benjojo.co.uk

benjojo posted 22 Jun 2024 12:55 +0000

Having this as my default www root page to scare all security auditors to stone

$A Windows XP IE6 window on http://localhost and the page contents is a big windows XP logo saying "Your web service is now running" "Welcome to IIS 5.1" and "to add documents to your default website, save files in C:\inetpub\wwwroot"$

marius@kiessling.soc.. replied 22 Jun 2024 13:01 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/5M895FQ8V4tG9dy49s

@benjojo now I need to go and hunt down an HTML dump of this page to actually use as the web root across my machines

acontios@masto.hivan.. replied 22 Jun 2024 13:37 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/5M895FQ8V4tG9dy49s

@benjojo would you share the index page ? That could be a nice honeypot troll 😉

nico@ublog.byme.at replied 22 Jun 2024 15:09 +0000
in reply to: https://masto.hivane.net/users/acontios/statuses/112660541240296969

@acontios @benjojo It isn't the default page because it is restricted to localhost.
The code say: "We don't want localstart.Asp shown to outside users." and it redirect to iisstart.asp

But if it is only for the LOLz, here a WinHTTPTrack download of the page after removing the localhost-check and fixing some other permission-related issue:
https://internalexception.byme.at/temp/IIS_Default.7z

It should contains everything needed to create an honeypot.

FritzAdalis@infosec... replied 22 Jun 2024 15:28 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/5M895FQ8V4tG9dy49s

@benjojo
I use the NT4 version:
http://rekrunk.shockley.net/

mich181189@nerdcultu.. replied 22 Jun 2024 21:09 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/5M895FQ8V4tG9dy49s

@benjojo somewhere I have phpinfo() from PHP4 near perfectly recreated as a Golang template… for exactly this sort of purpose

4censord@unfug.socia.. replied 22 Jun 2024 23:21 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/5M895FQ8V4tG9dy49s

@benjojo where would one aquire such a page to scare their own auditors?

april@lethallava.lan.. replied 23 Jun 2024 10:39 +0000
in reply to: https://unfug.social/users/4censord/statuses/112662839854071907

@4censord@unfug.social @benjojo@benjojo.co.uk i also want to know :3c

benjojo replied 23 Jun 2024 10:49 +0000
in reply to: https://lethallava.land/notes/9uuzdm49kk

@april @4censord https://ublog.byme.at/objects/5b33ab25-7130-4d75-b8a5-ffbfc4776d7a

april@lethallava.lan.. replied 23 Jun 2024 10:50 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/9F48dqvMrY2384xh15

@benjojo@benjojo.co.uk @4censord@unfug.social heck yeah :3

jame@wetdry.world replied 23 Jun 2024 02:40 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/5M895FQ8V4tG9dy49s

@benjojo oh i want this genuinely

i_lost_my_bagel@mast.. replied 23 Jun 2024 04:20 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/5M895FQ8V4tG9dy49s

@benjojo reminds me of how i changed my 404 page to be the IIS one

https://lilysthings.org/somepagethatisntreal

ferrata@hachyderm.io replied 23 Jun 2024 05:05 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/5M895FQ8V4tG9dy49s

@benjojo that's awesome

mr_daemon@untrusted... replied 23 Jun 2024 05:11 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/5M895FQ8V4tG9dy49s

@benjojo I use to serve the NT4 one for this back in 2003 for the same reason lol

LightTheUnicorn@ligh.. replied 23 Jun 2024 07:24 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/5M895FQ8V4tG9dy49s

@benjojo Gosh it's been a very long time since I saw that.

quantensalat@astrodo.. replied 23 Jun 2024 07:33 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/5M895FQ8V4tG9dy49s

@benjojo hahaha

mgleadow@mastodon.gr.. replied 23 Jun 2024 08:12 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/5M895FQ8V4tG9dy49s

@benjojo I used to tell Apache to send headers saying it was on all sorts of old esoteric systems. I did once set up a server which I knew the customer would pen test and set the header to clean it was a Commodore 64 just to see if they queried it

geert@society.oftrol.. replied 23 Jun 2024 10:08 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/5M895FQ8V4tG9dy49s

@benjojo Interestingly, I don't recall ever seeing such a page, while it's fairly common to run into apache/lighttpd/nginx default pages...

rmd1023@infosec.exch.. replied 23 Jun 2024 11:32 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/5M895FQ8V4tG9dy49s

@benjojo @tychotithonus brilliant.

nils_ballmann@infose.. replied 23 Jun 2024 12:35 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/5M895FQ8V4tG9dy49s

@benjojo @0xabad1dea

I just wanted you to know... I'm gonna steal that. Trash Panda Meme

h0nza@pix.securelab... replied 23 Jun 2024 13:47 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/5M895FQ8V4tG9dy49s

(@benjojo@benjojo.co.uk)

🤓😆

forgifuzzbutt@forgi... replied 23 Jun 2024 16:43 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/5M895FQ8V4tG9dy49s

@benjojo I used to have the NT4 server as a landing page for one of my domains. Now it lives at https://forgifuzzbutt.com/iis/nt4

Need the XP one though 👀

patterfloof@meow.soc.. replied 23 Jun 2024 18:17 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/5M895FQ8V4tG9dy49s

@benjojo at least it'd load quicker than the mandatory company webpage at work, that lets you get half way through typing a web address before it loads & overrides that

hanscees@mas.to replied 23 Jun 2024 20:51 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/5M895FQ8V4tG9dy49s

@benjojo @mackaaij vicious

antonis@mastodon.soc.. replied 26 Jun 2024 10:11 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/5M895FQ8V4tG9dy49s

@benjojo Set this as your lock screen too:

benjojo replied 26 Jun 2024 13:59 +0000
in reply to: https://mastodon.social/users/antonis/statuses/112682379747418731

@antonis A while back I had the XP bliss wall paper, did raise a few eyebrows on peoples first glance, good times!

janvhs@hachyderm.io replied 23 Jun 2024 06:37 +0000
in reply to: https://exquisite.social/users/mischa/statuses/112660446615593878

@mischa @benjojo you literally download it, when you open the page lol

benjojo replied 23 Jun 2024 23:17 +0000
in reply to: https://toot.lgbt/users/minervous/statuses/112667077264784027

@minervous if you look at the thread from my instance you should see people providing links to zip files with everything you need to replicate it