Hacked and Backdoored this website in MINUTES! NEVER try this on unauthorized targets!
HTML-код
- Опубликовано: 6 фев 2025
- #pentesting #ctf #hacking #cybersecurity
DISCLAIMER: The techniques shown here should strictly be used on targets you HAVE permission to test. NEVER hack something you don't have permission to.
In this video, I demonstrate how I hacked a CTF target, got root, and backdoored it in just minutes. You will learn many hacking techniques along the way! Challenge from @indishell1046
🔥Use Coupon THEHACKERISH and Get 5% discount on CRTP and other courses on www.alteredsec... when you pay with Stripe.
🚀 🔥 Become a pentester
academy.thehac...
📙 Learn the technical skills:
thehackerish.c...
📙 Become a successful bug bounty hunter: thehackerish.c...
🆓 Download your FREE Web hacking LAB and starting hacking NOW: thehackerish.c...
🌐 Read more on the blog: thehackerish.com
🇩 Discord: / discord
💪🏻 Support this work: thehackerish.c...
Facebook Page: / thehackerish
Follow us on Twitter: / thehackerish
Listen on Anchor: anchor.fm/theh...
Listen on Spotify: open.spotify.c...
Listen on Google Podcasts: podcasts.googl...
As a web developer this felt like a horror movie. Would love to see a video hacking a PHP Laravel website. Subscribed
Cool! I'll see what I can do
same lol
this is the definition of a horror movie to a web dev
I'm out here sweating too😅😅 New subscriber gained
Could be wrong but I believe laravel, *when properly installed*, is more secure than Drupal. Just my opinion of course and nothing is ever truly secure.
I've seen plenty of people installing laravel the wrong way with env public and accessible or all files in www folder etc etc.
Still would love to see where the more advanced vulnerabilities are... Of course if the video is simply "look a freely accessible env file", I will be truly disappointed teehee
First time seeing hacking attempts like this. Amazing content!
Came for the back door, stayed for the plot
Sure you didn’t come in the back door?
@@user-vk2cd9qw7i🤡
Learned a whole lot just by watching the video. Currently a second-year cybersecurity student, this is very helpful. Thank you!
i really understand maybe 5% of what's being said but i can certainly tell that that website got completely folded
This is insane! As a second year Cybersecurity student, my mind is blown by the way of thinking. I often find it hard to not have a tunnel vision when searching for exploits. I'm really wondering, how did you learn all this stuff?
At first I did not know about anything, but with time and experience I developed my skills. I vividly remember my first app I hacked! I was hooked, and I'm still learning to this day
@@thehackerish could you name some resources you found helpful along the way to learn
@@vneem3758 I have shared videos about this yes, watch this one for instance ruclips.net/video/qanMMA5fPlY/видео.html, you can also watch my web hacking playlist which is a step-by-step course for web hacking
@@thehackerishthe first thing I hacked was when I was 15 and changed the index.html to read PWNED !! via a web shell. I was so damn happy but I quit hacking to focus on other things. Today I feel guilty for not following the path to become a cybersecurity expert. If only did I knew how much money cybersecurity researchers would have been making.
Experience whit huge amount of repetition a sprinke of writeDown-em-all and googling skill .....
p.s. if u start doing 2-3 times the same box u are on the right way
p.p.s it can be frustrating a lot , specially pen-testing /red-teaming it's one of those things that u love or hate
Wow this is insane, i'm a devops engineer and i have learnt a lot from you man, you got a subscriber!
Welcome aboard!
This is crazy, thanks for the reminder to care about security before its too late
I was just about to switch from web developpement to cyber security cause I felt I had learned a lot from web developpement, and I've always loved hacking and backdooring. I found this video and your way of explaining stuff is so good and creative I've learned a lot from one video. guess I'm watching all of them now!
Enjoy! I am glad you found what you were looking for :)
Wow... This is so cool! I've been thinking about entering the Cyber Security field for a while! As a student, this is really intriging to me! Thank you!
I decided 10 years ago and I am not disappointed, apart from sitting on desk for hours ;)
@@thehackerish is it too late for someone between ages 23 and 25 to start learning?
@@gerrardthemeek Absolutely not! You're still young! Go for it if that's something you want to pursue
@@gerrardthemeekI’m 26 and I started a bachelors of Cyber sec this month
@@thehackerishwhat if im 15
I am curious; did you use a website you own, or just a random site you found? I find this video quite interesting, and it's amazing how easy it was for you.
No it's not random, I never hack something I don't own or have permission to.
Watching you go through the process was a rollercoaster I was so into the video when you were able to ssh I shouted YESSSS!!! I love what you do man it's awesome
Well that's a comment that made my day! Thanks a lot for watching
Finally RUclips is recommending me some quality and useful content
great walkthrough video, very informational.
The One Piece images caught my attention but didn't expect to be this interested in the video! Great one
Glad you enjoyed it!
This is the first of your videos I have watched and Im definitely hooked! Id love to learn more from ur channel :)
Thanks for the kind words
Very happy that your content got viral andgot number of view,, Keep Going ❤❤
Thank you so much 😀
This is such an awesome video! I didn't understand everything you did but I still learned a lot, thank you, I would love to see more of this type of videos!!!
Awesome! Thank you! I will post new ones, but similar videos are ready for you in the same playlist "penetration testing"
Its amazing how good he is at walking through this, I wish to be able to do this someday
@Sarahmilverton bro what are ya talkin bout
Instead of rm access.log files I think it's better to copy everything before your activity in another file and then rewrite original with that copy. Or just truncate it to zero if you don't care too much.
That's what I thought to. Just nuking the logs is proof in and of itself of a hack. From my genealogy experience we call it negative evidence.
You could also create a .htaccess file that interprets txt as php then you could upload a php shell.
are you a hacker
are you learning from port swigger by any chance? if not please advice me im new to this, i started learning and reading like 2 weeks ago
hey, easy satan.
ya but also directly he can put php rs code insted of :- as content of file and file format as .php insted of txt after finding the exploit...
This is amazing, made me realize you need to be a debugger first to be a hacker XD
the "rpcbind" port could be interesting as well, maybe you can query it for what RPC services are running
or it's just an obvious thing so that you get stuck on that no idea xD
very nice video btw, i dont have the time to finish it right now but I will just do it later
Good point!
Great content, dude! Awesome! A few Q's I had while watching, would love to clarify:
1. Why didn't you need to point nmapq to your root-me URL?
2. Why doing `cat /etc/passwd` didn't include the whole file, assuming the command does it - did the Web App truncate it?
3. Why playing with `head -n :line` would be very lame? Any technical reason, or just 'cause it was too difficult to read in general?
4. What is the `/opt/s` and what it does?
Wow, I love your questions.
1. my alias already included the url, with a placeholder for the room number I played in.
2. the app returns the first line only
3. With head, I need to use it as many as the lines of the file. Takes time.
4. /opt/s is the vulnerable executable we're trying to exploit for root access
i legit know nothing about this but it is very interesting to watch liked + subbed
As a person that has his own homelab/server etc this was a crazy horror movie. I should really create more warning (and defense) systems.
This Is very awesome but I do think the CTF containing a setuid binary that popens scp is incredibly unrealistically insecure but we can see that it is just placed there to provide an easy privilege escalation after you do the actually realistic part which is the remote code execution exploit
Amazing!! Congrats man 👏👏
Thank you! Cheers!
Now thats someone I can subscribe to. Even erased the logs: Perfection
I really like your content and you talking out your ideas and process
Amazing! Very good to see you in action
Thanks a lot!
dont forget to clear the authorized_keys file and history file for the root user :3
Hi,how can I message you? I need help
wow, that was really interesting, I haven't been that interested in the last 6 months or smth!
Hey man nice content i subscribed!
Welcome to the family! Lots of similar content already in the pentesting playlist, let me know what you think of them!
i love the way you went about this, earned a sub
Thank you! Are you a developer?
Got this vid in my recommendations actual good content thx youtube
Awesome video!! i was really invested in the story
Very cool! I want to start learning hacking etc. My qiestion is what did you try to achive by uploading the php file as the picture? What could it have done? Thanks
If I could upload arbitrary files, like PHP, I could have taken control on the server by running arbitrary commands (Remote Code Execution), Here is a concrete example from on of my previous videos: ruclips.net/video/P44imvLQ6cA/видео.html
@@thehackerish thanks! So when you open that file it runs the code and you just made a php file that takes the arg x as a command to run on the server? Also dont most server block access to files via the url?
That's right, and no they don't block it from url because that's how php app works, unless you use routes, frameworks like laravel use them and so you can't directly access the php files
I really enjoy watching your hacking videos , keep up the good work!
Thanks! Enjoy
I'm from portugal, i don't understan a shit, but i stay the all time ahahahha i'm stuck on your videos
Much appreciated!
I am right on the border of "I have no idea what he's doing" and "Oh, I kinda understand what they're doing here."
Me knowing very little about coding makes this very intriguing for me!
Same. I noticed at the end that outright deleting log files is not a good idea though. The lack of those files will cause suspicion and cause further investigation.
Yeah, it might be better to just replace any of the traces you had left behind with something else that wouldn't look suspicious.@@lightyagami3492
Whoosh!!!! Right over my head
We missed you 💗💗💗
Thanks for the kind message
Thank you so much for this video! Learnt a lot.
Great vid, earned a new sub! Helped me understand more of what i thought i already knew.
Thanks for the sub!
You could use a php shell. Or some type of reverse shell.
you are awesome and also reveals the realities ..stay tuned
duuuuuude i am a full stack dev ( just started ) and i HAVE to learn these things.
Go for it! I have so many techniques with hands-on examples in this channel, go watch the pentesting playlist
awesome stuffs, i learned alot, new subbed🎉
Welcome to the club! Many similar videos on the pentesting playlist are available
crazy to see a master at work
I liked the video alot. What was the nmapq without the alias?
Glad you asked. Here it is: nmap --top-ports 200 ctf"$1".root-me.org -Pn -v --open -sV 2>/dev/null. I hacked many challenges on root-me, hence the target hostname
do ineed to know web dev, python to do this type of hacking? cuz im learning it
Web dev will definitely help you become a great hacker. The first part of hacking is to understand the system, and what better way to understand an app than to code one. Go go go! You got this.
Python is great to write quick scripts, although you can do it in any high level language really, but it's widely used among security professionals.
This looks so cool but half the video in and I'm super confused 😂, any resources I can use as a pre requisite before watching ur vids?
Yeah sure, head over to my playlist about web hacking, it takes your by hand from the start. Also check out Academy.thehackerish.com
@@thehackerish thanks!!
What's the terminal ur using with term cmd and powershell?
wsl with ubuntu
I loved the stuff you did after root. One thing though, to finish up your clean up and stealthy approach, you would want to delete some of your bash history surely?
yeah, I should have set HISTSIZE and HISTFILESIZE :)
@@thehackerish What about auth log for ssh connection? Or some "afterscript" which will delete trace of your ssh access after you'll log out?
@@skuge- You are the man! Good point
Bro is going to be hired by the FBI
Please what is the code behind the Quickened NMAP alias
3:21 I'd check if & char works since the whole phrase went into URL.
I'm a newbie tho so idk if it would be even helping in this case, it's just I happen to see the pattern.
Great channel and even better content!
Hmm...interesting, but the & would add a new parameter
I’m not sure if you did it already ahead, but at the upload imput since it say you can only upload jpeg and so on..,I suggest changing magic number of a php file I order to trick the site and get a shell
Indeed, good point
are there any client-side filters that can be bypassed?
@@xt355 Since the server was vulnerable, the impact is much higher than any other potential client-side vuln, but that's also good to test for.
thanks for making the content \o/
I have a question, or you a self taught or you have a degree in cybersecurity.
Degree in software engineering, self taught cybersecurity
extremely underrated, such a goat
Share the love!
Great Content ; how to exploit 0days and CVEs to get bug bountys Boss .
Well, invest time and effort to learn how the system works, to the point of finding a way to abuse something. In short, be a hacker, an ethical hacker of course.
@@thehackerish Thanks Man
Awesome video! Doesn't make me sweat as a web dev at all 🤣
If you own a web app you want me to test, you know where to find me 😉
lol nice video, forgot to change env var PATH back :)
I have no idea how any of this works, it's like magic to me, amazing
Enjoy magic 🎩
watched the video and I am confused haha, where can I learn such concepts?
This channel has many similar videos to learn from. But you can start with the owasp top 10 in the web hacking playlist
@@thehackerish alright thank you!
“Only for educational purposes, yeah yeah” 😂
Isn't that too much work to get default credentials? I must be missing smthg.
i am here to start a career on information security and learn more. i have subbed , where do i start boss.
Welcome aboard! Start with the web hacking and penetration testing playlists. Good luck!
@@thehackerish thank you .
I wonder if its possible to hack into a server that has a firewall well implemented with ip rules and such
I'd say yes, since you at least need to open the port for the web application. It will be harder, but not impossible. But you can make the hacker's life harder with a WAF as a secondary security measure, and implement detections to spot suspicious activity early. And of course, the most important thing: develop secure code and have a proper SDLC lifecycle that takes security into consideration
What are you using for hacking?
A laptop
as I'm a noob in this world, I understand that you somehow you used the vulnerability of the druple version to send a txt file that you used to read the server,but it seems so confusing the fact you see the vulnerability of each element of a page, I like it but I don't think I will be able to this even in 10 years from now on
What is the name of the tool "request-response terminal"?
Burpsuite, there is also zap proxy. They are web proxies to play with the http requests
good job articulating your thoughts into words. enjoyed the video ( ͡° ͜ʖ ͡°)
Do you use AI for hacking and if so how do you use it?
Yes, I occasionally use chatgpt to assist me in some tedious tasks. Otherwise nothing else
thats crazy, how do you even use it?? is it for like brainstorming@@thehackerish
I write like I am chatting with someone, like please take this csv and extract only the ABC column. These kind of things
Really nice content ! Really interesting !
Glad you enjoyed it
how would i deface a website that has no login and only has one type of redirect link and its just a default page with text
With a reduced attack surface, you can't do much really. I'd look at other assets owned by the customer I'm hacking
@@thehackerish but someone else has defaced it and im trying to help them figure out how
@@en_ry I see, well you need access to logs, and support from the hosting provider if it's shared. It's possible that the website got defaced because of another hacked website on the same hosting server.
@@thehackerish so i would have to get into a port still no? also the only thing they have linked is another website
it looks so complicated, but i'm guessing with a ton of experience you can do this casually. Might seem stupid, but what language is this?
The app is developed in a PHP framework, and the OS commands are just bash
New sub 😊
Welcome on board!
At 7:47 what tool did you open?
BurpSuite, a web proxy. Have a look at this video to see how cool it is ruclips.net/video/p-aCU_C1jKk/видео.html
create one for wordpress websites
Here is a video for a Wordpress example: ruclips.net/video/bxUJuYMSqLs/видео.html
good job
Now make a video on how to avoid this exploit🔥
An update is a great start but honestly I wouldn't use Drupal or wordpress to host anything.
This video shows you to must use latest versions of softwares :)
@@bariscodefx Indeed!
Couldn't you write a php file that triggers a reverse shell and then just send a request to it in the browser?
I believe I tried but I don't recall why it didn't work.
6:30 this is what 'shellcheck' is for, in case you don't understand at your level yet. Its very specific and it will tell you in a clear concise way whats wrong and not to run it.
I don't think I understand any of this but it just looks cool 😆
What to do if i forgot burp suite browser intercept password
There is no password for burpsuite
i love the "oooooo"
Dont idea what is this. Im not familiar with coding but this is fun
Great video! Next time maybe even altering the History of Linux machine would be perfect 😁
Next time!
looks crazy after weed, it almost like u hacked it like in movies
Careful with that sh**
@@thehackerish bro u actually hacked it wtf 🤣
Wow! Impressive. Still so much work though
Jesus, that was way too easy. Scary to think how many servers are running old versions of software with exploits like this.
"and it says here only for educational purposes...yeah yeah"
Seriously though, never hack something you don't have permission for.
they hacked it longer than a wii
respect to them
Thank God I learned Linux.
Wow. Wish I had seen you earlier
How did you get the kali linux cmd on windows 11?
It's not kali, it's Ubuntu running using WSL
subbed