I still find it funny that quite often people goes for paid products with fancy presentations and unnecessary black-box automations. We use OpenSSH sftp with Linux access control and rarely do we have to worry about random 10/10 RCEs.
Exploits and vuln are found almost every day. What's different lately, which has nothing to do with April in particular, is that more of them are being published on UA-cam, so it seems like a whole lot of them all of a sudden. More and higher bug-bounties are also a factor. ;)
Flare looks very interesting. however, the pricing is elite and well crafted 0-day. I ain't buyin to something even for a trial to find out it's extortionate pricing. the FREE trial is not free. They should be open with their pricing.
This is nuts. It seems like they don't have a proper security model in place if it's just that easy. Also the CrushFTP desktop UI doesn't instill me with confidence lol. At least the web UI looks decent.
@@Daveychief23 No NDA but common decency prevents me from trashing a former colleague. Plus I have a competing product that makes his look like a child’s toy.
Hello @john hammond, recently my Discord was hacked by someone who used it to send phishing links in the NahamSec general discussion group. I’ve resolved the issue, but now I’m unable to rejoin your Discord. Could you please allow me back in?
Nice video, thanks for that. Allow me to do a question: how can the ssh_host_rsa_key can be useful in some way for hacking once its not related to any user?
Hi, I don't know how to send this to you, but are you aware of the Sabrent situation? They're apparently hosting malware as legitimate firmware updates in their web. Maybe a video could help people not to fall on this and make the company finally solve the issue. Thanks a lot, and please excuse me if this is not the right way to reach you.
Die sitzen in ihrer Ideologieblase und sind anderem gegenüber Beratungsresistent. Selbst wenn der jemand gefragt hätte aus seiner Umgebung hätte er keine Kritik bekommenm
Never heard of this software before... Enterprise ready? The vulnerability info on the download page looks like it's written by a kid and the linux installation instructions are just a joke. Custom start scripts? Then scrolling down i see a systemd service file and at first i thought like oh maybe it's not that bad, but then i look at the actual content and they are not just wrapping their script in a systemd service, no it's wrapped in rc.local and the systemd service is to call rc.local...with a "start" argument that is not used, and without a shebang while it's called directly??? Suprised that even works tbh. I was gonna say, what is this 1995? But heck even in 1995 things weren't this amateuristic.
%hostname% isn't getting passed to cmd.exe as if it were an environment variable, it is being specifically handled within the application with their custom processing-- so per your question, no, it isn't command execution, and you are dumb. (You said it, not me)
I still find it funny that quite often people goes for paid products with fancy presentations and unnecessary black-box automations. We use OpenSSH sftp with Linux access control and rarely do we have to worry about random 10/10 RCEs.
That's just Apple's ecosystem. All it is is just a shiny polished shit.
@@CZghost Microsoft has been doing it for years too.
Familiar with CVE-2024-33663?
@@CZghost macos has ssh and built-in nfsd
can we like calm the fuck down with all the vulnerabilities this year?
N O
🤣😂
Exploits and vuln are found almost every day. What's different lately, which has nothing to do with April in particular, is that more of them are being published on UA-cam, so it seems like a whole lot of them all of a sudden. More and higher bug-bounties are also a factor. ;)
Flare looks very interesting. however, the pricing is elite and well crafted 0-day. I ain't buyin to something even for a trial to find out it's extortionate pricing. the FREE trial is not free. They should be open with their pricing.
This is nuts. It seems like they don't have a proper security model in place if it's just that easy.
Also the CrushFTP desktop UI doesn't instill me with confidence lol. At least the web UI looks decent.
Having inside information on this one I can only laugh, and laugh, and laugh. There are more vulnerabilities. You just haven't found them yet. 😂
Classic closed-source tomfoolery
Chill, I was expecting you wise ahh comment
@@mangodude-nq6su well having seen that source, trust me, you’re better off.
Sec researcher here - any info you can drop without breaching NDAs?
@@Daveychief23 No NDA but common decency prevents me from trashing a former colleague. Plus I have a competing product that makes his look like a child’s toy.
Nice "enterprise grade" software you got there.
shodilly reinventing the wheel?
Flare doesn't show their pricing on their website... I hate that
They charge based on identifiers, we pay for flare and we get 1000 identifiers and pay 36k a year
hey i have a question Jhon, what virtual machine manager u use Vb or vmware?
So why would anyone use crushFTP?
Thanks for the demonstration. Very helpful !!!
Hello @john hammond, recently my Discord was hacked by someone who used it to send phishing links in the NahamSec general discussion group. I’ve resolved the issue, but now I’m unable to rejoin your Discord. Could you please allow me back in?
But no one is using crushftp whats wrong with people
John are you going to be in the people's call center this year?
Nice video, thanks for that.
Allow me to do a question: how can the ssh_host_rsa_key can be useful in some way for hacking once its not related to any user?
*another* vulnerability this april‽‽
i swear theres a vulnerability every day now XD
A lot more than one!
Can we all agree that JH is the goat?
Dang right! Such a genuine dude.
i agree.
He even clone dinosaur
I mean hire Dr. Wu to clone dinosaur
Hi, I don't know how to send this to you, but are you aware of the Sabrent situation? They're apparently hosting malware as legitimate firmware updates in their web. Maybe a video could help people not to fall on this and make the company finally solve the issue. Thanks a lot, and please excuse me if this is not the right way to reach you.
Thank you
I'm surprised that you didn't talked about Linux XZ malware.
another zero day.... im not even surprised at this point
cant stand places that have a "start free trial" button with no price given for full ver
Die sitzen in ihrer Ideologieblase und sind anderem gegenüber Beratungsresistent.
Selbst wenn der jemand gefragt hätte aus seiner Umgebung hätte er keine Kritik bekommenm
Hi! If you can please create a video on the brokewell malware thx 😊
Great Vid!
15 min gang
April and its vulnerabilities 😂
COOL!
make video on CVE-2023-24059 sir if its exploit is free
I do not understand enterprise using app developed in Java. It is like using an NES emulator to do your presentation.
Bruh 💀
help me sir
Never heard of this software before... Enterprise ready? The vulnerability info on the download page looks like it's written by a kid and the linux installation instructions are just a joke. Custom start scripts? Then scrolling down i see a systemd service file and at first i thought like oh maybe it's not that bad, but then i look at the actual content and they are not just wrapping their script in a systemd service, no it's wrapped in rc.local and the systemd service is to call rc.local...with a "start" argument that is not used, and without a shebang while it's called directly??? Suprised that even works tbh.
I was gonna say, what is this 1995? But heck even in 1995 things weren't this amateuristic.
hell yea
There is no cloud. It's just someone else's computer.
08:53
should i be worried haha i dont even know that software lolz
Can somebody explain? I dont really understand how it can read a file outside of the virtual machine?
4:56
am i dumb or did you just not realize that u were able to pretty much do %hostname% which is effectively a command execution? lol
%hostname% isn't getting passed to cmd.exe as if it were an environment variable, it is being specifically handled within the application with their custom processing-- so per your question, no, it isn't command execution, and you are dumb. (You said it, not me)
27th
abit too early i guess lmao
i just pissed on my wall
good for you
Most liked comment 👍
😁😁😁
Sir please next video social media authentication bypass make this video please 🥲😭
😁😁🙌🙌
First !❤
PRO-see-yohn
Thanks for the info dude!