- 21
- 234 830
ActiveXSploit
India
Приєднався 8 гру 2014
ActiveXSploit
CTF Walkthroughs, Cyber Security, Programming and Hacking Tutorials all at one place!
Make sure to subscribe to the channel and turn on notifications!
Twitter : BhalgamaVedant
Discord Server : discord.gg/tup8B6f8VZ
CTF Walkthroughs, Cyber Security, Programming and Hacking Tutorials all at one place!
Make sure to subscribe to the channel and turn on notifications!
Twitter : BhalgamaVedant
Discord Server : discord.gg/tup8B6f8VZ
Dump Passwords from LSASS without Mimikatz!
Hello everyone!
In this video, we're going to show you how to dump credentials from the lsass process without mimikatz by the use of the MiniDumpWriteDump API Call! Make sure to leave a like and subscribe to our channel ;)
Resources :
- github.com/Vedant-Bhalgama/LSASSMiniDump
- learn.microsoft.com/en-us/windows/win32/api/minidumpapiset/nf-minidumpapiset-minidumpwritedump
Timestamps:
0:00 Intro
0:30 Dumping LSASS with MiniDumpWriteDump()
4:36 Attack demonstration
6:26 Loading dump file into mimikatz
Note:
All videos and tutorials are for informational and educational purposes only. I believe that ethical hacking, information security, and cybersecurity should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on this channel are only for those interested in learning about Ethical Hacking, Security, and Penetration Testing. Hacking tutorials are against the misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.
Music Credit: LAKEY INSPIRED
Track Name: "Blue Boi"
Music By: LAKEY INSPIRED @ soundcloud.com/lakeyinspired
Original upload HERE - www.youtube.com/watch?v=wAukv...
Official "LAKEY INSPIRED" UA-cam Channel HERE - ua-cam.com/channels/Omy.html...
License for commercial use: Creative Commons Attribution 3.0 Unported "Share Alike" (CC BY-SA 3.0) License.
Full License HERE - creativecommons.org/licenses/...
Music promoted by NCM goo.gl/fh3rEJ
In this video, we're going to show you how to dump credentials from the lsass process without mimikatz by the use of the MiniDumpWriteDump API Call! Make sure to leave a like and subscribe to our channel ;)
Resources :
- github.com/Vedant-Bhalgama/LSASSMiniDump
- learn.microsoft.com/en-us/windows/win32/api/minidumpapiset/nf-minidumpapiset-minidumpwritedump
Timestamps:
0:00 Intro
0:30 Dumping LSASS with MiniDumpWriteDump()
4:36 Attack demonstration
6:26 Loading dump file into mimikatz
Note:
All videos and tutorials are for informational and educational purposes only. I believe that ethical hacking, information security, and cybersecurity should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on this channel are only for those interested in learning about Ethical Hacking, Security, and Penetration Testing. Hacking tutorials are against the misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.
Music Credit: LAKEY INSPIRED
Track Name: "Blue Boi"
Music By: LAKEY INSPIRED @ soundcloud.com/lakeyinspired
Original upload HERE - www.youtube.com/watch?v=wAukv...
Official "LAKEY INSPIRED" UA-cam Channel HERE - ua-cam.com/channels/Omy.html...
License for commercial use: Creative Commons Attribution 3.0 Unported "Share Alike" (CC BY-SA 3.0) License.
Full License HERE - creativecommons.org/licenses/...
Music promoted by NCM goo.gl/fh3rEJ
Переглядів: 7 908
Відео
Malware Development in C | PrivEsc via Access Token Manipulation | Token Impersonation
Переглядів 6 тис.Рік тому
Before starting out, please note, This video is for EDUCATIONAL PURPOSES ONLY! Hey guys! It's me ActiveXSploit back again with another video on the malware development series, But, Today we are not coding any reverse shell or doing some crazy process injection stuff, rather, we are going to code a privilege escalation exploit on our own and escalate from a local administrator to NT Authority SY...
Malware Development in C | Remote Process Injection
Переглядів 24 тис.2 роки тому
Hello everyone! Hope you all are doing well! Today I'll be teaching you process injection in C. Process injection is a technique in which an attacker can inject malicious shellcode or a DLL inside a remote process. Hope you all enjoy the video! Make sure to leave a like and subscribe my channel! Resources : CreateRemoteThread MSDN : docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/n...
Malware Development in C | Executing Shellcode using WinAPI
Переглядів 13 тис.2 роки тому
Hello everyone! I am back again with a new video on the malware development series, today we have a look at how we can execute shellcode using Win32 API, We start out by discussing the theory part and then move on to the practical part where we code the malware (PS. Note that the source code will soon be uploaded and the link would be there in the description) Hope you enjoy the video! Make sur...
Malware Development in C | Coding a basic Reverse Shell
Переглядів 27 тис.2 роки тому
Hello everyone! Hope you are doing great, I am back again with a new video on the Malware Development Series, Today we are going to code a very basic reverse shell in C using socket programming. In the next video, We shall take a look at executing shellcode using various Windows API Functions. Thank you and have a nice day! Resources: - Microsoft Documentation : msdn.microsoft.com/ - Basic Sock...
Malware Development in C | Getting familiar with sockets
Переглядів 26 тис.2 роки тому
Hello everyone! Welcome to "Malware Development in C" series! In today's video, I will be explaining you socket programming in C, We shall first get started off by understanding basic workflow of a client and a server in socket programming and finally, we then get to the programming part Make sure to leave a like and subscribe to the channel ;) Note: All videos and tutorials are for information...
Comprehensive guide on using CrackMapExec | A swiss army knife for pentesting networks
Переглядів 19 тис.2 роки тому
Hello everyone, Hope you are doing great, In today's video, I show you the usage of CrackMapExec, CrackMapExec is a really great tool which can be used for bruteforcing various services, It is used a lot while pentesting active directory and cracking into windows boxes. The tool can do a lot more than just bruteforcing, Which I'll show you in this video! Make sure to leave a like and subscribe ...
Automate OSINT using Profil3r! | OSINT Tool
Переглядів 14 тис.2 роки тому
Hello everyone, In this video, I show you how to use an OSINT Tool named Profil3r to automate your OSINT. This tool is going to search for email accounts and social media accounts of the user specified, It also displays whether the email account was found in a data breach or not. If you like the video, Make sure to leave a like and subscribe to the channel! The Github repo of the tool was eithe...
Explaining and Exploiting PrintNightmare | CVE-2021-34527
Переглядів 15 тис.2 роки тому
Hello everyone, Hope you are doing great! In this video, I walk you through explaining and exploiting Print Nightmare, Print Nightmare is a very serious vulnerability which leads to RCE (Remote code execution) and LPE (Local Privilege Escalation). I hope you enjoy the video! Make sure to leave a like and subscribe to the channel ;) # Note : This video is just for educational purposes, Nor me, n...
Brainpan Buffer Overflow | OSCP Buffer Overflow Prep
Переглядів 2,6 тис.2 роки тому
Hello everyone, I am back with another video on OSCP Buffer Overflow Series, In today's video, We will be solving Brainpan, Brainpan is an intentionally vulnerable binary made for practicing buffer overflows, You can download the binary from the link included below, Hope you enjoy the video! Please make sure to leave a like and subscribe to the channel ;) Download brainpan : github.com/freddieb...
Free Float FTP Server Buffer OverFlow | OSCP BoF Prep
Переглядів 3,3 тис.2 роки тому
Hello everyone, I am back again with a new video on Windows Stack based buffer overflows, So this is basically going to be a series in which we are going to exploit real world applications, In today's video I chose FreeFloat FTP Server, In the next video, We will be exploiting SLMail. Hope you enjoy the video! Thanks for watching, Make sure to leave a like and subscribe to the channel! ;) FreeF...
RPC Enumeration | Active Directory Penetration Testing
Переглядів 10 тис.2 роки тому
Hello everyone! Hope you are doing great and are safe home! I am back again with a new video on RPC Enumeration in Active Directory. RPC Enumeration is critical and can be useful! It can be used to enumerate domain users, groups, SID's and a lot! Hope you guys enjoy the video, Make sure to leave a like and subscribe to the channel ;) Resources: www.ibm.com/docs/ssw_aix_72/commprogramming/ch8_rp...
Obfuscate PowerShell script using Invoke-Obfuscation!
Переглядів 13 тис.3 роки тому
Hello everyone, Hope you all are doing great and are safe. Today, I am back again with another video and in today's video, We are going to have a look at invoke-Obfuscation Tool, It is a very useful tool and can be useful for obfuscation of PowerShell Scripts and evading Anti-Viruses! Invoke-Obfuscation GitHub : github.com/danielbohannon/Invoke-Obfuscation Hope you liked the video! Make sure to...
Persistence on Windows! | Ways to achieve persistence on Windows!
Переглядів 6 тис.3 роки тому
Hello everyone! Hope you all are doing great and are safe, I am back again with another video on Persistence on Windows, In today's video, I will be covering automated and manual way for persistence, there are a lot of persistence methods available online and you can read about them! I will leave the links in description so you can read them ;) Make sure to leave a like and subscribe to the cha...
Kerberoast Practical Attack Demonstration!
Переглядів 1,8 тис.3 роки тому
Hello everyone! It's me back again with another video on kerberoasting practical, In the video I am going to explain how you can use an impacket script called "GetUserSPNS" in order to perform the attack, Hope you like the video! Make sure to leave a like and sub! ;) Impacket Scripts GitHub Repository : github.com/SecureAuthCorp/impacket Previous Video Link : ua-cam.com/video/ajOr4pcx6T0/v-deo....
Kerberoasting Explained | Kerberos Authentication | Active Directory
Переглядів 15 тис.3 роки тому
Kerberoasting Explained | Kerberos Authentication | Active Directory
Introduction to RustScan | RustScan Faster than Nmap?
Переглядів 8 тис.3 роки тому
Introduction to RustScan | RustScan Faster than Nmap?
Active Directory Enumeration Using PowerView | Active Directory Pentesting
Переглядів 6 тис.3 роки тому
Active Directory Enumeration Using PowerView | Active Directory Pentesting
Subdomain Enumeration | Penetration Testing
Переглядів 1,3 тис.3 роки тому
Subdomain Enumeration | Penetration Testing
LLMNR Poisoning Attack | Active Directory Exploitation
Переглядів 13 тис.3 роки тому
LLMNR Poisoning Attack | Active Directory Exploitation
Penetration Testing On Splunk! | Exploiting Splunk to Get Reverse Shell!
Переглядів 2,7 тис.3 роки тому
Penetration Testing On Splunk! | Exploiting Splunk to Get Reverse Shell!
Great brother, great hack tool , my respect
Bro which keyboard do you use?
A standard logitech wireless keyboard lmfao ;p
❤️
Great video, why to close the handles when the process is about to finish?
You should close the handles once you finish using them as they are used to pass from one WinAPI function to another, and obviously for better resource management and security too, Leaving open handles can cause security issues where an attacker can easily exploit it
How you discorvery the size NOPS (x90)?
You mean the NOP instruction size x90 * 32 one? Like how did I know that it will be multiplied by 32 times?
Acting as HackerSploit ?
i got a weird error call stack?
Sorry? Can you elaborate more on this mate?
i still don't understand this. does printnightmare only happens to shared printers (e. g. USB) but not to printers on a switch? since printnightmare, all the patches we had installed didn't allow us to access our shared printer (connected to main pc with USB). the main pc is connected to a big LAN. now we bought a nice 8-port switch and connected lots of devices to it and the best part now: every pc can access the printer now perfectly. in the beginning, using the shared printer was only possible by downloading the driver from the main pc. since the printer is connected to the switch, the driver has to be downloaded from the hp-website.
Please, Help me! How do we set up the enviroment to run the shellcode in windows 10. I make this malware. But it doesn't work. I also create it in Flare-VM. But it also doesn't work.
to modify registry, you need admin access right?
Yes you do
so, no way for non admin users
is it still irreversible and make the payload undetected? by now?
I am pretty sure that the payload will get easily detected, You need to try multiple techniques and analyze how the AV/EDR is detecting a payload (for eg on signatures or in memory detection via hooks or something like that).
@@ActiveXSploit for a tool like Hoaxshell some said that it still works if we obfuscate the powershell script . Is this the obfuscation tool for the Hoaxshell payload?
thanks
how to make fileless malware like payload. I couldn't execute my shellcode.
I have a video on coding a process injection shellcode, you may check that out
Addictive series 😅
😄😄😄
Quality content ❤❤❤
Bro the cource is finished or their are other vedios to come ?
I am planning to release a bigger and better course on Udemy which covers everything from basics. And talking about this series on UA-cam, I mostly will be uploading one more video which will be the last.
@@ActiveXSploit thanks because I need that learning very important for me you can also make vedios in Hindi and English both it'll be approachable by others as well
How do you run a program as nt authority/system without using 3rd party app (such as psexec)?
you gotta escalate your privileges to SYSTEM level first, after which you can easily run any application on the system as SYSTEM
@@ActiveXSploit how do you escalate your privileges to SYSTEM :(
@@BDCAT_TranTrongHuy you gotta learn privilege escalation techniques for that, there is a good course by TCM on that, for both windows and linux, you should check that out
thank u so much that was very insightful <3
Nice and easy tutorial , good job
Love u
This format is great, thanks for making these vids.
🙏❤️
none of this stuff, ive tried 10 different people i keep getting the same errors so I know its my system. every app installs perfeclty accept for this
User name of what fb insta or someting???(john doe)
Just a common username, it will search all the social media platforms matching with the username you've provided
This is not remote process injection. This is injection into a local process, not a remote process. despite the name of the function call "CreateRemoteThread"
This literally is remote process injection mate, I'm injecting the shellcode in a remote process running on Target
@@ActiveXSploit No, when a process is running in the same PC it's local and the other process is running in the same machine. "Remote" refers to a process running in a different PC, i.e. over the network, such in the case of RCE
Mate, both things are entirely different, remote process injection is injecting into a different process running on the target system, whereas local process injection is injecting the shellcode itself in the local process which is running. If you don't believe me you should check this out www.ired.team/offensive-security/code-injection-process-injection/process-injection
screens far too smal, impossible to watch
I need microscope to see that tiny font
I apologize for that mate, I've fixed the font size issue in the videos uploaded after this one
Thnx,I will subscribe for appritiation@@ActiveXSploit
Do you have to do the injection process once? Or when the pc reboots, the injections disappears?
Yeah the injection process only works once, it isn't persistent, though you can make it persistent. But, you gotta code it in such a way that it can find PIDS on the basis of the process name, as PID of every process changes on reboot.
What resolution have you set for xfreerdp ? It look pretty good !
I don't really remember mate but pretty sure it must be set around 1080p i guess
Thank you sir! Will it work without admin commend prompt?
Nope, you do require local admin privileges initially, because that privilege as the SeDebugPrivilege enabled, so you can escalate to SYSTEM user via this
lmao I just started learning c and I watched this video and realized I understand absolutely nothing except the array integer character crap
(I know it's cpp but i just noticed LMAO
Great chanel +1 subscribe
Thank you so much! 😁
Allah Razı Olsun..
Without mimikatz 😂😂 , stupid
Hi. I get error arguement of type const char * is not incompatible with parameter of type “LPWSTR”. This is in CreateProcess function parameter “cmd.exe”. The code can compile with g++ and the function can run but my netcat dont get that connection
Make the cmd.exe string a long byte integer, by adding a L in front of it like this L"cmd.exe"
@@ActiveXSploit Hi. Even without the L, the code can compile with warnings. I added a debug line at bottom of CreateProcess and it seems the CreateProcess can run but on netcat just shuts down. Also when adding the L to “cmd.exe” like L”cmd.exe”. The code cannot compile. I get const wchar_t* cannot convert to LPSTR. While the original code can compile with warnings and can run, but netcat doesn’t establish a connection to command prompt
Strange, are you sure the IP and the port provided in the code are correct? And make sure for the same on the netcat side, make sure you're listening on the correct port, also program compiles with no error right? Do you see it crashing when CreateProcess executes?
@@ActiveXSploit hi. Ip and port are all correct because I got connection on my netcat. I think the program can run with the warning after compiling it. But netcat does not get cmd.exe connection even after the CreateProcess function is ran. Netcat just exits after I press enter I added a print line after the CreateProcess and the print line suggests that CreateProcess ran. I’m not exactly sure what is happening. I did your other process injection video which injects a shell code into an open process with PID and that works well so I assume netcat has nothing to do with problem. I did (LPSTR) “cmd.exe” and the program can compile with no errors even though there is a red line at the (LPSTR). I also did an error check if (!CreateProcess(…)) { printf(“[-] Create Process Failure/n”); return 1; } And it did not get any errors. This is weird. I compile it with: g++ -o reverse_shell reverse_shell.cpp -lws2_32
@@ActiveXSploit I made a simple program to try and run some commands and the CreateProcess can run the commands so I think there is some problem with connecting to netcat but idk I’m just starting out in malware development. Thanks for these videos you have btw their a hidden gem 😊
this video is very useful for me thanks brother
Are there any methods to bypass Defender when making a call to the MiniDumpWriteDump API? This method triggers Defender every time.
Yes, there are. It probably is detecting the API Call via hooking, you can try to bypass the API hooking process via direct syscalls
Tks for sharing 🎉
Great tutorial! Thanks for sharing.
Thanks
in the socket error if condition, shouldn't he be calling exit(1) to indicate a failure instead of exit (0)
Yes that works too mate, sorry for my mistake over there, you can use status code 1 to indicate a failure else 0 to indicate a success exit
Exactly what I am looking for. Thank you.
Great tutorial! Thank you. It worked, but after a couple seconds Windows Defender blocked and deleted the exe.
Yeah windows defender can easily detect it, but to make it a bit more stealthy you can utilise other techniques such as process injection. Even that will get detected in today's date but there's a technique called direct syscalls and indirect syscalls. Either of which can be utilised to bypass the hooking used by the AV/EDT
nice
Really appreciate 🤩🤩🤩🤩 but what about badchars bro ??
You can add the -b switch to remove bad chars while generating shellcode using metasploit and specify the bad chars you don't want in the shellcode
I did NOT know that you could run mimikatz through crackmapexec. That’s very handy!
Given that I am a newbie yet I can explain all of this in about 3 min, and given that YOU want to become a better communicator then figure out how to be succinct; explain all of this in < 5 minutes.
Good for you mate, I'll explain what I can in my way and in a more clear method, Thanks for your advice :)
do I need to use kali linux for this or can I just use a window command line ?
You can even code the reverse shell for windows on linux but I would suggest using windows only, You can install Visual Studio Build tools for it and code the reverse shell. Also, You can use netcat for windows to listen for incoming connections if you don't want to use kali linux
beginner question so what is the use case/ how would a "hacker" use this? What is this supposed to do? just establish a connection to a kali linux machine? SO would an unsuspecting victim download that exe click on it and then without knowing it it takes over a notepad process and establishes a connection to the hacker and then it would grant the hacker access to whatever victim? is that right?
Look, Process Injection has it's own advantages, A normal reverse shell payload will work, but, this is more stealthy and difficult to identify (obviously not in 2023 lol) EDR/AV can easily detect process injection attempts via API Hooking but it can be bypassed too! Moreover, there are other better injection techniques than this, this is the most basic one
Yes, Now imagine if you inject into a program which performs legitimate TCP connections too, It is difficult for a person to identify the malicious TCP connection which was established due to process injection right? Also, in real world scenario, you won't know the target's notepad.exe process PID (or any other process) so for that, you can write additional code to get the PID of a process by it's name
@@ActiveXSploit I see, thank you so much for clarifying. I've actually added a WriteProcess script to open a notepad and grab the PID of that and then had your code inject into that. Although its obvious but just wanted a proof of concept