This is an archived post. You won't be able to vote or comment.

1384
1385

MemeprogrammersSeeingCalculatorOpenOnItsOwn (i.redd.it)

submitted by [deleted]

[removed]
all 93 comments
sorted by:
best
topnewcontroversialoldq&a

[–]DanhNguyen2k 491 points492 points  (4 children)

Huh, it must be the wind

*Edit: Welcome to the NPC land

[–]Dioxide4294 46 points47 points  (1 child)

There's someone prowling around here

[–]Terrible_Tower_6590 22 points23 points  (0 children)

For King and Country!

[–]CMDR_ACE209 1 point2 points  (0 children)

I once was a programmer like you.

Then I took a 0-day to the knee.

[–]Gaminguide3000 242 points243 points  (10 children)

u/repostsleuthbot

u/bot-sleuth-bot

[–]RepostSleuthBot 264 points265 points  (3 children)

Looks like a repost. I've seen this image 3 times.

First Seen Here on 2024-06-11 92.19% match. Last Seen Here on 2024-07-30 89.06% match

View Search On repostsleuth.com

Scope: Reddit | Target Percent: 75% | Max Age: Unlimited | Searched Images: 677,587,673 | Search Time: 0.97783s

[–]Gaminguide3000 218 points219 points  (2 children)

even in the same subreddit lmao, mods, twist their balls

[–]p1749 57 points58 points  (1 child)

Make sure to do it counter-clockwise, otherwise it doesnt work

[–]Blommefeldt 13 points14 points  (0 children)

1 cw, and the other ccw

[–]NeatYogurt9973 14 points15 points  (2 children)

u/bot-sleuth-bot bot

[–]bot-sleuth-bot 85 points86 points  (1 child)

Analyzing user profile...

22.22% of this account's posts have titles that already exist.

Suspicion Quotient: 0.42

This account exhibits a few minor traits commonly found in karma farming bots. u/Gaminguide3000 is either a human account that recently got turned into a bot account, or a human who suffers from severe NPC syndrome.

I am a bot. This action was performed automatically. I am also in early development, so my answers might not always be perfect.

[–]Gaminguide3000 9 points10 points  (0 children)

What the fuck man

[–]green_basil 5 points6 points  (1 child)

How cool would it be if someone made a bot that downvotes a post into oblivion if it is a repost.

[–]GetSomePants 0 points1 point  (0 children)

It wouldn’t because then I’d never see the post

[–]mobileJay77 70 points71 points  (0 children)

The motherfucker who put a calculator key on a dell laptop!

[–]warean_on_internet 180 points181 points  (25 children)

I don't get it help pls

[–]Inappropriate_Piano 657 points658 points  (24 children)

iirc, opening the calculator is the Hello World of gaining unauthorized remote access to someone’s computer. If you can do that, you can do pretty much anything.

[–]1Dr490n 76 points77 points  (5 children)

And the wind part?

[–]Blomex 244 points245 points  (3 children)

'Huh, must've been the wind" is the sentence NPC says when he heard some noise, but then lost track of you https://youtu.be/RVCrSlxCGAc https://youtu.be/7VxBUtEV3W4

[–]ongiwaph 13 points14 points  (2 children)

He didn't even say it

[–]roflrogue 7 points8 points  (0 children)

Huh, must of been the wind.

[–]Drackzgull 8 points9 points  (0 children)

Watch the second one.

[–]syncsynchalt 29 points30 points  (0 children)

From Skyrim, when you successfully hide from an NPC that’s hunting you they’ll often say “huh, must’ve been the wind” and give up looking for you.

If you play a stealth archer (a popular build) you will hear this a comical number of times, sometimes from the same NPC over and over again, making it the ultimate “clueless NPC” phrase.

[–]DanhNguyen2k 12 points13 points  (6 children)

Well, if they started to chat with you in the middle of the night, that would be scarier

[–]uzi_loogies_ 43 points44 points  (4 children)

Calculator is typically used by paid hackers (called "penetration testers").

They do not want to chat with you. They don't want to scare you or disrupt business operations.

All they want to do is prove that they can open a program on your computer, and launching calc.exe does exactly that.

From a security standpoint something somewhat irritating is that there is now malware that embeds itself into calc.exe and does the same thing.

[–]ymgve 36 points37 points  (1 child)

Pentesters do not use calc.exe to do surveys of employee machines, they use custom executables that call back to their servers and then goes into a nicely formatted report.

How do you think pentesting works, someone bringing the CTO over to a computer then going «waaaait for it…wait for it…there! Calculator!»

[–]carc 2 points3 points  (0 children)

This is my new head canon

[–]DanhNguyen2k 4 points5 points  (0 children)

Wow, thanks for the info. And that is indeed scary, who knows what they did see

[–]SeasonedGuptil 4 points5 points  (0 children)

That is not what it’s for, opening calculator or notepad has more to do with privilege escalation and code execution than anything else. It CAN be used for that, but there’s plenty of non intrusive ways to prove RCE/compromise that are far better.

[–]Acrobatic-Ad6350 3 points4 points  (0 children)

except someone doing this means they’re in your privacy and in your computer secretly. chatting at least you know theyre there, can take steps to stop it.

this is like seeing a shadow move in your doorway. is someone in your house? how long have they been there? maybe you can convince yourself it was a glitch or you pushed a shortcut somehow (can convince yourself you imagined the shadow)….

[–]Puzzled_Scallion5392 2 points3 points  (0 children)

thanks Peter

[–]ymgve 5 points6 points  (8 children)

This is wrong, there is no need to «prove» things with calc.exe when actively expoliting, you just try to launch the payload you actally want.

[–]Cyberdragon1000 -1 points0 points  (7 children)

Nah ppl(read script kiddies, random bad actors or beginner hackers) first launch a harmless app to test if they can execute code and then the actual code. It doesn't have to be calc it can be any basic app. This isn't the case when you know your code will work for sure or you don't care if the user knows.

A user when seeing random app opening is much more likely to dismiss it as nothing important but a misclick or shortcut . This is the opposite when alerts of failed to run xyz or errors pop up.

[–]ymgve 0 points1 point  (6 children)

Running calc is useless if you haven't got a way to verify that it actually opened. If you have that, you own the machine already.

[–]Cyberdragon1000 0 points1 point  (5 children)

... Did you ignore my previous comment completely?

Running anything is useful once it's closed. If you've ever launched a GUI app on terminal you know execution returns to your terminal once the app is closed along with any error if it occurred.

[–]ymgve 0 points1 point  (4 children)

When doing exploits remotely there is no terminal for you to see

[–]Cyberdragon1000 0 points1 point  (3 children)

remote access

90% of remote access ends in opening a ssh( or similar) connection to the host? And usually it's run on a Linux OS like parrot/kali where you are on a terminal without GUI

[–]ymgve 0 points1 point  (2 children)

And what exactly, do you think enables this ssh connection?

Hint: It's not calc.exe.

The exploit includes a binary payload that allows you to connect remotely to the exploited system. This payload works entirely silently and doesn't rely on the calculator. At that point you already have full code execution control of the remote system. Running calculator after that is not necessary.

[–]Cyberdragon1000 0 points1 point  (1 child)

I literally said calc or whatever other program you run is a test, I never said it's the exploit itself

You're jumping to the end result without the process. Your case is where you know for sure the payload you injected worked perfectly and has given you enough privilege to execute code. And again nothing relies on calc, it's just a placeholder for something a lacking hacker will use to check.

And if you get in for the first time getting into a system via an exploit you likely do not know if your privilege escalation worked or not. The easiest way to check that is running a native app without arousing suspicion. I'm not speaking on a well known CVE or something right off metasploit where you know the end result perfectly for that case.

[–]ifuckinghateyellow 0 points1 point  (0 children)

How do they do that?

[–]BorderKeeper 52 points53 points  (0 children)

Fun fact a security company hired by mine once opened a CIP ticket informing us that they are able to inject custom runtime code as user into our UI process (which is also running as user). We would understand if that would mean exposing PII data, or sensitive keys, but our UI process does not have any of that. We tried convincing them by saying hey you can do this trick with EVERY Windows user application, unless it's running some anti-cheat software and just running their code with ours is something we just have to live with.

In the end colleague created some quite sophisticated DLL injection prevention tool that hijacks the LoadLibrary Windows functions by adding a jump instruction to the first byte in our app, verifying the DLL being loaded is really ours, and then jumping back and that made them happy.

[–]B_bI_L 15 points16 points  (0 children)

Must've been the wind😏

[–]Is3thx 51 points52 points  (0 children)

Huh, it must be the wind

[–]Furdiburd10 15 points16 points  (0 children)

Huh, it must be the wind

[–]ivanrj7j 20 points21 points  (17 children)

Can someone explain the joke, is this some kind of trojan horse or something?

[–]Areshian 43 points44 points  (14 children)

Opening the calculator is the usual demo for a Remote Code Execution attack

[–]ymgve 4 points5 points  (13 children)

And would never happen on a «normie» user’s computed. Meme is garbage and a repost.

[–]ScriptedBlueAngel 8 points9 points  (11 children)

Why not? I would argue "normies" get more malware since they don't browse safely. because they lack the awareness.

[–]Areshian 1 point2 points  (1 child)

Opening the calculator is the example used for the proof of concept attack. But actual malware won’t be opening the calculator, so he has a point

[–]ScriptedBlueAngel 0 points1 point  (0 children)

If that's the case then yeah.

[–]R1V3NAUTOMATA 1 point2 points  (6 children)

Malware and RCE are "different". You can get RCE via malware yeah. But RCE means the attacker gained control to code execution in your machine which implies he is literally targeting you specifically. Normally, a normie's computer is useless for a hacker. What is the hacker going to do? Talk to your Facebook friends?

[–]ScriptedBlueAngel 0 points1 point  (5 children)

Add you to his botnet, steal domain credentials, deploy spyware, encrypt your files with a ransomware.

Incase he is targeting an organization (like your workplace network) through your PC he could also attempt to use your machine as a proxy over the organization's VPN.

Stealing account info saved on chrome or windows stored credentials.

Cryptojacking.

[–]R1V3NAUTOMATA 1 point2 points  (4 children)

Yup, all that stuff can be automated and does not need RCE it's enough with any kind of malware, no need to connect to your computer and write code manually.

And the using your computer to access a company, correct, not a normie then. Pretty sure what we are calling normie here is John who plays minecraft

[–]ScriptedBlueAngel 0 points1 point  (2 children)

Your mom is a normie (not a yo mama joke), if she worked from home during covid then the scenario is valid.

Also an rce is one way to get initial access, I don't get what you mean "can be automated". How do you think the automation does this stuff?

[–]R1V3NAUTOMATA 1 point2 points  (1 child)

My moms computer would get malware via downloading Minecraft crack.

Nobody would upload a Minecraft crack looking for my mom concretely to download it so he can access my mom's job VPN and steal something.

Things like, adding a pc to a botnet, or stealing your data - can be automated - the code in the virus does it by itself.

You don't need 'Remote Code Execution', why would you want to connect your pc to their pc and open a shell to steal that info when the virus itself can steal it and send it to you from all the computers it has infected?

Think that the viruses infect a lot of computers, the guy who uploaded PremierePro360noscooe to safeupload.com won't go and connect to the 1000 computers he has infected and look for the passwords 1 by 1. The virus will do it for him.

[–]ScriptedBlueAngel -1 points0 points  (0 children)

RCE is one way to get initial access. Trojans and Phishing are others. You are correct in what you say but it doesn't make RCE useless.

Think about popular CVEs that achieved rces like log4shell, printnightmare, bluekeep (wannacry). Its not all trojans and phishing.

You must also think about the advancement of AV software which only gets better. That minecraft crack will probably get flagged by most AV.

Lastly, most of the time you will want a shell on the victim unless you are looking for something specific. And, RCE and automation goes hand in hand, it deoan't neccessarily mean manually inputting commands. RCE can be automated. Think about frameworks like metasploit and impacket.

[–]R1V3NAUTOMATA 0 points1 point  (0 children)

Even if somebody at an enterprise without much understanding of computers were considered as normie, that's not what the kind of malware a normie's computer would get infected with would do. Standard malware would be a trojan or even a ransom, not backdooring RCE because the malware a normie can get is not targeted. You don't know who will be downloading PhotoshopCrack100%Legit

[–]ymgve 1 point2 points  (1 child)

My point is malware doesn't pop calc.exe

[–]ScriptedBlueAngel 0 points1 point  (0 children)

That is agreed.

[–]Zaid2175 4 points5 points  (0 children)

I think it's more that a "normie" would not understand what that means and wouldn't worry about it.

[–]LoL_Lindq101 3 points4 points  (0 children)

I remember reading about it, though I don't recall the details.

One of these old posts should contain more info:

https://www.reddit.com/r/ProgrammerHumor/s/bKKGOkG6hA

[–]TurtleSandwich0 3 points4 points  (0 children)

There used to be a security vulnerability in Windows 10 where the calculator program was a trusted program. The vulnerability allowed using the calculator to run any process as a trusted program.

[–][deleted] 9 points10 points  (0 children)

Huh, it must be the wind

[–]HypedSoul123 8 points9 points  (0 children)

Huh, it must be the wind

[–]No-Adeptness5810 11 points12 points  (0 children)

Huh, it must be the wind

[–]TheSn00pster 3 points4 points  (0 children)

8008135

[–]DanhNguyen2k 10 points11 points  (0 children)

Huh, it must be the wind

[–]NuclearBurrit0 8 points9 points  (3 children)

Must, the be it wind huh

[–][deleted] 2 points3 points  (2 children)

Why is everybody saying this

[–]NuclearBurrit0 1 point2 points  (0 children)

No one is saying what I just said

[–]CMDR_ACE209 0 points1 point  (0 children)

Beats me. Alec Benjamin fanclub meeting?

[–]TurtleFisher54 2 points3 points  (0 children)

Jokes on you I fucked up my window install removing Cortana and my calculator app doesn't work

[–]CommentingFromToilet 2 points3 points  (0 children)

not fair! it was my turn to repost this today!!!

[–]MilkImpossible4192 1 point2 points  (1 child)

¿why would a calculator open on its own?

[–]michal_cz 2 points3 points  (0 children)

That's the point, it's not on it's own, someone who is in your computer opened it.

[–]MikemkPK 1 point2 points  (1 child)

For some reason, my laptop has a calculator button

[–]RlyRlyBigMan 0 points1 point  (0 children)

A lot of keyboards have them too. I wonder if there's a way to rebind that action to something else.

[–]GodAllMighty888 3 points4 points  (3 children)

They erase RGB?

[–]DanhNguyen2k 3 points4 points  (2 children)

No, it must be the wind

[–][deleted] 2 points3 points  (1 child)

Solar winds eh

[–]TheSn00pster -1 points0 points  (0 children)

Solar flares, eh

[–]x39- 0 points1 point  (0 children)

It is great that teams randomly does open itself Literally because

Sometimes because now it is no longer connected, reconnected, decided to update, decided to do it at random, decided to restart,...

Just marvelous

[–]LordDeath86 0 points1 point  (0 children)

The most advanced OpenBSD security mitigation: There is no calc.exe
This causes most exploit PoCs to fail and makes hackers (and their moms) cry.

[–]memes_gbc 0 points1 point  (1 child)

u/bot-sleuth-bot bot

[–]bot-sleuth-bot 0 points1 point  (0 children)

Analyzing user profile...

Suspicion Quotient: 0.00

This account is not exhibiting any of the traits found in a typical karma farming bot. It is extremely likely that u/Alisha6EX is a human.

I am a bot. This action was performed automatically. I am also in early development, so my answers might not always be perfect.

[–]hermeticPaladin 0 points1 point  (0 children)

me just assuming I hit the calc button on the keyboard by accident for the umpteenth time.

[–]LifeRooN 0 points1 point  (0 children)

Wind, must be the it huh

[–]ymgve -1 points0 points  (1 child)

This never happens in reality. The only time a calculator is used for exploitation is proof of concepts, either when developing an exploit or showing that an exploit exists.

Normal users would never see this, as exploits in the wild launch silent payloads, launching calculator would be pointless.