on kali linux on my VM workstation, on any of loi's videos, I cannot execute most of the commands, to get practice in these ethical hacking instructions
What cyber security course are you on? Most won't cover pentesting in any detail, they will cover it's purpose and objectives with some info on Kali and common areas of attack but nothing more, unless you are on an actual pentesting course.
I feel like this just shows what I've been working on in a very quick and summed up way. Of course, if I was watching this before I'd started studying, I wouldn't understand jack shit. I'd be sitting here wondering why he was doing what he was doing and why it was working. Very nice video to show how a very basic pentest might go down
Wow! I am an ex software engineer, now moving into the realm of hardware engineering, specifically into IoT. This complex subject is explained really well, with lucidity and clarity. Thank you Loi!
You must have a very bad teacher, because he did not show anything. Linux, yeah, but behind a firewall. You need to get access to internal infra, after that the world is yours. Now try to get through DMZ.
What you explain about reverse shell make me understand in just a few minute, compare to what the lecturer have been teaching for the past few lessons ......
Wow I would love to learn from you all about hacking..... and your content is amazing it is absolutely fantastic keep it up...and most of all a big HUGE THANK YOU!!!!👌👌👌👌
Loi sir 🙏🙏🙏 ❤️❤️ this is soo much informational video, as I'm stepping into cyber security domain , this really helped me to push my thought process while penetration testing, you are the best teacher and my mentor , please make more such videos we all love to see , how these bugs can lead to a more sophisticate level of exploit and post exploitation , and your valuable steps to be taken care of to protect the system , love from a future cybersecurity engineer ❤️❤️🙏🙏
Do you have a video on how, you get organized, notes, prioritize, etc in a Pen test with multiple hosts? i.e. how do you get organized with what could seem like info overload? - Thanks, great video!
THE CHANNEL I BEEN LOOKING FOR!!! Always was a PC gamer, now im grown and wanna move into a skill, and nothin seems cooler than bein red team. In the process of learning coding and OS linux with CS50 harvard course. not sure where to go after? maybe a road map for noobs???
That one's easy. You need to REALLY understand x86 assembly first and to do that you need to understand computers to the core. A college course in computer architecture should suffice for that. But first you need to understand programming in general. Again a simple college course on programming is probably the easiest way to go here. After having taken those two courses, you would just need to learn how to use a relevant decompiler
Excellent Video Loi Liang Yang. I'm looking to expand my carrier into cybersecurity and with ethical hacking. However, I'm wondering would anyone be able to scan a network without actually be on that network in the first place. I'm puzzled how would this would work in an organization environment where you have to go pass domain logins before getting on the network. Do we assume that you will be provided the domain name credentials, before doing any ethical hacking stuff? I'm super new to this and confused, please can anyone help me understand this gap which I'm having Thanks in advance.
Usually there is a way to somewhat easily penetrate from the outside to get into the internal environment. Spearphising, default credentials or vulnerabilities on a public facing asset, etc. Once in, then credential theft, escalating privileges, etc, let you move laterally throughout the organization to get to sensitive assets and data.
Thank you for the information! For the last few yrs I have been a toy to people! I watch a few videos of your after someone shut down my router shut me out of my phone and order a Uber ride ! I have never felt helpless!
Problem : - 3:41 doing pentest for my project analysis. In this part when i enter the domain into searching field it refuse to connect/open. I think it means this domain is already safe - 3:45 doing sudo also " 'sudo' is not recognized as an internal or external command,operable program or batch file" - 5:38 'dirb' is not recognized as an internal or external command operable program or batch file
You need to set up a metasploitable VM and a kali Linux VM that are using bridged adapter, he does not go over a lot of stuff in this video that needs to be prepared beforehand.
Thanks so much for making this video! It really helped visualising the things I’m learning about. Funny as well man hahah! Subscribed so I don’t get hacked ✌🏻
Hello so I’m following exactly your steps but at 7:36 and 7:37 when you high light HEADRE User-Agent what do you do after? Because I don’t have the there lines you show right after this! The error i get is: failed to validate: RHOSTS
You sound like an AI generated Native Japanese Speaker who grew up in Australia and speaks with a stereotypical American accent. I love it, it's like ASMR to me and I most DEFINITELY be liking and following for more content!!! 👍🏻👍🏻👍🏻👍🏻
please can you teach us how to perform the same attack on different PORTs the procedure is very effective, i have developed a verry good passion in ethical hacking you teaching me this will be considered as a dream come true for me, i have not been able to even break into my windows 10 virtual machine, PLEASE HELP ME 🥺🥺
I am a brand new student. I have not launched anything yet. Got it all downloaded and ready to go. I want to know what should I do? I’m going to listen and binge watch all of your videos
hello hacker loi, so back to creating the cgi-bin folder, but ccreated a javascript/jquery folder (not exactly create), is that supposed to happen hacker loi?
Great video, i have one question before even scanning do you assume access to the organization network already to be able to see the scanned devices? I'm stuck and really want to understand this very first step before even scanning the network
Thanks Mr. LOI for your efforts, but I have a question: you were root when you escalated privileges in the Linux server, why do you need to reconnect using SSH to another account? ??
Hello Loi and thank you for the content, I want to penetrate my own wifi to test things out but I don't understand where do you find the ip of the "target" machine as you mention at 3:12. Sorry if this question is extremely stupid, I am a newbie at this and I want to understand where this address comes from, aka what's the first step required to find this address of my "target".
Senor Loi, thank you for your awesome videos and educational content that go a long way in helping me pursue my career in ethical hacking. Quick question at time stamp 449 you show an "index of" the Apache website. How did you access it? It appears it is on its own page? You say Kali tool? Thank you again and keep creating great vids!
I have a question is it possible to hack the hacker I mean I have friend throwing a fit just in case what is the best possible way to stop him if he gains complete access. I am guessing he might try using software key loggers or something in any case I will not under estimate just seeking advise
Have been given the nod to do a vulnerability scan/assessment for 4 small offices, no budget for commercial software, what would you suggest for scanning and also reporting tools? nMap reporting is a little um..... not attractive? LOL. I can probably manually assemble something of a report that's a little nicer but just was curious if you had some suggestions for just getting started to offer these services.
Vulnerability assessment is different from pentesting. For discovering vulnerabilities to report and use for mitigation and followup reporting, OpenVAS (Greenbone) is going to be your only choice. When I worked at an MSP, discovered the least expensive commercial solution is Nessus Professional which can be installed to a VM that you can transport and target IPs and subnets. Least expensive at $1,500/yr that is. Demoed a solution by Qualys that was $32k/yr.
@@Wahinies I fully understand the differences between pen testing and vulnerability scanning, but many tools are used by both services since pen testers do use scanners once they are inside the network. My goal for this small company is to grow it until they offer both services, but in the beginning there's no budget for the big guys and currently we're just starting with the vulnerability assessment/scans, not venturing into pen testing until the future. I did demo OpenVAS Greenbone but was not really thrilled with the results and getting it set up in a VM had a few challenges (although once it was up it ran fine). Its setting for the projected validity (false positives sensitivity) didn't impress me really, I ran the same scans at differing levels and it found far less than Nessus Pro demo that I used against the same targets. Fully agree on Qualys though, I use it during my day job and it's a 6 figure price tag for a medium size credit union.
It depends what you’re scanning and how; nmap is a powerful tool that can do a lot. Scanning a narrow range of ports is fast, as can be a simple scan of all ports. If you do a host range, it takes longer, and so does a detailed scan of a target. Mass scans are easily detected and nmap has options to do it slower to either reduce detection or to just not flood a target and get locked out by an app, firewall, etc. Computer specs don’t really matter as long as you’re not using an antique (take “antique” as you will; we’re talking about computers). Play with it (against yourself).
Wait. How could you get the victim computer to run the exploit and connect to your reverse TCP. Or is it CGI that doesn’t need the victim to execute anything to connect to the reverse connection ?
yeahh thats what im thinking about!!! i mean why would anyone from victim side upload that script file .For hacker to get access!! And if you dont have an acess how could you get the victim"s computer to upload that file for root previlege.
Ok so how do you identify the IP address? Say I'm doing an attack/defend event. How do you identify their IP address and not some random one say like a bank, accidentally? How do you know it's the target you want without them providing that information?
I bought your cours. Its great !
*e
What is the link
Which website he uploaded the course...
Can i get video after buy this course?
on kali linux on my VM workstation, on any of loi's videos, I cannot execute most of the commands, to get practice in these ethical hacking instructions
Been in a cyber security program for almost 6 months and you basically taught me more than all my instructors combined 🤦🏻♂️
Facts they don’t teach nothing frfr
Then your instructors really suck
Then you don't focus on your lessons
What cyber security course are you on? Most won't cover pentesting in any detail, they will cover it's purpose and objectives with some info on Kali and common areas of attack but nothing more, unless you are on an actual pentesting course.
Tell us what did he teach you🤡 he literally never explains anything! He simply gives commands without explaining anything
I am a programmer for a long time and moving to cyber security and it looks challenging. Well done tutorial.
how was your experience so far, is it worth ?
He didnt show anything useful.
You are the treasure for any cybersecurity student, you are absolutely gold.
yeah but he doesn't explain why he chooses the directories he wants to target he just chooses seemingly randomly
this is literally the best video. sums up extremely well what i've been studying for the last few months in 15 minutes... for free!
You're right 😌
thresh is a penetration tester?!
Thresh is a hacker????
@@nhatduy9125 u mean hooker lol
I feel like this just shows what I've been working on in a very quick and summed up way. Of course, if I was watching this before I'd started studying, I wouldn't understand jack shit. I'd be sitting here wondering why he was doing what he was doing and why it was working. Very nice video to show how a very basic pentest might go down
the passion for this sector has no limits... massive thanks Mr loi
I barely started getting into penetration testing and this linux video completely fried my brain loll
Wow! I am an ex software engineer, now moving into the realm of hardware engineering, specifically into IoT. This complex subject is explained really well, with lucidity and clarity. Thank you Loi!
You must have a very bad teacher, because he did not show anything. Linux, yeah, but behind a firewall. You need to get access to internal infra, after that the world is yours. Now try to get through DMZ.
I just don't understand how he got through DMZ first, after that, it is fucking cake. We learned that in first quarter.
@@antonpodolsky2273 go play with your dolls fool. Who do you think you are.
Wait you havent tackled this during your studies?!? Your engineering degree is crap then.
You're better than some of my cybersec professors.
Holy dang, that was wild to watch. You're quick and know your way around these things, that's amazing! (And scary)
The best short tutorial i’ve ever seen 👍🏻❤️
What you explain about reverse shell make me understand in just a few minute, compare to what the lecturer have been teaching for the past few lessons ......
Thanks for making this, when i got ingame, the menyoo wouldn't load when i pressed F8, but now it works, thanks again!
he reminds me of network chuck lol. 2 Legendary professionals 👍
Just JOINED - so excited to start this journey!!!
this is great mentor. I am learning from your videos everyday want to be like u
I run a cyber security club at my University and I wanted to set this up as lab and was wondering if you had a tutorial on how to set it up
Wow I would love to learn from you all about hacking..... and your content is amazing it is absolutely fantastic keep it up...and most of all a big HUGE THANK YOU!!!!👌👌👌👌
Thank You so Much sir Loi Liang Yang you are always doing great tutoriel on security, hacking, penetration testing , vulnerability
This is an eye-opening video for me, I am glad that I found it, great video.
Loi sir 🙏🙏🙏 ❤️❤️ this is soo much informational video, as I'm stepping into cyber security domain , this really helped me to push my thought process while penetration testing, you are the best teacher and my mentor , please make more such videos we all love to see , how these bugs can lead to a more sophisticate level of exploit and post exploitation , and your valuable steps to be taken care of to protect the system , love from a future cybersecurity engineer ❤️❤️🙏🙏
Thankyou for help.Gonna try pen testing for a liveing. 🙏
I am big FAN of yours because I love hacking and coding
I love that you know you’re good at what you do 😭😂
I’ve travelled pretty extensively and I’ve heard quite a few accents over the decades but I’ve never heard quite an accent like yours. Subscribing.
Best video i watched till now in cybersecurity. great work
wtf Loi you're such amazing hacker!!
thanks you , people will do a nmap video in 1 hour wtf . great job
Nice work
I learn many things form you
GOD BLESS YOU😊
thank you sir you save us from our reporting
Amazing teacher. How do you remember all those commands?
Do you have a video on how, you get organized, notes, prioritize, etc in a Pen test with multiple hosts? i.e. how do you get organized with what could seem like info overload? - Thanks, great video!
Thanks for the lesson. Just brought soft soft
THE CHANNEL I BEEN LOOKING FOR!!! Always was a PC gamer, now im grown and wanna move into a skill, and nothin seems cooler than bein red team. In the process of learning coding and OS linux with CS50 harvard course. not sure where to go after? maybe a road map for noobs???
Roadmap for learning reverse engineering 🙏🙏❤️
That one's easy.
You need to REALLY understand x86 assembly first and to do that you need to understand computers to the core. A college course in computer architecture should suffice for that.
But first you need to understand programming in general. Again a simple college course on programming is probably the easiest way to go here.
After having taken those two courses, you would just need to learn how to use a relevant decompiler
Hello Loi, you lost me at 7:40
How did you set the targets ?
Did you type out THE FOLOWING COMMANDS > set RHOSTS
> set RPATH
This scan we can do in our internal network? Or in the internet? In other words, what I'm scanning exactly?
Excellent Video Loi Liang Yang.
I'm looking to expand my carrier into cybersecurity and with ethical hacking. However, I'm wondering would anyone be able to scan a network without actually be on that network in the first place. I'm puzzled how would this would work in an organization environment where you have to go pass domain logins before getting on the network. Do we assume that you will be provided the domain name credentials, before doing any ethical hacking stuff?
I'm super new to this and confused, please can anyone help me understand this gap which I'm having
Thanks in advance.
Usually there is a way to somewhat easily penetrate from the outside to get into the internal environment. Spearphising, default credentials or vulnerabilities on a public facing asset, etc. Once in, then credential theft, escalating privileges, etc, let you move laterally throughout the organization to get to sensitive assets and data.
To me this tutorial makes no sense in a real world scenario.
Idol I'm always inspired I watched you everyday you very genius I salute you idol that is my ambition tobecome expert with penetration testing idoñ
Thank you for the information! For the last few yrs I have been a toy to people! I watch a few videos of your after someone shut down my router shut me out of my phone and order a Uber ride ! I have never felt helpless!
This was awesome to watch! Subbed!!
New to your channel and love your teaching style and likes to know how one can become your apprentice without any tech learning?
3 Videos at once good job
Problem :
- 3:41 doing pentest for my project analysis. In this part when i enter the domain into searching field it refuse to connect/open. I think it means this domain is already safe
- 3:45 doing sudo also " 'sudo' is not recognized as an internal or external command,operable program or batch file"
- 5:38 'dirb' is not recognized as an internal or external command operable program or batch file
You need to set up a metasploitable VM and a kali Linux VM that are using bridged adapter, he does not go over a lot of stuff in this video that needs to be prepared beforehand.
I am glad you made this video. Very helpful.
Thanks so much for making this video! It really helped visualising the things I’m learning about. Funny as well man hahah! Subscribed so I don’t get hacked ✌🏻
This man is a legend
Mr. Loi is the best!!!!!
Most important first step: shielding yourself
Thanks for this, my question is : Do you need to be connected to the target network? Or i can do this externally too with an external IP target
most of the people who working on protecting clouds they dont know how to do this, and all this is for free. thnx
Hello so I’m following exactly your steps but at 7:36 and 7:37 when you high light HEADRE User-Agent what do you do after? Because I don’t have the there lines you show right after this! The error i get is: failed to validate: RHOSTS
What are the devices you recommend for a test like this?
Nmap, metasploit, wireshark, burpsuit & Nessus
Thanks for the video, very interesting stuff, You should make another vid to show how to protect yourself from this type of breach
You sound like an AI generated Native Japanese Speaker who grew up in Australia and speaks with a stereotypical American accent.
I love it, it's like ASMR to me and I most DEFINITELY be liking and following for more content!!! 👍🏻👍🏻👍🏻👍🏻
I wish you would explain deeper for what you need for it like networks and what kind of routers and ect
please can you teach us how to perform the same attack on different PORTs the procedure is very effective, i have developed a verry good passion in ethical hacking you teaching me this will be considered as a dream come true for me, i have not been able to even break into my windows 10 virtual machine, PLEASE HELP ME 🥺🥺
Your inteernet is .....💥💥💥💥💥💥💥
I am a brand new student. I have not launched anything yet. Got it all downloaded and ready to go. I want to know what should I do? I’m going to listen and binge watch all of your videos
Your video is always best 😱
hello hacker loi, so back to creating the cgi-bin folder, but ccreated a javascript/jquery folder (not exactly create), is that supposed to happen hacker loi?
thansk very much Loi Liang ,i am learn with you
Nice work
GOD bless you
@Loi Liang Yang how would you protect yourself against such attacks. Would a 2fa device with physical interaction be sufficiant?
Great video, i have one question before even scanning do you assume access to the organization network already to be able to see the scanned devices? I'm stuck and really want to understand this very first step before even scanning the network
That was great information thank you for the video
Sir you are my mentor!
Very good content! And quite funny, hacker loi!
Thanks Mr. LOI for your efforts, but I have a question: you were root when you escalated privileges in the Linux server, why do you need to reconnect using SSH to another account? ??
you didnt explain about the exploit-db script.why you took that particular script?
Wow that was a very valuable information
No idea what hes talking about but watched the whole thing
lol
I Feel Like This Beginner One is Harder Than Those Other Ones.
Hello Loi and thank you for the content, I want to penetrate my own wifi to test things out but I don't understand where do you find the ip of the "target" machine as you mention at 3:12.
Sorry if this question is extremely stupid, I am a newbie at this and I want to understand where this address comes from, aka what's the first step required to find this address of my "target".
the ip of your target as you say router would be your router getway ip
Sir can you please do advanced network penetration course, please a humble request for a subscriber
Great job 👍 😎
Im confused. If you are on windows then you need to install nmap first. How would that help you if the program is not already installed on the device?
You can also recover email add?
Big fan, a course would be perfect
Do you want to be promoted to an air conditioner
What machine from vulnhub do you use?
Are you running Kali virtually?
Hi from Germany also if i understud this right tha is already hacking the Security Pen Testing? My System my Port and Tools i am running?
Perfect, loved it
Very well presented. Thank you
Senor Loi, thank you for your awesome videos and educational content that go a long way in helping me pursue my career in ethical hacking. Quick question at time stamp 449 you show an "index of" the Apache website. How did you access it? It appears it is on its own page? You say Kali tool?
Thank you again and keep creating great vids!
I have a question is it possible to hack the hacker I mean I have friend throwing a fit just in case what is the best possible way to stop him if he gains complete access. I am guessing he might try using software key loggers or something in any case I will not under estimate just seeking advise
Have been given the nod to do a vulnerability scan/assessment for 4 small offices, no budget for commercial software, what would you suggest for scanning and also reporting tools? nMap reporting is a little um..... not attractive? LOL. I can probably manually assemble something of a report that's a little nicer but just was curious if you had some suggestions for just getting started to offer these services.
Vulnerability assessment is different from pentesting. For discovering vulnerabilities to report and use for mitigation and followup reporting, OpenVAS (Greenbone) is going to be your only choice. When I worked at an MSP, discovered the least expensive commercial solution is Nessus Professional which can be installed to a VM that you can transport and target IPs and subnets. Least expensive at $1,500/yr that is. Demoed a solution by Qualys that was $32k/yr.
@@Wahinies I fully understand the differences between pen testing and vulnerability scanning, but many tools are used by both services since pen testers do use scanners once they are inside the network. My goal for this small company is to grow it until they offer both services, but in the beginning there's no budget for the big guys and currently we're just starting with the vulnerability assessment/scans, not venturing into pen testing until the future. I did demo OpenVAS Greenbone but was not really thrilled with the results and getting it set up in a VM had a few challenges (although once it was up it ran fine). Its setting for the projected validity (false positives sensitivity) didn't impress me really, I ran the same scans at differing levels and it found far less than Nessus Pro demo that I used against the same targets. Fully agree on Qualys though, I use it during my day job and it's a 6 figure price tag for a medium size credit union.
Hi when using Nmap how long does it usually takes to show results, Does it depends on computer specs or what? Mine really took about 1-2 mins
It depends what you’re scanning and how; nmap is a powerful tool that can do a lot. Scanning a narrow range of ports is fast, as can be a simple scan of all ports. If you do a host range, it takes longer, and so does a detailed scan of a target. Mass scans are easily detected and nmap has options to do it slower to either reduce detection or to just not flood a target and get locked out by an app, firewall, etc. Computer specs don’t really matter as long as you’re not using an antique (take “antique” as you will; we’re talking about computers). Play with it (against yourself).
@@travisjg80 I see thank you for answering, I got good laptop so I dont thinks thats the issue.
@@travisjg80 Nice
Wow. Great class
You are lucky my favourite nice tuto is nice tuto
Do we have to use VPN before performing penetration test on Kali Linux?
is python effetive for penetration testing as well ? or only kali linux?
Wait. How could you get the victim computer to run the exploit and connect to your reverse TCP. Or is it CGI that doesn’t need the victim to execute anything to connect to the reverse connection ?
yeahh thats what im thinking about!!! i mean why would anyone from victim side upload that script file .For hacker to get access!! And if you dont have an acess how could you get the victim"s computer to upload that file for root previlege.
IF YOUR PEN TESTING FOR COMPANY THEN THIS CAN BE HELPFULL THO!
Sir i am your big fan can you teach ho to make protecting layer for system
Try looking into system hardening processes and tactics
As always very interesting video. Thanks!
as a Linux user and a Generalist (who''s have to do everything myself)
I have to say, GODDAMM.
never though it was that easy to hack in a linux server
I almost stopped watching your vídeos because I saw Windows on your Pc😅
Whenever I try to enter a domain into a webbrowser (after using nmap) it doesnt connect. Any idea why?
How u enter in client or some random user network ?
Ok so how do you identify the IP address? Say I'm doing an attack/defend event. How do you identify their IP address and not some random one say like a bank, accidentally? How do you know it's the target you want without them providing that information?