All-Army Cyberstakes! Ysoserial EXPLOIT - Java Deserialization
Рет қаралды 30,464
Күн бұрынIf you would like to support me, please like, comment & subscribe, and check me out on Patreon: / johnhammond010
E-mail: johnhammond010@gmail.com
PayPal: paypal.me/johnhammond010
GitHub: github.com/JohnHammond
Site: www.johnhammond.org
Twitter: / _johnhammond
@novicetrader555 4 жыл бұрын
One of the best channels on cybersec who actually teaches and explains some great stuff not just teaching how to run scripts like most other youtubers do..John is the one who motivated me to get into this field.Lets do our share and help him grow his channel.Thanks john for all the great content.Lots of love and respect man🙏
@_JohnHammond 4 жыл бұрын
Thank you so much! I really appreciate all the kind words! I feel like some of explanations are a bit hit-or-miss, looking back they look like a big fail in some videos bahaha. Thanks so much for watching!
@DangerousPictures 2 жыл бұрын
@@_JohnHammond whats makes you so much better is showing the fails (expecially in the malware analysis Videos.) Other KZfaqrs would wrap it up like Here is the sample, I unscrambled it to get stage 2, which downloads *insert RAT here*. Remember to like and subscribe and sub to my Patreon
@iulianichim7777 4 жыл бұрын
Just awesome content! Learning a lot from you. Thank you and keep it up!
@_JohnHammond 4 жыл бұрын
Very happy to hear that! Thanks so much for watching!
@0xclayhax848 2 жыл бұрын
Thanks for this vid. Was just learning about insecure deserialization attacks and using ysoserial. Your video was the first video result in google.
@razzawazza 4 жыл бұрын
I hope to fully understand what you're doing in these videos one day- really cool stuff. Thanks for sharing.
@markgentry8675 4 жыл бұрын
Really good video, dude. Nice and easy to follow.
@checknate8820 4 жыл бұрын
Just discovered your channel this week, your content is amazing.I wish I would have discovered it earlier.
@XxLIVExX24 4 жыл бұрын
This is literally me as well! I found him out this week tuned in to 3 vids in a row. Wish I knew of his channel before I graduated tho, I would be way sharper, by now.
@Ayahalom123 4 жыл бұрын
Same here, found out about this channel 3 weeks ago. Coolest stuff I've seen in a long time.
@_JohnHammond 4 жыл бұрын
Very happy to hear that! Thank you so much!
@checknate8820 4 жыл бұрын
@@Ayahalom123 מה נשמה, אתה מארץ ישראל?
@checknate8820 4 жыл бұрын
@@XxLIVExX24 Lucky for me I'm not in school so his videos are my classes for pentesting.
@bigbooduh Жыл бұрын
Loved this, will give this a try
@CybrJames 4 жыл бұрын
Video was awesome as always. Great job.
@_JohnHammond 4 жыл бұрын
Thank you so much! I'll keep them coming!
@realkiddshady 4 жыл бұрын
Another great video. Thank you!
@_JohnHammond 4 жыл бұрын
Thank you so much! And thanks for watching!
@KhaosShield 4 жыл бұрын
John I took part in ACI CTF and managed to rack up around a mere 1800 pts, Love your videos and everything always seem to easy to you (Just a representation of your hard work no doubt). Keep up the amazing work.
@_JohnHammond 4 жыл бұрын
Hey that is still awesome! As long as you are playing and trying to learn, that is all that counts! Keep in mind I still struggle with these for hours, and the actual "writeup" or solution I showcase is often just me highlighting the things that work ahaha. So a 10 minute video could be really 2 hours of troubleshooting and debugging beforehand. :) Thank you so much for watching!
@laststar7716 4 жыл бұрын
Thanks a lot for explaining this one! Much help :-)
@_JohnHammond 4 жыл бұрын
Thanks so much for watching!
@mariopetkovic915 4 жыл бұрын
WE LOVE THE DAILY UPLOADS, DONT STOP
@_JohnHammond 4 жыл бұрын
THANK YOU! I am set for the month of May, but need to do a bit more recording to keep getting more in the backlog! Thanks so much for watching!
@algerienizer 2 жыл бұрын
hey john this video didn't suck, please keep doing them
@JuanBotes 3 жыл бұрын
thanks
@omeraljoboury6157 4 жыл бұрын
Nice videos i am leaning new skilles watching youe videos and i like them, continue.
@_JohnHammond 4 жыл бұрын
Very happy to hear that! Thanks so much for watching!
@prafulaga 3 жыл бұрын
Nice one..
@mi2has 4 жыл бұрын
finally one on JAVA :-), Good one JOhn, btw i have joined your discord community ,it is great
@_JohnHammond 4 жыл бұрын
Happy to hear that! Thank you so much for joining the party -- and thanks for watching!
@robertadamplant 4 жыл бұрын
I admire your skill set.
@_JohnHammond 4 жыл бұрын
Ah thank you! And thanks for watching!
@linobossio6638 3 жыл бұрын
thank you very much, you are the sun that monetizes the glow
@sko_ 4 жыл бұрын
This one is much needed :)
@_JohnHammond 4 жыл бұрын
Happy to hear that! Thanks so much for watching!
@tekken-pakistan2718 3 жыл бұрын
Thanks this was helpful! Regarding the ping command not working initially, maybe it required to be encapsulated in double quotes? If we go with that, not sure why the other version worked xD Anyways, thanks!
@madaniyousfiabdelwahed8553 4 жыл бұрын
Great
@_JohnHammond 4 жыл бұрын
Thanks so much for watching!
@tamilxctf4075 3 жыл бұрын
Y fearless music at the end..try hall of frame musiq
@ankitkumarjat9886 4 жыл бұрын
Hey John tell us about your host os ( I know it is ubantu but but I want to know about how you customized that and what tools you use mostly) Please make a video.
@_JohnHammond 4 жыл бұрын
A lot have been asking for that lately, I can certainly try and do that soon!
@pythondoesstuff2969 3 жыл бұрын
Please also explain how the exploit works after using it. It helps a lot. Pleaasseeeeeeee!
@oliviadrinkwine1411 4 жыл бұрын
I love the reference for why so serial?
@_JohnHammond 4 жыл бұрын
Hahaha. Mixing in the Joker makes it fun! Thanks so much for watching!
@berndeckenfels 3 жыл бұрын
Is there any writeup/video on the CTF(?) where you used ysoserial with RMI?
@_JohnHammond 3 жыл бұрын
I believe I have one with the All Army Cyberstakes, "Y So Serious" or something like that. There is a picture of Joker in the thumbnail :)
@aidencrilley730 4 жыл бұрын
Hey John how are you running LInux? I'm trying to run an Ubuntu VM on mac in virtual box and it's super laggy. I may go and pay for a subscription to parallels desktop
@_JohnHammond 4 жыл бұрын
I run Ubuntu as my daily driver, it is installed as the host OS on my laptop. Whenever I can avoid VMs I try to ahaha. Thanks so much for watching!
@aidencrilley730 4 жыл бұрын
@@_JohnHammond Thanks for the reply! I love your content and I've learned quite a bit from your videos. At the moment, I'm in college as a computer science major and I'm looking to work in the cybersecurity field once I graduate. For now, I'm running Ubuntu in a vm because it makes the most sense for my situation. Maybe one day it will be my host OS!
@Laflamablanca969 4 жыл бұрын
Who the hell keeps putting 1 dislike on your videos!?!?
@_JohnHammond 4 жыл бұрын
Bahahah I've seen it for years and have never been able to track them down! I'm glad someone else sees it too! Thanks for watching!
@kneesnap1041 4 жыл бұрын
Mmm I was just reading into ysoserial just the other day.
@_JohnHammond 4 жыл бұрын
It's a super cool tool! Thanks so much for watching!
@MrPaddy35 4 жыл бұрын
can someone tell me why we using cat payload and then piping it to netcat , does cat payload suppose to do something ?
@markgentry8675 4 жыл бұрын
it might work if you used < to redirect the file into the command, but piping seems to work fine. it's like a way to avoid typing the payload manually. apologies if I've misunderstood your question.
@aakashgautam3851 4 жыл бұрын
Hey John 🙂 nice video... I'm wondering about how can we train an AI to make more efficient payloads or maybe to find vulnerabilities.
@AdamTheGuitarist 4 жыл бұрын
so the hardest thing here was downloading whysoserial am I right?
@lordtony8276 4 жыл бұрын
Do you know of any tools to do this kind of thing if the backend server is running python with a pickle deserilization vulnerability? I wrote my own script called "evilPickle.py" to generate payloads like this but it is barely functional at the best of times.
@_JohnHammond 4 жыл бұрын
Hmmm, there might be one out there but I do not know off the top of my head. That would be a very cool and certainly a fun project to build! Thanks so much for watching!
@neilthomas5026 4 жыл бұрын
Didn't get a lot of what was happening tbh!! This one seems a bit more advanced than the other ones 😅😅😅
@_JohnHammond 4 жыл бұрын
Yeeeah this one was tough, it didn't have as many solves. Thanks so much for watching!
@flm5996 4 жыл бұрын
did anyone see the 493 MB/s when he did wget damn
@nickrameau938 4 жыл бұрын
I don't know where you saw that but to me, it seemed like it was between 4 and 6 MB/s
@eman3144 4 жыл бұрын
Comment for the algo god
@_JohnHammond 4 жыл бұрын
You're the man! (The "e" Man!) Thank you so much, and thank you for watching!
@brendancurran9894 4 жыл бұрын
Could you do a video writeup for 'No Escape'? I got stuck on that one and really want to know how to complete it.
@_JohnHammond 4 жыл бұрын
I have that one solved, I can certainly release a video for that one this week! Thanks so much for watching!
@tomasgorda 4 жыл бұрын
nice video again. It's not necessary to be so fast :)
@_JohnHammond 4 жыл бұрын
Shoot, I always gotta work on that, slowing down a bit. :) Thanks so much for watching!
@bhagyalakshmi1053 11 ай бұрын
Git comments,canry 1 number work headel
@beeeatantcheng6861 4 жыл бұрын
Hi John Hammond! Can you cover Tryhackme Gamezone room without the use of burpsuite? I would love to see that!
@_JohnHammond 4 жыл бұрын
Ooooh I have not seen that one yet -- I will have to take a look and see if I can get that one out for you! Thanks so much for watching!
@danielhemmati 3 жыл бұрын
i just struggle with java 😂😂 trying to solve one room in tryahackme and this video really help me thanks 🤗🤗
John Hammond
Рет қаралды 76 М.