20-04-2024
It all started with one boring math class. I had nothing to do, and found a website that I assume is a database of open VNC servers. Downloaded first available VNC viewer program and started my search. A big chunk of these servers were added back in January, and I assumed that most of them were already passworded. I was so wrong.
One of the first servers I found was this thing that only ran Firefox, nothing else. By using about:profiles trick to open file manager, I confirmed that this was nothing but a container. Pretty boring, but useful if you want to test sites outside of your machine. voidpine@neocities worked perfectly, though there were some color issues.
I like to call this one "Mixgerät". On my first log on, I saw Blender open with the default cube staring into my soul. Being a smartass, I thought I could access terminal through file manager through File menu. No dice, but I found a bunch of folders named "guest#" with their respective number, going all the way up to 50 or so. Okay, I'll try a direct method - through a desktop. Black screen. Right click yields no result whatsoever, other keys don't work either, so I gave up. Few days later I tried again, and was amazed; The cursor was still moving around on its own, so obviously someone was still working on it. I have 0 knowledge in Blender, so to me this looks impressive, being able to shape up some humanoid figure from a cube is mindblowing. However I was kicked off few seconds later, so I logged off for the night. Next day I found a way to open a browser window and put my "please set a password!!" message up. Hopefully they noticed it.
This is my favorite one - "Turkish weed farm". The thing with these servers is that literally anything can be running on those machines, and you'll be surprised every time. I have no clue what it says on the screen, though according to my friend (thank you!) it's a "program to automate farming tools like the temp of the environment, water system, etc". Makes sense, alright. There's a menu screen that lists some kinds of graphs, something else, and screen settings. I'm thinking to myself, "okay, so it will show some settings in the program, probably not exploitable". I click on it, and I end up on XFCE desktop. Holy hell. Not so long after, I found a terminal, and quickly wrote up a piece in vim and named it "IMPORTANT". Saved it, and then went snooping around the files. Then a script named "DeleteProject" caught my eye. Out of curiosity, I clicked on it. I was greeted with the glorious
echo "password" | sudo -S rm -r /some/directory
Horrendous. Not only they left a password in plaintext form, their script structure is also horrible. Bad opsec too. But surely, this is just a honeypot, surely they wouldn't be that stupid. I was proven wrong. I added something to my note to let them know of their crucial mistake. The next day I've checked that my "IMPORTANT" note was gone, and a day after I wasn't able to access the server anymore. Maybe they've learned their lesson, or they got rm -rf'd by someone else, the world will never know.