TARGETED Phishing - Fake Outlook Password Harvester

  Рет қаралды 255,218

John Hammond

John Hammond

2 жыл бұрын

If you would like to support the channel and I, check out Kite! Kite is a coding assistant that helps you code faster, on any IDE offer smart completions and documentation. www.kite.com/get-kite/?... (disclaimer, affiliate link)
For more content, subscribe on Twitch! / johnhammond010
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: / johnhammond010
PayPal: paypal.me/johnhammond010
E-mail: johnhammond010@gmail.com
Discord: johnhammond.org/discord
Twitter: / _johnhammond
GitHub: github.com/JohnHammond

Пікірлер: 474
@stef9019
@stef9019 2 жыл бұрын
Great video 0:00 intro 4:30 file inspection 6:00 code inspection 17:35 looking at the phishing attempt 19:27 curling 23:15 checking out domain info 32:35 reporting the scam 45:35 golly gee, an outro
@Terrain2
@Terrain2 2 жыл бұрын
Dear John, How come you hearted this comment, but didn't put it in the description? Timestamps are useful, and when the original creator doesn't add any, some commenters are nice enough to do it anyways, such as Stef. You hearted it. Why don't you put it in the description? I've seen some people that don't make timestamps still add viewer-provided ones with a note like "thanks to Stef for providing timestamps". Why don't you do it? Chapters are nice. pls Sincerely, ME
@potatoonastick2239
@potatoonastick2239 2 жыл бұрын
@@Terrain2 THIS
@IgnoreMyChan
@IgnoreMyChan 2 жыл бұрын
@@Terrain2 I think for the same reason he's still blowing and popping into his mike; He doesn't care.
@_CryptoCat
@_CryptoCat 2 жыл бұрын
@@Terrain2 no chapters mean you need to watch it all 😆
@MakN.
@MakN. 2 жыл бұрын
Increased watch time
@abc.2924
@abc.2924 2 жыл бұрын
You already know John went and snooped around with that RDP right after this video lmao
@dylanrobledo7234
@dylanrobledo7234 2 жыл бұрын
just enjoy
@TheChriscrowder
@TheChriscrowder 2 жыл бұрын
I RDP'ed to it and got a login prompt. Didn't try to sign in.
@greengenix8804
@greengenix8804 2 жыл бұрын
@@TheChriscrowder time to crack the pass
@DasUberAdmin
@DasUberAdmin 2 жыл бұрын
@@TheChriscrowder If you save the connection as an .rdp file and add enablecredsspsupport:i:0 to the bottom of the file using your favorite text editor, save it and then open it you can take a look at the accounts on the machine without trying to sign in
@kylefaust7743
@kylefaust7743 2 жыл бұрын
Episode 2 anyone? John goes hammond on this server and we get a hack the box outside hackthebox. I even got the name of your next episode! It's Hammond time! php.wnd
@kylefaust7743
@kylefaust7743 2 жыл бұрын
The absolute shock in your face when you ran into that RDP info was priceless. I know sometimes you do alot of the legwork off cam and then kinda roll through the thought process and show us a live step by step for the videos. That's what I think you were doing until that RDP moment and the sudden conflict your face showed when you seemed to think "can I/should I chase this down right now?" Truly an awesome video man.
@HeadsetGuy
@HeadsetGuy 2 жыл бұрын
Wait... The Registrant City is listed as Los Angeles, but the Registrant State is listed as NY.
@zoes17
@zoes17 2 жыл бұрын
Better yet, the zip is for LA, Cali but the phone goes to a different city in Cali. Then there's the fact the street address is likely fake too given it's numbers and first two letters repeat which makes it look like a 1234 address...
@josephferren6372
@josephferren6372 2 жыл бұрын
What's interesting too is that the registered address belongs to a medical laboratory
@joeymelo2882
@joeymelo2882 2 жыл бұрын
I enjoy how your videos are always uncut (aside from the long pauses). This gives us a legitimate feel of your work and inspires us to follow these steps. As usual, thanks for the content.
@callmemc6
@callmemc6 2 жыл бұрын
Found this channel through youtube recommendation and by far one of the best recommendations I've gotten to date. I recently got into IT work and I'm looking to branch into cybersecurity as I make my way back to college. These videos have really shown me how cool and fun this stuff can be to analyze. Can't wait to start learning more about this field.
@acidopcodes
@acidopcodes 2 жыл бұрын
Best Of luck buddy 👍
@lalithkumar1029
@lalithkumar1029 2 жыл бұрын
I saw this type of comments pretty much in so many videos
@thax0r172
@thax0r172 2 жыл бұрын
Don't need college for i.t. biggest lesson I learned.
@Monsizr
@Monsizr 2 жыл бұрын
This dude talks way too much. Cant watch
@acidopcodes
@acidopcodes 2 жыл бұрын
@@Monsizr then why are you here
@JTwisted
@JTwisted 2 жыл бұрын
I love how he just showed us how to spam these guys using bash, but then said “But we don’t do it”
@andrewzchannel
@andrewzchannel 2 жыл бұрын
I saw a completely identical spear phishing attack for one of our customers last Friday - really cool to see your breakdown and learned where my investigation could have improved! Love the content
@velomeister
@velomeister 2 жыл бұрын
Amazing video! It's a pretty simple but pretty well-done hashing attack. What I really loved was your call to action on reporting this kind of stuff.
@michellerose3796
@michellerose3796 2 жыл бұрын
Great video, John, it was super cool to see something I deal with at work every day featured on your channel. You clearly went above and beyond with your explanations, breaking it down into all the small components to make it really easy to understand every step of the way. Thanks so much for this one in particular! 🤓
@d3dk3ny
@d3dk3ny 2 жыл бұрын
I've been hoarding phishing links for months... I think it's time to pay it forward to those guys, thanks for the inspiration 🙏
@deancrypto5939
@deancrypto5939 2 жыл бұрын
in most cases they only last a few days at most before they are either taken down or flagged by GSB and the threat actors then ditch them
@v01d_r34l1ty
@v01d_r34l1ty 2 жыл бұрын
"You could start the Holy Wars with ViM and Emacs" Favorite John quote ever
@AmrReflection
@AmrReflection 2 жыл бұрын
That's the content I pay my internet bill for :D Totally love how your videos are actually informative and entertaining at the exact same time.
@TheH2OWeb
@TheH2OWeb 2 жыл бұрын
During the video I was hoping that you showed us how and where to report... and 10 sec later, you just started showing it. Great work and great video as always ! Thanks John !
@johnathon3067
@johnathon3067 2 жыл бұрын
The 1 dislike on this video is the guy that sent the phishing email XD
@mpcabete
@mpcabete 2 жыл бұрын
That is exactly the content I subscribed for! loved it! I have always known about the spearfishing attack, and how it all works, but I had never seen one by myself. It was amazingly straightforward, just some base64 obfuscation and an HTML file. Thank you to the person who sent the e-mail, great stuff!
@adildada6939
@adildada6939 2 жыл бұрын
This felt like a 5minute vid. It s fun watching and learning from you so thanks 🙏🏼
@jakeevans6935
@jakeevans6935 2 жыл бұрын
i loved that you included the documentation and reporting part!
@kr4k3nn
@kr4k3nn 2 жыл бұрын
Totally awesome... Really enjoyed it. Thank you very much for showcasing it.
@timberlock
@timberlock 2 жыл бұрын
Best defense is a great offense! My Python bot is thirsty for these phising attacks!
@ankitminz5872
@ankitminz5872 2 жыл бұрын
Imagine phishing scam getting spammed lol
@timberlock
@timberlock 2 жыл бұрын
@@gites8740 Go ahead.
@roadmonitoroz
@roadmonitoroz 2 жыл бұрын
@@ankitminz5872 Happens more often than you think :D
@alice20001
@alice20001 2 жыл бұрын
It's for stuff like this that I LOVE this channel! Incredible work!
@Darki0n
@Darki0n 2 жыл бұрын
Thank you again for doing what you do, I, as well as many others I'm sure, learn a tremendous amount from you, I'm not terribly confident in my ability to reverse engineer malware yet but simply watching you navigate Linux is enlightening.
@_CryptoCat
@_CryptoCat 2 жыл бұрын
this was awesome! i like how you showed how to report as well, hope to see more real world examples like this 😊
@headlights-go-up
@headlights-go-up 2 жыл бұрын
“Or vscode if you’re that kind of person “ I feel personally attacked looool
@louislove795
@louislove795 2 жыл бұрын
This might be the best KZfaq channel I've come across
@TriSept
@TriSept 2 жыл бұрын
Thanks for going over this email, I have to deal with stuff like this all too often and thank you for showing people on how to report this stuff.
@Ookami8raven
@Ookami8raven 2 жыл бұрын
thanks! John. Thanks to this video, I was able to stop the malware, when an employee got a similar phishing email. Keep up the great work!
@navyguy58000
@navyguy58000 2 жыл бұрын
More of this! So fun to watch, Ty John
@therealpara9444
@therealpara9444 2 жыл бұрын
beautiful video. I spent alot of time today trying to learn coding for the first time HTML CSS,Java,C# . Came across this by accident. Was definitely wort watching from Start to Finish. Very Informative too!
@duckqlz777
@duckqlz777 2 жыл бұрын
He doesn't "advocate" hacking forward then shows the code ( 28:45 ) for an infinite while loop to spam "F-You" to the server for anyone to copy. Smooth 😎
@roadmonitoroz
@roadmonitoroz 2 жыл бұрын
Wouldn't doing just a while loop attract too much attention if its banging away as fast as it can ? It's like if you are attacking a system the IDS will notice weird things like this . Maybe put some random timeouts (10 - 20 seconds apart) would be a better idea. Apart from that, you'd want to randomize the data so they don't all say F-you as the password or have the same username / email etc.
@duckqlz777
@duckqlz777 2 жыл бұрын
@@roadmonitoroz =_=
@CarRamrod-uf2ub
@CarRamrod-uf2ub 2 жыл бұрын
Thank you John. This video legitimately helped me do my job better!
@Tbman00
@Tbman00 2 жыл бұрын
Very 2000's kinda phishing attack. Funny to see it again in the open. since most of the servers don't allow these types of pages/scripts, it died soon after few years, but it spawned huge amount of email addresses back in the day! And, in the present, after soooo many years, surprisingly none of those AVs caught that. Lol.
@pewpew215
@pewpew215 2 жыл бұрын
Very creative phishing attack. great video man!!
@m7mdarwani964
@m7mdarwani964 2 жыл бұрын
OMG, time flies when you are having fun! Didn't feel that this was a 47 min video.
@tarunkumar6727
@tarunkumar6727 2 жыл бұрын
That was holy fucking awesome informational video... definitely deserves comment, share , like and subscribe and what not.... the way you broke down each part and explained ... gold man!!! thanks a ton!!
@fredb5626
@fredb5626 2 жыл бұрын
Honestly, i REALLY enjoyed that one
@Bobtb
@Bobtb 2 жыл бұрын
Hey John, just a heads-up. First of all, awesome video, again! Thanks for sharing this. Secondly, You may want to mask the VT file hash as well. Someone silly enough, like me, for example, might type it over and see more than you wanted to share ;) Edit: I see that you masked it out later in the video, but you missed something.
@Ylmorko
@Ylmorko 2 жыл бұрын
Yup I was just about to write this when i found your comment, once it is on VT it is public :) and can be harvested
@dq303
@dq303 2 жыл бұрын
Ouu please explain
@JMac1506
@JMac1506 2 жыл бұрын
I work in cyber security and we receive emails like this almost daily. It’s super cool to analyze them and see the fake phishing login pages people create.
@damianwallace8761
@damianwallace8761 2 жыл бұрын
This was awesome! Please do some more of these, Great video
@seanohagan414
@seanohagan414 2 жыл бұрын
This is an amazing video, we just encounted this same Phishing campain last week.
@redjhone8209
@redjhone8209 Жыл бұрын
I can't believe this content is free. Thanks a lot man, your the best
@philtheskinnypigeon
@philtheskinnypigeon 2 жыл бұрын
Was great to see you reporting it. I’ve done similar for postal service scams which are rife in the UK
@FalcoGer
@FalcoGer 2 жыл бұрын
My guess is that they try the credentials automatically in the background, that's why it took 20 seconds draw a box in gimp: 1. use box select 2. select region 3. right click 4. edit > stroke selection 5. ??? 6. profit
@mushenji
@mushenji 2 жыл бұрын
This was trivial but also extremely awesome
@cc12yt
@cc12yt 2 жыл бұрын
This video is INSANE! I love this very much
@1nspir3dx
@1nspir3dx 2 жыл бұрын
Watched two of your videos and definitely subscribing. Keep making great content : )
@PurpleCandy1000
@PurpleCandy1000 2 жыл бұрын
I really liked the reporting part! It'd be awesome if you updated us when they respond
@masons3389
@masons3389 2 жыл бұрын
Great video. I've seen this phishing attempt. Cool to see the deep dive.
@JF743
@JF743 2 жыл бұрын
I've seen a few similar emails in my organisation in the last few months where they even replicated the look of the specific organisation's login page (the image background matches the custom one set by the organisation rather than the basic regular one). Thankfully our users have been shown to signal us suspicious emails.
@franzbertros4858
@franzbertros4858 2 жыл бұрын
I really love your videos, just the detail paired with great Explantation :-) Keep going!!!
@powerporridge1337
@powerporridge1337 2 жыл бұрын
great video John, you are a cybersec inspiration!
@bryc42013
@bryc42013 2 жыл бұрын
Wow great content! Very informative! I would love to see more videos like this!
@cheifntoke
@cheifntoke 2 жыл бұрын
Really great, informative video! Thanks!
@jacobebrock
@jacobebrock 2 жыл бұрын
Thanks for the content John. Always love these videos.
@tomstechnews
@tomstechnews Жыл бұрын
Thanks John! Great explanation how a phishing attack works under the hood! Hope Namecheap take the necessary steps to shut down this domain and the related server and services! To catch and arrest the real "bad guys" is the bigger task in the story and depends on official entities and the will to pursue them. Waiting for you next vid .. 👍
@tommeleyn
@tommeleyn 2 жыл бұрын
You forgot to report them where they host their vm. Only one disadvantage is that they don’t give the owners information of the vm if you can show that they attack you. But at least they bring it down.
@PacoPatron
@PacoPatron 2 жыл бұрын
Awesome stuff John, always enjoy your videos
@notchimorin
@notchimorin 2 жыл бұрын
sooo happy to see a new vid from you after school :)
@infotechyeti
@infotechyeti 2 жыл бұрын
amazing video...great presentation! appreciate the content and time you took to post this.
@bradley6727
@bradley6727 2 жыл бұрын
Great break down and explanation as always.
@donnie1581
@donnie1581 2 жыл бұрын
This is all fascinating to me and makes me wish i had stuck with it back in the day. I haven't even used Linux in years.
@logiciananimal
@logiciananimal 2 жыл бұрын
Hi - good stuff. I would have been tempted to put *Microsoft* as one target - it is them that is being impersonated. I look forward to hearing whether or not your reporting was successful to any degree.
@EmilNaydenov
@EmilNaydenov 2 жыл бұрын
Well done John!
@pqudah
@pqudah 2 жыл бұрын
Don't forget to add this to the malware analysis playlist
@Kzeeee07
@Kzeeee07 2 жыл бұрын
Absolutely legendary content.
@maxencedc
@maxencedc 2 жыл бұрын
VSauce be like It's returning a 404... Or is it ?
@OrangeYTT
@OrangeYTT 2 жыл бұрын
JSauce
@Stealthycybertaco
@Stealthycybertaco 2 жыл бұрын
I've seen hurley auctions for a long time now. Awesome video
@EbenezerYiadom
@EbenezerYiadom 2 жыл бұрын
So much fun, thank you 🔥🔥🔥
@jhbonarius
@jhbonarius 2 жыл бұрын
reporting stuff takes more time than reverse engineering it!!
@Gun0075
@Gun0075 2 жыл бұрын
I can really recommend LSP. Formats and highlights most scripting languages and helps with a lot of other functions, while also adding kind of a parser to scripting languages
@Laflamablanca969
@Laflamablanca969 2 жыл бұрын
More of these! Brilliant content
@SV_Sangha
@SV_Sangha 2 жыл бұрын
Love it John!
@anonymos7994
@anonymos7994 2 жыл бұрын
Awsome work you did there john, But i cant remember the last time i opened outlook 😂😂✌
@ventjemazzel8822
@ventjemazzel8822 2 жыл бұрын
Nice work John!
@edoardottt
@edoardottt 2 жыл бұрын
Thanks John !!!
@The-Dev-Ninja
@The-Dev-Ninja 2 жыл бұрын
i see 30 minutes of video, because is the best video i ever seen
@spaceiswater6539
@spaceiswater6539 2 жыл бұрын
Great work John I learned a lot from you.
@liesdamnlies3372
@liesdamnlies3372 2 жыл бұрын
Very crafty. Defeated in no time with a password manager. Or 2FA. Or both. But cool to see. And a sad reminder that this does still work, because those two aforementioned things are often lacking.
@znxster
@znxster 2 жыл бұрын
2FA is needed indeed. But it should be noted, if you use a OTP style password fill, that too can be phished. Highly recommend using MS Authenticator (or others) which prompt on your phone, rather than prompting for a OTP.
@dominicdoretto2775
@dominicdoretto2775 2 жыл бұрын
"...nor would I want to do that on KZfaq."
@Terrain2
@Terrain2 2 жыл бұрын
34:36 Well, when you zoom in, it's left-aligned, isn't it? The left side stays. And the code was indented as hell, just be thankful it wasn't actually right aligned (where left is more indented)
@cheeseisgud7311
@cheeseisgud7311 2 жыл бұрын
I got this recently, and I had alot of fun messing around with it and changing the post request address I also reported the domain
@buhaytza2005
@buhaytza2005 2 жыл бұрын
Really good stuff and great use of OSINT. However, the registrar could be a victim of the phishing scam and just had their server hijacked. I know the probability of this is low as the server was setup to return fake 404 on the files present and didn’t have anything else but if this is a major operation they might be swapping servers at a certain interval 🤷‍♂️ Great advice too: MFA rullz and the IT department is there for a reason!
@zoes17
@zoes17 2 жыл бұрын
The zip code is for LA, Cali but the phone goes to a different city in Cali. Then there's the fact the street address is likely fake too given it's numbers and first two letters repeat which makes it look like a 1234 address... Given that with the 404's being fake'd I'm guessing the WHOIS is spoofed or otherwise fake too, but, innocent people could be used as a front here too just to further shroud this in layers of shade.
@blackandwhitegamingproduct7356
@blackandwhitegamingproduct7356 7 ай бұрын
@@zoes17the state says New York, there’s no Los Angeles New York first of all
@GerardoBelot
@GerardoBelot 2 жыл бұрын
Dammmm, I can't be alive, hopefully next time, your content is amassing!!!
@ShinigamiAnger
@ShinigamiAnger 2 жыл бұрын
I hope you can resurrect. Btw this is not live but première. Also his content is not just amassed, but also amazing, just like your english. (just joking on your typos, have a nice day)
@GerardoBelot
@GerardoBelot 2 жыл бұрын
Sorry, I was running out of time XD!!
@vitoluong7524
@vitoluong7524 2 жыл бұрын
That was very nice. Looking forward to your next contents
@joshuampere4327
@joshuampere4327 Жыл бұрын
I deal with these files every frickin day lol love it
@bravo0-625
@bravo0-625 2 жыл бұрын
i can watch john sec 101 all day . thank you for engulfing us your knowledge .
@hendram4319
@hendram4319 2 жыл бұрын
amazing, is a great experience
@atsa1
@atsa1 5 ай бұрын
This video makes me glad that i never ever open links from emails. And second - i never ever remember my password first try and i always use 2 factor
@stephenv167
@stephenv167 2 жыл бұрын
The target would be outlook's login, it's literally targeting the Microsoft office login, since that's where it /redirects/ to.
@AyeAJ
@AyeAJ Жыл бұрын
Amazing job
@kingkong1040
@kingkong1040 8 ай бұрын
Los Angeles, New York with a CA zip code nice lol
@froido123456
@froido123456 Жыл бұрын
Liked the video. The whois lookup shows City of Los Angeles state New York. Surprised you missed that. Also Google maps shows that’s a Bank of America about a block from my house
@noneofbusiness9764
@noneofbusiness9764 Жыл бұрын
Thank you
@YawadoudouAllahou
@YawadoudouAllahou Жыл бұрын
Eog command was a good thing for me. Thanks
@NicholasStevensDrBiscuit
@NicholasStevensDrBiscuit 2 жыл бұрын
Great stuff!
@casachezdoom2588
@casachezdoom2588 2 жыл бұрын
Hey really enjoy your videos! I don't know much about linux and most of the apps you use, but I'd be interested to learn more eventually. Do you think it is possible to do most of what you do in these videos using Raspbian on a Raspberry Pi? I'm considering making a small work station with a Raspberry Pi for learning/testing network stuff . Do you think it's a good idea or am I limiting myself by not using a full-on Linux distro on a more powerful computer?
@opposite342
@opposite342 2 жыл бұрын
It is possible, at least the one in this video for sure is.
@theroxenes
@theroxenes Жыл бұрын
I've seen phishing attempts in this style quite a few times. Some of them even do some sort of automated login + 2FA harvesting. Also, the webmaster contact location of Los Angeles, New York definitely sounds like fake info, somehow.
@faker-scambait
@faker-scambait Жыл бұрын
nice john keep up yhe good work
@ZeBadger
@ZeBadger 2 жыл бұрын
The probable reason that the virus scanners aren't detecting it is because the organisation name is embedded in the payload... and will be different for every target.
@logiciananimal
@logiciananimal 2 жыл бұрын
Possible, but some of the scanners now use regexes or other partial matches from what I understand.
Mozi Malware - Finding Breadcrumbs...
50:16
John Hammond
Рет қаралды 196 М.
KOVTER Malware Analysis - Fileless Persistence in Registry
1:28:14
John Hammond
Рет қаралды 329 М.
Is That Lipstick On His Neck??
00:13
Polar
Рет қаралды 7 МЛН
Lipstick 💄 crazy lifehack 😘 #lifehacks #beauty #makeup #hack
00:20
اختراق شيبس مجنون #كوميدي #مضحك
00:11
سكتشات وحركات
Рет қаралды 13 МЛН
He tried to hack me...
34:15
John Hammond
Рет қаралды 370 М.
Unraveling the IcedID Malware Stager & Phishing Email
33:34
John Hammond
Рет қаралды 77 М.
Unraveling a REMOTE ACCESS TROJAN (VBScript Deobfuscation)
31:20
John Hammond
Рет қаралды 158 М.
Finding WEIRD Typosquatting Websites
24:26
John Hammond
Рет қаралды 98 М.
Uncovering NETWIRE Malware - Discovery & Deobfuscation
59:46
John Hammond
Рет қаралды 89 М.
Malware Analysis & Threat Intel: UAC Bypasses
33:00
John Hammond
Рет қаралды 22 М.
The Latest YouTube Malware Scam
27:09
John Hammond
Рет қаралды 114 М.
Discord Malware - "i hacked MYSELF??"
58:21
John Hammond
Рет қаралды 191 М.
MALWARE ANALYSIS - VBScript Decoding & Deobfuscating
42:23
John Hammond
Рет қаралды 1 МЛН
Phishing for Funds: Understanding Business Email Compromise
59:45
Is That Lipstick On His Neck??
00:13
Polar
Рет қаралды 7 МЛН