HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

Dorks 🔎 Shodan Dorks Megalist – Part 4: Remote Access, Routers, C2 Infra & Webcams

dEEpEst

dEEpEst

☣☣ In The Depths ☣☣
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
Joined
Mar 29, 2018
Messages
13,860
Solutions
4
Reputation
27
Reaction score
45,546
Points
1,813
Credits
55,340
‎7 Years of Service‎
 
56%
🔎 Shodan Dorks Megalist – Part 4: Remote Access, Routers, C2 Infra & Webcams

🚀 Created for Hack Tools Dark Community

Disclaimer: This post is for legal research and educational purposes only. Gaining access to devices without permission is illegal.
Click to expand...

This section exposes access points to devices and infrastructure commonly left unprotected: remote admin panels, command-and-control (C2) beacons, webcams, routers, and smart home gear.

🖥️ Remote Access – RDP, VNC, Telnet
  • Unprotected VNC: "authentication disabled" port:5900,5901
  • "authentication disabled" "RFB 003.008"
  • Windows RDP handshake (unencrypted): "\\x03\\x00\\x00\\x0b\\x06\\xd0\\x00\\x00\\x124\\x00"
  • Telnet open console: port:23 console gateway
  • Root access via Telnet: "root@" port:23 -login -password -name -Session

📶 Routers & IoT Panels
  • "hacked-router-help-sos"
  • "smart install client active" – Cisco Smart Install (exploit-ready)
  • "Citrix Applications:" port:1604
  • "press enter for setup mode port:9999" – Lantronix adapters
  • "Polycom Command Shell" -failed port:23
  • "Server: lighttpd" http.title:"- Polycom"
  • nport -keyin port:23 – Serial-to-eth converters
  • "Model: PYNG-HUB" – Crestron smart home controllers
  • "Server: AV_Receiver" "HTTP/1.1 406" – Yamaha stereo devices

🕵️‍♂️ Command & Control (C2) Infrastructure
  • Cobalt Strike:
    product:"cobalt strike team server"
    ssl.jarm:07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1
  • Brute Ratel:
    product:"Brute Ratel C4"
    http.html_hash:-1957161625
  • Covenant:
    ssl:"Covenant"
    http.component:"Blazor"
  • Metasploit:
    ssl:"MetasploitSelfSignedCA"

📷 Webcams & Surveillance
  • title:camera
  • webcam has_screenshot:true
  • "d-Link Internet Camera, 200 OK"
  • "Server: yawcam" "Mime-Type: text/html"
  • ("webcam 7" OR "webcamXP") http.component:"mootools" -401
  • "Server: IP Webcam Server" "200 OK"
  • html:"DVR_H264 ActiveX" – Security DVRs
  • NETSurveillance uc-httpd
  • Server: uc-httpd 1.0.0

Next: Part 5 will focus on NAS devices, exposed printers, smart TVs, smart homes, Plex, Pi-hole, Minecraft servers, and misc Shodan goldmines.

Discuss:
Have you found open routers, webcams or C2 servers online? Share findings or lab setups with the community. 🧠
 
You must log in or register to reply here.
Back
Top