he hacked my websites
HTML-код
- Опубликовано: 20 ноя 2024
- 🔥🔥Join the NetworkChuck Academy!: ntck.co/NCAcademy
In my last video, I built 24 websites in 24 hours. 🚀 But with such a rapid development sprint, I knew security might have taken a backseat. So in this video, I decided to don my hacker hat and attempt to penetrate my own sites using tools like Nikto, OWASP Zap, Burp Suite, and Snyk. Spoiler alert: I didn't find much. 😅
Realizing my limitations, I called in reinforcements-my friend and professional ethical hacker Tyler Ramsbey. Tyler took the wheel and performed a thorough penetration test on my websites, uncovering vulnerabilities I had completely overlooked. From exposed API keys to cross-site scripting (XSS) and even accessing hidden admin panels, Tyler shows us how a real hacker would exploit these weaknesses. 😱
Along the way, we discuss how tools like LLMs (Large Language Models) can be both a blessing and a curse in cybersecurity, aiding both defenders and attackers. 🛡️⚔️
Subscribe to Tyler Ramsbey: / @tylerramsbey
SUPPORT NETWORKCHUCK
---------------------------------------------------
➡️NetworkChuck membership: ntck.co/Premium
☕☕ COFFEE and MERCH: ntck.co/coffee
Check out my new channel: ntck.co/ncclips
🆘🆘NEED HELP?? Join the Discord Server: / discord
STUDY WITH ME on Twitch: bit.ly/nc_twitch
READY TO LEARN??
---------------------------------------------------
-Learn Python: bit.ly/3rzZjzz
-Get your CCNA: bit.ly/nc-ccna
FOLLOW ME EVERYWHERE
---------------------------------------------------
Instagram: / networkchuck
Twitter: / networkchuck
Facebook: / networkchuck
Join the Discord server: bit.ly/nc-discord
AFFILIATES & REFERRALS
---------------------------------------------------
(GEAR I USE...STUFF I RECOMMEND)
My network gear: geni.us/L6wyIUj
Amazon Affiliate Store: www.amazon.com...
Buy a Raspberry Pi: geni.us/aBeqAL
Do you want to know how I draw on the screen?? Go to ntck.co/EpicPen and use code NetworkChuck to get 20% off!!
fast and reliable unifi in the cloud: hostifi.com/?v...
Ethical hacking tutorial
Penetration testing your own website
Website security vulnerabilities
How to hack your own site ethically
OWASP Zap tutorial
Using Nikto for server scanning
Burp Suite Pro walkthrough
Exposing API keys risks
Cross-site scripting (XSS) explained
SQL injection prevention
Snyk code analysis tool
Static Application Security Testing (SAST)
Guardio browser security extension
Ethical hacking tools and techniques
Preventing data leaks online
Secure coding practices
Vulnerability scanning with Nuclei
WordPress security flaws
Exposed .git directories dangers
Fixing open redirects
Cybersecurity best practices
Learning ethical hacking with Tyler Ramsby
Securing API endpoints
Protecting your website from hackers
#hacking #cybersecurity
🔥🔥Join the NetworkChuck Academy!: ntck.co/NCAcademy
In my last video, I built 24 websites in 24 hours. 🚀 But with such a rapid development sprint, I knew security might have taken a backseat. So in this video, I decided to don my hacker hat and attempt to penetrate my own sites using tools like Nikto, OWASP Zap, Burp Suite, and Snyk. Spoiler alert: I didn't find much. 😅
Realizing my limitations, I called in reinforcements-my friend and professional ethical hacker Tyler Ramsbey. Tyler took the wheel and performed a thorough penetration test on my websites, uncovering vulnerabilities I had completely overlooked. From exposed API keys to cross-site scripting (XSS) and even accessing hidden admin panels, Tyler shows us how a real hacker would exploit these weaknesses. 😱
Along the way, we discuss how tools like LLMs (Large Language Models) can be both a blessing and a curse in cybersecurity, aiding both defenders and attackers. 🛡⚔
Subscribe to Tyler Ramsbey: www.youtube.com/@TylerRamsbey
🎉
He just did a video about using Python on Telegram and I was wondering if what he's doing is ethical and legal ... Will you please explain , brother . Thank you and hugs from your autistic sister in Costa Rica
Bro is really skilled I watch him every time but he have not much follower thanks network chuck for letting him hack your web hehe
would love the video for building and deploying 24 sites in 24 hours!! Bruh, like how you gently cover that wonderful detail but not show us hoooooooooooow lol! Great videos as usual! Thank you!
nah I'd just use avast
Summary of the video:
Network chuck sets his website account
Username: admin
Password: admin
Tyler randomly guesses admin/admin
Network Chuck: OMGGGGGGG he just hacked my website!!!! AMAZIUNNNNG!!!!!!!
He even missed the file upload -.-
Thanks pal, you're a pal
Tyler is a really decent dude. His discord is awesome too. Thanks Chuck for having him on. He's at less than 20k subs I think which is just criminal.
I feel chuck is getting more and more beginner friendly to the point his audience is normal people
4 million subs
@@WorkersRise that makes sense
Kind of a shame really, they did a whole bunch of nothing.
His content has always been beginner hey look at this pineapple you can hack with it! with no real deep dive.
Which is weird given the take he had on LTTs compita A+ exam.... Shill. Shill. Shill.
17:05 , 17:30 contradicting yourself in 25 seconds is pretty impressive
shame this was super simple, tyler is pretty talented at this stuff.
I really appreciate how he is actually teaching people at square 0. Really need a lot of that in such an available format.
Absolutely amazing to be part of this. Thank you @NetworkChuck!
Your Amazing Sir.👍
I watch you all time lil bro you are really skilled thanks for your RUclips vids they helped me lots😊
I w kk
Yoooooo let’s go
Hi
as a web dev. none of this stuff to me was anything even remotely educational... this screams grade 8 in the library at lunch time. isnt even at a script kiddy level really
True i though i will see something sophisticated.
Sorry who?
@@theguythatknows are you 12?
Owasp Zap and burp suite are what enterprise companies use for DAST and provide to developers and pen testers alike as part of the DevSecOps cycle. Allows for rapid feedback to the developer to reduce risk before it deploys with issues, and is a valuable tool for pen testers poking at a web server in different ways.
That's not the point though is it? Having some knowledge/idea is way better than having nothing.
>Points out dodgy addons that scrape data, while using Chrome
Priceless comedy
I thought the point of this channel was comedy. All he ever covers is surface level stuff.
@@blancfilms This video popped up somewhere so I checked it out, not looked at anything else to be fair.
@@blancfilms its to raise interest, bro has made a lot of others get into IT.
Would be cool to see him go through this again but more in depth with what he would do for an actual pentest.
I have 400+ videos on my channel doing that exact thing with other challenges/machines :)
@@TylerRamsbey Why did you not do basic nmap scans in the beginning. You would have easily found the exposed DB
@@Blob-qo5iq - I was told it was 24 web servers to enumerate and provided with the hosts. In an actual pentest, a database would be off-limits unless specified as in-scope.
(Chuck only told me the web servers were my targets)
@@Blob-qo5iq - Yeah, good question.
So for context, I was provided with 24 websites by Chuck with the instruction to create a video of me looking at the websites for any vulnerabilities. I was not provided any additional context
In a web app pentest -- any other services are strictly off-limits because they are out-of-scope. Since the client (Chuck in this case), provided me with the specific full URLs of the in-scope websites - I wouldn't be running nmap to discover hidden services.
If, on the other hand, I was told these IPs are in scope, then I would run nmap (but that's not what I was told).
I hope that makes sense :)
@@Blob-qo5iq noisy
You guys are awesome. Thank you for what you do. Chuck has amazing guests all the time. You guys have inspired me to change careers at the ripe old age of 46. I’m going to. I’m starting my coursera IT support specialist. Then most likely the cybersecurity course. I’ve been in law enforcement for the better part of nine years. I’m over it! Thanks again guys!
That's awesome! Let me know if I can be of assistance!
Good luck dude
Good luck with the transition! I'm only 27 myself and am aiming to make the same move. Even with Google's cybersecurity certificate and CompTIA's Security+, I haven't managed to find any hits yet :/
But I know the jobs are out there, and wish you the best in getting there :D
Following you since the beginning of your channel...feels really nice to see that you are Posting new videos regularly..means a lot to a fan like me...
This is a great collab! More of these in the future pls
31:51 bro changed time
CHUK :ARE YOU SERIOUS?????????
Hardcoding your api keys is a dangerous habit. An expensive lesson for some, including myself.
Great video chuck. You have the special sauce when it comes to IT learning videos!
Chuck I salute you Sir, I started and ventured into IT because of you i really got inspiration and so it was a fun adventure persuing IT, i have seen your journey and evolution from networking servers up to now you are a cyber warLord, keep doing the impactful great work your doing.
French Press is amazing for that "cup-to-go"! Grinding your own beans? That's where you go over the deep end of the dive :P
I just finished watching your previous video, then this gem dropped, made my day so much better
How I make French Press coffee. I stir a little. Then push the plunger down until all the grounds are all underwater. Then I wait 4 minutes.
Coffee beans can be found in Forests and wild animals can be found at a watering hole.
cool!
Tyler is good people. Awesome interview.
This was the very first time i saw a hacker doing his job with his know how!
Oh shoot, it's a real hacking example video with real cyber security processes
non-sponser, non-proprietary toolset, just back to back explanation of every step of the way, fantastic
Don't be fooled, there's a sponsor for the video and there's a $449 price tag on the software that's showcased. Still great info in the video though.
@@spiderlurker - The software I showcased is free and I personally don't make any sponsored content :)
It's nice basic stuff you could easily read up onto. But defenitely a nice demo showing the lowest hanging fruits
@@spiderlurker yeah the video is sponsored so thats obvious, but I think the general content of the video is generalised enough to say that, even as a non-sponsored video, it would be interesting
@@Blob-qo5iq yeah, its a nice "taste tester", with more stronger examples in the future using CLI utilities and maybe examples of the cyber kill chain
fun enough I came from tyler's channel love this colab
Awesome video and Tyler is an awesome dude too!!!
Great to think that I knew how to do 99% of these!!
I don't know why you wouldn't white hat. You'd make a fortune.
Thanks for both of you great lesson
NetworkChuck is Peter McKinnon, if Peter had gotten really into computers instead of really into cameras.
Peter McKinnon, network chuck and cuppajoe5 are the same dude with different hobbies 😂
Tyler Ramsby brought me here !!
even a website got hacked just because of animation-timeline in CSS.
Under hour gang
This video is one of the best pen testing videos I have watched in a while
THIS WAS AWESOME!!! I would love to see this guy, Tyler, go after one of your harden sites on different platforms to see the process of thinking that a pro hacker does until he gets in or gives up.... and if he is PAID to not give up... what would they do? AND it would be cool to see the entire 90min video.
I have 400+ videos like that on my channel :)
Great video! Thank you Tyler and Chuck!
You have my uninterrupted attention for rest of my days …
Caffeine addiction at its finest. Also good IT vids.
he just said in the previous video, that he doesnt drink caffeine coffe anymore cus of the age.
The best part is the "same password as my bank account" 😅😅😅
Axios was on a beta version; which is the wrapper for "Ajax" requests, coincidentally.
How exhausting this kind of thing can be for someone.
I am checking youtube so often that I got to see AB testing 😅 - that is why I clicked, to write about it
for the coffee, run it through a coffee filter, like one of the filter holders that sit on top of cup..
and um.. I have seen a couple of your videos where you have "literally" welcomed people to try hacking you.. 8D
Still got the coffee on point. My man.
That is just level 1 any-one can do it
What do you expect considering the format and content on this channel?
That's the whole point, giving entry level users the tools they need to sus out what might be a problem.
People complain its all easy thing to do. Yeah obviously its beginner friendly he had to reach larger audiance. Also being pro doesnt mean you dont do basic error too so I would say it still pertinent for all of us.
we need more of this
The #1 reason sites get hacked "I don't want to do this, I don't have time for this." :) Oh and wordpress.
Is WordPress this bad?
@@bolsonaro-ku9uz YES. Companies don't seem to understand the simple fact that WordPress is a BLOGGER Framework made for private persons (or very very small organisations).
It is bad at load handling, you have a very bad overview over all the plugins and their vulnerabilities, practically not made for being secure and you have no good way of adding backend stuff (like an API, a database, server-side javascript) natively. You will have to host another server just for that. But then why use wordpress in the first place when you need to host your own NodeJS Backend?
ohhh the set in the bg lookin crisp asf
thats not hacking... thats just the first few points in the book of "dont do this on your site"
Does Guardio protect against supply chain attack which may result in explosive being planted in your home and personal devices?
Hey Chuck can you make a video on how to find secrets on people like hack in their phones and discover secrets don't worry i just want to learn how because I want to become a ethical hacker
Can we get the recipe for the coffee?
Is it time to update the quote website to leverage ai to pull quotes dynamically from your videos? :P
I don't think you could make it any easier
Chuck, please put some of you applications behind Cloud flare and re-test.
Awesome video!!
trello must have had some big data leak since i got that leak warning about trello too
ajax is making a specific request to a specific url, it reloads the data without reloading the page
Chuck be like: "ways to hide your files like a hacker" = "making 24 websites" 😂😂😂😂 0:01
I make my coffee on a $20 Walmart "Mr. Coffee" every morning.
I don't even like coffee, but it helps me unload my chamber before I shower-up...so there's that.
I feel that explanation was about as nonsensical and misplaced as yours.
hey you used the wrong thumbnail when you mentioned the website video at the beginning, 0:03
so he did like...Directory traversal exploits vulnerabilities scan , right ?
Yooooo my favorite rapper is here
Guessing those sites were on a hostinger shared host. You didn't violate tos or anything for their shared hosting running pen tests like this with nuclei?
the Science Method looks so much cooler
Network Chuck was a nice actor
Have you seen the clasic scifi movie The Day The Earth Stood Still? I’m guessing the name nikto came from that since it coined the famous line “Klaatu barada nikto” which means “Stop barbarism, I have death, bind.”😂
@NetworkChuck just a quick question, may i ask the ram you have on your computer? I see you work like me on VirtualBox and Kali Linux, needs ram for sure, so, what ram memory do you recommend for a descent work?
16gb for native OS host and 32gb for vm's. 4gb for cli vm or 8gb for gui. double that for windows VMs,
BRO, I just got motivated, and I will start Bug Bounty as soon as I wake up with my fresh-brewed hot black coffee. Thank you for your work it was a great video.
A very underated tool is Vega
Are there any tools that you'd recommend us regular web designers, to test the security of our sites?
Next Video: How to make good coffee
No way! That's something! Thank you for the information, Tyler and Network Chuck!
Edit: Where can I learn basic ethical hacking for free? I am currently learning how to set up VM of Kali Linux by using Oracle.
bro im crying my entire website was hacked
Damn, amazing video, bro! Keep inspiring!
I only watch these videos so that I know how to make coffee ☕
This is exactly why hacking is no more a powerful source ..when you have ppl creating script kiddies online.
you are part of the script kiddies. look at your profile picture
people burp at me in counter stike.... and i cry at night... rightly so i guess T_T
It is kinda sad Tyler missed the lowest hanging fruits just by not doing port scanning (he missed the exposed DB), which should be like one of the first steps. In the end, this is just basic demo stuff and nothing too crazy shown here.
I provided some more context on my channel - but I was provided with 24 full URLs that are in-scope by Chuck. I was not provided any additional context, and was told to treat it like a web app pentest with those in-scope URLs.
When a client provides specific URLs that are in-scope, you do not perform nmap scanning on the underlying IPs. If I could have been provided instead with a list of IPs, I would have run Nessus and Nmap on those lists.
So the reason I "missed" the database is because the database was explicitly out-of-scope, based on the information I was provided for the video.
I French press every morning. I have been doing it for years. It is not really gritty. I think you might need to practice more and maybe not be a noob at coffee.
The videos are beginning to be insanely top level, which is a shame, really.
You don't know burp what kind of hacker r u?
I think he is slowly becoming James Hoffman 😂
Just in the right time! LOL I just finished applying your video for the FileCloud and was looking for a way to check my network for vurnabilities and fix them :). Thanks Man!
Been waiting for this for so long!!!
More pentesting videos by pros please!
You made 24 websites in the "Hide your files like a hacker" video? (you maybe want to correct that :) )
No I’m not Human, I’m Peter ❤
zaproxy is NOT installed by default. but ok
I'm not human, an AI making unauthorized transcriptions of one of the best IT content creators
it's _regression testing_, not hacking...
Mr. Beard Guy, I once was able to access some of your paid academy courses for free
I reported it to your team manager i think, His name was Austin
All I am is a web developer 😂😂
He bypassed the rules :o ,No one can blame u for hacking ur own websites x)
admin : admin
Good job Chuck
NetworkChuck What do you think would happen if you shaved your beard and dropped a video with a totally clean-shaven look? Would the network still run as smoothly? :)
Hey just hacked my countdown 😂
Karma attacks can be done with a wan and Kali Linux using Aircrack-ng. But you do not have consent, unless you do.
which is the best vm tool vmware, hyper-v, or virtualbox??