How Hackers Login To Any Websites Without Password?!

No video

How Hackers Login To Any Websites Without Password?!

Рет қаралды 606,183

2 жыл бұрын

// Membership //
Want to learn all about cyber-security and become an ethical hacker? Join this channel now to gain access into exclusive ethical hacking videos by clicking this link: / @loiliangyang
// Courses //
Full Ethical Hacking Course: www.udemy.com/...
Full Web Ethical Hacking Course: www.udemy.com/...
Full Mobile Hacking Course: www.udemy.com/...
// Books //
Kali Linux Hacking: amzn.to/3IUXaJv
Linux Basics for Hackers: amzn.to/3EzRPV6
The Ultimate Kali Linux Book: amzn.to/3m7cutD
// Social Links //
Website: www.loiliangya...
Facebook: / loiliangyang
Instagram: / loiliangyang
LinkedIn: / loiliangyang
// Disclaimer //
Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing so that we can protect ourselves against the real hackers.

Пікірлер: 520

@iqlessmemes4115 2 жыл бұрын

It's a good day when hacker loi uploads.

@Driftwood740EvSide 2 жыл бұрын

Agreed

@codespeed116 2 жыл бұрын

and bad day for someone who he hacked

@UnknownUser-sj3sc 2 жыл бұрын

Facts

@sciencekingdom2322 2 жыл бұрын

Exactly bro Just found it and am already happy

@hf-xb2wy 2 жыл бұрын

try website I provide

@gauntletwielder6306 Жыл бұрын

Interesting video. However…. 1. The IP address used in the video, is PRIVATE. Which means the server is on the same private network and probably NOT behind a firewall… therefore unrealistically easy to access. 2. Only completely incompetent people open up all ports to all IP addresses of a server facing the Internet. This is the kind of thing that would get someone fired immediately. 3. Most user names and passwords ( actually hashed passwords ) are stored in databases. Storing plaintext or encrypted passwords, goes against best practices. 4. Most password inputs check for the length ( is it too short or too long ) and content ( does it have numbers, lowercase, uppercase ) of the password BEFORE attempting to validate the password. Nice video, but too many red flags for me.

@kanister21 Жыл бұрын

5. more and more websites forces user to use 2FA

@UnDarkVader Жыл бұрын

6. The exploit is very old. Its very less probably that this service didn't update in many time.

@dev-debug Жыл бұрын

The target was setup for the sake of the video but yeah on a modern server install most of what was running is off by default at install or firewalled. I haven't seen FTP enabled in a long long time, virtually everyone uses SFTP now. FTP and web apps like forum software had tons of security flaws in the past, they were the easy way in.

@epolpier Жыл бұрын

Red flags ? It's a pure bullshit...

@animalconsultant7796 Жыл бұрын

Yeah basically all usernames and passwords are stored in a database and you’d need a lot of CPU power to crack anything

@theunveil8333 2 жыл бұрын

No trash talk, right into the topic nice vid man

@FRUITSparty 5 ай бұрын

It's more complex than what he teach. Especially when you meet firewalls , other protection system timing.

@FzEdits 2 жыл бұрын

Really enjoyed the shorter video format here. Keeps things simple

@moabifokotsane 2 жыл бұрын

THE REAL LESSON : Find the login access port , look for vulnerabilities (of overall system) , exploit the vulnerability, when shell runs move on dir to find the login access system, look for config file of the login system, get credentials, HACK COMPLETE. 😄 NB : the system doesn't need to be running services you saw on the video only to be hackable, its a process learn and understand it, then apply steps on any machine. The lesson here is to understand the concept ((technical steps)) not to learn about a new vulnerability. Many systems have different services therefore the ((technical steps)) will remain the same but dealing with different machines, services and vulnerabilities.

@ufc786 2 жыл бұрын

Are most websites all hackable ? Like loi showed. Can all websites be hacked as admin ?

@Sp3cia1m4n 2 жыл бұрын

@@ufc786 all website are hackable but you have to find the right vulnerability for it, but you wanna hack web applications without any basic knowledge of programming language, Linux, windows, type of vulnerability, I guess go watch other channel this channel clearly don't explain what he's doing exactly.. Bottom line I came here to laugh at his stupidity and leave and found your comment thanks

@YasiruRidmaka Жыл бұрын

andrew tate?

@user-vz8fs9yl8i 8 ай бұрын

😂😂😂😂😂

@burstfireno1617 8 ай бұрын

Larry Tate 😂

@Lazumor9 7 ай бұрын

LMAOOOO

@YasiruRidmaka 7 ай бұрын

@@user-vz8fs9yl8i 🤣

@YasiruRidmaka 7 ай бұрын

@@Lazumor9 🤣

@alexanderohman1707 Жыл бұрын

How many servers are inside your own firewall, has passwords stored in plain text and all ports open and would accept an the hash rather than the password? This is like "opening a door without a key" when the door is a shower curtain.

@Pinkyyybrainn Жыл бұрын

But, imagine you never knew how to open the shower curtain - that's where this video helps!

@Smiley957 Жыл бұрын

I think this video is meant for inexperienced web app developers who need to learn about these vulnerabilities.

@animalconsultant7796 Жыл бұрын

But dude he hacked it dude, dude

@tourreallen6872 2 жыл бұрын

I wish you uploaded this two weeks ago. lol you taught me everything me prof did not in under 7 mins and he had a whole semester lol This is exactly what we did on the final even down to the elastics. makes me want to fire up Linux rn lol very informative thank you.

@momosayma6647 2 жыл бұрын

I need to find a login URL, can you find that please?

@Pinkyyybrainn Жыл бұрын

Just install linux and follow this guide man!

@vinothnatarajan9154 Жыл бұрын

Hi, very interesting, i love this, how to connect you to learning.... pls help me out...

@kamraman6487 2 жыл бұрын

hacker loi why have you not been uploading 😭😭😭 my kali linux is running i have nothing to do

@Franciscolney 2 жыл бұрын

i watched many of your videos ,live demostrations,etc, i knew that you are an expert... Interesting...

@Deepu253 2 жыл бұрын

help me( i stucked at Started reverse TCP handler in metasploit)help me

@onlyfuns7410 2 жыл бұрын

Same☹️

@Deepu253 2 жыл бұрын

@@onlyfuns7410 how to get rid out of it

@ronitdhase2511 2 жыл бұрын

You can never take a chance to skip loi's Video..!!!!!

@FunTime-qj9hn 2 жыл бұрын

yes i like it, every second is important.

@sushant7906 2 жыл бұрын

Hi , sir can you give us a road map in hacking field like what we learn first and how we become a successful hacker

@tamaragraham8342 Жыл бұрын

If you guys want to log in on any websites then you guys should watch these videos about how hackers log in any websites.

@lynxi-b1e Жыл бұрын

Hi sir, I need your help. Please

@juliusrowe9374 2 жыл бұрын

Loi, thanks for another brilliant tutorial sir!

@creditphysician173 Жыл бұрын

It's a cool place, i don't what yo say i just liked and all the spies stuff they got

@hassanwandoow3999 2 жыл бұрын

hello how are you i want to learn syp security i want to become syp security but i didn't get good website can your help me pleace am from uganda am waiting your answer and teel me the fees if i manech i learn it

@mustaqimahmed3304 Жыл бұрын

Can you show a video if some sites use vpn how to hack them;

@Griff0617 2 жыл бұрын

Hi Loi Liang Yang i have been hacked and can you pls help me if my pc is still hacked.

@Notthetylor Жыл бұрын

Hi. Is it save for me try to huck something for practice? 🤔

@JesusChrist-zt6rg 2 жыл бұрын

Oh God. I'm about to deploy a website all by my big boy self for the first time (meaning not a squares pace website but a website I hard coded **ahem with lots of open source help**). I'm worried it's gonna be vulnerable and now i'm really worried lol. But I'm gonna be much more careful now.

@god8774 2 жыл бұрын

You called for me? lol jk have a nice day, son.

@randomletters1834 2 жыл бұрын

JESUS!!!!!!!!!

@melbinalbert1525 2 жыл бұрын

Is there any way to track the live location of a mobile phone.

@burikat392 2 жыл бұрын

Hello sir. I have a friend scammed on intime tax refund website. He invested ₱50,000 and got scammed. Can you help my friend sir

@seiv- Жыл бұрын

I mean, you got yourself a meterpreter shell on the server. Why tf you would after that need to login to a random whatever service that the server is hosting ?

@fflecker Жыл бұрын

Can you realy use the hash in the glassfish config file as the password ?

@lauwer_v6504 2 жыл бұрын

Hello mr hackerloi i didn't understand why did u search the exploit elastic or how did you know that it was the exploit to use please do answer (love ur vids btw) Lauwer

@2Sor2Fig 2 жыл бұрын

Elastic is a common package used to enable search on many websites. He knew to use that exploit specifically because the nmap command returned it as one of the services running on an open port. Don't get too excited, though. There's almost no chance you'd find an open port to a service like that which wasn't password/IP address protected. This only works because the victim machine was intentionally very poorly designed.

@lauwer_v6504 2 жыл бұрын

@@2Sor2Fig Thanks for your answer, although i wasn't getting excited, i was just wondering why he did use this exploit other than a other (Thanks again for your answer)

@2Sor2Fig 2 жыл бұрын

@@lauwer_v6504 No probs

@dietrichdietrich7763 Жыл бұрын

Okay, how do I protect my WordPress site from this kind of attack?

@bluesquare23 Жыл бұрын

Updates! Automatic updates!!! Get a plugin for it or put a wp-cli command on a cronjob. Always keep ya shit up to date!

@Peppermint1 4 ай бұрын

Small tip: if you suspect a hacked page, enter a wrong password, if you get access then walk away

@JJs_playground Жыл бұрын

How secure are banking apps on an android phone, with fingerprint biometrics?

@TruthSeeker12345 Жыл бұрын

Informative and brief... Well Done...

@rcchristian2 Жыл бұрын

Back in the old days, we would have to take that HSH and decrypt it. What I don't get is you enter the encrypted password in to the INSPECT element, but how does it decrypt it? It clearly isn't decrypting it. Is this a way around the decryption?

@ArikCool 7 ай бұрын

Password isn't decrypted, he simply removed the code that hides the characters of the password. He is pasting the same hash string if you look carefully.

@rcchristian2 7 ай бұрын

@@ArikCool haha! :) I wrote this a year ago... lol forgot about it. Yeah I figured it out shortly after I posted this, but forgot I posted! I didn't realize this was a private IP what he did was use a remote code execution vulnerability (in glass fish) that created a shell on the server. From the shell he found the password stored in plain text. Glassfish was looking at the POST body and hashing anything with type password and because the type was removed, the value of password wasn’t hashed server side and just compared against the stored hashed password.

@ArikCool 7 ай бұрын

@@rcchristian2 hey thanks for elaborated answer but I have one question. So. because he removed the 'password' property from input variable the server won't hash tje password?

@rcchristian2 7 ай бұрын

@@ArikCool said _"So. because he removed the 'password' property from input variable the server won't hash tje password?"_ Exactly. Apparently that was a vulnerability in Glassfish which I assume has been plugged by now. I think what the point of this video is... finding shell, executing server side commands, you can find exploits and vulnerabilities in tons of applications server side because of less security and bad programming. I think this is what the video poster was trying to demonstrate.

@ArikCool 7 ай бұрын

@@rcchristian2 Thank you very much dude for the help, I checked your playlisy called 'something to think about' its great to know that we share the same interest.

@sadidas1 2 жыл бұрын

Sir big fan please reply how to start with your "how to hack series".what shall I know or learn before starting before starting or algorithm of starting it

@lishmansupport716 2 жыл бұрын

☝️☝️ get in touch with them on the official page they can help get hidden information about background checks and other services available in pdf

@janthony824 3 ай бұрын

Hi I've been having a lot of issues with cellphone data and home Internet. In the first part of the video you said u know u would know if someone would hack you. Can you explain the process or tools you use for that??

@tanmoyrajtuhin8653 2 жыл бұрын

Brother, how can I be a member of your youtube channel?

@Filipino8729 2 жыл бұрын

hello, how are you. just want to ask how to recover social media got hack and they changed password, name and make it private. i still have my social media link that been hack.

@wahyono1739 2 жыл бұрын

Sudo msfconsole need a passwd and where we can find this passwd ?.if we target a machine is it posible that we know the msfconsole passwd ?

@SqurdTheOne Жыл бұрын

so, if a hacker hacks my outlook. changes its name. (wich i know) how can i hack it?

@Goldindollar Жыл бұрын

Your awesome!! Love the videos you make

@basilbrian 2 жыл бұрын

Wow! I've been waiting for you😂

@reinoob 2 жыл бұрын

What about just leaving port 80 open and proxy whatever you need to be open to the world?

@2Sor2Fig 2 жыл бұрын

Yeah, all those services should be running in dockerized containers without publicly exposed ports. Poor systems architecture seems to be 70% of getting hacked.

@nerdygeek9865 2 жыл бұрын

Let’s face it some of us are here to get revenge on someone

@3dsbros64 Жыл бұрын

And let's be realistic for those who want that: You will not be able to hack that person. *cries*

@labiV1 Жыл бұрын

@@3dsbros64 sadly 😢

@3dsbros64 Жыл бұрын

@@labiV1 ye i know 3dsbros64 0001

@sfincione2000 Жыл бұрын

Yeah, this was pointless since he's "hacking" his own server and has loads of ports open. This isn't hacking

@techwithajak 2 жыл бұрын

Your a best ethical Hacker sir

@cameronrich2536 9 ай бұрын

Only a mad lad would show how to hack their system. I've been telling you guys he's savage

@abiolamashood3829 Жыл бұрын

hey can you help get some credible details on how i can access the student portal of our school

@masterkeyplanolocksmith3674 2 жыл бұрын

Amazing, but could you please speak a little bit slower please🙏

@momosayma6647 2 жыл бұрын

I need to find an admin login page, can anybody please help?

@mc.chandra1935 Жыл бұрын

how long does it take time for the result nmap -sV -p1-65535 ipadd ?

@SamuraiXProGaming 2 жыл бұрын

just awesome nice bro just keep moving forward

@ltthepm 2 жыл бұрын

Hello Loi I’m 17 years old starting out in the e-commerce, reselling business buying and selling items from thrift stores to Walmart and target. And throughout this since I can’t have my own debit card yet I have to buy visa gift cards and someone has stolen some of my info I’ve used to register those cards I’m pretty sure. They keep buying something from google play and stole about $150+ if I’m correct and even though that may not seem like a lot to you it’s a lot for me due to the current situation I’m in. what’s a way I can prevent this from happening again and if able to can you or your subs help me out? I wanna find out who the person behind this scam is so they can get justice but the visa website never has customer service available

@shaxzoddavlatov3957 2 жыл бұрын

😆😆 he get password from config file and config file located in local computer.

@shutanovac 2 жыл бұрын

lolz this is what he does in every video, mixing it with some hackery mumbo jumbo and dramatic overacting 😂

@telischrisos2628 Жыл бұрын

Lol

@EGTFROUDHACK Жыл бұрын

You need to be hiden once you do this, i think you forgot to specify this, any scan you do you're ip gets send to host, so you need to use proxychain

@nervonabliss2071 Жыл бұрын

Anyone willing to do this should know that already

@user-vq8pe9dd7e 4 ай бұрын

Please does this work and have you tried it

@vijayendrarathod 2 жыл бұрын

Totally uselesss as 2013 vulnerability already patched in 2022

@amirramadan3625 2 жыл бұрын

Do u ve the new version tools!!

@vijayendrarathod 2 жыл бұрын

@@amirramadan3625 0day vulnerability reported to bug bounty and reporter need to agreed to non disclosure agreements untill the vulnerability fixed hence whatever paylod exist in Metasploit it is already patched so no point to use that useless things

@amirramadan3625 2 жыл бұрын

So that mean that no one can do it anymore??? Is there any chance to do this!!

@vijayendrarathod 2 жыл бұрын

@@amirramadan3625 if you can get 0day payload before it patched in real world

@djvinesse1719 2 жыл бұрын

Some Info here helped me! Thank you friend!

@KeroZimerman Жыл бұрын

I don’t get it. How is removing the “password” type from the password input field make the server accept the verbatim password hash instead? AFAIK, the only thing the “password” property does is display ‘*’s and deny copying its contents. Whatever the user enters *must* be converted to a hash (with salt added) before comparing it to the stored hash.

@telischrisos2628 Жыл бұрын

Haha indeed.

@CodrTV1 Жыл бұрын

My guess is that is the vulnerability that’s being exploited here. Probably Glassfish is looking at the POST body and hashing anything with type password. Because the type was removed, the value of password wasn’t hashed server side and just compared against the stored hashed password.

@KeroZimerman Жыл бұрын

@@CodrTV1 Yes, that is a plausible explanation. This would be *very* lazy programming, though. The server must *never* assume that the data provided by the client is benign.

@CodrTV1 Жыл бұрын

@@KeroZimerman oh absolutely. But this is why vulnerabilities exist. Inexperienced developers making silly mistakes.

@daitedve1984 Жыл бұрын

There is no need to remove "password" type - it's just for presentation. Actual trick is to prevent JS from hashing your ALREADY HASHED password and send this hash directly to the server (like it's done by JS). Nothing hard and done logical.

@meysamamarlou7671 2 жыл бұрын

why you are so fast😄 please make one video about how to find admin login page

@Steve_Bloks Жыл бұрын

how to install metasploit? i tried sudo apt install metasploit but it didnt work

@dasariupendarrao4233 2 жыл бұрын

Love from India 🇮🇳🇮🇳❤️

@BambiOnIce19 Жыл бұрын

Just hit 'ENTER' ????? lolol Yes, i've done it before.... But I DO behave these days, just staying out of trouble.... However, i find your videos so very delightful, you are very, very, VERY good. I cannot believe that they even let you publicise all this information - unbelievable

@Kiddie91 2 жыл бұрын

Sir, is the target from the AWS cloud?

@xinuai3655 2 жыл бұрын

Thank you for tips but im not talking abt this video but another my phone got hacked and your tips helped me so the hacker tried to send sms called access content blah blah to many numbers but my sim hasnt been rechared so i was fine thanks

@mohamaddahhan6069 2 жыл бұрын

really nice camera and energy, love it

@ilanamper9436 Жыл бұрын

What to do if No Session was created ?

@codopy Жыл бұрын

you should have told them how long the nmap scan took 😂 😂

@devopsyoutube Жыл бұрын

7 hours!!!!!!!!!!

@onlyharleygames Жыл бұрын

does it effect the server of the website ? by scanning all the ports ?

@mitchellpullin4766 2 жыл бұрын

what program are you using?

@linux6065 9 ай бұрын

Just awesome!

@rupadas9040 Жыл бұрын

Wow so lovely vedio... Really amazing.. Well done thanks for sharing this vedio . 🙂🙂🙂

@qshindia 8 ай бұрын

Great tutorial sir, love this from India. Sir can you make a video how can i recover ranking hacked website. My site was hacked and recover the content but failed to get visitors and ranking in serch engine

@deadbrad6041 Жыл бұрын

0:38 i love his threats ahhh like an anime villan!

@willywonkka 6 ай бұрын

Who leaves the ports open? 😂

@kevinm7523 2 ай бұрын

People can forget to wipe their own assess, forgetting to close ports isn't a stretch

@mr-black_rock321 Жыл бұрын

nowadays nobody put the password in config file, we use volt with hash value. Its waist of time to crack password. Phishing is most powerful tool for hacking.

@adnansheikh4751 Жыл бұрын

Hii ,sir your video is great ! I LEARN ALOT OF haking from your channel

@jacoblessard8213 2 жыл бұрын

Whatever you do, don't tell them you know who is Hacker Loi 👀

@trioluminatti Жыл бұрын

Bro ethical hacking is much more difficult than this in real time, WTF is all these?!

@captianhegantv6638 2 жыл бұрын

I loving hacking but ,not knowing the way

@iwasthererecording Жыл бұрын

What if 2FA is enabled? 🤔

@rikysharaya5110 Жыл бұрын

thn u very much , even i tried it , it works 👍👍👍👍👍

@katherinefiori 10 ай бұрын

Is there any way I can see my gmail password whilst I am logged in on my pc? I don't remember the password and it is not saved in password manager. Please help 🙏🥺🥺

@swizzleedits8500 2 жыл бұрын

Could you do a video fro roblox like hacking a roblox account?

@pa32779 2 жыл бұрын

0:45 *That crap scares me man, pls no evil laugh* XD

@dollymartin3035 2 жыл бұрын

Good day sir please how can I become a member of this channel sir …

@bilalkhan-gj5su 4 ай бұрын

Hi Sir how i can change content of someone other website that i am not the owner because some website sharing my property personal information like cars pictures etc?

@GET_A_LIFE_420 Жыл бұрын

My dad is also cissp certified and also and aws trainer but he never let watch stuff Can u help me in hacking a pvt website portal

@AMI13554 Жыл бұрын

Failed to resolve/decode supposed IPv4 source address "V": Temporary failure in name resolution

@expertgamer2309 Жыл бұрын

Can you please tell a password of a site/someone login password to me.....if possible...please

@sharky9493 2 жыл бұрын

Thanks Loi ,very good. I learned somthing new....but,,please slooooow down! You are to fast. Had to press stop several times to read the output,, and understand :)