Telegram Has Been Hacked
Рет қаралды 191,468
17 күн бұрынLearn Cybersecurity - Name Your Price Training with John Hammond: nameyourpricetraining.com
📧JOIN MY NEWSLETTER ➡ jh.live/email
🙏SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/discord ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
🔥KZfaq ALGORITHM ➡ Like, Comment, & Subscribe!
@KvapuJanjalia 15 күн бұрын
I'm not afraid of a calculator! Bring it on!
@cringemaki 15 күн бұрын
Everybody gangsta till the calculator app starts to ask permissions for camera, microphone and location 💀
@yukiplaysFr 15 күн бұрын
💀
@TobbeOakleaf 15 күн бұрын
Oh it will be problems! Count on it!
@BillAnt 15 күн бұрын
At 8:14 that evil laughter Muaahhh!! lol
@Raymi20- 15 күн бұрын
@@yukiplaysFr**salutes to the therian** Ma'am how can I help you ma'am
@ghoulbuster1 15 күн бұрын
TL;DR The exploit disguises as a fake video that when played executes python code, requires python to be installed for it to work.
@mushroommanny 4 күн бұрын
saved me about 10 mins bro ty
@why1851 15 күн бұрын
too much rce exploits bro 💀💀💀💀💀💀💀
@sunbleachedangel 15 күн бұрын
What are others?
@amaankhan8436 15 күн бұрын
Xz utils, rust, palo alto
@sunbleachedangel 15 күн бұрын
@@amaankhan8436 Palo alto?? My company uses that lul
@why1851 15 күн бұрын
@@sunbleachedangel there was a rust rce CVE-2024-24576, aint that effective though
@yipo1 15 күн бұрын
@amaankhan8436 xz is a backdoor not an rce vulnerability
@Spiderfffun 15 күн бұрын
RCE after RCE, I hope kids wont have to learn about the year of the vulnerabilities, 2024, in the future
@SLZeroArrow 15 күн бұрын
Thy Digital Apocalypse is drawing nearer by the day
@wildstorm74 15 күн бұрын
Defected by a typo as well.🤦 Talk about ebmassment.😒
@atomgutan8064 15 күн бұрын
This is literally cybersecurity history.
@TehPwnerer 15 күн бұрын
No it will be certainly eclipsed by the number of them in 2025
@wildstorm74 15 күн бұрын
@@TehPwnerer I agree with you, I think people are going to use the idea to build a similar process.
@DoorThief 15 күн бұрын
I just got a SNYK sponsored ad by John Hammond before his own video
@NileGold 15 күн бұрын
Fr
@h5e 15 күн бұрын
I did too
@alek002 15 күн бұрын
It's rigged!1!1!1!1!1
@thecrew8612 15 күн бұрын
Saaame
@osiristeam6959 12 күн бұрын
They should have a list of trusted extensions instead of a list of untrusted ones.
@zeteya 8 күн бұрын
Very bad idea
@rafayahmed6259 7 күн бұрын
@@zeteyawhy?
@zeteya 7 күн бұрын
@@rafayahmed6259 Many reasons, one being a good extension can turn bad one day, but an extension that was bad to begin with will never turn good.
@kbabe3915 12 күн бұрын
The scrum meeting: "Yeah, an approve list is too short, let's write out every single extension that could execute code instead of just choosing some image and video formats that we support."
@user-hp2dr5qc8p 10 күн бұрын
A whitelist can get annoying tbh.
@kbabe3915 4 күн бұрын
@@user-hp2dr5qc8p Ah yeah, you're right, much more annoying than a 0 day. Also a blacklist had to have been annoying from the very start.
@januzi2 15 күн бұрын
Wait ... we can hack those spammers that are sending us the messages to text them?
@0xC47P1C3 15 күн бұрын
Funny seeing you in ads on your own videos lol
@AstralArchivists 15 күн бұрын
Bet the three later agencies are punching air rn. All their exploits getting found.
@BillAnt 15 күн бұрын
While reading your comment. lol
@MrCobalt 14 күн бұрын
You think every exploit exists because of "three later agencies"? 😂
@ohmsohmsohms 14 күн бұрын
@@MrCobaltgiven the past of their involvement with 0days, I wouldn’t be surprised if they were aware of maybe 1 of the RCE vulnerabilities discovered this year
@v-y 12 күн бұрын
@@MrCobalt theres no way this was an unintended oversight
@te-weikaigai1836 15 күн бұрын
I'm glad that I migrated to Debian + KDE two months ago. I still have my Windows on my drive, but never want to boot it anymore. The KDE environment in Linux is just much better than Windows.
@HyBlock 15 күн бұрын
who asked?
@KLR-3 15 күн бұрын
Welcome to the family.🐧
@te-weikaigai1836 15 күн бұрын
@@HyBlock the implication was that I'm not affected by windows RCE anymore.
@freerice9595 14 күн бұрын
I've tried making Ubuntu and Linux mint my daily driver many times. Can't do it. But for home labbing and running servers it's perfect.
@shiiy5131 14 күн бұрын
it's just so much more superior, once you try it you never go back lol
@actng 15 күн бұрын
Thanks John you explained that very well
@milanvucetic1292 15 күн бұрын
3:55 Not me watching the John Hammond video and getting an ad with John Hammond in it. Some may say it's a 2 for 1.
@BillAnt 15 күн бұрын
Taking it up the a** without lube. lol
@cvl14 15 күн бұрын
This just shows how blacklist are ineffective as a security tool
@yessintaktak9200 14 күн бұрын
Hello john . I am a big fan of your content can you make a roadmaps for us form when need to start 😅❤
@ThisIsJustADrillBit 15 күн бұрын
The fuzzing begins ❤
@BillAnt 15 күн бұрын
LPL has entered the chat, fuzzing locks are fun. hehe
@AuxiliaryPanther 15 күн бұрын
@@BillAnt...we're getting an SQL injection on three, oh it's binding. A little malware on four, and we're set. Going back to three, gained root access to run our query, annd now we're in.
@BillAnt 15 күн бұрын
@@AuxiliaryPanther lol that took like 30 seconds.... not a very secure lock. :D
@acessor9899 15 күн бұрын
This one RCE was indeed fun to use, gotta find more ;)
@1hw3 15 күн бұрын
hello vro
@Luzum 12 күн бұрын
im gonna touch u vro ♥
@jabrowski_ 15 күн бұрын
Interesting shiz John. Liked and subbed, stay safe
@couldntgivafuk 15 күн бұрын
I've never liked the idea of "allow" and "deny" list... just deny all and allow the user to specify.
@vladislavkaras491 10 күн бұрын
Thanks for the news!
@cyber_space09 15 күн бұрын
Wow good job I want more info ❤
@TheMAZZTer 15 күн бұрын
Oof, this is why blacklists can be problematic, with a whitelist they would not have had this problem.
@BaggerPRO 15 күн бұрын
Except perhaps for the problem of naming this list as "white" 😁
@joshallen128 15 күн бұрын
@@BaggerPROblock allow lists?
@BaggerPRO 15 күн бұрын
@@joshallen128 , Yeah, it looks like it's fashionable to call these lists that way now :)
@BillAnt 15 күн бұрын
A block list is usually shorter than a white list, but it's just a matter of decision.
@joshallen128 15 күн бұрын
@@BillAnt Deny list because block sounds like black with an accent
@mrhassell 15 күн бұрын
Requires Python to be installed in the local path as a global environment variable.
@sevuszeld5015 15 күн бұрын
the title of the video is not that nice because i thought it would be a vulnerability that accurs right now. anyways. Thanks for sharing.
@shadflur874 14 күн бұрын
How do u register for that forum?
@wiertgo 15 күн бұрын
I got an ad from you on this video
@anthonymcevans8191 12 күн бұрын
“It is not by default installed” **laughs in Linux**
@abandoninplace2751 15 күн бұрын
They are identifying files by extension. Nice.
@johndeaux8815 15 күн бұрын
Hate the red border on the thumbnails, I assume I've already watched and scroll past half the time
@SchooiYT 15 күн бұрын
Nice Video!
@hackcode2240 15 күн бұрын
Amo tus videos
@ToniMorton 15 күн бұрын
calculator opens in my nightmares.
@higurashinerd 13 күн бұрын
Part of whyI never share diagnostic data with devs. It’s so nosey now
@user-fp7fs9xl2t 15 күн бұрын
Great Content ...
@planktonfun1 12 күн бұрын
every vulnerability whether or not its trivial, can and will be leveraged
@sophisticatedserpent1512 15 күн бұрын
The red bars in the thumbnail made me think I already watched this video.
@ernestmugo1765 12 күн бұрын
Right, I thought so too!
@DoingFedTime 12 күн бұрын
Bad stuff for many. One of the reasons I always tell people to NOT use this medium.
@madscientist15808 15 күн бұрын
Hey there John
@ShadowManceri 15 күн бұрын
I find it very bizarre that you can execute a file in the first place. That seems like a bad idea in many ways.
@user-hp2dr5qc8p 10 күн бұрын
How do you suggest to open a .txt file?
@ShadowManceri 10 күн бұрын
@@user-hp2dr5qc8p .txt file should be read, not executed.
@oncetwice6366 15 күн бұрын
Who's idea it was to hardcode bunch of files there. They'll just keep updating it every timea new file type that can execute code comes? Sounds like horrible idea.
@r35p3ct00 11 күн бұрын
Такое чувство, что на безопасность всем насрать, только ты можешь себя обезопасить, не кликая на всякое говно
@RebziSquad 10 күн бұрын
Если человек наивный, то его никакая защита не спасет) Однажды мой знакомый запустил подозрительный tampermonkey скрипт в дискорде, говорит "2FA стоит же, чего бояться?". В конечном итоге украли его токен и смогли получить доступ к аккаунту.
@mrfoodarama 9 күн бұрын
Oooff... thank you John... cant believe im one of those 0.01% .. slackin
@Bromon655 15 күн бұрын
3:28 lol. They backed themselves into a corner with that statement.
@allxrise 13 күн бұрын
They might have been logging something like "There is no any program to open this file-type/mime-type" perhaps? Or they just RCE'd to everyone... Who knows?
@Bromon655 13 күн бұрын
@@allxrise I’m more inclined to believe they were just fabricating a number as an attempt at damage control
@runedust9875 15 күн бұрын
Having a whitelist instead of a blacklist would prob. be more secure and reliable. Basic security not?
@tablettablete186 15 күн бұрын
I was thinking the same
@xion637 15 күн бұрын
@@tablettablete186 governed by implicit deny. Also agree.
@user-mk3zz8zn9b 15 күн бұрын
nah, its not think again
@rian0xFFF 15 күн бұрын
depends on size
@dimike96 15 күн бұрын
Surely some communities would have a very high hit rate for python being installed on a windows machine right?
@crism8868 15 күн бұрын
Yup. All data science and AI nerds.
@Bromon655 15 күн бұрын
Anybody even slightly interested in programming has a decent chance of having it installed on their computer. I refuse to believe less than 0.01% of users were affected.
@paulwesley3862 15 күн бұрын
@@Bromon655a) is the 6th most downloaded app - is your grandma programming? b) die this you must use it on your PC. how many people just have it on their phone?
@PasqualItizzz 15 күн бұрын
Tis the season to find folly, tra la la la la, la la la lol
@commanderpaladin 15 күн бұрын
I like cats. Btw we can all be farmers. No tech no rce problems 😎
@momentum9319 15 күн бұрын
what is "flair"
@paul-olof 15 күн бұрын
Haha so specific but I would've been at risk
@fokyewtoob8835 15 күн бұрын
Music to my ears
@reijin999 15 күн бұрын
yeah but it updates every hour so it's chill
@Axodus 9 күн бұрын
Good, they banned my account for no reason.
@zheil9152 15 күн бұрын
1:48 macOS has it installed by default, last I checked at least
@dom1310df 15 күн бұрын
Does mac have a similar concept of file extension associations as on windows, so a pyzw file will open with python by default?
@chiroyce 15 күн бұрын
Not anymore, used to have Python 2.x
@robotron1236 15 күн бұрын
You should watch Telegrams owners interview with Tucker Carlson. They have like 30 employees and have never spent a dime on advertising. 😂
@entertain8648 10 күн бұрын
Why are you laughing though?
@benherbst3620 15 күн бұрын
CRAZY
@guilherme5094 15 күн бұрын
👍Nice.
@manasmahanand732 12 күн бұрын
With a bit of social engineering this could have been pretty terrible
@Mat2095 13 күн бұрын
But, isn't pyzw supposed to be a zip-archive? That contains a __main__.py? I'm actually surprised this runs at all.
@wildstorm74 15 күн бұрын
I can't wait for new exploits that uses this idea in similar way now.😅 If you know, you know.😒
@Pem7 15 күн бұрын
2024 is on fire with RCEs🤞🏾
@legendarycuber9205 14 күн бұрын
I got a SYNK ad with John right before the video and was confused why there was a skip button 😂
@StealthSec-BugBounty 15 күн бұрын
Ohh no
@aaronguerrero2003 14 күн бұрын
There is always a way in😉
@furrygem5176 14 күн бұрын
"Certified rce moment" 💀
@BU5TER288 15 күн бұрын
oh no.. now i feel so dirty i cant wash it off
@eljayleyble1789 15 күн бұрын
A lot of noodles will be leaked for sure.
@ZaberfangX 15 күн бұрын
Is it safer just makes a user that is not admin user? So if code ran its needs admin user right as default user windows always user are admin?
@BreadGuy0 15 күн бұрын
Everybody be acting gangsta until calculator auto launches
@rigsshiver823 15 күн бұрын
tf is going on .. rce 💀
@impostorsyndrome1350 15 күн бұрын
I have Python installed on Windows computer... It helps with learning Python programming, idk why people are so against it.
@zombi1034 15 күн бұрын
Yea, not sure why he made it seem like something extremely unusual. I think most people that do any kind of programming and use Windows will have python installed.
@Slada1 13 күн бұрын
Why would you learn python if you could not use it? :D
@impostorsyndrome1350 12 күн бұрын
@@Slada1 wdym not use it? You can use it to create various programs.
@FRITTY12348546 12 күн бұрын
But was it a typo :D
@user-fe5mz9mq5o 11 күн бұрын
i found this exploit 2 years ago... never posted anything about it
@user-mc8xt1iq7c 15 күн бұрын
bro, youtube just showed me your ad, on your own video. theyre wasting your ad money
@SimplyGamer605 12 күн бұрын
Hey, nice video, but just one thing. Your audio and video dosent seem to be perfectly in sync and its getting on my nerves
@definitelyno 12 күн бұрын
You can add an extra dot at the end. Windows -> Run -> 'calc.exe.' -> Enter opens calc. Does that work to bypass.
@lunaxquinn 15 күн бұрын
Linux users are way more likely to have python installed out of the box so i wouldn't call this a "very specific" exploit.
@maktiki 12 күн бұрын
I think the problem is Windows. It runs everything too fast without permission.
@luizzeroxis 15 күн бұрын
How is this RCE? It's just running the code that someone sent to you. There's no difference between that and opening an exe.
@DavidFrankland 12 күн бұрын
echo y | format c:
@IlIlIIlIlIlIlIlIl 15 күн бұрын
Good thing I run it in a vm on a vps
@Luzum 12 күн бұрын
vm escape + pyzw = your vps gets owned
@ourdazakaria4182 15 күн бұрын
Please sir all my devices is hacked my phone my laptop what can i do for this problem there is someone above me every step i make on my laptop or my phone knock the roof like if there know everything im doing . THANK YOU FOR HELP 🚨🆘
@lord_snigglebottom 15 күн бұрын
just got a john hammond ad on a john hammond video ...
@Reelix 15 күн бұрын
"Windows that has python installed" you claim is extremely odd. That... Is an extremely odd statement.
@jamesciastko8861 15 күн бұрын
What is happening lately? 💀💀
@Aghnanster 15 күн бұрын
Ive heard this is on discord also
@Luzum 12 күн бұрын
it is not
@dkizilkaya6839 13 күн бұрын
This was surely done by purpose. Believe me not.
@christoferrian 15 күн бұрын
hello world
@ibrahimdevx 15 күн бұрын
Less then 0.01%.... yeah idk why im having a hard time believing that 😂 its not that uncommon to have Python installed on ur system
@rodricbr 14 күн бұрын
this is such an interesting rce tho... lol
@KLR-3 15 күн бұрын
Why do they blacklist file types they believe are unsafe. They should be whitelisting filetypes that are safe. If some new software comes along that belongs in the unsafe catagory they have to know about the related filetype and then add it to the blacklist...
@wafinashwan8242 15 күн бұрын
whitelist would take too long.
@erroroliver 15 күн бұрын
@@wafinashwan8242got any quote from a developer?
@johnsmith34 15 күн бұрын
"Reimplemeent file open confirmations" has a noWarning list, so I think that's done now.
@KLR-3 15 күн бұрын
@@wafinashwan8242how so?
@johndoublew3060 15 күн бұрын
@@wafinashwan8242 how come
@TheAwillz 14 күн бұрын
Sometimes you guys are very clever with tech but not so clever with people…
@Network_Cyber 13 күн бұрын
Code please
@adenosinetp10 14 күн бұрын
can you stop using the word "stupid" so frequently and often?
@LibraryOFSounds 15 күн бұрын
Yeah uae does not like private messaging.
@rafayahmed6259 7 күн бұрын
😅😅
@LibraryOFSounds 7 күн бұрын
@@rafayahmed6259 Do you know uae connection with then twitter ? Or the documentary about state hackers of usa training uae agents. That documentary is so interesting
@JNET_Reloaded 15 күн бұрын
ironic how you mention x as x has same fkin vulns as t look into clicking vid links on x on some accounts it will open up links and do stuff etc!
@Sinstyson 15 күн бұрын
Can you provide examples of that?
@Difluoroacetamide 15 күн бұрын
Some bots post links that have a picture that looks like a video as the thumbnail of the preview card. It's very hard to explain
@Sinstyson 15 күн бұрын
@@Difluoroacetamide i mean like, i want a link
@Difluoroacetamide 15 күн бұрын
@@Sinstyson There's really no documentation for it; you just have to see it for yourself. It's a link preview that tricks you into thinking it's a playable video with a thumbnail designed to deceive. With closer inspection, it displays the site title, link, and description below the thumbnail. It's easy to be fooled by this if you're not tech-savvy or have poor vision. Mainly this is used by adult content bots to lure people to their websites. It's not a security vulnerability, but rather a case of OP being oblivious no offense
@BouleyMusic 15 күн бұрын
wonder if you could just do the same with .bat file that puts itself in the shell:startup folder upon clicking the "video"
@shareb1t 15 күн бұрын
this RCE was shared last year in TG channels and been there for whole year, its not 0day at all. Stop talking trash just because someone tweet it and say is 0day lmao
@Z3rgatul 15 күн бұрын
zero day means "it is not fixed yet", and not "not shared yet"
@schwingedeshaehers 15 күн бұрын
it means, not know/just known by the seveloper @@Z3rgatul
@oracuda 15 күн бұрын
how do RCEs still exist in 2024 bro 😭😭😭😭😭
@crlfff 15 күн бұрын
They are found in everything
@christianhabermann6527 12 күн бұрын
Quite sure the work of a bad actor. These "typos" that cause super serious RCEs are happening in very interesting places in really well used mainstream projects.
@YouTubeName-hw1uk 12 күн бұрын
Anf i thought wiiu wansthe only thing that has rce 😂