What happens if you Expose 14 yr old Linux to the Internet?
Ғылым және технология
The heavily requested following up to our legacy Windows series.
Follow me on X - / atericparker
Disclaimer: The content in this video is for education and entertainment purposes to showcase the dangers of malware & malicious software. I do not encourage any form of illegal hacking, nor do I encourage the usage of game cheats, cracks or hacks.
Cracks are sometimes shown to highlight the dangers of software piracy, my content is not intended to teach anybody how to pirate, or maliciously hack.
More Malware Investigation Videos:
→ The latest "NORD" Malware - Nordsecured: • The latest 'NORD' Malw...
→🧧VIRUS WARNING🧧 NEW Optifine for Minecraft 1.16 SCAM: • 🧧VIRUS WARNING🧧 NEW Op...
→ The wilkreate KZread stealer virus that started this whole trend: • Fake sponsor DESTROYS ...
(C) Eric Parker 2024
Пікірлер: 227
I thought that said "what happens when you expose 14-year-olds to the internet" and was legit hoping to see a Drake cameo
@Noughtsgnik
28 күн бұрын
e
@ReferredRhyme82
28 күн бұрын
BBL drizzy
@shantanubharadwaj1849
27 күн бұрын
Same lol
@SOU6900
27 күн бұрын
😂
@eagle56786
27 күн бұрын
@@ReferredRhyme82BBL drizzaaayyy
It would be really cool if you did a video showing the "hacker's perspective". Set up an unsecured system, then try to break into it and trash it the way the hackers do. The fact that an unsecure connection literally lets someone else move files onto a PC and execute them still blows my mind. Is it really as easy as these videos make it seem?
@spacecat3198
28 күн бұрын
I like this idea
@the-answer-is-42
27 күн бұрын
@@spacecat3198 Me to, I'm just concerned KZread would take issue since it could be interpreted as "teaching how to hack".
@aleksazunjic9672
27 күн бұрын
It is not. Most of his videos rely on SMB vulnerabilities. This is essentially protocol that allows sharing of resources (including files) over network . If you disable it, hackers are left high and dry .
@Skylarr
27 күн бұрын
This kind of thing would realistically not happen if you connected your own 14 year old system to the internet. Firewalls exist on basically every router sold these days, and there's almost no reason to connect a PC directly to a modem anymore, which is how this happens.
@wrathofainz
27 күн бұрын
You wanna find out, try redacted or redacted or some other ctf where you can pwn a box. It can be pretty freaking hard, but that's usually a matter of finding the vulnerabilities (by hand, usually) Redacted 1 is: Words that sound like "hakkk zee box" Redacted 2 is: worst that sound like "tryyyyy hakkkkk meeee" I am literally not allowed to type the names of the sites or the comment gets pwned.
There's a lot of really old Linux kernel versions circulating the wild, particularly in the gambling sector. And, they connect to the internet. Kinda nuts.
@system128
27 күн бұрын
I saw one when I was on vacation once! It was running CentOS or something with kernel 2.4
@ETORERIGO
27 күн бұрын
@@system128 I saw a centos system on a cash register that was running not being used stuck on the login panel and it was lightdm, and it had the same 19 inch lg monitor i had at home
TLDR: nothing happens until you go specifically out of your way to make it insecure
@Alethila
27 күн бұрын
This is true for all operating systems, even Windows.
@jfftck
26 күн бұрын
@@Alethila Not really, Windows can get compromised with just an internet connection, as it was a major attack vector in the past because the user base wasn't the most knowledgeable at securing their system and the defaults were in favor of making using the computer easier. This is why everyone complained when Vista was released, it made running privileged software a little more secure, but flaws in release versions of Windows will not have the patches that would keep you safe for very long when connected to the internet.
@kristoffer8609
26 күн бұрын
@@jfftck "Windows". You say that like it's one version. This creator made a video in the same style about windows 95, and he had to go out of his way to make it insecure. Turning off the firewall and so on. Truth is, Linux has many of the same problems and weaknesses. It's only less apparent because Linux has a much lower userbase. Stop looking at tech as a fanboy, instead take objective looks. You'll grow both in a professional and personal manner.
@jfftck
26 күн бұрын
@@kristoffer8609 Windows 95 didn't come with a firewall, so if it had one, that isn't a base installation. My first computer was a DOS system, then my family upgraded to a Windows 95 computer. I can also provide proof that I work in one of the big tech companies, so I think I know what I am talking about. I have a problem with these videos because of the non-standard setup. Furthermore, I was using Linux as a teenager and having to manually set up everything, not like this version that was shown in this video. I don't recommend using any OS that is out of date, but the cool thing about Linux is it has a live session -- which is a version running in memory and doesn't write anything to your drive, so you can browse the web without worries of being hacked as it will wipe everything if you restart. This live session can also install a newer version, so until Windows or macOS support this feature, it will always have a way to install from older versions.
@dycedargselderbrother5353
26 күн бұрын
Probably the only versions of Windows that are going to be compromised out of the box are XP pre-SP2, Windows 2000, and maybe NT 4. Everything else has either sane defaults of firewall and closed services or are too old and primitive to be targets. And this assumes you're going out of your way to connect it directly to the internet, which hasn't been a thing for about two decades.
When I was getting into Linux a bit with a Raspberri Pi handheld I had an ssh appliaction for convenience since it had no keyboard and I forgot to change the login credentials and in like a few hours I got malware that was as in your face as a 90's virus, it gave a big red flashing screen for an infection or something, and I was _freaking the heck out_ because this was on a tiny Gameboy 640x480 screen! Thankfully I kept nothing important on it and just was using it as an emulation system but wow
@EricParker
28 күн бұрын
How was it connected? I would doubt that would be exposed to the internet.
@celestialsylveon6453
28 күн бұрын
@@EricParker I don't remember this was like 3 or 4 years ago but ssh was the one thing I could think of that caused it so I guess? I couldn't find any videos on malware like that though, I wouldn't be surprised if it was someone's scareware designed to let people know to change their password xD but yeah my Pi was connected to the internet at the very least because I wanted to run PokeMMO on it and also RetroAchievmeents on Retropi
@celestialsylveon6453
28 күн бұрын
@@EricParker My comment got auto deleted by YT but yeah, I wanted to run PokeMMO and RetroAchievements so it was connected to the internet, not sure if SSH was configured for WAN though I just had default settings I think. Also not 100% sure it was ssh it could've been some other remote desktop thing I don't remember, it was like 3 or 4 years ago
@ETORERIGO
27 күн бұрын
I'm jealous! I wish my linux install was hacked one day like that
@celestialsylveon6453
27 күн бұрын
@@ETORERIGO I wish I recorded it but I didn't think to in my panic lol.
Moral of the story: keep your stuff updated.
@susstevedev
28 күн бұрын
Wrong. You can still use Windows Xp, Vista and 7.
@truestbluu
28 күн бұрын
@@susstevedev windows xp is vulnerable as fuck
@slawnyfivemowiec
28 күн бұрын
@@susstevedev Eric has already shown a windows XP video, watch it and you'll see. In that video he connects it to the internet, and immediately gets rats, spyware & adware.
@RobertSalas
28 күн бұрын
@@susstevedev Have fun with all the malware you can get from those unsupported Windows.
@RobertSalas
28 күн бұрын
If the update didn't cause any problems with other users.
Wow, that little bongo drum sound effect is almost as nostalgic for me as the Windows XP startup noise.
Stupid question: is it possible to make a honeypot out of old system and then abuse-report the attacker?
@skycaptain95
28 күн бұрын
Yep.
@cody4417
27 күн бұрын
that's a common method, and also is what a bunch of those websites which train you to hack intentionally do.
Wordpress scanning bots will find your next project in less than 5 minutes. There are SOOOO many WP vuln bots.
@typingcat
26 күн бұрын
Why don't ISP's block such IP's that send the same hacking packets to multiple hosts. It probably is obvious. Also, if we move to IPv6 will the hackers be able to find commputers that easily?
@dycedargselderbrother5353
26 күн бұрын
This was definitely the case with Drupal, too, at least some years ago.
@Maramowicz
26 күн бұрын
@@typingcat The answers are no and no: First no because somehow the ISP needs to know that someone is hacking, and that needs a packet scanner, which usually only works with unencrypted connection, that also needs to scan a packet through thousands of scanners, so the ISP knows for sure that it is indeed a hacker, and even if they know then they can block normal clients who have just been hacked/downloaded some malware, and if the ISP blocks them then they also block normal communication... not worth it. Second, no, because luckily IPv6 is so hudge, so if everyone has (almost) random IP then finding a target is harder... not impossible, but harder.
@LoganDark4357
26 күн бұрын
@@Maramowicz none of that matters because: the ISP needs to care. Hackers use ISPs that don't care. In fact, there's a whole class of attacks (such as DNS amplification attacks) that rely on sending packets over the internet from an IP address that isn't actually yours, which shouldn't be possible, but that some ISPs just don't prevent
@glitchy_weasel
24 күн бұрын
@@LoganDark4357 ISP when someone setups bots to attack people: 😊 ISP when they see you're torrenting a movie: 😈
So... nothing would happen to the average user
@dingokidneys
27 күн бұрын
As he mentioned, it's the services running on the machine that make it vulnerable. If there are no listening ports exposed to the internet, there is no toe-hold for an attacker to latch on to. You have to be able to get a response from the machine in order to make it do anything.
bruh i thought it said "what happens if you expose a 14 year old"
I tried this with a Ubuntu 22.04 base install without updating. It took 5 days until I found a Mirai C2 server communicating with it
@EricParker
28 күн бұрын
Might actually work better
@JoraGamer
28 күн бұрын
just curious, did you used Lynis compliance checker to harden this ubuntu or just used it with default settings?
@hankpeterson628
28 күн бұрын
@@JoraGamer hi! I ran a CIS benchmark to patch up the most basic things. I would like to try Lynis auditing, but it didn't come to mind then 😁. Thanks, I will have something to do now
@skycaptain95
28 күн бұрын
WHAT??
@tablettablete186
22 күн бұрын
Wait, how did that happen? Can you share some more details about the attack?
You should expose something on the internet (really anything) and then advertise it on some hacking subreddits and your KZread Community tab. It would be interesting to see how much damage could be done in an hour.
but what would happen if you expose a 14 year old to the internet?
@lmuacky3793
27 күн бұрын
drake intensifies
@ruben_balea
27 күн бұрын
Nothing because at that age they were already exposed to the internet at least for a decade 😓
@whohan779
17 күн бұрын
Gen Alpha memes
@aksGJOANUIFIFJiufjJU21
13 күн бұрын
you get me
When you enable ssh with username "root" and password "root" a ransomeware will encrypt your data -don't ask me how I know Also if you leave mysql or mongodb open without any password it will enentually be encrypted
@the-answer-is-42
27 күн бұрын
Obviously you should have used the password "toor", which is so much better because everyone knows hackers can't read backwards.
@penguthepenguinj
27 күн бұрын
@@the-answer-is-42 Haha
@EricParker
27 күн бұрын
That's the default configuration for "damn vunlerable linux".
@penguthepenguinj
27 күн бұрын
yeah it was actually redis which was encrypted, I remember now - pretty common if iptables isn't installed
You can mirror a virtual switch port to another switch port sending it to wireshark. Thus looking at all the connections from the outside without the server beeing supported by wireshark
My first distro 🥺
@Pixelcube_Official
28 күн бұрын
Leurak??!!!! Creator Of Memz VIRUS!
@Pixelcube_Official
28 күн бұрын
Leurak??!!!!
@Leurak
28 күн бұрын
@@Pixelcube_Official no way
@Difluoroacetamide
27 күн бұрын
@@Pixelcube_Officialabsolutely insane
Next: What if you expose sun solaris to the internet
Curious to know how u got into cyber security and if you went to college to study for it
Can you investigate if AliciaGame is a virus or not? It was an old game I used play but now it seems to be detected as virus
I'd probably have installed Tomcat as well (more code execution vulnerabilities in the last years than Apache) maybe with some Struts webapps (most insecure JSP framework) as well as some CGI scripts that use Bash (to attract ShellShock aka CVE-2014-6271) to Apache. And PHP and a 14-year old Wordpress. Not sure how ubiquitous scans for those things are nowadays, though. Also, get a Lets Encrypt Certificate or any other TLS certificate that is listed on Certificate Transparency a few minutes after you exposed it to the Internet under a (sub)domain that never had a TLS certificate. That is an invitation to many black hats to have a close look at the server quickly (maybe not updated yet?)
common apache L
@EricParker
28 күн бұрын
NGINX gang
Interesting experiment, man the internet of servers looks like a scary place. Just a bunch of bots trying to hit exposed ports and what not to see what sticks. Mad respect to all the cybersecurity experts out there.
But what if we used an Amiga, or a BeOS machine?
Can you make one about old firewalls ?
Great vid! i have somehow watched a 10m vid in 2m
Barebones = "More secure." You add more crap, you introduce more holes, security does actually get worse. There is a direct link. It's the principle OpenBSD is based on, and it has a fitting security record.
I have no idea what this accent is
I remembered when I accidently ran a socks proxy without a password on my server. It took someone 2 minutes until they found the service. After 20 minutes, the vps was already slowing down due to the huge amount of traffic that was routed through the server. Always read the instructions before launching an internet exposed service, lol.
Crazy how similar old linux looks like compared to new linux
Is this directly connected to the internet? Not behind a NAT?
@kirill9064
27 күн бұрын
Dirtectly. If it was NAT probes would only see a router.
Hello Eric could you test Horion mod for Minecraft bedrock. I use it and it would be cool if you made a closer look on this cheat software.
@iOSHelper.
25 күн бұрын
It’s safe
I have internet only when I do hotspot from my phone. Is this safe for linux?
you should make a video with old OS exposed to internet but with software firewall keept enabled
I only understand like a fourth of what’s even happening but I love your videos
How to learn cybersecurity skills like you ? Please i don't need read this cert like advice . A practical one like what concepts i need to cover. Internet data is confusing i don't know if i want defensive or offensive?
Is adfly if click allow will annoying notification?
@kirill9064
27 күн бұрын
Yes.
I once installed samba on my main linux for a school project, i had to reinstall it after, some microsoft package broke my dependencies. Also theres a lot of vulns in that. Just think about school pcs :D
Will you try exposing Windows NT 3.1 to the Internet?
My university runs an old CentOS 7 server running kernel 3.10 for the computer science students to use. I don't touch that thing with a 40 foot pole
@the-answer-is-42
27 күн бұрын
It was a few years ago now (maybe 8, time flies, lol), but the university I studied at had an entire internet room filled with XP machines. We used them for computer labs. I had to talk someone out of doing something banking related on it.
@kirill9064
27 күн бұрын
@@the-answer-is-42 Were they connected to outside world with external IPs or through a router with 192.168 ips?
@the-answer-is-42
27 күн бұрын
@@kirill9064 Through a router I think, but they were public computers everyone was using.
@kirill9064
26 күн бұрын
@@the-answer-is-42 Were they without immutablility software that would reset system on restart?
@the-answer-is-42
26 күн бұрын
@@kirill9064 yeah, it was just normal XP machines. Nothing fancy about them.
So there are people using nmap to search through millions of ip addresses? I know old stuff is vulnerable on the internet but I didn't think someone would find you that quickly?
@eDoc2020
25 күн бұрын
It would take a while for 1 attacker to find you. With 2 attackers it would take half as much time for someone to find you. Now imagine how many intentional bad actors there are online. Then add in all the compromised systems acting as part of a botnet. If there are 1 million hosts each trying a completely random IPv4 address once a second it will take (on average) less than an hour for one of them to find you.
You should try setting up a regular Linux box except with open SSH and a weak password
@dingokidneys
27 күн бұрын
That's not even a tiny hurdle. I used to run SSH on port 443 so I could get into my systems from work. Watching the traffic hit that was amazing; I'd sit there watching it in real time and work out where they were hitting me from and it was fun but a bit too much after a while. Of course I didn't use a password; it was locked down with SSH key authentication and rate limiting firewall rules.
@reoffending
27 күн бұрын
@@dingokidneys It'd still be interesting to see what malware gets dropped when one of those guys gets in
Would you get hacked if you used a very old and outdated phone? If so, how could you test that? w/ iPhone and android
@frans3090
26 күн бұрын
nah you won't unless you install shady apks on your android device. On iphone i don't think you can get infected by just simply connecting to the internet the only way to get a virus on an iphone is by jailbreaking it and even then you won't be infected since ios is not very easy to hack.
@Tearz-tearify
26 күн бұрын
@@frans3090 makes sense. Was just wondering if there could be any attacks since outdated versions of phones have vulnerabilities and flaws yk
You don't necessarily have to run Wireshark on the client. If you put a managed switch between the client and the internet, you can set up port mirroring on the switch and capture the traffic on your workstation.
@dingokidneys
27 күн бұрын
You can also buy a little hardware tap that you just put in the middle of the ethernet link to the modem/router/internet and then you have two other RJ45 plugs which deliver incoming and outgoing traffic. However, he's using a VM so his networking is probably not amenable to either of these methods. But it's all getting pretty complicated at that point; probably too much so for a KZread video.
@333xan45
26 күн бұрын
And if you're running this in Proxmox/KVM, you can solve the problem with simple networking. The vulnerable VM will have a net adapter attached to say, vmbr1 on the hypervisor. Simply create another virtual bridge (vmbr2), attach them BOTH to a new linux VM for Wireshark, then create a virtual bridge inside of it, and enable packet forwarding. All traffic will be filtered through the Wireshark VM, and can be safely recorded.
What version is this? Since people are starting to come out and “expose” you, I would advise you to be as transparent with the details as possible.
@princess7jasmine
28 күн бұрын
Who is exactly exposing them?
@tezcanaslan2877
28 күн бұрын
@@princess7jasmine couldn’t find it though it was a small youtuber
@princess7jasmine
28 күн бұрын
@@tezcanaslan2877 So, you're making a baseless claim?
@kirill9064
27 күн бұрын
It is Ubuntu Lucid. So 10.04.4
I triple booted on my drive... (macos / hackintosh, windows 11, & ubuntu)
Can you do macOS next?
@lPlanetarizado
27 күн бұрын
that would be interesting, also ios or android
@kirill9064
27 күн бұрын
@@lPlanetarizado Mac os 9.0.4?
Sooo, it's basically a metasploitable machine now.
No exposed ssh ?
propfind is webdav proto
Can you check if Ghost Spectre ISO is safe?
@mixskillter4785
28 күн бұрын
seems to be safe and legit, people dont really report security issues with it, I've been using it myself for over a year, but you never can know if in the future the author doesn't change his mind and ships an update with malware
@ttkftykyfts
28 күн бұрын
Yeah it is safe. I've used Ghost Spectre for nearly 2 years now. I am very satisfied :D
@thel3218
28 күн бұрын
I wouldn't trust it, AtlasOS and ReviOS are both open source. There is LTSC which is less optimized for gaming, but is developed by Microsoft
@thauanhabbo
27 күн бұрын
@@mixskillter4785 Yeah but that's also with almost any software you download
@thauanhabbo
27 күн бұрын
@@ttkftykyfts Yeah i'm using it for 2 years already and had no issues, but yeah I don't know if it's good not keeping up with some Windows Updates
woah early? also cool virus thingys
Don't forget SSH!
Windows: Install me, nothing else, just install and I get hacked... Linux: Even if you install me I will not get hacked, you have to install some vurneable software first, then configure it and then maybe if you are lucky I will get hacked.
hi thanks for the vid
0:02 My prediction: Immediately joins a botnet 😂
What I heard, it is possible to upgrade Linux before getting hacked, not something that Windows or macOS can say.
@BlueEyedVibeChecker
26 күн бұрын
MacOS doesn't need to worry about it. Not the win you thought it was really. Like that UEFI hack that MacOS is the only OS unthreatened by it, while Windows AND Linux are completely unable to do anything about it.
@jfftck
26 күн бұрын
@@BlueEyedVibeChecker Apple Silicon has a flaw that can't be fixed with software, and you can run Linux on hardware that doesn't have flaws. There are many platforms that Linux supports that it can run on anything. Also, the flaw for UEFI, which does have a software patch, requires the software to be run in privileged level, but Apple's exploit could expose your security credentials remotely. Stop trying to act like Apple is flawless in execution, besides running 14-year-old software will most likely be on old hardware without UEFI boot image flaw.
you should try exposing a mongodb instance with no password. (I already tried accidentally and I wasn't happy)
i love your videos
What happens if you expose 17 year old Linux (2007) to the Internet?
why are you installing stuff here and didn't install anything on the Windows 98 one tho
@EricParker
23 күн бұрын
Because stock Linux doesn’t ship with any open ports. Nothing happened regardless, but I was trying to give it a chance
YAS THIS IS WHAT I LOVE
ayo bro chaseroony gave you a shout out
@EricParker
28 күн бұрын
I saw :)
Sshnuke moment
Here before this vid blows up
Murrine vibes.
Gnome 2 is 🤩. Mate is close to it but not the same. Gnome 40+ thankfully got better again.
Man you should use that older version of Linux on a VPS SERVER, because mos of these scanners are having long list of host services IP addresses, they don't waste their time scanning the entire of internet as you may expect, you can try Digital Ocean, or Amazon AWS as test. You can do the same, on your home PC (a VM), by mapping an external IP to it, e.g. as insecure Proxy or maybe VPN where it won't filter any traffic, you will be surprise how fast it will get h1cked.
I thought you were gonna expose a 14 year old kid's linux 😭
Bump
"GuYs HE iS A FAKEEEEee He tURnED Off tHE fIREWALL"
hi eric!
Ew ubuntu the best linux is LFS
Simple way don't let kids use computer
Unrelated but Ubuntu has always made some good looking themes.
@izaicslinux6961
28 күн бұрын
I miss Unity 7's design too.
27 күн бұрын
Yep, I'm still using MATE, a fork of GNOME 2, though with a more "modern" theme. But that interface is irreplaceable.
64th comment
We all know mac os is the safest os around 🙏
@ThatBK
28 күн бұрын
proprietary
@Difluoroacetamide
27 күн бұрын
@@ThatBKsecurity through obscurity
@kirill9064
27 күн бұрын
Especially if it is Mac OS 9.
Nothing. It's ubuntu. No hacker is going to hack linux (unless it's chromeos)
@tomtravis858
28 күн бұрын
You gotta be like 5 years old.
@Difluoroacetamide
27 күн бұрын
chrome os is actually really secure
@susstevedev
27 күн бұрын
@@tomtravis858 13
@BlueEyedVibeChecker
26 күн бұрын
@@Difluoroacetamide As an Android user, I find it hard to believe you. But as someone who knows how an OS with
@Difluoroacetamide
25 күн бұрын
@@BlueEyedVibeChecker security through obscurity and chromeos is just a very locked down gentoo based proprietary linux distro
This isn’t a genuine setup. Because if you connect it to the internet and leave ports open, it’s never going to be instantly detected as shown in these videos.
Clickbait nonsense. You have to purposely run known vulnerable software behind exposed ports. I really dislike how clickbait even exists in security topics because it makes me think "this person has zero idea what theyre talking about", as your title is incorrect without further context.