- 15
- 86 946
VillaRoot
เข้าร่วมเมื่อ 21 พ.ค. 2022
I'm a Pentester Consultant with a background in System Engineering where I managed Linux and Windows Servers. This channel is to share knowledge that I have learned over the years with others for free. Content that I will be creating will relate to scripting in Bash, Powershell, and Python along with Hacking/Pentesting related content.
My twitter is @villaroot which is where you can reach me if needed.
My twitter is @villaroot which is where you can reach me if needed.
Transfer Files Between Two Remote Computers | Goshs HTTPS Upload Server
This video will go over one of my favorite methods of transferring files externally through HTTPS. This will be done using the public source tool Goshs which allows the use of custom SSL certs which allow a user to attach a domain name to their upload server.
Goshs Github
github.com/patrickhener/goshs
00:00 Intro
01:34 Setup go and goshs
04:56 Run gosh over HTTP
07:23 Get SSL certs
09:18 HTTPS with Domain
11:12 config basic auth
Goshs Github
github.com/patrickhener/goshs
00:00 Intro
01:34 Setup go and goshs
04:56 Run gosh over HTTP
07:23 Get SSL certs
09:18 HTTPS with Domain
11:12 config basic auth
มุมมอง: 295
วีดีโอ
NTLMv1 Downgrade Active Directory Privilege Escalation Tutorial
มุมมอง 9449 หลายเดือนก่อน
IMPORTANT: In real environments, LmComparabilityLevel will need to be raised to 5. Slowly audit and test at each level. Also, I missed one step between getting the output from hascat and putting the NTLM hash together. you have to convert the has at output from DES to NTLM with the hashcat tool 'deskey_to_ntlm'. It generates it instantly, THEN you out the strings together for the NTLM hash. Thi...
AD CS ESC4 Privilege Escalation Tutorial | Exploit Active Directory Certificate Services
มุมมอง 1.5Kปีที่แล้ว
Walkthrough of PenTesting Active Directory Certificate Services (AD CS) ESC4 attack. This is a quick and easy way to escalate privileges from a low-level domain user to domain admin by abusing misconfigured template permissions. I will also discuss and verify remediations for this misconfiguration. Links: PenTesting ESC8 Walkthrough: th-cam.com/video/QUTXge-9lRo/w-d-xo.html PenTesting ESC1 Walk...
AD CS ESC1 Privilege Escalation Tutorial | Exploit Active Directory Certificate Services
มุมมอง 3.9Kปีที่แล้ว
Walkthrough of PenTesting Active Directory Certificate Services (AD CS) ESC1 attack. This is a quick and easy way to escalate privileges from a low-level domain user to domain admin. I will also discuss and verify remediations for this misconfiguration. Links: PenTesting ESC8 Walkthrough: th-cam.com/video/QUTXge-9lRo/w-d-xo.html Ceritpy Github: github.com/ly4k/Certipy Abusing AD CS Whitepaper: ...
NTLM relay to AD CS ESC8 Tutorial | Exploit Active Directory Certificate Services
มุมมอง 4.6Kปีที่แล้ว
Walkthrough of NTLM relaying against Active Directory Certificate Services (AD CS)'s HTTP Web Enrollment. I will show the 'manual' and 'automated' way to exploit this along with walking through the remediation to fix this misconfiguration. This is a quick and easy way to escalate privileges from low level domain user to domain admin. Active Directory Certificate Services PenTesting Attacks. Lin...
How Hackers can use .zip domains for Social Engineering and Phishing attacks
มุมมอง 2.9Kปีที่แล้ว
Disclaimer: For educational and Legal Pentesting use only. Google just release .zip top level domains, which brings concern as it will now allow hackers to use this in their phishing attacks. In this video I give real examples how this will be used. VillaRoot is currently a Pentester Consultant with a background in System Engineering managing and supporting Linux and Windows Servers. Twitter: t...
How to Create Custom Phishlets in Evilginx and Using Developer Mode
มุมมอง 29Kปีที่แล้ว
In this video I cover how to create your own phishlets and how phishlets are formatted in Evilginx2. Disclaimer: This is for education use only, and for legal Pentesting. Due to the sensitivity of this, I can't help with making a phishlet. Local website Github Repo - github.com/villaroot/PHP-Login-Site VillaRoot is currently a Pentester Consultant with a background in System Engineering managin...
How to Request SSL Certificates and Enable HTTPS on LocalHost Site Tutorial
มุมมอง 19Kปีที่แล้ว
Learn how to setup SSL certs for a Website hosted on a localhost environment which enables HTTPS. This is meant to be a quick instructional video for those looking to do testing while their localhost is being hosted on HTTPS instead of the default HTTP.
Using ChatGPT to Create PHP Login Site with Cookies and MySQL
มุมมอง 1.6Kปีที่แล้ว
This video will give step by step instructions on how to make a PHP Login site using MySQL and phpmyadmin with the help of ChatGPT. The code used in the video can be found at my github at: github.com/villaroot/PHP-Login-Site.git Villaroot's Twitter: VillaRoot Contents of Video 0:00 intro 1:37 Setup PHP, MySQL, phpmyadmin 4:23 Introduce ChatGPT 9:15 Create user_login table 13:10 Crea...
Setup Ubuntu Virtual Machine in VirtualBox with Clipboard enabled | Complete Tutorial
มุมมอง 1.9Kปีที่แล้ว
This video will demonstrate how to setup an Ubuntu machine in VirtualBox and enabling clipboard between the host machine and the VM. The VM will be setup in a NAT Network as well. Ubuntu ISO download: ubuntu.com/download/desktop Villaroot's Twitter: VillaRoot Contents of Video 0:00 intro 0:35 ubuntu system requirements 1:12 Initial setup 4:05 Ubuntu Installation 5:32 Clipboard Setup
How to change your Evilginx2 subdomain to anything
มุมมอง 7Kปีที่แล้ว
Modifying the hostname variable through the lures command in Evilginx gives a useful feature of customizing the subdomain for the phishing links. This video walks you through the process and why this is so helpful for social engineering engagments. This feature was introduced in Evilginx 2.0 which you can find the documentation here: breakdev.org/evilginx-2-next-generation-of-phishing-2fa-token...
'Hide' your Evilginx site from initial Email Scanners
มุมมอง 4.9Kปีที่แล้ว
Using the 'hide' command to hide your Evilginx phishing site at will. This will help evade initial email scanners when your site is sent through email. The hide command was introduced in Evilginx 2.0 which you can find the documentation here: breakdev.org/evilginx-2-next-generation-of-phishing-2fa-tokens/ Disclaimer: For educational use only, and legal Pentesting. Twitter: VillaRoot...
Blacklist | Stop your Evilginx2 site from getting scanned
มุมมอง 6Kปีที่แล้ว
Using the 'blacklist' command to block IPs in Evilginx. This will block IPs from scanning your Evilginx site. The blacklist command was introduced in Evilginx 2.4 which you can find the documentation here: breakdev.org/evilginx-2-4-gone-phishing/ Disclaimer: For educational use only, and legal Pentesting. Twitter: VillaRoot 00:00 Intro 00:12 Evilginx 2.4 Documentation 01:25 Manual M...
Certified Red Team Professional CRTP Review
มุมมอง 2.1Kปีที่แล้ว
This video gives a review of the Certified Red Team Professional (CRTP) by PentesterAcademy. Providing information about the course syllabus, exam format, and frequently asked questions such as how does it compare with the OSCP. VillaRoot is currently a Pentester Consultant with a background in System Engineering, managing and supporting Linux and Windows Servers. Twitter: VillaRoot...
Complete Grep Tutorial | Bash
มุมมอง 3242 ปีที่แล้ว
Learn the Bash command of Grep through examples as I walk you through a beginner to advance course. We will discuss several options including using Regex to perform pattern searches. These are commands I personally ran throughout my career, so they aren’t just some commands I googled to make a video about. Grep is an essential command for Admins and Pentesters/Hackers as you can search through ...