🔥🔥Join the NetworkChuck Academy!: ntck.co/NCAcademy In my last video, I built 24 websites in 24 hours. 🚀 But with such a rapid development sprint, I knew security might have taken a backseat. So in this video, I decided to don my hacker hat and attempt to penetrate my own sites using tools like Nikto, OWASP Zap, Burp Suite, and Snyk. Spoiler alert: I didn't find much. 😅 Realizing my limitations, I called in reinforcements-my friend and professional ethical hacker Tyler Ramsbey. Tyler took the wheel and performed a thorough penetration test on my websites, uncovering vulnerabilities I had completely overlooked. From exposed API keys to cross-site scripting (XSS) and even accessing hidden admin panels, Tyler shows us how a real hacker would exploit these weaknesses. 😱 Along the way, we discuss how tools like LLMs (Large Language Models) can be both a blessing and a curse in cybersecurity, aiding both defenders and attackers. 🛡⚔ Subscribe to Tyler Ramsbey: www.youtube.com/@TylerRamsbey
He just did a video about using Python on Telegram and I was wondering if what he's doing is ethical and legal ... Will you please explain , brother . Thank you and hugs from your autistic sister in Costa Rica
would love the video for building and deploying 24 sites in 24 hours!! Bruh, like how you gently cover that wonderful detail but not show us hoooooooooooow lol! Great videos as usual! Thank you!
Summary of the video: Network chuck sets his website account Username: admin Password: admin Tyler randomly guesses admin/admin Network Chuck: OMGGGGGGG he just hacked my website!!!! AMAZIUNNNNG!!!!!!!
Chuck I salute you Sir, I started and ventured into IT because of you i really got inspiration and so it was a fun adventure persuing IT, i have seen your journey and evolution from networking servers up to now you are a cyber warLord, keep doing the impactful great work your doing.
@@Blob-qo5iq - I was told it was 24 web servers to enumerate and provided with the hosts. In an actual pentest, a database would be off-limits unless specified as in-scope. (Chuck only told me the web servers were my targets)
@@Blob-qo5iq - Yeah, good question. So for context, I was provided with 24 websites by Chuck with the instruction to create a video of me looking at the websites for any vulnerabilities. I was not provided any additional context In a web app pentest -- any other services are strictly off-limits because they are out-of-scope. Since the client (Chuck in this case), provided me with the specific full URLs of the in-scope websites - I wouldn't be running nmap to discover hidden services. If, on the other hand, I was told these IPs are in scope, then I would run nmap (but that's not what I was told). I hope that makes sense :)
You guys are awesome. Thank you for what you do. Chuck has amazing guests all the time. You guys have inspired me to change careers at the ripe old age of 46. I’m going to. I’m starting my coursera IT support specialist. Then most likely the cybersecurity course. I’ve been in law enforcement for the better part of nine years. I’m over it! Thanks again guys!
Good luck with the transition! I'm only 27 myself and am aiming to make the same move. Even with Google's cybersecurity certificate and CompTIA's Security+, I haven't managed to find any hits yet :/ But I know the jobs are out there, and wish you the best in getting there :D
Following you since the beginning of your channel...feels really nice to see that you are Posting new videos regularly..means a lot to a fan like me...
as a web dev. none of this stuff to me was anything even remotely educational... this screams grade 8 in the library at lunch time. isnt even at a script kiddy level really
Owasp Zap and burp suite are what enterprise companies use for DAST and provide to developers and pen testers alike as part of the DevSecOps cycle. Allows for rapid feedback to the developer to reduce risk before it deploys with issues, and is a valuable tool for pen testers poking at a web server in different ways.
Oh shoot, it's a real hacking example video with real cyber security processes non-sponser, non-proprietary toolset, just back to back explanation of every step of the way, fantastic
@@spiderlurker yeah the video is sponsored so thats obvious, but I think the general content of the video is generalised enough to say that, even as a non-sponsored video, it would be interesting
@@bolsonaro-ku9uz YES. Companies don't seem to understand the simple fact that WordPress is a BLOGGER Framework made for private persons (or very very small organisations). It is bad at load handling, you have a very bad overview over all the plugins and their vulnerabilities, practically not made for being secure and you have no good way of adding backend stuff (like an API, a database, server-side javascript) natively. You will have to host another server just for that. But then why use wordpress in the first place when you need to host your own NodeJS Backend?
for the coffee, run it through a coffee filter, like one of the filter holders that sit on top of cup.. and um.. I have seen a couple of your videos where you have "literally" welcomed people to try hacking you.. 8D
People complain its all easy thing to do. Yeah obviously its beginner friendly he had to reach larger audiance. Also being pro doesnt mean you dont do basic error too so I would say it still pertinent for all of us.
Have you seen the clasic scifi movie The Day The Earth Stood Still? I’m guessing the name nikto came from that since it coined the famous line “Klaatu barada nikto” which means “Stop barbarism, I have death, bind.”😂
Hey Chuck can you make a video on how to find secrets on people like hack in their phones and discover secrets don't worry i just want to learn how because I want to become a ethical hacker
THIS WAS AWESOME!!! I would love to see this guy, Tyler, go after one of your harden sites on different platforms to see the process of thinking that a pro hacker does until he gets in or gives up.... and if he is PAID to not give up... what would they do? AND it would be cool to see the entire 90min video.
I make my coffee on a $20 Walmart "Mr. Coffee" every morning. I don't even like coffee, but it helps me unload my chamber before I shower-up...so there's that. I feel that explanation was about as nonsensical and misplaced as yours.
Guessing those sites were on a hostinger shared host. You didn't violate tos or anything for their shared hosting running pen tests like this with nuclei?
It is kinda sad Tyler missed the lowest hanging fruits just by not doing port scanning (he missed the exposed DB), which should be like one of the first steps. In the end, this is just basic demo stuff and nothing too crazy shown here.
I provided some more context on my channel - but I was provided with 24 full URLs that are in-scope by Chuck. I was not provided any additional context, and was told to treat it like a web app pentest with those in-scope URLs. When a client provides specific URLs that are in-scope, you do not perform nmap scanning on the underlying IPs. If I could have been provided instead with a list of IPs, I would have run Nessus and Nmap on those lists. So the reason I "missed" the database is because the database was explicitly out-of-scope, based on the information I was provided for the video.
I French press every morning. I have been doing it for years. It is not really gritty. I think you might need to practice more and maybe not be a noob at coffee.
Just in the right time! LOL I just finished applying your video for the FileCloud and was looking for a way to check my network for vurnabilities and fix them :). Thanks Man!
BRO, I just got motivated, and I will start Bug Bounty as soon as I wake up with my fresh-brewed hot black coffee. Thank you for your work it was a great video.
@NetworkChuck just a quick question, may i ask the ram you have on your computer? I see you work like me on VirtualBox and Kali Linux, needs ram for sure, so, what ram memory do you recommend for a descent work?
🔥🔥Join the NetworkChuck Academy!: ntck.co/NCAcademy
In my last video, I built 24 websites in 24 hours. 🚀 But with such a rapid development sprint, I knew security might have taken a backseat. So in this video, I decided to don my hacker hat and attempt to penetrate my own sites using tools like Nikto, OWASP Zap, Burp Suite, and Snyk. Spoiler alert: I didn't find much. 😅
Realizing my limitations, I called in reinforcements-my friend and professional ethical hacker Tyler Ramsbey. Tyler took the wheel and performed a thorough penetration test on my websites, uncovering vulnerabilities I had completely overlooked. From exposed API keys to cross-site scripting (XSS) and even accessing hidden admin panels, Tyler shows us how a real hacker would exploit these weaknesses. 😱
Along the way, we discuss how tools like LLMs (Large Language Models) can be both a blessing and a curse in cybersecurity, aiding both defenders and attackers. 🛡⚔
Subscribe to Tyler Ramsbey: www.youtube.com/@TylerRamsbey
🎉
He just did a video about using Python on Telegram and I was wondering if what he's doing is ethical and legal ... Will you please explain , brother . Thank you and hugs from your autistic sister in Costa Rica
Bro is really skilled I watch him every time but he have not much follower thanks network chuck for letting him hack your web hehe
would love the video for building and deploying 24 sites in 24 hours!! Bruh, like how you gently cover that wonderful detail but not show us hoooooooooooow lol! Great videos as usual! Thank you!
nah I'd just use avast
Summary of the video:
Network chuck sets his website account
Username: admin
Password: admin
Tyler randomly guesses admin/admin
Network Chuck: OMGGGGGGG he just hacked my website!!!! AMAZIUNNNNG!!!!!!!
He even missed the file upload -.-
Thanks pal, you're a pal
Tyler is a really decent dude. His discord is awesome too. Thanks Chuck for having him on. He's at less than 20k subs I think which is just criminal.
I feel chuck is getting more and more beginner friendly to the point his audience is normal people
4 million subs
@@WorkersRise that makes sense
Kind of a shame really, they did a whole bunch of nothing.
His content has always been beginner hey look at this pineapple you can hack with it! with no real deep dive.
Which is weird given the take he had on LTTs compita A+ exam.... Shill. Shill. Shill.
17:05 , 17:30 contradicting yourself in 25 seconds is pretty impressive
shame this was super simple, tyler is pretty talented at this stuff.
I really appreciate how he is actually teaching people at square 0. Really need a lot of that in such an available format.
Absolutely amazing to be part of this. Thank you @NetworkChuck!
Your Amazing Sir.👍
I watch you all time lil bro you are really skilled thanks for your UA-cam vids they helped me lots😊
I w kk
Yoooooo let’s go
Hi
31:51 bro changed time
CHUK :ARE YOU SERIOUS?????????
Chuck I salute you Sir, I started and ventured into IT because of you i really got inspiration and so it was a fun adventure persuing IT, i have seen your journey and evolution from networking servers up to now you are a cyber warLord, keep doing the impactful great work your doing.
>Points out dodgy addons that scrape data, while using Chrome
Priceless comedy
I thought the point of this channel was comedy. All he ever covers is surface level stuff.
@@blancfilms This video popped up somewhere so I checked it out, not looked at anything else to be fair.
@@blancfilms its to raise interest, bro has made a lot of others get into IT.
Would be cool to see him go through this again but more in depth with what he would do for an actual pentest.
I have 400+ videos on my channel doing that exact thing with other challenges/machines :)
@@TylerRamsbey Why did you not do basic nmap scans in the beginning. You would have easily found the exposed DB
@@Blob-qo5iq - I was told it was 24 web servers to enumerate and provided with the hosts. In an actual pentest, a database would be off-limits unless specified as in-scope.
(Chuck only told me the web servers were my targets)
@@Blob-qo5iq - Yeah, good question.
So for context, I was provided with 24 websites by Chuck with the instruction to create a video of me looking at the websites for any vulnerabilities. I was not provided any additional context
In a web app pentest -- any other services are strictly off-limits because they are out-of-scope. Since the client (Chuck in this case), provided me with the specific full URLs of the in-scope websites - I wouldn't be running nmap to discover hidden services.
If, on the other hand, I was told these IPs are in scope, then I would run nmap (but that's not what I was told).
I hope that makes sense :)
@@Blob-qo5iq noisy
Great video chuck. You have the special sauce when it comes to IT learning videos!
You guys are awesome. Thank you for what you do. Chuck has amazing guests all the time. You guys have inspired me to change careers at the ripe old age of 46. I’m going to. I’m starting my coursera IT support specialist. Then most likely the cybersecurity course. I’ve been in law enforcement for the better part of nine years. I’m over it! Thanks again guys!
That's awesome! Let me know if I can be of assistance!
Good luck dude
Good luck with the transition! I'm only 27 myself and am aiming to make the same move. Even with Google's cybersecurity certificate and CompTIA's Security+, I haven't managed to find any hits yet :/
But I know the jobs are out there, and wish you the best in getting there :D
Following you since the beginning of your channel...feels really nice to see that you are Posting new videos regularly..means a lot to a fan like me...
I just finished watching your previous video, then this gem dropped, made my day so much better
This is a great collab! More of these in the future pls
French Press is amazing for that "cup-to-go"! Grinding your own beans? That's where you go over the deep end of the dive :P
as a web dev. none of this stuff to me was anything even remotely educational... this screams grade 8 in the library at lunch time. isnt even at a script kiddy level really
True i though i will see something sophisticated.
Sorry who?
@@theguythatknows are you 12?
Owasp Zap and burp suite are what enterprise companies use for DAST and provide to developers and pen testers alike as part of the DevSecOps cycle. Allows for rapid feedback to the developer to reduce risk before it deploys with issues, and is a valuable tool for pen testers poking at a web server in different ways.
That's not the point though is it? Having some knowledge/idea is way better than having nothing.
Hardcoding your api keys is a dangerous habit. An expensive lesson for some, including myself.
Tyler is good people. Awesome interview.
NetworkChuck is Peter McKinnon, if Peter had gotten really into computers instead of really into cameras.
Peter McKinnon, network chuck and cuppajoe5 are the same dude with different hobbies 😂
Great video! Thank you Tyler and Chuck!
How I make French Press coffee. I stir a little. Then push the plunger down until all the grounds are all underwater. Then I wait 4 minutes.
Been waiting for this for so long!!!
I don't know why you wouldn't white hat. You'd make a fortune.
Oh shoot, it's a real hacking example video with real cyber security processes
non-sponser, non-proprietary toolset, just back to back explanation of every step of the way, fantastic
Don't be fooled, there's a sponsor for the video and there's a $449 price tag on the software that's showcased. Still great info in the video though.
@@spiderlurker - The software I showcased is free and I personally don't make any sponsored content :)
It's nice basic stuff you could easily read up onto. But defenitely a nice demo showing the lowest hanging fruits
@@spiderlurker yeah the video is sponsored so thats obvious, but I think the general content of the video is generalised enough to say that, even as a non-sponsored video, it would be interesting
@@Blob-qo5iq yeah, its a nice "taste tester", with more stronger examples in the future using CLI utilities and maybe examples of the cyber kill chain
Coffee beans can be found in Forests and wild animals can be found at a watering hole.
cool!
How exhausting this kind of thing can be for someone.
Thanks for both of you great lesson
Awesome video and Tyler is an awesome dude too!!!
Great to think that I knew how to do 99% of these!!
fun enough I came from tyler's channel love this colab
Tyler Ramsby brought me here !!
Axios was on a beta version; which is the wrapper for "Ajax" requests, coincidentally.
I am checking youtube so often that I got to see AB testing 😅 - that is why I clicked, to write about it
The best part is the "same password as my bank account" 😅😅😅
Chuck be like: "ways to hide your files like a hacker" = "making 24 websites" 😂😂😂😂 0:01
You have my uninterrupted attention for rest of my days …
Yooooo my favorite rapper is here
The #1 reason sites get hacked "I don't want to do this, I don't have time for this." :) Oh and wordpress.
Is WordPress this bad?
@@bolsonaro-ku9uz YES. Companies don't seem to understand the simple fact that WordPress is a BLOGGER Framework made for private persons (or very very small organisations).
It is bad at load handling, you have a very bad overview over all the plugins and their vulnerabilities, practically not made for being secure and you have no good way of adding backend stuff (like an API, a database, server-side javascript) natively. You will have to host another server just for that. But then why use wordpress in the first place when you need to host your own NodeJS Backend?
Still got the coffee on point. My man.
Awesome video!!
even a website got hacked just because of animation-timeline in CSS.
Chuck, please put some of you applications behind Cloud flare and re-test.
for the coffee, run it through a coffee filter, like one of the filter holders that sit on top of cup..
and um.. I have seen a couple of your videos where you have "literally" welcomed people to try hacking you.. 8D
Can we get the recipe for the coffee?
Under hour gang
ohhh the set in the bg lookin crisp asf
People complain its all easy thing to do. Yeah obviously its beginner friendly he had to reach larger audiance. Also being pro doesnt mean you dont do basic error too so I would say it still pertinent for all of us.
Damn, amazing video, bro! Keep inspiring!
Caffeine addiction at its finest. Also good IT vids.
he just said in the previous video, that he doesnt drink caffeine coffe anymore cus of the age.
ajax is making a specific request to a specific url, it reloads the data without reloading the page
This video is one of the best pen testing videos I have watched in a while
That is just level 1 any-one can do it
What do you expect considering the format and content on this channel?
That's the whole point, giving entry level users the tools they need to sus out what might be a problem.
trello must have had some big data leak since i got that leak warning about trello too
Next Video: How to make good coffee
we need more of this
I don't think you could make it any easier
Have you seen the clasic scifi movie The Day The Earth Stood Still? I’m guessing the name nikto came from that since it coined the famous line “Klaatu barada nikto” which means “Stop barbarism, I have death, bind.”😂
great video chuck 🎉🎉
so he did like...Directory traversal exploits vulnerabilities scan , right ?
kali doesnt have OWASP pre installed, i even just updated kali and still cant find it.
Hey Chuck can you make a video on how to find secrets on people like hack in their phones and discover secrets don't worry i just want to learn how because I want to become a ethical hacker
thats not hacking... thats just the first few points in the book of "dont do this on your site"
THIS WAS AWESOME!!! I would love to see this guy, Tyler, go after one of your harden sites on different platforms to see the process of thinking that a pro hacker does until he gets in or gives up.... and if he is PAID to not give up... what would they do? AND it would be cool to see the entire 90min video.
I have 400+ videos like that on my channel :)
A very underated tool is Vega
the Science Method looks so much cooler
Hey just hacked my countdown 😂
Network Chuck was a nice actor
I think he is slowly becoming James Hoffman 😂
I make my coffee on a $20 Walmart "Mr. Coffee" every morning.
I don't even like coffee, but it helps me unload my chamber before I shower-up...so there's that.
I feel that explanation was about as nonsensical and misplaced as yours.
I love you chuck!
people burp at me in counter stike.... and i cry at night... rightly so i guess T_T
bro im crying my entire website was hacked
Are there any tools that you'd recommend us regular web designers, to test the security of our sites?
Is it time to update the quote website to leverage ai to pull quotes dynamically from your videos? :P
Does Guardio protect against supply chain attack which may result in explosive being planted in your home and personal devices?
that is so cool father of linux
Good job Chuck
You made 24 websites in the "Hide your files like a hacker" video? (you maybe want to correct that :) )
This is exactly why hacking is no more a powerful source ..when you have ppl creating script kiddies online.
you are part of the script kiddies. look at your profile picture
hey you used the wrong thumbnail when you mentioned the website video at the beginning, 0:03
Guessing those sites were on a hostinger shared host. You didn't violate tos or anything for their shared hosting running pen tests like this with nuclei?
I only watch these videos so that I know how to make coffee ☕
It is kinda sad Tyler missed the lowest hanging fruits just by not doing port scanning (he missed the exposed DB), which should be like one of the first steps. In the end, this is just basic demo stuff and nothing too crazy shown here.
I provided some more context on my channel - but I was provided with 24 full URLs that are in-scope by Chuck. I was not provided any additional context, and was told to treat it like a web app pentest with those in-scope URLs.
When a client provides specific URLs that are in-scope, you do not perform nmap scanning on the underlying IPs. If I could have been provided instead with a list of IPs, I would have run Nessus and Nmap on those lists.
So the reason I "missed" the database is because the database was explicitly out-of-scope, based on the information I was provided for the video.
This video is excelent. Thanks!
And have ISO Policies like Business Continuity.
u are my fav bro >3
I French press every morning. I have been doing it for years. It is not really gritty. I think you might need to practice more and maybe not be a noob at coffee.
Need more videos like this please ❤
I love this, more content like this please!
Just in the right time! LOL I just finished applying your video for the FileCloud and was looking for a way to check my network for vurnabilities and fix them :). Thanks Man!
I'm not human, an AI making unauthorized transcriptions of one of the best IT content creators
BRO, I just got motivated, and I will start Bug Bounty as soon as I wake up with my fresh-brewed hot black coffee. Thank you for your work it was a great video.
@NetworkChuck just a quick question, may i ask the ram you have on your computer? I see you work like me on VirtualBox and Kali Linux, needs ram for sure, so, what ram memory do you recommend for a descent work?
16gb for native OS host and 32gb for vm's. 4gb for cli vm or 8gb for gui. double that for windows VMs,
More pentesting videos by pros please!
I subscribed this great channel
Hello Chuck, greetings from Argentina, could you do a Cloudflare tutorial on how to use Tunnel for my server?
Fun fact i never learned something about burpsuite hehe ...😢 Just from experience
ruh roh! root rogin!