We Asked 5 Celebrities What Their Favorite Internet-Exposed Dashboard Was, And You’re Not Going To Believe What They Said!
I (ycamper) was at the fourth annual ub0rhax UK red carpet event last Tuesday to ask celeb guests one question: What’s the wildest and most cray-cray internet-accessible dashboard you’ve EVAR seen bro?! And you won’t BELIEVE what they SAID!
#5 Beyoncé
As long as I have been alive, Beyoncé has been rocking the stage, dropping the mic, and scanning the internet! This 41-year-old superstar crowd-pleaser has spent the last few decades making hits, and now she’s here to give us the skinny on her favorite internet-connected dashboard she found bedazzling on the internet!
ycamper: when you’re not killing it at a performance, what is your favorite search query for finding inet_connected dashboards?
Beyoncé: I love slick user interfaces and outlandishly detailed system and network metrics. So when I’m looking for a bit more information about a host for a big hack I’m working on, Netdata Monitoring Dashboards give me all that and more, HANDS DOWN! Best of all? No authentication, they just let it all hang out! SINGLE LADIES SAY WHAT!
ycamper: WOW! That’s great, Beyoncé! Thanks for your time!
same_service(
services.http.response.headers.Server="Netdata Embedded HTTP*"
AND
services.http.response.html_title="netdata dashboard"
)
#4 Angelina Jolie
Angelina Jolie has played a mysterious mental patient, a mysterious super-spy, and a mysterious adventuring videogame adventurer. Still, today she tells us about the internet-exposed dashboard she learned about when on the Hackers set that made all the guys go WOWZA!
ycamper: Way back in 1995, you were in the absolutely true and fact-based documentary “Hackers” did you learn anything about internet-connected dashboards while on the set?
Angelina: Well, that was a very long time ago, but I do remember my character, Kate Libby (aka Acid Burn), popped a shell on a Kubernetes cluster because their k8s management system, Rancher, was exposed to the internet. If I recall correctly, many Rancher installs didn’t even have authentication enabled! Anyway, they are super easy to find on the internet! Install an XMR Miner today!!1
same_service(
services.http.response.headers.unknown.name: "X-Rancher-Version"
and
services.http.response.html_title: "Loading…"
)
#3 Daniel Radcliffe
Daniel Radcliffe stole our hearts and minds when he played Harry Potter in the movie Harry Potter, and now the 33-year-old heartthrob actor tells us he wants to steal our data!
ycamper: Dashboards, Internet exposure? Yes? Which? No?
Daniel Radcliffe: I’m sorry, what?
ycamper: oh, right, sorry. Yes. On the set of Harry Potter, did you ever learn any MAGICAL haxxing skills for internet-connected dashboards?
Daniel Radcliffe: When working on the second H.P. film, Alan (Professor Severus Snape) showed me how you could easily find dashboards for monitoring and managing Traefik HTTP reverse proxies. With a few twists of a knob on an unauthenticated install, I can easily route an entire company’s production network traffic somewhere completely different! Traefik is particularly interesting because it’s often used as a front-end for large-scale and complex network architectures. Also, you can install XMR miners!!2. Zakamooshappapoo Fwoof! That is the magical word for “GIVE ME ACCESS TO YOUR TRAEFIK!” ha ha, just kidding, I’ve already installed the XMR miner.
same_service(
services.http.request.uri: "*/dashboard/"
and
services.http.response.html_title=Traefik
)
#2 Justin Bieber
Here at ycamper industries, we’re all Beliebers! And who best to Belieber the point then with the Bieber man himself! Justin Bieber sits down with us to discuss his most favoritist internet-exposed dashboard that he can’t stop thinking about on stage! Your minds will not be able to comprehend what he tells us!
ycamper: so, uh, you into internet-exposed dashboards?
Justin Bieber: I’ve seen a lot of wild things in my life, but seeing unauthenticated Jenkins CI build systems just sitting out there with no auth to authenticate, I just think “someone not going to be happy when hackers figure out they can execute a shell on the server using the Groovy script console”. So Jenkins CI dashboards, no cap, worst thing I’ve seen on the internet I mean, why would you put your Continuous Integration systems right up there on the public internet? Don’t you know that I have access to your source code? It makes no sense, man. It makes NO sense.
ycamper: huh? oh, what? yeah. Justin Bleeper, everyone!
Justin Bieber: That’s “Beiber”…
same_service(
services.http.response.html_tags:"Dashboard [Jenkins]"
and
services.http.response.status_code=200
)
#1 Young Thug
Everyone’s favorite thirty-year-old young thug, Young Thug! My boy is dropping beats, packing heat, and hacking leet! Last Tuesday, we caught up with Mr. Thug in the studio and asked him what kinds of searches he uses when he needs to go buck wild on a nation-state, and he had this all to say!
ycamper: I have to be honest here, I really don’t know who you are, but as I understand it, you’re really into critical infrastructure, amirite?
Young Thug: Well, to be more specific, I like to look at people’s industrial control systems cuz I’m a freak like that. When I was Younger Young Thug working for hax0r Team Alpha Bearcat Lion 8 Alpha 9, I would scour the internet looking for the perfect target, and sometimes I would find these things called C-More HMI, which seems to be an SDK of sorts for configuring and administrating touch panels for various operations. It seems a lot of farms and water treatment plants use it, which is cool. I ended up downloading the RAT it links to and checking it out in Ghidra, figuring out that, by default, there is no authentication. And it’s super easy to find! Give me all your sewage treatment plants!!!
services.http.response.html_title='C-more -- the best HMI presented by AutomationDirect'
