Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
JohnT

Windows 8 machine hacked :( How??

Recommended Posts

Posted · Original PosterOP

So I found out today that my Windows 8 machine was hacked remotely. I have RDP enabled and I log in frequently from work to transfer files over the web. It is an enterprise version of Win 8 that came from surplus systems at work. It cannot be upgraded to Win 8.1 or 10. 

 

anyways I have my router listening for port 3389, so I gather that's how they found their way into my PC. But then they managed to get past the windows log in that is password protected. How did they do this??

 

luckily they just downloaded pics of softcore granny porn on the desktop and they were generally a stupid hacker. They saved their password to gmail on chrome. 

 

I just don't understand how they can hack into a PC remotely and break through the password. 

Link to post
Share on other sites

brute force / windows bug 


Ryzen 5 3600 stock | 2x16GB C13 3200MHz (AFR) | Radeon VII | ASUS Prime X570-P | 6TB WD Gold (128MB Cache, 2017)

Samsung 850 EVO 240 GB 

138 is a good number.

 

Link to post
Share on other sites

Do you install updates? If no, then that's your problem. Check your firewall settings and look for applications that are connecting to ports that they're not supposed to. Check if you have malware lurking. Worms and Trojans can disable security features of your OS and allow attackers to remotely control your PC. 


There is more that meets the eye
I see the soul that is inside

Link to post
Share on other sites
11 minutes ago, JohnT said:

It cannot be upgraded to Win 8.1 or 10

So this is a much shorter way of saying "i do not own a legit copy of windows and therefor cannot either install updates or cannot actually install newer versions windows".

So you're saying you have no idea how your outdated os with file sharing and remote access enabled was hacked?

Link to post
Share on other sites
12 minutes ago, themctipers said:

brute force / windows bug 

it wouldnt even take that much effort.

if he has his computer actively listening for an rdp connection on an open port, accessing his network is trivial.

there is a reason we secure stuff like that.


How do Reavers clean their spears?

|Specs in profile|

The Wheel of Time turns, and Ages come and pass, leaving memories that become legend. Legend fades to myth, and even myth is long forgotten when the Age that gave it birth comes again.

Link to post
Share on other sites

Don't use port 3389 unless you have a specific reason. There are tons of bots that scan IPs looking for RDP servers on the default port, then it's just a matter of brute forcing or finding some 0 day exploit. My advice is change the port to something else (super easy with port forwarding on your router, no changes needed on your PC) and install 2FA like DuoSecurity, I use it on any Windows machine that I need to access remotely and it's amazing even with the free license.


All aboard the Floatplane!

 

Gaming PC: AMD Ryzen 7 1700 | AMD Wraith Stealth | ASRock Fatal1ty AB350 Gaming-ITX/ac | G.Skill Flare X 32GB (16GBx2) | NVIDIA GTX 1080 8GB FE | Fractal Design Node 202 | Samsung 860 EVO 1TB M.2 SSD

Streaming PC: AMD Ryzen 7 1700 | AMD Wraith Stealth | ASRock Fatal1ty AB350 Gaming-ITX/ac | G.Skill Aegis X 8GB (4GBx2) | ASRock Phantom Gaming Radeon RX 550 | Fractal Design Node 202 | Mushkin Enhanced Source 500GB M.2 SSD

 

Daily Driver: ODroid H2 | Intel Celeron J4105 | G.SKILL Ripjaws 16GB (8GBx2) | HardKernel Type 2 Case | Intel SSD 600p 128GB NVMe SSD

Link to post
Share on other sites
22 minutes ago, JohnT said:

Windows

That's how. If you don't stay on top of updates and run a decent AV, you're at risk for exploits. 


X58-X79-X99-X299 lads: Intel HEDT Xeon/i7 Megathread - Murica (But International) Parrot Gang

 

Big Rig (Done) - (Main Rig) - i7 5960X @ 4.7Ghz/3.7Ghz core/uncore - Custom Loop: 2x 360GTS with EK-ZMT/Stubbies and EK D5 pump/res combo - EVGA X99 Classified - 32GB (4x8GB) HyperX Predator DDR4 @ 3200MHz CL16 XMP - AMD Radeon VII (best TimeSpy so far: here) - 1TB 970 Evo - Corsair RM1000i - Phanteks Enthoo Evolv ATX TG - 6x iPPC NF-F12 2000 

X79 Rig (Done) - (Alt Rig 1)- i7 4930K @ 4.5GHz - EVGA CLC 280 w/NF-P14s fans - EVGA X79 Dark - 16GBGB (4x4GB) Corsair Vengeance DDR3 @ 1600Mhz CL9 XMP - EVGA GTX 1660 Ti XC Ultra - MX500 1TB - 2x Seagate Barracuda Compute 2TB - EVGA 1000W G3 w/CableMod PRO Carbon cables - Phanteks P400 (White) - NF-P12

 

X58 Rig (Done) - (Alt Rig 2) - Xeon X5675 @ 4.4/3.7 core/uncore- NH-D15S - EVGA X58 Classified SLI 4-Way - 24GB (3x8GB) HyperX Savage Red DDR3 @ 1750Mhz CL9-10-10-27 - 2x EVGA Classified 780s - 120GB HyperX SSD - EVGA 1600W T2 - Corsair 750D - 5x iPPC NF-A14 3000 PWM

 

2019 13" rMBP (i5/8GB/256GB) {work} - 2012 13" MBP (i5/16GB/525GB) {mine} - iPhone 11 Pro Max + Apple Watch S3 42mm - iPod Classic 6G 80GB running Rockbox + iPod Classic 5.5G Enhanced 30GB also on Rockbox - iPhone X - iPhone 4S on iOS 6.1.3

 

whip and nae nae

Link to post
Share on other sites

Usually when people say Win 8 it's assumed they mean 8.1, or 8/8.1, but if you're literally still on 8, you haven't been updated in ages, so finding a vulnerability would have been trivial.


Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to post
Share on other sites
Posted · Original PosterOP
17 minutes ago, emosun said:

So this is a much shorter way of saying "i do not own a legit copy of windows and therefor cannot either install updates or cannot actually install newer versions windows".

No no. It's an enterprise version that was preloaded on the system before I purchased it from my surplus stock at work. Enterprise versions cannot be updated normally over the internet. We skipped Win 8 and 8.1 and went straight from 7 to 10 as most companies did. The IT people restored the PCs before surplussing which brought back 8.

 

it's just literally not possible to update it

Link to post
Share on other sites
21 minutes ago, emosun said:

So this is a much shorter way of saying "i do not own a legit copy of windows and therefor cannot either install updates or cannot actually install newer versions windows".

So you're saying you have no idea how your outdated os with file sharing and remote access enabled was hacked?

there is no legitimate way to take windows enterprise home. it is owned by the business and should be removed on decommissioning the hardware. The cause here is laziness.


             ☼

ψ ︿_____︿_ψ_   

Link to post
Share on other sites
Posted · Original PosterOP
34 minutes ago, themctipers said:

brute force / windows bug 

Brute force? Wouldn't they need to install a program first to find the password? I usually see the login screen and I can't do anything without entering my password. 

 

I just don't get it I guess. I've been using RDP since Windows XP around 2005ish. This is the first time I've been penetrated for the lack of better words. Doesn't feel good. 

Link to post
Share on other sites
3 minutes ago, JohnT said:

No no. It's an enterprise version that was preloaded on the system before I purchased it from my surplus stock at work. Enterprise versions cannot be updated normally over the internet. We skipped Win 8 and 8.1 and went straight from 7 to 10 as most companies did. The IT people restored the PCs before surplussing which brought back 8.

 

it's just literally not possible to update it

If you know the KB numbers for the necessary updates, you can sideload them using the Microsoft Update Catalog (https://www.catalog.update.microsoft.com/Home.aspx).

Link to post
Share on other sites
Posted · Original PosterOP
2 minutes ago, SCHISCHKA said:

there is no legitimate way to take windows enterprise home. it is owned by the business and should be removed on decommissioning the hardware. The cause here is laziness.

Laziness because I didn't install a different OS on a functioning system that I stream content from? Maybe cheap. But lazy?

Link to post
Share on other sites
Posted · Original PosterOP
21 minutes ago, KuJoe said:

Don't use port 3389 unless you have a specific reason. There are tons of bots that scan IPs looking for RDP servers on the default port, then it's just a matter of brute forcing or finding some 0 day exploit. My advice is change the port to something else (super easy with port forwarding on your router, no changes needed on your PC) and install 2FA like DuoSecurity, I use it on any Windows machine that I need to access remotely and it's amazing even with the free license.

I looked around online for a way around using 3389. I couldn't find anything specifically until tonight when I search RDP hacked. Someone was explaining there's a way to forward one port to another. 

Link to post
Share on other sites
Just now, JohnT said:

I looked around online for a way around using 3389. I couldn't find anything specifically until tonight when I search RDP hacked. Someone was explaining there's a way to forward one port to another. 

Yup, that's the easiest way and that's how I do it. No firewall changes needed. :)


All aboard the Floatplane!

 

Gaming PC: AMD Ryzen 7 1700 | AMD Wraith Stealth | ASRock Fatal1ty AB350 Gaming-ITX/ac | G.Skill Flare X 32GB (16GBx2) | NVIDIA GTX 1080 8GB FE | Fractal Design Node 202 | Samsung 860 EVO 1TB M.2 SSD

Streaming PC: AMD Ryzen 7 1700 | AMD Wraith Stealth | ASRock Fatal1ty AB350 Gaming-ITX/ac | G.Skill Aegis X 8GB (4GBx2) | ASRock Phantom Gaming Radeon RX 550 | Fractal Design Node 202 | Mushkin Enhanced Source 500GB M.2 SSD

 

Daily Driver: ODroid H2 | Intel Celeron J4105 | G.SKILL Ripjaws 16GB (8GBx2) | HardKernel Type 2 Case | Intel SSD 600p 128GB NVMe SSD

Link to post
Share on other sites
5 minutes ago, JohnT said:

Laziness because I didn't install a different OS on a functioning system that I stream content from? Maybe cheap. But lazy?

Lazy?  No, I wouldn't say that.  But "inviting issues" is perhaps apt.  Running out of date software, particularly Windows is never wise, especially in a situation like this where it's open to the internet.


Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to post
Share on other sites
12 minutes ago, JohnT said:

it's just literally not possible to update it

if i stick a windows 10 disk in it , it will install windows 10.

 

i like when people use the world literally when it literally is possible to get this machine off it's decommissioned os lol.

Link to post
Share on other sites
39 minutes ago, JohnT said:

luckily they just downloaded pics of softcore granny porn on the desktop and they were generally a stupid hacker. They saved their password to gmail on chrome. 

na they just moved on to their next victim using you as a proxy. You said they were using gmail from your machine; more victims. You got Granny Porned; they could have changed nothing and cleaned up after themselves and you wouldnt know but for whatever reason they burnt you.

41 minutes ago, JohnT said:

How did they do this?

look up windows 8 CVE. There are tons. You can buy tools, you can get free tools that will do the hard work for you. Rent a server. Set it to scan a range of IPs that are not government or university owned. You had your port open on a vulnerable OS, the most vulgar term I can think of right now to describe this is an internet "glory hole".

1 minute ago, JohnT said:

Laziness because I didn't install a different OS on a functioning system that I stream content from? Maybe cheap. But lazy?

Your company is contractually obliged to NOT supply you with Windows Enterprise. What I am calling lazy is your company is not wiping back to OEM state or destroying the hard drive.


             ☼

ψ ︿_____︿_ψ_   

Link to post
Share on other sites
7 minutes ago, JohnT said:

Thank you for not thinking the worst and calling me names. 

 

I appreciate this link! 

No probs.


I regularly have trouble connecting to the update servers so I'm often forced to sideload, especially for my airgapped systems.

Link to post
Share on other sites
Posted · Original PosterOP
5 minutes ago, emosun said:

if i stick a windows 10 disk in it , it will install windows 10.

 

i like when people use the world literally when it literally is possible to get this machine off it's decommissioned os lol.

I meant Windows updates through the update program. I didn't mean installing a different OS or sideloading updates (which is a new thing I learned from this thread)

Link to post
Share on other sites
Posted · Original PosterOP
10 minutes ago, Ryan_Vickers said:

Lazy?  No, I wouldn't say that.  But "inviting issues" is perhaps apt.  Running out of date software, particularly Windows is never wise, especially in a situation like this where it's open to the internet.

Guess I learned my lesson. As I mentioned I've been lucky for some time now. I guess luck ends at some point. 

 

Im thankful it was a PC of MP3s and music videos from the 90s and early 2000s. I can see how this could have become much worse. 

Link to post
Share on other sites
Posted · Original PosterOP
9 minutes ago, SCHISCHKA said:

na they just moved on to their next victim using you as a proxy. You said they were using gmail from your machine; more victims. You got Granny Porned; they could have changed nothing and cleaned up after themselves and you wouldnt know but for whatever reason they burnt you.

look up windows 8 CVE. There are tons. You can buy tools, you can get free tools that will do the hard work for you. Rent a server. Set it to scan a range of IPs that are not government or university owned. You had your port open on a vulnerable OS, the most vulgar term I can think of right now to describe this is an internet "glory hole".

Your company is contractually obliged to NOT supply you with Windows Enterprise. What I am calling lazy is your company is not wiping back to OEM state or destroying the hard drive.

I see your point. But I'm sure you can come up with something far more vulgar. It might just be too much for this forum haha

Link to post
Share on other sites

My advice would be to spend £20 on a legit windows 10 key from eBay and keep it updated.....I bought one a year ago and have had no issues. Should prevent this from happening again. 


Have you tried turning it off and on again?

Link to post
Share on other sites
Posted · Original PosterOP
5 hours ago, fixitnow said:

My advice would be to spend £20 on a legit windows 10 key from eBay and keep it updated.....I bought one a year ago and have had no issues. Should prevent this from happening again. 

How can a copy from eBay be legit? I have a feeling I would get similar responses that question my integrity if I do that

 

Plus, it sounds like the biggest culprit here is listening port for RDP. I can disable or mask that port so this doesn't happen again.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×