from Hacker News

VNC Resolver

by maltalex on 4/11/24, 11:51 PM with 15 comments

• by efrecon on 4/12/24, 12:05 PM

  This is both funny and scary. A quick look through some of them reveals (no links on purpose):

  - Some UI in Swedish to control the heating system (+warm water) of two houses - A host where the username and password are written in clear text with a gentle message of "use sudo to gain root access" - somebody's browser logged onto something that looks like a crypto mining sys. - an homeassistant prompt, ready for control..

  As usual the IoT dominates and many open systems seem to be related to some visualisation or control.

• by metadat on 4/12/24, 3:47 AM

  This is kind of funny. Half tempted to run one with an advertisement background and see who'll rent some pixels.

• by Macuyiko on 4/13/24, 6:05 PM

  Wow, this brought back memories. I could swear I wrote a blog post about this years ago but couldn't find it.

  A quick search on the local file system revealed `vnccrawl/crawler.py` from 2016 [1] using what looks like a Shodan data dump and calling out to `vncviewer.exe`. I remember randomly logging into some instances and also seeing a lot of cool random systems, including a lot of them controlling industrial systems. Guess I never ended up writing that post.

  One would think that on today's Internet it would take only a couple of seconds for those to get compromised, but obfuscation as security, perhaps?

  [1]: A random tip from that file: Using a password of 12345678 gives access to way more 'weakly secure' instances.

• by yonatan8070 on 4/12/24, 4:00 PM

  I found one that looks like a CNC Router control interface, having that exposed to random hackers is not only a security problem, it's a safety issue. If someone moved that thing while an operator was working inside, they could cause a serious injury without even knowing

• by speps on 4/12/24, 7:30 AM

  https://computernewb.com/vncresolver/browse/#id/48195007

  Alarm system? Irrigation? Whatever it is, might be easy to find on a map...

• by bingo-bongo on 4/12/24, 4:13 AM

  Does anyway know what this is? https://computernewb.com/vncresolver/browse/#id/93018360

• by EvanAnderson on 4/12/24, 7:23 PM

  VNC servers exposed directly to the Internet are horrifying but sadly predictable.

  "sorry man but i didnt do it ithis time please check your vnc": https://computernewb.com/vncresolver/browse/#id/1011316

  Thinking aloud: It makes me want to put up a VNC honeypot for fun. I've got a KVM switch that supports VNC that I ought to expose to the Internet. Plugging-in a vintage PC w/ no network interface card and a wacky operating system might be interesting. I guess I'd just capture the VNC traffic to watch the action. Hmm... now I have to research playing-back captured VNC sessions.

  Edit: https://github.com/thijzert/vncreplay looks promising.

• by k8svet on 4/12/24, 8:36 PM

  My favorites:

  * https://computernewb.com/vncresolver/browse/#id/71726833

  * https://computernewb.com/vncresolver/browse/#id/45498402 don't (or do!) google keywords from the filename. I'd hoped my guess was wrong, but it wasn't.

  * Uh, a Windows session, no lock screen wallpaper, from Ashburn, VA. Hmmmm.

  Man, this is just nuts. There are so many screens I'm looking at that appear unguarded. I hope most of them have input turned off, but I doubt it.

• by fossdd on 4/12/24, 4:40 PM

  very funny :)