Welcome back, my cyberwarriors!
The Russian invasion of Ukraine continues and the courageous people of Ukraine need our help. In previous posts, I have emphasized that there are many outdated and vulnerable systems around the world. Not everyone updates and upgrades their operating systems. These systems are particularly vulnerable to known attack vectors.
Russia is one of those countries that has not been vigilant in updating and upgrading its operating systems. This makes these systems particularly vulnerable to attack. Reportedly, Putin still uses Windows XP!
Let's see whether we can find more of these highly vulnerable systems in Russia!
Step #1: Open Shodan
The first step is to open Shodan.io. I recommend you start an account with Shodan as the unregistered account is very limited. Now we can enter our country code:
country:ru
and the operating system:
os:"windows xp"
As you can see below, there are 45 systems in Russia connected to the Internet and using Windows XP from 2003!
The server version of Windows XP was Windows Server 2003 (Build 3790). Let's find those in Russia.
country:ru os:"windows server 2003"
Over 600 systems in are still using Windows 2003. Note that they use NTLM authentication and are running SMB version 1, both highly vulnerable to attack.
In addition, there are likely many systems in Russia running Windows 7 with all its vulnerabilities. Let's look.
country: ru os:"windows 7"
Over 8000 systems are running Windows 7 and connected to the Internet!
The Windows Server version of Windows 7 was Windows Server 2008. Windows Server 2008 is riddled with vulnerabilities. Let's see what systems in Russia are using it.
country:ru os:"windows server 2008"
Note that on these systems we see the highly vulnerable SMB version1.
Summary
Russia has invaded a free and sovereign state and this must not be allowed to stand! It is the responsibility of all of us to help Ukraine in any way we can or we could be next. Russia must be pressured to leave the free and brave Ukrainians!