How do you make the file install hidden without them knowing… like when they click the link they see a video but in the background the file is installed and runs automatically. just curious. Also can you hook someone who is not in your home network?
Only when for the download is via a CDN which automatically downloads but you can’t make it auto-run as far as I’m aware without a shell already or some URI scheme vulnerability
Hello Vinay, this may be an issue with your device, please use Ngrok and than attempt to hook an external device E.G another computer, phone etc on your network. This is mainly due to the payload created via msfvenom so you can try something from revshells.com and use NC (Netcat). Thanks
@@0SPwn any tips on hooking attack vectors, the only way I have been able to is using better cap for a man in the middle with a http proxy script and it works but if there is a better way maybe redirecting the traffic to a website that I can make to execute the script.
I tried beef but when someone closes the browser that has the malware he/she goes offline in my beef control panel and i can't do anything. Can i somehow use beef without the victim having open the page?
The goal is to keep the user on the page. I don't believe there's a way to permanently hook a browser and have access without them interacting with your server.
So how would someone deliver the hook link to a victim? Im clear on just about everything except for the part about how to get it to them and in what form will it be in… ?
Hello! Thanks for your comment, so firstly delivering it to a victim it'll need to be on a website itself publically accessible or a VPS with ports open work. Then you'd have to do send them that link via sms, email, Instagram etc (ethically) That will than result in them believing its just a website and getting hooked. I hope this helps :) Happy hacking!
@@damongraham1179 also I'll be covering write ups on my blog if you want to check it out and I'm active on twitter! twitter.com/RiotSecTeam blog.riotsecurityteam.com
@@0SPwn cool i checked those out and followed you on them. Do you happen to have instagram or anything like that so that i can message you if i have any questions? 😁
Eh, I wouldn’t agree with this. If you pwn a website that has a download feature, this could easily be abused. That’s an example and would be unethical so please don’t but it’s example of how threat actors could use it
![Create a Reverse Shell Using a Fake MP4 File [Tutorial]](http://i.ytimg.com/vi/ZlfloTpLGT0/mqdefault.jpg)
![Create a Reverse Shell Using a Fake MP4 File [Tutorial]](/img/tr.png)
How do you make the file install hidden without them knowing… like when they click the link they see a video but in the background the file is installed and runs automatically. just curious. Also can you hook someone who is not in your home network?
Only when for the download is via a CDN which automatically downloads but you can’t make it auto-run as far as I’m aware without a shell already or some URI scheme vulnerability
Yes, it can be done outside of your LAN
Which version of kl is this?
Hey @RiotSecTeam Amazing video, very interesting! Is there any way to contact you? Telegram or twitter?
Twitter @RiotSecTeam and thanks for the feedback!
@@0SPwn The possibility to send DMs is disabled
@@iamsofiane Enabled that function now, you should be able to shoot me a dm.
@@0SPwn Amazing! DM sent ;)
Can we do this over WAN
Yes, you can. I describe how that's possible in the video. :) - I do not show. Note, I am not responsible for anything you do.
My msf session keeps dying
Hello Vinay, this may be an issue with your device, please use Ngrok and than attempt to hook an external device E.G another computer, phone etc on your network. This is mainly due to the payload created via msfvenom so you can try something from revshells.com and use NC (Netcat). Thanks
@@0SPwnthank u so much
@@0SPwn any tips on hooking attack vectors, the only way I have been able to is using better cap for a man in the middle with a http proxy script and it works but if there is a better way maybe redirecting the traffic to a website that I can make to execute the script.
Thanks
Nice video
I tried beef but when someone closes the browser that has the malware he/she goes offline in my beef control panel and i can't do anything. Can i somehow use beef without the victim having open the page?
The goal is to keep the user on the page. I don't believe there's a way to permanently hook a browser and have access without them interacting with your server.
@@0SPwn Oh and how do we keep them on the page?
@@_kornel7941 It's about wanting them to stay or come back, you can't make them stay.
So how would someone deliver the hook link to a victim? Im clear on just about everything except for the part about how to get it to them and in what form will it be in… ?
Hello! Thanks for your comment, so firstly delivering it to a victim it'll need to be on a website itself publically accessible or a VPS with ports open work.
Then you'd have to do send them that link via sms, email, Instagram etc (ethically)
That will than result in them believing its just a website and getting hooked.
I hope this helps :)
Happy hacking!
@@0SPwn yes ethically of course. I certainly appreciate you taking the time to assist me with that my friend.
@@damongraham1179 No worries bud, have a good night :)
Happy hacking!
@@damongraham1179 also I'll be covering write ups on my blog if you want to check it out and I'm active on twitter!
twitter.com/RiotSecTeam
blog.riotsecurityteam.com
@@0SPwn cool i checked those out and followed you on them. Do you happen to have instagram or anything like that so that i can message you if i have any questions? 😁
2:28 lmao im dead XD. nice vid.
No idea what happened 😂 my brain cells just shut.
@@0SPwn that part really made me laugh bro. it was legit no script!! fantastic!! hahaha
you meant 192.168 or 10. lol i got ya
@@maximepivi 10.something.something.something I think I meant and 192.168.something.something
it's but not http:/
What?
well victim is not stupid to click on payload but cool job u doing
Eh, I wouldn’t agree with this. If you pwn a website that has a download feature, this could easily be abused. That’s an example and would be unethical so please don’t but it’s example of how threat actors could use it
....this video is kinda all over the place
I don’t script my videos it’s also old.
Anybody can help me so beef is over wan
You'll need to set Beef up on a VPS or some server that is accessible to everyone E.g. Port forwarding.
Thanks