I didn't see the challenge... But I feel like there's no way a channel of your size that has made multiple videos on hacking and viruses wouldn't have multiple people that know how to perform a basic NMAP scan and brute forcing SSH. Seems weird
Thought the same. Additionally, the laptop was open to the internet. If viewers weren't gonna scan the machine, some malicious attackers would. There's simply no shot the device was not compromised, especially by a bot which scans the entire internet. I would highly recommend you put the next laptop behind a VPN and only let actual viewers have a go at the machine, not some random botnet or something.
As the video showed multiple people thought it was fake. Even one of the comments said "Nice try, fed". I assume they may have been people who saw it but used caution due to the possibility of it being a set up from other hackers or government body, especially if they don't watch videos such as these.
@@yewchicken2298 Jesus is king✝️Turn to Christ and repent for Jesus is the only true God and only true way to heaven God loves you he loves all of us he loves everyone
I do understand sarcasm unlike these other guys but! PRO tip: (from someone who knows literally nothing about this stuff) if you actually really want to watch and follow along videos like this but your scared of the viruses and malware and you have windows 10/11 pro/exp its as easy as enabling "windows sandbox" and running that. this creates a virtual machine no third party needed, you can go to all the sketch sites you want and download all the scary viruses and then when you've inevitably fucked up just close and reopen the VM, to be safe I recommend creating a restore point for your machine first, you shouldn't need it but its peace of mind. Obviously don't try to do anything malicious, the IP of the VM is still easily traced back to you and any network related things affect your entire network so I, as someone who doesn't know anything, would recommend not messing with that.
i think it’s hilarious that i’ve been watching this channel since highschool and im now in my second year of college completing my computer information systems major in cyber security. And seeing him learn how to “penetrate test” on the fly makes me feel like i was always meant to watch this channel.
I was thinking the exact same thing. I have been watching this channel forever and just this year got into college for Cyber Security and just last week learned about brute force attacks and nmap. Crazy how these things happen
Then for the whole location concern he could've just had a VPN that was running on the host machine (assuming its virtualized) and connect it to the guest machine.
@@TheNodeChannel if he gives out a VPN IP address hackers wouldn't touch it and wouldn't be able to do anything to it. Basic hackers will see if the IP is a VPN or not.
Plot twist: the guy that disconnected the cams actually put a backdoor on the cams, so the next time you plug them in the hacker is in your home network and hacks your home PC
@@randomuserame A computer's MAC address is kinda like a serial number, so the MAC won't do anything. As for on-board memory. It has to store it's software somewhere, right? Additionally, many cameras, and even IP cameras end up having some serious weak points in terms of security. Soo, yeah. It's still not likely, but it's definitely not something that's an impossibility
that was my thought too. beeing able to do that comes probably along with some other skills like patching the computer or devices firmware or to set up a boot override of the pc or changing the platform key etc....
I think the main deterrent for many people who might've participated otherwise is that we can't know for sure that you're the actual owner of that IP address. It could very well have been someone else's IP and there's no way we could've known. It's also possible that you could've misconfigured your system, and ended up giving us a dynamic IP. If that's the case, then we might not even be hacking the right device, even if you did own the device that had that IP at the moment. A domain name eliminates a lot of this uncertainty, so I suggest you use one for future experiments like this. It's always great to see creators engage with their community like this, so hopefully you'll do this again in the near future 😁
I encourage you to look up IP class ranges public and private, there's no way that IP could've been a dynamic IP since DHCP gives out dynamic IP's which is for private networks. The IP he provided falls into the class A public IP range meaning it was a public IP, it wasn't a private dynamic IP just not possible.
Dude that car stealing story is actually so relatable. I'm going through the same thing right now. Esspecially since they don't take anything REALLY valuable, it's actually cute af how polite they are. idk maybe I'm weird, but I find it funny when I see the glove compartment slightly disorganized, but orderly. Like I know they pulled shit out, but they put it back, and tried to put it back the same way it was! lmao
That 90 second hacking tutorial was probably the best hacking tutorial i have ever seen. Straight to the point, no bs, and was super quick and informative at the same time!!!!!
any decent hacker would automatically assume the challenge was just a honeypot and steer far away from it, that's probably why it didn't see much action
@@K-Anator its not about getting in trouble, its about someone logging every command/ thing you do. honeypots are usually used to see what attacks/ 0 days hackers might be using. Why risk someone knowing your avenue of attack
@@aRockOrSomething2 This setup wouldn't have required the use of any 0days, it should have been penetrable using known methods. Besides, this was technically done as a whitehat operation, the kind where you make 0days public knowledge and get them patched.
Your internal network is NAT'd out to the internet through your ISP - hence your public facing IP address. By default ports are not opened to the internet. Hence all the cyber security peeps telling you that getting hacked with just a public IP is not a realistic reflection of the average person's home network.
that’s the point of the video, it was purposefully made much easier than your average pc would be and yet all the people who apparently knew so much still failed
@@loaf5025 I'm of the opinion no one bothered trying because next to no one sets up 5+ port forwards to a personal laptop in their home network. The typical home user public IP NMAP scan results are a glorious closed/filtered fest. The video felt presented like a criticism of viewers to prove them wrong somehow. What do I know though.
im no security expert but even if you open ports and arent cg-natted the chances of someone actually going after you are extremely little. if you enable shh never ever use passwords, block remote passwrod login nstead use an ssh key stored on an USB drive. if you want a website, only open port 443 and point it to a loadbalancer, than point that loadbalancer to reverse proxy, so other ports can be configured to be accessed without opening more ports. set that load balancer as a VLAN so its that some sort of isolation from your main network and you should be fine.
I literally love that people could have done this via a Kali linux vm, and any basic beginners pentest guide involving Kali linux. It is possible to hack someone via their public facing IP address only, but like the majority of the comments have pointed out, unless you actually create those vulnerabilities, it's not that easy or simple to access a device on the private network connected to the public IP. If it was that simple, there would be no need for for hackers to create viruses which create vulnerabilities in devices, so I believe this video was made to prove that the majority of your community was all mouth and no action, which you seem to have proved, but as mentioned the claim that you can hack "anyone" with nothing but their IP, complete BS.
Except that it isn't bs. It's obviously hard to do, especially if it's a secure system, but claiming "It's not possible" like those comments did is entirely wrong from the get go - and you can be certain that most people who claimed it's not possible didn't even know it's possible while running their system on admin the whole time and having every other port forwarded for that matter. Which on its own isn't the issue, the claims that an IP wouldn't be enough however is an issue. A huge one at that. Granted its also bs to be scared about IP leaks for obvious reasons like no one needs to leak your IP, but yeah.
The jesus talk at the wnd was fantastic. You should do a little segment at the end of every video where you give out a little bit of wisdom/dad advice type of thing. Kind of like Garand thumb does at the end of his videos, but from you instead.
The fart jar will contain a fart for 10+ years. I sealed mine like 15 years ago and opened it in 2020 and it smelled exactly like someone had just ripped it 2 seconds ago
Same, had no idea till today. Would've been pretty simple to get in, but idk how he had the site hidden so it could've been a pretty difficult challenge to find it.
Seeing odoo sponsor a bunch of youtubers I follow is hilarious because I once signed up for a trial, forgot about it and then got a REALLY passive aggressive email from one of their sales guys.
I was sitting here going, "How did nobody even try throwing metasploit at it for over 10 days." You have cured the imposter syndrome I've felt as an IT "Professional."
how'd you use metasploit for this? most of the time, 22 is always ssh, and you can verify with the handshake. you can then bruteforce with hydra or anything else i might just be stupid, idrk. i don't really do pentesting, mostly just c/c++/asm maldev and reverse engineering
@sosleepy512 Yeah, right. Or people commenting on youtube just claim a lot but don't even really know how to do basic tests if allowed to try a system.
For anyone interested, its generally safe (not advisable) to leave a desktop IP in the open. Windows has pretty low target surface unless you are running services inside that make it vulnerable. out of the box windows has very very little ports that accept information, and one generally must be used to get inside. with just an ip address there is mostly one way to attack a machine and that's through ports, which have to be open to allow attack. running a server or even some games on your pc can open those ports leaving you vulnerable however windows out of the box is quite secure. unless you do what was done here and intentionally create attack vectors.
Perfect description. And especially the games part gave me PTSD from all the people that has a ton of games running on their PC with a ton of ports open but then being extremely worrysome about a kernel level anti-cheat because of their important data...
SSH brute-forcing is not something I'd do personally, most setups have a rate limit and/or will trigger a canary and/or block your IP. So unless you have done recon and have a list of possible users and passwords to spray, It's a very skid-ish method
People online are always bluffing they have like so little amount of knowledge but still they want to brag about the knowledge ☠️ They sure don't know anything and saw a short or something
The fact that you put that laptop online through a cellular hotspot instead of some sort of terrestrial ISP (cable, fiber, etc.) increased difficulty of this challenge exponentially. The majority of cell providers use CGNAT, which means the public IP address you provided was not actually yours, but rather belonged to either a firewall or router that is sitting in a data center somewhere. The WAN IP address shown on your phone/hotspot is, 99% of the time, actually a Class-C address that is NAT'd through a public IP belonging to the cell provider. Essentially, everyone who tried hacking you was actually trying to hack AT&T/T-Mobile/etc.
Honestly super surprised no one was able to do this. I feel like some "easy" boxes on Hack The Box are more difficult then this challenge haha Great video as always
i know you mentioned this in the video, but i feel like it bears repeating. this is pretty unrealistic as almost no device you use will be this insecure and vulnerable unless you make it that way. most people have their ports closed (not to mention theyre generally closed by default). not only that, most people dont have their usernames and passwords THAT easy nowadays. i mean, the easiest passwords you might find is a pet name + birthday combo (more common than you think). that said, this video is very entertaining and im looking forward to seeing an update to it. maybe it can even get turned into a sort of mythbusting series lol
also people who do open ports first disable password login on ssh. its nearly impossible to bruteforce an ssh key, if you could bf that, SSL would become pointless, as both ssl and ssh keys use similar algorithms. if someone's on your prem, you have bigger problems than your ssh key being stolen. second, ideally, you'd only open ONE other port, and load balance and/or reverse proxy that for any other needed port there are service spoofing tools so you can say your port 22 is telnet for an example, and your actual ssh port is 1234 (example) u can also disable icmp response, so if someone tries to ping itll ping out and it'll seem as if you're offlne. openng ports isn't scary either
Oh man, I wish I had stumbled upon this competition when it was happening. I would have been all over this! When's the next competition, Basically Homeless?
12:29 It's true. I've seen hackers run programs on other computers that take under 20% to mine crypto on the background. You'd never know unless you were a gamer and noticed your game was running shittier than usual (even then, you'd probably gaslight yourself into thinking the devs just suck at optimizing). Stay safe, use a VPN, and consider re-installing windows every few years if you suspect anything.
this is the best incorporation for a sponsor ive ever seen before in a vid, so much better than someone just cutting to it and talking about it for 2 minutes.
That guy that stole your money was nice fella for locking your car. He wanted to make sure no one else stole anything from you.. so caring.. honestly if he was re organizing your car for you and locking it.. he deserved the 3 dollars.. he was doing you a service 😂
Bro! Not only did I love the video but it was so cool to put yourself out there and share your faith. I’m a Christian and It’s so cool to see someone with your platform spreading the good news. Keep it up man!
It's not just about ports being open. A vulnerable service has to be running on that port. Those ports are just the typical ports those services run on. Like how http runs on 80 and https runs on 8080. But you can open port 80 on your computer without setting up an http server on it.
@@nordgaren2358you mean like ssh or telnet? And actually if you have port 80 open on the inbound on your firewall then that's a security issue but having port 80 on the outbound is a different story.
@@nordgaren2358 EXACTlY., This is what everyone missunderstands. All they care about are "open ports" but in reality there has to actually be something listening on that port that has a vulnerability that can be exploited
I haven’t watch homeless in a minute, but upon coming back, I love how he dedicates even just a few seconds for god. It’s not something you see often on TH-cam. Kudos to you.
@@Slipstreamm_ 10 months late. But I'd not even call that hacking. Bruteforce is what we resort to by default if we cant figure a combination out and have unlimited tries, so it's just natural to do it as well on systems where you can just try to get the password/user combo as well.
This is such an awesome video. Thank you for making this. Its pretty insightful and sheds some light on what some folks are really scared to. Keep on with the awesome content :)
brother i once fully believed i could breathe through my butt. Thing is, I was so stubborn, I might have actually been breathing through my butt. I ask you this- if i can breathe through my butt, can I not install a virus on a phone?
Depends on the definition of breathing. It means to take in air into your lungs and exhale it out. The butt does let out gas but very rarely does anything come in. So although I have never heard of breathing through your backside, I’m sure either you can sit on top of a fan and try and let it in or you can inject air inside of you. Or you can be smart and have some sort of surgery in which you can intake air from there. It can be done if you actually are committed to it but if you already have been, then that means yes, a phone can get a virus. When will the video be made?
FINALLY, I WAS HACKED - winner announced at the end of this video th-cam.com/video/OaXvEqEPhPM/w-d-xo.html
11 months... 😭
this is 11 months ago (the vid)
Holy shit
lol
PEOPLE COULD EASYLY USED ARMITAGE
F for that chad who has severe chronic diarrhea
F
nice pfp dude
f
F
Eph
I didn't see the challenge... But I feel like there's no way a channel of your size that has made multiple videos on hacking and viruses wouldn't have multiple people that know how to perform a basic NMAP scan and brute forcing SSH. Seems weird
Thought the same. Additionally, the laptop was open to the internet. If viewers weren't gonna scan the machine, some malicious attackers would. There's simply no shot the device was not compromised, especially by a bot which scans the entire internet. I would highly recommend you put the next laptop behind a VPN and only let actual viewers have a go at the machine, not some random botnet or something.
Those htb guys would just laugh 😂.
@@chrome1157true
@@chrome1157 Yeah, even if nobody from the channel solved it, it should've been detected by automated scanners.
As the video showed multiple people thought it was fake. Even one of the comments said "Nice try, fed". I assume they may have been people who saw it but used caution due to the possibility of it being a set up from other hackers or government body, especially if they don't watch videos such as these.
watching this channel slowly spiral in to madness is one of the most intriguing long term storylines
Homeless either has infinite money that he's just okay giving away or has absolutely no money available to steal. What is he doing???
that's damn right
went from siege to this, i like it
@@yewchicken2298 Jesus is king✝️Turn to Christ and repent for Jesus is the only true God and only true way to heaven God loves you he loves all of us he loves everyone
he was mad since the beggining
“Your PC is safer than mine” HAHA JOKES ON YOU I’VE BEEN FOLLOWING YOUR VIDEOS STEP BY STEP, and now my 4070 is unusable 😢
I can't tell whether you're proud of this or sad because of it.
what happened to it? how'd it brick?
@@shaikeau5451 youareanidiot.exe (not an insult towards you lol) somehow managed to get on to it
I do understand sarcasm unlike these other guys but! PRO tip: (from someone who knows literally nothing about this stuff) if you actually really want to watch and follow along videos like this but your scared of the viruses and malware and you have windows 10/11 pro/exp its as easy as enabling "windows sandbox" and running that. this creates a virtual machine no third party needed, you can go to all the sketch sites you want and download all the scary viruses and then when you've inevitably fucked up just close and reopen the VM, to be safe I recommend creating a restore point for your machine first, you shouldn't need it but its peace of mind. Obviously don't try to do anything malicious, the IP of the VM is still easily traced back to you and any network related things affect your entire network so I, as someone who doesn't know anything, would recommend not messing with that.
@@shaikeau5451 it saw an anime girl strip
my guys an engineer, hacker, programmer, gamer, editor, and now a rapper. holy shit
True every man
Did you just forgot "youtuber"???😂😂😂
And bible thumper.
arguably, the rapper part is the simplest
i think it’s hilarious that i’ve been watching this channel since highschool and im now in my second year of college completing my computer information systems major in cyber security. And seeing him learn how to “penetrate test” on the fly makes me feel like i was always meant to watch this channel.
"wen i started watching this channel 2 years ago idda never thought id like it so much!" durrhurr
Man if youtube notified you of the other dude in the replies fuck that guy i appreciate your story
Skiddy...
@@ryshellso526 bro called someone actively studying cybersecurity a skid. the internet never fails to amaze
I was thinking the exact same thing. I have been watching this channel forever and just this year got into college for Cyber Security and just last week learned about brute force attacks and nmap. Crazy how these things happen
Use a honeypot for the next one, if you want to properly monitor what's going on within the machine.
Ahh the Classic "HoneyPot" a Pc honeypot is like a Firewall but made of ICE!
@@ps2killer1 made out of internal combustion engine
Then for the whole location concern he could've just had a VPN that was running on the host machine (assuming its virtualized) and connect it to the guest machine.
@@TheNodeChannel if he gives out a VPN IP address hackers wouldn't touch it and wouldn't be able to do anything to it. Basic hackers will see if the IP is a VPN or not.
Byrospyro hackers wouldn't do nothing much except leave a text file saying acknowledging it is a honey pot and likely get annoyed.
Plot twist: the guy that disconnected the cams actually put a backdoor on the cams, so the next time you plug them in the hacker is in your home network and hacks your home PC
Imagine
not a hacker but wouldnt that only work if it had on-board memory or was an IP or had its own MAC?
@@randomuserame they are required by law to have their own mac 😘
@@randomuserame A computer's MAC address is kinda like a serial number, so the MAC won't do anything. As for on-board memory. It has to store it's software somewhere, right? Additionally, many cameras, and even IP cameras end up having some serious weak points in terms of security. Soo, yeah. It's still not likely, but it's definitely not something that's an impossibility
that was my thought too. beeing able to do that comes probably along with some other skills like patching the computer or devices firmware or to set up a boot override of the pc or changing the platform key etc....
I think the main deterrent for many people who might've participated otherwise is that we can't know for sure that you're the actual owner of that IP address. It could very well have been someone else's IP and there's no way we could've known.
It's also possible that you could've misconfigured your system, and ended up giving us a dynamic IP. If that's the case, then we might not even be hacking the right device, even if you did own the device that had that IP at the moment.
A domain name eliminates a lot of this uncertainty, so I suggest you use one for future experiments like this. It's always great to see creators engage with their community like this, so hopefully you'll do this again in the near future 😁
🖕
bro this is some hard cap, it was just skill issue from y'all
I encourage you to look up IP class ranges public and private, there's no way that IP could've been a dynamic IP since DHCP gives out dynamic IP's which is for private networks. The IP he provided falls into the class A public IP range meaning it was a public IP, it wasn't a private dynamic IP just not possible.
nope, the hackers fumbled straight up
Dude that car stealing story is actually so relatable. I'm going through the same thing right now. Esspecially since they don't take anything REALLY valuable, it's actually cute af how polite they are. idk maybe I'm weird, but I find it funny when I see the glove compartment slightly disorganized, but orderly. Like I know they pulled shit out, but they put it back, and tried to put it back the same way it was! lmao
bruh i would be absolutely terrified if that happened to me
Just to be sure, check if you got MPD
bro please lock your car
leave a little note for the person breaking in saying hi
@@goober_985 "hi, i know you've been entering my car for a while... wanna be friends? :)" LMAAOOO
If your network had exposed vulnerable services running on open ports, then of course they could be comprised.
brother I think you're about to get dumped on by a bunch of cybersecurity professionals for giving accurate information
that is scary
@@BasicallyHomeless
@@BasicallyHomeless just wait for the stack exchange users
no shit smart ass how else will this be possible
@@BasicallyHomeless im a cybersecurity professional i keep all the wireless waifu safe on the mainframe
This video is going to expose a ton of security vulnerabilities in ODU’s code
That 90 second hacking tutorial was probably the best hacking tutorial i have ever seen. Straight to the point, no bs, and was super quick and informative at the same time!!!!!
a 15 minute ad that's crazy
any decent hacker would automatically assume the challenge was just a honeypot and steer far away from it, that's probably why it didn't see much action
Many decent hackers and script kiddies have big egos, I like this guys content but this sorta gives me fake vibes
There was express written permission given to penetrate his network. No one's going to get in trouble for participating in a public penetration test.
@@K-Anator its not about getting in trouble, its about someone logging every command/ thing you do. honeypots are usually used to see what attacks/ 0 days hackers might be using. Why risk someone knowing your avenue of attack
@@aRockOrSomething2 This setup wouldn't have required the use of any 0days, it should have been penetrable using known methods. Besides, this was technically done as a whitehat operation, the kind where you make 0days public knowledge and get them patched.
@@aRockOrSomething2 who is going to willingly waste a 0 day on something like this
Your internal network is NAT'd out to the internet through your ISP - hence your public facing IP address. By default ports are not opened to the internet. Hence all the cyber security peeps telling you that getting hacked with just a public IP is not a realistic reflection of the average person's home network.
Yeah, he definitely doesnt get it. This video sucked.
would this change if an IPv6 address was shared?
that’s the point of the video, it was purposefully made much easier than your average pc would be and yet all the people who apparently knew so much still failed
@@loaf5025 I'm of the opinion no one bothered trying because next to no one sets up 5+ port forwards to a personal laptop in their home network. The typical home user public IP NMAP scan results are a glorious closed/filtered fest. The video felt presented like a criticism of viewers to prove them wrong somehow. What do I know though.
im no security expert but even if you open ports and arent cg-natted the chances of someone actually going after you are extremely little.
if you enable shh never ever use passwords, block remote passwrod login nstead use an ssh key stored on an USB drive.
if you want a website, only open port 443 and point it to a loadbalancer, than point that loadbalancer to reverse proxy, so other ports can be configured to be accessed without opening more ports. set that load balancer as a VLAN so its that some sort of isolation from your main network and you should be fine.
Man I'm sad I missed this My first though was just do an ssh and try some common passwords lmao
you literally would have won
dude fr like if I wasn't on vacation when he posted that video i would've won lmfao
@@Pink_Charsureeee
@@SnoopCreature17 i'm serious lol
@@BasicallyHomelessplease do it again
I literally love that people could have done this via a Kali linux vm, and any basic beginners pentest guide involving Kali linux. It is possible to hack someone via their public facing IP address only, but like the majority of the comments have pointed out, unless you actually create those vulnerabilities, it's not that easy or simple to access a device on the private network connected to the public IP. If it was that simple, there would be no need for for hackers to create viruses which create vulnerabilities in devices, so I believe this video was made to prove that the majority of your community was all mouth and no action, which you seem to have proved, but as mentioned the claim that you can hack "anyone" with nothing but their IP, complete BS.
Except that it isn't bs.
It's obviously hard to do, especially if it's a secure system, but claiming "It's not possible" like those comments did is entirely wrong from the get go - and you can be certain that most people who claimed it's not possible didn't even know it's possible while running their system on admin the whole time and having every other port forwarded for that matter.
Which on its own isn't the issue, the claims that an IP wouldn't be enough however is an issue. A huge one at that. Granted its also bs to be scared about IP leaks for obvious reasons like no one needs to leak your IP, but yeah.
I just use my mac, most UNIX tools are available and for Linux-specific ones you can just fire a micro-vm with lima.
The jesus talk at the wnd was fantastic. You should do a little segment at the end of every video where you give out a little bit of wisdom/dad advice type of thing. Kind of like Garand thumb does at the end of his videos, but from you instead.
The fart jar will contain a fart for 10+ years. I sealed mine like 15 years ago and opened it in 2020 and it smelled exactly like someone had just ripped it 2 seconds ago
If you made a dedicated video announcement, you would have been hacked in 10 minutes 🙂
No one simply saw the challenge :(
Yeah I knew nothing about this lol
same smh
real
He should check the logs. Im sure a bot got in the first day
Same, had no idea till today. Would've been pretty simple to get in, but idk how he had the site hidden so it could've been a pretty difficult challenge to find it.
The fart in a jar caught me off guard 😂😂😅
Yeah lmao
Spoiler alert!!!😢😢😢
same thing happened here😂😂😂
@@cedricmunschauerI just started watching, I have no idea what the hell they are talking about
He think he Martin
I had no idea he did this, I wish I couldve participated. Sounds like a fun time
Seeing odoo sponsor a bunch of youtubers I follow is hilarious because I once signed up for a trial, forgot about it and then got a REALLY passive aggressive email from one of their sales guys.
The jeff song is a vibe, spotify release when?
LOL open.spotify.com/track/4SX6sIbpEWUZwmQYZ2U9Gn?si=5c5ef220056943fc
@@BasicallyHomeless amazing, i need to add this to my playlist.
Ah crap I missed this one and I'm bummed. I love doing CTFs/pentests and this one actually looked so fun.
Fr... I'm a cybersecurity student and would have srsly loved to had been apart of this. His website says there may be another so let's hope for that!
I was sitting here going, "How did nobody even try throwing metasploit at it for over 10 days."
You have cured the imposter syndrome I've felt as an IT "Professional."
Probably no one even bothered to even try it
how'd you use metasploit for this? most of the time, 22 is always ssh, and you can verify with the handshake. you can then bruteforce with hydra or anything else
i might just be stupid, idrk. i don't really do pentesting, mostly just c/c++/asm maldev and reverse engineering
Shouldve left 3389 open lmao
@sosleepy512 Yeah, right.
Or people commenting on youtube just claim a lot but don't even really know how to do basic tests if allowed to try a system.
Bravo for the last 15 seconds of the video there. Caught me off guard but was so great to hear. Keep it up !!
POV: The hacker added a backdoor access to the laptop so when you put it back to your house he has access to your geolocation and cameras
Mmm good hummus. Very epic. Much happy.
oh wow how did you get here so fast hahaha ;)
Hacking skills 🤫
😳
wait wha
How
Looks like the competition is over now. I can't wait for the next one man. This is the stuff I love and I'll be checking back for the details.
kek, you in bro?
This is such a you move, but I am still shocked and extremely impressed by this stunt you pulled! You are, dare I say, based.
For anyone interested, its generally safe (not advisable) to leave a desktop IP in the open. Windows has pretty low target surface unless you are running services inside that make it vulnerable. out of the box windows has very very little ports that accept information, and one generally must be used to get inside. with just an ip address there is mostly one way to attack a machine and that's through ports, which have to be open to allow attack. running a server or even some games on your pc can open those ports leaving you vulnerable however windows out of the box is quite secure. unless you do what was done here and intentionally create attack vectors.
This is the best one paragraph description any comment has given so far.
Perfect description.
And especially the games part gave me PTSD from all the people that has a ton of games running on their PC with a ton of ports open but then being extremely worrysome about a kernel level anti-cheat because of their important data...
I will try out the website builder
SSH brute-forcing is not something I'd do personally, most setups have a rate limit and/or will trigger a canary and/or block your IP. So unless you have done recon and have a list of possible users and passwords to spray, It's a very skid-ish method
well, in this case it was a CTF so anything would be acceptable to gain access to the system no matter how u do it
Super cool and encouraging to see your boldness to share your faith on your youtube channel!
People online are always bluffing they have like so little amount of knowledge but still they want to brag about the knowledge ☠️
They sure don't know anything and saw a short or something
#1 rule in cyber security, nothing is unhackable.
even my Samsung fridge?
I don't think any cyber security specialist would agree with you on that.
I'm not a computer hacker, but troubleshooting has taught me I'm definitely a hacker.
what about a brick wall
@@StrawberrySodapaw Even the Samsung fridge. :)
the random guy you see at Walmart in the tech section
the guy that crop dusts you on the way to the register
@@BasicallyHomeless yea lol very true
@@BasicallyHomelessik I gotta stop
The fact that you put that laptop online through a cellular hotspot instead of some sort of terrestrial ISP (cable, fiber, etc.) increased difficulty of this challenge exponentially. The majority of cell providers use CGNAT, which means the public IP address you provided was not actually yours, but rather belonged to either a firewall or router that is sitting in a data center somewhere. The WAN IP address shown on your phone/hotspot is, 99% of the time, actually a Class-C address that is NAT'd through a public IP belonging to the cell provider. Essentially, everyone who tried hacking you was actually trying to hack AT&T/T-Mobile/etc.
then how did he hack it? most times it wont matter.
You need to rent this store front and keep a 24/7 live stream just to see what creatures be popping up 😂
fr those creatures go crazy
Love the part at the end, %100 agree. Keep making the banger content and professing your faith 💯
I think that when someone seriously hacks and takes over your channel it will be justified by this
Honestly super surprised no one was able to do this. I feel like some "easy" boxes on Hack The Box are more difficult then this challenge haha Great video as always
Utmost respect for openly talking about your faith at the end :)
i know you mentioned this in the video, but i feel like it bears repeating. this is pretty unrealistic as almost no device you use will be this insecure and vulnerable unless you make it that way. most people have their ports closed (not to mention theyre generally closed by default). not only that, most people dont have their usernames and passwords THAT easy nowadays. i mean, the easiest passwords you might find is a pet name + birthday combo (more common than you think). that said, this video is very entertaining and im looking forward to seeing an update to it. maybe it can even get turned into a sort of mythbusting series lol
also people who do open ports first disable password login on ssh. its nearly impossible to bruteforce an ssh key, if you could bf that, SSL would become pointless, as both ssl and ssh keys use similar algorithms. if someone's on your prem, you have bigger problems than your ssh key being stolen.
second, ideally, you'd only open ONE other port, and load balance and/or reverse proxy that for any other needed port
there are service spoofing tools so you can say your port 22 is telnet for an example, and your actual ssh port is 1234 (example)
u can also disable icmp response, so if someone tries to ping itll ping out and it'll seem as if you're offlne.
openng ports isn't scary either
This made me wanna change my password to something even more secure and obscure than ever before!
Bro was like: here is the easiest way to get on a watch list
Another fun, informative video and I, for one, appreciate the last section about your faith and trust in Christ :)
this guy is clinically insane i love it
Best part of the video starting at 14:35. Preach brother 🤙🏼
fun fact: the spider was the hacker
bro. at the end i thought he was Gonna make it a life lesson XD
Loved the message at the end of the video.❤ keep it up man, love your content and your humor
Wow, I was pleasantly surprised at the end with you sharing your faith in Jesus. God bless you brother.
Next video: "I let viewers try to delete my channel"
Man im sure odoo loved to sponsor a video of someone giving a publically available tutorial on how to hack!
Oh man, I wish I had stumbled upon this competition when it was happening. I would have been all over this! When's the next competition, Basically Homeless?
Haven't watched your videos in a while and forgot how hilarious you were lol. Great stuff dude
Big W to you for adding the end of the video in. I appreciate what you're doing
The only thing I got from this video is that he's still probaly not over the 3$ he lost and he has a weird thing for farts and jars. 10/10
12:29 It's true. I've seen hackers run programs on other computers that take under 20% to mine crypto on the background. You'd never know unless you were a gamer and noticed your game was running shittier than usual (even then, you'd probably gaslight yourself into thinking the devs just suck at optimizing).
Stay safe, use a VPN, and consider re-installing windows every few years if you suspect anything.
I reinstall Windows every 3 months because it's just awful and breaks.
this is the best incorporation for a sponsor ive ever seen before in a vid, so much better than someone just cutting to it and talking about it for 2 minutes.
Every video is straight up a movie, I love it.😂😂
your videos consistently make me laugh. thank you
Amen bro talkin bout Jesus is a HUGE W . I love that so much.
That guy that stole your money was nice fella for locking your car. He wanted to make sure no one else stole anything from you.. so caring.. honestly if he was re organizing your car for you and locking it.. he deserved the 3 dollars..
he was doing you a service 😂
He was like "this place is a fuckin mess, I can't find anything to steal in here! might as well clean up..."
Honestly i would never drive in that car again.
11:37 you sound exactly like Daniel Tosh right here
What ending a video talking about your faith? Nice! Not many times do I see something like that in a video in this niche, so that's awesome
Bro! Not only did I love the video but it was so cool to put yourself out there and share your faith. I’m a Christian and It’s so cool to see someone with your platform spreading the good news. Keep it up man!
If you had any ports open, then yes you can definitely just be hacked with just your network ip address
WOAH WOAH pal, take it easy with sharing correct information like that. There's ladies on this floor.
It's not just about ports being open. A vulnerable service has to be running on that port. Those ports are just the typical ports those services run on. Like how http runs on 80 and https runs on 8080. But you can open port 80 on your computer without setting up an http server on it.
@@nordgaren2358you mean like ssh or telnet? And actually if you have port 80 open on the inbound on your firewall then that's a security issue but having port 80 on the outbound is a different story.
@@nordgaren2358 https uses port 443 by default tho?
@@nordgaren2358 EXACTlY., This is what everyone missunderstands. All they care about are "open ports" but in reality there has to actually be something listening on that port that has a vulnerability that can be exploited
Amen Brother! always love seeing a fellow brother in Christ being open about talking about God!
My god that end sobg went insanely hard
I haven’t watch homeless in a minute, but upon coming back, I love how he dedicates even just a few seconds for god. It’s not something you see often on TH-cam. Kudos to you.
fr
Props for not being ashamed to be Christian.
the rap is insane
Rip chronic ”diarrhea” kid
Brute force is insane actually that's genius. I do same thing on DayZ with 3-dial combinations because it unlocks as soon as you type right number.
Sounds like crap security. Would that work in Rust?
no thats basic hacking
@@Slipstreamm_ 10 months late.
But I'd not even call that hacking. Bruteforce is what we resort to by default if we cant figure a combination out and have unlimited tries, so it's just natural to do it as well on systems where you can just try to get the password/user combo as well.
This is such an awesome video. Thank you for making this. Its pretty insightful and sheds some light on what some folks are really scared to. Keep on with the awesome content :)
Amen preach it brother.
this song is a banger
Fun video but best part was the end talking about Jesus! Haha love it bro!
Thank you for the message at the end. I’ve been trying to work on my faith and relationship with the Lord
i pushed a old person down the stairs
Oh!! How lovely
so glad there’s a funny creator who doesn’t hide his faith
14:34 respect
thats the best and creative way to advertise yet ngl
I would pay someone to teach me the basics
He should try putting viruses on a phone because I’ve never seen a phone with a virus so it might not be possible
brother i once fully believed i could breathe through my butt. Thing is, I was so stubborn, I might have actually been breathing through my butt.
I ask you this- if i can breathe through my butt, can I not install a virus on a phone?
@@BasicallyHomelessMy question is should I breathe through my butt?
Depends on the definition of breathing. It means to take in air into your lungs and exhale it out. The butt does let out gas but very rarely does anything come in. So although I have never heard of breathing through your backside, I’m sure either you can sit on top of a fan and try and let it in or you can inject air inside of you. Or you can be smart and have some sort of surgery in which you can intake air from there. It can be done if you actually are committed to it but if you already have been, then that means yes, a phone can get a virus. When will the video be made?
@@BasicallyHomeless i wont doubt it, breathing through your butt is totally rad
@@Choccy_Donutthe air would have to travel through entire digestive tract and enter ur respiratory tract
I fart too much
💨
OH DUDE LETS GOOOOOO what a king for the outro- The Lord be with you brother
Hello, your big fan is here. Don't be sad man, I hope you will get hacked soon. It's okay everyone eventually gets that
Imagine him getting his ip held offline for leaking the ip LOL 😂 SOMEONE SHOULD HAVE DONE THAT
Probably dynamic IP so he could just change it😭
@@Anony556 it said static in the video
very epic. love to see christian prescence online! keep it up dude!
That ending though? BASED!
either hes stupid or hes the greatest content creator ever.
Maybe both
The song at the end.. about people with bad credit. That hit where it hurts lmao a hacker wouldnt even want my identity
Alot of these "hackers" have a big ego so they cant accept theyre dog water 😂
I'm sorry, I just can't with religion. Don't want anything to do with it or people who gospel.
Me too. I've been bombarded by unwanted Christian proselytizing all over the internet lately and it's really annoying