7 ай бұрын
7 ай бұрын
Жыл бұрын
Жыл бұрын
Пікірлер
@Revelation-X 4 күн бұрын
Eh, in most modern sites the admin login panel isn’t available to the public. If it is, it’s probably a dead website
@pentest_TV 4 күн бұрын
You’re assuming this is an external Pentest. They show up all the time on internals. Thanks for the comment!
@Revelation-X 4 күн бұрын
@ oh I see, makes sense. I was the one who misunderstood. Could explain the difference between the two please. I have a vague idea but I’m not sure if correct
@pentest_TV 4 күн бұрын
@@Revelation-X It was a good point and to be fair, I have seen admin panels on external-facing websites numerous times over the years. But I see them all the time on internal pentests where admins don't consider the insider threat. For clarification, an internal pentest is where the pentester is given access to an organization's employee network, to see what threats exist from insiders, like disgruntled employees, contractors, facility staff, etc. Thanks again!
@reginalsamedy5632 20 күн бұрын
song ?
@pentest_TV 17 күн бұрын
"Money:Power" by Roonin
@abhulimenwisdom8692 21 күн бұрын
Will practice on this. This is very detailed!! 👏🏾
@pentest_TV 21 күн бұрын
Awesome! A layer 2 attack is something I always employ during an internal pentest… definitely a skill to have.
@the_pale_wolf Ай бұрын
How to find an ip address of an website?
@pentest_TV Ай бұрын
Lots of ways and depends if it’s on the same networking domain or not, and if it’s internet facing or not. Head over to the discord server - it’ll be easier to talk about it there. 👍
@TeoCurcudel-yv6ws Ай бұрын
Great video! Could you link me the file with the hashes? I couldn't find it on your website.
@pentest_TV Ай бұрын
Sign up for this free course: pentest.tv/courses/professional-penetration-testing-support-media/
@imammuldok7557 Ай бұрын
Is redis misconfiguration like that common in the wild?
@pentest_TV Ай бұрын
Yep. Think of it this way… the tools and techniques wouldn’t be created or published if these kind of attacks weren’t seen in the wild. 😬
@imammuldok7557 Ай бұрын
@@pentest_TV 👍
@Docto4St4ang3 Ай бұрын
great vid
@pentest_TV Ай бұрын
Thank you!
@Piedrasama Ай бұрын
Great stuff, my go to place for more knowledge and tips on pentesting. Very interesting.
@pentest_TV Ай бұрын
Glad you’re enjoying the content! 😎
@ibnmahamoudambdulanziz5549 2 ай бұрын
Mr robot ??
@pentest_TV Ай бұрын
Good show but I couldn’t get through all the seasons. First couple were great though.
@randyriegel8553 2 ай бұрын
Good video!! That's why I use sftp or scp with public/private key pairs for login on my internet facing servers.
@pentest_TV 2 ай бұрын
That's the correct answer - definitely encrypt or better yet, key pair your access. You'd be amazed at the number of FTP servers within enterprise organizations that are default anonymous logins and unencrypted. Thanks for watching!!
@BangBangBang. 2 ай бұрын
Attacking the configuration because of account strength in regards to the password? Nah more like the authentication side of it.
@pentest_TV 2 ай бұрын
Weak passwords are considered a fault within the configuration, specifically password strength policies. Thanks for watching!
@ajpresents5317 2 ай бұрын
Doing great work keep it up ❤
@pentest_TV 2 ай бұрын
Thanks for watching. Glad you’re enjoying the content! 😎
@rouxanfuture 2 ай бұрын
hello, i am new. I tried to mirror the network settings but i cant enable promiscouos mode or evn change the name. Any help?
@pentest_TV 2 ай бұрын
Swing by the discord server - easier to provide support. Bring screenshots. 😜
@Cyber-r5p 2 ай бұрын
helo
@pentest_TV 2 ай бұрын
Thanks for watching!
@MarioliCarrasquero-k6d 2 ай бұрын
🤯
@tadeubotelho4410 2 ай бұрын
I have a closed source software that I paid a lot for, I use a PCMCIA card that I bought from the manufacturer with 2000 thousand credits that are debited from the card every time I use the software. The software manufacturer died and now I only have 2 PCMCIA cards that are fully encrypted. Could I intercept the communication between the software and the PCMCIA card? I need some traffic information because I am trying to insert the card, or emulate the card in a virtual environment or simply create a virtual card with the Raspberry Pi. Intercepting the communication between the software and the card would allow me to get the encryption password of the card. That would help me a lot. Could you give me some tips? I wish you success
@pentest_TV 2 ай бұрын
Based on the information provided, my gut instinct is that “yes” you can intercept the traffic, but “no” you won’t be able to read it because it’s encrypted. Also, wireshark wont help you with this - you have to redirect the output of the software to something that will collect a copy of the data between the software and hardware. This is a much deeper conversation than the comment section of KZbin can handle, so good luck!
@cybersavage1337 2 ай бұрын
Great content!
@pentest_TV 2 ай бұрын
Awesome - glad you found it useful!
@HenryArcher-tg1ie 2 ай бұрын
Yo you present your case very well, really appreciate the info Man....cheers A
@pentest_TV 2 ай бұрын
Glad it helped - thanks for watching! It’s a complex topic and I tried my best.
@ExsanDwiCahyono 2 ай бұрын
try crack my hash $pdf$2*3*128*-764*1*16*230f589d06e8c3eab44aa3af89c04f2b*32*8ea265073620579eb43c4777f313bae900000000000000000000000000000000*32*902c5f76d9af5e756f0de74a67c00f4ff0189a2875b54b8c635a04fe97c0e2cb
@blockchainsecurity 3 ай бұрын
Great tool, thanks for the video
@pentest_TV 3 ай бұрын
Thanks for watching!
@FredrickSiegmund 3 ай бұрын
Please, is msfvenom outside metrosploit framework? I emjoyed the whole session but that part confused me
@pentest_TV 3 ай бұрын
It’s part of the framework from the concept that it’s made by the same people and the output of what you generate from msfvenom can be used with other metasploit framework tools, like msfconsole. It is its own thing, but works with other things, if that makes sense.