do not open this excel sheet!

Подписаться 1,1 млн

Просмотров 126 тыс.

50% 1

// Membership //
Want to learn all about cyber-security and become an ethical hacker? Join this channel now to gain access into exclusive ethical hacking videos by clicking this link: / @loiliangyang
// Courses //
Full Ethical Hacking Course: www.udemy.com/...
Full Web Ethical Hacking Course: www.udemy.com/...
Full Mobile Hacking Course: www.udemy.com/...
// Books //
Kali Linux Hacking: amzn.to/3IUXaJv
Linux Basics for Hackers: amzn.to/3EzRPV6
The Ultimate Kali Linux Book: amzn.to/3m7cutD
// Social Links //
Website: www.loiliangya...
Facebook: / loiliangyang
Instagram: / loiliangyang
LinkedIn: / loiliangyang
// Disclaimer //
Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing so that we can protect ourselves against the real hackers.

Наука

Опубликовано:

5 сен 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 397

@quinton1661 3 года назад

Excel: "Hey I'm gonna go ahead and offer up PowerShell over the internet." Windows: "k"

@nullvoidpointer 3 года назад

User: compiles hello world program Windows: panic! corupt all files!!

@lambdaman3228 3 года назад

@@nullvoidpointer That doesn't happen though.

@vdofficialchannel9841 2 года назад

@@lambdaman3228 hmm

@tatanexonevmax4050 3 года назад

I never want you to stop this channel till ur there on planet Earth....it's such a beautiful explanation ...👍

@JTKroll12 3 года назад

where is he now?

@5entience626 3 года назад

@@JTKroll12 mars obviously

@cronojob8502 3 года назад

Yes please

@tlouik 3 года назад

0:28 "If you send it to me, I will hack you back-" "GAME OVER FOR YOU" 😨😨😨😨😱😱😱

@MarcosVinicius-vj5mt 3 года назад

*pulls out the internet cable* Me: "Where's ur god now?"

@Nico-mi2pr 3 года назад

@@MarcosVinicius-vj5mt modern problems require modern solutions

@jenycek2222 3 года назад

@@MarcosVinicius-vj5mt what about my WiFi reciever? Do I need a hammer or something?

@superslimanoniem4712 3 года назад

@@jenycek2222 I think just unplugging your router should be good enough. Can't guarantee anything though!

@iprole7810 3 года назад

@@superslimanoniem4712 he can prob hack air space and send packets via air molecules. there is no hiding.

@donaldlove4039 3 года назад

3:57 it's frightening but it's beautiful at the same time

@ronitmishra8917 3 года назад

Thanks mate for the awesome tutorial. I've been playing around with this framework for quite some hours now.. Here are my notes and observations after the exercise.. > The excel workbooks have by default disabled all macros with a notification. It can be turned off using the trust security settings to experiment with the exploit. But I was happy to see Windows Excel taking care of this. > I tried to send the sheet with the macro embedded using Gmail, and they knew it was a virus and didn't allow me to send the mail with the attachment. I guess +5 points to them.. > I'm still trying to convert this VBA to an equivalent JS, so I can test it on Google Sheets and maybe other spreadsheet software as well. No luck so far. Again, thanks for the tutorial mate. Keep 'em coming..

@DigitalicaEG 3 года назад

You forgot to mention that by default excel gives you a zillion warning about running macros from excel files

@ryszardgromek7913 3 года назад

I also thought that it might be a problem when sending a random excel sheet. It has to be something useful to the hacked person.

@istefan1584 2 года назад

What if you obfuscate the code, will it trigger it,

@vinothn4228 3 года назад

Pls continue with full enthusiasm 🔥

@MF-sy7zq 3 года назад

I'm enjoying your sense of humor

@sjoervanderploeg4340 3 года назад

The scripting scene has evolved a lot :)

@kaewjirawat4495 3 года назад

You are the best cyber security on youtube sir ♥️

@Guppy9101 3 года назад

Great Demonstration.... Thancks

@TheNameIsForty 3 года назад

Blast from the past, I remember when excel macro scripts actually was an issue. Macros are usually disabled by default, and you would have to view the macros before enabling them. Macros are clearly turned on by default here, for demonstration purposes. However nobody should be concerned with this, just don't enable macros on a document you do not trust.

@hetayy 3 года назад

"Don't try to hack me either. If you send it to me I'll try to hack you back, and if I hack you back that's it -it's game over for you. Just kidding" Just kidding he says... We know he ain't kidding though

@AIVisionaryLab 3 года назад

😂😂😂😂😂😂

@programmingmindset 2 года назад

he is world class. that's why he is not kidding at all 😂😂😂😂😂😂

@yesno6042 3 года назад

It doesn't work Windows defender doesn't let you at all to save it from excel as xlsm. It can't be used except if the person blocks windows defender which never happens.

@nortonofnorthamerica 3 года назад

If it worked it would be taken off of RU-vid. But it gets you close enough you might be able to figure out how to slip it past the fire wall ( metaterpreter ? ) I haven’t tried it

@yesno6042 3 года назад

@@nortonofnorthamerica Good point but reaching that level will take some more time for me

@n.s.2181 3 года назад

Hello why it says permission denied?

@nortonofnorthamerica 3 года назад

@@n.s.2181 also nobody who knows anything will help you because they don't know what you will do with it so you have to Google every error code you get , at least at first

@salemmusbah3676 3 года назад

May you tell us how to buypass AV ? Or how to decrept word or excel sheet to ovoid AV restrict ...thanks again for your vedio

@ciberiada01 3 года назад

Yes, I'm waiting for this video too. 😁

@sammyhaguma8334 3 года назад

Obfuscation

@shrimannarayan6494 3 года назад

I don't understand why people are not watching this Chanel

@mamadoumalalbalde8590 3 года назад

Thanks again my teacher 🙏🏿

@aniammaabraham2150 3 года назад

Sir tell us how to brute force into the router and cctvs on the network

@lolyou5645 3 года назад

it doesnt work on excel 2019 or these new verions but i guess it might be affective on office 2007 and 10 idk

@ciberiada01 3 года назад

Since MS Office 2003 the "Macro security" default level is set to "High", which means that no macro will be able to run, unless explicitly allowed by user. 😕 This guy should have known that.

@alfatech8604 3 года назад

for further access use exploit suggester

@alvinxyz7419 3 года назад

Isn't excel / word with macro has warning before the macro run

@Alticroo 3 года назад

yeah but most people will still run it.

@13D00_ 3 года назад

@@Alticroo most people will be like "Oh cool, sounds fancy!"

@XoLucyna 3 года назад

90% of the people clicks allow, cause they don't have proper info about macro codings and stuff. and even if they do unless ur a cyber security studnet or someone who codes you won't think of why would someone try and hack me and just click allow.

@vinothn4228 3 года назад

Pls tell me , poetry not found problem 😥

@jasondanielraj6711 3 года назад

Update ur linux

@AndroidTechnologie 3 года назад

Nice work and nice démonstration

@JonnyClark 3 года назад

Would you be able to show the option to do it over the internet through ngrok servers? or perhaps a quick brief explanation on roughly how to do it in the comments?

@medel4174 3 года назад

0:53 thank you for showing me how to open firefox!

@piplip69 3 года назад

Teacher once again share amazing video with us...

@MeloneXT-mh6vg 3 года назад

Love your videos But one question. What can u do now in there pc with this tool ist therecoming another tutorial

@saftraders2010 3 года назад

Nice to watch... I want to start my carrier on ethical hacking, but don’t know where to start? Please advise if you can

@XoLucyna 3 года назад

learn programming some of the hacking languages Python,Ruby, Java,C,C++ learn to use cyber tools like nmap, wireshark, metaspolit. and go on... There is no great way to start hacking or where you need to start, in technology theres nothing like pre-school. You start and so on you keep learning.

@mfarokh27 3 года назад

What's the counter measure? Disable the macro execution in excel?

@lout9231 3 года назад

Gutted I’ve only just discovered your channel but set to heavily binge all your content man great stuff.

@sed4454 3 года назад

if ipv6 is similar to ipv4 then it is possible to create a backdoor using ipv6? sorry if the question is dumb or my understanding of IP addresses if not correct

@Firestar-rm8df 3 года назад

It depends

@Sidibabe_HEIBE 3 года назад

I like your tutorials sir. Thank you for the free content

@17_faraazkurawle55 3 года назад

Glad I found your channel

@ZeroToHeroTech 3 года назад

Thank you for your demonstration...but I have a question,do you think that will work if the user is using anti virus or firewall?

@ciberiada01 3 года назад

Hmmmm 👍 Good question, but I guess probably not on Windows 10, because the user will have to explicitly allow PowerShell run (if it's its first time), and firewall exception. But that's not the most important. For me this can never work with MS Office, because, let's not forget that the "Macro security" level there *is set by default to high* (unless you've explicitly set it otherwise), which means that this evil macro will never run.

@TWFSHOW 3 года назад

Love ur videos Loi .... Pls make series on how to make scripts for hacking 👍👍👍👍👍

@AnarKiss684 3 года назад

If you apache2 is not active use: sudo service apache2 start

@JimmyS2 3 года назад

Really some amazing content, been following up and subscribed, it's helping me a lot in my career. Thanks

@rodelfernandez 3 года назад

Nice presentation sir If I want to become a ethical hacker were should I start?

@jesperjensen293 3 года назад

so what happens if the vicims pc is behind a router, dont you need a local port forward to port 8888 or hacker server?

@intox4953 3 года назад

for an inbound request (inbound to victim computer) you would need to port forward, but this is outbound to hack server to create connection

@kaiblaze1854 3 года назад

Love ur work, u r not like people who teach stupid tricks and call it hacking.

@sooocheesy 3 года назад

this video was the definition of teaching stupid tricks and calling it hacking 👌

@sreerajr192 3 года назад

Today i bought course at udemy . That's vide arranging sequence is perfectly catching the content

@sniperboomshot1462 3 года назад

I like your Vedio because it Very important and interesting

@charlieisro8757 3 года назад

நிறைய விஷயங்களை படிக்கும் நான் ஆசைப்படறேன் தெளிவடைய முடியாமல் நினைக்கிறேன்

@animaluchisommicheal7622 3 года назад

What are some of the best cyber security text books you'd recommend I start with? Your reply would be greatly appreciated.

@cyberthunder1012 3 года назад

you are the best hacking teacher in my eyes

@MrZorro1312 3 года назад

This is a great video, but it can only entertain the audience and does not have any practical use. By default Windows 10 has antivirus application preinstalled called Windows Defender. In case this macro is configured to auto execute Windows Defender will automatically delete the file without giving you the chance to click it. In case the macro is not configured to auto execute once you try to run the macro the Windows Defender will disable it automatically. There is no way to run this on Windows 10 machine. You need to disable the Windows Defender first. The only chance is to find Windows 7 machine without antivirus installed which would be very hard.

@magificul 3 года назад

It is very easy to make an empire stager bypass Windows Defender. I can spawn a empire agent from a word document on a system that is up to date and running windows defender without it even knowing

@mustvibes907 3 года назад

Is it detectable on windows antiviruses?

@Luke-ut4er 3 года назад

Also wondering this

@peterbertalan1684 3 года назад

If u have Office but Macros not enabled , you can't even use this .

@IbrahimAli-wd 3 года назад

I love u boss. I never seen this kind of tutorial 😍😍😍

@WSH3TM 3 года назад

This is the most ethical thing ive ever seen

@Ryzler13 3 года назад

"We're in, everyone take notes" "He's watching Dank Memes. Great."

@alfatech8604 3 года назад

hello great content was windows defender on

@prohackergamingyt1661 3 года назад

You are the best brother!! I LOVE YOU my bro pla make a full video on meterpreter on windows and android with example

@XoLucyna 3 года назад

No, he already made alot of andoid videos.

@ozairakhtarcom 3 года назад

Seems amazing. Just a question, can we use Kali Linux using USB Drive? as my Laptop has default Windows on which I do my usual work :)

@hannahbrooks3566 3 года назад

Using Kali Linux via USB or virtual machine is far better than using it on bare metal, it's always good practice to not use your actual bare-metal system when hacking. Plus, Kali Linux isn't really designed for use as a daily OS. So yes, live boot USB or installing a VM is the way to go.

@ozairakhtarcom 3 года назад

@@hannahbrooks3566 Thanks Hannah :)

@Green_shorts1234 3 года назад

Employees : Now we can send the payroll sheets to our boss :)

@aminvogue 3 года назад

Good for demo........... But nowadays EPM/EDR systems or email scanners do catch these fairly easily. Isnt it

@philcasedy1978 3 года назад

Hey Loi Loved your video on empire ,can u reupload a video for production environment using ngrok on WAN, will be much helpfull

@mikeyyt737 3 года назад

Any video title with “ do not” just won my view count 😂

@etoiledemer9643 3 года назад

The hacker kept telling me that he is the best and wont be caught. He acted like he was a police officer. can an ethical hacker do that?

@GautamKumar-zu3lu 3 года назад

lol, why would an ethical hacker talk about getting caught??. Ethical hackers never do harm to society.

@Lilobababoi8294 3 года назад

oke,(GAME OVER)for me again hahahaha

@juneilquilana5159 3 года назад

Your the best cyber warrior man👍

@gamerthelinkon7763 3 года назад

Big fan sir

@sadiqsalah6092 3 года назад

Educational. I want to hack scammers.

@GautamKumar-zu3lu 3 года назад

Mr. Yang, if possible please make a video on hacking android on a different network.

@deltadoobyd1621 3 года назад

Have fun trying to do that to an Open Office system.

@rifatneily 3 года назад

Sir I love your videos 😎⚡ it's very serious hacking related. Thanks sir I hope we can learn lot's of things by you 😊🙌

@NGLVAJIRAVIRAJ 3 года назад

Nice tutorial , is there a way to see if Im already being hacked like this?

@RealNovgorod 3 года назад

If you actually have to ask this, then you probably are.

@XoLucyna 3 года назад

deep scan

@padiengel 3 года назад

Ok great. How does it look in the infected machine. I'm new to your channel. Do you also talk about the ways to protect against this? I guess that my Office suite usually warns me about excel files not created on my PC that come with macros. Or at least the file extension tells me, that there are macros in there. And once you got the infection: what are the remenants of the attack? at what level does it get executed? where are the files and the start instructions? (Edit: spelling)

@superslimanoniem4712 3 года назад

One thing: the secure thing where you have to click on edit will block macros

@maserekaraymondmuyira4034 Год назад

Thanks mr loi you are so blesd....

@elviraarriaga1424 3 года назад

Hi Loi thank you for your Great Helpful Videos

@user-yr3kh9ds2x 3 года назад

it says command poetry not found,why?

@tsukiiiiiii 3 года назад

Have you install it?

@tattikhatti7917 3 года назад

Sir you started apache on kali ,but how you were able to access that file in host os windows

@gameglitcher 3 года назад

"To fully exploit someone just download this and *run this* then copy this ...." Yep, that's the perfect explanation of how to hack someone ;D I am happy to see what you are doing for the community. Not sarcasm.

@JunLYeap 3 года назад

thanks for sharing sir

@JerryThings 3 года назад

In case your machine gets infected with this, how do you get rid of it? My RE skills aren't good enough to understand it.

@mhasisetuobelho2086 3 года назад

Does antivirus detect this ... Thanks great video 😁😀😁

@viv_2489 3 года назад

Yes i think, i have McAfee which blocks connections but please note that this is on attacker machine :), this works only after disabling antivirus

@gaaty1954 3 года назад

How to determine if the excel sheet is safe or not to open?

@ciberiada01 3 года назад

You don't have to worry. MS Office already solved this by increasing the "Macro security" level to "High". So this guy's macro will never run anyway. 😕

@sniperboomshot1462 3 года назад

How can I return the Facebook account was hacked

@deprived55 3 года назад

Help, I accidentally hacked myself, how can I undo it?

@z2.060 3 года назад

does it work with apple devices, iphones ?

@etoiledemer9643 3 года назад

what can i do if my new iphone12 has been hacked? probably through the sim, and when i update my operating system.

@zuberkariye2299 3 года назад

Is not easy to have Apple products specially this latest iPhones

@jeanbrown5900 3 года назад

want to series video of privilege escalation. plz plz

@dabrad7828 3 года назад

This is actually pretty terrifying.

@NizamuddinMohamed 3 года назад

Game Over ! 😉 Thanks for the informative videos. ❤️

@blase6330 3 года назад

what about if the guy deletes the excel file.. would there be still connection to the target machine?

@MT-rp8im 3 года назад

If the victim simply closes the excel file and deletes it - most likely the connection will still be active, I assume the macro code spawns a new process which is connected back to the attacker. As a victim the best course of action would be to disconnect your computer from the internet and properly identify what the code has done.

@XoLucyna 3 года назад

Yes the macro creates a new instance into the system that stays forever. it won't require the sheet anymore. even if you disconnect you cannot check what happpened to your system. nor search for the virus instance. its hidden inside 1 million+ system files with registry keys and everything. you can't go through 1 million files . just use firewall to block the connection or scan ur network to find outgoing/incoming packets. and deep scan ur system using an AV

@blase6330 3 года назад

@@XoLucyna thanks for your answer but what about if i reboot my system? again the same situation? i suppose as it writes in registry the connection can be still possible.

@blase6330 3 года назад

@@MT-rp8im thanks for your answer

@jonathanfeika83 3 года назад

At the upper left corner I see this things: File actions edit view. So which app I must go to

@jonathanfeika83 3 года назад

Which app is this guy use to start hacking?

@muhammadjunaid7420 3 года назад

very nice work kindly tell that how to bypass firewall or firewall not detected virus

@jerson6130 3 года назад

The lesson here is not to trust any good-looking, innocent documents that we downloaded. But how to identify if the excel has macro encoded?

@jerson6130 3 года назад

By the way, I'm glad I found your channel :-)

@GokulRaj-iz3by 3 года назад

Hi sir, can you please explain to how to do integrated selenium with zap proxy

@jameskarlsilpao9307 3 года назад

couldnt find project.toml

@RajeshMudi 2 года назад

Same problem

@kaitoarief 3 года назад

its bothering me that you talk to a wall/monitor and not us (camera)

@mikevinitsky8506 3 года назад

which is the correct url to download empire framework. There are several

@neel6617 3 года назад

Do the latest

@XoLucyna 3 года назад

download from BC-Security github

@Samystick 3 года назад

Thank you for being the best ❤

@donaldlove4039 3 года назад

"If you hack me I'll hack U back, game over" LOL

@ablenet 3 года назад

Can AV endpoint able to detect the malicious file?

@shivaganesh8342 3 года назад

Will firewall block this???

@ahtishamkhan3196 3 года назад

Sir Couod you please recommend me how to start my hacking career.. A perfect tree map to cover things

@DineshKumar-vo2ws 3 года назад

Hai guys, why am I unable to open the file as mousepad as in 6:13. It shows Mousepad-CRITICAL **: 12:44:34.439: Failed to initialize xfconf: Failed to execute child process “dbus-launch” (No such file or directory)

@TomDUBZ 3 года назад

It seems like mousepad wasn’t made/installed on your OS correctly. Should all work the same with many other text editors preinstalled on your system though. I personally prefer vim text editor

@olzenkhaw 3 года назад

Excel default setting does not enable macro. Only the one who always use macro will enable macro by default. So this excel sheet does not really work.

@XoLucyna 3 года назад

it does, 90% of people enable and click allow macros. cause they don't know what it can do