Hackers Abuse Zero-Day Exploit for CrushFTP
HTML-код
- Опубликовано: 25 апр 2024
- jh.live/flare || You can track down shady sellers, hunt for cybercrime, or manage threat intelligence and your exposed attack surface with Flare! Try a free trial and see what info is out there: jh.live/flare
Learn Cybersecurity - Name Your Price Training with John Hammond: nameyourpricetraining.com
Read The Hacker Mindset by Garret Gee: jh.live/hackermindset
📧JOIN MY NEWSLETTER ➡ jh.live/email
🙏SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/discord ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
🔥RUclips ALGORITHM ➡ Like, Comment, & Subscribe!
![WE EXPLORED THE DARK WEB [INSTANT REGRET]](http://i.ytimg.com/vi/ID9Xw9S3I0o/mqdefault.jpg)
I still find it funny that quite often people goes for paid products with fancy presentations and unnecessary black-box automations. We use OpenSSH sftp with Linux access control and rarely do we have to worry about random 10/10 RCEs.
That's just Apple's ecosystem. All it is is just a shiny polished shit.
@@CZghost Microsoft has been doing it for years too.
Familiar with CVE-2024-33663?
@@CZghost macos has ssh and built-in nfsd
can we like calm the fuck down with all the vulnerabilities this year?
N O
🤣😂
Exploits and vuln are found almost every day. What's different lately, which has nothing to do with April in particular, is that more of them are being published on RUclips, so it seems like a whole lot of them all of a sudden. More and higher bug-bounties are also a factor. ;)
Thanks for the demonstration. Very helpful !!!
Thank you
Great Vid!
Flare doesn't show their pricing on their website... I hate that
They charge based on identifiers, we pay for flare and we get 1000 identifiers and pay 36k a year
Nice "enterprise grade" software you got there.
shodilly reinventing the wheel?
This is nuts. It seems like they don't have a proper security model in place if it's just that easy.
Also the CrushFTP desktop UI doesn't instill me with confidence lol. At least the web UI looks decent.
Flare looks very interesting. however, the pricing is elite and well crafted 0-day. I ain't buyin to something even for a trial to find out it's extortionate pricing. the FREE trial is not free. They should be open with their pricing.
hey i have a question Jhon, what virtual machine manager u use Vb or vmware?
Nice video, thanks for that.
Allow me to do a question: how can the ssh_host_rsa_key can be useful in some way for hacking once its not related to any user?
*another* vulnerability this april‽‽
i swear theres a vulnerability every day now XD
A lot more than one!
Can we all agree that JH is the goat?
Dang right! Such a genuine dude.
i agree.
He even clone dinosaur
I mean hire Dr. Wu to clone dinosaur
I'm surprised that you didn't talked about Linux XZ malware.
COOL!
Having inside information on this one I can only laugh, and laugh, and laugh. There are more vulnerabilities. You just haven't found them yet. 😂
Classic closed-source tomfoolery
Chill, I was expecting you wise ahh comment
@@mangodude-nq6su well having seen that source, trust me, you’re better off.
Sec researcher here - any info you can drop without breaching NDAs?
@@Daveychief23 No NDA but common decency prevents me from trashing a former colleague. Plus I have a competing product that makes his look like a child’s toy.
Hi! If you can please create a video on the brokewell malware thx 😊
Hello @john hammond, recently my Discord was hacked by someone who used it to send phishing links in the NahamSec general discussion group. I’ve resolved the issue, but now I’m unable to rejoin your Discord. Could you please allow me back in?
John are you going to be in the people's call center this year?
So why would anyone use crushFTP?
hell yea
Die sitzen in ihrer Ideologieblase und sind anderem gegenüber Beratungsresistent.
Selbst wenn der jemand gefragt hätte aus seiner Umgebung hätte er keine Kritik bekommenm
cant stand places that have a "start free trial" button with no price given for full ver
April and its vulnerabilities 😂
another zero day.... im not even surprised at this point
But no one is using crushftp whats wrong with people
24:25 "almost in a sense server side template injection sort of"
Almost sort of. That's exactly what it is!
Hi, I don't know how to send this to you, but are you aware of the Sabrent situation? They're apparently hosting malware as legitimate firmware updates in their web. Maybe a video could help people not to fall on this and make the company finally solve the issue. Thanks a lot, and please excuse me if this is not the right way to reach you.
I do not understand enterprise using app developed in Java. It is like using an NES emulator to do your presentation.
Bruh 💀
should i be worried haha i dont even know that software lolz
15 min gang
4:56
08:53
help me sir
Can somebody explain? I dont really understand how it can read a file outside of the virtual machine?
make video on CVE-2023-24059 sir if its exploit is free
There is no cloud. It's just someone else's computer.
i just pissed on my wall
good for you
Never heard of this software before... Enterprise ready? The vulnerability info on the download page looks like it's written by a kid and the linux installation instructions are just a joke. Custom start scripts? Then scrolling down i see a systemd service file and at first i thought like oh maybe it's not that bad, but then i look at the actual content and they are not just wrapping their script in a systemd service, no it's wrapped in rc.local and the systemd service is to call rc.local...with a "start" argument that is not used, and without a shebang while it's called directly??? Suprised that even works tbh.
I was gonna say, what is this 1995? But heck even in 1995 things weren't this amateuristic.
27th
am i dumb or did you just not realize that u were able to pretty much do %hostname% which is effectively a command execution? lol
%hostname% isn't getting passed to cmd.exe as if it were an environment variable, it is being specifically handled within the application with their custom processing-- so per your question, no, it isn't command execution, and you are dumb. (You said it, not me)
😁😁🙌🙌
abit too early i guess lmao
😁😁😁
First !❤
Sir please next video social media authentication bypass make this video please 🥲😭
Most liked comment 👍
Hell of month.
PRO-see-yohn
Thanks for the info dude!