A friend showed me how to do this in 2007

I am not sure but isn’t this something like shodan?

Starting the video with a ad 😢. Rip your watch time 😂

So powerfull! If a read teamer put this file in a smb share for example, whould the .ico be fetched by any viewers of the share? Or the ico will be cached by the DC?

I was surprised to see after looking into Censys that they're physically located in Ann Arbor. I lived in Ann Arbor for years :-O

only dumb people have show file extensions off

Thanks John, you the boss!

Imagine looking at active cameras and randomly seeing someone through their webcam.. that would.. not be good.

Hey John big fan here, one thing though I noticed that this only works on windows 10 and does not give me the hash when I tried it on windows 11 is there any reason for that?

I bet the company ignores robots.txt Very scummy

Wonder if all these vulnerabilities are recognized by Huntress?

How can i get free ios file of windows 10 or win 11

0:14: 🔍 Uncovering a hidden file on the Windows desktop with potential security risks. 2:55: 💻 Exploring icon options in Windows 10 virtual machine and limited capabilities discovered. 5:47: 🔒 File reveals sensitive data through captured hashes. 8:27: 💻 File types can be used to steal passwords and authenticate without plain text passwords, even in web browsers. 11:06: 💻 Discussion on potential security vulnerability related to SCF files and social engineering tactics. 13:56: 💻 Implementing HTTPS on Port 8443, removing cache, and setting up a vulnerable version of Chromium. 16:49: 💻 Exploiting local variables to exfiltrate sensitive data through a DAV server on Port 80. Tammy AI: Get video info faster & better

I received the email. Gone to the link to download it. No download button for me I guess...

Once saw one of these videos of an old guy asleep on his sofa, think the camera was inside a TV. You're better off covering anything thats got a camera if you don't want others being able to see you. I have tape covering the camera on my laptop for the same reason. If you've got any webcams also unplug them when not using them. There are thousands of links online and through google that give access to all these cameras.

A small correction: You meant "relay" the hash not "pass" because pass the hash attacks are different than NTLM relay attacks. It's quite confusing because of the misused terminology (I did it in the previous sentence as well for traditional reasons :D). But the pass-the-hash attack uses the password hash stored on the machine to generate NetNTLMv2 hashes that will be sent through the network. Relay attacks catch a NetNTLMv2 hash (just like responder does) and sends it through to another service that accepts NTLM authentication. Key differences: NetNTLMv2 hashes cannot be used for long, they expire. SMB signing (in case of SMB servers) can defend against relay attacks (but it will have like a 30% performance cut) while pass-the-hash attacks will work even if it's enabled.

I thought section .data came before section .text?

Isn't this kinda like SHODAN?

how about facebook account? the email and number is no longer registered at two way authentication factor is off by the hacker, is it possible to recover it? thanks in advance, by the way i am from Philippines

I use it to check traffic, but the public cameras are pretty slow since everybody is using it

Classic John Hammond, always traveling so we can't pinpoint his location with OSINT

12:07 For those starting out in gdb, as I am: I believe what he was looking for there was x/500b (or x/500xb). It was already printing in xw (hex, word) mode, so x/500 (i.e. x/500xw) gave the *hex* of the 500 *words* at that address. b = byte h = half-byte (2 bytes) w = word (4 bytes) g = giant word (8 bytes) 👍 13:18 or, as Scooby would say, the "ROPportunities" 😜

Very old trick, i remember using this to infect my teachers computer so i could steal the tests early

whats the link for tor 66

I am, have always been and plan on always being...a shift+delete kind of person.

Mind blown

Malicious hackers write some sloppy code.

Probably just me but you sound like Seth Rogen if he wasn't a weed smoker 🫡👌

Running and gunnin! Hotel YT production. Good to see you John! Great video

Neat info

Love, John Hammond. :)

one thing that i appreciate about your videos is that you zoom the screen big enough to make it easier to read and watch. and i think people don't point that out enough. thanks.

I just did something like this not that long ago and pwnd the SOC for the folks that I was working for. I downloaded an SCF to my computer which pointed to my host on the Internet, well the SOC saw the file saved it their desktop and all of the sudden I had a connection to my host from one of the SOC users (which BTW had admin rights on an S* load of systems) after that I used his credentials, with pass the hash, to own the place.

It's like we are playing geoguesser but with random internet cameras.

"I'm trying to drag this file to the bin but it just WILL NOT GO IN THERE" 😅🤣 Another fun option would be to change the right-click context options for this file to look like it is a recycle bin - the context menus for the bin vs. files look pretty different and someone who is apprehensive might be able to figure out something is up just by right clicking the file and seeing no recycle-related-options. But maybe not if it looks exactly like the bin menus. OR ... could you somehow link the trap file to the REAL recycle bin, and simply pass the user in a way that looks normal? (IE: logs info, then just opens the real recycling bin so fast the user would never notice)

SMB seems like it's primarily a vulnerability generating protocol that just happens to also let you share files

the odd thing on your desktop is that you use google chrome

Restore normal function : Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\.scf] @="SHCmdFile"

Yooo, I swear you always have the most absurd things in windows to perform malicious actions with, absolutely love it!

dot SCF File Fix create a new dot reg file: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\.scf] "Content Type"="text/plain" "PerceivedType"="text" @="txtfile" [HKEY_CLASSES_ROOT\.scf\PersistentHandler] @="{5e941d80-bf96-11cd-b579-08002b30bfeb}" [HKEY_CLASSES_ROOT\.scf\ShellNew] "ItemName"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\ 6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\ 00,6e,00,6f,00,74,00,65,00,70,00,61,00,64,00,2e,00,65,00,78,00,65,00,2c,00,\ 2d,00,34,00,37,00,30,00,00,00 "NullFile"="" run new dot reg file and done.

Thank you for the awesome content, Scary that this works on network file shares and USB drives.

COOL!

You wouldn't be able to "pass the hash" this isn't ntlm, this is a different format known as net-NTLM, you can relay this though, so long as there is no signing in place.

I'm too dumb to understand everything You present, but how I have been told "I love when You speak technical to me"

"I use chatgpt" then you're a skid.

Why does the Linux community ignore this? Especially Linus Torvalds? Because they're also hackers. And by the way RMS, hacker is also ambiguous . Hacking is also dangerous because of its black hat definition.

Windows is the Devil

Doesn't seem to work on Windows 11

You are the one 💪

Alright, so you can set a custom icon for a richtext file or word document... 🤷‍♂ Seems cool, but noone really uses it afaik. But then allowing a network location for an icon, on a local document file is really odd🤦‍♂, I don't think anyone asked for that feature whatsoever.