Hacked and Backdoored this website in MINUTES! NEVER try this on unauthorized targets!

Подписаться 47 тыс.

Просмотров 244 тыс.

50% 1

#pentesting #ctf #hacking #cybersecurity
DISCLAIMER: The techniques shown here should strictly be used on targets you HAVE permission to test. NEVER hack something you don't have permission to.
In this video, I demonstrate how I hacked a CTF target, got root, and backdoored it in just minutes. You will learn many hacking techniques along the way! Challenge from @indishell1046
🔥Use Coupon THEHACKERISH and Get 5% discount on CRTP and other courses on www.alteredsec... when you pay with Stripe.
🚀 🔥 Become a pentester
academy.thehac...
📙 Learn the technical skills:
thehackerish.c...
📙 Become a successful bug bounty hunter: thehackerish.c...
🆓 Download your FREE Web hacking LAB and starting hacking NOW: thehackerish.c...
🌐 Read more on the blog: thehackerish.com
🇩 Discord: / discord
💪🏻 Support this work: thehackerish.c...
- Facebook Page: / thehackerish
- Follow us on Twitter: / thehackerish
- Listen on Anchor: anchor.fm/theh...
- Listen on Spotify: open.spotify.c...
- Listen on Google Podcasts: podcasts.googl...

Опубликовано:

28 сен 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 286

@adeelahmed1826 Год назад

As a web developer this felt like a horror movie. Would love to see a video hacking a PHP Laravel website. Subscribed

@thehackerish Год назад

Cool! I'll see what I can do

@RobluxDev Год назад

same lol

@RobluxDev Год назад

this is the definition of a horror movie to a web dev

@tsogangmosweswe6545 Год назад

I'm out here sweating too😅😅 New subscriber gained

@BlueJDev Год назад

Could be wrong but I believe laravel, *when properly installed*, is more secure than Drupal. Just my opinion of course and nothing is ever truly secure. I've seen plenty of people installing laravel the wrong way with env public and accessible or all files in www folder etc etc. Still would love to see where the more advanced vulnerabilities are... Of course if the video is simply "look a freely accessible env file", I will be truly disappointed teehee

@Licardo7 Год назад

Came for the back door, stayed for the plot

@user-vk2cd9qw7i Год назад

Sure you didn’t come in the back door?

@demyk214 Год назад

@@user-vk2cd9qw7i🤡

@cken27 Год назад

First time seeing hacking attempts like this. Amazing content!

@steelko665 Год назад

Learned a whole lot just by watching the video. Currently a second-year cybersecurity student, this is very helpful. Thank you!

@traumaloop Год назад

i really understand maybe 5% of what's being said but i can certainly tell that that website got completely folded

@deedikjepijn Год назад

This is crazy, thanks for the reminder to care about security before its too late

@AbDevSec Год назад

I was just about to switch from web developpement to cyber security cause I felt I had learned a lot from web developpement, and I've always loved hacking and backdooring. I found this video and your way of explaining stuff is so good and creative I've learned a lot from one video. guess I'm watching all of them now!

@thehackerish Год назад

Enjoy! I am glad you found what you were looking for :)

@Emmanuel-is7gm Год назад

great walkthrough video, very informational.

@tacokoneko Год назад

This Is very awesome but I do think the CTF containing a setuid binary that popens scp is incredibly unrealistically insecure but we can see that it is just placed there to provide an easy privilege escalation after you do the actually realistic part which is the remote code execution exploit

@Log4Jake Год назад

You could also create a .htaccess file that interprets txt as php then you could upload a php shell.

@extrempty Год назад

are you a hacker

@aseel8158 Год назад

are you learning from port swigger by any chance? if not please advice me im new to this, i started learning and reading like 2 weeks ago

@imdanielmartinez Год назад

hey, easy satan.

@furti Год назад

The One Piece images caught my attention but didn't expect to be this interested in the video! Great one

@thehackerish Год назад

Glad you enjoyed it!

@youssefsabri8051 Год назад

Got this vid in my recommendations actual good content thx youtube

@StanleySathler Год назад

Great content, dude! Awesome! A few Q's I had while watching, would love to clarify: 1. Why didn't you need to point nmapq to your root-me URL? 2. Why doing `cat /etc/passwd` didn't include the whole file, assuming the command does it - did the Web App truncate it? 3. Why playing with `head -n :line` would be very lame? Any technical reason, or just 'cause it was too difficult to read in general? 4. What is the `/opt/s` and what it does?

@thehackerish Год назад

Wow, I love your questions. 1. my alias already included the url, with a placeholder for the room number I played in. 2. the app returns the first line only 3. With head, I need to use it as many as the lines of the file. Takes time. 4. /opt/s is the vulnerable executable we're trying to exploit for root access

@redlionstudio2750 Год назад

wow, that was really interesting, I haven't been that interested in the last 6 months or smth!

@FVT-tn8ji Год назад

This is such an awesome video! I didn't understand everything you did but I still learned a lot, thank you, I would love to see more of this type of videos!!!

@thehackerish Год назад

Awesome! Thank you! I will post new ones, but similar videos are ready for you in the same playlist "penetration testing"

@X3ro1-01 Год назад

duuuuuude i am a full stack dev ( just started ) and i HAVE to learn these things.

@thehackerish Год назад

Go for it! I have so many techniques with hands-on examples in this channel, go watch the pentesting playlist

@Dasher_The_Viral Год назад

I am right on the border of "I have no idea what he's doing" and "Oh, I kinda understand what they're doing here." Me knowing very little about coding makes this very intriguing for me!

@lightyagami3492 Год назад

Same. I noticed at the end that outright deleting log files is not a good idea though. The lack of those files will cause suspicion and cause further investigation.

@Dasher_The_Viral Год назад

Yeah, it might be better to just replace any of the traces you had left behind with something else that wouldn't look suspicious.@@lightyagami3492

@justarandomcat7 Год назад

I really enjoy watching your hacking videos , keep up the good work!

@thehackerish Год назад

Thanks! Enjoy

@spacex6997 Год назад

Bro is going to be hired by the FBI

@wave707 Год назад

This is the first of your videos I have watched and Im definitely hooked! Id love to learn more from ur channel :)

@thehackerish Год назад

Thanks for the kind words

@byk1lla Год назад

Hey man nice content i subscribed!

@thehackerish Год назад

Welcome to the family! Lots of similar content already in the pentesting playlist, let me know what you think of them!

@anotherarush Год назад

I loved the stuff you did after root. One thing though, to finish up your clean up and stealthy approach, you would want to delete some of your bash history surely?

@thehackerish Год назад

yeah, I should have set HISTSIZE and HISTFILESIZE :)

@skuge- Год назад

@@thehackerish What about auth log for ssh connection? Or some "afterscript" which will delete trace of your ssh access after you'll log out?

@thehackerish Год назад

@@skuge- You are the man! Good point

@troughy3288 Год назад

Thank you so much for this video! Learnt a lot.

@eitanbirman1195 Год назад

Awesome video!! i was really invested in the story

@Log4Jake Год назад

You could use a php shell. Or some type of reverse shell.

@ilaik Год назад

Very cool! I want to start learning hacking etc. My qiestion is what did you try to achive by uploading the php file as the picture? What could it have done? Thanks

@thehackerish Год назад

If I could upload arbitrary files, like PHP, I could have taken control on the server by running arbitrary commands (Remote Code Execution), Here is a concrete example from on of my previous videos: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-P44imvLQ6cA.html

@ilaik Год назад

@@thehackerish thanks! So when you open that file it runs the code and you just made a php file that takes the arg x as a command to run on the server? Also dont most server block access to files via the url?

@thehackerish Год назад

That's right, and no they don't block it from url because that's how php app works, unless you use routes, frameworks like laravel use them and so you can't directly access the php files

@piti6343 15 дней назад

as I'm a noob in this world, I understand that you somehow you used the vulnerability of the druple version to send a txt file that you used to read the server,but it seems so confusing the fact you see the vulnerability of each element of a page, I like it but I don't think I will be able to this even in 10 years from now on

@tecfan-ix2tj Год назад

i love the way you went about this, earned a sub

@thehackerish Год назад

Thank you! Are you a developer?

@yipyiphooray339 Год назад

This looks so cool but half the video in and I'm super confused 😂, any resources I can use as a pre requisite before watching ur vids?

@thehackerish Год назад

Yeah sure, head over to my playlist about web hacking, it takes your by hand from the start. Also check out Academy.thehackerish.com

@yipyiphooray339 Год назад

@@thehackerish thanks!!

@raven-vr5yz Год назад

extremely underrated, such a goat

@thehackerish Год назад

Share the love!

@litemint09 Год назад

awesome stuffs, i learned alot, new subbed🎉

@thehackerish Год назад

Welcome to the club! Many similar videos on the pentesting playlist are available

@bourne_ Год назад

3:21 I'd check if & char works since the whole phrase went into URL. I'm a newbie tho so idk if it would be even helping in this case, it's just I happen to see the pattern. Great channel and even better content!

@thehackerish Год назад

Hmm...interesting, but the & would add a new parameter

@deadspeak5880 Год назад

Whoosh!!!! Right over my head

@prathvirajb1052 Год назад

Now make a video on how to avoid this exploit🔥

@AngryWoodenFork Год назад

An update is a great start but honestly I wouldn't use Drupal or wordpress to host anything.

@bariscodefx Год назад

This video shows you to must use latest versions of softwares :)

@thehackerish Год назад

@@bariscodefx Indeed!

@Loop234 Год назад

it looks so complicated, but i'm guessing with a ton of experience you can do this casually. Might seem stupid, but what language is this?

@thehackerish Год назад

The app is developed in a PHP framework, and the OS commands are just bash

@TheChemicalWorkshop Год назад

good job

@mdimransarkar1103 Год назад

Thank God I learned Linux.

@AdrianGoG Год назад

What is the name of the tool "request-response terminal"?

@thehackerish Год назад

Burpsuite, there is also zap proxy. They are web proxies to play with the http requests

@arcade7651 Год назад

I liked the video alot. What was the nmapq without the alias?

@thehackerish Год назад

Glad you asked. Here it is: nmap --top-ports 200 ctf"$1".root-me.org -Pn -v --open -sV 2>/dev/null. I hacked many challenges on root-me, hence the target hostname

@rhettpete 11 месяцев назад

Wow. Wish I had seen you earlier

@shko0o0 Год назад

Great video! Next time maybe even altering the History of Linux machine would be perfect 😁

@thehackerish Год назад

Next time!

@mrloyalty4261 Год назад

I'm from portugal, i don't understan a shit, but i stay the all time ahahahha i'm stuck on your videos

@thehackerish Год назад

Much appreciated!

@joshuapacheco2898 Год назад

New sub 😊

@thehackerish Год назад

Welcome on board!

@AbelMasanja-w5q 11 дней назад

good

@Pranshul2002 Год назад

I did not know this genre of content existed. I guess I know what to do on the weekend😂

@thehackerish Год назад

Enjoy and have a great weekend 😀

@zix655 Год назад

I got a reverse shell using python.

@thehackerish Год назад

Cool! Good job!

@txic.4818 Год назад

thats what i first thought to do

@GoobNoob Год назад

96k views 11 days ago

@takbyoaf Год назад

2 hard 4 me😮

@dominicskywalker Год назад

this is why you update your 💩

@Cuwubiq Год назад

thank god im on firebase :D

@konstantinbecker6757 Год назад

We all know that's because of the droopal exploit 😂 there's no way tomcat would have anything except default passwords

@Dahlah.FightMe Год назад

Nice :D. New Subs in 16,1k by ME :D

@bronxandbrenx Год назад

💕

@topec1263 Год назад

nerd

@thehackerish Год назад

🤓

@imdanielmartinez Год назад

When the video gets to the point of ~/.ssh access i know this was over

@thehackerish Год назад

You'd be surprised how some linux boxes are hardened against privesc, but 50% is already done with a shell 🐚

@rogo7330 Год назад

Instead of rm access.log files I think it's better to copy everything before your activity in another file and then rewrite original with that copy. Or just truncate it to zero if you don't care too much.

@lightyagami3492 Год назад

That's what I thought to. Just nuking the logs is proof in and of itself of a hack. From my genealogy experience we call it negative evidence.

@adeelahmed1826 Год назад

As a web developer this felt like a horror movie. Would love to see a video hacking a PHP Laravel website. Subscribed

@sooivervloessem6246 Год назад

This is insane! As a second year Cybersecurity student, my mind is blown by the way of thinking. I often find it hard to not have a tunnel vision when searching for exploits. I'm really wondering, how did you learn all this stuff?

@thehackerish Год назад

At first I did not know about anything, but with time and experience I developed my skills. I vividly remember my first app I hacked! I was hooked, and I'm still learning to this day

@vneem3758 Год назад

@@thehackerish could you name some resources you found helpful along the way to learn

@thehackerish Год назад

@@vneem3758 I have shared videos about this yes, watch this one for instance ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-qanMMA5fPlY.html, you can also watch my web hacking playlist which is a step-by-step course for web hacking

@elexbeats Год назад

@@thehackerishthe first thing I hacked was when I was 15 and changed the index.html to read PWNED !! via a web shell. I was so damn happy but I quit hacking to focus on other things. Today I feel guilty for not following the path to become a cybersecurity expert. If only did I knew how much money cybersecurity researchers would have been making.

@surplus2720 Год назад

Experience whit huge amount of repetition a sprinke of writeDown-em-all and googling skill ..... p.s. if u start doing 2-3 times the same box u are on the right way p.p.s it can be frustrating a lot , specially pen-testing /red-teaming it's one of those things that u love or hate

@dertiedemann718 Год назад

dont forget to clear the authorized_keys file and history file for the root user :3

@ogwezhiangela8107 Год назад

Hi,how can I message you? I need help

@neenus Год назад

Watching you go through the process was a rollercoaster I was so into the video when you were able to ssh I shouted YESSSS!!! I love what you do man it's awesome

@thehackerish Год назад

Well that's a comment that made my day! Thanks a lot for watching

@notsparktion Год назад

Wow... This is so cool! I've been thinking about entering the Cyber Security field for a while! As a student, this is really intriging to me! Thank you!

@thehackerish Год назад

I decided 10 years ago and I am not disappointed, apart from sitting on desk for hours ;)

@MRJMXHD Год назад

@@thehackerish is it too late for someone between ages 23 and 25 to start learning?

@thehackerish Год назад

@@MRJMXHD Absolutely not! You're still young! Go for it if that's something you want to pursue

@kehzHD Год назад

@@MRJMXHDI’m 26 and I started a bachelors of Cyber sec this month

@davidddo Год назад

@@thehackerishwhat if im 15

@Veraxity Год назад

good job articulating your thoughts into words. enjoyed the video ( ͡° ͜ʖ ͡°)

@Gmarkooo Год назад

This is amazing, made me realize you need to be a debugger first to be a hacker XD

@NaughtyKlaus Год назад

I am curious; did you use a website you own, or just a random site you found? I find this video quite interesting, and it's amazing how easy it was for you.

@thehackerish Год назад

No it's not random, I never hack something I don't own or have permission to.

@Kaughts Год назад

Its amazing how good he is at walking through this, I wish to be able to do this someday

@Kaughts Год назад

@Sarahmilverton bro what are ya talkin bout

@joelamoako6778 Год назад

Wow this is insane, i'm a devops engineer and i have learnt a lot from you man, you got a subscriber!

@thehackerish Год назад

Welcome aboard!

@DailyBoosted Год назад

lol nice video, forgot to change env var PATH back :)

@MrCarIgor Год назад

alright, time to go back to my html tutorial

@Baburun-Sama 8 месяцев назад

One thing: Installing a Virus to said Website.

@Parrwiz Год назад

Now thats someone I can subscribe to. Even erased the logs: Perfection

@MrRaja Год назад

Finally RU-vid is recommending me some quality and useful content

@deedikjepijn Год назад

As a person that has his own homelab/server etc this was a crazy horror movie. I should really create more warning (and defense) systems.

@fdgfdgfdgrtyuio Год назад

"Hacked and Backdoored this website in MINUTES!" the video is 21 minutes long -_-

@thehackerish Год назад

With experience, you'll come to realize that 20 minutes is nothing compared to the time required to pull of a hack in real-life

@fdgfdgfdgrtyuio Год назад

@@thehackerish I know. Just kidding)

@christiansimbolon8429 11 месяцев назад

Any one here can hack web I have a job

@ANDREWCARTWRlGHT 11 месяцев назад

Hi friend you need help with website hacking real fast???

@kipchickensout Год назад

the "rpcbind" port could be interesting as well, maybe you can query it for what RPC services are running or it's just an obvious thing so that you get stuck on that no idea xD very nice video btw, i dont have the time to finish it right now but I will just do it later

@thehackerish Год назад

Good point!

@powerball200 Год назад

do ineed to know web dev, python to do this type of hacking? cuz im learning it

@thehackerish Год назад

Web dev will definitely help you become a great hacker. The first part of hacking is to understand the system, and what better way to understand an app than to code one. Go go go! You got this. Python is great to write quick scripts, although you can do it in any high level language really, but it's widely used among security professionals.

@codelinx Год назад

I really like your content and you talking out your ideas and process

@NickelCityPixels 3 месяца назад

Isn't that too much work to get default credentials? I must be missing smthg.

@pavevbogovev4045 Год назад

“Only for educational purposes, yeah yeah” 😂

@connorfratantaro7173 Год назад

crazy to see a master at work

@demolazer Год назад

Jesus, that was way too easy. Scary to think how many servers are running old versions of software with exploits like this.

@Tchatarero36 Год назад

Great Content ; how to exploit 0days and CVEs to get bug bountys Boss .

@thehackerish Год назад

Well, invest time and effort to learn how the system works, to the point of finding a way to abuse something. In short, be a hacker, an ethical hacker of course.

@Tchatarero36 Год назад

@@thehackerish Thanks Man

@ggre55 5 месяцев назад

Supper easy to crack that thing u could upload a file shell.php%00%.png that will be hosted as shell.php and done ur in I dont know if thats what u did i just started watching and commented this when i saw the upload thing

@anuzravat Год назад

looks crazy after weed, it almost like u hacked it like in movies

@thehackerish Год назад

Careful with that sh**

@anuzravat Год назад

@@thehackerish bro u actually hacked it wtf 🤣

@dereklee2590 10 месяцев назад

How to hack website that is doing illegal activity user doing illegal activity

@SyedFuzail-x1s 2 месяца назад

its only for education purpose, Yah Yah 🤣🤣🤣🤣🤣🤣

@socrayhte 26 дней назад

Please what is the code behind the Quickened NMAP alias

@EquaTechnologies Год назад

they hacked it longer than a wii respect to them

@equivalent0 Год назад

Dont idea what is this. Im not familiar with coding but this is fun

@RoyalNatangwe Год назад

I’m not sure if you did it already ahead, but at the upload imput since it say you can only upload jpeg and so on..,I suggest changing magic number of a php file I order to trick the site and get a shell

@thehackerish Год назад

Indeed, good point

@xt355 Год назад

are there any client-side filters that can be bypassed?

@thehackerish Год назад

@@xt355 Since the server was vulnerable, the impact is much higher than any other potential client-side vuln, but that's also good to test for.

@Robonova Год назад

This video blew up

@Hackedpw Год назад

Doggo

@Dyanosis Год назад

You know what I hate about videos like this? That they're necessary. The older I get, the more stupid the world seems to be. Why do we even have to worry about people gaining unauthorized access? Who would even go through all the time to do what you did? What did they really gain from it? Did humanity end? Did they get stupid rich so they'll never have to work again?

@thehackerish Год назад

We (ethical hackers) help organizations stay secure by finding vulnerabilities before the bad guys do. Everything is nowadays connected and digitalized. No wonder why infosec industry is a multi-billion dollar industry

@JuanBotes Год назад

thanks for making the content \o/

@JontheRippa Год назад

Good channel. You make a Very good job 👏.

@dHeIoxy Год назад

I don't think I understand any of this but it just looks cool 😆

@I_Unintentionally_Morph Год назад

i am here to start a career on information security and learn more. i have subbed , where do i start boss.

@thehackerish Год назад

Welcome aboard! Start with the web hacking and penetration testing playlists. Good luck!

@I_Unintentionally_Morph Год назад

@@thehackerish thank you .

@whiteninjazs Год назад

this is some crazy shiii

@gabrielkenz Год назад

I wonder if its possible to hack into a server that has a firewall well implemented with ip rules and such

@thehackerish Год назад

I'd say yes, since you at least need to open the port for the web application. It will be harder, but not impossible. But you can make the hacker's life harder with a WAF as a secondary security measure, and implement detections to spot suspicious activity early. And of course, the most important thing: develop secure code and have a proper SDLC lifecycle that takes security into consideration