Telegram Has Been Hacked
ฝัง
- เผยแพร่เมื่อ 15 เม.ย. 2024
- Learn Cybersecurity - Name Your Price Training with John Hammond: nameyourpricetraining.com
📧JOIN MY NEWSLETTER ➡ jh.live/email
🙏SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/discord ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
🔥TH-cam ALGORITHM ➡ Like, Comment, & Subscribe!
Yes please. I would love a video that does a deep dive on the *Metaspyclub* project
Metaspyclub anticipation is building to a fever pitch! 😥
Metaspyclub gang in the house! Thanks for the analysis!
I'm not afraid of a calculator! Bring it on!
Everybody gangsta till the calculator app starts to ask permissions for camera, microphone and location 💀
💀
Oh it will be problems! Count on it!
At 8:14 that evil laughter Muaahhh!! lol
@@yukiplaysFr**salutes to the therian**
Ma'am how can I help you ma'am
RCE after RCE, I hope kids wont have to learn about the year of the vulnerabilities, 2024, in the future
Thy Digital Apocalypse is drawing nearer by the day
This is literally cybersecurity history.
No it will be certainly eclipsed by the number of them in 2025
I wonder whether the whole AI hype will make even more RCEs show up. Either by improving exploit code or by reducing code quality in the attacked app because people trust AI code without questioning it.
@@SLZeroArrow seriously. I dedicated my whole life to computers and now they looking like they wanna kill us (ai). Ai is phuggin everything up. Its kinda scary tbh
TL;DR
The exploit disguises as a fake video that when played executes python code, requires python to be installed for it to work.
saved me about 10 mins bro ty
Me, an it student, got "hacked" like that...🤣
too much rce exploits bro 💀💀💀💀💀💀💀
What are others?
Xz utils, rust, palo alto
@@amaankhan8436 Palo alto?? My company uses that lul
@@sunbleachedangel there was a rust rce CVE-2024-24576, aint that effective though
Rust already released a patch its java that said they ain't fixing it. Tbf .bat codes running aren't used anywhere so who really cares
I just got a SNYK sponsored ad by John Hammond before his own video
Fr
I did too
It's rigged!1!1!1!1!1
Saaame
Wait ... we can hack those spammers that are sending us the messages to text them?
Bet the three later agencies are punching air rn. All their exploits getting found.
While reading your comment. lol
You think every exploit exists because of "three later agencies"? 😂
@@MrCobaltgiven the past of their involvement with 0days, I wouldn’t be surprised if they were aware of maybe 1 of the RCE vulnerabilities discovered this year
@@MrCobalt theres no way this was an unintended oversight
They should have a list of trusted extensions instead of a list of untrusted ones.
Very bad idea
@@zeteyawhy?
@@rafayahmed6259 Many reasons, one being a good extension can turn bad one day, but an extension that was bad to begin with will never turn good.
This just shows how blacklist are ineffective as a security tool
Thanks for the news!
3:55 Not me watching the John Hammond video and getting an ad with John Hammond in it. Some may say it's a 2 for 1.
Taking it up the a** without lube. lol
Thanks John you explained that very well
Interesting shiz John. Liked and subbed, stay safe
Hello john . I am a big fan of your content can you make a roadmaps for us form when need to start 😅❤
Wow good job I want more info ❤
Having a whitelist instead of a blacklist would prob. be more secure and reliable. Basic security not?
I was thinking the same
@@tablettablete186 governed by implicit deny. Also agree.
nah, its not think again
depends on size
I'm glad that I migrated to Debian + KDE two months ago. I still have my Windows on my drive, but never want to boot it anymore.
The KDE environment in Linux is just much better than Windows.
who asked?
Welcome to the family.🐧
@@HyBlock the implication was that I'm not affected by windows RCE anymore.
I've tried making Ubuntu and Linux mint my daily driver many times. Can't do it.
But for home labbing and running servers it's perfect.
it's just so much more superior, once you try it you never go back lol
This one RCE was indeed fun to use, gotta find more ;)
hello vro
im gonna touch u vro ♥
The fuzzing begins ❤
LPL has entered the chat, fuzzing locks are fun. hehe
@@BillAnt...we're getting an SQL injection on three, oh it's binding. A little malware on four, and we're set. Going back to three, gained root access to run our query, annd now we're in.
@@AuxiliaryPanther lol that took like 30 seconds.... not a very secure lock. :D
I got an ad from you on this video
The scrum meeting: "Yeah, an approve list is too short, let's write out every single extension that could execute code instead of just choosing some image and video formats that we support."
A whitelist can get annoying tbh.
@@user-hp2dr5qc8p Ah yeah, you're right, much more annoying than a 0 day. Also a blacklist had to have been annoying from the very start.
Oof, this is why blacklists can be problematic, with a whitelist they would not have had this problem.
Except perhaps for the problem of naming this list as "white" 😁
@@BaggerPROblock allow lists?
@@joshallen128 , Yeah, it looks like it's fashionable to call these lists that way now :)
A block list is usually shorter than a white list, but it's just a matter of decision.
@@BillAnt Deny list because block sounds like black with an accent
Great Content ...
every vulnerability whether or not its trivial, can and will be leveraged
How do u register for that forum?
They are identifying files by extension. Nice.
Nice Video!
Who's idea it was to hardcode bunch of files there. They'll just keep updating it every timea new file type that can execute code comes? Sounds like horrible idea.
Part of whyI never share diagnostic data with devs.
It’s so nosey now
Oooff... thank you John... cant believe im one of those 0.01% .. slackin
calculator opens in my nightmares.
the title of the video is not that nice because i thought it would be a vulnerability that accurs right now.
anyways.
Thanks for sharing.
Hate the red border on the thumbnails, I assume I've already watched and scroll past half the time
3:28 lol. They backed themselves into a corner with that statement.
They might have been logging something like "There is no any program to open this file-type/mime-type" perhaps? Or they just RCE'd to everyone... Who knows?
@@allxrise I’m more inclined to believe they were just fabricating a number as an attempt at damage control
Amo tus videos
Такое чувство, что на безопасность всем насрать, только ты можешь себя обезопасить, не кликая на всякое говно
Если человек наивный, то его никакая защита не спасет) Однажды мой знакомый запустил подозрительный tampermonkey скрипт в дискорде, говорит "2FA стоит же, чего бояться?". В конечном итоге украли его токен и смогли получить доступ к аккаунту.
Tis the season to find folly, tra la la la la, la la la lol
Requires Python to be installed in the local path as a global environment variable.
it requires the file extension to be registered to the python interpreter, not anything to do with environment variables
I find it very bizarre that you can execute a file in the first place. That seems like a bad idea in many ways.
How do you suggest to open a .txt file?
@@user-hp2dr5qc8p .txt file should be read, not executed.
Surely some communities would have a very high hit rate for python being installed on a windows machine right?
Yup. All data science and AI nerds.
Anybody even slightly interested in programming has a decent chance of having it installed on their computer. I refuse to believe less than 0.01% of users were affected.
@@Bromon655a) is the 6th most downloaded app - is your grandma programming?
b) die this you must use it on your PC. how many people just have it on their phone?
Hey how can i get an xss is account? i tried and always the same when i create an account "Your account has been declined."
But, isn't pyzw supposed to be a zip-archive? That contains a __main__.py? I'm actually surprised this runs at all.
Music to my ears
1:48 macOS has it installed by default, last I checked at least
Does mac have a similar concept of file extension associations as on windows, so a pyzw file will open with python by default?
Not anymore, used to have Python 2.x
👍Nice.
Haha so specific but I would've been at risk
The red bars in the thumbnail made me think I already watched this video.
Right, I thought so too!
Everybody be acting gangsta until calculator auto launches
“It is not by default installed”
**laughs in Linux**
what is "flair"
"Google Photos would like to make Phone calls"
CRAZY
Ohh no
Bad stuff for many. One of the reasons I always tell people to NOT use this medium.
2024 is on fire with RCEs🤞🏾
yeah but it updates every hour so it's chill
I like cats. Btw we can all be farmers. No tech no rce problems 😎
With a bit of social engineering this could have been pretty terrible
I got a SYNK ad with John right before the video and was confused why there was a skip button 😂
Me as python developer and windows user💀
A lot of noodles will be leaked for sure.
oh no.. now i feel so dirty i cant wash it off
There is always a way in😉
Good, they banned my account for no reason.
You can add an extra dot at the end. Windows -> Run -> 'calc.exe.' -> Enter opens calc. Does that work to bypass.
Linux users are way more likely to have python installed out of the box so i wouldn't call this a "very specific" exploit.
Is it safer just makes a user that is not admin user? So if code ran its needs admin user right as default user windows always user are admin?
I have Python installed on Windows computer... It helps with learning Python programming, idk why people are so against it.
Yea, not sure why he made it seem like something extremely unusual. I think most people that do any kind of programming and use Windows will have python installed.
Why would you learn python if you could not use it? :D
@@Slada1 wdym not use it? You can use it to create various programs.
This is why you should use whitelists instead of blacklists.
i found this exploit 2 years ago... never posted anything about it
bro, youtube just showed me your ad, on your own video. theyre wasting your ad money
But was it a typo :D
Why do they blacklist file types they believe are unsafe. They should be whitelisting filetypes that are safe. If some new software comes along that belongs in the unsafe catagory they have to know about the related filetype and then add it to the blacklist...
whitelist would take too long.
@@wafinashwan8242got any quote from a developer?
"Reimplemeent file open confirmations" has a noWarning list, so I think that's done now.
@@wafinashwan8242how so?
@@wafinashwan8242 how come
I think the problem is Windows. It runs everything too fast without permission.
Yeah uae does not like private messaging.
😅😅
@@rafayahmed6259 Do you know uae connection with then twitter ? Or the documentary about state hackers of usa training uae agents.
That documentary is so interesting
I've never liked the idea of "allow" and "deny" list... just deny all and allow the user to specify.
"Certified rce moment" 💀
Good thing I run it in a vm on a vps
vm escape + pyzw = your vps gets owned
tf is going on .. rce 💀
Please sir all my devices is hacked my phone my laptop what can i do for this problem there is someone above me every step i make on my laptop or my phone knock the roof like if there know everything im doing .
THANK YOU FOR HELP 🚨🆘
Hey, nice video, but just one thing. Your audio and video dosent seem to be perfectly in sync and its getting on my nerves
echo y | format c:
python on windows, not that unnatural
You should watch Telegrams owners interview with Tucker Carlson. They have like 30 employees and have never spent a dime on advertising. 😂
Why are you laughing though?
"Windows that has python installed" you claim is extremely odd.
That... Is an extremely odd statement.
Code please
wonder if you could just do the same with .bat file that puts itself in the shell:startup folder upon clicking the "video"
hello world
Ive heard this is on discord also
it is not
Sometimes you guys are very clever with tech but not so clever with people…
What is happening lately? 💀💀
can you stop using the word "stupid" so frequently and often?
This was surely done by purpose. Believe me not.
Anf i thought wiiu wansthe only thing that has rce 😂
this is such an interesting rce tho... lol
Less then 0.01%.... yeah idk why im having a hard time believing that 😂 its not that uncommon to have Python installed on ur system
😊