I thought that said "what happens when you expose 14-year-olds to the internet" and was legit hoping to see a Drake cameo
@Noughtsgnik6 ай бұрын
e
@ReferredRhyme826 ай бұрын
BBL drizzy
@shantanubharadwaj18496 ай бұрын
Same lol
@SOU69006 ай бұрын
😂
@eagle567866 ай бұрын
@@ReferredRhyme82BBL drizzaaayyy
@colindragan93526 ай бұрын
It would be really cool if you did a video showing the "hacker's perspective". Set up an unsecured system, then try to break into it and trash it the way the hackers do. The fact that an unsecure connection literally lets someone else move files onto a PC and execute them still blows my mind. Is it really as easy as these videos make it seem?
@spacecat31986 ай бұрын
I like this idea
@the-answer-is-426 ай бұрын
@@spacecat3198 Me to, I'm just concerned KZbin would take issue since it could be interpreted as "teaching how to hack".
@aleksazunjic96726 ай бұрын
It is not. Most of his videos rely on SMB vulnerabilities. This is essentially protocol that allows sharing of resources (including files) over network . If you disable it, hackers are left high and dry .
@Skylarr6 ай бұрын
This kind of thing would realistically not happen if you connected your own 14 year old system to the internet. Firewalls exist on basically every router sold these days, and there's almost no reason to connect a PC directly to a modem anymore, which is how this happens.
@wrathofainz6 ай бұрын
You wanna find out, try redacted or redacted or some other ctf where you can pwn a box. It can be pretty freaking hard, but that's usually a matter of finding the vulnerabilities (by hand, usually) Redacted 1 is: Words that sound like "hakkk zee box" Redacted 2 is: worst that sound like "tryyyyy hakkkkk meeee" I am literally not allowed to type the names of the sites or the comment gets pwned.
@MisterDevel6 ай бұрын
There's a lot of really old Linux kernel versions circulating the wild, particularly in the gambling sector. And, they connect to the internet. Kinda nuts.
@system1286 ай бұрын
I saw one when I was on vacation once! It was running CentOS or something with kernel 2.4
@ETORERIGO6 ай бұрын
@@system128 I saw a centos system on a cash register that was running not being used stuck on the login panel and it was lightdm, and it had the same 19 inch lg monitor i had at home
@gSys13375 ай бұрын
Of course it's in the gambling sector...😂
@celestialsylveon64536 ай бұрын
When I was getting into Linux a bit with a Raspberri Pi handheld I had an ssh appliaction for convenience since it had no keyboard and I forgot to change the login credentials and in like a few hours I got malware that was as in your face as a 90's virus, it gave a big red flashing screen for an infection or something, and I was _freaking the heck out_ because this was on a tiny Gameboy 640x480 screen! Thankfully I kept nothing important on it and just was using it as an emulation system but wow
@EricParker6 ай бұрын
How was it connected? I would doubt that would be exposed to the internet.
@celestialsylveon64536 ай бұрын
@@EricParker I don't remember this was like 3 or 4 years ago but ssh was the one thing I could think of that caused it so I guess? I couldn't find any videos on malware like that though, I wouldn't be surprised if it was someone's scareware designed to let people know to change their password xD but yeah my Pi was connected to the internet at the very least because I wanted to run PokeMMO on it and also RetroAchievmeents on Retropi
@celestialsylveon64536 ай бұрын
@@EricParker My comment got auto deleted by YT but yeah, I wanted to run PokeMMO and RetroAchievements so it was connected to the internet, not sure if SSH was configured for WAN though I just had default settings I think. Also not 100% sure it was ssh it could've been some other remote desktop thing I don't remember, it was like 3 or 4 years ago
@ETORERIGO6 ай бұрын
I'm jealous! I wish my linux install was hacked one day like that
@celestialsylveon64536 ай бұрын
@@ETORERIGO I wish I recorded it but I didn't think to in my panic lol.
@paodelodeovar70526 ай бұрын
TLDR: nothing happens until you go specifically out of your way to make it insecure
@Alethila6 ай бұрын
This is true for all operating systems, even Windows.
@jfftck6 ай бұрын
@@Alethila Not really, Windows can get compromised with just an internet connection, as it was a major attack vector in the past because the user base wasn't the most knowledgeable at securing their system and the defaults were in favor of making using the computer easier. This is why everyone complained when Vista was released, it made running privileged software a little more secure, but flaws in release versions of Windows will not have the patches that would keep you safe for very long when connected to the internet.
@kristoffer86096 ай бұрын
@@jfftck "Windows". You say that like it's one version. This creator made a video in the same style about windows 95, and he had to go out of his way to make it insecure. Turning off the firewall and so on. Truth is, Linux has many of the same problems and weaknesses. It's only less apparent because Linux has a much lower userbase. Stop looking at tech as a fanboy, instead take objective looks. You'll grow both in a professional and personal manner.
@jfftck6 ай бұрын
@@kristoffer8609 Windows 95 didn't come with a firewall, so if it had one, that isn't a base installation. My first computer was a DOS system, then my family upgraded to a Windows 95 computer. I can also provide proof that I work in one of the big tech companies, so I think I know what I am talking about. I have a problem with these videos because of the non-standard setup. Furthermore, I was using Linux as a teenager and having to manually set up everything, not like this version that was shown in this video. I don't recommend using any OS that is out of date, but the cool thing about Linux is it has a live session -- which is a version running in memory and doesn't write anything to your drive, so you can browse the web without worries of being hacked as it will wipe everything if you restart. This live session can also install a newer version, so until Windows or macOS support this feature, it will always have a way to install from older versions.
@dycedargselderbrother53536 ай бұрын
Probably the only versions of Windows that are going to be compromised out of the box are XP pre-SP2, Windows 2000, and maybe NT 4. Everything else has either sane defaults of firewall and closed services or are too old and primitive to be targets. And this assumes you're going out of your way to connect it directly to the internet, which hasn't been a thing for about two decades.
@daniel292636 ай бұрын
Moral of the story: keep your stuff updated.
@truestbluu6 ай бұрын
@@EvanTech-v3q windows xp is vulnerable as fuck
@slawnyfivemowiec6 ай бұрын
@@EvanTech-v3q Eric has already shown a windows XP video, watch it and you'll see. In that video he connects it to the internet, and immediately gets rats, spyware & adware.
@RobertSalas6 ай бұрын
@@EvanTech-v3q Have fun with all the malware you can get from those unsupported Windows.
@RobertSalas6 ай бұрын
If the update didn't cause any problems with other users.
@ROMaster26 ай бұрын
@@truestbluu SP3 while using a router firewall is plenty good enough.
@MrExplorer19896 ай бұрын
So... nothing would happen to the average user
@dingokidneys6 ай бұрын
As he mentioned, it's the services running on the machine that make it vulnerable. If there are no listening ports exposed to the internet, there is no toe-hold for an attacker to latch on to. You have to be able to get a response from the machine in order to make it do anything.
@esomnx6 ай бұрын
bruh i thought it said "what happens if you expose a 14 year old"
@rossjennings47556 ай бұрын
Wow, that little bongo drum sound effect is almost as nostalgic for me as the Windows XP startup noise.
@zoomstop6 ай бұрын
Wordpress scanning bots will find your next project in less than 5 minutes. There are SOOOO many WP vuln bots.
@typingcat6 ай бұрын
Why don't ISP's block such IP's that send the same hacking packets to multiple hosts. It probably is obvious. Also, if we move to IPv6 will the hackers be able to find commputers that easily?
@dycedargselderbrother53536 ай бұрын
This was definitely the case with Drupal, too, at least some years ago.
@Maramowicz6 ай бұрын
@@typingcat The answers are no and no: First no because somehow the ISP needs to know that someone is hacking, and that needs a packet scanner, which usually only works with unencrypted connection, that also needs to scan a packet through thousands of scanners, so the ISP knows for sure that it is indeed a hacker, and even if they know then they can block normal clients who have just been hacked/downloaded some malware, and if the ISP blocks them then they also block normal communication... not worth it. Second, no, because luckily IPv6 is so hudge, so if everyone has (almost) random IP then finding a target is harder... not impossible, but harder.
@LoganDark43576 ай бұрын
@@Maramowicz none of that matters because: the ISP needs to care. Hackers use ISPs that don't care. In fact, there's a whole class of attacks (such as DNS amplification attacks) that rely on sending packets over the internet from an IP address that isn't actually yours, which shouldn't be possible, but that some ISPs just don't prevent
@glitchy_weasel6 ай бұрын
@@LoganDark4357 ISP when someone setups bots to attack people: 😊 ISP when they see you're torrenting a movie: 😈
@TheRealMeowMeow016 ай бұрын
Stupid question: is it possible to make a honeypot out of old system and then abuse-report the attacker?
@skycaptain956 ай бұрын
Yep.
@cody44176 ай бұрын
that's a common method, and also is what a bunch of those websites which train you to hack intentionally do.
@BangBangBang.5 ай бұрын
just block them with various block lists. I used to work for a hosting provider. Trust me, if your idea worked it would be used. It doesn't work.
@TheRealMeowMeow015 ай бұрын
@@BangBangBang. Wasn't an idea, just a curious question
@hankpeterson6286 ай бұрын
I tried this with a Ubuntu 22.04 base install without updating. It took 5 days until I found a Mirai C2 server communicating with it
@EricParker6 ай бұрын
Might actually work better
@JoraGamer6 ай бұрын
just curious, did you used Lynis compliance checker to harden this ubuntu or just used it with default settings?
@hankpeterson6286 ай бұрын
@@JoraGamer hi! I ran a CIS benchmark to patch up the most basic things. I would like to try Lynis auditing, but it didn't come to mind then 😁. Thanks, I will have something to do now
@skycaptain956 ай бұрын
WHAT??
@tablettablete1866 ай бұрын
Wait, how did that happen? Can you share some more details about the attack?
@Ниггерфиш6 ай бұрын
You should expose something on the internet (really anything) and then advertise it on some hacking subreddits and your KZbin Community tab. It would be interesting to see how much damage could be done in an hour.
@AndrewTSq6 ай бұрын
But what if we used an Amiga, or a BeOS machine?
@Mikko-Maggie-More6 ай бұрын
but what would happen if you expose a 14 year old to the internet?
@lmuacky37936 ай бұрын
drake intensifies
@ruben_balea6 ай бұрын
Nothing because at that age they were already exposed to the internet at least for a decade 😓
@whohan7796 ай бұрын
Gen Alpha memes
@aksGJOANUIFIFJiufjJU216 ай бұрын
you get me
@domiibunn6 ай бұрын
You can mirror a virtual switch port to another switch port sending it to wireshark. Thus looking at all the connections from the outside without the server beeing supported by wireshark
@penguthepenguinj6 ай бұрын
When you enable ssh with username "root" and password "root" a ransomeware will encrypt your data -don't ask me how I know Also if you leave mysql or mongodb open without any password it will enentually be encrypted
@the-answer-is-426 ай бұрын
Obviously you should have used the password "toor", which is so much better because everyone knows hackers can't read backwards.
@penguthepenguinj6 ай бұрын
@@the-answer-is-42 Haha
@EricParker6 ай бұрын
That's the default configuration for "damn vunlerable linux".
@penguthepenguinj6 ай бұрын
yeah it was actually redis which was encrypted, I remember now - pretty common if iptables isn't installed
@Novarussia6 ай бұрын
Next: What if you expose sun solaris to the internet
@MichaelHenderson-h4w5 ай бұрын
You can totally run wireshark in a MITM configuration. Just create a Linux VM with 2 ethernet adapters bridged to each other.
@Leurak6 ай бұрын
My first distro 🥺
@ツッヾヅ6 ай бұрын
Leurak??!!!! Creator Of Memz VIRUS!
@ツッヾヅ6 ай бұрын
Leurak??!!!!
@Leurak6 ай бұрын
@@ツッヾヅ no way
@Ниггерфиш6 ай бұрын
@@ツッヾヅabsolutely insane
@mihiguy6 ай бұрын
I'd probably have installed Tomcat as well (more code execution vulnerabilities in the last years than Apache) maybe with some Struts webapps (most insecure JSP framework) as well as some CGI scripts that use Bash (to attract ShellShock aka CVE-2014-6271) to Apache. And PHP and a 14-year old Wordpress. Not sure how ubiquitous scans for those things are nowadays, though. Also, get a Lets Encrypt Certificate or any other TLS certificate that is listed on Certificate Transparency a few minutes after you exposed it to the Internet under a (sub)domain that never had a TLS certificate. That is an invitation to many black hats to have a close look at the server quickly (maybe not updated yet?)
@ozzie_goat6 ай бұрын
My university runs an old CentOS 7 server running kernel 3.10 for the computer science students to use. I don't touch that thing with a 40 foot pole
@the-answer-is-426 ай бұрын
It was a few years ago now (maybe 8, time flies, lol), but the university I studied at had an entire internet room filled with XP machines. We used them for computer labs. I had to talk someone out of doing something banking related on it.
@kirill90646 ай бұрын
@@the-answer-is-42 Were they connected to outside world with external IPs or through a router with 192.168 ips?
@the-answer-is-426 ай бұрын
@@kirill9064 Through a router I think, but they were public computers everyone was using.
@kirill90646 ай бұрын
@@the-answer-is-42 Were they without immutablility software that would reset system on restart?
@the-answer-is-426 ай бұрын
@@kirill9064 yeah, it was just normal XP machines. Nothing fancy about them.
@REALJonathan56756 ай бұрын
Crazy how similar old linux looks like compared to new linux
@Plorxium6 ай бұрын
So there are people using nmap to search through millions of ip addresses? I know old stuff is vulnerable on the internet but I didn't think someone would find you that quickly?
@eDoc20206 ай бұрын
It would take a while for 1 attacker to find you. With 2 attackers it would take half as much time for someone to find you. Now imagine how many intentional bad actors there are online. Then add in all the compromised systems acting as part of a botnet. If there are 1 million hosts each trying a completely random IPv4 address once a second it will take (on average) less than an hour for one of them to find you.
@IceTank6 ай бұрын
I remembered when I accidently ran a socks proxy without a password on my server. It took someone 2 minutes until they found the service. After 20 minutes, the vps was already slowing down due to the huge amount of traffic that was routed through the server. Always read the instructions before launching an internet exposed service, lol.
@glitchy_weasel6 ай бұрын
Interesting experiment, man the internet of servers looks like a scary place. Just a bunch of bots trying to hit exposed ports and what not to see what sticks. Mad respect to all the cybersecurity experts out there.
@incandescentwithrage6 ай бұрын
You don't necessarily have to run Wireshark on the client. If you put a managed switch between the client and the internet, you can set up port mirroring on the switch and capture the traffic on your workstation.
@dingokidneys6 ай бұрын
You can also buy a little hardware tap that you just put in the middle of the ethernet link to the modem/router/internet and then you have two other RJ45 plugs which deliver incoming and outgoing traffic. However, he's using a VM so his networking is probably not amenable to either of these methods. But it's all getting pretty complicated at that point; probably too much so for a KZbin video.
@FilthPiston6 ай бұрын
And if you're running this in Proxmox/KVM, you can solve the problem with simple networking. The vulnerable VM will have a net adapter attached to say, vmbr1 on the hypervisor. Simply create another virtual bridge (vmbr2), attach them BOTH to a new linux VM for Wireshark, then create a virtual bridge inside of it, and enable packet forwarding. All traffic will be filtered through the Wireshark VM, and can be safely recorded.
@ijustlovebirds2 ай бұрын
did nobody get "the wired is starting to talk to us"
@UltraZelda646 ай бұрын
Barebones = "More secure." You add more crap, you introduce more holes, security does actually get worse. There is a direct link. It's the principle OpenBSD is based on, and it has a fitting security record.
@NullPointer6 ай бұрын
Is this directly connected to the internet? Not behind a NAT?
@kirill90646 ай бұрын
Dirtectly. If it was NAT probes would only see a router.
@arcaicoye6 ай бұрын
Can you investigate if AliciaGame is a virus or not? It was an old game I used play but now it seems to be detected as virus
@reoffending6 ай бұрын
You should try setting up a regular Linux box except with open SSH and a weak password
@dingokidneys6 ай бұрын
That's not even a tiny hurdle. I used to run SSH on port 443 so I could get into my systems from work. Watching the traffic hit that was amazing; I'd sit there watching it in real time and work out where they were hitting me from and it was fun but a bit too much after a while. Of course I didn't use a password; it was locked down with SSH key authentication and rate limiting firewall rules.
@reoffending6 ай бұрын
@@dingokidneys It'd still be interesting to see what malware gets dropped when one of those guys gets in
@h4xor17016 ай бұрын
you should make a video with old OS exposed to internet but with software firewall keept enabled
@user__5206 ай бұрын
I once installed samba on my main linux for a school project, i had to reinstall it after, some microsoft package broke my dependencies. Also theres a lot of vulns in that. Just think about school pcs :D
@testAccount-eb2ve6 ай бұрын
Curious to know how u got into cyber security and if you went to college to study for it
@cem_kaya6 ай бұрын
Can you make one about old firewalls ?
@jhna3146 ай бұрын
I have internet only when I do hotspot from my phone. Is this safe for linux?
@jfftck6 ай бұрын
What I heard, it is possible to upgrade Linux before getting hacked, not something that Windows or macOS can say.
@The_Prizessin_der_Verurteilung6 ай бұрын
MacOS doesn't need to worry about it. Not the win you thought it was really. Like that UEFI hack that MacOS is the only OS unthreatened by it, while Windows AND Linux are completely unable to do anything about it.
@jfftck6 ай бұрын
@@The_Prizessin_der_Verurteilung Apple Silicon has a flaw that can't be fixed with software, and you can run Linux on hardware that doesn't have flaws. There are many platforms that Linux supports that it can run on anything. Also, the flaw for UEFI, which does have a software patch, requires the software to be run in privileged level, but Apple's exploit could expose your security credentials remotely. Stop trying to act like Apple is flawless in execution, besides running 14-year-old software will most likely be on old hardware without UEFI boot image flaw.
@Magiczny-Krzysztof6 ай бұрын
Will you try exposing Windows NT 3.1 to the Internet?
@Maramowicz6 ай бұрын
Windows: Install me, nothing else, just install and I get hacked... Linux: Even if you install me I will not get hacked, you have to install some vurneable software first, then configure it and then maybe if you are lucky I will get hacked.
@auronkardek6 ай бұрын
No exposed ssh ?
@boubou406 ай бұрын
propfind is webdav proto
@r_dzr6 ай бұрын
I triple booted on my drive... (macos / hackintosh, windows 11, & ubuntu)
@thepureheartofdark6 ай бұрын
Sooo, it's basically a metasploitable machine now.
@taavi9486 ай бұрын
Can you do macOS next?
@lPlanetarizado6 ай бұрын
that would be interesting, also ios or android
@kirill90646 ай бұрын
@@lPlanetarizado Mac os 9.0.4?
@_boux6 ай бұрын
I have no idea what this accent is
@KillianTwew6 ай бұрын
0:02 My prediction: Immediately joins a botnet 😂
@thauanhabbo6 ай бұрын
Can you check if Ghost Spectre ISO is safe?
@mixskillter47856 ай бұрын
seems to be safe and legit, people dont really report security issues with it, I've been using it myself for over a year, but you never can know if in the future the author doesn't change his mind and ships an update with malware
@ttkftykyfts6 ай бұрын
Yeah it is safe. I've used Ghost Spectre for nearly 2 years now. I am very satisfied :D
@thel32186 ай бұрын
I wouldn't trust it, AtlasOS and ReviOS are both open source. There is LTSC which is less optimized for gaming, but is developed by Microsoft
@thauanhabbo6 ай бұрын
@@mixskillter4785 Yeah but that's also with almost any software you download
@thauanhabbo6 ай бұрын
@@ttkftykyfts Yeah i'm using it for 2 years already and had no issues, but yeah I don't know if it's good not keeping up with some Windows Updates
@Tearz-tearify6 ай бұрын
Would you get hacked if you used a very old and outdated phone? If so, how could you test that? w/ iPhone and android
@frans30906 ай бұрын
nah you won't unless you install shady apks on your android device. On iphone i don't think you can get infected by just simply connecting to the internet the only way to get a virus on an iphone is by jailbreaking it and even then you won't be infected since ios is not very easy to hack.
@Tearz-tearify6 ай бұрын
@@frans3090 makes sense. Was just wondering if there could be any attacks since outdated versions of phones have vulnerabilities and flaws yk
@Deniil20006 ай бұрын
common apache L
@EricParker6 ай бұрын
NGINX gang
@luhuhu4166 ай бұрын
you should try exposing a mongodb instance with no password. (I already tried accidentally and I wasn't happy)
@aed55206 ай бұрын
Hello Eric could you test Horion mod for Minecraft bedrock. I use it and it would be cool if you made a closer look on this cheat software.
@iOSHelper.6 ай бұрын
It’s safe
@Mikolollolo6 ай бұрын
Is adfly if click allow will annoying notification?
@kirill90646 ай бұрын
Yes.
@km2k026 ай бұрын
How to learn cybersecurity skills like you ? Please i don't need read this cert like advice . A practical one like what concepts i need to cover. Internet data is confusing i don't know if i want defensive or offensive?
@fat_malama6 ай бұрын
why are you installing stuff here and didn't install anything on the Windows 98 one tho
@EricParker6 ай бұрын
Because stock Linux doesn’t ship with any open ports. Nothing happened regardless, but I was trying to give it a chance
@brenancaro47236 ай бұрын
What happens if you expose 17 year old Linux (2007) to the Internet?
@tezcanaslan28776 ай бұрын
What version is this? Since people are starting to come out and “expose” you, I would advise you to be as transparent with the details as possible.
@princess7jasmine6 ай бұрын
Who is exactly exposing them?
@tezcanaslan28776 ай бұрын
@@princess7jasmine couldn’t find it though it was a small youtuber
@princess7jasmine6 ай бұрын
@@tezcanaslan2877 So, you're making a baseless claim?
@kirill90646 ай бұрын
It is Ubuntu Lucid. So 10.04.4
@DBBravo6 ай бұрын
Unrelated but Ubuntu has always made some good looking themes.
@izaicslinux69616 ай бұрын
I miss Unity 7's design too.
6 ай бұрын
Yep, I'm still using MATE, a fork of GNOME 2, though with a more "modern" theme. But that interface is irreplaceable.
@arduinoguru72336 ай бұрын
Man you should use that older version of Linux on a VPS SERVER, because mos of these scanners are having long list of host services IP addresses, they don't waste their time scanning the entire of internet as you may expect, you can try Digital Ocean, or Amazon AWS as test. You can do the same, on your home PC (a VM), by mapping an external IP to it, e.g. as insecure Proxy or maybe VPN where it won't filter any traffic, you will be surprise how fast it will get h1cked.
@King_Scorpion6 ай бұрын
Great vid! i have somehow watched a 10m vid in 2m
@Tyvin.6 ай бұрын
I only understand like a fourth of what’s even happening but I love your videos
@d-tech31906 ай бұрын
Don't forget SSH!
@Gameplayer550556 ай бұрын
Sshnuke moment
@1993MAZDAMIATA6 ай бұрын
"GuYs HE iS A FAKEEEEee He tURnED Off tHE fIREWALL"
@rch53956 ай бұрын
Ew ubuntu the best linux is LFS
@EverythingTechTime6 ай бұрын
I thought you were gonna expose a 14 year old kid's linux 😭