Тёмный

I Exposed a Windows 2000 Machine to the Internet... Here’s What Happened 

Felix Sturmat
Подписаться 5 тыс.
Просмотров 358 тыс.
50% 1

All of this was done for scientific purposes, of course.
Here's how I managed to expose the computer:
fsturmat.net/blog/05042022/
Here's a professional analysis of "C:\installed2.exe":
www.bitdefender.com/files/New...
Special thanks to Fornax Void for letting me use some of his tracks:
Cyberspace Database - Rāmen Multinode
Cyberspace Database - Cyberspace Database

Наука

Опубликовано:

 

17 май 2022

Поделиться:

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист
Посмотреть позже
Комментарии : 812   
@fsturmat
@fsturmat 2 месяца назад
347K views... wow. I'd like to thank all of you, both enjoyers and non-enjoyers. This video has blown up at a time where I did not expect anything miraculous to happen, but it somehow did. And to all of you who have reached out to me in private: Thank you two times! The video was never meant to blow up like this. I simply wanted to tell a story and tried to be authentically me while doing so. And maybe, just maybe, that's what it made stand out from all the machine-generated content and advertiser-friendly attention farms. Speaking of authenticity, I have wasted nearly 90% of my time ever since this video was uploaded. I got stuck in freelancing hell which I then replaced with the hell of holding onto a dead-end job. During this time, I also allowed myself to be taken advantage of by various freeloaders. My online content, even though it hasn't made me a single cent yet, is both an opportunity and a responsibility I have (somewhat knowingly) neglected. I don't have 9+ years experience with Angular, I'm not a blockchain artist, I couldn't care less about coffee machines and I'm definitely not someone's fucking "ninja". Yet, I have seen so much corporate cancer that I'm willing to accept the "content creation gamble" as my only lord and savior. In order to do so, I need help. Your help. In many regards. If my video gave you something, and be it just a slight smirk, feel free to join this blank Discord: discord.gg/BhxyNCdbQ6
@namesurname4666
@namesurname4666 2 месяца назад
eric parker linked your video, that's why
@NaraSherko
@NaraSherko 2 месяца назад
Second
@robertbensch7748
@robertbensch7748 8 месяцев назад
I can´t believe nobody mentioned it: It is very immersive and authentic to have this video in 4:3 format.
@Knaeckebrotsaege
@Knaeckebrotsaege 7 месяцев назад
wait wtf... how did i not even notice that till you mentioned it?! 🤨
@roberthorchar5690
@roberthorchar5690 7 месяцев назад
I didn't even notice that's awesome LOL
@LuisJSFilho
@LuisJSFilho 7 месяцев назад
I really liked this on my Galaxy Fold 4
@7EEVEE
@7EEVEE 7 месяцев назад
I'm so used to 4:3 stuff I always fail to realise when a youtuber does it intentionally lol
@SlinkyD
@SlinkyD 7 месяцев назад
Watching on TV, 4:3. Commenting on my phone, video not 4:3.
@MrCobalt
@MrCobalt 8 месяцев назад
Anyone who spends any amount of time checking router or server logs for connection attempts knows all too well how the net is swarming bots that endlessly scan for systems and devices to exploit.
@joelopez7459
@joelopez7459 7 месяцев назад
my netgear router hasn't been updated in a year, this is where I worry. I had a D-Link before that went like 10 years without an update
@Athiril
@Athiril 7 месяцев назад
When i actually had Win 2k, XP back in their era that was also true back then, because if i connected to the internet after a fresh install with no firewall, AV etc setup, id get a bunch of malwate via exploits
@HarakiriRock
@HarakiriRock 6 месяцев назад
I learned this the hard way when my server was hit with ransomware because of SMB vulnerability.
@innocuousmerchant8766
@innocuousmerchant8766 6 месяцев назад
@@Athirilman that takes me back. I had the same shit happen.
@spvillano
@spvillano 6 месяцев назад
Tempts me to toss a win 3.51 machine online. I’m willing to bet even the hornets would get pissed off.
@prispalos
@prispalos 8 месяцев назад
The burp left in the edit, the "certain disease that escaped" conspiracy reference, the whole premise of the video, the V-neck-by-force... there is so much unsettling stuff in this video. I love it. This guy is deranged. Subscribed.
@fsturmat
@fsturmat 8 месяцев назад
Well, wearing those exact specific white shirts with that particular V-neck has been an essential trait of mine for quite some time. I think the microphone that was stuck to my shirt might have expanded my cleavage a bit, so I totally get what you mean. Thank you for the heartwarming comment!
@rmgibsontx
@rmgibsontx 8 месяцев назад
Ditto!
@app0the
@app0the 8 месяцев назад
Felix: *burp* RU-vid's auto-captioning: "[Music]"
@Gaming_Stuff
@Gaming_Stuff 8 месяцев назад
@@app0the That burp really was a [music] moment
@dylon4906
@dylon4906 8 месяцев назад
I fucking lost it at the burp, absolutely incredible content
@glock21guy
@glock21guy 8 месяцев назад
Back when win2k was new, I was setting up a fresh install and got hacked before I even finished setting it up. Back then, during install, it would bring up SMB before even setting the admin password and allowed logging in with no password over SMB to the admin account. Very secure stuff there.
@poiiihy
@poiiihy 8 месяцев назад
bruh moment
@poiiihy
@poiiihy 8 месяцев назад
some web apps still work like this today, exposing a first run set up form for stuff like admin password etc. if you set up public web access with your domain etc before doing the initial setup, a bot could take over. when i was trying out nextcloud i shared screenshots with my friends and then found they did the initial setup and stole my server so i had to delete it and start over lol
@jfbeam
@jfbeam 7 месяцев назад
Indeed. I watched a machine get compromised _while in the installer!_ NEVER connect anything from M$ directly to the internet. Don't even expose a single port to the internet.
@RedTroPc
@RedTroPc 7 месяцев назад
Bruh lmao
@chupathingy5862
@chupathingy5862 7 месяцев назад
Reminds me of my first real computer. I got it all set up with a fresh copy of XP, plugged it in to the phone line, dialed in to AOL, and immediately got hit by the Blaster worm. I didn't even load up a browser.
@Daniel15au
@Daniel15au 2 года назад
Years ago (maybe 10 years ago now?) I exposed a Windows 98 machine to the internet, and absolutely nothing happened. My theory was that nobody was exploiting such an old OS any more. Edit: I meant exposed directly to the internet - directly connected to a modem, no router or NAT, no firewall, all ports opened.
@fsturmat
@fsturmat 2 года назад
Hey there, before getting started with my reply... I just wanted to let you know that your subscription list is an absolute goldmine! I'd say that there's a combination of reasons why that might be the case. While my Win2K machine has started to show some really weird behaviour within a couple of minutes, I actually left my 486 with Win95 (+ file and printer sharing enabled) exposed for quite some time, which didn't seem to affect it at all. I later found out that the suspicious pings I mentioned in my video have actually been echo replies coming back from my machine. Windows 9x somehow manages to be one of the most attack-proof operating systems out there. The security of NT (especially end-user systems like 2000 and XP) used to have more holes than swiss cheese... especially during active lifespan. Self-spreading worms like Sasser and Blaster were able to propagate without any user interaction. Even having a fully updated system on some kind of network could get you infected. For some reason, such devastating vulnerabilties have never been discovered on the 9x platform. My theory is that the simplicity and straightforwardness of the project allowed engineers to be more careful during development. Considering what's known about it, NT must have been a corporate hellscape during its early development phase. But Win9x has four network-driven flaws that I know of: NinNuke, Ping of Death, badly configured network drives and EternalBlue. The first two vulnerabilities are DoS-based attacks - one causes the computer to completely freeze, the other one will make it display a bluescreen. So that's nothing that a reboot couldn't fix. While not being a 9x-exclusive thing, the attack schemes and self-replicating worms from back then heavily relied on users' mistakes of sharing local drives to the outside world. See here: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-IVYg8ob0HT8.html I spent quite a bit of time lecturing myself about EternalBlue since this video. The code causing it to be must have been written somewhere in the early-to-mid 90s. Some of the functions involved still carry references to OS/2 in their name. I assume that throth WinNT, Win9x and OS/2 were using the same 32-bit code for their vulnerable CIFS implementation. That's why I'm quite convinced that the remote code execution we've seen in the video might also work on Win9x, assuming someone really wants to make that happen. But here's the thing: Before Windows 2000 was a thing, CIFS was being provided on top of the NBT protocol via port 139. With Windows 2000 and anything that came after, CIFS had become an independent protocol in the form of SMBv1 and its default port of 445. Since EternalBlue is a relatively recent discovery, all of the exploit source codes that are publicly available don't seem to care about exploiting the old NBT-reliant implementation. So you are completely right with your theory.
@fsturmat
@fsturmat Год назад
I just realized... you are the guy who made "Everything is (Google) Chrome" back in 2013. I feel absolutely honored to have you as a viewer! You are a prophet.
@gt8200-0
@gt8200-0 Год назад
People are more exploiting Windows Vista/7 now
@luk3z517
@luk3z517 Год назад
Bad theory.
@pikachuchujelly7628
@pikachuchujelly7628 Год назад
The thing with Windows 9x is that there's no permission model in place, so if you do get a RCE vulnerability, it can literally do anything on the machine, including installing VxDs to access kernel mode.
@marcoseliasmep
@marcoseliasmep 8 месяцев назад
Here in Brazil it is very common seeing small business with Windows XP or 7. Luckily most routers automatically protect them by not exposing them directly. Any small percentage of users with old systems is big if we think about the total: billions of PCs worldwide. So there are thousands or even millions of machines running old software.
@decotheepicguy
@decotheepicguy 8 месяцев назад
you mean windows 10 or 7
@RetroDsk
@RetroDsk 8 месяцев назад
@@decotheepicguy He means XP or 7
@decotheepicguy
@decotheepicguy 8 месяцев назад
@@RetroDsk i know but i corrected the operating systems, not the names
@mrclassyturtle843
@mrclassyturtle843 8 месяцев назад
​@@decotheepicguybut you're still wrong because he meant Windows XP or 7.
@urbexingTss
@urbexingTss 8 месяцев назад
still wrong@@decotheepicguy
@ImbraWolf
@ImbraWolf Год назад
i feel like a hacker was so confused to see a windows 2000 machine on the internet
@ViroRads
@ViroRads 6 месяцев назад
Not surprising given though most offices and other work environments use older software, so whoever (or whatever) hacked his pc might as well thought he was getting inside a really old company/office pc.
@fungo6631
@fungo6631 6 месяцев назад
OP did mention that it was more likely a bot than an actual human.
@BGraves
@BGraves 5 месяцев назад
​@@ViroRadsyou missed the point. A windows machine sitting on a public ip NOT behind NAT with smb ports open 😂
@ssznajder
@ssznajder 8 месяцев назад
The humor in this video is so good. It's the first video of yours I've seen, and I see it's a year old. I hope to see more videos closer to the current moment when I visit your channel. EDIT: I'm devastated, Felix. You must resume uploading videos at once!
@fsturmat
@fsturmat 8 месяцев назад
Thank you for letting me know about your devastation! I have been quite busy with all kinds of stuff besides RU-vid, a legal battle and marriage being one of them. Since that video got hit by the algorithm, I have a strong urge to re-satisfy my subscribers. Once again, thank you for your kind words. I'll definitely keep you all updated. By the way, I have scrolled across your very own content. Maybe your philosophical insights will help me get closer to my goal.
@Snipa127
@Snipa127 8 месяцев назад
@@fsturmat I also found this thanks to my autism being decoded by the algorithm, and I support new uploads! Got yourself a subscriber my friend,; godspeed with your life troubles, hope to see you soon! FTL
@thephoenixsystem6765
@thephoenixsystem6765 6 месяцев назад
​@@Snipa127"...thanks to my autism being decoded by the algorithm..." Thank you for giving us a way to express that sentiment!
@gwgux
@gwgux 8 месяцев назад
As a network engineer I already knew what was going to happen before I clicked on the video. Windows 2000 was a very good OS...for it's time. However, it was a nightmare to secure. As was Windows XP, but at least WinXP got better with SP2. It looks like your Windows 2000 PC was hacked almost immediately after getting online. I expected as much. Anything running default settings usually gets hacked almost instantly when directly exposed to the Internet. It's the settings the hackers know best after all. :) Nice little experiment though. I'll have to check your other videos when I get a chance. ;)
@Intell1s
@Intell1s 8 месяцев назад
Hi. Quick question; considering that the system is legacy and no longer being supported by Windows, and therefore no security patches for today’s threats, could this be a reason the system was hacked as well? Thanks.
@gwgux
@gwgux 8 месяцев назад
@@Intell1s Yes, definitely. There is still code from Windows 2000 present in Windows 11. While Windows 11 gets patches, they are not fixed on Windows 2000. It is common practice for hackers to find holes they can exploit from this old code in modern Windows systems. That's why headlines like, "Microsoft patches 20 year old security flaw", get made. In addition to that, back in the day when Windows 2000 was all the rage and we all wanted to run it instead of Windows ME and before Windows XP came around, Windows 2000 was still very hackable. We learned a lot of hard lessons like the importance of installing a firewall (it didn't come with one) and making sure to not directly expose it to the internet. It was common place for people to plug into their cable modem and get a public IP back then whereas now the box from your ISP hands out private IPs by default in most cases. Some setups will still hand out public IPs (they still do if you put it in "bridge mode" to use your own router), but it's not very common for people to be using a public IP directly on their PC anymore. Windows 2000 was loved by many in the IT community for being reliable (when it wasn't directly exposed to the Internet). It didn't crash nearly as often as Windows 9x, Windows ME was so bad that 99% of us skipped it, and it ran the latest games surprisingly well (most games had moved to Win32 instead of DOS by then).
@chupathingy5862
@chupathingy5862 7 месяцев назад
This is why my xp build is, and shall forever remain, airgapped.
@FlakerGamer
@FlakerGamer 6 месяцев назад
why my computer dont get any virus? i use windows 2000 too and i search for virus everyday
@illilya
@illilya 6 месяцев назад
I remember that it was tight and sweet except for driver issues for audio/video because it wasn't for average home users and I assumed, more professional applications but I ended up always seeing XP as just 2000+.
@Bokatrice
@Bokatrice 8 месяцев назад
I had a Windows XP machine set up to run a Garry's Mod server one time. It was meant to run 24/7 on our home network so I wouldn't need to pay the $20 a month for a remote server. Machine lasted about 18 hours before it got hit with probably the same exploit and had its BIOS flashed over - someone likely sent the CIH virus over. Its IP was publicly hosted on server listings and the game can report back what OS the server runs, and it was port forwarded.
@د-ت
@د-ت 8 месяцев назад
damn tho u did a good job hosting it tho
@drudigger
@drudigger 8 месяцев назад
Lol same with my windows xp setup for minecraft back in the alpha days
@M8Military
@M8Military 8 месяцев назад
​@@drudiggerwas xp even supported by m$ during Mc alpha days? Im pretty sure win 7 was out by then
@aylen7062
@aylen7062 8 месяцев назад
@@M8Military I played 1.9 in XP.
@pikaaxyt
@pikaaxyt 8 месяцев назад
@@M8Militaryyes, xp was supported until 2014, by 2014 1.6 (maybe even 1.7) was already released
@vanderlinde4you
@vanderlinde4you 8 месяцев назад
The difference of a "direct connection" through the internet such as over Dialup or sitting behind a router, is massive. If you have the first one your 100% guaranteed to be hit with a worm exploiting the living snot out of your 2000/xp machine. The 2nd one pretty much blocks most common exploits, but still no guarantee for a safe experience.
@xenostim
@xenostim 8 месяцев назад
that's interesting I've never considered that. it makes sense. but wouldn't a worm just wait for the slow responses from the dial-up connections? do they use timeouts to ignore slow connectsion?
@vanderlinde4you
@vanderlinde4you 8 месяцев назад
@@xenostim If i'm correct it was super easy to be hit by that blaster worm, if you where "unprotected" on the internet. Dialup or not - you could have a worm that would gather personal stuff, collect logins and once in a while send it to the master. it could also infect your home network, it was quite the issue back then. When you where behind a router, most ports where standard blocked unless you specified them to be open. The biggest culprit of downloading over P2P for example was the obvious hidden malware.
@MelodyGoad
@MelodyGoad 8 месяцев назад
*you're 100% guaranteed
@MelodyGoad
@MelodyGoad 8 месяцев назад
@@vanderlinde4you *most ports were blocked by default *When you were behind a router
@GregoryShtevensh
@GregoryShtevensh 8 месяцев назад
​@vanderlinde4you I used to put my PS3 into the DMZ on my router because UPNP and port forwarding just didn't work well for every game. I found Nat type 1 worked well, and so it was, I kept my PS3 in the DMZ. Even when I used other OS to run Linux, then used Windows emulator to install a lightweight version of Windows XP! It ran so slow that I never really used it much, because the PS3 just didn't allocate much ram to Linux, and the GPU was completely cut off from the other OS feature also. So I had hardly any memory, no Graphics accelerator, and God knows how much left over CPU power. Never seen Windows XPboot so slow 😂😂
@YuJay
@YuJay 8 месяцев назад
I remember installing Windows XP without any service pack and having loads of vulnerabilities with the netsend service and you could get worms just by connecting to the internet without Service Pack 1 or no firewall.
@Michael-lg4wz
@Michael-lg4wz 8 месяцев назад
I got a worm within 2 minutes once on 56k
@PsRohrbaugh
@PsRohrbaugh 8 месяцев назад
You just unlocked a memory for me... In my high school computer lab, kids would use net send to send offensive pop-up messages to each other.
@Windows_7899
@Windows_7899 4 месяца назад
SP2 Then?
@StuffJason437
@StuffJason437 Год назад
Out of everything they choose to bitcoin mine on a freakin' dinosaur ...
@drumguy1384
@drumguy1384 8 месяцев назад
Likely it's a bot that is looking for anything that is vulnerable to any of the exploits it is familiar with (EternalBlue is very common) and tries to install the crypto miner on it. There is apparently no logic to determine how useful the infected machine will be at mining said crypto. Mining on one dinosaur might be shit, but every little bit helps and it's all free anyway, so who cares?
@ConstantlyDamaged
@ConstantlyDamaged 7 месяцев назад
This brings back memories. Back in the early-to-mid 2000s I used to work in a computer store. We had a pile of test phone lines, and internal 56k modems were the standard at the time. Sometimes we'd have races to see how long it would take an unpatched, fresh install of Windows to get a virus. Even in the days before Eternal Blue, it didn't take long at all.
@SPTSuperSprinter156
@SPTSuperSprinter156 Год назад
I remember years ago putting a Win2k computer on the internet via dial up and getting messenger spam. That wasn't fun. It was also the start of a journey learning about these things, and how horrendously badly configured Windows was out of the box back then. I still occasionally get bouts of paranoia and run port scans on my network, though with firewalling on the network and OS side it is less likely to ever be a problem. If only Windows 2000 had a firewall like XP did.
@russ254
@russ254 8 месяцев назад
zonealarm
@mrmerlin6287
@mrmerlin6287 8 месяцев назад
I think Windows 2000 SP4 addressed that.
@procta2343
@procta2343 8 месяцев назад
@@russ254 I used to use that on my XP rig and other peoples rigs too. Kept the system safe, I have it on here, too. Not sure if its doing much now lol.
@lastotallyawesomebleach204
@lastotallyawesomebleach204 8 месяцев назад
I'm pretty sure they added a firewall when they released sp4.
@lcrazy8l
@lcrazy8l 8 месяцев назад
NetBIOS dialog boxes **shudder**. If you were on dialup it was a plague. 😂. There was no way to stop it without a third party firewall or knowing how to shut the service off.
@sutorippuwebmaster8783
@sutorippuwebmaster8783 8 месяцев назад
Having been working with and repairing PCs for decades, the 9x/2000/XP era BSODs are forever ingrained into my nightmares.
@asdfghyter
@asdfghyter 8 месяцев назад
i remember doing this experiment accidentally a couple of decades ago. i and my dad helped a family member setup a new computer in their new apartment. so we installed windows using a cd and connected it directly to the internet without a router or firewall in between, so we could run windows update on it. in like 15 minutes or so it was already smock full of viruses and we had to start over from the beginning. it was quite shocking how quickly it happened!
@o0Donuts0o
@o0Donuts0o 7 месяцев назад
Sorry but how do you “connect to the internet” without a router? Are you just in every subnet all at once? You must of had one hell of a layer-2 link.
@asdfghyter
@asdfghyter 7 месяцев назад
@@o0Donuts0o i mean, yeah, of course there are plenty of routers in the way, what i meant is no home router with built in firewall and NAT, so the computer gets a public IPv4 address and anyone on the internet can connect to it. i believe it had win XP or 2000 without service pack 1 and 2, which had some major well known vulnerability that allowed worms to infect the computer without any interaction needed
@nedhedrick5752
@nedhedrick5752 8 месяцев назад
Another fun exercise is to expose an unsecured FTP server to the unfiltered internet. I did this years ago just to see what happened. Within less that 2 minutes, login attempts started from all manner of exotic places. It was quite interesting to watch the "attacks" expand and files being uploaded...
@LiEnby
@LiEnby 7 месяцев назад
What happens with SSH and no password..
@boo62919
@boo62919 7 месяцев назад
I always find it funny how people try to upload files to something unsecured. Like maybe hack something worth of value instead of an old PC. LOL Like you going to be a thief be a good thief. LOL
@mossmeow
@mossmeow 7 месяцев назад
⁠​⁠@@boo62919every device is worth attempting to exploit when you can write a script once to try on every device it finds and then run it forever or maybe theyre trying to take over stuff for fun. who knows
@SintaxBSD
@SintaxBSD 6 месяцев назад
@@LiEnby not a whole lot but if you're curious there are a bunch of neat SSH honeypots you can deploy in cygwin/docker/jails/pyenv with realtime logging so you can watch.
@dogecode386
@dogecode386 4 месяца назад
@@boo62919like he said they’re probably bots
@mendaliv
@mendaliv 7 месяцев назад
SMB was always fun back in the day. Sometime in the days between 2001 and 2003, it was often used to trigger a pop-up dialog box with a custom message. It was a feature that was supposed to be used to send short messages across an internal network, but it worked fine over the open internet, provided (iirc) port 135 was open on the target system.
@bluegizmo1983
@bluegizmo1983 8 месяцев назад
I've never experienced an ISP sharing an IP address among multiple customers... I've been with Comcast for my home internet for decades and my public IP address with them has always been mine alone. Granted that IP is not a static IP, meaning it's not guaranteed to stay the same forever, and has changed occasionally, but it's not shared among other ISP customers...
@craigkoss9276
@craigkoss9276 8 месяцев назад
Same, i'm guessing Felix is in Germany or a country that does not have the same IPv4 address to population ratio as the US.
@pradolover
@pradolover 8 месяцев назад
It's called CGNAT. Quite common these days.
@curtheisler1200
@curtheisler1200 8 месяцев назад
My ISP gives me up to 8 public IPs per circuit on gpon fibre. I also happen to work on the fibre side of my ISP supporting gpon config issues. We're in talk to lower this to 4 per circuit soon.
@MelodyGoad
@MelodyGoad 8 месяцев назад
@@curtheisler1200 *fiber
@jjaurrgui
@jjaurrgui 8 месяцев назад
What mobile carrier do you have? You probably share one there
@o0OshadowplayO0o
@o0OshadowplayO0o 2 года назад
this might be my favourite video of you thus far, simply because of all the references and jokes and just things in it that i love, it really made my night. thank you so much. you're awesome. ...but the rebooting noise still triggered some vietnam flashbacks in me xD
@fsturmat
@fsturmat 2 года назад
Completely understandable. I haven't touched this computer ever since, as I'd somehow expect it to jumpscare me at any possible time.
@fsturmat
@fsturmat 2 года назад
And thank you very much for this heartwarming comment!
@o0OshadowplayO0o
@o0OshadowplayO0o 2 года назад
@@fsturmat yeah, waking up to it is basically like waking up to the default ringtone of those old plastic alarm clocks, only 1 million times worse lmao
@o0OshadowplayO0o
@o0OshadowplayO0o 2 года назад
@@fsturmat and no problem :3
@stpworld
@stpworld 8 месяцев назад
Ive got mac os system 7.5.3 on the internet with Netscape 2.0 @@fsturmat
@vk3fbab
@vk3fbab 8 месяцев назад
I suppose if you publicize your server on Reddit, you are kind of asking to be attacked. I'd expect Linux from 1999 would also be quite vulnerable too. Mac OS 8 and Win 3.11 would be interesting. As i expect they'll have issues but someone is going to need to be motivated to get attacking it. Great video.
@NiekNooijens
@NiekNooijens 8 месяцев назад
Well dirtyCOW and shellshock were a thing....
@sprolyborn2554
@sprolyborn2554 7 месяцев назад
He did mention the attacks started before he could even make the reddit post.
@davida1hiwaaynet
@davida1hiwaaynet 8 месяцев назад
Fascinating! Very nice to see what actually happened. I understand your fascination and enjoyment of going down a rabbit hole, so to speak. Going to look at your other videos as well.
@Arsenic71
@Arsenic71 8 месяцев назад
Regarding the miner: Never attribute to malice that which is adequately explained by stupidity
@DiyintheGhetto
@DiyintheGhetto 8 месяцев назад
New subscriber. Awesome to see what old systems can do once again.
@SaschaPallenberg
@SaschaPallenberg 8 месяцев назад
Just stumbled upon this. Love everything about it, Felix. Those were the days of the Pentium. Crazy
@linuxtuxvolds5917
@linuxtuxvolds5917 8 месяцев назад
Oh wow... I like the music you played in the background, it makes it very interesting - like a documentary. Thanks for the education!
@blanchae
@blanchae 8 месяцев назад
About 15 years back, I was upgrading my father-in-law's computer to Win XP. The computer was connected to the Internet at the time. By the time, it booted, it was already infected and came up with tons of porn browser windows popping up. Shutdown, disconnect from Internet, formatted HDD, re-installed, booted, loaded up an antivirus, deep scan then connected to the Internet and spent the next two hours downloading the latest updates.
@ApolloTheDerg
@ApolloTheDerg 8 месяцев назад
Ayo, this video got you popping off. Keep up the content my dude!
@silly_putty_enjoyer
@silly_putty_enjoyer Год назад
great video, you really never actually know truely how fast malware spreads unless you do things like this. although I am curious, was there any recorded attempts at exploitation that weren't abusing MS17-010? and was there any other weird network oddities that you recorded while the machine was online?
@fsturmat
@fsturmat Год назад
After unplugging the machine, I did invest quite some time reading the traffic I captured using Wireshark. To my relief, my machine has not attempted to infect any other computers. I saw a bit of SIP-related traffic come in, for obvious reasons without any effect. But unfortunately, all of the attacks relied on MS17-010. I actually hoped for something more "creative" to happen.
@Ck87JF
@Ck87JF 9 месяцев назад
@@fsturmat "to my relief, [it didn't try] to infect any other computers." You didn't isolate it with a VLAN or take the others offline? That's super risky.
@drumguy1384
@drumguy1384 8 месяцев назад
@@Ck87JF He connected it directly to the internet via a RasPi VPN box. Isolating the Pi to a separate VLAN (if possible) might have added an extra layer of obscurity, but VLANs aren't security, just logical separation and are trivial to overcome. The VPN did FAR more to isolate the box than any VLAN could do.
@DmitriyDarkJoney
@DmitriyDarkJoney 8 месяцев назад
Amazing video, got lot's of pleasure, very interesting! Thank you! So sad you don't do more in the last year :(
@fsturmat
@fsturmat 8 месяцев назад
Thank you for your kind comment! As I've mentioned in a previous comment, I had quite a few personal clusterfucks to resolve during this year. Since the amount of subscribers has increased substantially, I definitely need to come up with something new. I've seen that there are many channels that we are both subscribed to. Considering your name and content, I really hope that you are safe and well. Все буде Україна!
@will0499
@will0499 8 месяцев назад
That burp was just perfect! Tied the whole video together
@Kernel32x86
@Kernel32x86 Год назад
Really fascinating video. Also I love the 4:3 aspect ratio
@steeviebops
@steeviebops 8 месяцев назад
This takes me back to the Blaster and Sasser days. I also remember the Messenger Service (not MSN) message box spam. XP had a firewall (ICF) from the start but it was disabled by default before SP2.
@ValdikSS2
@ValdikSS2 8 месяцев назад
Oh yeah, dialing-up from WinXP SP1 box and in 3 minutes you have msblast. I had Russian OS which was attacked by the exploits written for other versions which contain different offsets, so in my case lsass had usually just crashed.
@travelthetropics6190
@travelthetropics6190 2 года назад
came here from reddit; I keep my win95 pc behind my win10 pc(router wifi to win10 -> ethernet from win10 to win95), would it be safer?anyway I am using SMB1 for file transfer between the two.
@fsturmat
@fsturmat 2 года назад
Hey there, thank you for your comment. As your Win10 machine is the only computer your Win95 machine can be accessed by, you don't have really much to worry about. If someone would theoretically manage to "hack" into it, I'd be more worried about your main computer. As long as you don't do some explicit forwarding or tunneling on your network (like I did), the only thing you might have to worry about are "computer illiterates" using the same Wi-Fi as you do, since those people could manage to accidentally spread malicious stuff across your devices and shared folders. (You know, the kind of user that has 30 toolbars stacked on top of eachother and makes sure to run every email attachment at least twice) And even if that might happen, legacy systems like Windows 9x are far out of the scope today's malware authors have, as there isn't any money to be made with computers like this.
@sheabarbaccci
@sheabarbaccci 8 месяцев назад
Good work. SUBSCRIBED can't wait to see where this goes, excellent stuff.
@CompComp
@CompComp 8 месяцев назад
I just came across your channel, and I'm loving it
@bonkmaykr
@bonkmaykr 8 месяцев назад
I haven't had something like this happen before, but to be fair, it was in a virtual machine where my host OS and router's firewall were both in the way anyhow. Very interesting to see how unsafe these old systems can actually be. P.S. what's your favorite ship? :) i'm an ag-sys enjoyer myself
@DeeBellwether
@DeeBellwether 8 месяцев назад
plays WipeOut, enjoys quiet New Age music as background for video: clearly a man of taste. clearly the European i should be learning about obsolete machines from! i enjoy the exploit's name. i wonder if it was also a Lunar reference (the game series.)
@fsturmat
@fsturmat 8 месяцев назад
Thank you for your nice comment! I really like your theory regarding the exploit's name. I wouldn't be that surprised if one of these NSA employees would have happened to be a Lunar fan...
@isitpeachy
@isitpeachy 8 месяцев назад
I'm not even sure what I just stumbled upon, but boy am I already subscribed for it.
@gentuxable
@gentuxable 8 месяцев назад
Well any 2000 or XP system without SP2 did that even when it was not outdated and EternalBlue hasn’t yet leaked. There was a bug in RPC and back then people would use USB-Modems and Windows would crash. SP2 had the firewall improved and enabled by default mitigating the issue.
@cmd.ada.
@cmd.ada. 8 месяцев назад
this video quality and theme and stylization and the jokes are all amazing
@mcferguson81
@mcferguson81 8 месяцев назад
Back in 2001 (ish) my roommate installed W2K Server on a box while it was connected directly to the internet. The box was infected with malware from first boot… 😂
@Swataia
@Swataia 5 месяцев назад
Very nice tryout, thanks. I have always thought what could happen if you plug old stuff like this to the internet nowadays.
@DM01710
@DM01710 7 месяцев назад
Just fantastic! I really enjoyed this video thank you for your hardwork , i hope too see more content in the future 🙂
@vjcodec
@vjcodec 8 месяцев назад
Hey Felix! I just found you on my for you page. You’re in the algorithm man! That intro is slamming and you’re very funny! Time for more content❤
@fsturmat
@fsturmat 8 месяцев назад
Being hit by the algorithm all of a sudden was something I didn't really expect, but I'm glad that my last video has found so many viewers. I'll make sure to provide more content to all of you. Thank you for your heartwarming comment!
@malwaretestingfan
@malwaretestingfan 2 года назад
Came here from Dan's comment section, liked this one, chuckled a bit too.
@fsturmat
@fsturmat 2 года назад
Thank you for letting me know! 🤗
@Kydragon_
@Kydragon_ 8 месяцев назад
Mate, you were born to make this kind of content! Subscribed in hopes that I will see you again someday.
@zcomputerwiz
@zcomputerwiz 7 месяцев назад
I once found a long forgotten Windows 2000 machine under a desk in a business when troubleshooting network issues for the new building owner. It was completely infested with many old viruses. Trying to remove them ( for entertainment purposes ) resulted in the machine no longer booting with a registry related BSOD.
@FornaxVoid
@FornaxVoid 2 года назад
Beautiful video! 💜 Those bots might need some assistance from their Sub7 equipped ancestors :-)
@fsturmat
@fsturmat 2 года назад
If they would've found out about Eternalblue back then, those apocalyptic events that were expected to take place at 01/01/19100 might actually have become a real thing... lol
@RustyTheGeek
@RustyTheGeek 7 месяцев назад
I actually used those exact systems back in the 90s. In fact, I set up the little All-In_One for my kids to use for games. Great stuff!
@UltraCenterHQ
@UltraCenterHQ Год назад
I love that 4Chan hacker reference
@novafurry
@novafurry 8 месяцев назад
Wow! this is actually a really good video! You deserve way more subscribers man!
@fsturmat
@fsturmat 8 месяцев назад
For some unknown reason, this video has been hit by le algorithm during the last few weeks. It's quite rewarding to see those subscribers flood in. Thank you for your kind comment!
@vjcodec
@vjcodec 8 месяцев назад
@@fsturmatyeah man I ringed the bell. Make a community post with your plans on this channel. All the best!
@literarynick
@literarynick 6 месяцев назад
Liked and subscribed. It's been a year since your last video and I'd love to see more Felix shenanigans. All the best.
@TrojanHell
@TrojanHell 6 месяцев назад
I had a purple screen of death on a Linux machine when I was 9 years old and was trying to play runescape during lunch break... Most terrifying computer experience Ive ever had. It rebooted and stated "initializing memory dump" to which I threw the mains switch out of terror :'D
@desertfish74
@desertfish74 6 месяцев назад
Sounds like a hardware failure. Linux doesn’t have colored crash screens.
@TrojanHell
@TrojanHell 6 месяцев назад
@@desertfish74 VMware purple screen of death, might've been hardware yeah.
@cyberyogicowindler2448
@cyberyogicowindler2448 8 месяцев назад
Until 2016 I was still regularly online with Win98SE (AMD K6-3@550MHz 768MB RAM). But I had ZoneAlarm and Opera 12 browser installed and unused networking disabled, so it never made trouble. Finally ClamWin AntiVirus failed to update on a that old system (and took >10 minutes to load), and the browser got too incompatible, so I eventually had to install an additional modern mainboard (with Ryzen 2400G) inside my Colani bigtower to run modern software.
@guidancefromjah
@guidancefromjah 8 месяцев назад
Wow, an AMD K6... I fitted mine with a Voodoo 5 PCI gfx card. Gave that thing away and it eventually got tossed in the garbage. Unfortunately, that very Voodoo 5 graphics card is now worth $700 CAD.... effin nuts
@cyberyogicowindler2448
@cyberyogicowindler2448 8 месяцев назад
​@@guidancefromjah The K6-3+ mainboard is still inside. As a working horse I had clogged the 160GB FAT32 harddrive with data (downloaded schematics, eBay pages about synths etc.) until it got too slow to work well. Now that stuff is on the modern PC side (8TB HDD) and the Win98SE system can run games again. GPU is GeForce 3 TI220 (formerly a TNT2) + 3Dfx Voodoo 1 addon, and it has 2 real ISA sound cards (SB AWE64 and Gravis UltraSound), Unfortunately the UltraSound runs only in DOS because the Windows driver fails to communicate by the too fast CPU.
@Wyte_Knight
@Wyte_Knight 6 месяцев назад
One of my friend is working in the IT, and he and his colleagues had some fun setting up an un-patched Windows XP one day, while checking if anything happened. From what I remember, he told me that in the 7 first minutes the XP was connected to the internet, it was infected. Dunno the details, but that's pretty crazy.
@timcat1004
@timcat1004 8 месяцев назад
My whole career was installing broadband internet in peoples homes. I remember helping a customer setup his brand new XP machine. This was Dec 2003. Within seconds of connecting it to the modem the PC was bricked. What was the name of that exploit back then? It was that one that had the shutdown timer on the screen.
@YourLocalGP
@YourLocalGP 8 месяцев назад
I remember it. I set up three machines in an office I was tempting in around 2002. All of them got that message within minutes. The solution was to install Service Pack 1 before connecting to the internet.
@thebestspork
@thebestspork 8 месяцев назад
sasser?
@karl-erikkald8876
@karl-erikkald8876 8 месяцев назад
Might have been Sasser or Sobig perhaps. That's very likely why Windows XP SP2 and later ship w/ a firewall.
@chupathingy5862
@chupathingy5862 7 месяцев назад
Blaster or Sasser. Happened to me as well, almost identical to how you said. That was my first real computer. I miss it sometimes...
@ThBreadMan
@ThBreadMan 8 месяцев назад
So if i were to connect a old computer like that to tge internet that is on a private router would there be a chance of something like that happening?
@xdasdaasdasd4787
@xdasdaasdasd4787 7 месяцев назад
Hope you make more videos. Your content is great and humour is perfect
@robbybankston4238
@robbybankston4238 7 месяцев назад
I remember that era of machines quit well. I remember working on a customer's computer that had just purchased a Windows XP machine and I think it had SP1 or possibly SP2 and within 10 minutes of being online, it was infected. SP2 and SP3 fixed a lot of problems after that but of course there were many other publicly unknown vulnerabilities still there as you demonstrated. I love the nostalgia of old machines but hate the hardware issues (physical space, hardware failures, etc.) so I generally use VMs but even now some malware is very sophisticated so that isn't enough protection either. Thanks for the video.
@Kim-uu8fc
@Kim-uu8fc 11 месяцев назад
Interesting channel and content, I enjoyed this. Please upload more videos.
@ThBreadMan
@ThBreadMan 8 месяцев назад
I want to start getting into MS-DOS basic programming what would be a great cheap desktop/laptop would you suggest?
@christianhabermann6527
@christianhabermann6527 6 месяцев назад
Brilliant! You were probably not even alive in 1995, but catched the vibe perfectly. You Sir, are now my favourite RU-vidr.
@MarkGray1970
@MarkGray1970 8 месяцев назад
I remember helping a friend of the family who lost his work computer. We went to Best buy, purchased a new computer, I hooked it up. Went on the Internet to update to the new service pack and it already had gotten a virus. I had to reformat and start over. I burned the windows update to a CD and installed it offline. What a mess!
@sunman-6giy25
@sunman-6giy25 2 месяца назад
i am curious' could you hook a legacy system up to a Moden system and connect to the internet that way?
@SonOfNone
@SonOfNone 7 месяцев назад
In 2004 during my second year of tech school, we were instructed to create a windows 2000 server with certain functionality parameters. One of the parameters required us to update to the latest patch via Windows Update. 5 minutes after exposing it to internet, the school district frantically called us explaining that several machines in our lab had tens of thousands of open ports, and seemed to be infected. 😂
@retrocompaq5212
@retrocompaq5212 8 месяцев назад
all my computers, wfw311, win95, winME, winXP and windows 10 are on the same home network behind a router, i use mirc to download mp3s on my winME computer, does this makes it a threat for my win10 computer?
@vladislavkaras491
@vladislavkaras491 8 месяцев назад
It was interesting to watch! Thank you!
@placeboantwerp4312
@placeboantwerp4312 6 месяцев назад
Great work mate. Interesting stuff.
@visnichba
@visnichba 8 месяцев назад
Thank you for rescuing (and tormenting) that old Vectra!
@willemvdk4886
@willemvdk4886 8 месяцев назад
Yes this guy called 4Chan is very infamous.
@jrdavis1992
@jrdavis1992 8 месяцев назад
3:33 - Oh I remember that screen. I used to have an HP Pavilion 8370 machine with Windows 98 on it. This was the startup screen I saw every time I powered it up, minus the F2 for Setup text, of course.
@exxosuk
@exxosuk 7 месяцев назад
Great video but was it with any service packs ? Would be interesting to see if xp with the last service pack holds up still.
@StephenAngelico
@StephenAngelico 5 месяцев назад
My brother once did an experiment with a laptop he was about to format kind of like this, but this was way back like over 10 years ago. He connected this laptop, with a fresh, unpatched WinXP, directly to the internet via a USB 3G dongle, and tried to download a firewall app. It didn't finish downloading before the machine was compromised and did all sorts of colourful things.
@charliekahn4205
@charliekahn4205 7 месяцев назад
Since Windows NT is modular, I wonder if it's possible to update the networking system on Win2k by writing a new driver making use of a modern stack.
@sammyrocky1865
@sammyrocky1865 8 месяцев назад
I enjoyed this video. Good humor and cool idea to do!
@thefadebeta580
@thefadebeta580 8 месяцев назад
I believe a fork of eternal blue was used to send erroneous pop ups to the infected machine as part of a scareware scam. Affected OS Win 2000. Does anyone remember this?
@MartinE63
@MartinE63 7 месяцев назад
Back in late 2002 I was at a very remote location with a new machine, a W2k install disk and a 64kbps ISDN connection. First task after an install was to install SP3. I didn’t have space on my laptop for SP3 so i had to download it on the new machine. The download took many hours, by the time the download was finished the machine was infected, can’t recall what and it was easily detected and removed but it was a lesson that a firewall and anti-virus is really important.
@wisteela
@wisteela 9 месяцев назад
Excellent. Subscribed. I've got an old machine I'm going to run Windows 2000 on.
@caroline1724
@caroline1724 5 месяцев назад
Thank you for recording in 4:3 so I can fullscreen without black bars in my CRT monitor.
@Tkmined
@Tkmined 7 месяцев назад
I recently got my hands on an old IBM think pad from 2003 (win XP), and I've been using it to write floppies for my older collection of computers. I did not know about that security exploit, so you bet your ass I'm gonna get that fixed. I should note that I only ever connect to the internet when I get impatient and can't find a USB drive, and the computer's old Norton anti-virus still seems to work oddly enough. I only leave it connected long enough to download one file, then disconnect it. Only ever have it on the internet for 15-20 minutes. Damn thing is quite slow.
@MagMan4x4
@MagMan4x4 10 месяцев назад
Was it directly connected to the internet and not through a NAT router/firewall at all?
@fsturmat
@fsturmat 10 месяцев назад
yes, exactly. It went through No NAT November back then.
@MagMan4x4
@MagMan4x4 10 месяцев назад
@@fsturmat hahaha
@pehenry
@pehenry 5 месяцев назад
Cool video man. Next purchase should be a kettle bell. Use it.
@baylinkdashyt
@baylinkdashyt 7 месяцев назад
The system you start out this video describing is a thing called carrier-grade NAT and it's not terribly common in the United States - there are a couple of prominent ISPs who run CGNAT for their customers, but most of them provide at least one ipv4 address to eyeball customers even on residential plans.
@TurboSpeedWiFi
@TurboSpeedWiFi 6 месяцев назад
Exactly, most legit residential ISPs do not use CGNAT. Yes, I am giving you the evil stare T-Mobile. If you want to compete with the big boys you need to provide a publicly routable IPv4 address.
@DeckedSneeze709
@DeckedSneeze709 8 месяцев назад
I have no idea why that gave me the feeling it did, nor how to describe it. Subscribed.
@nicholas5623
@nicholas5623 5 месяцев назад
man your intro is perfection
@Knaeckebrotsaege
@Knaeckebrotsaege 7 месяцев назад
Curious how this would've panned out if SMB was disabled/nuked from the install
@fiallos1
@fiallos1 2 года назад
You should do another hijacking with windows NT 4 Server Datacenter?
@fsturmat
@fsturmat 2 года назад
In the near future, I want to run some of these exploits myself instead of letting those bots do the work. I'll definitely keep NT 4 in mind!
@fiallos1
@fiallos1 2 года назад
This is a perfect example on why someone shouldn’t use obsolete operating systems as a everyday computer. Thanks for uploading this video
@RaysGamingChannel2003
@RaysGamingChannel2003 Год назад
I still use windows XP on my Dell Inspiron 570 and Mac OS X Snow Leopard on my early 2009 MacBook daily
@cyberyann
@cyberyann 7 месяцев назад
Transition at 05:51 was top notch!
@123321mario
@123321mario 7 месяцев назад
static IP hard to get? here in france it's available for most people on basic plans, just an option to check in the isp router settings lol
@WindowsG
@WindowsG 5 месяцев назад
this video is so unhinged i love it so much "the hacker named 4chan" is just gonna be a thing i reference now
@fsturmat
@fsturmat 5 месяцев назад
heh, nice to have you here :D
@DankyMankey
@DankyMankey 6 месяцев назад
I wonder if they put a blaster-like worm on the computer, causing the reboots? Or is it a bad CPU/Memory?
@boinkus-doinkus
@boinkus-doinkus 6 месяцев назад
it's just eternal blue doing it's thing, eternal blue either reboots the pc without warning or BSODs when it fails iirc
@___aZa___
@___aZa___ 8 месяцев назад
Your channel is a gem right after you burped i subscribed! Weiter so :)
@fsturmat
@fsturmat 8 месяцев назад
Nice to know that my channel ain't coal! :)
@Mackarious
@Mackarious 5 месяцев назад
Really interesting video! I really need to get my butt in gear and sort my homelab...
@mikesalmon6666
@mikesalmon6666 Год назад
I wonder how an old mac, like an old Performa or Powermac would do exposed to the net.
@RaysGamingChannel2003
@RaysGamingChannel2003 Год назад
If it’s a PowerMac or iMac G3 It would probably get a virus if running classic Mac OS if it’s running MAC OS X (10.X.X) it would probably Do just fine
@SPTSuperSprinter156
@SPTSuperSprinter156 Год назад
as far as I am aware they don't expose very exploitable services (like windows messenger) to the open internet so they don't fare as badly. Though, I'd still make sure anything like AppleTalk was switched off. Before XP SP2 there was a whole bunch of service ports that you had to lock down before connecting to the internet, or you were in for a fun time. 135-139 is a good place to start.
@jnharton
@jnharton 8 месяцев назад
Having Apple talk enabled is probably no big deal anyway, because nothing even talks that now and getting it through firewalls and NAT would be a pain even if you wanted external access...
@billchildress9756
@billchildress9756 8 месяцев назад
I have a copy of Win2000 pro that I'm thinking of playing around with again and I do have a Ultra 320 Scsi harddrive that has an old copy of this OS on it with all updates on it from the past before MS dropped support for it. Something to work with...Maybe?
@Chris-on5bt
@Chris-on5bt 8 месяцев назад
This was a great video, thank you!
Далее
Do Old Viruses Work on Modern PCs? | Nostalgia Nerd
20:03
Lindows, the weird Walmart Linux from 2002!
12:27
Просмотров 218 тыс.
Microsoft Exchange Server 5.5 - Email like its 1998
24:06
I was a video game software pirate
11:22
Просмотров 585 тыс.
Young People Try Windows 98
21:18
Просмотров 5 млн
The Unreasonable Effectiveness of Linux Workstations
12:47
I built my own 16-Bit CPU in Excel
16:28
Просмотров 1,4 млн
it's been a rough week for microsoft...
10:22
Просмотров 282 тыс.
Autumn | Windows XP's Greatest Mystery
17:34
Просмотров 753 тыс.
The Slow Death of Windows
17:22
Просмотров 1 млн