Malicious URL that can lead to full access? Nah uh, unless the victim’s computer is using the first build of Windows XP or something like that, that can’t be done.
Yes it can. If the browser is running with administrator privs in windows or as root in Linux. You can also pivot into locally exploitable services or use other priv esc techniques but those aren’t exactly direct.
@Chris sigh, all browsers now run in user mode. You cant directly compromise an upto date computer with a drive-by hijacking.. or browser jacking... hell injecting a bit of js into a browser stream is damn near impossible with nearly everything running ssl...
So how are you going to expolit the first step ??? It is not impossible but this guy has a habit of understating the difficulties in exploiting a patched system, hell even slightly out of date machines are pretty damn difficult.
Let me put it this way a pivot attack is a real thing but takes a very specific attack vector and either a huge amount of knowledge of the internals and applications for a bespoke attack which can be very difficult, even when I was a security consultant I didnt get many options for pivot attacks
I have a question about keepass. Since it's not stored in the cloud does that mean I would need a keepass client on every single one of my devices? And just manually transfer over all of my passwords? Also how does it work w mobile devices
Let me Answer this, So Keepass is a local storage only so you have to ensure you have access to the physical file where ever you are, using tools like google drive can help with this, however if your google drive get exposed then it is a matter of time till your passwords get compromised, so a good strong long password mitigates ( note I say mitigate not prevent as it is a matter of time and money to brute force a physical file )
My suggestion is to use an online service, if you don't trust online services then you can choose to host your own password server ( This is what I do )
Sahil Thakur what’s your goal? Learn to hack? Hack what? Networks, web apps, etc. Check out the cyber mentors YouTube channel he will give you some background to ethical hacking to base your decisions off of. He has a great course on Udemy that covers the basics of network pen testing and some web app as well.
pain, suffering, solitude, hopelessness, a rotting decrepit world into which we were born merely as tools to be used, advertised towards, being ranked only in terms of how profitable we can become to those which society has subjugated itself to out of the fear of being abandoned portrayal of the human vondition depicted in this gif is equivalent to ghr acquiescence which banes our questionable existence to a point the abyssal thirst for meaning turns us to such actions that may reward us with that which we can construde as meaning
I think it's Chrome OS. He mentioned in a previous video that he uses a chromebook for sketches. Since this is a sketch, and considering the placement and design of the icons, it's probably Chrome OS.
Malicious URL that can lead to full access?
9 likesNah uh, unless the victim’s computer is using the first build of Windows XP or something like that, that can’t be done.
Replies (5)
Yes it can. If the browser is running with administrator privs in windows or as root in Linux. You can also pivot into locally exploitable services or use other priv esc techniques but those aren’t exactly direct.
2 likesYou can upload a php shell as well to create a reverse tcp shell from a ip url
0 likes@Chris sigh, all browsers now run in user mode. You cant directly compromise an upto date computer with a drive-by hijacking.. or browser jacking... hell injecting a bit of js into a browser stream is damn near impossible with nearly everything running ssl...
0 likesSo how are you going to expolit the first step ??? It is not impossible but this guy has a habit of understating the difficulties in exploiting a patched system, hell even slightly out of date machines are pretty damn difficult.
Let me put it this way a pivot attack is a real thing but takes a very specific attack vector and either a huge amount of knowledge of the internals and applications for a bespoke attack which can be very difficult, even when I was a security consultant I didnt get many options for pivot attacks
@Connor Robert php not installed on most if not all user computers.. Next please
0 likesjnex26 Pretty damn accurate.
1 likeGreat job keep it
3 likesPlease make longer videos
0 likesOthers: listening and trying to understand the video
0 likesMe : ohh wait isn't that a Chromebook?
Dude you're so funny and i didn't even search you on yt
0 likesI have a question about keepass. Since it's not stored in the cloud does that mean I would need a keepass client on every single one of my devices? And just manually transfer over all of my passwords? Also how does it work w mobile devices
0 likesReplies (1)
Let me Answer this, So Keepass is a local storage only so you have to ensure you have access to the physical file where ever you are, using tools like google drive can help with this, however if your google drive get exposed then it is a matter of time till your passwords get compromised, so a good strong long password mitigates ( note I say mitigate not prevent as it is a matter of time and money to brute force a physical file )
0 likesMy suggestion is to use an online service, if you don't trust online services then you can choose to host your own password server ( This is what I do )
What is the model of you thinkpad??
3 likesThe more i know. Tq
0 likesI want to learn all this , i am thinking about starting with python can you recommend me a good book to start.
3 likesReplies (4)
Security testing with raspberry pi, he made a video about it
2 likes@Watykaniak it s always better to know the most optimal path in order to not waste time learning usless things and not missing something important
1 like@Watykaniak by googling u'll probably follow an advice of a random person who isn't forcibly a good one and he doesn't care about that
1 likeSahil Thakur what’s your goal? Learn to hack? Hack what? Networks, web apps, etc. Check out the cyber mentors YouTube channel he will give you some background to ethical hacking to base your decisions off of. He has a great course on Udemy that covers the basics of network pen testing and some web app as well.
1 likepain, suffering, solitude, hopelessness, a rotting decrepit world into which we were born merely as tools to be used, advertised towards, being ranked only in terms of how profitable we can become to those which society has subjugated itself to out of the fear of being abandoned portrayal of the human vondition depicted in this gif is equivalent to ghr acquiescence which banes our questionable existence to a point the abyssal thirst for meaning turns us to such actions that may reward us with that which we can construde as meaning
0 likesBud is there any way to contact u?
1 likeReplies (1)
Social media
1 likeChrome OS nice
0 likesIs that Parrot OS?
1 likeReplies (3)
I think it's Chrome OS. He mentioned in a previous video that he uses a chromebook for sketches. Since this is a sketch, and considering the placement and design of the icons, it's probably Chrome OS.
2 likes@Sawyer Schneider libre office on a chromebook? And Atom? But i think you are right, ChromeOS is linux based, so he must have jailbreaked it
0 likes@Kreavita linux is accessible on most of the chromebooks
0 likeswhy is this random guy on my recommended, I'm annoyed
6 likesReplies (2)
because he is the best :)
2 likesBcs he the beast
1 likedoes chrome os good at hacking environment? im an idiot sorry
0 likesReplies (2)
Kali linux is free and got lot of goodies
1 like@Vendy Bird Švadl does that means his chromebook boots to linux? i saw chromebook in the vid
0 likesIf you make video in hindi than you can famous and outher people can connect with you if you like comment please reply
0 likes