Hackers can now HACK you with just a Word Document! | Zero-Day Exploit!
HTML-код
- Опубликовано: 24 авг 2024
- Create your own native application from your website in minutes with AppMySite (no coding required): www.appmysite....
This is the recently discovered Follina exploit which is assigned as CVE-2022-30190. It allows the hacker to get a Remote Code Execution (RCE) on your computer. In-order to trigger this exploit, the user need not even open the maldoc, he/she just needs to preview it!
The vulnerability lies in the MS-MSDT URL protocol - Windows blindly executes code when this protocol is used along with some parameters and a powershell expression.
DISCLAIMER
This video is made only for educational purposes and to bring awareness in viewers about this zero day exploit, and it contains instructions on how to protect yourself from it. So take it the right away, do not use it on anyone without their consent. This is a serious thing.
Check out John Hammond's video for a more in-depth explanation about this exploit: • Exploiting MSDT 0-Day ...
A workaround for this vulnerability is to disable MSDT URL protocol on your computer. In-order to do that:
1. Open cmd as administrator
2. Backup your registry key with the command: reg export HKEY_CLASSES_ROOT\ms-msdt filename
3. Disable MSDT: reg delete HKEY_CLASSES_ROOT\ms-msdt /f
This should make you invulnerable to this exploit until the patch releases.
Stay safe guys!
Thanks for watching!
SUBSCRIBE for more videos!
Join my Discord: / discord
Follow me on Instagram: / teja.techraj
Website: techraj156.com
Blog: blog.techraj15...
#zeroday
![[Special Clip] ATEEZ(에이티즈) 홍중 'Why Do You Love'](http://i.ytimg.com/vi/I6XYXQKN_pY/mqdefault.jpg)
Check out my FREE course on SQL Injection for Beginners, you also get a completion certificate: bit.ly/3MTMQ2Q
ur a lier u opened the file
Thanks so much for the shout-out, and especially thanks for showcasing the PoC! 🥰
You're an inspiration to all of us John! Thanks for all the effort!
John Hammond u had me as your subscriber thanks for the video with David Bombal
hey can anyone send me that file to me plsssss
Sure
And Thank you for share to us about this hack! hour unix father.
For anyone who is wondering: You can undo the workaround with this command "reg import backupregistry"
Great video as allways, Raj 😎
Yeah bankruptcy filing will be needed when they take everything
@@TheMessanger 😭😭
@@codeJamalonRH don't worry if is not the hacker is your wife or family 😭
@@TheMessanger 😂😂😂
Your channel is too underrated, you'd make the next Jim Browning. Hell, your almost just as good as him
Damn. Never Thought About RTF & Preview Pane! Thanks A Lot For Keeping Us Updated.
Ok, now I can hack my professors and give myself higher grades.
Thanks!
Loving the consistency and the content as well! Keep them coming! Also.. seems like your shadow ban is removed since one of your videos got good amount of views within 2 weeks of uploading !
So cool microsoft really need to patch this many people uses these ms apps and this is really dangerous
Impressive!
Thanks for the video!
0:20 does this work only work when you have preview window enabled?
I use details instead of preview.
Thanks for informing with short and best explanation. I liked, shared and subscribed. :)
He’s so smart and knowledgeable. You earned a subscription!
Thanks for alerting us....
And nice video,carry on...
Thank you! ❤
101 reasons to use linux
We need more content like this
again awesome video as always ,
also please make a update video on yoyr rig as market crashes
"i wont open it"
proceeds to double click the file
If there was NO Patch, how poc went public 🤣🤣🤣
Wow our computers can be hacked through word documents
Does this vulnerability affect users who use WPS office, Libreoffice and Softmaker Freeoffice?
I use WPS office, by the way.
this is so old lol, macro xlsm was a good time (=
You earned a sub!
Windows Sandbox: *I am 100 steps in front of you*
Make some videos on learning about hacking
Thanks brother for the video
Amazing Video bro, learned a lot from this best explanation on MSDT vulnerability. Big Love from Pakistan..
Hello bro my friend hack my mobile i did not know I just click on link and they hack my all mobile and get picture of me live and also take my network cameras how I recover it I did not know something about hacking pleaze help me pleazeeeee he hack on kali linux😔😔😔😔
Pleazeee brooo
Hacker can hack your computer even though you don't have one 😂
Where I get that word file please tell me
Probably not allowed to get that, because of another purposes
Ok.. but i need to test..
Even if you got it, its useless for you, because you cannot get the reverse shell as it is controlled by the one who made this file
you dropped this👑👑
Can you do tutorial on how to make my own Follina?
Next: Hackers can now HACK you with just a RUclips Video!
But how can I create this?
Ik this!! THIS IS REALLY MESSED UP!!! i saw this on Network chucks recent video!
Hope this exploit gets fixed soon.
Btw i love ur videos! YOUR OLD SUBSCRIBER! lol
Zero day attack is zero click attack
What exactly does disabling that protocol change to your computer? Will it impact its behaviour in some noticable way?
same thing I want to know
it will be a good idea if i try the last part of this video on work's computer?
Thanks for the video. I have a question. The direct execution on preview mode on Windows Explorer only occurs on rtf formats?
yes
Is that macro vunrability . Is it work if macro is off?
Really dangerous
bonjour j'ai besoin de votre aide monsieur
It doesn't work as you showed. windows bit defender can't let it enter.
the network chunk🔥
❤️ I love you~ ❤️
I lov him more 😍👹
@@ividimitrova8030 KAK SMEESH PACHAVRO SKAPANA
DA GORISH V ADA
what happened if u open through google docs itself?
Already installed the patch
wow good information thanks for shaeing
Please which android rat is the best Techraj?
Can you post a video to setup our own FTP server
Is it possible on Win10?
Me who uses linux:
I dont have these issues anymore
That's why I am using ubantu
you should work in Microsoft, you're really smart, thnx
Every cyber security person goes through this everyday, Its no big deal
Nice Bro :D
No reverse shell anymore
Is it solved today or we just have patch for it ?
How to rick roll a friend
Wow Verry good 👍
did they patch this yet?
how to do this?
network chuck was here
how can i use it pls
That's amazing
never gonna click that file
you rickrolled us !
Will it work even if i don't hv internet connection
Very good and working crack thx
Yoo, where can I get this file ???
Kek, the delete string it's not working for me, it says if I want to delete it, I say yes and it gave me an error that it is does not exist xd
previewing the file opens the file :/
I have grapheneos it protects me from this
so your saying text docs arent even safe now damn
now? i have been using this for long time
LMFAO next time don't put "without opening" into the thumbnail if in the video you clearly open the file.
You should've used @John Hammond's python script. Much easier to use(as they show it)
EDIT: I only saw the part where you change the code and commented, didn't know you did later
why you lying? you can clearly see you double click on the file
What happens when we open within Google doc or outlook view
Bro we can hack using video
You literally clicked it to open the file 😂
oooh
We was already rickrolled
⬆️⬆️⬆️ you are a real master of the arts.
Is this working in android
?
Amog us
Lol 😂
From your command p. How can someone check if he is being hacked ? Or how can someone undo a hacker with command p
maybe with some tools like wireshark you could maybe see the network traffic but I don't think there is a magic command that tells you if you are hacked, if your antivirus doesn't detect it then is kind of difficult.
God knows how many zero day attacks are not reported out there. We have a virus in our company luckily Kaspersky can catch it, ofcourse I don't use company laptop with bogus antivirus🤣🤣
Use Linux
Nc
Le me using Debian 🤣
bruhhh an indian
numero uno egg
PIN ME PLEASEEEE
Nice
Cashapp blessing
word.exe lol
I'm curious to know that
do u follow NetworkChuck 😅
It's not possible until the system is vulnerable, if you can hack me you will be rewarded 🙌🤍
Every system is vulnerable, This is a new zero-day CVE-202230190 i think
@@dontreadthis888 what if you are NOT running windows?
@@xAffan I was talking about windows users. But i'm not saying LINUX or MAC is safe, Every system has its own vulnerabilities maybe some linux vulnerabilities are not yet discovered
@@dontreadthis888 ik but Linux is much secure cus most servers and android run on it so big companies always check the kernel for vulnerabilities etc. But ye ur right and it's used less in desktop space so there's not much attackers so it's pretty secure
@@xAffan Yeah you're right, but i'm not saying its totally safe, cuz newer vulnerabilities are found often these days