Today I stumbled upon Shodan, a search engine for devices and services.

I decided to search for Citrix and this was the first page of results:
SNAGHTMLf942758

It’s interesting to see that we get details such as the name of published applications. But it’s possible to get even more details:

SNAGHTMLf96a047

 

Seems like this is an old XenApp Server (or perhaps even Presentation Server) that’s directly connected to the internet.

Let’s attempt to connect with RDP:

SNAGHTMLf995853

Wow someone doesn’t care much about security!

Let’s try another one:

image

Seeing other services such as Oracle in the list made me think of other searches.

Sharename:

SNAGHTMLfa266bf

Searching for Metaframe brings up numerous old unpatched systems. The screenshot below is from a hotel which offers a lot of services (phun intended):

image

They must be secure though because they have a firewall.

SNAGHTMLfa7f952

What about a bank with telnet?

SNAGHTMLfab916d

Searching for Remote Desktop even shows screenshots:

SNAGHTMLfacf88e

If you register for an account you can get an api key for automated queries. Combine it with Metasploit and serve up a list of exploitable systems of your liking!