How Hackers Use netsh.exe For Persistence & Code Execution (Sliver C2)

Поділитися
Вставка
  • Опубліковано 24 гру 2024

КОМЕНТАРІ •

  • @HJvanWaegeningh
    @HJvanWaegeningh Рік тому +41

    "Because it is over 9000." LOL

  • @stevetheborg
    @stevetheborg Рік тому +1

    when i was a kid i didnt have internet service. i did have a modem. i got an AOL disk in the mail. used aol to download boserve and got to chatting. then found a local chat room and commenced to making a list of local internet provider passwords. I would like to thank my classmates for never getting on the internet. (90's)

  • @RaverDK
    @RaverDK Рік тому +30

    Haa played around with netsh after seeing that same Tweet... 🤓😆
    And as much as i love these short bit videos i miss the old +1H videos where you just went mental on some project - Watching people fail and rethinking their approach often learns more than anything else.
    But again, thanks for the videos John! Keep up the great work, hope you are having fun on the journey!

  • @aadhiseshandc7260
    @aadhiseshandc7260 Рік тому +3

    Hi john! love ur vids!

  • @CthRage8946
    @CthRage8946 Місяць тому

    Hi John! I tried the same thing, and it didn't work, even though I manipulated the win/reg. I generated the shellcode with the sliver and tried to run the implant. However, when you run your implant, you might have Rav endpoint protection pre-installed on your machine. It comes with Windows installation. How could you configure the implant to bypass more external protections?

  • @mukto2004
    @mukto2004 Рік тому +1

    does netsh start automtically when windows starts? thats why it is a persistence ?

  • @jamiekomodo1751
    @jamiekomodo1751 Рік тому

    Non-technical question (or maybe that is a technical question, after all), how are you zooming in on your screen? I take it, the reason you installed via curl (instead of kali repoisitories), is to make sure you had the most recent code?

  • @squid13579
    @squid13579 Рік тому +1

    John your computer Specs ?
    Superb video 🔥.

  • @polinaasmr340
    @polinaasmr340 23 дні тому

    so how to block this ? being netsh attack all the time and setting up LAN connection behind my back

  • @seiv-
    @seiv- Рік тому +1

    Hi John, just a question. What is the difference of this sliver C2 from metasploit and why not to use msf for those demos ? Cobalt Strike is different because the client is windows based but for those Linux based C2 clients I really do not see the difference 😢 in fact, it sometimes looks harder to do stuff on those rather than msf

    • @architvats2633
      @architvats2633 Рік тому

      I have the exact same opinion. Had a look at Mythic and Havoc C2 as well which felt more exploitation C2 as compared to Covenant C2 which seemed more like post-exploitation focused. Please correct me if I'm wrong.

  • @telekors5730
    @telekors5730 Рік тому

    I wonder if you leverage changeling to swap your shell code out on the fly

  • @SatoshiSky
    @SatoshiSky 8 місяців тому

    Could you have used something like Shellter to inject this shell code into netsh.exe or a DLL for the binary? - also it looks like you're able to generate the payload in the shellcode format now so you don't have to use the nim script to convert it. Maybe this was added in an update to sliver

  • @CU.SpaceCowboy
    @CU.SpaceCowboy Рік тому

    golang is awesome because its really easy to statically compile a single binary on any system. victim doesnt need additional stuff already installed like c# sometimes does.

    • @The_One_0_0
      @The_One_0_0 Рік тому

      You could say the same for c and rust now two golang is just the child but I agree it is okay for cross compatibility much more easier then using c but both can be the same

  • @Chris-zc9bp
    @Chris-zc9bp Рік тому

    Great video. I've been at this for a min, and I learn lots from all you videos. Thanks for the great content!

  • @ReligionAndMaterialismDebunked

    Early crew! I love the shirt btw! I saw Jurassic Park in the theatres as a 90s kid, born in 89. :3 Hehe. Dinosaur 🦖🦕. 🐁

  • @hanko498
    @hanko498 Рік тому

    What type of VPN do you use?

  • @evasionette
    @evasionette Рік тому +1

    nice and early, another good video ^^

  • @bilaalmuhammad-ql1li
    @bilaalmuhammad-ql1li Рік тому

    how we can get can you help??? pls!!!!

  • @-GenDrive
    @-GenDrive Рік тому +4

    Nice work. Thanks from Germany...

  • @cot3chcot3ch96
    @cot3chcot3ch96 Рік тому

    nice job john love you always prof and vocal

  • @BrutusMaximusAurelius
    @BrutusMaximusAurelius Рік тому +2

    11:41 yeah that’s what I though haha. Because MDE immediately blocks this haha.

  • @asdfasddfs5484
    @asdfasddfs5484 Рік тому

    Nice Tee John

  • @RoomTwentyNine
    @RoomTwentyNine Рік тому +1

    How many virtual machine you have John ? 😅

  • @iconic_vide0s
    @iconic_vide0s Рік тому

    Really Great BRO!

  • @adamhorsky9826
    @adamhorsky9826 Рік тому +2

    Not only hackers :) feds too

  • @designzonebeats
    @designzonebeats 9 місяців тому

    I love being "required" to watch hacking videos for work, at work.

  • @kireyn
    @kireyn Рік тому

    More Sliver? Sure, more Sliver in the name of Bishop Fox!)

  • @FriedMonkey362
    @FriedMonkey362 5 місяців тому

    ITS OVER 9000!

  • @DDBAA24
    @DDBAA24 Рік тому +1

    Interesting, I've only ever used this with physical access to get wifi passwords. Cewl stuff.

  • @stevetheborg
    @stevetheborg Рік тому

    who remembers Back orifice ?

  • @walterkovacs61
    @walterkovacs61 Рік тому

    amazing, gotta try this at work

  • @lordjafar8528
    @lordjafar8528 Рік тому

    Ur the man..that was so cool...pentesting is more than i could imagine

  • @regantatrah
    @regantatrah Рік тому

    this app its not on market but l tried to find it so l wanted to share it with you

  • @SamsonPavlov
    @SamsonPavlov Рік тому +2

    Super cool and exciting video! Thank you for sharing! ❤️

  • @HarvestHaven09
    @HarvestHaven09 Рік тому

    Hi mister perfect 🎉

  • @PraveenXVlogs
    @PraveenXVlogs Рік тому

    दुनिया की सबसे बड़ी योद्धा मां होती है।🧑‍🍼
    कौन कौन मानता है इस बात को
    Love U Maa😘😘🥰

  • @DrewRossHenry
    @DrewRossHenry 10 місяців тому

    Why "apt install sliver" when you can curl pipe to bash like a an absolute maniac!

  • @sok_leaphacker
    @sok_leaphacker Рік тому

    Really good

  • @dhanrajbharadwaj3891
    @dhanrajbharadwaj3891 Рік тому

    Video To hack scammers .... Process video...... How scammers playback channel hack in the scammers system

  • @livestreamvi7991
    @livestreamvi7991 8 місяців тому

    Sir thank you for the binnim tool thank you so much❤❤❤😢

  • @hiddengo3232
    @hiddengo3232 Рік тому

    Plz make more video like this

  • @the-real-random-person
    @the-real-random-person Рік тому

    damn thx for this great content!

  • @liudvikasstankus
    @liudvikasstankus Рік тому

    super cool

  • @lfcbpro
    @lfcbpro Рік тому

    This one is just too deep for me, within the first 4 mins there was so many different acronyms and phrases I just had no clue what was going on.
    Shame, I used to like John's channel, but it is just assuming the average viewer knows so much these days.
    I am sure for the knowledgeable it is very interesting, but they already know this stuff, so who is the target audience?
    Does anyone have any recommendations for some lower level content?

    • @_JohnHammond
      @_JohnHammond  Рік тому +1

      What is the sort of content and approachability you would rather see?

    • @pabloalfaro2595
      @pabloalfaro2595 11 місяців тому

      its crazy that you talk about how hard it was for the 'average viewer' to watch and when asked what he can do to improve, you stay silent.

  • @brunoenricobignotti5448
    @brunoenricobignotti5448 Рік тому

    Have you noticed you're very lookalike to the guy from LowLevelLearning? Am I crazy?

  • @cybersec9345
    @cybersec9345 Рік тому

    Awsome

  • @0x1h
    @0x1h Рік тому

    🤨

  • @LilPozzer
    @LilPozzer Рік тому

    im the first!!!!

  • @asynciome6737
    @asynciome6737 Рік тому

    If you don’t know what he’s saying then don’t watch it stop complaining we need more advanced videos bruh

  • @Udjsieid
    @Udjsieid Рік тому +1

    Bro hit the gym also

  • @stephanrogers8947
    @stephanrogers8947 Рік тому

    NO idea what's going on here. John's gotten worse. Next video he'll be programming his own AI in python and saying how easy it was....

  • @alexleungnet
    @alexleungnet Рік тому

    Anyone know how to resolve this:
    ┌──(root㉿kali)-[/opt/binnim]
    └─# nimble build --verbose
    Verifying dependencies for binnim@0.1.0
    Error: Unsatisfied dependency: nim (>= 1.6.14)
    ┌──(root㉿kali)-[/opt/binnim]
    └─# apt-get upgrade nim
    Reading package lists... Done
    Building dependency tree... Done
    Reading state information... Done
    nim is already the newest version (1.6.10-2).
    Calculating upgrade... Done
    The following packages were automatically installed and are no longer required:
    python3-ajpy python3-pysmi python3-pysnmp4
    Use 'apt autoremove' to remove them.
    0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

  • @dhanrajbharadwaj3891
    @dhanrajbharadwaj3891 Рік тому

    How scammers hack there system UA-cam: scammerplayback

  • @DDBAA24
    @DDBAA24 Рік тому

    1:08 , oldie but goodie ,, real friends dont let friends pipe bash 🤌