Hide a Hacker's Reverse Shell in ONE Command

Подписаться 1,7 млн

Просмотров 82 тыс.

50% 1

j-h.io/plextrac || Save time and effort on pentest reports with PlexTrac's premiere reporting & collaborative platform in a FREE one-month trial! j-h.io/plextrac 😎
🔥 RU-vid ALGORITHM ➡ Like, Comment, & Subscribe!
🙏 SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎 FOLLOW ME EVERYWHERE ➡ jh.live/discord ↔ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware

Опубликовано:

11 май 2023

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 59

@laurenlewis4189 Год назад

Grzegorz is pronounced "gSehgoS" where the capital "S"s are pronounced like the "s" in "treasure"/"pleasure"/"vision." Tworek is easier: "tforek" - just remember that most european languages pronounce "w" the way english speakers pronounce "v," and in some words that can get the "voice" (the hum) taken out of it to become an "f" I highly recommend learning the International Phonetic Alphabet. It makes sense of those weird pronunciation symbols on Wikipedia and Wiktionary, and you'll look like you're a smart cookie who speaks multiple languages when you just have figured out how to read pronunciation guides. Knowing how to pronounce words in other languages and knowing what phonemes are commonly used in certain languages also helps you fake an accent and better socially engineer people, if that's the type of hacker you're aiming to be.

@PR1V4TE Год назад

That's a great explanation right there my friend. 😂👍🏻

@amine_jbz 5 месяцев назад

Hello man, I'm from Belgium and as a native French speaker, we don't pronounce the w like a v for an English-speaker, but It's right for some European-language like German and more. Btw, thank you for your good explanations and your advices !

@panchakosha Год назад

Yes, that's correct \0 is a null character. \1 would be a null character but with an index of 1, so \0\1 would be two null terminated strings. Modifying the registry doesn't affect the RDP query commands directly. It just allows you to customize the output with the key and value. The query commands retrieve the information from multiple sources: WMI, RDS, TS configs, registry, system data structures like Process Management, etc.

@keylanoslokj1806 Год назад

Meaning exactly?

@panchakosha Год назад

@@keylanoslokj1806 I was responding to questions he was asking in the video. Null characters can be used to separate multiple strings stored as a single value in the registry. For example, /d 0\01\0LOLBin\0calc.exe. He was also wondering where the RDP query commands were pulling their info. A more concrete example would be WMI providers specific to RDP, such as the Win32_TerminalService or Win32_TerminalServiceSetting classes.

@coltonthomas3658 Год назад

@@panchakosha can you explain the null character indexing? Can a reg value be "string/0hello/1world/2"? Is this why they show up as newlines when you view the key in regedit?

@dineshpavar1724 8 месяцев назад

🎉🎉🎉😊🎉

@andreadistasi8842 Год назад

Great one! I like that you kept it slim!

@cyberdevil657 Год назад

That is epic Jhon keep up the great work!

@guyincognito9009 Год назад

Dude this guy is incredible. Just like you, thanks so much for All your Videos john

@list1726 Год назад

Thanks for posting

@FuzzerHash Год назад

Heavy nice content, already waiting next videos.

@groundwalker2162 Год назад

Love your content Inspired me to learn

@ReligionAndMaterialismDebunked Год назад

AMSI reminds me of Jamsey and Wamsey, an inside joke my friend's friend started. Haha

@gooniesfan7911 Год назад

So you could instead of run a dropped file/bat loader, you could just make it execute a powershell command that downloads&executes the malicious code? (say reflectively load a dll) Then have a scheduled task to run the bogie query command? Would this be considered fileless?

@foeyloozer6299 Год назад

No. Fileless is when the entire payload is contained in the LOLbin. If you have it execute something you drop to disk thats not fileless.

@panchakosha Год назад

Does CLR Hooking to bypass AMSI still work in Windows 11?

@oildiggerlwd Год назад

Love the comments about webroot. Made me laugh because that’s what our MSP has installed on our endpoints.

@donttrusttheape Год назад

It will be Gregor in English, actually one of few Polish chaps worth, following!

@JontheRippa Год назад

Wow i love it 👍👍👍

@Vort3X-tech 5 месяцев назад

How can you run that payload on the target machine without them noticing?

@HxN0n3 Год назад

Superb! man

@mikaeleriksson6504 Год назад

Am I missing something. You need to have admin rights to add the query command right?

@MasterOfMisc Год назад

Yeah your right. You still need admin access to write to the registry. Which makes this kind of moot

@ruthvikas Год назад

Still waiting for picoCTF 2023 🙃

@PR1V4TE Год назад

John himself need a walkthrough first 😂.

@kazhiroma9736 Год назад

I was just watching your video on hoaxshell

@franman6831 Год назад

Top tier content John

@MrClawt Год назад

What if you can't write to HKLM?

@stevegreen2753 Год назад

I like it :)

@rodricbr Год назад

awesome

@lancemarchetti8673 Год назад

Nery Vice!

@OfficialAfterLifeEdits 7 дней назад

the vrisu got me

@keylanoslokj1806 Год назад

Dear mr Hammond our favourite security expert. How can the simple, total beginner user, check if someone has hijacked any device of his network? Smartphone, laptop, smart TV etc. How do we detect a compromise or even foreign users?