SANS Holiday Hack Quest 2015 – 3

Let it Gnome! Let it Gnome! Let it Gnome!

Internet-Wide Scavenger Hunt

5) What are the IP addresses of the five SuperGnomes scattered around the world, as verified by Tom Hessman in the Dosis neighborhood?
6) Where is each SuperGnome located geographically?

Lets find some IP’s!
I like doing things the easy way, as long as it works. So lets grep all readable files on x.x.x.x – xxx.xxx.xxx.xxx.

 


52.2.229.189 caught my intresst. First of all I saw this IP earlier in the DNS C&C traffic and now it’s located in the /etc/host file I verified this IP with Tom Hessman, and as I suspected – this was a part of the Gnome C&C network. And not surprising, admin password was SittingOnAShelf.
supergnome

Now it was just to search shodan for more supergnome’s
https://www.shodan.io/search?query=supergnome

Leave a Reply

Your email address will not be published. Required fields are marked *