How Hackers Compromise BIG Networks (with NetExec)
Vložit
- čas přidán 21. 03. 2024
- jh.live/n8n || Build automated workflows between applications, and integrate JavaScript or Python code whenever you need to -- with n8n! jh.live/n8n
Follow along with Name Your Price Training: jh.live/nypt
Free Cybersecurity Education and Ethical Hacking with John Hammond
📧JOIN MY NEWSLETTER ➡ jh.live/email
🙏SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/discord ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
🔥CZcams ALGORITHM ➡ Like, Comment, & Subscribe!
Whoa, this is a great surprise! Thanks for covering our tool, we put a lot of work into it and love to see people enjoy it!
We also JUST updated the --users functionality last night, so it will display the # of bad password attempts (how it worked way back in CME), and last password set date. I also fixed the functionality to allow you to just list specific users if you want, instead of the entire list.
Glad to see the project evolving
Very cool! Please let us know if you get to walk through the course and if there is any feedback on the course the team made for your tool!
Amazing! Keep up the good work 🙌👍
lol the video says includes paid promotion so somebody paid him to do that video about this tool, who else would have paid for it then you guys ??
Love that Future John got into spacetime exploitation so he could pivot back to the video.
Super cool showcase, awesome video!
The loggedon-user to impersonation path is a really great way to get DA, loved seeing that!
If I may add a few notes:
- Instead of manually setting the account owned in Bloodhound you can just enable the Bloodhound connector in the nxc config, and it will automatically own users/computers :D
- There is already a PR in the works that fixes the ldap problem, so it just works out of the box
- The bloodhound zip bug was fixed two days ago (so you will actually have to unzip it 😅)
Thank you John, for making the Lab less expensive, for everyone to participate.
Good for n8n to sponsor this video. Looks really interesting and I think if I watch another couple of sponsored videos I’d probably go and try it out
Just started my journey in all this so that was cool to watch. Thank you, learned a lot
John, I don't know whether it was you or another member of the team... but....
I want to thank you and your team for reducing the massive POPping from the mic.
I massively appreciate you, and what you are doing here on your channel, and your dedication to saving vintage speakers all over the world!
Much love xx
Me.
I try to remove any kind of sound artifacts that I can, in every video. Recently I have been working with John to get some recording environment issues resolved, so that we just have less artifacts to deal with in general. We aren't quite there, yet, so it's good to hear that people have taken notice in what we have done, so far.
Thanks!
Thank you, JH, for this video. I've learned a ton, and now I'll be using nxc instead of cme for my pentesting engagements. You rock!
If Mr. Hammond ever gets a villian arc, we're screwed mates 😒🤔 BTW thank u for this amazing explaination sir ❤
Really cool video. Great information John Hammond. 👍
Good one John.. You should do a one on one CTF someday with Jeffmut, he's a strong low key hacker.
Awesome video , John! Thanks
Thank you so much for your public contribution to the Cyber scene... A lot of hard work goes into the work you doing and sharing so big thumbs up to you! First time ever but I've signed up for a subscription to support you.. Keep the good content coming John!
lol yes the cme conversation is a "can of worms" lol
Fantastic! Thanks for the hard work, John!
Awesome videos, bro. I'm an instant fan!
Hey John, love your work. I did my undergrad in Economics so naturally I'm super curious as to what price people pay for the pay-what-you-like course when they are given the option of potentially $0. Would you be comfortable releasing any basic stats on this?
Nice! installed and ready to test 👍
Awesome tool thanks for showcasing it will add to my tool belt
Thank you sir for all your explanations!
Very informative and helpful. ❤
I don't know what we did to deserve people like you on CZcams, but I couldn't be more thankful.
Hey mate, first of all thanks for your awesome work! Also, I'd like to underline that we - somehow your community - are willing to help, to participate to create content, labs or stuffs. Maybe not all, but a part at least. So don't hesitate to drop requests, and I bet many will answer! Cheers!
Send stuff to us, then. You can reach me at nordgaren@johnhammond.llc
Great video. Thanks for great content.
Loved this!
Feels really strange that a local admin on a system can run a scheduled task as a domain admin...
I bought the lab but, when trying to launch the lab, I get "You are out of runtime". Do I need to buy credits to start the lab? Not quite clear, sorry.
Brilliant work 🎉🎉🎉
Great tutorial!
this is Fantastic, thank you
30:21 "I believe there's a hyphen there..."
We'll have to take your word for it. There is nothing on the screen.
You must be having an environment issue, as I can clearly see `--loggedon-users`
You clearly can't comprehend that he was questioning himself on whether or not that was the proper syntax.
Sweet mother of J. That was nice. What skills. NICE.
Hi John. I know this might sound stupid. But could you do a video on how you set up your kali VMs as well as showing how to properly configure them. Since I am running a 5950x with 64gb of RAM, I have enough resources to run VMs, but for some reason my VMs are just super slow and sluggish. Great Video ❤
For this demo, it's all setup for you already in a web based VM. But, for your own VM setups:
We usually just install the VM that Kali provides for the platform we are running the VM on. John and I both use VMWare. I tend to give my VMs about 4 processors and 2 cores each, as well as 16 GB of RAM. There was also a Kali linux version that didn't run well on VMWare, but since 2024.1, it has ran smoothly.
If you don't have VMWare, and you are using VirtualBox, you will likely have to turn off Hyper-V in Windows. VirtualBox does not play well with Hyper-V. I would google "VirtualBox disable Hyper-V" and find a guide on the VirtualBox forums for doing so, so that it runs well.
Other than that, I suggest following any install directions on the Kali website under "Virtual Machines"
@@nordgaren2358On the Money. Tbh I find VMware a lot more consistent.
Is this going to be banned from use on the OSCP?
Is Crackmapexec banned? The answer should be the same
Thank so much John Hammond
32:00 Randomly pick some end of the video and what? Can anybody guess? Most of you can!
friend i try install pipx git is say no finder why resolve this error friend can help me
whoa, grate tool , i have to install this
Let's see John Hammond's home grown threat feed... lol
How to learn about windows operating system like windows 10-11 and windows server from the prespective of cybersecurity.
Windows server has courses like MCSA- MCSE but want to learn these courses from the prespective of cybersecurity.
Cant find any related videos for this specific topic
Is the mcsa mcse still a thing?
No but one will get idea how the servers work
@@NaveedAhmed-og8ui any certificate alike currently available?
This was great
Is netexec the hostile fork crackmapexrc mentions?
netexec is updated fork of crackmapexec. use it.
Have your heard of OTW?
Hey Bro out of curiosity am not watching the whole video what made you ask that question because i am a big fun of OTW
@@highlights973 Yeah me too! is your level/skill in hacking? Just wondering
@professional.hacker. i can consider my skills intermediate i just did cybersecurity starter bundle and scada hacking V5 with OTW
Let someone make a summary of this video. I'm guessing that at the end of the video windows server shell will be reversed. I'd like to see a entertaining content with a story about taking over MS-DOS from a backdoor in the BIOS, maybe there is some guest account without a password. Or booting from net enabled, so making a shortage in your neighbor fuse box will reboot his DOS machine and then net 👢🥾 your exactly the same looking MS-DOS and run pacman. That will be story and big monetization.
RDP does not work 💀
amazing
You are a legend. Thank you for sharing this. Going to try the lab out myself first!
Brilliant
Love your videos, information, and overall knowledge, but this video seems to be filled with non-authentic energy for sponsors or as if you're trying to be a replica of Network Chuck (who is amazing at what he does), but I feel like the "enthusiasm" was too distracting for me to get engaged with the content. Although your overall production quality has sky-rocketed and is really great to see. I just want you to be more you :). Love you, dude.
No more neo4j ? 🥰😍😍😍😍
totally will deploy netexec
❤❤❤❤❤❤❤❤❤
👁
😎👍
last
First 😌🥇
So AMAZING JOHN
Can we have your take on the discovered vulnerability in M/series appl3 chips published by ar s technlca yesterday ? Is impact as worrisome as it sounds for the general user? Many thanks!
Short answer: no
Long answer: don't lose physical access/control of a Device with confidential information on it.
can use thid in OSCP? or offsec exam?
No! it’s automated
I would advise you to learn the hard and long way of doing things. Will benefit you in the long run...
@@samha1513definitely can. crackmapexec is 100% allowed and this is not automated. Metasploit usage for getsystem and all that is not allowed but anything with netexec is allowed
Used crackmapexec in my oscp exam back in ‘22. I don’t see why you cannot use netexec
03:13 This John from the future stuff is copied from @ippsec guy😊
What? It's literally him from the future. He recorded this part after the video was recorded, initially...
There's tons of people that call the editing selves "future self"
@@doommaker4000Well, I'm not John, so he can't call me "future self" :P
@@nordgaren2358 i know, but this technique of correcting videos, when they miss something initially and correcting later by calling "hey it's me from future" is popular by ippsec
@@nordgaren2358 I know it's John from the future, but the style of making corrections, which was initially forgotten and then recorded later, is popularized by Ippsec.