I Hacked & Exposed This Fake Website for Educational Purposes

I Hacked & Exposed This Fake Website for Educational Purposes - CTF

Рет қаралды 162,675

Күн бұрын

#pentesting #ctf #hacking #cybersecurity #php
00:00 - intro
00:08 - Disclaimer
00:19 - Mapping
02:23 - Digging
03:24 - Attempting file read
04:30 - Interesting log
04:50 - Log poisoning
05:44 - Remote Code Execution
06:38 - Log script
07:30 - Filter Bypass
08:30 - Command injection and Privilege escalation
09:41 - Exposing the dark secret
DISCLAIMER: The techniques shown here should strictly be used on targets you HAVE permission to test. NEVER hack something you don't have permission to.
In this video, I demonstrate how to hack a CTF target and get root in just a few minutes. Web developers will learn a lot on how to secure their websites! Ethical hackers will learn hacking techniques to help their clients become more secure.
Credit: Challenge The Ether: EvilScience (v1.0.1) from f1re_w1re (www.vulnhub.com/author/f1re_w...)
🔥Use Coupon THEHACKERISH and Get 5% discount on CRTP and other courses on www.alteredsecurity.com/ when you pay with Stripe.
🚀 🔥 Become a pentester
academy.thehackerish.com/p/fr...
📙 Learn the technical skills:
thehackerish.com/best-hacking...
📙 Become a successful bug bounty hunter: thehackerish.com/a-bug-bounty...
🆓 Download your FREE Web hacking LAB and starting hacking NOW: thehackerish.com/owasp-top-10...
🌐 Read more on the blog: thehackerish.com
🇩 Discord: / discord
💪🏻 Support this work: thehackerish.com/how-to-support
- Facebook Page: / thehackerish
- Follow us on Twitter: / thehackerish
- Listen on Anchor: anchor.fm/thehackerish
- Listen on Spotify: open.spotify.com/show/4Ht8jEb...
- Listen on Google Podcasts: podcasts.google.com/?feed=aHR...

Пікірлер: 224

@5374seth 6 ай бұрын

Takeaway: don’t upload your evil incriminating journal to your company’s public web server

@Artemyst 6 ай бұрын

Why upload it at all? Pen and paper would protect a lot of companies getting evil shit only 1 or 2 people at the top should know about from coming out

@onidaaitsubasa4177 7 ай бұрын

What's really disturbing is that there actually might actually be a real reasearch company that does questionable testing like this on people somewhere out there, it's good they have these simulation websites to test your hacking and programming skills.

@mikymuky1171 7 ай бұрын

I was literally just binging a tv series called Fringe. What a great coincidence! Great series

@user-ge7ep5sc2d 7 ай бұрын

@@trackme3621and you lack the ability to read

@mikymuky1171 7 ай бұрын

@@trackme3621 r/whoosh

@ok-tr1nw 7 ай бұрын

Mkultra

@l7afa 6 ай бұрын

Its a ctf examination its not a real website it's just a example of how hackers can show the truth and test your skills.

@akatsukilevi 6 ай бұрын

Not bad! Just next time put a disclaimer at the start of the video saying that it is a actual CTF challenge Might help people who aren't knowledgeful into CTF's or platforms like root-me to get to know them!

@antonaparin 6 ай бұрын

=clickbait

@jerrymartin7019 6 ай бұрын

Always love the little lore tidbits ctf makers include in their challenges

@victorstegmaier7572 7 ай бұрын

You sure you haven't hacked accidentally the source code of Fallout 5? That sounds like some Vault-Tec horror story... 😂

@thehackerish 7 ай бұрын

😂😂😂

@filtztr 6 ай бұрын

i had a stroke reading that and fucking died

@gamecreator994 7 ай бұрын

The real question is how does he know its evil?

@shouvikkundu8289 7 ай бұрын

It's a ctf challenge bro

@jrapp654 7 ай бұрын

He’s joking bro

@pitpot2 7 ай бұрын

its very clearly an evil website

@pegtade 7 ай бұрын

Its not a real site, well it is but its made for hackers to hack.

@hidden_network 7 ай бұрын

The website was created by him .. just a demo

@MaxWis 6 ай бұрын

I wish they did this as security lesson on my uni. just one day of doing this just to get a feel for it and learn how to protect against these attacks

@Sparkette 6 ай бұрын

I think "might go to jail" is more accurate. It's not a guarantee; people do get away with it sometimes.

@thehackerish 6 ай бұрын

Better safe than sorry 😉

@UJustGotGamed 6 ай бұрын

@@thehackerish 😉

@hermannMma 5 ай бұрын

most of the times xd

@itsmmdoha 7 ай бұрын

I love these videos, please keep making these!

@Mahatah 6 ай бұрын

This directory traversal, to log poisoning, to RCE revshell is very well presented. Also, there are clearly some really interesting command aliases used in this video. If we ask nicely, could we see a few that you have? I noticed "nmapq" and "revshell" in the video.

@thehackerish 6 ай бұрын

Sure, I will share them in future videos

@NatureSoulHarmony 7 ай бұрын

This series is awesome keep up

@vedantkanoujia 7 ай бұрын

I love how you fool people's while playing ctf & adding *STORY* to it like cherry on cake

@flatiialt-kx4fo 7 ай бұрын

" " *

@U20E0 6 ай бұрын

People seem to click before they read, so moving "CTF" closer to the front (or shortening the title in general, or putting it in the thumbnail) may help with the clickbait accusations. It may also be getting cut off in some places ( i don't know though )

@glaszn 6 ай бұрын

amazing act m8 ... really good and very educational

@leafofyume7838 6 ай бұрын

wow rly didint think it would be so easy to hack a website that has close to none security implementations. scary

@Gray3ther 6 ай бұрын

Very instructive, as always. Thanx hackerish! ❤

@thehackerish 6 ай бұрын

My pleasure!

@happyboom- 7 ай бұрын

great video. I would fully prepare for youtube to take it down though. So please let us know about any community resources you host :) subscribed!

@MayorMcBluntz 7 ай бұрын

its a CTF would probably be considered to be educational and not malicious since the site is for this purpose.

@hartpa 5 ай бұрын

I don't understand a second of this but respect that you share it.

@md.mahadi1 7 ай бұрын

Very nice. Please make a video with java/nodejs website

@rodricbr 6 ай бұрын

very nice little easy ctf. I think I'ma go back into doing them, you've inspired me

@thehackerish 6 ай бұрын

Have fun!

@Owl69699 6 ай бұрын

Bro made this video like im watching a horror movie and i absolutely love it!! \

@thehackerish 6 ай бұрын

Glad you liked it!

@ButterflyAdminOfAuth 7 ай бұрын

Btw Your CTF was Great I learned A lotcz I used same payload on HTB clicker machine but I faile now I know what to do

@BomMeldingYT 7 ай бұрын

I keep on learning stuff, thanks

@pitpot2 7 ай бұрын

love your videos! hope you get more traction soon because your channel is very underrated :)

@thehackerish 7 ай бұрын

Thank you so much! Share it with your peers

@subscrownic 6 ай бұрын

love your PCs framerate for moving the mouse around

@sifuhotman8595 6 ай бұрын

Clickbait Successful. 😂

@ClashWithHuzefa 6 ай бұрын

Man, this hacking looks so difficult. I want to learn like you 😭😭

@noobidubi8137 6 ай бұрын

If you wanna learn try "hack the box academy"

@Tommi-C 6 ай бұрын

You had me there for 11 min and 15 seconds 😉😉

@justincase5228 6 ай бұрын

I had a friend working in I.T. at a college in Wales and we were talking on the phone. I asked if he thought his system was secure and of course, he's talking shit. So while we were talking I was hacking their website in real time and then email'd him the contents of one of the server's logs. :evil laugh:

@muneeburrehman547 6 ай бұрын

😂😂😂

@TheOverkillSociety 6 ай бұрын

Damn, this sounds like something straight out of Resident Evil.

@Mr.Equinox 7 ай бұрын

Finally! Log poisoning 😁

@ultralaggerREV1 6 ай бұрын

The FBI is definitely watching us

@harryhack91 6 ай бұрын

That journal at the end looked like an SCP

@GrumpyGillsFishing 7 ай бұрын

Beautiful lab 😂 I love it

@0RIPPER0 7 ай бұрын

Dyaumn man !

@franceconi 6 ай бұрын

Excellent work!! Thanks for sharing.

@thehackerish 6 ай бұрын

Thank you! Cheers!

@Bartyron 6 ай бұрын

very entertaining!

@amin7581 6 ай бұрын

Oh my. This is definitely scary. I can't believe there are company hidden in the world would do this. As a professional website clicker, I can tell you, this is definitely and totally not a dummy site. Very scary indeed.

@thetechdudemc 6 ай бұрын

The etc/sudoers file properly set up would have prevented the escalation to root right?

@thehackerish 6 ай бұрын

Yep, correct

@Faeest 6 ай бұрын

what app you use to digging in? some kinda postman but it's not postman. what was that?

@thehackerish 6 ай бұрын

Burpsuite, or zaproxy works as well

@michaeltaylor8835 6 ай бұрын

Good job

@khalnayakgamer6607 7 ай бұрын

1st yr 😌

@MasterHacker... 7 ай бұрын

1דא

@naptimusnapolyus1227 7 ай бұрын

Delightful. 🎩 ☕🗿

@sudomode_ 7 ай бұрын

🔵 The Hackerish is the best 👏

@silkroad780 3 ай бұрын

Thank you , but if the website outside you Lan network , you do the same ?

@thehackerish 2 ай бұрын

if it's accessible through internet, yes

@dreamaker2107 6 ай бұрын

What program are you using at the digging part?

@thehackerish 6 ай бұрын

Web proxy: burpsuite, terminal: Ubuntu

@thekillercrum 5 ай бұрын

sick project

@SSS333-AAA 6 ай бұрын

i'm so damn confused. enchantment table is something i never learned.

@JAI_SHREE_RAM_796 6 ай бұрын

Hii sir please please give a fuxsocy details video

@davin2002 6 ай бұрын

so there was no ssl key, so what was the use of the private key ? , then why post stuff on a webserver, i don't understand the security of this site

@RenderBenderProductions 5 ай бұрын

What is the rpogram hat you use in this video?

@thehackerish 4 ай бұрын

Just aliases around Nmap and wfuzz

@amongusboi2032 6 ай бұрын

Sounds like chaos insurgency hacker hacking into one of scp foundations websites. Welcome to the splinter group, cyber security dude. 😂😂😂

@legend7066 28 күн бұрын

what is nmapq?

@dereklee2590 5 ай бұрын

How do hack website that is doing illegal activity also the users doing illegal activity

@rgtechyt9267 6 ай бұрын

Which operation system are you using bro please reply

@W_Rizz. 6 ай бұрын

Kali Linux I assume

@thehackerish 6 ай бұрын

Ubuntu running on windows wsl

@SujjtaLopchan 9 күн бұрын

Brother i am in huge trouble i need your help plz help me

@nolannono31 6 ай бұрын

what happen if someone go to the url of the website

@mebmeamarketing7094 6 ай бұрын

Not understand fully but I enjoy every time. With seen of earning. But I not understand every time. What is money. Why people always money only. Why they do not work for reality. Why they don't need simple ways. Why people going in trouble trouble and troublings..... 🎉 Enjoy your money. But Please take care yourself and poors. You you all. ALLAH BLESS US AAMEEN ❤

@lel0uchfr199 6 ай бұрын

what's the name of the tool to fetch data (with GET etc...) ?

@thehackerish 6 ай бұрын

Curl and Burpsuite

@beast-chan 6 ай бұрын

i robbed a bank and stole 2M$ for educational purposes 🤣

@goodvybes228 7 ай бұрын

I am root

@OligoST 6 ай бұрын

Spooky story

@paolomontelbano 7 ай бұрын

This is just a ctf.. why are you making it sound as if this is a real site in the title?

@taronnersisyan9612 7 ай бұрын

Dude noone is gonna post something unethical in KZfaq

@Vurkman 6 ай бұрын

can u do it on a virtual box?

@thehackerish 6 ай бұрын

Yes, from vulnhub.com

@user-zh7yr6vz3t 4 ай бұрын

can you hack a scammer website who take money from people's by fraud .. reply if you can i will share you link.

@ghost_ship_supreme 6 ай бұрын

5:40 wait… what did he do here?

@ewancadmore3592 6 ай бұрын

what are the names of those windows he's using to execute code?

@W_Rizz. 6 ай бұрын

Terminal

@deadman746 6 ай бұрын

I know someone who hacked into a rape ring. He got more prison time than the rapists.

@turbo_marc 6 ай бұрын

The hacker shouldn't have gotten any prison time. Absolutely ridiculous.

@shareb1t 6 ай бұрын

Disclaimer: Never put click bait such as video without permission from your viewers otherwise you might go actually you will be banned and forgotten

@thehackerish 6 ай бұрын

Well heard, what do you suggest as a title?

@deatheternal720 6 ай бұрын

why are you recording in 2 fps

@h1lw 6 ай бұрын

The video is not in 2 fps

@e.v.a.l.s 7 ай бұрын

i dnot get it

@digitalien 7 ай бұрын

Is this genuine data of them... or you just crafted iy yourself, i mean the experiment sounds russian

@thehackerish 7 ай бұрын

No, this is a capture the flag designed to test hacking skills, and has a story behind

@PythVR2 6 ай бұрын

when you put educational purposes at the end of the law the just ignore what your doing.

@thehackerish 6 ай бұрын

Not just that, the website itself is for educational purposes only 😉

@user-qk2sx2xn3f 6 ай бұрын

Sir good day to you l was watching your videos but l should like to ask about a certain app which l don't know if it's real or fake app

@user-qk2sx2xn3f 6 ай бұрын

He research l made almost people are saying that it's working but honestly speaking according to you hackers you can tell us the truth

@user-qk2sx2xn3f 6 ай бұрын

So how can l reach on you or how can l contact you and l give you full details sir, l will be glad to hear from you

@thehackerish 6 ай бұрын

You can dm me on Twitter

@user-qk2sx2xn3f 6 ай бұрын

But guy why do you always send us to contact you through Twitter, Instagram, Telegram why do you give us direct numbers or contacts to reach up on you

@harrymakongwa1147 6 ай бұрын

How do you know what you know ..

@thehackerish 6 ай бұрын

Everything is available online to self-learn

@alexgamingyt-cj1bf 6 ай бұрын

hello fbi watchlist!

@stormgaminggg 6 ай бұрын

so you can basicaly install a virus and run it using this to destroy the server?

@thehackerish 6 ай бұрын

Yeah, once root, you can do pretty much all you want. But in penetration tests, you always take your customer's data and availability into account

@jimschips254 6 ай бұрын

Pro tip: this vid smacks in 1.25x speed

@justkleo 6 ай бұрын

0:13 then why are you doing it 💀

@purple-47 6 ай бұрын

5:23 is that your IP?

@thehackerish 6 ай бұрын

Nice catch, vpn

@purple-47 6 ай бұрын

thanks.@@thehackerish

@devviz 7 ай бұрын

who tf encode experiment logs in a flag.png file?! ridiculous, unrealistic

@thehackerish 7 ай бұрын

It's a ctf

@IBadAtEditing 7 ай бұрын

POV you don’t understand that even in unrealistic CTF’s, you can learn a thing or two to apply to real world scenarios 🤯🤯🤯🤯

@Steve-xb7dn 6 ай бұрын

this stuff is years old.....

@iskrassupercoolchannel 6 ай бұрын

@johndavemontalvo7236 Ай бұрын

naay kahibaw mu hack dri cebu? willing to pay

@lpsfairylightz6468 6 ай бұрын

LOLL IM STUPJD IDK ANYTHING ABOUT CODE AND I WAS LIKE ILL WATCH GHIS IT LOOKS COOL I THOUGHT IT WAS REAL AND THEN THE REVEAL STARTED AND I WAS LIKE 💔💔💔

@bepisenjoyer 7 ай бұрын

omething has gone wron

@mikehunthunt8269 6 ай бұрын

You have your own ip 😔

@GamingCraze823 6 ай бұрын

Ngl a link name like that already screams scam lol

@codename_ghost1676 6 ай бұрын

PLEASE TELL ME THIS IS SATIRE

@alvaromoe 7 ай бұрын

Discalimer

@SomeDudeCauseYes 6 ай бұрын

twist: he hacked a evil site, create but remove security, then do a educational vid on it. (Joke btw)

@yusufermanto1540 6 ай бұрын

is the life expectancy gonna be Pay To Win? i prefer Free To Play

@ImDuck42 7 ай бұрын

can you hack discord servers and give everyone free Nitro ? (for educational purposes of course)

@thehackerish 7 ай бұрын

Haha, unfortunately no. It's unethical

@Lynixity 6 ай бұрын

it is lel >:)))))@@thehackerish

@Biejoy666 6 ай бұрын

And don't be evil again okay😊

@traida111 6 ай бұрын

I believe you already hacked it, then repeated the steps again while recording. I mean, in this type of thing its how to make good content. well done

@vitorstreetboys 6 ай бұрын

hahahaha

@Kami-hd5sh 6 ай бұрын

❤❤❤❤❤🎉😂😂😂

@Kwijtamine 7 ай бұрын

bruh

@Rubalix 3 ай бұрын

This couldn’t be more fake. You made a vulnerable site, it’s not hard. You showed some fancy things with burp, stop lying to these people. You’re not fooling people like me who could run circles around you.