Thanks to SHODAN (please also visit Johns website at www.shodanhq.com and don’t forget to contribute his work) it is quite easy to locate MEDION NAS-Servers on the web.
This is also a very good example on how to use NetworkToolbox in combination with SHODAN.
- Step 1. (spy your device)
First, given that you own such a MEDION-NAS Server (but any oder device with Web-Interface can be used as well), just open the Socket tool in NetworkToolbox, type in the IP of this box, select port 80 and tap on connect.
- Step 2. (locate uncommon and unique strings)
Next, tap on the HEAD command on the command-bar at the top, then press OK to confirm the host (the NAS accepts any host)
Then, you will see what the NAS Server returns such as:
HTTP/1.0 301 Moved Permanently
Date: Sun, 01 Sep 2013 07:16:42 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8o mod_wsgi/2.4 Python/2.6.2
Location: http ://XXX.XXX.XXX.XXX/cmd,/ck6fup6/register_main/redirectHome
The interesting thing here is the ck6fup6/register part which is quite uncommon.
- Step 3. (search by using SHODAN)
Now, you can enter this part or pattern as search term in the SHODAN tool. SHODAN will find many MEDION-NAS Servers mostly in Europe of course. Not sure if some of them still use the default credentials which can be found in the manual, which is available on the web. It’s admin and 1234.
Today’s data update will add the aforementioned pattern as SHODAN search term (the list that appears when tapping the ? button) and also, this information has been added to the “How to” section in the Resources tab.
Stay tuned,
Marcus
P.S. I am already working on some improvements for NetworkToolbox. Especially the Network- and Portscan deserves some improvements.