILO-4/2.54" !"HP-ILO-4/2.55" !"HP-ILO-4/2.60" !"H
Produces ~500,000 results...narrow down by adding "Documents" or "Videos", etc.
```
```plaintext {linenos=false}
"Authentication: disabled" port:445
```
Specifically domain controllers: [🔎 &#x2192;](https://www.shodan.io/search?query=%22Authentication%3A+disabled%22+NETLOGON+SYSVOL+-unix+port%3A445)
```
```plaintext {linenos=false}
"Authentication: disabled" NETLOGON SYSVOL -unix port:445
```
### FTP Servers with Anonymous Login [🔎 &#x2192;](https://www.shodan.io/search?query=%22220%22+%22230+Login+successful.%22+port%3A21)
```
```plaintext {linenos=false}
"220" "230 Login successful." port:21
```
### Iomega / LenovoEMC NAS Drives [🔎 &#x2192;](https://www.shodan.io/search?query=%22Set-Cookie%3A+iomega%3D%22+-%22manage%2Flogin.html%22+-http.title%3A%22Log+In%22)
```
```plaintext {linenos=false}
"Set-Cookie: iomega=" -"manage/login.html" -http.title:"Log In"
```
@ -455,7 +455,7 @@ Specifically domain controllers: [🔎 &#x2192;](https://www.shodan.io/search?qu
### Buffalo TeraStation NAS Drives [🔎 &#x2192;](https://www.shodan.io/search?query=Redirecting+sencha+port%3A9000)
```
```plaintext {linenos=false}
Redirecting sencha port:9000
```
@ -464,7 +464,7 @@ Redirecting sencha port:9000
### Logitech Media Servers [🔎 &#x2192;](https://www.shodan.io/search?query=%22Server%3A+Logitech+Media+Server%22+%22200+OK%22)
```
```plaintext {linenos=false}
"Server: Logitech Media Server" "200 OK"
```
@ -473,14 +473,14 @@ Redirecting sencha port:9000
### [Plex](https://www.plex.tv/) Media Servers [🔎 &#x2192;](https://www.shodan.io/search?query=%22X-Plex-Protocol%22+%22200+OK%22+port%3A32400)
```
```plaintext {linenos=false}
"X-Plex-Protocol" "200 OK" port:32400
```
### [Tautulli / PlexPy](https://github.com/Tautulli/Tautulli) Dashboards [🔎 &#x2192;](https://www.shodan.io/search?query=%22CherryPy%2F5.1.0%22+%22%2Fhome%22)
```
```plaintext {linenos=false}
"CherryPy/5.1.0" "/home"
```
@ -498,28 +498,28 @@ Example images not necessary. 🤦
### Yawcams [🔎 &#x2192;](https://www.shodan.io/search?query=%22Server%3A+yawcam%22+%22Mime-Type%3A+text%2Fhtml%22)
```
```plaintext {linenos=false}
"Server: yawcam" "Mime-Type: text/html"
```
### webcamXP/webcam7 [🔎 &#x2192;](https://www.shodan.io/search?query=%28%22webcam+7%22+OR+%22webcamXP%22%29+http.component%3A%22mootools%22+-401)
```
```plaintext {linenos=false}
("webcam 7" OR "webcamXP") http.component:"mootools" -401
```
### Android IP Webcam Server [🔎 &#x2192;](https://www.shodan.io/search?query=%22Server%3A+IP+Webcam+Server%22+%22200+OK%22)
```
```plaintext {linenos=false}
"Server: IP Webcam Server" "200 OK"
```
### Security DVRs [🔎 &#x2192;](https://www.shodan.io/search?query=html%3A%22DVR_H264+ActiveX%22)
```
```plaintext {linenos=false}
html:"DVR_H264 ActiveX"
```
@ -534,7 +534,7 @@ html:"DVR_H264 ActiveX"
### HP Printers [🔎 &#x2192;](https://www.shodan.io/search?query=%22Serial+Number%3A%22+%22Built%3A%22+%22Server%3A+HP+HTTP%22)
```
```plaintext {linenos=false}
"Serial Number:" "Built:" "Server: HP HTTP"
```
@ -543,7 +543,7 @@ html:"DVR_H264 ActiveX"
### Xerox Copiers/Printers [🔎 &#x2192;](https://www.shodan.io/search?query=ssl%3A%22Xerox+Generic+Root%22)
```
```plaintext {linenos=false}
ssl:"Xerox Generic Root"
```
@ -552,11 +552,11 @@ ssl:"Xerox Generic Root"
### Epson Printers [🔎 &#x2192;](https://www.shodan.io/search?query=%22SERVER%3A+EPSON_Linux+UPnP%22+%22200+OK%22)
```
```plaintext {linenos=false}
"SERVER: EPSON_Linux UPnP" "200 OK"
```
```
```plaintext {linenos=false}
"Server: EPSON-HTTP" "200 OK"
```
@ -565,11 +565,11 @@ ssl:"Xerox Generic Root"
### Canon Printers [🔎 &#x2192;](https://www.shodan.io/search?query=%22Server%3A+KS_HTTP%22+%22200+OK%22)
```
```plaintext {linenos=false}
"Server: KS_HTTP" "200 OK"
```
```
```plaintext {linenos=false}
"Server: CANON HTTP Server"
```
@ -586,7 +586,7 @@ ssl:"Xerox Generic Root"
### Yamaha Stereos [🔎 &#x2192;](https://www.shodan.io/search?query=%22Server%3A+AV_Receiver%22+%22HTTP%2F1.1+406%22)
```
```plaintext {linenos=false}
"Server: AV_Receiver" "HTTP/1.1 406"
```
@ -597,21 +597,21 @@ ssl:"Xerox Generic Root"
Apple TVs, HomePods, etc.
```
```plaintext {linenos=false}
"\x08_airplay" port:5353
```
### Chromecasts / Smart TVs [🔎 &#x2192;](https://www.shodan.io/search?query=%22Chromecast%3A%22+port%3A8008)
```
```plaintext {linenos=false}
"Chromecast:" port:8008
```
### [Crestron Smart Home](https://www.crestron.com/Products/Market-Solutions/Residential-Solutions) Controllers [🔎 &#x2192;](https://www.shodan.io/search?query=%22Model%3A+PYNG-HUB%22)
```
```plaintext {linenos=false}
"Model: PYNG-HUB"
```
@ -625,7 +625,7 @@ Apple TVs, HomePods, etc.
### OctoPrint 3D Printer Controllers [🔎 &#x2192;](https://www.shodan.io/search?query=title%3A%22OctoPrint%22+-title%3A%22Login%22+http.favicon.hash%3A1307375944)
```
```plaintext {linenos=false}
title:"OctoPrint" -title:"Login" http.favicon.hash:1307375944
```
@ -634,7 +634,7 @@ title:"OctoPrint" -title:"Login" http.favicon.hash:1307375944
### Etherium Miners [🔎 &#x2192;](https://www.shodan.io/search?query=%22ETH+-+Total+speed%22)
```
```plaintext {linenos=false}
"ETH - Total speed"
```
@ -645,21 +645,21 @@ title:"OctoPrint" -title:"Login" http.favicon.hash:1307375944
Substitute `.pem` with any extension or a filename like `phpinfo.php`.
```
```plaintext {linenos=false}
http.title:"Index of /" http.html:".pem"
```
### Too Many Minecraft Servers [🔎 &#x2192;](https://www.shodan.io/search?query=%22Minecraft+Server%22+%22protocol+340%22+port%3A25565)
```
```plaintext {linenos=false}
"Minecraft Server" "protocol 340" port:25565
```
### Literally [Everything](https://www.vox.com/2014/12/22/7435625/north-korea-internet) in North Korea 🇰🇵 [🔎 &#x2192;](https://www.shodan.io/search?query=net%3A175.45.176.0%2F22%2C210.52.109.0%2F24)
```
```plaintext {linenos=false}
net:175.45.176.0/22,210.52.109.0/24,77.94.35.0/24
```
@ -668,14 +668,14 @@ net:175.45.176.0/22,210.52.109.0/24,77.94.35.0/24
Port 17 ([RFC 865](https://tools.ietf.org/html/rfc865)) has a [bizarre history](https://en.wikipedia.org/wiki/QOTD)...
```
```plaintext {linenos=false}
port:17 product:"Windows qotd"
```
### Find a Job Doing This! 👩‍💼 [🔎 &#x2192;](https://www.shodan.io/search?query=%22X-Recruiting%3A%22)
```
```plaintext {linenos=false}
"X-Recruiting:"
```

27
layouts/_default/single.amp.html
View File

@ -120,23 +120,29 @@
div.right {
text-align: right;
}
code {
div.highlight, code {
font-family: "SFMono-Regular", "Consolas", "Liberation Mono", "Menlo", "Courier", monospace;
font-size: 0.9em;
padding: 0.2em;
background: #f4f4f4;
border: 1px solid #dddddd;
font-size: 0.9em;
page-break-inside: avoid;
}
pre code {
display: block;
padding: 1em 1.5em;
margin: 1.4em 0;
line-height: 1.6;
p code {
border: 1px solid #dddddd;
padding: 0.2em;
}
div.highlight {
border: 1px solid #dddddd;
border-left: 3px solid #0e6dc2;
line-height: 1.6;
max-width: 100%;
overflow-x: scroll;
page-break-inside: avoid;
object-fit: scale-down;
font-size: 1em;
margin: 1em 0;
}
div.highlight pre {
display: block;
margin-left: 1.5em;
}
div.highlight span.k, div.highlight span.kc, div.highlight span.kd, div.highlight span.kp, div.highlight span.kr, div.highlight span.kt, div.highlight span.no { color: #03748a; }
div.highlight span.n, div.highlight span.bp, div.highlight span.nb, div.highlight span.ni, div.highlight span.fm, div.highlight span.nl, div.highlight span.nn, div.highlight span.py, div.highlight span.nv, div.highlight span.vc, div.highlight span.vg, div.highlight span.vi, div.highlight span.vm, div.highlight span.p { color: #111111; }
@ -147,6 +153,7 @@
div.highlight span.c, div.highlight span.ch, div.highlight span.cm, div.highlight span.c1, div.highlight span.cs, div.highlight span.cp, div.highlight span.cpf { color: #6b6859; }
div.highlight span.ge { font-style: italic; }
div.highlight span.gs { font-weight: bold; }
div.highlight span.lnt { color: #999999; }
</style>
<link rel="icon" href="{{ "favicon-192.png" | absURL }}" sizes="192x192">