Windows 8 machine hacked :( How??

[johnt]

So I found out today that my Windows 8 machine was hacked remotely. I have RDP enabled and I log in frequently from work to transfer files over the web. It is an enterprise version of Win 8 that came from surplus systems at work. It cannot be upgraded to Win 8.1 or 10. 

 

anyways I have my router listening for port 3389, so I gather that's how they found their way into my PC. But then they managed to get past the windows log in that is password protected. How did they do this??

 

luckily they just downloaded pics of softcore granny porn on the desktop and they were generally a stupid hacker. They saved their password to gmail on chrome. 

 

I just don't understand how they can hack into a PC remotely and break through the password. 

[themctipers]

brute force / windows bug 

[captain_to_fire]

Do you install updates? If no, then that's your problem. Check your firewall settings and look for applications that are connecting to ports that they're not supposed to. Check if you have malware lurking. Worms and Trojans can disable security features of your OS and allow attackers to remotely control your PC. 

[emosun]

11 minutes ago, JohnT said:

It cannot be upgraded to Win 8.1 or 10

So this is a much shorter way of saying "i do not own a legit copy of windows and therefor cannot either install updates or cannot actually install newer versions windows".

So you're saying you have no idea how your outdated os with file sharing and remote access enabled was hacked?

[Tsuki]

12 minutes ago, themctipers said:

brute force / windows bug 

it wouldnt even take that much effort.

if he has his computer actively listening for an rdp connection on an open port, accessing his network is trivial.

there is a reason we secure stuff like that.

[KuJoe]

Don't use port 3389 unless you have a specific reason. There are tons of bots that scan IPs looking for RDP servers on the default port, then it's just a matter of brute forcing or finding some 0 day exploit. My advice is change the port to something else (super easy with port forwarding on your router, no changes needed on your PC) and install 2FA like DuoSecurity, I use it on any Windows machine that I need to access remotely and it's amazing even with the free license.

[Zando_]

22 minutes ago, JohnT said:

Windows

That's how. If you don't stay on top of updates and run a decent AV, you're at risk for exploits. 

[vanished]

Usually when people say Win 8 it's assumed they mean 8.1, or 8/8.1, but if you're literally still on 8, you haven't been updated in ages, so finding a vulnerability would have been trivial.

[johnt]

17 minutes ago, emosun said:

So this is a much shorter way of saying "i do not own a legit copy of windows and therefor cannot either install updates or cannot actually install newer versions windows".

No no. It's an enterprise version that was preloaded on the system before I purchased it from my surplus stock at work. Enterprise versions cannot be updated normally over the internet. We skipped Win 8 and 8.1 and went straight from 7 to 10 as most companies did. The IT people restored the PCs before surplussing which brought back 8.

 

it's just literally not possible to update it

[SCHISCHKA]

21 minutes ago, emosun said:

So this is a much shorter way of saying "i do not own a legit copy of windows and therefor cannot either install updates or cannot actually install newer versions windows".

So you're saying you have no idea how your outdated os with file sharing and remote access enabled was hacked?

there is no legitimate way to take windows enterprise home. it is owned by the business and should be removed on decommissioning the hardware. The cause here is laziness.

[johnt]

34 minutes ago, themctipers said:

brute force / windows bug 

Brute force? Wouldn't they need to install a program first to find the password? I usually see the login screen and I can't do anything without entering my password. 

 

I just don't get it I guess. I've been using RDP since Windows XP around 2005ish. This is the first time I've been penetrated for the lack of better words. Doesn't feel good. 

[DigitalHermit]

3 minutes ago, JohnT said:

No no. It's an enterprise version that was preloaded on the system before I purchased it from my surplus stock at work. Enterprise versions cannot be updated normally over the internet. We skipped Win 8 and 8.1 and went straight from 7 to 10 as most companies did. The IT people restored the PCs before surplussing which brought back 8.

 

it's just literally not possible to update it

If you know the KB numbers for the necessary updates, you can sideload them using the Microsoft Update Catalog (https://www.catalog.update.microsoft.com/Home.aspx).

[johnt]

2 minutes ago, SCHISCHKA said:

there is no legitimate way to take windows enterprise home. it is owned by the business and should be removed on decommissioning the hardware. The cause here is laziness.

Laziness because I didn't install a different OS on a functioning system that I stream content from? Maybe cheap. But lazy?

[johnt]

21 minutes ago, KuJoe said:

Don't use port 3389 unless you have a specific reason. There are tons of bots that scan IPs looking for RDP servers on the default port, then it's just a matter of brute forcing or finding some 0 day exploit. My advice is change the port to something else (super easy with port forwarding on your router, no changes needed on your PC) and install 2FA like DuoSecurity, I use it on any Windows machine that I need to access remotely and it's amazing even with the free license.

I looked around online for a way around using 3389. I couldn't find anything specifically until tonight when I search RDP hacked. Someone was explaining there's a way to forward one port to another. 

[johnt]

4 minutes ago, DigitalHermit said:

If you know the KB numbers for the necessary updates, you can sideload them using the Microsoft Update Catalog (https://www.catalog.update.microsoft.com/Home.aspx).

Thank you for not thinking the worst and calling me names. 

 

I appreciate this link! 

[KuJoe]

Just now, JohnT said:

I looked around online for a way around using 3389. I couldn't find anything specifically until tonight when I search RDP hacked. Someone was explaining there's a way to forward one port to another. 

Yup, that's the easiest way and that's how I do it. No firewall changes needed.

[vanished]

5 minutes ago, JohnT said:

Laziness because I didn't install a different OS on a functioning system that I stream content from? Maybe cheap. But lazy?

Lazy?  No, I wouldn't say that.  But "inviting issues" is perhaps apt.  Running out of date software, particularly Windows is never wise, especially in a situation like this where it's open to the internet.

[emosun]

12 minutes ago, JohnT said:

it's just literally not possible to update it

if i stick a windows 10 disk in it , it will install windows 10.

 

i like when people use the world literally when it literally is possible to get this machine off it's decommissioned os lol.

[SCHISCHKA]

39 minutes ago, JohnT said:

luckily they just downloaded pics of softcore granny porn on the desktop and they were generally a stupid hacker. They saved their password to gmail on chrome. 

na they just moved on to their next victim using you as a proxy. You said they were using gmail from your machine; more victims. You got Granny Porned; they could have changed nothing and cleaned up after themselves and you wouldnt know but for whatever reason they burnt you.

41 minutes ago, JohnT said:

How did they do this?

look up windows 8 CVE. There are tons. You can buy tools, you can get free tools that will do the hard work for you. Rent a server. Set it to scan a range of IPs that are not government or university owned. You had your port open on a vulnerable OS, the most vulgar term I can think of right now to describe this is an internet "glory hole".

1 minute ago, JohnT said:

Laziness because I didn't install a different OS on a functioning system that I stream content from? Maybe cheap. But lazy?

Your company is contractually obliged to NOT supply you with Windows Enterprise. What I am calling lazy is your company is not wiping back to OEM state or destroying the hard drive.

[DigitalHermit]

7 minutes ago, JohnT said:

Thank you for not thinking the worst and calling me names. 

 

I appreciate this link! 

No probs.

I regularly have trouble connecting to the update servers so I'm often forced to sideload, especially for my airgapped systems.

[johnt]

5 minutes ago, emosun said:

if i stick a windows 10 disk in it , it will install windows 10.

 

i like when people use the world literally when it literally is possible to get this machine off it's decommissioned os lol.

I meant Windows updates through the update program. I didn't mean installing a different OS or sideloading updates (which is a new thing I learned from this thread)

[johnt]

10 minutes ago, Ryan_Vickers said:

Lazy?  No, I wouldn't say that.  But "inviting issues" is perhaps apt.  Running out of date software, particularly Windows is never wise, especially in a situation like this where it's open to the internet.

Guess I learned my lesson. As I mentioned I've been lucky for some time now. I guess luck ends at some point. 

 

Im thankful it was a PC of MP3s and music videos from the 90s and early 2000s. I can see how this could have become much worse. 

[johnt]

9 minutes ago, SCHISCHKA said:

na they just moved on to their next victim using you as a proxy. You said they were using gmail from your machine; more victims. You got Granny Porned; they could have changed nothing and cleaned up after themselves and you wouldnt know but for whatever reason they burnt you.

look up windows 8 CVE. There are tons. You can buy tools, you can get free tools that will do the hard work for you. Rent a server. Set it to scan a range of IPs that are not government or university owned. You had your port open on a vulnerable OS, the most vulgar term I can think of right now to describe this is an internet "glory hole".

Your company is contractually obliged to NOT supply you with Windows Enterprise. What I am calling lazy is your company is not wiping back to OEM state or destroying the hard drive.

I see your point. But I'm sure you can come up with something far more vulgar. It might just be too much for this forum haha

[JakeNTech]

My advice would be to spend £20 on a legit windows 10 key from eBay and keep it updated.....I bought one a year ago and have had no issues. Should prevent this from happening again. 

[johnt]

5 hours ago, fixitnow said:

My advice would be to spend £20 on a legit windows 10 key from eBay and keep it updated.....I bought one a year ago and have had no issues. Should prevent this from happening again. 

How can a copy from eBay be legit? I have a feeling I would get similar responses that question my integrity if I do that

 

Plus, it sounds like the biggest culprit here is listening port for RDP. I can disable or mask that port so this doesn't happen again.