I Hacked & Exposed This Fake Website for Educational Purposes

No video

I Hacked & Exposed This Fake Website for Educational Purposes - CTF

Рет қаралды 166,438

Күн бұрын

#pentesting #ctf #hacking #cybersecurity #php
00:00 - intro
00:08 - Disclaimer
00:19 - Mapping
02:23 - Digging
03:24 - Attempting file read
04:30 - Interesting log
04:50 - Log poisoning
05:44 - Remote Code Execution
06:38 - Log script
07:30 - Filter Bypass
08:30 - Command injection and Privilege escalation
09:41 - Exposing the dark secret
DISCLAIMER: The techniques shown here should strictly be used on targets you HAVE permission to test. NEVER hack something you don't have permission to.
In this video, I demonstrate how to hack a CTF target and get root in just a few minutes. Web developers will learn a lot on how to secure their websites! Ethical hackers will learn hacking techniques to help their clients become more secure.
Credit: Challenge The Ether: EvilScience (v1.0.1) from f1re_w1re (www.vulnhub.co...)
🔥Use Coupon THEHACKERISH and Get 5% discount on CRTP and other courses on www.alteredsec... when you pay with Stripe.
🚀 🔥 Become a pentester
academy.thehac...
📙 Learn the technical skills:
thehackerish.c...
📙 Become a successful bug bounty hunter: thehackerish.c...
🆓 Download your FREE Web hacking LAB and starting hacking NOW: thehackerish.c...
🌐 Read more on the blog: thehackerish.com
🇩 Discord: / discord
💪🏻 Support this work: thehackerish.c...
- Facebook Page: / thehackerish
- Follow us on Twitter: / thehackerish
- Listen on Anchor: anchor.fm/theh...
- Listen on Spotify: open.spotify.c...
- Listen on Google Podcasts: podcasts.googl...

Пікірлер: 225

@5374seth 10 ай бұрын

Takeaway: don’t upload your evil incriminating journal to your company’s public web server

@Artemyst 10 ай бұрын

Why upload it at all? Pen and paper would protect a lot of companies getting evil shit only 1 or 2 people at the top should know about from coming out

@vatsaljoshi5788 2 ай бұрын

M.x lostyckwi have smeeyny

@akatsukilevi 10 ай бұрын

Not bad! Just next time put a disclaimer at the start of the video saying that it is a actual CTF challenge Might help people who aren't knowledgeful into CTF's or platforms like root-me to get to know them!

@antonaparin 10 ай бұрын

=clickbait

@onidaaitsubasa4177 10 ай бұрын

What's really disturbing is that there actually might actually be a real reasearch company that does questionable testing like this on people somewhere out there, it's good they have these simulation websites to test your hacking and programming skills.

@mikymuky1171 10 ай бұрын

I was literally just binging a tv series called Fringe. What a great coincidence! Great series

@user-ge7ep5sc2d 10 ай бұрын

@trackme3621and you lack the ability to read

@mikymuky1171 10 ай бұрын

@trackme3621 r/whoosh

@ok-tr1nw 10 ай бұрын

Mkultra

@screamisot 10 ай бұрын

Its a ctf examination its not a real website it's just a example of how hackers can show the truth and test your skills.

@jerrymartin7019 10 ай бұрын

Always love the little lore tidbits ctf makers include in their challenges

@victorstegmaier7572 10 ай бұрын

You sure you haven't hacked accidentally the source code of Fallout 5? That sounds like some Vault-Tec horror story... 😂

@thehackerish 10 ай бұрын

😂😂😂

@filtztr 10 ай бұрын

i had a stroke reading that and fucking died

@MaxWis 10 ай бұрын

I wish they did this as security lesson on my uni. just one day of doing this just to get a feel for it and learn how to protect against these attacks

@collectorXVIII 10 ай бұрын

The real question is how does he know its evil?

@shouvikkundu8289 10 ай бұрын

It's a ctf challenge bro

@jrapp654 10 ай бұрын

He’s joking bro

@pitpot2 10 ай бұрын

its very clearly an evil website

@pegtade 10 ай бұрын

Its not a real site, well it is but its made for hackers to hack.

@hidden_network 10 ай бұрын

The website was created by him .. just a demo

@Mahatah 10 ай бұрын

This directory traversal, to log poisoning, to RCE revshell is very well presented. Also, there are clearly some really interesting command aliases used in this video. If we ask nicely, could we see a few that you have? I noticed "nmapq" and "revshell" in the video.

@thehackerish 10 ай бұрын

Sure, I will share them in future videos

@vedantkanoujia 10 ай бұрын

I love how you fool people's while playing ctf & adding *STORY* to it like cherry on cake

@flatiialt-kx4fo 10 ай бұрын

" " *

@leafofyume7838 10 ай бұрын

wow rly didint think it would be so easy to hack a website that has close to none security implementations. scary

@chri-k 10 ай бұрын

People seem to click before they read, so moving "CTF" closer to the front (or shortening the title in general, or putting it in the thumbnail) may help with the clickbait accusations. It may also be getting cut off in some places ( i don't know though )

@Sparkette 10 ай бұрын

I think "might go to jail" is more accurate. It's not a guarantee; people do get away with it sometimes.

@thehackerish 10 ай бұрын

Better safe than sorry 😉

@aiexzs 10 ай бұрын

@@thehackerish 😉

@hermanbenstreng 9 ай бұрын

most of the times xd

@rodricbr 10 ай бұрын

very nice little easy ctf. I think I'ma go back into doing them, you've inspired me

@thehackerish 10 ай бұрын

Have fun!

@itsmmdoha 10 ай бұрын

I love these videos, please keep making these!

@NatureSoulHarmony 10 ай бұрын

This series is awesome keep up

@ultralaggerREV1 10 ай бұрын

The FBI is definitely watching us

@ClashWithHuzefa 10 ай бұрын

Man, this hacking looks so difficult. I want to learn like you 😭😭

@noobidubi8137 10 ай бұрын

If you wanna learn try "hack the box academy"

@Owl69699 10 ай бұрын

Bro made this video like im watching a horror movie and i absolutely love it!! \

@thehackerish 10 ай бұрын

Glad you liked it!

@justincase5228 10 ай бұрын

I had a friend working in I.T. at a college in Wales and we were talking on the phone. I asked if he thought his system was secure and of course, he's talking shit. So while we were talking I was hacking their website in real time and then email'd him the contents of one of the server's logs. :evil laugh:

@muneeburrehman547 10 ай бұрын

😂😂😂

@justinmorales4635 Ай бұрын

Can you check a website and see what you can see on it. It’s a scammers fake website that he uses to scam people

@Gray3ther 10 ай бұрын

Very instructive, as always. Thanx hackerish! ❤

@thehackerish 10 ай бұрын

My pleasure!

@happyboom- 10 ай бұрын

great video. I would fully prepare for youtube to take it down though. So please let us know about any community resources you host :) subscribed!

@MayorMcBluntz 10 ай бұрын

its a CTF would probably be considered to be educational and not malicious since the site is for this purpose.

@pitpot2 10 ай бұрын

love your videos! hope you get more traction soon because your channel is very underrated :)

@thehackerish 10 ай бұрын

Thank you so much! Share it with your peers

@glaszn 10 ай бұрын

amazing act m8 ... really good and very educational

@md.mahadi1 10 ай бұрын

Very nice. Please make a video with java/nodejs website

@hartpa 9 ай бұрын

I don't understand a second of this but respect that you share it.

@TheOverkillSociety 10 ай бұрын

Damn, this sounds like something straight out of Resident Evil.

@amin7581 10 ай бұрын

Oh my. This is definitely scary. I can't believe there are company hidden in the world would do this. As a professional website clicker, I can tell you, this is definitely and totally not a dummy site. Very scary indeed.

@thetechdudemc 10 ай бұрын

The etc/sudoers file properly set up would have prevented the escalation to root right?

@thehackerish 10 ай бұрын

Yep, correct

@BomMeldingYT 10 ай бұрын

I keep on learning stuff, thanks

@ButterflyAdminOfAuth 10 ай бұрын

Btw Your CTF was Great I learned A lotcz I used same payload on HTB clicker machine but I faile now I know what to do

@subscrownicMAIN 10 ай бұрын

love your PCs framerate for moving the mouse around

@harryhack91 10 ай бұрын

That journal at the end looked like an SCP

@SSS333-AAA 10 ай бұрын

i'm so damn confused. enchantment table is something i never learned.

@Mr.Equinox 10 ай бұрын

Finally! Log poisoning 😁

@franceconi 10 ай бұрын

Excellent work!! Thanks for sharing.

@thehackerish 10 ай бұрын

Thank you! Cheers!

@Faeest 10 ай бұрын

what app you use to digging in? some kinda postman but it's not postman. what was that?

@thehackerish 10 ай бұрын

Burpsuite, or zaproxy works as well

@silkroad780 6 ай бұрын

Thank you , but if the website outside you Lan network , you do the same ?

@thehackerish 5 ай бұрын

if it's accessible through internet, yes

@dreamaker2107 10 ай бұрын

What program are you using at the digging part?

@thehackerish 10 ай бұрын

Web proxy: burpsuite, terminal: Ubuntu

@shareb1t 10 ай бұрын

Disclaimer: Never put click bait such as video without permission from your viewers otherwise you might go actually you will be banned and forgotten

@thehackerish 10 ай бұрын

Well heard, what do you suggest as a title?

@RenderBenderProductions 9 ай бұрын

What is the rpogram hat you use in this video?

@thehackerish 8 ай бұрын

Just aliases around Nmap and wfuzz

@davin2002 10 ай бұрын

so there was no ssl key, so what was the use of the private key ? , then why post stuff on a webserver, i don't understand the security of this site

@Tommi-C 10 ай бұрын

You had me there for 11 min and 15 seconds 😉😉

@paolomontelbano 10 ай бұрын

This is just a ctf.. why are you making it sound as if this is a real site in the title?

@taronnersisyan9612 10 ай бұрын

Dude noone is gonna post something unethical in KZfaq

@sifuhotman8595 10 ай бұрын

Clickbait Successful. 😂

@legend7066 4 ай бұрын

what is nmapq?

@dereklee2590 9 ай бұрын

How do hack website that is doing illegal activity also the users doing illegal activity

@beast-chan 10 ай бұрын

i robbed a bank and stole 2M$ for educational purposes 🤣

@lel0uchfr199 10 ай бұрын

what's the name of the tool to fetch data (with GET etc...) ?

@thehackerish 10 ай бұрын

Curl and Burpsuite

@SujjtaLopchan 3 ай бұрын

Brother i am in huge trouble i need your help plz help me

@nolannono31 10 ай бұрын

what happen if someone go to the url of the website

@rgtechyt9267 10 ай бұрын

Which operation system are you using bro please reply

@W_Rizz. 10 ай бұрын

Kali Linux I assume

@thehackerish 10 ай бұрын

Ubuntu running on windows wsl

@deadman746 10 ай бұрын

I know someone who hacked into a rape ring. He got more prison time than the rapists.

@turbo_marc 10 ай бұрын

The hacker shouldn't have gotten any prison time. Absolutely ridiculous.

@Bartyron 10 ай бұрын

very entertaining!

@Patel_jishan 9 ай бұрын

Hii sir please please give a fuxsocy details video

@amongusboi2032 9 ай бұрын

Sounds like chaos insurgency hacker hacking into one of scp foundations websites. Welcome to the splinter group, cyber security dude. 😂😂😂

@ewancadmore3592 10 ай бұрын

what are the names of those windows he's using to execute code?

@W_Rizz. 10 ай бұрын

Terminal

@mebmeamarketing7094 9 ай бұрын

Not understand fully but I enjoy every time. With seen of earning. But I not understand every time. What is money. Why people always money only. Why they do not work for reality. Why they don't need simple ways. Why people going in trouble trouble and troublings..... 🎉 Enjoy your money. But Please take care yourself and poors. You you all. ALLAH BLESS US AAMEEN ❤

@Vurkman 10 ай бұрын

can u do it on a virtual box?

@thehackerish 10 ай бұрын

Yes, from vulnhub.com

@michaeltaylor8835 9 ай бұрын

Good job

@khalnayakgamer6607 10 ай бұрын

1st yr 😌

@MasterHacker... 10 ай бұрын

1דא

@deatheternal720 10 ай бұрын

why are you recording in 2 fps

@holl7w 10 ай бұрын

The video is not in 2 fps

@justarandomcat7 10 ай бұрын

🔵 The Hackerish is the best 👏

@0RIPPER0 10 ай бұрын

Dyaumn man !

@harrymakongwa1147 10 ай бұрын

How do you know what you know ..

@thehackerish 10 ай бұрын

Everything is available online to self-learn

@user-zh7yr6vz3t 8 ай бұрын

can you hack a scammer website who take money from people's by fraud .. reply if you can i will share you link.

@e.v.a.l.s 10 ай бұрын

i dnot get it

@stormgaminggg 10 ай бұрын

so you can basicaly install a virus and run it using this to destroy the server?

@thehackerish 10 ай бұрын

Yeah, once root, you can do pretty much all you want. But in penetration tests, you always take your customer's data and availability into account

@thekillercrum 9 ай бұрын

sick project

@itwasntme947 10 ай бұрын

I am root

@naptimusnapolyus1227 10 ай бұрын

Delightful. 🎩 ☕🗿

@GrumpyGillsFishing 10 ай бұрын

Beautiful lab 😂 I love it

@jimschips254 9 ай бұрын

Pro tip: this vid smacks in 1.25x speed

@0mn1_p073r 10 ай бұрын

Is this genuine data of them... or you just crafted iy yourself, i mean the experiment sounds russian

@thehackerish 10 ай бұрын

No, this is a capture the flag designed to test hacking skills, and has a story behind

@PythVR2 10 ай бұрын

when you put educational purposes at the end of the law the just ignore what your doing.

@thehackerish 10 ай бұрын

Not just that, the website itself is for educational purposes only 😉

@user-qk2sx2xn3f 10 ай бұрын

Sir good day to you l was watching your videos but l should like to ask about a certain app which l don't know if it's real or fake app

@user-qk2sx2xn3f 10 ай бұрын

He research l made almost people are saying that it's working but honestly speaking according to you hackers you can tell us the truth

@user-qk2sx2xn3f 10 ай бұрын

So how can l reach on you or how can l contact you and l give you full details sir, l will be glad to hear from you

@thehackerish 10 ай бұрын

You can dm me on Twitter

@user-qk2sx2xn3f 10 ай бұрын

But guy why do you always send us to contact you through Twitter, Instagram, Telegram why do you give us direct numbers or contacts to reach up on you

@ghost_ship_supreme 10 ай бұрын

5:40 wait… what did he do here?

@alexgamingyt-cj1bf 10 ай бұрын

hello fbi watchlist!

@Steve-xb7dn 10 ай бұрын

this stuff is years old.....

@OligoST 10 ай бұрын

Spooky story

@gocciolafr 10 ай бұрын

0:13 then why are you doing it 💀

@SomeDudeCauseYes 10 ай бұрын

twist: he hacked a evil site, create but remove security, then do a educational vid on it. (Joke btw)

@codename_ghost1676 9 ай бұрын

PLEASE TELL ME THIS IS SATIRE

@lpsfairylightz6468 10 ай бұрын

LOLL IM STUPJD IDK ANYTHING ABOUT CODE AND I WAS LIKE ILL WATCH GHIS IT LOOKS COOL I THOUGHT IT WAS REAL AND THEN THE REVEAL STARTED AND I WAS LIKE 💔💔💔

@mikehunthunt8269 10 ай бұрын

You have your own ip 😔

@johndavemontalvo7236 4 ай бұрын

naay kahibaw mu hack dri cebu? willing to pay

@iskrassupercoolchannel 9 ай бұрын

@yusufermanto1540 10 ай бұрын

is the life expectancy gonna be Pay To Win? i prefer Free To Play

@purple-47 10 ай бұрын

5:23 is that your IP?

@thehackerish 10 ай бұрын

Nice catch, vpn

@purple-47 10 ай бұрын

thanks.@@thehackerish

@vitorstreetboys 10 ай бұрын

hahahaha

@Biejoy666 10 ай бұрын

And don't be evil again okay😊

@bepisenjoyer 10 ай бұрын

omething has gone wron

@devviz 10 ай бұрын

who tf encode experiment logs in a flag.png file?! ridiculous, unrealistic

@thehackerish 10 ай бұрын

It's a ctf

@IBadAtEditing 10 ай бұрын

POV you don’t understand that even in unrealistic CTF’s, you can learn a thing or two to apply to real world scenarios 🤯🤯🤯🤯

@traida111 10 ай бұрын

I believe you already hacked it, then repeated the steps again while recording. I mean, in this type of thing its how to make good content. well done

@alvaromoe 10 ай бұрын

Discalimer

@realPikachu1p 10 ай бұрын

Ngl a link name like that already screams scam lol

@wereisaly 10 ай бұрын

Lmao just hack any website and say its for “educational purposes“ problem solved

@thehackerish 10 ай бұрын

It's not just any website, I don't hack things I am not authorized to

@ImDuck42 10 ай бұрын

can you hack discord servers and give everyone free Nitro ? (for educational purposes of course)

@thehackerish 10 ай бұрын

Haha, unfortunately no. It's unethical

@Lynixity 10 ай бұрын

it is lel >:)))))@@thehackerish

@Kami-hd5sh 10 ай бұрын

❤❤❤❤❤🎉😂😂😂

@Kwijtamine 10 ай бұрын

bruh

@ByteBound_ 10 ай бұрын

Love the fakeness abt this lol