16 comments

[ 4.3 ms ] story [ 44.9 ms ] thread
This is kind of funny. Half tempted to run one with an advertisement background and see who'll rent some pixels.
This is both funny and scary. A quick look through some of them reveals (no links on purpose):

- Some UI in Swedish to control the heating system (+warm water) of two houses - A host where the username and password are written in clear text with a gentle message of "use sudo to gain root access" - somebody's browser logged onto something that looks like a crypto mining sys. - an homeassistant prompt, ready for control..

As usual the IoT dominates and many open systems seem to be related to some visualisation or control.

Well, it is said that the S in IoT stands for security
I found one that looks like a CNC Router control interface, having that exposed to random hackers is not only a security problem, it's a safety issue. If someone moved that thing while an operator was working inside, they could cause a serious injury without even knowing
VNC servers exposed directly to the Internet are horrifying but sadly predictable.

"sorry man but i didnt do it ithis time please check your vnc": https://computernewb.com/vncresolver/browse/#id/1011316

Thinking aloud: It makes me want to put up a VNC honeypot for fun. I've got a KVM switch that supports VNC that I ought to expose to the Internet. Plugging-in a vintage PC w/ no network interface card and a wacky operating system might be interesting. I guess I'd just capture the VNC traffic to watch the action. Hmm... now I have to research playing-back captured VNC sessions.

Edit: https://github.com/thijzert/vncreplay looks promising.

Wow, this brought back memories. I could swear I wrote a blog post about this years ago but couldn't find it.

A quick search on the local file system revealed `vnccrawl/crawler.py` from 2016 [1] using what looks like a Shodan data dump and calling out to `vncviewer.exe`. I remember randomly logging into some instances and also seeing a lot of cool random systems, including a lot of them controlling industrial systems. Guess I never ended up writing that post.

One would think that on today's Internet it would take only a couple of seconds for those to get compromised, but obfuscation as security, perhaps?

[1]: A random tip from that file: Using a password of 12345678 gives access to way more 'weakly secure' instances.