i set up a new vps at some weird provider and they sent me an e-mail with my vps credentials
-
i set up a new vps at some weird provider and they sent me an e-mail with my vps credentials
the root password said N/A, so you'd think that there's no root password by default. BUT NO! THE ROOT PASSWORD IS LITERALLY "N/A"!! AND SSHD IS EXPOSED ON PUBLIC IPV4?? THE FUCK ??
-
R relay@relay.infosec.exchange shared this topic
-
i set up a new vps at some weird provider and they sent me an e-mail with my vps credentials
the root password said N/A, so you'd think that there's no root password by default. BUT NO! THE ROOT PASSWORD IS LITERALLY "N/A"!! AND SSHD IS EXPOSED ON PUBLIC IPV4?? THE FUCK ??
@rebane2001 that's concerning, wonder what their compromised host rates look like
-
i set up a new vps at some weird provider and they sent me an e-mail with my vps credentials
the root password said N/A, so you'd think that there's no root password by default. BUT NO! THE ROOT PASSWORD IS LITERALLY "N/A"!! AND SSHD IS EXPOSED ON PUBLIC IPV4?? THE FUCK ??
@rebane2001
Sketchy - very sketch -
i set up a new vps at some weird provider and they sent me an e-mail with my vps credentials
the root password said N/A, so you'd think that there's no root password by default. BUT NO! THE ROOT PASSWORD IS LITERALLY "N/A"!! AND SSHD IS EXPOSED ON PUBLIC IPV4?? THE FUCK ??
@rebane2001 This reminds me of a certain provider who used to have a pre-created user on the default Linux image with a password the same as the username. The user was in sudoers. This user account wasn't documented anywhere.
So even if you changed the root password, all systems set up with that image remained trivially exploitable over ssh.
-
i set up a new vps at some weird provider and they sent me an e-mail with my vps credentials
the root password said N/A, so you'd think that there's no root password by default. BUT NO! THE ROOT PASSWORD IS LITERALLY "N/A"!! AND SSHD IS EXPOSED ON PUBLIC IPV4?? THE FUCK ??
@rebane2001 which provider?
Asking for a ... friend 
-
i set up a new vps at some weird provider and they sent me an e-mail with my vps credentials
the root password said N/A, so you'd think that there's no root password by default. BUT NO! THE ROOT PASSWORD IS LITERALLY "N/A"!! AND SSHD IS EXPOSED ON PUBLIC IPV4?? THE FUCK ??
@rebane2001 Oh that's a new one to add to my list of hilarious misconfiguration defaults like "null", " undefined" and "none".
-
i set up a new vps at some weird provider and they sent me an e-mail with my vps credentials
the root password said N/A, so you'd think that there's no root password by default. BUT NO! THE ROOT PASSWORD IS LITERALLY "N/A"!! AND SSHD IS EXPOSED ON PUBLIC IPV4?? THE FUCK ??
@rebane2001 I bet there was a provisioning error and the password was generated wrongly to be “N/A” and the script just went with it
-
i set up a new vps at some weird provider and they sent me an e-mail with my vps credentials
the root password said N/A, so you'd think that there's no root password by default. BUT NO! THE ROOT PASSWORD IS LITERALLY "N/A"!! AND SSHD IS EXPOSED ON PUBLIC IPV4?? THE FUCK ??
@rebane2001 I would switch the provider and request data deletion under article 17 GDPR 🫡
-
i set up a new vps at some weird provider and they sent me an e-mail with my vps credentials
the root password said N/A, so you'd think that there's no root password by default. BUT NO! THE ROOT PASSWORD IS LITERALLY "N/A"!! AND SSHD IS EXPOSED ON PUBLIC IPV4?? THE FUCK ??
@rebane2001 thanks for contributing a server to the botnet, friend
-
i set up a new vps at some weird provider and they sent me an e-mail with my vps credentials
the root password said N/A, so you'd think that there's no root password by default. BUT NO! THE ROOT PASSWORD IS LITERALLY "N/A"!! AND SSHD IS EXPOSED ON PUBLIC IPV4?? THE FUCK ??
@rebane2001
I wonder if N/A is in any of the common password lists. -
@rebane2001
I wonder if N/A is in any of the common password lists.@FritzAdalis @rebane2001 it's in several of Openwall's: https://www.openwall.com/wordlists/
- English/3-large/acronym.lst
- English/4-extra/acronym.lst
- mangled.lst
- all.lst
-
i set up a new vps at some weird provider and they sent me an e-mail with my vps credentials
the root password said N/A, so you'd think that there's no root password by default. BUT NO! THE ROOT PASSWORD IS LITERALLY "N/A"!! AND SSHD IS EXPOSED ON PUBLIC IPV4?? THE FUCK ??
-
i set up a new vps at some weird provider and they sent me an e-mail with my vps credentials
the root password said N/A, so you'd think that there's no root password by default. BUT NO! THE ROOT PASSWORD IS LITERALLY "N/A"!! AND SSHD IS EXPOSED ON PUBLIC IPV4?? THE FUCK ??
@rebane2001 Weird provider seems to be an understatement
-
i set up a new vps at some weird provider and they sent me an e-mail with my vps credentials
the root password said N/A, so you'd think that there's no root password by default. BUT NO! THE ROOT PASSWORD IS LITERALLY "N/A"!! AND SSHD IS EXPOSED ON PUBLIC IPV4?? THE FUCK ??
@rebane2001 *maybe* it's a randomly generated 3 character password and you got (un)lucky? ...probably not
-
i set up a new vps at some weird provider and they sent me an e-mail with my vps credentials
the root password said N/A, so you'd think that there's no root password by default. BUT NO! THE ROOT PASSWORD IS LITERALLY "N/A"!! AND SSHD IS EXPOSED ON PUBLIC IPV4?? THE FUCK ??
@rebane2001 my password is secret!
