Want to become a HACKER? ITProTV has you covered: ntck.co/itprotv (30% off FOREVER) *affiliate link 🧪🧪Try it yourself!! (Links, docs, and walkthrough): ntck.co/follinalinks SPECIAL THANKS to John Hammond (go check him out!!) --------------------------------------------------- -KZbin: kzbin.info -Twitter: twitter.com/_JohnHammond -his amazing article on Follina: www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug 🔥🔥Join the NetworkChuck Academy!: ntck.co/NCAcademy **Sponsored by ITProTV 0:00 ⏩ Intro 1:58 ⏩ How does CVE-2022-30190 work?? 6:33 ⏩ What happens when you open the file? 9:23 ⏩ Let’s set up our zero-day vulnerability lab! 17:29 ⏩Time to test the Malware! 20:00 ⏩ Outro
@YuukiSystems2 жыл бұрын
Omg, your hair looks extremely good today. I like the side parting 🙀❤️ Ohh, and a Big thanks for your Videos. I Watched Them *all* ❤️🌹~
@YuukiSystems2 жыл бұрын
could it be that you got the t-shirt for father's day? xD if so, then that was a cool idea of theirs
@passaronegro3492 жыл бұрын
we follow your work in Brazil 🇧🇷✨ .this encourages me !! thank you brother.
@fxylk2 жыл бұрын
Love the way you talk 🥰
@5eda2 жыл бұрын
you typed mcd
@andyh39702 жыл бұрын
Thanks for keeping the “mistakes” in the video. It reinforces the information sooo much better !
@_JohnHammond2 жыл бұрын
HUGE thanks for letting me come crash the party, NetworkChuck!! Looking forward to all the crazy cool stuff we can do in the future 😎
@NetworkChuck2 жыл бұрын
Ooohhhhh yeaaaaah
@Jarnoz2 жыл бұрын
hi
@savagepro90602 жыл бұрын
I was so scared to 'click' this thread😰
@patrickdee73652 жыл бұрын
fast video on this hot topic, gj
@_AN2032 жыл бұрын
Hello there !!
@marcfer54812 жыл бұрын
It was amazing seeing Chuck test a real vunerability, this could be a very interesting series on your channel!
@gamereditor59ner222 жыл бұрын
Zero-day vulnerability is scary and should be consider to learn with caution. Thank you for the information and keep it up!
@axa8972 жыл бұрын
Its not scary do not open any files from email and you 100% safe 🤷😂
@smashulica2 жыл бұрын
Do not open .docx or .doc anymore that's it. Use a trial vps instead to open if you really need to see what's inside document.
@FatCatMaht2 жыл бұрын
@Hòmè Ďeçoŕè hmmmmmmmmm
@MultiBannanaSHITTTT9 ай бұрын
@@axa897That’s true for this one. But there are 0click 0days out in the wild too. Take for example the pegasus spyware that got installed by just your phone receiving a message/gif and you not doing anything with it.
@kronedog2 жыл бұрын
Thank you Network Chuck for making this video so quickly and of course thanks to John Hammond. I followed along and indeed was fun to play around with.
@mrnobodyatallnoneed2 жыл бұрын
As an ethical hacker in making, I really appreciated this video, very informative as always, thanks, Chuck!
@timeismore72392 жыл бұрын
Can you please hack my old inactive instagram account?
@Enlightened.2 жыл бұрын
Hello there. I hope I am not intruding on your busy schedule. I was just wondering if you knew whether someone found a fix to this that doesn't involve the removal of the new text file option? I followed the official guide to fix it and I just reversed it back to before the fix because I can't bear having to open notepad to created a text file.
@rian0xFFF2 жыл бұрын
@@timeismore7239 Hahaha you think that easy?
@gregatit2 жыл бұрын
As a middle aged bearded geek going through A+ cert after years of computer nerdery, your videos always ring true to what I seem to be learning at any moment be it bash, be it ip sucking at subnetting or zero day exploits…Chuck you are tuned in to what so many delicious topics! Thanks for being our coffee! ☕️
@clorets45096 ай бұрын
yoooooo, where did you reach now ? have you passed A+?
@gregatit6 ай бұрын
I sure did. To date I have my A+, Net+, Sec+, Server+, Cloud+, LPI and am working on my CYSA+ and am lucky enough to be teaching entry level cybersecurity classes in workforce development.
@clorets45096 ай бұрын
@@gregatit daaaaaaamnnn bro
@keithcooper90872 жыл бұрын
Very interesting video. I've been playing with python for the last 5 or 6 months, but never knew you could make a webserver like that. Great content!!!
@carltonbanks194 Жыл бұрын
12:53 was expecting him to say to take another coffee break lolol
@Kevinmulhalljr2 жыл бұрын
Definitely would like to see more of these type of videos. As a user of the 365 support and recovery tool for troubleshooting tenant issues I’m wondering how vulnerable the program is to being exploited, especially not knowing how superficial endpoint scanning is…
@jasonholtham23482 жыл бұрын
Thank you for this video, relateable content as im in the cyber security field. Would definatly be intersted in more content like this.
@mikalichou2 жыл бұрын
Man, after months of "20mn video to explain if/else" it's really really nice to see again full power highly caffeinated Chuck
@djscuffedjays51552 жыл бұрын
Amazing collab! Been following both of you for a while, awesome to see!
@gerardest7212 жыл бұрын
Chuck definitely do more stuff like that!!
@NetworkChuck2 жыл бұрын
Will do!
@ChristianPixtun2 жыл бұрын
You should really do a playlist explaining these vulnerabilities. Yes, there are channels explaining this stuff, but with you and your way of teaching things, explaining a CVE and how it works is a must for security professionals, especially if they want to be blue or red team pros, or even us, who are just passionate of these things. Do a playlist!!!!!!
@Asherstitusworld2 жыл бұрын
Super Video Chuck Your videos are awesome And informative
@steps0x029a2 жыл бұрын
Windows Defender seems to have caught up with Follina. Word still reaches out to the server, but that's it. You get a warning and nothing else is happening - at least with my setup, don't feel too safe. I really like the idea of Chuck and John making content as a team, by the way!
@MrSpyLiam2 жыл бұрын
It depends on what you do with Folina. Hackers are experts in remaining undetected. What Chuck shows you is a very basic attack, but in real life instances victims wouldn't know that anything has been done, other than that they open a Microsoft product and the troubleshooting window runs.
@steps0x029a2 жыл бұрын
@@MrSpyLiamof course. But as Defender seems to actually prevent the execution, it shouldn't really matter what payload is used. I might be wrong, though 🤷🏻♂️
@twcziggybomz1872 жыл бұрын
Hey Chuck , ive actually come across the exact same thing yesterday except it wasnt a word document. It was a whole installation ISO of Windows 11 Pro , which my brother downloaded from the Pirate Bay. it triggered instantly once the installation was completed , and had some more effects to it whereby it damaged hardware so bad that the bios was messed up as well.
@AnotherSkyTV2 жыл бұрын
You mean it ran this diagnostic tool window once installation was finished?
@twcziggybomz1872 жыл бұрын
@@AnotherSkyTV yes once instalation was finished , pc rebooted , once signed in diagostic popped up
@moth57992 жыл бұрын
An ISO that you use at boot has basically full access to your system, not a good idea to download that from a pirate site without checking it in a VM first at least, msdt is the least of your issues when it comes to that lmao
@cleightthejw22022 жыл бұрын
@NetWorkChuck Yes, you should keep doing vids like this. The good thing to this would be your growing along the way AND bringing others with you as they learn these things too!
@plousho19472 жыл бұрын
its really awesome that this video references what you learn in the Hack the box course.
@Bjon102 жыл бұрын
Networkchuck & John Hammond content love to see that! Thank you chuck for the great content
@meercat18802 жыл бұрын
2 of my favorite youtubers looking at one of my favorite zero days
@WJPearce_2 жыл бұрын
Amazing video Chuck. More content like this please dude
@toqq2982 жыл бұрын
Mr. Chuck, i've been following u since 2020 bro. Im so glad i followed u all this years, u make me clear of my path, my careers. All i just want to say is thank you. Keep on what ur doing, if my god wills it, i keep on supporting ur content bro, ( muslim from malaysia ) 😁😁
@itsandroler69962 жыл бұрын
hey I here (am 14) quit Linux like 4-5 months ago as i wasn't able to understand anything. but then i came across you tutorials (Kali for beginners) and now you gain 1 sub, and like to each video. thanks for helping man you are awesome. keep it up
@JemilMarcosTyC2 жыл бұрын
Awesome!!! Tnx for the demo! Btw, gotta love that bash prompt, can you share the code so I can paste it in my .bashrc?
@MRetoastet2 жыл бұрын
It's the standard kali linux prompt. Could be powerline10k
@MrJjboyz4202 жыл бұрын
Thank you so much for this I have been waiting someone to do videos like this!
@gammer802 жыл бұрын
Thanks for you work I love it. Tested it out and got it working. I wonder if the company I work for would have to worry about this. Sure they have it blocked already but you never know. Company is world wide
@sinaan21812 жыл бұрын
I'am too much happy to look at the face of people who talk about vulnerabilities in open source softwares. I'am very very very much happy to know about this zero day vulnerability.
@internetparrot97532 жыл бұрын
I'm 12 and learn so much from this channel. Thanks!
@salvatorenappi27112 жыл бұрын
I'm in love with this videos. I'm 16 and videos like this inspire me in hacking hobby. ❤️🔥
@Digithaiz2 жыл бұрын
Love watching these thanks Chuck and John for sharing! Legends!
@the1observer2 жыл бұрын
Jyst came across his channel, nobody warned me that the Vikings lineage was still going strong. What an evolution path, from raiding to coding. Love the facial hair here, just kidding around. You look like a character in Vikings late seasons, the brother of a King if I recall correctly but his name I can't say. Cheers
@youneskarmouche89602 жыл бұрын
Man I just can hear you talking for hours 😂 I'm french but I just so easily understand what you say without paying attention. I admire your eloquence buddy 👏😎
@theaifam52 жыл бұрын
34 is not a “weird obfuscation” but just “ required so the Base64 receives payload string and decodes it and executes it, like a normal function call where the argument is a string, in this case, a base64 encoded payload
@abdallahnimer98682 жыл бұрын
More of these videos please!
@benarmy222 жыл бұрын
Everytime I watch one of your videos about Linux I learn something new and want to learn more. Great video.
@djones01052 жыл бұрын
awesome! thank you Chuck and John!
@yayer_272 жыл бұрын
Yoo, a collab with John! Amazing video, congrats.
@Cochise852 жыл бұрын
Great stuff. Next time, ease up on the coffee a bit - it was making you hyper and jittery ... but very effective
@CZghost2 жыл бұрын
The intro kind of got me thinking - I can rickroll my friends with this and at the same time teach them about the Follina :D
@duscraftphoto2 жыл бұрын
This was great! I was watching and when you created the new network after you had already generated the word document I was like “that’s not going to work anymore” ha ha! Love yours and John’s content!
@lancemarchetti86732 жыл бұрын
Always loved the fascinating coding style of Zer0-Day since the mid 90's.
@mariyahsumayya55622 жыл бұрын
17:56 Can anyone tell me about the AV evasion techniques for this? I searched Johns content, nothing
@Abdullah-vp2tl2 жыл бұрын
To be honest I am someone how doesn't have an interest in hacking but youtube keeps suggesting your videos which are really fun to watch 🙃
@MarkusMaal2 жыл бұрын
Microsoft be like: it’s not a bug, it’s a feature
@danielkristiansen48722 жыл бұрын
Great video as always and love too see John here aswell! I Followed you along was going to download the follina.doc from python webserver on the windows box, but windows defender deleted it and detected virus. So that is atleast a good thing, looks like Im a bit late to the party !
@KaySwiss212 жыл бұрын
Vulnerability vids are top notch
@michaelmalinowski23602 жыл бұрын
Love John Hammonds content and yourself and would love to see more collabs
@drewzilla12632 жыл бұрын
VERY interesting! Please do more videos like this!
@johnniefaltz22292 жыл бұрын
Nice demo Chuck. John I see you’re still doing your thing. Subscribed!
@unicycle2272 жыл бұрын
Defo a cool video, great to see first hand in a really easy flowing way how to create a lab like this.
@nicolaithune2 жыл бұрын
Super interesting! I don't know if any solution has been found yet. If anyone is interested , there is properly some workarounds, but the one I know about is to disable 'MSDT URL Protocol'. Always amazing to see which ways hackers are getting into people's systems. Thanks for another great video Chuck!
@Mainstayjay2 жыл бұрын
this is what I did through cmd.
@godsman2712 жыл бұрын
@@Mainstayjay I just wrote an batch file for doing this, also included a way to back up the registery key that must be "deleted" so i can restore it when this has been patched.
@Mainstayjay2 жыл бұрын
@@godsman271 you fancy man you. Very cool!
@goldeni022 жыл бұрын
Excellent !! Thanks for this detailed explanation and demo
@thesultan12122 жыл бұрын
this content is amazing!! keep it up this way :)
@amirhoseinmohammadi17262 жыл бұрын
This was GREAT. PLS make more of this videos :)
@0hmannn2 жыл бұрын
this is such a great video! thank you for your work!
@guilhermenocera7392 жыл бұрын
Hey Chuck! What is inside that coffee, man? Your voice speed in that video was like 3.5X already!
@firenhell022 жыл бұрын
3:00 Ooohh that's powerful! Everything on a Windows machine uses the MSDT.
@ztech96042 жыл бұрын
is that github script still working ? it showing error to me
@firenhell022 жыл бұрын
@@ztech9604 I haven't tried to download it yet.
@whazzup99982 жыл бұрын
YES! More of this!
@mtech19612 жыл бұрын
I often wonder if you record your Voice and Video at Normal speed and then speed it up before uploading? If not Kudos to you, pretty amazing.
@kumarsatyam65692 жыл бұрын
I have a question for you sir, macbook is best for programming/hacking or windows??????
@aarizkhanshaikh11112 жыл бұрын
If u are comfortable with windows then stick with it! U just need 16gb ram 1tb hard disk and a decent processor for that!!
@maskedredstonerproz2 жыл бұрын
linux is best generally, but out of those two mac is better, windows sucks for everything technical
@KDE6662 жыл бұрын
Windows is definitely not a good OS for hacking, but it's the best to get hacked 😂👍
@maskedredstonerproz2 жыл бұрын
@@KDE666 yes, definitely
@moth57992 жыл бұрын
Mac kinda sucks, use whatever OS you want for your personal computer and then use a linux VM + windows VM for security testing like this.
@objectiveSquid2 жыл бұрын
Imma send this to my friends and add something saucy to their browser history file lol
@th3_GR33n_h00D2 жыл бұрын
Yes more of its kind of videos will be great I enjoyed every minute of it Chuck you rock!
@patrickhallermann38442 жыл бұрын
Really great video. I loved how you showed troubleshooting and set up that Python web server to share that file. Great content as always.
@lidori982 жыл бұрын
Amazing! thank you for showing it
@12fishcake Жыл бұрын
Always make sure to follow instructions correctly, coffee breaks at the correct times are absolutely critical
@Cesar33-pl2 жыл бұрын
Excellent video! 👍
@guycohen44032 жыл бұрын
Wow nice video, especially liked the part with the python server, I didn't know you can do this it so cool
@wellsilver39722 жыл бұрын
I think the most people became aware by microsoft's post on how to fix it by just like 2 command line things
@matteocassino31722 жыл бұрын
Also interesting stuff besides follina: python web server and adding a NAT network in VirtualBox on-the-fly. Got it running. Thx a lot!
@ando1gy6hgcghh2 жыл бұрын
This entire day, I see this vulnerability everywhere lol 😂😂 Btw, this vulnerability works just on few versions of Office.
@cobalt-snake61252 жыл бұрын
Which versions of Office are affected?
@ando1gy6hgcghh2 жыл бұрын
@@cobalt-snake6125 365, 2017 - 2019 I think
@taahaseois.88982 жыл бұрын
If it is in RTF format, you don't have to open it.
@ando1gy6hgcghh2 жыл бұрын
@@taahaseois.8898 Yup, that's right
@Adthin2 жыл бұрын
@@cobalt-snake6125 the latest one is. don't know about the rest, also I'm pretty sure microsoft said they aren't going to fix it
@sergioibarra4532 жыл бұрын
great video, I love your content, greetings from Mexico
@roberto3662 жыл бұрын
What happens if the user clicks "cancel" from the diagnostic tool? or force closes word
@CoryResilient2 жыл бұрын
So. How do you edit the text doc or set it up to bypass windows defender.
@alanchichilla2 жыл бұрын
Absolutely crazy. Great quality content. And scaaaary exploit.
@angryanubisart88932 жыл бұрын
awesome work thanks for the quick response!
@mariof.19412 жыл бұрын
As far as i saw and read u are on a safe track if u only open the doc in Save Mode, right?
@accesser2 жыл бұрын
SOE Engineer, Stuff like this makes my team busy, pushing our the reg hack fix to 4,000 devices to try and mitigate this along side reporting status updates to management fun times
@jesseduncan61542 жыл бұрын
I just got me AWS and love the Channel and education
@JustADragon2 жыл бұрын
In well preped .rtf you don't even need user interaction. The preview of .rtf in windows explorer is enough. Maybe event outlook preview of .rtf file attachment - not sure rn.
@Spitfire_Cowboy2 жыл бұрын
Keep up the excellent work folks!
@krishg7672 жыл бұрын
Superb..... I watch only like movie hacking video... Really don't know how it's working..... Thanks .....
@Lampe20202 жыл бұрын
12:18 Saying: "CMD", typing: "mcd"... 13:47 You call the file manager in Kali (I don't know exatly which is installed there...) "Explorer or whatever" and then call the *M$ Windows Explorer* "Finder" (which is the iMac's file manager)... Nice video!
@Y27-s7n2 жыл бұрын
Amazing content, well done!
@milo_andrs2 жыл бұрын
Interesting, so the word file needs to be open everytime for you to get access?
@Chatec2 жыл бұрын
Wow! Great work 👏
@Isaac0-dev2 жыл бұрын
definetely do more of this. great video
@allezvenga76172 жыл бұрын
Thanks for your sharing
@rileywarren97602 жыл бұрын
Chuck, I think you’ve had enough coffee breaks. Love the videos!
@mikealuspol58192 жыл бұрын
Nice Video NetworkChuck, thanks for the information and i think that you can disable the msdt with a registry key so we can be more safe.
@StephenCurry-nm7io Жыл бұрын
In essence, exploits of Follina involve a Word document containing a web link to an attacker-controlled web resource. Since Word automatically fetches such embedded links, the attacker may specially crafting their content such that it invokes a MSDT instance which may be used to force the execution of attacker-supplied Powershell commands. However, you failed to mention that Follina may be exploited in a zero-click fashion using a file in an .rtf format which runs the code via the Preview Tab in Explorer.
@ribu9649 Жыл бұрын
i followed the steps of opening the microsoft word document, it prompts a message upon open the follina document which says "enter the passkey provided by your support professional". any idea?
@fufu_btw Жыл бұрын
I have the same thing. The Windows 11 Development environment has a MSDT version patched for this exploit. Seems like we need to create a virual machine from scratch !
@hycheng15 Жыл бұрын
Having the same thing. :( I use Windows 10 21H2 64 bit + Microsoft Office 2019 Enterprise (ODT). Do anyone have the right combination of OS and Office version that reproduce the vulnerable environment successfully?
@sebastianxx36872 жыл бұрын
so to temporiarly stop this it would be best to stop ms-msdt ? like replacing handling of this protocol in registry
@alexzimmerman34472 жыл бұрын
Thanks for sharing, this is cool stuff!
@Malisha_Rasiru Жыл бұрын
Please tell me the windows exact version affected this and where can I get that to test for my university assignment I must do it 😥😥
@behrad97122 жыл бұрын
Ow thank you and thanks to John 😊
@perfectentry64442 жыл бұрын
Crazy question. Could you use apple diagnostic command and use a web os to accomplish the same task?