Are You Ready for Hacking, Tracking Ships & other Floating Vessels ?? Aye Aye Captain !!


Synopsis:

In this post I will show you how a malicious Hacker can use Shodan Search Information for tracking ships in the open ocean. As nowadays all floating vessels are connected to Satcom boxes with VAST or GSM/LTE the endpoint of satcom boxes are over the internet that can be easily identified with some open source intelligence techniques (OSINT) and real time monitoring/tracking of vessels. 


Many satcoms like Telenor, Inmarsat and Cobham can be searched over internet with simple keywords like org:"Inmarsat Solutions US" or "SAILOR 150 FleetBroadband" which can give various results for open satcom and try login with default credentials like HTTP admin/1234 or PPPoE void/void.

Basic terminologies that one should know once entered successfully into satcom :-
AIS - Automatic identification system <TL;DR>
MMSI - Maritime Mobile Service Identity <TL;DR>
IMO - International Maritime Organization <TL;DR>

Getting Started :-
1. Open Shaodan Search and look for various keywords Eg. "SAILOR 150 FleetBroadband" <TL;DR>


A. Ship OSINT With Shodan Search Keywords:
1. "Cobham SATCOM"
2. "Sailor" 
3. "VSAT"
4. "Sailor 900"
5. "SAILOR 900 VSAT"
6. "thrane"
7. "SAILOR 150 FleetBroadband"
8. "SAILOR 150"
9. "Cobham SATCOM - SAILOR 150 FleetBroadband"
10. org:"MARLINK"
11. Server: "TT-3672 IP Handset - 1.17.1687"
12. Server: "TT-3672 IP Handset"

B. Submarine Mission Control Dashboards :
title:"Slocum Fleet Mission Control"

C. CAREL PlantVisor Refrigeration Units :
"Server: CarelDataServer" "200 Document follows"

D. Nordex Wind Turbine Farms
http.title:"Nordex Control" "Windows 2000 5.0 x86" "Jetty/3.1 (JSP 1.1; Servlet 2.2; java 1.6.0_14)"

E. C4 Max Commercial Vehicle GPS Trackers
"[1m[35mWelcome on console"

F. DICOM Medical X-Ray Machines
"DICOM Server Response" port:104

G. GaugeTech Electricity Meters
"Server: EIG Embedded Web Server" "200 Document follows"

H. Siemens Industrial Automation
"Siemens, SIMATIC" port:161

I. Siemens HVAC Controllers
"Server: Microsoft-WinCE" "Content-Length: 12581"

J. Door / Lock Access Controllers
"HID VertX" port:4070

K. Railroad Management
"log off" "select the appropriate"

2. Once search is finished open the satcom's IP in any browser and try login with default passwords.




3. Once entered successfully inside satcom look for AIS, MMSI or IMO for tracking ship real-time positions in open ocean or play around and try to listen SIP calls.





4. Google Search for GPS coordinates 



5. Real-Time Searches with help of AIS and MMSI



For live traffic check out following websites :-

1. https://www.marinetraffic.com/
2. https://www.vesselfinder.com/
3. https://www.fleetmon.com/
4. https://shipfinder.co/
5. https://www.cruisemapper.com/
6. https://www.myshiptracking.com/
7. http://www.vtexplorer.com/
8. https://www.vesseltracker.com/
9. https://www.ww3.maritrace.com/
10. https://www.marinevesseltraffic.com/

Thanks For Read...

Author: Raghav Bisht