No video
I legally defaced this website.
Рет қаралды 513,668
Күн бұрын#pentesting #ctf #hacking #cybersecurity
00:00 - intro
00:33 - Disclaimer
00:43 - Mapping the website
02:15 - Directory listing
04:03 - Hidden portal
05:42 - Bruteforce
06:04 - More enumeration
06:53 - FTP access
07:12 - SSH hacking
08:22 - Another website
09:16 - Interesting file
10:59 - Read arbitrary files
14:11 - More enumeration
14:52 - Backup file with htpassword hash
15:17 - Cracked the hash
16:19 - File upload
22:50 - Remote Code Execution
24:17 - Privilege escalation
25:25 - Website defaced
DISCLAIMER: The techniques shown here should strictly be used on targets you HAVE permission to test. NEVER hack something you don't have permission to.
In this video, I demonstrate how to hack a CTF target, get root, and deface it in just a few minutes. Web developers will learn a lot on how to secure their websites! Ethical hackers will learn hacking techniques to help their clients become more secure.
Credit: Challenge ch4inrulz: 1.0.1 from @mohammadaskar2
🔥Use Coupon THEHACKERISH and Get 5% discount on CRTP and other courses on www.alteredsec... when you pay with Stripe.
🚀 🔥 Become a pentester
academy.thehac...
📙 Learn the technical skills:
thehackerish.c...
📙 Become a successful bug bounty hunter: thehackerish.c...
🆓 Download your FREE Web hacking LAB and starting hacking NOW: thehackerish.c...
🌐 Read more on the blog: thehackerish.com
🇩 Discord: / discord
💪🏻 Support this work: thehackerish.c...
- Facebook Page: / thehackerish
- Follow us on Twitter: / thehackerish
- Listen on Anchor: anchor.fm/theh...
- Listen on Spotify: open.spotify.c...
- Listen on Google Podcasts: podcasts.googl...
@Simone-uu8ne 10 ай бұрын
As someone who works in the reliability engineering team of a medium-sized corp, this is literally one of my worst nightmares. People don't realise how easy it is to create vulnerabilities in bigger projects.
@illsmackudown 9 ай бұрын
"nightmares" why do dreamers get jobs but i dont
@ForgottenChronicler 9 ай бұрын
I'll always remember the story of a group of kids who hacked into Epic Games and stole a TON of data from them because someone at the lower level reused passwords
@Katt-- 8 ай бұрын
@@illsmackudownwhat?
@Jerry_Rune 8 ай бұрын
@@Katt--u have nightmares when you sleep and dream so he was saying why do dreamers get jobs
@kiwipomegranate 7 ай бұрын
@@illsmackudowneveryone dreams?? Anyone can have nightmares? Even if you don’t remember your dreams they are very important for your short and long term memory storage
@CaliberCreativity 11 ай бұрын
As a Junior offensive cybersec student this was so informational. I loved the methodical method you explained and really liked to watch the whole process. I always struggle to find good methodical aproches from where to start and how to deal with roadblocks when trying to sort things out. Hope to see more of this on your channel
@thehackerish 11 ай бұрын
Glad it was helpful! There are similar challenges I already solved in the Penetration Testing playlist. Make sure to watch them as well, so many hacking techniques available
@bikdigdaddy 10 ай бұрын
@@thehackerishthank you so much. i subbed and hoping for awesome content :)
@BillAnt 5 ай бұрын
Too many basic oversights here, like leaving an html.bak open including a hash with a simple password like "frank!!!" smh this guy deserves to be hacked. lol
@piggy004 Ай бұрын
@@thehackerishyou are a good hacker.
@Gmarkooo 11 ай бұрын
Ur Channel is underrated. Please dont stop posting, I know your channel will blow up one day.
@thehackerish 11 ай бұрын
Thanks for the warm comment. Don't hesitate to share it with your fellow buddies
@Gmarkooo 11 ай бұрын
@@thehackerish Will do
@Exotic69420 11 ай бұрын
@@thehackerishgot recommend to me so you're getting recommended
@GunsandGuitars69 11 ай бұрын
That's his main goal.
@4louisMC 11 ай бұрын
@@thehackerishIm not a dev, but this was very interesting! Gread vid!
@Zuzyk 11 ай бұрын
Another solution instead of the file api could be to name the file ”0.php%00%.jpeg”. The check might be looking for the filename to end with .jpeg but in some versions of php when php writes the file to disk it looks for the first null character in the filename to know when it’s “done”. That way “0.php%00%.jpeg” becomes “0.php”
@Aera223 9 ай бұрын
I literally have a page called 0.php as my admin page, but I protect it with both a url parameter and an access code (And modified my directory listing to exclude sensitive files)
@NoahtheEpicGuy 8 ай бұрын
@@Aera223 Simple. Zuzyk hacked you. Good luck... to both of you.
@nothingnothing1799 8 ай бұрын
@@Aera223good to know, might have to take a look at your website
@qwoolrat 10 ай бұрын
to think all of this can be mostly protected by ratelimiting the user and not letting them send thousands of requests in a few minutes
@tbuk8350 10 ай бұрын
If you would want to secure that, an API shouldn't take a file as an input, you should store any user-uploaded files with an ID that you store in a database and have the API reference that ID to find the file. That's already the whole "access any file on the system" issue fixed. Then, you should make sure that the API is the only thing that can access those user-uploaded files, and you should make sure the code behind your API treats the data as a string and doesn't execute it. It is also generally good practice to have every admin page locked with a secure, hashed password, and if you want to go above and beyond the server should only take requests from your private key, any incorrectly encrypted requests should be ignored as they didn't come from your key.
@Q2FwaXRhbGlzbSBiYWQu 10 ай бұрын
You forgot that you should always keep your system up-to-date, no matter if you only host a website on it or it's your main computer.
@tanza3d 9 ай бұрын
alternatively you can use an S3/R2 storage for files instead which worst case allows attackers to view all the files on the storage
@KangJangkrik 11 ай бұрын
"Be a developer first, before being a hacker" - my mentor
@DJTimeLock 10 ай бұрын
The best hackers are the best developers too. It takes understanding what you write to identify possible security issues.
@maximonlinee 6 ай бұрын
also think like a hacker when programming sensitive stuff
@Cornell_ 11 ай бұрын
As someone who's currently developping a pretty big web app these videos always scare the shit outta me man ! I am pretty confident that I'm able to produce "safe" code but, the fear's always present. Love the content tho
@thehackerish 11 ай бұрын
It always helps inviting ethical hackers to be sure. If your company can make it happen, request a pentest
@txic.4818 11 ай бұрын
invite bug bounties ^^
@scary34 11 ай бұрын
Your channel is so underrated , LOVE IT
@thehackerish 11 ай бұрын
Thank you so much!! Share and spread love ❤
@TechAmbition 10 ай бұрын
Man this was straight Information, No Stupid Intro, No Freaking, Direct Knowledge❤
@yima7 11 ай бұрын
i started studying cyber sec a couple months ago and your channel is a gem, really keeps me motivated as a see the things i'm learning being applied and it helps a lot with piecing together an image. Thanks a lot for sharing this :)
@thehackerish 11 ай бұрын
Great to hear! Thanks for your lovely comment. Best of luck in your career
@Just_CocoGaming 11 ай бұрын
Where you doing this at homie ive been wanting to get into it
@thehackerish 11 ай бұрын
There are many online labs I explained in previous videos. Look for root-me, tryhackme, hackthebox, hacker101 and ctfchallenge.com
@larry1851 11 ай бұрын
The File API should have been configured to only give access to specific folders. For the upload API you could search for code symbols etc. Also a cooldown for login attempts would slow down such bruteforce attacks. But this was a very good and informational video. Also a follow up video where you would go into detail on how to prevent such exploitation would be great.
@mx338 10 ай бұрын
Especially of you're a developer, you should just use static site generation or write a HTML site from scratch, for a simple site like this. Static HTML allows for no attack surface and even a default config web server on an up to date, reasonably secured Linux system, should provide practically no attack surface.
@gayusschwulius8490 7 ай бұрын
Static HTML (with CSS, obviously) should be the default for all websites anyway. Non-exploitable, small file sizes, no spying on users, accessible from all browsers and devices. PHP should be used only where it adds to functionality; JS should be used even more sparingly only where strictly unavoidable for a certain functionality (and it should always be possible to use all non-JS-dependent features of a site even without it installed). In web development, less is more.
@mrobvious6112 11 ай бұрын
Haha, it is like some real world CTF I use to do, and some steps where similar... man, this kind of stuff is what I like to watch so I can memorize it again, and not forget about it.
@thehackerish 11 ай бұрын
Enjoy! And many other similar ones are already in here for you to learn and remember
@Rudxain 9 ай бұрын
I learned a lot from this video! However, at 17:08 I knew what you were gonna try. Appending "garbage" data to a JPEG or PNG is "the oldest trick in the book". In rare cases, we can trick the server into stripping the header, allowing us to upload arbitrary files without extra data
@azimulhasan4391 11 ай бұрын
amazing content , gives a lot of insights on exactly whats going on in the websites
@willhearn9191 11 ай бұрын
You had access to an anonymous FTP server. I believe you could have uploaded a PHP backdoor and used the LFI to include the script.
@thehackerish 11 ай бұрын
Sure! Provided you have the rights to do it
@wrathofainz 10 ай бұрын
I remember my first hack. I used blind sql injection and got the login details of admin and used it to replace images on the site with memes. Good times.
@hakijin 2 ай бұрын
As someone who is not doing anything this video was really helpful on finding annoying comments.
@It_is_adrenalin 11 ай бұрын
well, underrated AF, keep it going man! Apreciating your content
@thehackerish 11 ай бұрын
Thanks, will do!
@abdelbakiberkati 4 ай бұрын
- i got remote code execution on the server ! - i should use it to learn more about the server ! Said no hacker ever
@dannytutor6383 11 ай бұрын
I believe since you already discovered an LFI vulnerability you can upload a file that can allow you to run system commands or upload your deface page and rename it to index.html Without exploiting the OS.🤔
@thehackerish 11 ай бұрын
Uploading a file requires some kind of logs pollution I guess. But that's an interesting idea. I will use it in my upcoming video on another use case. Stay tuned
@septcoco 10 ай бұрын
Instructions unclear, I somehow hacked NASA's website and got life sentence.
@theorangeoof926 7 ай бұрын
*pastes flat earth conspiracy stuff for extra deviousness on april fools*
@papatumhare5947 5 ай бұрын
What i understand is this is not simple you have lots of knowledge and better understanding what are you doing with files and how you read error increadible salute sir❤
@rbt-0007 10 ай бұрын
Your strategies are quite insightful, no cap. I would always scan the ports first, and if it’s a website, I would do file/directory/subdomain enumeration immediately
@SnoppleWopple 10 ай бұрын
Schlawg said no cap 😭😭😭
@lukazashovski 10 ай бұрын
schlawg thinks hes the bill collector@@SnoppleWopple
@binglething 4 ай бұрын
Anyone in these replies like skibidi toilet
@RawCuriosity 9 ай бұрын
This was incredibly useful for studying for the Pentest+
@thehackerish 9 ай бұрын
Glad it was helpful!
@TypicalNerds 10 ай бұрын
If chromebooks weren't so largely restrictive, I would have absolutely taken this opportunity when I was in high-school as the chromebooks they provided were unstable, and unusable after they locked them down excessively. Unfortunately the only way around the issues was to bring in a personal laptop instead.
@stoneman210 3 ай бұрын
I just shimbooted mine lol
@sebastianramadan7863 11 ай бұрын
Each additional service increases the surface area, particularly if it leaks version info. There may also be version info in the HTML code. I think there's also a step where franks password may have worked on ftp, so maybe you got the directory structure without bruteforce...
@Scarletdevilish 8 ай бұрын
I know nothing about hacking but these videis are very interesting to me, you guys are very intelligent, my brain gets very confused watching it but It's still very fun to watch it 😂
@XdGoldenTigerYT 9 ай бұрын
Yeah, never used Apache. I use nginx, and have my websites in folders that are not in the nginx folder. I also dont use SSH or FTP servers. My nginx is running on Windows, so it is easy for me to access the files remotely without needing third party software. I used to create websites in PHP, But moved over to JS/TS frameworks like Angular and NextJS.
@webjohn 11 ай бұрын
I feel like that example just screamed "Set-up" on every detail. Putting the basic auth inside an html comment.. creating a "file uploader" and a "file api" with basic html/no css. I would love to see a more mature setup, for example a vServer with basic hardening with Laravel running. This site just looked like it was made as his first website ever.
@KennyWlr 11 ай бұрын
Yeah, it's just a regular rootme with cute hints like "I like PATTERNS" and whatnot and standard CTF set-ups. A lot of the steps of regular hacking are mostly the same - enumerating, checking for outdated versions, looking for suspicious comments someone left from development, open directory listings, backup files/version control files, any indications of security misconfigurations, etc. Things are just slower and less "convenient" in real pentests. It would definitely be fun to see real security audit videos, but they would be boring for a majority of the viewers on youtube since, let's face it, 95% of the paths we pursue in cybersecurity lead to dead-endst, and a lot of times the real-life vulnerability combinations are a lot more difficult to comprehend than simple CTF challenges like this. Dunno if there's a good channel that does actual cyber-security audits on youtube, there are definitely a lot of them that cover reported vulnerabilities. Reading disclosed hackerone vulnerabilities is one of the best fun to read sources, imho.
@kipchickensout 9 ай бұрын
It's so nice to watch, especially when I know most of the stuff you used or did, but would've never thought about using it :)
@user-fm7uq4fb3f 10 ай бұрын
You could've saved yourself a bit of brute forcing to find the upload dir by using the LFI to read the upload script. In general, I use any LFI I have to grab as much Backend code as I can to get a better understanding for what's happening behind the scenes, can highly recommend it
@thehackerish 10 ай бұрын
Definitely
@xt355 10 ай бұрын
can you explain how you would've done that? thanks a lot
@user-fm7uq4fb3f 10 ай бұрын
@@xt355 the LFI that was used to read /etc/passwd and the contents of some other files can also read and output the php files. You would just have to point it at those files and it spits the code with all the important info out
@marsovac 6 ай бұрын
You realize that he was not hacking a real website, but he made this one as a scenario for a youtube video? Frank with email as nobody and some stock text as data gives hints, also a pasword hash inside a a .bak file? What's the purpose of a hash of "frank!!!" when you cannot use it in any way when hashed. That part made no sense. Anyway if he did what you ask he would skip half of the video.
@xizt5973 11 ай бұрын
This reminds me of webservers security in 2006 🤣
@Marshall... 10 ай бұрын
00:14 🚀 The video aims to demonstrate how hackers find vulnerabilities in websites and exploit them. 00:40 🕸 Hackers generally start by using the website normally, exploring every link, page, and feature. 02:31 ⚠ Directory listing should be disabled to prevent unauthorized access to files. 03:42 🛠 The video covers brute-force attacks to find hidden folders and features. 06:27 🔍 Port scanning is another method used to find potential weak points in the server. 11:06 📂 The video demonstrates a Local File Inclusion (LFI) vulnerability. 14:48 🤦♂ Developers should not leave backup files or comments that reveal sensitive information. 17:20 📤 File upload features should be properly coded to prevent abuse. 22:06 🎯 Exploiting vulnerabilities can lead to remote code execution on the server. 24:06 🛡 Keeping server and software up-to-date is crucial for security. 25:38 😱 The video concludes by showing how easy it is to deface a website if vulnerabilities are not addressed.
@MarshyMcOfficial 3 ай бұрын
tip: if you're using a web hosting service, make a backup on there and a physical one. same for a server that you personally host
@rodricbr 9 ай бұрын
frank should reconsider learning the basics of web development
@COALROCK8642 10 ай бұрын
In first 5 mins is more like tinkering with stuff to realise this 'victim' did not forget to change passwords and search in documentation to, practice back-door access. I'm not in cyber much. But things are closed loop now and all you need to do is just disable back door access or someone is trying to penetrate you.
@thehackerish 10 ай бұрын
If by closed loop you mean logging and monitoring, I would say not many have implemented them. And some of those who did don't have detection rules in place, and some of those who have detections are just buried in false positives and don't act timely
@COALROCK8642 10 ай бұрын
I have my theory. There are 4 classes of defense and offense; Class D Defense and offense, more for end-non-educated users. Just have practises like passwords and disabling strange access. Class C, You know some coding or a brute force of 24hours is enough to crack. Or do hash-pass. Class B, Where I expect top professionals, Knowing internal compenents and only a internal memeber of code can save or attack. Class A, Impossible to hack and Top class defense. Penetrating a Class A setup only means onething, either your are internal memeber or you are the first suspects for breach in security@@thehackerish This classification is not on basis of deployment but on basis of process, actions, steps to perform. Know such classes will downsize your first suspects and candidates for testing with trust, or betrayal-detection to earliest.
@zeekjones1 9 ай бұрын
The best way to keep things secure is to have your password list and your user lists both offline, and split into separate file locations. If you only ever are going to need them very occasionally, the extra steps of having to reference both halves wouldn't be too bad. An extra step is having a list of fake data, that looks real, but is actually a cypher for the real data.
@studyaccount1234 2 ай бұрын
thank you so much your videos are so informative, i recently learned how to self host a website, and i didnt know we needed to disable directory listing...
@abdelrahman5094 11 ай бұрын
the goal of this video : never use php
@thehackerish 11 ай бұрын
Rather develop secure code
@hamadaelwarky3640 9 ай бұрын
@@thehackerishshould I use php? I am currently learning ut
@meltymooncakes 9 ай бұрын
so what you're telling me is i should always have an ftp server with just an image of a troll face in it
@vlogsprasenjit 11 ай бұрын
Thank you for this video! Loved it
@thehackerish 11 ай бұрын
Glad you enjoyed it! Share it in your network
@ytg6663 11 ай бұрын
Sir please start an manual exploit development series Based on Real world exploits Like EternalBlue, SMBGhost, Discovering bugs in new SAMBA//Apache versions
@JustAPersonWhoComments 10 ай бұрын
Plot twist: The developer watched this video and defaced their own website to test the hacker's skills
@m4rt_ 3 ай бұрын
My website has no vulnerabilities, it's just HTML and a little CSS. Though there may be some on the server side (the stuff hosting the HTML and CSS files), but I'm just using something similar to GitHub pages, so I don't really have to worry about that stuff.
@cyberdevil657 3 ай бұрын
Very underrated channel!! You got my sub
@Dokattak 11 ай бұрын
If I ever make a website, I will use this as a reference. I’ll also make unpredictable file names.
@Demopans5990 11 ай бұрын
Or use static pages with nothing fancy. As for other vectors, you could do something funny and assign SSH to port 1 or something
@Galactipod 10 ай бұрын
"I'll also make unpredictable file names." Obscurity is not security. It'll just take the hackers a couple more seconds to get to them.
@Dokattak 10 ай бұрын
@@Galactipod I never said it was security.
@PronunciationPam-ho3bu 10 ай бұрын
Name one "ijustthrew8saplingsintosulfuricacid.jpeg"
@furr63 10 ай бұрын
"Unpredictable file names" Paswood/Ass/basicbee
@TheCatstronaut 10 ай бұрын
as someone who lives in colorado, i can confirm that.. DO NOT TRUST THE WEATHER PREDICTIONS! colorado is cool until they say its winter tomorrow but then its actually summer
@kallbacks9677 Ай бұрын
As a beginner bug hunter this was very informative
@KoleckOLP 9 ай бұрын
how did you get into the shell of the server, you glossed over that, I assume you used the ssh, but where did you get the credentials for the ssh?
@thehackerish 9 ай бұрын
It's a reverse shell.
@37j. 9 ай бұрын
I have never seen anyone defacing a web page in details like this before .❤❤
@vagabund6778 4 ай бұрын
Most of these vulnerabilities are disabled by default in apache, like directory traversal and directory listing. Anyways good job
@Swampert_Tube 9 ай бұрын
Great video! I just graduated college with degree in cyber security recently and just found your channel. You gained a sub
@thehackerish 9 ай бұрын
Awesome! Thank you!
@maxhogan6504 3 ай бұрын
I just made a portfolio with this template and the thumbnail had be scared a second
@vinayakanramesh2552 Ай бұрын
"I don't want to be evil" , *hacks the website *
@justarandomcat7 11 ай бұрын
Beautiful walkthrough , just a question , why the server has executed phpinfo while the file extension was still jpeg and the content type was also image/jpeg ?
@thehackerish 11 ай бұрын
Great question, it's because I loaded the jpeg using the lfi, where the content type is text/html and the php code is evaluated
@justarandomcat7 11 ай бұрын
@@thehackerish That is amazing I didn't know about that , thank you so much for your reply and keep making awesome content 🥰
@smit359 Ай бұрын
This is it my college website is done now 💥
@MizManFryingP 3 ай бұрын
Question - why would a server not block you after being spammed with requests for all of these brute force attacks?
@letruxux 11 ай бұрын
I have little to no knowledge about this but I enjoyed this video! keep up
@thehackerish 11 ай бұрын
Glad you enjoyed it!
@tsumogi 10 ай бұрын
this is like cocomelon for pentesters
@Username8281 11 ай бұрын
Amazing video. Good stuff!
@thehackerish 11 ай бұрын
Much appreciated!
@cfwproductions 10 ай бұрын
As someone who does not have cybersecurity knowledge, what would the best forms of protecting your website be? Such as from brute force and by other means.
@thehackerish 10 ай бұрын
I would say apply recommendations of the owasp top 10. The golden rule would be to never trust user input
@cfwproductions 10 ай бұрын
@@thehackerish thank you! I am looking into it and will implement it!
@desmondevelops 7 ай бұрын
idk what youre doin but its entertaining
@nintendero65 10 ай бұрын
Im scared and im turning off my webserver asap!!
@questieee 9 ай бұрын
You can also deface any other website you want, you just need to own it
@explodinghammeronthe17thof36 9 ай бұрын
"You can rob any house you want, you just need to own it"
@mohmino4532 11 ай бұрын
it was amazing sir keep going ❤
@NicoPlyley 11 ай бұрын
Great video! But I'm wondering why not use the file return to return the upload.php file that the uploader was posting to and get the path that way?
@thehackerish 11 ай бұрын
That's a great idea indeed!
@HikaruAkitsuki 10 ай бұрын
So instead we publish website with standard naming convention on file system and routes in production, it is more secure to name files and folder with random ASCIIs maybe 256 long or more so that we can counter the exploits of the hacker tools?
@thehackerish 10 ай бұрын
Yeah, that would add some complexity for the hacker
@sarimbinwaseem 11 ай бұрын
24:15 What just happened here? How you gained access to the terminal of the server to run exploit?
@thehackerish 11 ай бұрын
You have a keen eye, I was waiting for someone to ask that. It's actually a reverse shell that I ran to get the remote prompt, then I downloaded the exploit from internet. +1 for your comment.
@sarimbinwaseem 11 ай бұрын
@@thehackerish Thanks for appreciating.. Really happy that you replied.. So do I have to watch video again for reverse shell or it's in another video of yours?
@abdessalam8468 11 ай бұрын
We missed you bro
@maxrandom569 9 ай бұрын
your could read the sshd config using the file reader exploit and gain the ssh password.
@dynamohack 11 ай бұрын
thanks to you now i can prevent attackers
@qaxiumite9193 9 ай бұрын
so what i've learned it naming your stuff the most atrocious, random stuff is actually a bit more secure
@thehackerish 9 ай бұрын
No, you should not rely on security by obscurity. Protect your paths with proper authorizations
@rpggames7314 8 ай бұрын
@@thehackerish ill do you one better doing both
@deveren 10 ай бұрын
Cool stuff dude
@thehackerish 10 ай бұрын
Thanks!
@GeneralPurposeVehicl 8 ай бұрын
In a few days I am anout to reactivate my server. The timing of finding this was perfect.
@JohnDoeSec 9 ай бұрын
Sheeesh, look at this guy go🥰
@RATUSUKUNA 4 ай бұрын
This is a wonderful way to learn how to be a pentester I just wanna know how you install the Ctf/Chainz I'm getting confused, if you could explain what and how to do these stuff more specifically I would really appreciate it.🙏🙌
@QWERTYQwertz852 10 ай бұрын
Really good Video and nice channel!
@EnifOfficial 11 ай бұрын
aight. this gotta go to watch later because i need to watch full verison of this when i got itme
@kosmisch1137 6 ай бұрын
Nice video! What tools are you using?
@KaizenGpo 4 ай бұрын
practically everything on linux if you watch you can see
@inqmusician2 5 ай бұрын
If I wanted to really ruin this website, I would try to gain access to SSH and delete every file on the front end. That's why version control is important. Also, the public keys are important too. But, for the root me problem, the defacement shown here is enough to demonstrate how websited can be defaced.
@user-ys6xt2zc6b 4 ай бұрын
i would steal everything , and nullroute their hosting by scanning
@Prashanth-fg5dc 10 ай бұрын
This is so nice that i immediately Subbed to you :)
@Elia33337 Ай бұрын
This video made me love ethical hacking and now i'm trying to learn it a bit more. Any tips?
@thehackerish Ай бұрын
Start with the basics, nowadays there are many online platforms that teach that. I also have a course on Udemy that walks you from 0
@user-gf3tb5qs6s 10 ай бұрын
One's real value first lies in to what degree and what sense he set himself.
@goobertnelius 11 күн бұрын
The issue is that they used php. Its even worse because they had their dev branch on their production server.
@no_1p 11 ай бұрын
Dude , you're amazing !!
@shukurulloxkomiljonov5423 11 ай бұрын
I watched your video. But i don't understand. How did you get access to server. You compiled something. It looks line base64 of something. But what was is that? I which software you used for repeating or bruteforce requests. I am not negative just interesting.
@thehackerish 11 ай бұрын
You're right, it was a bit rushed. I downloaded an exploit from the internet. And for the tool, it's called burpsuite
@shukurulloxkomiljonov5423 11 ай бұрын
@@thehackerish Ok. What actually did this exploit. I thing so this exploit allows to be root user without password. If it's true can we use this for any linux distro or other ubuntu version. Sorry for bad english. Thanks for software.
@varmony6984 11 ай бұрын
That was just insane !
@Will-uv9kx 2 ай бұрын
I used to do this for fun as a kid, sql injections were fun back then, also cms privilege escalation
@user-gv1qf5kf5i 9 ай бұрын
thanks for teaching me how to deface a website
@fredianriko5648 10 ай бұрын
Great video, could you please make a video on hacking a website with latest stack? Such as the app using react js and deployed on google kubernetes engine? Or just maybe a google compute engine (vm)
@thehackerish 10 ай бұрын
I will see what I can find
@fredianriko5648 10 ай бұрын
@@thehackerish cool, thank you sir
@flooooooooooooooooo 10 ай бұрын
That was so awesome i am going to try some of these recipes on my RESTful API
@thehackerish 10 ай бұрын
Have fun!
@mofassil_noor_alif 10 ай бұрын
Wow !!! What is this video !! What have i found ! I have to thank the shitty algorithm of KZbin this time ❤️ Keep going bro ❤️ you'll shine like the brightest star ❤️
@thehackerish 10 ай бұрын
Thanks for the warm feedback 😀
@genericplayr 11 ай бұрын
Wow! SUPER LE CONTENU
@thehackerish 11 ай бұрын
Merci bien, partage mon ami
@Tchatarero36 11 ай бұрын
Great Content ...
@RawShogun 6 ай бұрын
As someone who doesn’t know sh*t about cybersecurity this was fascinating! Edit: I got into a companies admin dashboard; which contained the link to their code in Git hub. What now?
@C0MNG-S00N 7 ай бұрын
Some of that webpage was in HTML3, as the tag was used: and that sites files were REALLY insecure
@parkerzanta 9 ай бұрын
I really liked this video!
@VaibhavShewale 8 ай бұрын
i always change the default path
thehackerish
Рет қаралды 242 М.
Family Games Media
Рет қаралды 29 МЛН
hackwithjay
Рет қаралды 2,2 М.
Coding with Lewis
Рет қаралды 2,3 МЛН