I adore how easily you explain stuff, I am SW engineer for 10 years but new to cybersecurity world and the best thing is that it's not boring for me witch explaining how TCP works. Great work dude!
What I don't like is that, there is a considerable difference between how we actually get hacked in real life, and how these demonstrations work. When a already downloaded PDF is trying to save another PDF and windows is clearly showing a very necessary warning, it is not how it is done. I am sure there are methods to evade these, but most ethical hackers will say "You are wrong, a lot a people actually fall for this". When someone gets hacked in real life it is a completely different story, especially if they are getting personally targeted. Show how to protect from those, instead of showing what Microsoft has already done something for.
Yes, of course no one would show how they actually do it. Its an amazing skill and people wouldn't share it for free. The best way to learn is an internship or 1st hand with an ethical hacker.
CEH here, well I gotta tell you that most people really fall for this, humans are the most vulnerable aspect of security systems. Hacker gotta work hard first trying to vulnerate the security systems that are learning day to day how to become stronger and once they've done that, then you get hacked, but that's another story and lotta code...
great content it is always good to realize even pdf can include malicious code. the only thing i will say about it, you make it look like it is so simple but av and defender will detect that type of attack instantly. we will appreciate you mentioned that in the video and if you can also put the best way to avoid being detected so we can learn more. the video is awesome and your explanation too. thanks
Dear viewers, no it's never as easy as this video is, those payloads are easily detected by nearly any AV cause of how frequently they're used so their signature is in every AV solution database sorry to bust the skids bubble 😂
If you cant bypass simple AV with all the stuff available you are less than a skid 😂😂😂 The Real problem, who show us you dont know the downside of this exploit, is the targeted OS/adobe version...
Yes pdf exploit are all outdated ans detected by most of the avs. There are private that work better but they are very expensive and hard to find. However excel exploits are a good alternative
The raw attack as shown in video has very slim chances to go, but combining this attack with other vulnerability could be very effective, it is up to your hacking mentality to figure out how could you make use of such attack
Mr. Hacker Loi is NOT a bad looking guy. But I got a nice laugh out of "Mr Hacker Loi is very handsome" 😂🤣😂🤣😂 Thanks Loi! I appreciate ya, man! You forgot to tell us that good hackers never get caught, but if you do don't tell them you know Mr. Hacker Loi! 😁
you should make 5 or 6 video series teaching on stuff like this so you don't have to explain sudo every time. I would also appreciate the series more because I'm looking for more advanced explanations rather than the light brushes on topics with the full explanation of stuff I already know
Hey Loi, are the courses in Udemy and YT membership different? And are they up to date? The reason I'm asking this is that most of the Ethical Hacking or Penetration Testing courses on Udemy or other platforms are either outdated or purely theoretical.
All PDF files have a backdoor, even if the hacker or user did not add it in. No one knows who is hacking though. But I know the government uses it in their files to find out who is stealing their data. My friend found that out by downloading files from them.
i "like" this video according to the website... i also really enjoyes the video, and learned a lot. who knew you can control a system with these techniques. the internet is becoming such a complex place.
Another good tuts. Sir can you make a tutorial on merging of payloads with files. Like pdf,doc and stuffs like that except APK cuz we know Metasploit already has the -x option to input the payload into an apk
@Loi Liang Yang "I tried doing the virus.pdf thing on my VMs (Windows 10). Everything went well until the last step. I used Adobe Reader 9, which is an older version, to open the downloaded evil.pdf file. Upon opening it, it prompted me to save the file as template.pdf. I did that, but then a pop-up appeared saying, 'Windows cannot find template.pdf. Make sure you typed the name correctly and then try again.' I followed along successfully until the timestamp of 5:01." please help
Only Problem is the windows defender which blocks the file, means you have to somehow disable the target anti virus with a hotplug attack but for that you need to be at this pc or convince him idk
Nobody is using Windows Vista/7 or Windows XP SP3. Like most of the Metasploit tools, this hack does not work as demonstrated or is outdated. Nothing more than RUclips Theater!
Well, It works good locally, but How it works externally over the internet without public IP?? And the mos important question is How we can handle It, how to find If we have been hacked by this payloads
Problem: "No connection from the victim pc"; Newer version of Adobe reader can block the malicious file without even warning the user so it doesn't work. I tried it with downloading exact same adobe version with you and it worked! Adobe Reader 9 is possible to test this penetration for those who have reverse_tcp connection problems. Have a good day!
this isn't working. I tried several times to do the exact steps you said. but at a point the windows system is showing me a prompt that template.pdf is not available
Yes, but you forgot something, if the antivirus is active on the host this file will be detected very easily. that is why the file must be obfuscated. This tutorial may be misleading for those who are not familiar with the subject of hacking.
I always have doubt if the attack would be successful if we sent the server link over internet. Because my doubt is we are sending a locally hosted server link which can't be accessed by anyone outside of local network? Can someone throw some insights
mostly the router should block anything that tries to connect from outside but here the payload is connecting to the kali host so if you set the LHOST to the external IP it should work if there's no external firewall on widows (the builtin is crap).
Loi when you open a terminal it is opened on its separated plane icon and name But when I open a terminal it is drop downed how I can fix or customize it pleas make a video or replay to me
Hello Loi, can you help me with Adobe reader trying to install itself all the time in chrome. How do I track tasks like that and prevent them from reinstalling like a virus?
Hey Loi, could you please help a brother out? So I used Kali linux several years ago and sort of remember this option that by pressing some keyboard shortcut enabled full screen terminal like interface. It wasn't black like terminal, more grayish with white text I think. That was my absolute favourite thing to use but so much happened that I had to focus on other things in life and now can't remember even the name of this function let alone the keyboard shortcut. If you recognize what I'm talking about please let me know :) I have already tried googling it, searching it on other engines. No trace what so ever. Some kind soul mentioned it in a tutorial video and he also mentioned that this function was very oldschool. Anyways, Thank you if you read all of this I really hope I'll find out how to do that again! :)
I have small question. What is shown above do i need network card with monitor mod enable? I meant i wwanna start kalilinux but i dont have enought resources now. So is networkcard with monitor mod enabled is necessary for hacking??
I adore how easily you explain stuff, I am SW engineer for 10 years but new to cybersecurity world and the best thing is that it's not boring for me witch explaining how TCP works. Great work dude!
Now I can send homework to my teacher!!!
😂 you are funny!
@@g.s.6255 The next day.......
teacher:hmm You got an A+...Excelent
you: phew
literally educational 😂
😂
Windows defender will pick it up immediately idk why he never mentions shit about defender picking up those easily detected shit
What I don't like is that, there is a considerable difference between how we actually get hacked in real life, and how these demonstrations work. When a already downloaded PDF is trying to save another PDF and windows is clearly showing a very necessary warning, it is not how it is done. I am sure there are methods to evade these, but most ethical hackers will say "You are wrong, a lot a people actually fall for this". When someone gets hacked in real life it is a completely different story, especially if they are getting personally targeted. Show how to protect from those, instead of showing what Microsoft has already done something for.
Yeees, *uhm* save the others thats what i want to learn *uhm*
Yes, of course no one would show how they actually do it. Its an amazing skill and people wouldn't share it for free. The best way to learn is an internship or 1st hand with an ethical hacker.
@@ehack2 Udemy is a good place to learn
CEH here, well I gotta tell you that most people really fall for this, humans are the most vulnerable aspect of security systems. Hacker gotta work hard first trying to vulnerate the security systems that are learning day to day how to become stronger and once they've done that, then you get hacked, but that's another story and lotta code...
Take it to the next level dude . We deserve more than...Thanks
Yep
great content it is always good to realize even pdf can include malicious code. the only thing i will say about it, you make it look like it is so simple but av and defender will detect that type of attack instantly. we will appreciate you mentioned that in the video and if you can also put the best way to avoid being detected so we can learn more. the video is awesome and your explanation too. thanks
You can solve by encrypt it against AV
@@JOKER-PALESTINE how ?
@@CD-ir1mtby encrypting it
@@thomasspeer1388 Which program ?
@@JOKER-PALESTINE no it doesn't work
Dear viewers, no it's never as easy as this video is, those payloads are easily detected by nearly any AV cause of how frequently they're used so their signature is in every AV solution database sorry to bust the skids bubble 😂
If you cant bypass simple AV with all the stuff available you are less than a skid 😂😂😂
The Real problem, who show us you dont know the downside of this exploit, is the targeted OS/adobe version...
@@trustedsecurity6039 that too idk what has this channel has turned into he's the only one who got me interested in metasploit
@@trustedsecurity6039 I would love to know what "available stuff" cuz that doesn't make to much sense.
Its sad but this is the truth😂😂😂😂😂
Yes pdf exploit are all outdated ans detected by most of the avs.
There are private that work better but they are very expensive and hard to find. However excel exploits are a good alternative
It will only work in case the target uses adobe reader application for viewing pdf instead of web browser , thats how the vulnerability works :)
what if the person uses adobe reader but on Android
I’m pretty sure it doesn’t bypass windows defender
The raw attack as shown in video has very slim chances to go, but combining this attack with other vulnerability could be very effective, it is up to your hacking mentality to figure out how could you make use of such attack
There is no way it could bypass windows defender
Mr. Hacker Loi is NOT a bad looking guy. But I got a nice laugh out of "Mr Hacker Loi is very handsome" 😂🤣😂🤣😂
Thanks Loi! I appreciate ya, man!
You forgot to tell us that good hackers never get caught, but if you do don't tell them you know Mr. Hacker Loi! 😁
You missed one thing, this exploit only works with Adobe pdf reader
finally you are the one who told the truth
ya fr
Thank for the information.
you should make 5 or 6 video series teaching on stuff like this so you don't have to explain sudo every time. I would also appreciate the series more because I'm looking for more advanced explanations rather than the light brushes on topics with the full explanation of stuff I already know
Hey Loi, are the courses in Udemy and YT membership different? And are they up to date?
The reason I'm asking this is that most of the Ethical Hacking or Penetration Testing courses on Udemy or other platforms are either outdated or purely theoretical.
try hack the box, it's hands on learning.
Sir, Loi Lang Yang. You are Aaaammmmmmmaaaaaaazzzzzziiiiiiinnnnngggggg. Hats off to you
I guess I need to send my pdf materials tomorrow before the meeting.
Why does it ask you to save and open if it is already saved and opened? That will make users leave the file alone.
Would it be possible to go into the technical details of the vulnerability used?
For anyone that didn't work. your device must be very vulnerable (no antivirus firewall , window defender ...) in order to work
All PDF files have a backdoor, even if the hacker or user did not add it in. No one knows who is hacking though. But I know the government uses it in their files to find out who is stealing their data. My friend found that out by downloading files from them.
i "like" this video according to the website...
i also really enjoyes the video, and learned a lot.
who knew you can control a system with these techniques.
the internet is becoming such a complex place.
but it was php... and ive been on that website before.
Another good tuts. Sir can you make a tutorial on merging of payloads with files. Like pdf,doc and stuffs like that except APK cuz we know Metasploit already has the -x option to input the payload into an apk
watching this from jail
@hischiribunghiplesnitrungh4422 in a sense its true and in another sense its hillarious
@hischiribunghiplesnitrungh4422 im lovked out
@hischiribunghiplesnitrungh4422 are you communicating with other people in this comment section?
@hischiribunghiplesnitrungh4422 its satire... because if they let someone know inside they might get out.
You are my teacher sir, thanks a lot
Please make a dedicated course for Ethical hackers
You should also teach how to avoid these types of scam
It would be far far better if you teach it at the end of the video
this is so far the best one you create !! i like it !! thx !!
This vulnerability is from 2010, nobody has such an old Adobe Reader version anymore.
is this actually true, this is insane I feel scam=3-4med by this guy to be honest
excellent tutorial. how could a user scan his pc to check for infections like these?
its outdated and the defense system will identify that this file is malicious
Most backdoors payloads and viruses can be detected unless modify it or else it will be deleted
Nice video, keep up the good work
Sir can you plz make a video for maintaining a metasploit session for ever.
If you clicked this video. loiliangyang hacked Your browsers history. Incognito tabs history also 😅😅
the thumbnail looks viciously evil
that's good for understanding the concept but everybody knows that the the archive gets detected by the win10 firewall
i like you video your video very easy learning me Thank u sir
What if the user didnt click save after double clicking?
@Loi Liang Yang "I tried doing the virus.pdf thing on my VMs (Windows 10). Everything went well until the last step. I used Adobe Reader 9, which is an older version, to open the downloaded evil.pdf file. Upon opening it, it prompted me to save the file as template.pdf. I did that, but then a pop-up appeared saying, 'Windows cannot find template.pdf. Make sure you typed the name correctly and then try again.' I followed along successfully until the timestamp of 5:01." please help
I'm convinced Loi was born with this information.
Nothing happen on opening this pdf file...i tried all, step by step, but still it not working....I
because it only works with adobe acrobat preinstalled ;-;
Will be nice if you talk about defense against this type of attack
@linkedin3612would it execute the payload if the pdf opened on browser?
No it is a very old attack. Your system antivirus will trigger, your firewall would probably avoid the connection…
Only Problem is the windows defender which blocks the file, means you have to somehow disable the target anti virus with a hotplug attack but for that you need to be at this pc or convince him idk
Is it possible to monitor and decrypt the network traffic of the machine and see the data that's being sent and received over the network?
Nobody is using Windows Vista/7 or Windows XP SP3. Like most of the Metasploit tools, this hack does not work as demonstrated or is outdated. Nothing more than RUclips Theater!
Kepp gion brother from region kurdistan❤
Can you possibly do a video on images injected with viruses
i think it would be an interesting topic
I like how you say game over and then act like us asking why is it game over.
Well, It works good locally, but How it works externally over the internet without public IP?? And the mos important question is How we can handle It, how to find If we have been hacked by this payloads
This exploit is way more old and outdated . Its just useless as it had been already patched by Adobe.
Problem: "No connection from the victim pc"; Newer version of Adobe reader can block the malicious file without even warning the user so it doesn't work. I tried it with downloading exact same adobe version with you and it worked! Adobe Reader 9 is possible to test this penetration for those who have reverse_tcp connection problems. Have a good day!
Thank you for making videos on cyber security for us
This will work only on a Windows 7 machine with no antivirus installed and of course the Windows defender should be off.
I got this error "Exploit failed : windows/x64/meterpreter/reverse_tcp is not a compatible payload" when try to exploit, what is the solution ?
any luck solving this?
hello mister hacker, The exploit it uses is CVE-2010-1240, Which affects adobe version < 9.3.3.
yes, it's misleading. It won't work in any PDF reader now
@@huntercybersecurity it's true, You must need a 0 day to Exploite a PDF right now
i thought it's gonna be another hacking tutorial, it turns out to be horror movie for straight 10:19 minutes
People found out that apache isn't good to use.
Bro just truned off run time 😂😂😂
You have a loud enter button 😂
Among all those who commented, I was the only one who failed to transfer the pdf file to the Html server. terminal says there is no such directory
this isn't working. I tried several times to do the exact steps you said. but at a point the windows system is showing me a prompt that template.pdf is not available
The whole hacker hoodie thing has gone too far and is so far fetched from reality.
not working ...
Loi, awesome tutorial sir!
People are always scared of PDFs now-a-days. Tired of explaining each time I experience such response. 😢
it would be a crime if i didnt meet you whie i was in school
How can I hire you, to look at my PC and see if there is Virus, Keylogger, Open Port or Malware on it? How much do you charge per hour?
Really good
Hey bro system can easily identify that pdf as a virus
I got this error : "Sorry, I'm picky. Incompatible PDF structure, please try a different PDF template." Can someone help?
Same error, did you find any solution?
Unfortunately no :( @@minoubrc4773
mr hacker loi is gorgeous
I am a Linux user....no worries
Yes, but you forgot something, if the antivirus is active on the host this file will be detected very easily. that is why the file must be obfuscated. This tutorial may be misleading for those who are not familiar with the subject of hacking.
and how exactly to do that
can you give more infirmation like what hapens if i close kali linux, is there any chance to open back?, what happens if the victom closes his pc?
I always have doubt if the attack would be successful if we sent the server link over internet. Because my doubt is we are sending a locally hosted server link which can't be accessed by anyone outside of local network? Can someone throw some insights
mostly the router should block anything that tries to connect from outside but here the payload is connecting to the kali host so if you set the LHOST to the external IP it should work if there's no external firewall on widows (the builtin is crap).
Port forwarding / ngrok
Loi when you open a terminal it is opened on its separated plane icon and name But when I open a terminal it is drop downed how I can fix or customize it pleas make a video or replay to me
So how did you get such an old version of Adobe Reader?
Hello Loi, can you help me with Adobe reader trying to install itself all the time in chrome. How do I track tasks like that and prevent them from reinstalling like a virus?
Thumbnail is scarier than the virus
with all my respect thats shit any antivirus can detect it my pc detect it in chrom at first place
Can i use Android payload instead of windows payload
it doesn't work in windows 11 why can you electrets it . I I appreciate that
What to Do:
Exploit failed: windows/x64/meterpreter/reverse_tcp is not a compatible payload.
Does this naturally have persistence or if the user restarts the computer and doesnt open the file again will you lose access?
All 4's for legal help. LOL!
thank you
I used to do this on my phone using Termux.
Script kiddies must love this channel
Please do videos on how to remove hackers that continuously get back into your phones after APPLE factory resets it?!
Preview is the best 😂😂
Yo Loi wassup, thanks for creating such amazing content for free
Loi Liang Yang Are the best Hacker
Wait a minute. I used to do this on Windows using the app.
Both the hacker and Target system on same network???
Ms. loi can you give me the drive ISO Kali Linux link? The problem is that I downloaded it on the web for a very long time. Thank you very much
Thank you ..❤..شرح مميز و راءع
Good luck
Love your video
Hey Loi, could you please help a brother out?
So I used Kali linux several years ago and sort of remember this option that by pressing some keyboard shortcut enabled full screen terminal like interface.
It wasn't black like terminal, more grayish with white text I think.
That was my absolute favourite thing to use but so much happened that I had to focus on other things in life and now can't remember even the name of this function let alone the keyboard shortcut.
If you recognize what I'm talking about please let me know :)
I have already tried googling it, searching it on other engines. No trace what so ever.
Some kind soul mentioned it in a tutorial video and he also mentioned that this function was very oldschool.
Anyways, Thank you if you read all of this I really hope I'll find out how to do that again! :)
press F11
this would get detected by AV😢😂😂😂
i prefer using metasploit to create payloads for Android as i have never seen it get detected😅
android is shit😢
I have sent it on my 10 y/o pc , Amazing it was able to detect it as a threat.
Lol 😂😂
I have small question. What is shown above do i need network card with monitor mod enable? I meant i wwanna start kalilinux but i dont have enought resources now. So is networkcard with monitor mod enabled is necessary for hacking??
Can msfconsole work on android or i use msfvenom?
nice camera bro
+respect
great content