DID YOU KNOW that (obviously intentionally) placing a TYPO within the first THREE seconds of your video helps increase audience engagement and boosts your videos in the algorithm?????/// Please do take a look at all of the sweet stuff that HTB Academy's Certified Penetration Testing Specialist has to offer!! j-h.io/htb-cpts
The inspiration and "try harder" attitude to create Villain came from the video you made about hoaxshell. For that reason, as well as your remarkable effort to educate people in IT/Cybersec for a decade now, I dedicate Villain to you. Thank you🙏
i love you sir but one question how did you learn writing your own script can you start a series on this i have asked this to john hammond sir but he didn't respond to that at all so i want you to do it sir it will be really great for the people like me.
Regards from Dominican Republic 🇩🇴. I think your channel is pretty cool and I've learned a lot since I found this Channel, I was stuck with the Reverse Shell thing, but thanks to you I got out of that corner, brother. THANK YOU!.
i been using this for a week so far .. i have tested it on many OS versions ,windows 7 - 10 -11 / linux ,always bypass any fiirewall/defender never let me down ,the good thing that i can get multiple reverse shell just in one click ,without having to setup a new listener for each reverse shell payload ... thats really amazing tool
Thank you very much for showcasing that. Tbh I have actually really been looking for a framework like that to when ever I play ctf's ( specially if I ever are going to attend where its teams agenst teams ) so its great to have it in my tools folder
the small differences in this video like the sound track used and the "waves shennanigans on John's head" at the bottom right corner is kinda slick though 👌
Definitely love the multiplayer aspect, much like cobalt strike's team server concept. Very useful for actual red team engagements where there's multiple operators.
John from another John...you are a legend. Coming from and education and training background to cyber warfare now a security researcher. You encompass everything good in our industry. Keep it up! See you around!
Hey , I'm learning cyber warfare at the moment, but need some good software as I was helping a young mum getting bullied and was raped , so said I'll sort it out and protect your network till hes moves on , well he payed few different hackers , and they was good , 3 atack me from different countries, not sure if they new each other, but it took 3 days 2 hours sleep they burt out 4 laptop 3 pc towers , my 9 year old boys plug the earth burnt where it burst the plug like it was cheap plastic, I'm still with nothing but my phone, they got everything cloud haswell, so I lost everything's, and was going to give up, but seeing your comment, the only one in 7 years , so hi there and sorry for asking but my eyes lit up 🤝
Just saw a talk about hoaxshell on which a penetrationtester was hyping it up so much only to not work anymore after two days because everyone burned the signature haha. So interesting to see the new shell framework. Lets see for how long its working on engagements :D
Hey John.. I am back ! And that voice interactive background that you have on your thumb during the video... Does sell the HTB theme.. And hey.. Another C2 framework to the arsenal... Pretty cool..
@@_ismail8880 I did! I missed one flag but for the bonus points so 100/110 points. The course material is on point and is perfect to prepare your for the exam content.
A dude said in a previous vid of your "John doesn't need fancy thumbnails, has face does it all" and yeah it really does, man! Keep putting nice content 🙂, coool tool. That OTP thing is the coolest one. You haven't done any writeups lately though ;) + Video is nice enough, editing, music. If possible plz share pc specs the one which is running 1 host + 4 vms without any lag.
The reverse shell thing doesn't works on Windows 10 when firewall is on. It says "This script contains malicious content and has been blocked by your antivirus software"
That looks really interesting. Question: let's say I generate a linux payload and put it on my (remote) laptop; will it automatically connect if I start my local Villain _after_ that remote machine has run its crontab? Or would it be sufficient to run it every 5 (or so) minutes on the remote machine, so once I start my local Villain, it will take 4:59 secs max to connect (in that case, will the remote machine's crontab kill any active sessions once the payload runs again??)?
what did u do at the cut at 4:49 im struggling to figure it out ive tried everything can anyone help it says module 'Crypto' not found so i checked the crypto file and the c is lowercase but doesnt let me change it to uppercase as it says file location was moved????
This is cool, but relying on "curl" all the time? Would be awesome to have different revshell payloads relying on different programs. I've hit several machines where "curl" or "wget" wasn't available, mostly if running on a container environment. Awesome work t3l3machus and John!
Thank you very much 🙏My S14 Flip laptop. I was working and left it for a few minutes. When I came back, I was surprised to be asked for a new PIN code and that the old one was disabled and could not be accessed (explorer.exe - System Error). The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application) I felt frustrated and spent 9 hours trying to solve the problem, but the problem was not solved, and I do not know what is the reason for this problem. By the way, it is a completely new laptop that has been in service for only 4 months, an Asus S14Flip Ryzen 5600 laptop, a Radeon card, and RAM. 8 JB and its performance was very slow when browsing websites, but I noticed that sometimes its temperature increased.
Good to note, thank you! We're experimenting with some of those new flashy video effects and thought we would test the water with the audio visualizer around the face cam. I had a thought it might be too distracting from the content, but wanted to try it in the wild. We will think on it and see if we can scheme up some other nice quality-of-life touches!
I agree. Not a huge issue, but it was the first thing I noticed and not really in a good way. I've always appreciated the simplicity of your content. Simple as in few elements on screen and straightforward editing.
Hey I don’t wanna sound stupid, but I can’t copy between my Kali vm and my Ubuntu vm? When I’ve got only one vm open the guest isolation can copy and paste but when there’s more then one I can’t?
Hi Mr.John i have tested the tool(Villain) the code is executed smoothly ,but unable to get shell and i have tested in multiple win10 machines using obfuscate,encode and constraint_mode . I'll waiting for response.
when i do this "generate os=windows lhost=eth0 obfuscate" it says argument PAYLOAD not supplied and when I do "generate payload=windows/reverse_tcp/powershell_reverse_tcp lhost=eth0 " this it says "Payload template not found.". Any help?
Hi, do "generate payload=windows/reverse_tcp/powershell". The syntax have changed a lot recently. You can also use tab autocomplete to list templates while navigating payload=*
Appreciate the feedback, thank you! We're experimenting with some of those new flashy video effects and thought we would test the water with the audio visualizer around the face cam. I had a thought it might be too distracting from the content, but wanted to try it in the wild. We will think on it and see if we can scheme up some other nice quality-of-life touches!
Sadly your videos alerted Microsoft to Defender's issue of missing this. Sooooooooo... now Defender catches this and Hoaxshell, even with obfuscation. Bummer.
Generating connectivity between two endpoints on a private network seems to be the dominant theme on UA-cam. Educational and informative, but how about showing how any of the tools work over the Internet, with firewalls and the usual network basic security practices in place?
Each sibling works as a proxy for commands issued by other siblings against foreign backdoor sessions, so the answer is no. When a sibling exits (normally or forcefully e.g., blackout) the status of the sessions will change (siblings are pinging each other for updates frequently).
Thanks John for the Education but I am afraid of that someone of this community would use this for bad things. I am not very sure how dangerous it would be using it on an enterprise network landscape by sending an inconspicuous attachment to an victim email-address ?
I’m building a software exactly like this. I have a few more feature than this but I might implement some techniques which was being used. Thank you for sharing this!
Hi John, Thanks for another nice video it was very helpful. I am having a problem with windows payload please help me out. Payload command used: generate os=windows lhost=eth0 obfuscate CMD output: 'StArT-PR'OCESs'' is not recognized as an internal or external command, operable program or batch file. Powershell output: This script contains malicious content and has been blocked by your antivirus software.
It's been basically a week since this tool reached the public eyes. The signature of it has long since been captured by Windows Defender and most major anti-malware solutions. Also, you can't run Powershell in Command Prompt. This tool isn't meant to be used in the wild. It's just a proof of concept and educational tool for people to see how reverse shells CAN work and potentially how they work. You need to learn the difference between command prompt and powershell.
This tutorial is all well and good, but how does one get a potential target to practically click on a payload? I seriously dought some rando layperson is going to go into powershell/cmd and copy/paste that long ass command line into it on their own volition lol.
DID YOU KNOW that (obviously intentionally) placing a TYPO within the first THREE seconds of your video helps increase audience engagement and boosts your videos in the algorithm?????///
Please do take a look at all of the sweet stuff that HTB Academy's Certified Penetration Testing Specialist has to offer!! j-h.io/htb-cpts
Hey John are you going to do Advent of Cyber for 2022?
John you should consider uploading your videos to Nebula, you'd make a good addition
how to remove that windows backdoor from your system
@@gamingravan1713 do you have a virus?
@@builder481 nope just trying to know what would be the solution for if I want it to remove from one of my windows vms
The inspiration and "try harder" attitude to create Villain came from the video you made about hoaxshell. For that reason, as well as your remarkable effort to educate people in IT/Cybersec for a decade now, I dedicate Villain to you. Thank you🙏
Really thank you marchus for creating this awesome tool, keep up the great work!
Thank you, you're a legend!
i love you sir
but one question how did you learn writing your own script
can you start a series on this i have asked this to john hammond sir but he didn't respond to that at all
so i want you to do it sir it will be really great for the people like me.
@@hlbgghj Try searching for python beginner tutorials
I know a legend when I see one 🫡
Thank you T3l3Machus and John for the amazing tool and usual 10 out of 10 quality education !
Regards from Dominican Republic 🇩🇴. I think your channel is pretty cool and I've learned a lot since I found this Channel, I was stuck with the Reverse Shell thing, but thanks to you I got out of that corner, brother. THANK YOU!.
i been using this for a week so far .. i have tested it on many OS versions ,windows 7 - 10 -11 / linux ,always bypass any fiirewall/defender never let me down ,the good thing that i can get multiple reverse shell just in one click ,without having to setup a new listener for each reverse shell payload ... thats really amazing tool
I love his tools but I love even more your explanations and tutorials. You guys complement each other.
You deserve every penny for this ad! best explain and show and currently on my cpts path!
Thank you very much for showcasing that.
Tbh I have actually really been looking for a framework like that to when ever I play ctf's ( specially if I ever are going to attend where its teams agenst teams ) so its great to have it in my tools folder
Loved the video quality, especially your cam circle effects when you speak!
the small differences in this video like the sound track used and the "waves shennanigans on John's head" at the bottom right corner is kinda slick though 👌
Definitely love the multiplayer aspect, much like cobalt strike's team server concept. Very useful for actual red team engagements where there's multiple operators.
Your content is improving like a super sayian after each video.
SUPER duper thankful for our new editor and the phenomenal work they are doing -- all credit to @Nordgaren!!
John from another John...you are a legend. Coming from and education and training background to cyber warfare now a security researcher. You encompass everything good in our industry. Keep it up! See you around!
Hey , I'm learning cyber warfare at the moment, but need some good software as I was helping a young mum getting bullied and was raped , so said I'll sort it out and protect your network till hes moves on , well he payed few different hackers , and they was good , 3 atack me from different countries, not sure if they new each other, but it took 3 days 2 hours sleep they burt out 4 laptop 3 pc towers , my 9 year old boys plug the earth burnt where it burst the plug like it was cheap plastic, I'm still with nothing but my phone, they got everything cloud haswell, so I lost everything's, and was going to give up, but seeing your comment, the only one in 7 years , so hi there and sorry for asking but my eyes lit up 🤝
Great tutorial John H. Thanks for your effort to help less advanced hackers or IT lovers understand some of the tricks .
Damn John the production quality is on point!
The most amazing thing to me is thar the whole script was written with python.... amazing 👏🙀 great to see this ... I subscribed
This is genius! Kudos to the dev.
I like the new editing!
Used this tool last month and it was super dope.
love your content
the hacking b-role had me laughing this episode lol
I like you very much Mr.John Hammond.
You are always teach us new things.
Thanks
And now john detailed video arrived :)
go go john Hammond
Just saw a talk about hoaxshell on which a penetrationtester was hyping it up so much only to not work anymore after two days because everyone burned the signature haha.
So interesting to see the new shell framework. Lets see for how long its working on engagements :D
Powershell script blocked of internal antivirus!
@@Alexis82 lmao stop using buzz word like you know what it means
It was by the author... every open source tool will be burned like that
@@trustedsecurity6039 I know exactly what I'm saying, don't worry about me!
@@Alexis82 nope you dont...
cool tool! and lot of room for improvements
totally loved the video😍 btw great editing
As always love to watch your videos and see how excited you are about new tools. Keep the great work up.
Hey John..
I am back !
And that voice interactive background that you have on your thumb during the video...
Does sell the HTB theme..
And hey..
Another C2 framework to the arsenal...
Pretty cool..
something is slick:
JohnH: that's cool
Realizing your video is sponsored by HTB Academy is pretty cool! CPTS is probably my next thing to work on if I pass OSCP on December 12th :D
did you pass?
@@_ismail8880 I did! I missed one flag but for the bonus points so 100/110 points.
The course material is on point and is perfect to prepare your for the exam content.
A dude said in a previous vid of your "John doesn't need fancy thumbnails, has face does it all" and yeah it really does, man!
Keep putting nice content 🙂, coool tool. That OTP thing is the coolest one.
You haven't done any writeups lately though ;)
+ Video is nice enough, editing, music.
If possible plz share pc specs the one which is running 1 host + 4 vms without any lag.
Thanks for introducing this awesome tool John.
I love the new editing style❣
Great howto! you a very good teatcher! perfect video, make more for this i love it!
as always, great video John. Good tool for testing
I’m as hyped as you John!
Super dope content John!
Aswome stuff Jhon I really respect you!
The reverse shell thing doesn't works on Windows 10 when firewall is on. It says "This script contains malicious content and has been blocked by your antivirus software"
That looks really interesting. Question: let's say I generate a linux payload and put it on my (remote) laptop; will it automatically connect if I start my local Villain _after_ that remote machine has run its crontab? Or would it be sufficient to run it every 5 (or so) minutes on the remote machine, so once I start my local Villain, it will take 4:59 secs max to connect (in that case, will the remote machine's crontab kill any active sessions once the payload runs again??)?
Windows defender already blocked those payload after few days later.
Hey John please help me there is an eror while executing this it shows modulenotfound crypto please 🙏 reply
This has a very Metasploit look and feel to it.
Thanks John ✌💥
0:02 the old reverse shell "hanlder" 🤣
thanks for your videos. very much appreciated
Very nice piece of tool. Does it runs on a Raspberry pi? Gonna try to install it on mine...
This tool got so popular so now Microsoft Defender just catch it almost every time with a dedicated name "Xoaxshell". Defender ON!
what did u do at the cut at 4:49 im struggling to figure it out ive tried everything can anyone help it says module 'Crypto' not found so i checked the crypto file and the c is lowercase but doesnt let me change it to uppercase as it says file location was moved????
Thank u so much.. please do more videos..
This is what i was waiting for
My question is anyone of my victim will dare to paste suspicious lines on their cmd? Is there any other way to deliver it? Practically will it work?
This is cool, but relying on "curl" all the time? Would be awesome to have different revshell payloads relying on different programs. I've hit several machines where "curl" or "wget" wasn't available, mostly if running on a container environment.
Awesome work t3l3machus and John!
what software are you using for your webcam feed?
OBS
Thank you very much 🙏My S14 Flip laptop. I was working and left it for a few minutes. When I came back, I was surprised to be asked for a new PIN code and that the old one was disabled and could not be accessed (explorer.exe - System Error).
The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application) I felt frustrated and spent 9 hours trying to solve the problem, but the problem was not solved, and I do not know what is the reason for this problem. By the way, it is a completely new laptop that has been in service for only 4 months, an Asus S14Flip Ryzen 5600 laptop, a Radeon card, and RAM. 8 JB and its performance was very slow when browsing websites, but I noticed that sometimes its temperature increased.
Thank you ! its alway great to watch your videos !!!!!
Another A+ incredible content and instruction step-through by John. I found the audio pulses around your camera preview a little distracting, though!
Good to note, thank you! We're experimenting with some of those new flashy video effects and thought we would test the water with the audio visualizer around the face cam. I had a thought it might be too distracting from the content, but wanted to try it in the wild. We will think on it and see if we can scheme up some other nice quality-of-life touches!
I agree. Not a huge issue, but it was the first thing I noticed and not really in a good way. I've always appreciated the simplicity of your content. Simple as in few elements on screen and straightforward editing.
Hey I don’t wanna sound stupid, but I can’t copy between my Kali vm and my Ubuntu vm? When I’ve got only one vm open the guest isolation can copy and paste but when there’s more then one I can’t?
Great tool but they need to generate unique obfuscated payloads that bypass every AV and Security endpoints like Crowdstrike and others.
Are OffSec allowed that kind of hadler in OSCP certification?
Offsec is not about multiplayer hacking exam, its single entity. You won't need this tool for the exam.
Most probably no, since it's automated and kinda similar to Metasploit. They want everything to be done manually for OSCP. Not sure though
@@SumanRoy.official Thank You!
nice intro to HTB
hey john please help me it's not working while executing it's shows error of crypto module not found
Hi Mr.John i have tested the tool(Villain) the code is executed smoothly ,but unable to get shell and i have tested in multiple win10 machines using obfuscate,encode and constraint_mode . I'll waiting for response.
tnq Mr.john
Does it bypass windows defender?
Cheers Mate.
The example you shown are all on same subnet, what if its a segmented network?
when i do this "generate os=windows lhost=eth0 obfuscate" it says argument PAYLOAD not supplied and when I do "generate payload=windows/reverse_tcp/powershell_reverse_tcp lhost=eth0 " this it says "Payload template not found.". Any help?
Hi, do "generate payload=windows/reverse_tcp/powershell". The syntax have changed a lot recently. You can also use tab autocomplete to list templates while navigating payload=*
How many hours htb course consists of ? Not clear, just said 28modules
Thanks
now THIS is verrrry niiiiiice
is villan working rghtnow also?
Great video again John, but please ditch the soundbars around the webcam feed.
Appreciate the feedback, thank you! We're experimenting with some of those new flashy video effects and thought we would test the water with the audio visualizer around the face cam. I had a thought it might be too distracting from the content, but wanted to try it in the wild. We will think on it and see if we can scheme up some other nice quality-of-life touches!
@@_JohnHammond you don't need all those flashy things. Content is A+. Keep doing you
Looks good! What happened to pwncat tho?
Sadly your videos alerted Microsoft to Defender's issue of missing this. Sooooooooo... now Defender catches this and Hoaxshell, even with obfuscation. Bummer.
Generating connectivity between two endpoints on a private network seems to be the dominant theme on UA-cam. Educational and informative, but how about showing how any of the tools work over the Internet, with firewalls and the usual network basic security practices in place?
Just a question, can i do rce on servers using those generated payload?
very cool!
ssh -R to your temp vps/vds not work more?
What if the victim doesn't have a white IP address?
can yo do meterpreter payload with it?
Hey John i think 🤔 this is help full in OSCP
How many maintenance the handling files open
Hello Dr. how can I access your PhD thesis?
My windows 10 blocked the script.. So I have to turn off the virus defender only can run the backdoor script..:(
a turtle in a turtle ? Dude is mentor !!!
@_JohnHammond what if we transfer shell from machine A to B and then kill the Villain on A ? Can we still interact with our session from B ?
@t3l3machuss ?
Each sibling works as a proxy for commands issued by other siblings against foreign backdoor sessions, so the answer is no. When a sibling exits (normally or forcefully e.g., blackout) the status of the sessions will change (siblings are pinging each other for updates frequently).
Thanks John for the Education but I am afraid of that someone of this community would use this for bad things. I am not very sure how dangerous it would be using it on an enterprise network landscape by sending an inconspicuous attachment to an victim email-address ?
Hi John can you tell me what Glasses you have :)
I like this one, fastly and easier
what's wrong with Metasploit and Empire?
I’m building a software exactly like this. I have a few more feature than this but I might implement some techniques which was being used. Thank you for sharing this!
I like the video but i have a simple question will it be a persist session or not
super edited video
Hi John,
Thanks for another nice video it was very helpful.
I am having a problem with windows payload please help me out.
Payload command used:
generate os=windows lhost=eth0 obfuscate
CMD output:
'StArT-PR'OCESs'' is not recognized as an internal or external command, operable program or batch file.
Powershell output:
This script contains malicious content and has been blocked by your antivirus software.
It's been basically a week since this tool reached the public eyes. The signature of it has long since been captured by Windows Defender and most major anti-malware solutions. Also, you can't run Powershell in Command Prompt. This tool isn't meant to be used in the wild. It's just a proof of concept and educational tool for people to see how reverse shells CAN work and potentially how they work. You need to learn the difference between command prompt and powershell.
Is this tool allowed in OSCP?
i took a shot every time he said "slick" 🥴
Is the payload got detected by defenders if you put them in a file? Maybe on .exe files
Will not detect if you will convert to exe file
@@B4GR4D ok..what about bat files
@@kerhabplays i checked only exe
got it to work. I just needed to change permissions
Easiest way to get Villan reverse shell running is to abuse shortcuts in Windows. Helpful for scambaiting tech support scammers.
Villain's output reminds me a lot of PowerShell. I dig. Thanks for showing this tool off, John! 🙂
Lmao it is powershell output for Windows...
@@trustedsecurity6039 I did not know that!
I couldn't get program to run said a few things then "no module naked Crypto"
Can i use hack the box using windows?
This tutorial is all well and good, but how does one get a potential target to practically click on a payload? I seriously dought some rando layperson is going to go into powershell/cmd and copy/paste that long ass command line into it on their own volition lol.