Hacking Wordpress with Python in seconds (using Dark Web and Telegram data)
Вставка
- Опубліковано 18 тра 2024
- Big thanks to Flare for sponsoring this video. You can track down cybercrime and manage threat intelligence or your own exposed attack surface with Flare! Try a free trial and see what info is out there. try.flare.io/david-bombal/
Your usernames and passwords are out there. So many breaches are happening and passwords are being posted on the Dark Web and Telegram channels. And to make things worse, stealer logs are stealing information from computers using malware.
// Link PDF //
Download here: davidbombal.wiki/flare1
// UA-cam videos REFERENCE //
Why hack when you can just log in?: • Why hack in when you c...
// David's SOCIAL //
Discord: / discord
X: / davidbombal
Instagram: / davidbombal
LinkedIn: / davidbombal
Facebook: / davidbombal.co
TikTok: / davidbombal
UA-cam: / @davidbombal
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// MENU //
00:00 - Introduction
00:11 - Demo of Python login to Wordpress
00:25 - Permission when hacking websites
00:36 - How the script works
01:04 - How Harry got hacked
01:51 - Using a password manager
02:13 - Passwords leaked on the dark web
02:37 - Flare Demonstration
03:35 - Your username is probably out there
04:13 - Using Flare API
05:06 - Demonstration
05:35 - Flare notifications
06:02 - PDF guide
06:21 - Beware of Stealer Logs
07:04 - Leaked credentials
07:20 - Flare helps businesses
07:33 - Demonstration of the script
09:42 - Conclusion
10:32 - Outro
tor
telegram
python
wordpress
dark web
deep web
flare
flare io
php
onion
onion websites
malware
haveibeenpwned
stealerlogs
stealer malware
malware analysis
cybersecurity
cybersecurity jobs
hacking
ethical hacking
hacking jobs
cyber security career
cybersecurity
cybersecurity careers
ceh
oscp
cybersecurity job
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Disclaimer: This video is for educational purposes only.
#darkweb #hacking #tor - Наука та технологія
Big thanks to Flare for sponsoring this video. You can track down cybercrime and manage threat intelligence or your own exposed attack surface with Flare! Try a free trial and see what info is out there. try.flare.io/david-bombal/
Your usernames and passwords are out there. So many breaches are happening and passwords are being posted on the Dark Web and Telegram channels. And to make things worse, stealer logs are stealing information from computers using malware.
// Link PDF //
Download here: davidbombal.wiki/flare1
// UA-cam videos REFERENCE //
Why hack when you can just log in?: ua-cam.com/video/jmdCArq8Mmc/v-deo.html
// David's SOCIAL //
Discord: discord.com/invite/usKSyzb
X: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
UA-cam: www.youtube.com/@davidbombal
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// MENU //
00:00 - Introduction
00:11 - Demo of Python login to Wordpress
00:25 - Permission when hacking websites
00:36 - How the script works
01:04 - How Harry got hacked
01:51 - Using a password manager
02:13 - Passwords leaked on the dark web
02:37 - Flare Demonstration
03:35 - Your username is probably out there
04:13 - Using Flare API
05:06 - Demonstration
05:35 - Flare notifications
06:02 - PDF guide
06:21 - Beware of Stealer Logs
07:04 - Leaked credentials
07:20 - Flare helps businesses
07:33 - Demonstration of the script
09:42 - Conclusion
10:32 - Outro
tor
telegram
python
wordpress
dark web
deep web
flare
flare io
php
onion
onion websites
malware
haveibeenpwned
stealerlogs
stealer malware
malware analysis
cybersecurity
cybersecurity jobs
hacking
ethical hacking
hacking jobs
cyber security career
cybersecurity
cybersecurity careers
ceh
oscp
cybersecurity job
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Disclaimer: This video is for educational purposes only.
#darkweb #hacking #tor
Thanks! Blurring now.
Can you do a video on ANGRYOXIDE PLEASE
David Bombal is doing wonders for cybersecurity. All for free to us on youtube. Thank you
Thank you! You're welcome!
David, yes to all of the above questions! This was a great topic, very interesting. Another positive I would add for you to consider is that these shorter format 10 to 15 minute videos are much easier to digest/watch at home or work around a busy schedule. Fantastic amount of info in a very brief video!
Thank you! Expect a lot more short videos like this :)
In summary, preventing these cyber attacks can be summarized as follows:
- Use the password manager and generate extremely secure passwords
- If possible, use passkeys as often as possible
- Enable 2FA for an additional layer of security.
For a business like mine, using Flare has been great. We get notifications if our credentials have been leaked on the dark web or are being talked about in Telegram channels etc. How do I protect myself and my team? Flare.io is one of those ways.
@@davidbombal just install the google recaptcha extension. it prevent the brutefroce attack. 2fa can create second strong security layer.
What is the difference between a passkey and password? I'm just starting my journey in cybersecurity (more as a hobby than a job at this point) and I'm not understanding the difference between the two.
that's only a very small part of "preventing cyber attacks", just in the area of authentication
4) Stay away from the internet! ;-)
YES! We need more Solo David! All love all these types of videos but my top favorite are when you are teaching stuff like this it is always fun to watch.
I can't wait to see more stuff like this :D
Thank you! More to come!
never tough ima say this.. but thank you , i also been watching you for a long while and ive learnd allot especially from OTW , much love from germany
“I have given myself permission to hack this website“ said the hacker just before executing the biggest hack in the history of computer hacking
Thanks for the post,Love the videos David 😀😀
Thank you! 😀
@@davidbombal 😊🙂
Nice to see you again posting useful videos, i prefer to see you more, the interviews you take are nice and useful but personally speaking I prefer watching your videos in various subjects.
Thank you. I plan to create more of these types of videos 😀
It is so hard to keep up with this stuff. There is so much info. You make it easier for me to help protect my customers. Things seem to be getting worse. Thank you for your heads up and the info. THANK YOU "Flare" going to your site next!
Agreed. This is what I love about Flare - makes it so much easier to keep up as otherwise it's just a loosing battle with the number of hacks happening all the time.
OH MY GOD!! David this is both terrifying and amazing at the same time!!!
Thank you for being a hero!
Thank you! 😀
cloud flare or google recaptcha will give you protection against bruteforce attack. be confident. another thing is Session-fixation. that is a little bit scary.
Love your videos!
Thank you! Glad you like them!
Nice work , congrats ❤
in what way can AI interact with the deep web?
Thanks for the video!
I already signed up with Flare! I have over 30 WordPress websites and I want to protect these websites. This tool is really helpful. Wondering how much does it cost? I didn't see any pricing on the website.
This is cool to know and learn! Thank you David!
Edit: Is there a way to create an anonymous account in Kali Linux to access the internet? I remember over a decade ago that there is a software tool that can do that and leave comments on the website.
Thank you :) Glad you liked it!
@@davidbombal I did!
Great stuff. Thank you, David.
You're welcome! Glad you enjoyed it :)
Sir android hacking video please
Coming soon - already recorded and now being edited 😀
@@davidbombalcan't wait to see them David please 😊
Thanks so much David
You are very welcome!
Was talking to a cyber security analyst at work about David’s channel saying how great it is and he definitely agreed.
Happy to hear that 😀
Great thanks to you for this video. If you can make a series on how data is hacked (live examples) and how to prevent it that will be great.
Thanks David, I'm still curious if and when there will be a better verification method than the ones we know
This was a very informational video that was very short and simple.
The script was written well as well, I am going through and learning selenium slowly.
It is merely a constant "space race" between computational black hats and security researchers that will continue forever.
Thank you for what you do to keep the information security community alive.
Thanks, do you have a simple video DIY to check your System if it is compromised? Thanks
make a video about session fixation and session in user browser stoarge that can be accessable from thirdparty. or is it possible to have access to session that set from another website in users browser ?
I'm curious, the company that provides data leak monitoring services means collecting data where the data is stolen from threat actors. Is that legal?
Big thanks to you Sir, as always, it was more helpful as it is.☺🙏👍
You're welcome!
The best cybersecurity chanel on UA-cam 😊
Thank you very much! 😀
You inspire me Sir. I would love to ask you this question. Do you teach hacking and cyber security?
You can learn a lot from my UA-cam channel. Otherwise look for my collaborations on Udemy and my website: davidbombal.com
@@davidbombalI've been following your channel for years now and it has helped me. What i need is structured and organized knowledge. Step-by-step
If the credentials were already leaked, is it still a hack?
Ye double hack
there is a double conundrum here if flare is not intended for individuals, yet there is a free trial and learning about a product most individuals can’t use.
A lot of people who watch my videos work for companies including small businesses. How would small businesses like mine protect ourselves? Using Flare as part of our cybersecurity defenses. You may not use this at home, but you may look into it for the company you work for. A lot of blue team products are aimed at businesses including Flare. I think it's important that you learn even as an individual what options are out there for the blue team.
Was thinking the same, seems like this video is for businesses only ..
I would really love to learn.
as always inspiring video tnx dave
What if I use hash as my password?
Is it safe .?
is it legal to look at scary link on the dark web just to be curious?
Master, one day I hope to have the same knowledge as you. Greetings from Italy!
Hats off ❤ for sir David Bombal
Thank you!
so amazing what u are offering David thx this peice of code will make people aware about the danger
Thank you! So important that people realize what is happening out there.
One of the best channels on youtube.
Thank you! I appreciate that 😀
Scary stuff. It's seems it's all fair game.
What about biometric data, are our finger, voice and eyeballs on the dark Web?
Guess who's birthday is coming
Time for a giveway maybe??
@@davidbombal yeah lessss gooooo
@davidbombal Private lessons? Could have a "giveaway" for some lucky viewers to have an opportunity to learn from a true professional. I wouldn't mind having someone instructing me to implement the knowledge gained. To use it properly in the real world setting. The basic information they give you in college is great for understanding how all of this works together, i want to apply to more modern issues not the virtual attempts at old outdated attacks. Finally, to become among the top in the industry with proper guidance.
David Bombal a Gemini?
@@vinu3541yeah
I am watching yours vidio day by day i love you and yours vidio from nepal you are very intelligent person in computer science.❤❤
Thank you 😀
Hello Me David. I have been doing research on puppy linux and would love it if you do a video for us that can afford a low end pc and also want to practice using something light like puppy
But what if you use a login limiet of 3 attemps then to wait a hour
Why doesnt the website recognize that multiple attempts are being made back-to-back to gain access ?
Nice python script. I had some ideas about extending the functions of the python script.
I developed mine using the python library mechanicalsoup utilizing the Statefulbrowser function so I don't have a predefined time to sleep to detect that html elements or strings have changed on the webpage, also allow you to avoid issues with html elements being changed as well.
Extended the login function by adding checking if the user has admin access if True Inject a php reverse shell into 404.php file, so that if anyone searches for an unknown resource it will send a reverse shell connection to the attacker.
In addition to protecting the apikey I used optparse to create an argument to add --apikey which I think inputting key value when script is called is better than storing in an environment variable.
why does the flare api give you peoples passwords?
Python is David's pet snake!
😂
Can you pls ask OTW to explain chapter 15 of Linux basics for hackers🙏🙏🕯️
Wow really amazing thanks sir
Glad you enjoyed the video 😀
I`m learnig PYthon by myself but/and I`d like to learn from you Dave!
I've learnt python and I'm using it for cyber security, I've created a backdoor, ransomware, keylogger,we can learn together if you don't mind
bro, superb indeed.
I want add USB ARSENAL in nethunter mobile
but how?
Hey Bro......My name is Biswadeb Mukherjee from India & I really love your demonstrations.....can you please demonstration live packet injections on a wifi network....please
Flare looks fantastic. it sucks they hide their pricing though (not shown on their website) and force people to give private information (name, email address, etc) just to find out Flare pricing. what a contradiction of transparency...
i just tried signing up for Flare but they don't allow you to use a Proton email address either. wtf's with that?
@@saysoco Was also confused by that
Thank you but for me it's difficult to understand because I'm beginner in technology i don't understand some word English but thank you for your help i like this course
Please don't tell everything you know. some things should stay secret
A friendly reminder to Always keep your public facing passwords over 50 unique characters
@davidbombal please host Orange Tsai. I really need to see him
good to know !!
Hopefully you learned something new 😀
Hello sir am having a very strange wording in terminal can i send you a mail plz
Obfuscate the wordpress admin URL. Use an IP allowlist for admin login. Use a IP blocker tool for incorrect login attempts.
That’s what I’ve done and change the default admin username.
Is completely download for kali linux
Thank you sir
You're welcome!
We need some Blue Team videos teaching defensive strategies too.
Flare is a blue team defensive product. I'm showing what hackers can do with leaked credentials. But, how do companies protect themselves. Well, Flare can help you with that as they have a great Threat Intelligence Platform.
@@davidbombal Checking out the PDF now. Any chance the Python script will be available? Currently doing the Python Basic for Hackers via OTW but we’re not up to anything that complicated so far.
Awesome video, thanks for explaining the python script to us. Did you share it anywhere, or you are gatekeeping it?
plz can you buy for me flipper zero
Also a friendly reminder your password or 2FA doesn’t matter if you click a phishing link and they get your session tokens… thanks to Microsoft for weird domain names confusing the shit out of people!!!
Forgot to blur out email address at 4:22
Maybe the way the passwords were leaked was hacking but I don't count logging in with leaked credentials 'hacking'.
But you consider bruteforcing hacking?
@@dawidvanstraaten Nope.
Make a video with chuck
Network Chuck? Go here: ua-cam.com/video/C3misTE2ErA/v-deo.html
Hello sir,
I want that python script. :)
Wow❤
I hope you enjoy the video!
can i get script ?
dear david can you give me the script😇😇😇
wow what a clever way of getting your subscribers e-mail adress so you can send campains
What are you talking about? I don't have my subscribers e-mail addresses. UA-cam has that information. If you referring to Troy Hunt's website - haveibeenpwned, please do some more research before making a comment like this.
Wordfence mitigates this
where is the pf file for this program
pdf*
Even with the "sleep", you can brute force forever? Don't you get blocked after number of failed attempts? Where's the logic here? 😅
❤
Thank you for all the information you provided, leave a like here ❤❤❤❤❤❤❤❤❤❤❤❤
Thank you ❤️
Hi❤
Hello!
can this script bypass google recaptcha ?
Not this specific one.
@@davidbombal is it even possible to bypass the google recaptcha or similar security layer? i think it need advanced AI tools or know how to write it, right? do you any of them ?
So basically everything online is like Swiss cheese ?😂
Unfortunately it seems like that ☹️
@DB - 😳
why do you always have a clean shaven face. i think a beard looks very nice on you
lol... my wife doesn't' want me to have a beard. Happy wife = happy life.
Yes more python !! Also like gave myself permission to hack my website
can you do Cpanel crack using Telegram data?
You could write a script to hack anything including cpanel etc using leaked credentials. This is one of the biggest issues at the moment - as Tom explained in the Cisco Live video. Why try really difficult hacks when you can just login using usernames and passwords that have been leaked.
@@davidbombal i didnt think thank you my bad😅
oh wow, let's create a product for businessess and youtubers and never give access to it to people, so that the youtubers and businesses could protect themselves, but not the normal users. Just goes to show who they care the most about.
WordPress is a public toilet
First
Very close!
Bullshits, strong passwords cannot be hacked.
day One
Just another paid promotion video. Nothing to learn.
This is the stupidest comment I've seen lately.😂
Who runs wordpress sites in 2024 lol?
Which content management system or website builder do you recommend?
Half of the websites of the world
Thank you sir