3 of the 4 buttons in the bottom right corner say "grafik" (graphics?), programi (programs?), and "journal." i think it might be some kind of computer system.
This is both funny and scary. A quick look through some of them reveals (no links on purpose):
- Some UI in Swedish to control the heating system (+warm water) of two houses
- A host where the username and password are written in clear text with a gentle message of "use sudo to gain root access"
- somebody's browser logged onto something that looks like a crypto mining sys.
- an homeassistant prompt, ready for control..
As usual the IoT dominates and many open systems seem to be related to some visualisation or control.
I found one that looks like a CNC Router control interface, having that exposed to random hackers is not only a security problem, it's a safety issue. If someone moved that thing while an operator was working inside, they could cause a serious injury without even knowing
Thinking aloud: It makes me want to put up a VNC honeypot for fun. I've got a KVM switch that supports VNC that I ought to expose to the Internet. Plugging-in a vintage PC w/ no network interface card and a wacky operating system might be interesting. I guess I'd just capture the VNC traffic to watch the action. Hmm... now I have to research playing-back captured VNC sessions.
Wow, this brought back memories. I could swear I wrote a blog post about this years ago but couldn't find it.
A quick search on the local file system revealed `vnccrawl/crawler.py` from 2016 [1] using what looks like a Shodan data dump and calling out to `vncviewer.exe`. I remember randomly logging into some instances and also seeing a lot of cool random systems, including a lot of them controlling industrial systems. Guess I never ended up writing that post.
One would think that on today's Internet it would take only a couple of seconds for those to get compromised, but obfuscation as security, perhaps?
[1]: A random tip from that file: Using a password of 12345678 gives access to way more 'weakly secure' instances.
16 comments
[ 4.3 ms ] story [ 44.9 ms ] threadAlarm system? Irrigation? Whatever it is, might be easy to find on a map...
- Some UI in Swedish to control the heating system (+warm water) of two houses - A host where the username and password are written in clear text with a gentle message of "use sudo to gain root access" - somebody's browser logged onto something that looks like a crypto mining sys. - an homeassistant prompt, ready for control..
As usual the IoT dominates and many open systems seem to be related to some visualisation or control.
"sorry man but i didnt do it ithis time please check your vnc": https://computernewb.com/vncresolver/browse/#id/1011316
Thinking aloud: It makes me want to put up a VNC honeypot for fun. I've got a KVM switch that supports VNC that I ought to expose to the Internet. Plugging-in a vintage PC w/ no network interface card and a wacky operating system might be interesting. I guess I'd just capture the VNC traffic to watch the action. Hmm... now I have to research playing-back captured VNC sessions.
Edit: https://github.com/thijzert/vncreplay looks promising.
* https://computernewb.com/vncresolver/browse/#id/71726833
* https://computernewb.com/vncresolver/browse/#id/45498402 don't (or do!) google keywords from the filename. I'd hoped my guess was wrong, but it wasn't.
* Uh, a Windows session, no lock screen wallpaper, from Ashburn, VA. Hmmmm.
Man, this is just nuts. There are so many screens I'm looking at that appear unguarded. I hope most of them have input turned off, but I doubt it.
A quick search on the local file system revealed `vnccrawl/crawler.py` from 2016 [1] using what looks like a Shodan data dump and calling out to `vncviewer.exe`. I remember randomly logging into some instances and also seeing a lot of cool random systems, including a lot of them controlling industrial systems. Guess I never ended up writing that post.
One would think that on today's Internet it would take only a couple of seconds for those to get compromised, but obfuscation as security, perhaps?
[1]: A random tip from that file: Using a password of 12345678 gives access to way more 'weakly secure' instances.