catch EVERY reverse shell while hacking! (VILLAIN)
Рет қаралды 215,047
Күн бұрынDive in to the HackTheBox CPTS: Certified Penetration Testing Specialist training at HTB Academy! j-h.io/htb-cpts
Check out Villian: github.com/t3l3machus/villain
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ j-h.io/patreon ↔ j-h.io/paypal ↔ j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🖥️ Zero-Point Security ➡ Certified Red Team Operator j-h.io/crto
💻Zero-Point Security ➡ C2 Development with C# j-h.io/c2dev
🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering j-h.io/zero2auto
⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training j-h.io/escalate
👨🏻💻7aSecurity ➡ Hacking Courses & Pentesting j-h.io/7asecurity
📗Humble Bundle ➡ j-h.io/humblebundle
🐶Snyk ➡ j-h.io/snyk
🤹♀️SkillShare ➡ j-h.io/skillshare
🌎Follow me! ➡ j-h.io/discord ↔ j-h.io/twitter ↔ j-h.io/linkedin ↔ j-h.io/instagram ↔ j-h.io/tiktok
📧Contact me! (I may be very slow to respond or completely unable to)
🤝Sponsorship Inquiries ➡ j-h.io/sponsorship
🚩 CTF Hosting Requests ➡ j-h.io/ctf
🎤 Speaking Requests ➡ j-h.io/speaking
💥 Malware Submission ➡ j-h.io/malware
❓ Everything Else ➡ j-h.io/etc
00:00 Villain
02:21 About Villain
04:17 Setup
04:50 Shellcrafting
07:42 Sending the payload
09:09 Multiplayer hacking
11:55 HQ Ownership
15:59 A few more features
16:53 Final thoughts
18:05 Closing out
@_JohnHammond Жыл бұрын
DID YOU KNOW that (obviously intentionally) placing a TYPO within the first THREE seconds of your video helps increase audience engagement and boosts your videos in the algorithm?????/// Please do take a look at all of the sweet stuff that HTB Academy's Certified Penetration Testing Specialist has to offer!! j-h.io/htb-cpts
@builder481 Жыл бұрын
Hey John are you going to do Advent of Cyber for 2022?
@gg-gg-gg-gg Жыл бұрын
John you should consider uploading your videos to Nebula, you'd make a good addition
@gamingravan1713 Жыл бұрын
how to remove that windows backdoor from your system
@builder481 Жыл бұрын
@@gamingravan1713 do you have a virus?
@gamingravan1713 Жыл бұрын
@@builder481 nope just trying to know what would be the solution for if I want it to remove from one of my windows vms
@HaxorTechTones Жыл бұрын
The inspiration and "try harder" attitude to create Villain came from the video you made about hoaxshell. For that reason, as well as your remarkable effort to educate people in IT/Cybersec for a decade now, I dedicate Villain to you. Thank you🙏
@janmbaez Жыл бұрын
Really thank you marchus for creating this awesome tool, keep up the great work!
@brianb5723 Жыл бұрын
Thank you, you're a legend!
@upcomingKang Жыл бұрын
i love you sir but one question how did you learn writing your own script can you start a series on this i have asked this to john hammond sir but he didn't respond to that at all so i want you to do it sir it will be really great for the people like me.
@__lasevix_ Жыл бұрын
@@upcomingKang Try searching for python beginner tutorials
@dedsec5271 Жыл бұрын
I know a legend when I see one 🫡
@Zerback Жыл бұрын
Thank you T3l3Machus and John for the amazing tool and usual 10 out of 10 quality education !
@Boolap1337 Жыл бұрын
I love his tools but I love even more your explanations and tutorials. You guys complement each other.
@tanja84dk1 Жыл бұрын
Thank you very much for showcasing that. Tbh I have actually really been looking for a framework like that to when ever I play ctf's ( specially if I ever are going to attend where its teams agenst teams ) so its great to have it in my tools folder
@vnm2514 Жыл бұрын
As always love to watch your videos and see how excited you are about new tools. Keep the great work up.
@StrokeMahEgo 9 ай бұрын
Definitely love the multiplayer aspect, much like cobalt strike's team server concept. Very useful for actual red team engagements where there's multiple operators.
@Entre_Latidos 11 ай бұрын
Regards from Dominican Republic 🇩🇴. I think your channel is pretty cool and I've learned a lot since I found this Channel, I was stuck with the Reverse Shell thing, but thanks to you I got out of that corner, brother. THANK YOU!.
@konfushon Жыл бұрын
the small differences in this video like the sound track used and the "waves shennanigans on John's head" at the bottom right corner is kinda slick though 👌
@janekmachnicki2593 8 ай бұрын
Great tutorial John H. Thanks for your effort to help less advanced hackers or IT lovers understand some of the tricks .
@hawk__ Жыл бұрын
A dude said in a previous vid of your "John doesn't need fancy thumbnails, has face does it all" and yeah it really does, man! Keep putting nice content 🙂, coool tool. That OTP thing is the coolest one. You haven't done any writeups lately though ;) + Video is nice enough, editing, music. If possible plz share pc specs the one which is running 1 host + 4 vms without any lag.
@johnb3170 Жыл бұрын
John from another John...you are a legend. Coming from and education and training background to cyber warfare now a security researcher. You encompass everything good in our industry. Keep it up! See you around!
@gezzadaverealstuffonlyboth8915 3 ай бұрын
Hey , I'm learning cyber warfare at the moment, but need some good software as I was helping a young mum getting bullied and was raped , so said I'll sort it out and protect your network till hes moves on , well he payed few different hackers , and they was good , 3 atack me from different countries, not sure if they new each other, but it took 3 days 2 hours sleep they burt out 4 laptop 3 pc towers , my 9 year old boys plug the earth burnt where it burst the plug like it was cheap plastic, I'm still with nothing but my phone, they got everything cloud haswell, so I lost everything's, and was going to give up, but seeing your comment, the only one in 7 years , so hi there and sorry for asking but my eyes lit up 🤝
@struggle375 Жыл бұрын
Damn John the production quality is on point!
@gamblezz101 Жыл бұрын
This is genius! Kudos to the dev.
@grayshell8928 Жыл бұрын
as always, great video John. Good tool for testing
@samfisher8426 Жыл бұрын
i been using this for a week so far .. i have tested it on many OS versions ,windows 7 - 10 -11 / linux ,always bypass any fiirewall/defender never let me down ,the good thing that i can get multiple reverse shell just in one click ,without having to setup a new listener for each reverse shell payload ... thats really amazing tool
@faran4536 Жыл бұрын
Loved the video quality, especially your cam circle effects when you speak!
@Bobtb Жыл бұрын
Thanks for introducing this awesome tool John.
@bawalicoder1233 Жыл бұрын
totally loved the video😍 btw great editing
@nixcutus Жыл бұрын
Used this tool last month and it was super dope.
@JeffNoel Жыл бұрын
Realizing your video is sponsored by HTB Academy is pretty cool! CPTS is probably my next thing to work on if I pass OSCP on December 12th :D
@_ismail8880 Жыл бұрын
did you pass?
@JeffNoel Жыл бұрын
@@_ismail8880 I did! I missed one flag but for the bonus points so 100/110 points. The course material is on point and is perfect to prepare your for the exam content.
@adesopekingsley9967 Жыл бұрын
The most amazing thing to me is thar the whole script was written with python.... amazing 👏🙀 great to see this ... I subscribed
@MartinGaertner Жыл бұрын
Great howto! you a very good teatcher! perfect video, make more for this i love it!
@karkantas Жыл бұрын
Your content is improving like a super sayian after each video.
@_JohnHammond Жыл бұрын
SUPER duper thankful for our new editor and the phenomenal work they are doing -- all credit to @Nordgaren!!
@_AN203 Жыл бұрын
Hey John.. I am back ! And that voice interactive background that you have on your thumb during the video... Does sell the HTB theme.. And hey.. Another C2 framework to the arsenal... Pretty cool..
@sam-sw8zw Жыл бұрын
love your content the hacking b-role had me laughing this episode lol
@HerozTech Жыл бұрын
I love the new editing style❣
@user-jg2zv1yr1z Жыл бұрын
I like you very much Mr.John Hammond. You are always teach us new things. Thanks
@toolbgtools Жыл бұрын
cool tool! and lot of room for improvements
@fdert Жыл бұрын
I like the new editing!
@waqxddgytdcvjj8678 Жыл бұрын
I’m as hyped as you John!
@cyberdevil657 Жыл бұрын
Aswome stuff Jhon I really respect you!
@DavidCosta85 Жыл бұрын
thanks for your videos. very much appreciated
@yacce4463 Жыл бұрын
This is cool, but relying on "curl" all the time? Would be awesome to have different revshell payloads relying on different programs. I've hit several machines where "curl" or "wget" wasn't available, mostly if running on a container environment. Awesome work t3l3machus and John!
@hackwrld1895 Жыл бұрын
bro going from the intro mekody to your voice in this video.. its just too dope, I saw the video many times just because of that😂🤣
@refaiabdeen5943 Жыл бұрын
Cheers Mate.
@juliusrowe9374 Жыл бұрын
Super dope content John!
@marineplaysairsoft Жыл бұрын
now THIS is verrrry niiiiiice
@kashoo_1 Жыл бұрын
Thanks John ✌💥
@hongkonghacker Жыл бұрын
Windows defender already blocked those payload after few days later.
@SatheeshJenne2658 Жыл бұрын
Thank u so much.. please do more videos..
@sagiadir Жыл бұрын
Thank you ! its alway great to watch your videos !!!!!
@benary5620 Жыл бұрын
That looks really interesting. Question: let's say I generate a linux payload and put it on my (remote) laptop; will it automatically connect if I start my local Villain _after_ that remote machine has run its crontab? Or would it be sufficient to run it every 5 (or so) minutes on the remote machine, so once I start my local Villain, it will take 4:59 secs max to connect (in that case, will the remote machine's crontab kill any active sessions once the payload runs again??)?
@Neuer_Alias_erstellen Жыл бұрын
something is slick: JohnH: that's cool
@torsec6048 Жыл бұрын
And now john detailed video arrived :) go go john Hammond
@a_h_m_e_d_43112 Жыл бұрын
This is what i was waiting for
@Pwnedby Жыл бұрын
I’m building a software exactly like this. I have a few more feature than this but I might implement some techniques which was being used. Thank you for sharing this!
@Rojawa Жыл бұрын
Just saw a talk about hoaxshell on which a penetrationtester was hyping it up so much only to not work anymore after two days because everyone burned the signature haha. So interesting to see the new shell framework. Lets see for how long its working on engagements :D
@Alexis82 Жыл бұрын
Powershell script blocked of internal antivirus!
@trustedsecurity6039 Жыл бұрын
@@Alexis82 lmao stop using buzz word like you know what it means
@trustedsecurity6039 Жыл бұрын
It was by the author... every open source tool will be burned like that
@Alexis82 Жыл бұрын
@@trustedsecurity6039 I know exactly what I'm saying, don't worry about me!
@trustedsecurity6039 Жыл бұрын
@@Alexis82 nope you dont...
@trevor.viljoen Жыл бұрын
This has a very Metasploit look and feel to it.
@ThatNateGuy Жыл бұрын
Villain's output reminds me a lot of PowerShell. I dig. Thanks for showing this tool off, John! 🙂
@trustedsecurity6039 Жыл бұрын
Lmao it is powershell output for Windows...
@ThatNateGuy Жыл бұрын
@@trustedsecurity6039 I did not know that!
@jawadsher1062 Жыл бұрын
Hey John i think 🤔 this is help full in OSCP
@Canarddu38 Жыл бұрын
Ducksploit is a similar tool
@tech_raj Жыл бұрын
Nice sir Thank you
@shenetworks Жыл бұрын
very cool!
@SumanRoy.official Жыл бұрын
Great tool but they need to generate unique obfuscated payloads that bypass every AV and Security endpoints like Crowdstrike and others.
@joaopaulomendesdecarvalho 4 ай бұрын
Great!
@AnacardiumOcidentale Жыл бұрын
Very nice piece of tool. Does it runs on a Raspberry pi? Gonna try to install it on mine...
@michaelblenkinsop9038 Жыл бұрын
nice intro to HTB
@fireloks6362 Жыл бұрын
got it to work. I just needed to change permissions
@theequalizer7297 3 ай бұрын
Thank you very much 🙏My S14 Flip laptop. I was working and left it for a few minutes. When I came back, I was surprised to be asked for a new PIN code and that the old one was disabled and could not be accessed (explorer.exe - System Error). The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application) I felt frustrated and spent 9 hours trying to solve the problem, but the problem was not solved, and I do not know what is the reason for this problem. By the way, it is a completely new laptop that has been in service for only 4 months, an Asus S14Flip Ryzen 5600 laptop, a Radeon card, and RAM. 8 JB and its performance was very slow when browsing websites, but I noticed that sometimes its temperature increased.
@neppusstreams Жыл бұрын
Looks good! What happened to pwncat tho?
@drvoip 7 ай бұрын
Generating connectivity between two endpoints on a private network seems to be the dominant theme on KZfaq. Educational and informative, but how about showing how any of the tools work over the Internet, with firewalls and the usual network basic security practices in place?
@memejamas3818 Жыл бұрын
excelente tool thanks
@jeonghutamilim2259 8 ай бұрын
If this works as intended, it could be great rat for headless servers or remotely assisting friends. Gotta play around.
@alldev Жыл бұрын
I like the video but i have a simple question will it be a persist session or not
@jorisschepers85 Жыл бұрын
Great video again John, but please ditch the soundbars around the webcam feed.
@_JohnHammond Жыл бұрын
Appreciate the feedback, thank you! We're experimenting with some of those new flashy video effects and thought we would test the water with the audio visualizer around the face cam. I had a thought it might be too distracting from the content, but wanted to try it in the wild. We will think on it and see if we can scheme up some other nice quality-of-life touches!
@jorisschepers85 Жыл бұрын
@@_JohnHammond you don't need all those flashy things. Content is A+. Keep doing you
@Dreddwinner Жыл бұрын
💯
@kal_dev Жыл бұрын
I like this one, fastly and easier
@brianb5723 Жыл бұрын
Another A+ incredible content and instruction step-through by John. I found the audio pulses around your camera preview a little distracting, though!
@_JohnHammond Жыл бұрын
Good to note, thank you! We're experimenting with some of those new flashy video effects and thought we would test the water with the audio visualizer around the face cam. I had a thought it might be too distracting from the content, but wanted to try it in the wild. We will think on it and see if we can scheme up some other nice quality-of-life touches!
@HAGSLAB Жыл бұрын
I agree. Not a huge issue, but it was the first thing I noticed and not really in a good way. I've always appreciated the simplicity of your content. Simple as in few elements on screen and straightforward editing.
@ChristopherEGr33n33 Жыл бұрын
0:02 the old reverse shell "hanlder" 🤣
@Hackedme-ce8fe Жыл бұрын
Just a question, can i do rce on servers using those generated payload?
@ravananasuran Жыл бұрын
then it is super helpful for battle ground in htb
@maxbunnies Жыл бұрын
Hi John can you tell me what Glasses you have :)
@AgustinLozada Жыл бұрын
The example you shown are all on same subnet, what if its a segmented network?
@bhagyalakshmi1053 11 ай бұрын
How many maintenance the handling files open
@CodeAcademia00 Жыл бұрын
i love it brother
@ibrahimyosif Жыл бұрын
i love you john but please turn off sound wave thingy surrounding your frame.
@guilherme5094 Жыл бұрын
Nice.
@ulmaaulambayar7913 Жыл бұрын
super edited video
@waheedmurad4223 Жыл бұрын
Amzing learning videos Can please upload about Andriod 11 SDK payload that can live recorder camera and voice with screen sharing abilities with bypass playstore security
@bulmavegeta23 Жыл бұрын
awesome tool..
@Cypherx444 Жыл бұрын
Hey John please help me there is an eror while executing this it shows modulenotfound crypto please 🙏 reply
@zeloigl 9 ай бұрын
what did u do at the cut at 4:49 im struggling to figure it out ive tried everything can anyone help it says module 'Crypto' not found so i checked the crypto file and the c is lowercase but doesnt let me change it to uppercase as it says file location was moved????
@noviccen388 11 ай бұрын
can yo do meterpreter payload with it?
@bbowling619 Жыл бұрын
a turtle in a turtle ? Dude is mentor !!!
@larva5606 4 ай бұрын
i took a shot every time he said "slick" 🥴
@Leo_Aqua 11 ай бұрын
Can you make a video on how to get a reverse shell from a webserver without php?
@gokul5582 Жыл бұрын
My question is anyone of my victim will dare to paste suspicious lines on their cmd? Is there any other way to deliver it? Practically will it work?
@boh70326 Жыл бұрын
How many hours htb course consists of ? Not clear, just said 28modules Thanks
@Insomnia_2311 Жыл бұрын
Thanks John for the Education but I am afraid of that someone of this community would use this for bad things. I am not very sure how dangerous it would be using it on an enterprise network landscape by sending an inconspicuous attachment to an victim email-address ?
@TjSpoonManJacques Жыл бұрын
Finally a video teaching people how to stop hackers instead of educating these criminals on KZfaq. Thank you thank you thank you
@quintopecado3379 Жыл бұрын
I love this guy
@valk9789 Жыл бұрын
Me too ❤️
@drentrepreneur_ng Жыл бұрын
Hello Dr. how can I access your PhD thesis?
@Iampopg Ай бұрын
Does it bypass windows defender?
@auliarahman5399 Жыл бұрын
Nice
@imca_b_5517 Жыл бұрын
I feel illigal 😂
@Kobayashi423 Жыл бұрын
Can i use hack the box using windows?
@luismarrero9293 10 ай бұрын
hello John thanks for this amazing video as always. i tried this villain but when i tried to open it i got required argument PAYLOAD not supplied any help
@bhagyalakshmi1053 11 ай бұрын
Window paword+linux paword equal password attending and different tightening in the password, same password in the continue.
@BobbyBobBob69 9 ай бұрын
Hey I don’t wanna sound stupid, but I can’t copy between my Kali vm and my Ubuntu vm? When I’ve got only one vm open the guest isolation can copy and paste but when there’s more then one I can’t?
thehackerish
Рет қаралды 237 М.
David Bombal
Рет қаралды 310 М.