@@SpinTheHack hamesha support karenge bhaiya! PS: AZ-500 ka course Jan ya Feb me aayega (@STHpathshala)? Due to school exams abhi bhi AZ-900 me appear nahi ho pa Raha 😂
Hacker doesn't send any mailicious software, we just create a netcat reverse shell to execute command on the vulnerable server using our ldap and netcat
I have query that how can we trace the unknown traffic/attacker of any website or you can say the vulnerability like,the vulnerability in liberia's financial website that was found by phulbani. Or can you make an explanation video on that type of vul.
Hi we are using spring boot java application , spring boot by default providing the log4j-api 2.12.2 jar and log4j-to slf4j jar files. We are not using only slf4j, and we didn't used these in pom.xml file, but safer we just added log 4j- 2.15 version jar. There will be any problem or Is there any alternate?
but if the link is given of our own ldap server then the company can easily detect us because of the link so we must have a common ldap link in order to not be tracked
Ek doubt tha ki sir how that person know or how we can know that ghidhra Or any other software that is using jndi plugin or log4j library that is vulnerable to it or what parameters we should capture for input this payload how we can identify that vulnerability in live pentesting please solve my query.
Nice informative video as always but it would have been much better if you would have shown live hunting by yourself. We get notification for canary token but how to traceback that IP. I mean that IP belongs to which target can you please let us know?
Apke earphones sahi hai bas thoda voice gadbad hai... Maaf krna😂
It's ok. knowledge doesn't require sound quality. ❤️
What if I found this vulnerability on any program on hackerone program or somewhere will I get bounty or not.
Biaurnal wla microphone hai kya?
Bro zsh: error permission denied
@@LaxmiNarayana use sudo
Excellently explained in ~15 mins. Thanks a lot for this 👌🏻
Simplest explanation with example, bhaiya!
Exams chal rahe hai lekin fir bhi syllabus se zyada asani se log4j samajh me aa gaya 🫀
Wah..Chalo Humari Teaching Se Logo Ko Fayda Toh Huva....Bas ese support karte rehna.♥️
@@SpinTheHack hamesha support karenge bhaiya!
PS: AZ-500 ka course Jan ya Feb me aayega (@STHpathshala)? Due to school exams abhi bhi AZ-900 me appear nahi ho pa Raha 😂
Great piece of work :) "Bhai sab simple tool hain zyada uchalne ki zaroorat nhy" was give me huge laugh :D :D
kisi aur ka samaj nahi aaya sirf aapka explaination best tha😃😃😃
Thanks, I would say end to end packet follow was explained so nicely that I could frame everything in mind. Appreciated !!
Everytime I watch your videos, I always learn something new 🤩🤩🤩
Bhai bohot sahi explain kiya mere client ko bhi same problem aa rhi thi
bhai super duper aise hi video banaya karo keep it up
Very nicely explained.
Thanks for your efforts.
Keep doing...
Very clearly explained about the Log4j vulnerabilty.
thanks. aapne easy language me samjhane ki kosis ki hai..
This was useful. It felt like..
LogPoisoning -> CSRF -> RCE
15 min me kafi kuchh smjha diya..... nice ;)
log4j seems quite interesting. thank you for the explanation.
thank you so much. this is very helpful
Nicely Explained bro
amazing video brother... Good work.
Thanks bro. Nice information about log4j.
bhot accha tha videos good videos boss all time support he
I am looking for the part that happens after the attack, i.e. where and how the malicious software is sent by hacker after exploiting log4j.
Hacker doesn't send any mailicious software, we just create a netcat reverse shell to execute command on the vulnerable server using our ldap and netcat
@@SpinTheHack No hacker can send the malware as well. In fact hacker can install the mining software to perform crypto mining without user consent
This channel can be huge for teaching ethical hacking in hindi. I will also check all latest videos later. Keep up this good work.👍👍
Bhai yum Kai log4j immediately suaoka exploit umpar ki sum dim run the command? Love you video.
I have query that how can we trace the unknown traffic/attacker of any website or you can say the vulnerability like,the vulnerability in liberia's financial website that was found by phulbani. Or can you make an explanation video on that type of vul.
Very interest, it's help me lots thank you
I would say all the libraries or apps using JNDI may face this problem..? Whats your say ?
#Bangladesh nice bro
Bug Bounty upor video aro chaiye
Thank Sir Bohot Accha Samjhaya Apne
Thanks for great information ℹ️
Please let us know how to get rid of this vulnerability on windows server..
Thanks you so much bro for explaining in such easy language.
Welcome and keep supporting
Will you please suggest How to check log4j vulnerability in windows 2008 server r2 using Java version 7?
Thank you for explaining ☺️
Hi, My app is using common-logging jar with log4j1X version. Still i am receiving "{jndi:ldap}" string in my access logs. What should I do?
Block it with firewall.
Nicely explained. Thanks a lot!
sir can you please explain cve 2021-41379 Microsoft Windows Installer vulnerability
Sir before finding any log4j how to know whether the programme is using log4j library & not
You could also include how to prevent these attacks please. Excellent video btw
Always best and simplest way of teaching by @thecyberzeel bhyia🥳🥳 keep going..
log4j wala exploit start nhi ho rha
Well explained dude. Keep doing the good work.
Thanks for this detailed explanation..
But u didn't explained why and what is the use of using this Vulnerability from @Hacker side. What r the task he can perform using this Vulnerability?
thankyou for easy explaination
Excellent work mate, thanks for uploading this video. very helpful. LDAP pronounced L DAP not LD A P.
Surely, I will take a note of yur feedback.
nice work brother 🥳🥳🥳🥳🥳
Awesome 🤩🤩🤩
like kr diya . ab aap ldap server banana sikahiye aur detail me long video banaiye
Hi we are using spring boot java application , spring boot by default providing the log4j-api 2.12.2 jar and log4j-to slf4j jar files. We are not using only slf4j, and we didn't used these in pom.xml file, but safer we just added log 4j- 2.15 version jar. There will be any problem or Is there any alternate?
Thts okk just maven update proj it will work
If it's on classpath then it would pick your own log4j version and override it with the spring boot one
Thank you for explaining...
really like it thanks for the content.
dhamakedaar video
keep it up,
from Bangladesh
Sap abap mai
How to remove vulnerability for CVA
Is par koi video hai aap ke pass
Thank you for explaining in an easy way
cyber zeel bhai kha aagy spritual se 💀😂
but if the link is given of our own ldap server then the company can easily detect us because of the link so we must have a common ldap link in order to not be tracked
Amazing video bhai..🤩🤩
Keep teaching us like this .🤝🏻🤝🏻
yeh python 3 poc ke andar kya code kiya he ?? muje run karna he but nahi ho raha he
Thank you so much mota bhai... You're great
Thanks bro fro explanation
Poc mai kya likhna hoga
Thanks for this knowledge bro 👏
Very easily explained video , it was an very interested video 👍 .
knowladge full video contant 👍
Love your thumbnail...
Thanks man, really helped me. How can I connect with you?
well explained
Ek doubt tha ki sir how that person know or how we can know that ghidhra Or any other software that is using jndi plugin or log4j library that is vulnerable to it or what parameters we should capture for input this payload how we can identify that vulnerability in live pentesting please solve my query.
Check my latest Video
Zsh:error permission denied ko solve kese kare
@Cyber Boi chmod kaam nahi kar rha hai
@Cyber Boi sudo bhi kaam nahi kar rha hai
@Cyber Boi command ko
Arey CyberZeel Bhai ❤
Perfect explaination for beginners
Thanks for explain in easily bhai...
Why is this explanation matching exactly with JavaBrains video
i was expecting this only
Excellent 👍
I love spin the hack Bhai
apki demo pe awaz nhi aa rhi bhai
kindly isko set kr den
Excellently explained
bhai mene cyber pocket member hu .....gf tools run nhi ho rha h sub try ker ke dekh liya he 2 din se ker rha hu please help me
Very well explained thanks 😊
Excellent explain
Amazingly explained...
Glad you liked it
Thanks sir par aap ishka lab setup karne ke liye bata dijiye na
Next Video.
@@SpinTheHack thanks sir or sir ye bhi bata dijiye ka identify kaise kare
great sir maja aa gaya
we are using xmapp.
shall we be impacted?
I guess no you will not get impacted as of now. But to make sure update anything which is Apache in your system.
@@SpinTheHack ok bro thanks this video helped alot to understand LOG4J 👍
It's really amezing Zeel bhai.....❤️❤️❤️👍👍🤗🤗
Nice informative video as always but it would have been much better if you would have shown live hunting by yourself. We get notification for canary token but how to traceback that IP. I mean that IP belongs to which target can you please let us know?
Go and enjoy my next video to get it.
Canary token as added a option which shows you the hostname now.
Excellent Video !!!
Aapka koi dusra channel bhi hai kya?
Good job dear.
Aag lgaadi bhai🔥😍
perfectly explained
how to do it in burpsuite?
Check my next video.
@@SpinTheHack checked , but it was not complete tutorial, i think you missed some step( i mean i coudnt understand it fully)
Swaryogi.?
nice expiation good job bro...
Bhai THM ke alawa bhi youtube pr apni vdos continue rkho please bhai
so so thanks you bro.........
Hey! can you share the exploit.py python code file
Link is in the desc.
Awesome video