hpr4276 :: PWNED

I share how I got pwned and or allowed myself to get pwned ...

Hosted by operat0r on Monday, 2024-12-23 is flagged as Explicit and is released under a CC-BY-SA license.
Tags: hacking, computers, information security. Comments: 1.

Listen in ogg, spx, or mp3 format. Play now:

Duration: 00:21:19

Part of the series: general.

Time    Event
11:14 PM 12/7/2024  RDP Brute force for username "internet" password "notyours"
8:20 AM 12/11/2024  paypal charge for uber cash
8:23 AM 12/11/2024  text from uber for MFA to google voice
9:09 AM 12/11/2024  G2A pwned tried to buy 200$ worth of games etc
9:21 AM 12/11/2024  email from google play saying I added Kathys card to my account
9:22 AM 12/11/2024  email from amazon saying gift card canceled  .

Top 10 Source IP Addresses:

Source IP      Count
---------      -----
3.17.166.66    13165
44.222.204.3    2213
18.189.189.191  1748
52.26.221.152   1662
91.238.181.77    972
88.214.25.72     600"

Show Transcript

Automatically generated using whisper

whisper --model tiny --language en hpr4276.wav

You can save these subtitle files to the same location as the HPR Episode, and they will automatically show in players like mpv, vlc. Some players allow you to specify the subtitle file location.

<< First, < Previous, Next >, Latest >>

Comments

Subscribe to the comments RSS feed.

Comment #1 posted on 2024-12-28 16:45:18 by JonTheNiceGuy

Exposed RDP, at least it wasn't VNC (which I did!), and VPN

Hey! Glad to hear you recorded your assessment of this incident. Firstly, great work on detailing your troubleshooting steps! It's good to see someone's thought process in action! Also, I'm not a Windows sysadmin, so some of the suggestions were really interesting.

You said about talking about our worst breaches, it wasn't horrific, but I left VNC open on the machine I used to play media at home in ~2010. My first sign was that someone had opened a web browser on the desktop (which I never did) so I could see they were just using it to browse for content they were blocked from accessing. It wasn't even dodgy stuff, just personal sites.

I rebuilt the machine and turned off RDP, but that gave me a real scare.

You said about using a VPN but needing to make sure it's up to date, can I suggest looking at one of the mesh VPN products, like Tailscale, Nebula or Netbird? I used Tailscale to provide remote support to my aunt and to share content on my home network via a proxy on my VPS.

At work, I'm investigating Netbird, which is similar to Tailscale, but has the control plane hosted on a web server you control. I've previously used Nebula, but after one mishap with the PKI, I realised I couldn't trust myself to run that in the way I needed to to be managed.

All the very best, and thanks again for the content!

Leave Comment

Note to Verbose Commenters
If you can't fit everything you want to say in the comment below then you really should record a response show instead.

Note to Spammers
All comments are moderated. All links are checked by humans. We strip out all html. Feel free to record a show about yourself, or your industry, or any other topic we may find interesting. We also check shows for spam :).

Your Name/Handle:
Title:
Comment:
Anti Spam Question:	What does the letter P in HPR stand for?

Hacker Public Radio

Your ideas, projects, opinions - podcasted.

New episodes every weekday Monday through Friday.
This page was generated by The HPR Robot at Wed, 15 Jan 2025 09:08:01 +0000