Shodan.io is a search engine for the internet of things. There is a room about Shodan in Tryhackme and this walk-through is about that.

Due to the nature of Shodan and its scanning services, the answer is changing all the time. So keep trying.

Task 01

An autonomous system number (ASN) is a global identifier of a range of IP addresses. Basically, large companies like Google, Microsoft have their own ASN for all of the IP addresses they own.

To find out ASN, first, we can search their IP address: ping google.com

We can put the IP address into an ASN lookup tool such as ultralools/asninfo

Though, we can put the company name here to find the ASN, using the IP address seems the easiest one to me.

asn-lookup

On shodan, we can search using the ASN filter. The filter is: ASN:[number] here, the number is marked on the picture.

ASN-01

Task 02

  • What is Google’s ASN number?

Ans: You know it now. ;)

  • When it was allocated?

Ans: Again, look at the details.

  • Where are most of the machines on this ASN number, physically in the world?

Ans: United States.

top_country

  • What is Google’s top service across all their devices on this ASN?

Ans: SSH.

ssh

  • What SSH product does Google use?

Ans: OpenSSH.

  • What is Google’s most used Google product, according to this search? Ignore the word “Google”.

Ans: Cloud.

product

Task 03

Here is a list of filters for shodan:

  1. product: product Name (ex: MySQL)
  2. city
  3. country
  4. Geo (co-ordinates)
  5. Hostname
  6. net (based on IP/CIDR)
  7. os (find operating systems)
  8. port
  9. before/after (time-frames)

Task 04

  • What is the top operating system for MYSQL servers in Google’s ASN?

Ans: 5.6.40–84.0-log

server

  • What is the 2nd most popular country for MYSQL servers in Google’s ASN?

Ans: Netherlands.

netherlands

  • Under Google’s ASN, which is more popular for nginx, Hypertext Transfer Protocol, or Hypertext Transfer Protocol(s)?

Ans: HyperText Transfer Protocol.

port_80_1

port_80

Port 80 stands for HTTP; port 443 stands for HTTPs.

  • Under Google’s ASN, what is the most popular city?

Ans: Mountain View. (answer changes time to time)

  • Under Google’s ASN in Los Angeles, what is the top operating system according to Shodan?

Ans: PAN-OS. (answer changes time to time)

city

pan-os

  • Using the top Webcam search from the explore page, does Google’s ASN have any webcams? Yay / nay.

Ans: Nay.

Task 05

Shodan has a limit on the free user account. It has an API, use it for more searches.