well.. 5:01 is the most important part. If you read WHAT you are opening there you will be just fine. Also, if you have the file in any other directory (in this case) you would not be trapped in a TCP reverse shell would you?
He's making real tutorials and all but he doesn't mention all that stuff on purpose, if you want to learn from him you are going to learn just the base (basically how to be a skid) and then you'll need to check yourself how to bypass all the other sh!t.
@@Suneeh1338 Yeah, he has to do something about it. I mean, what can WE (the avarege viewer) can do about it? It's not like you can make a YT channel and post the real sh!t there because it's gonna get taken down. (NullByte tried that) Maybe making it into some puzzle so that only people that aren't just some "average viewers" can access and that will be outside of YT so it won't promote any illegal activities?
This exploit seems to be just for adobe reader, so you can just use firefox or microsoft edge (which is the default pdf reader on windows) to view the pdf
There’s is few of questions I need to ask you which can a iPhone be used to do ethical hacking using ISH or etc? What about even a Chromebook tablet? Also how can someone get data from the air? Also forgot to ask is it possible for someone with ADHD to become one of the best hackers? Currently struggling honestly even trying to make decent living but not giving up hope yet. Thanks I feel like your the best person to answer this honestly and one of my favorite teachers here on TH-cam.
How long does it take to payload generation to complete? It seems for me it takes a very long time or is just looping indefinently both with ubuntu and kali linux
I hope there will be a tutorial of how to detect if something happens to the user like this or a solution to avoid it like setting configuration or something. This makes me aware that not all doc/pdf files is safe. I wonder if this method is also applicable to videos. Like, when opening a video, it is also possible to get hacked.
@@martinsuperfind7779 i think i figured it out i havent tested but your target has to be in the same exact network. you portfoward your network to avoid this. or host it on ngrok
@@mantavyapurohit1538 i think i figured it out i havent tested but your target has to be in the same exact network. you portfoward your network to avoid this. or host it on ngrok
Loi, won't Antivirus programs stop any pdf with an exe or some pdfs with exe attached the Antivirus programs will allow to pass if you crypt it properly with a never before seen crypter? Loi please answer.
@@pervysage4595 Can you tell me the name of one or more pdf encrypters? So what do they do? They will literally encrypt the pdf and the exe and make it look like what type of file to Antivirus programs?
@@mikevinitsky8506 lmao it means script kiddie. someone who uses other ppls stuff to hack and doesn’t write there own. like this backdoor maker. it won’t bypass av
I love your videos but it would be nice to mention that you will have to first convince the victim to disable windows defender or do it yourself in any way :)
Amazing content . Thts all we can do in virtual environment. How can we get a meterpreter session for a device that is connected to public network i,e the internet.
@@brodierobson4490 I'm guessing you work in education or a consultant or something. I agree that coding is important, but you can be in infosec with out being a strong coder. Obviously some python is important.
Thank you for your video. Can we have more details on the technical part ? A pdf isn't supposed to be able to handle an .exe files. How does the trick work ?
idk, but i think he's showing us an outdated exploit without any notes to gain views, if you look at the video carefully, he was using Adobe Reader 8.1 (Date: June 2007).??? 2007 Seriously???
@@L2002 this is for educational purposes only of course he wont teach stuff that you can exploit you should have common sense if you want to be a real hacker
It's good to know this stuff but, any script kiddie can do this just as we are learning it or using it as a quick reminder/reference. To be a real hacker takes much more then using someone else tools.
I am a newbie. I read a document saying that to be able to insert malicious code into a file such as pdf, it will have a format like: abc.pdf.exe in your video. I don't see the exe extension at all. Was the documentation I read completely wrong?
you are right, he was using Adobe Reader 8.1 (Release Date: June 2007). this is ridiculous, he should have mentioned that the exploit is outdated. 2007?!
hey can anyone help ? ummmm i did what hackerloi did but it doesnt seems like is working , i put the path to a pdf file and after i done renaming it with setoolkit i copy that file and put it to window and it didnt work , is it because i dont have adobe reader on my windows ?
Can you tell me how to do it with my own payload, I don’t want to have remote access just my exe to pass the Anti virus Softwares. (For ethical hacking only) We are tasked by our it school course in the realm of a project. It doesn’t matter which exploit we use, the payload must do its job on target machine. The exploit adobe_pdf_embedded_exe doesn’t work since it’s for version 7.1 and we have version 21 at current times.
When we sending a pdf document like in the video should we wait on the Kali Linux terminal ? Or we can close our laptop then re-open Kali *imagine* 2 hours after the victim open the doc and will it work?
Not to be bitching, because i really like your video. It's good that you inform the public about these things. Thanks! But a 6 character password you type in at sudo? Unless that's with special chars only (not in rainbow tables) it's pretty darn short.
Loi, in this videos we have know the target IP address. How to reconaissance the IP address which the target is in internet such as using smartphone, tablet, etc. Thanks
:)
:)
:D
I want to know that if it is possible to know is pdf okay or not without open it?
Ok sir then,how it'll work for Android
Missing the old intro 😥
Ay yes, now I can send my "Home work" to my teacher.
Yeah "home work"
Yeah "home work"
🤣🤣🤣
Ah yes, you just copied the same comment from Lio lang's malicous pdf video from 3 years ago and also doing this will get you expelled and arrested.
, 😂
i love the simplicity of your tutorials, keep going !
This is really scary.. Thank you for spreading such amazing knowledge.
This very old hacking 🙂
But now hackers can do more scary things 🙂
@@rafimr5751 Ohh
@@rafimr5751 like what i really want to know just tell me the names
@@AmanKumar-hy5ck I can mine cryptocurrency on you device 😋
@@AmanKumar-hy5ck for that check my bio 🙂
My favorite channel! Thank you Loi Liang Yang!
Best in the game... Fav channel of all time... Much love 🔥🔥🔥
i love this channel, you make things easy
they ARE easy if he uses them on this channel
mr loi you are really genius,
love your content and ur way of simplifying the information
@Y K why not?
no
@Y K so just because he does a little easier tutorials, he's a script kiddy?
@Y K Yes, there is. but that's not really the point. You can't just claim that someone is something without knowing anything. Thats just hating ^^
@Y K 7, almost 8
Mr. Loi you have amazing brain and amazing way to learn us how we do it, THANK YOU.
you can learn all he says from manual of the programs
@@sbypasser819 where is that manual?
well.. 5:01 is the most important part. If you read WHAT you are opening there you will be just fine. Also, if you have the file in any other directory (in this case) you would not be trapped in a TCP reverse shell would you?
He's making real tutorials and all but he doesn't mention all that stuff on purpose, if you want to learn from him you are going to learn just the base (basically how to be a skid) and then you'll need to check yourself how to bypass all the other sh!t.
@@broz36_ i know bro. but many ppl here are conviced that there is nothing the target can do.
@@Suneeh1338 Yeah, he has to do something about it.
I mean, what can WE (the avarege viewer) can do about it?
It's not like you can make a YT channel and post the real sh!t there because it's gonna get taken down. (NullByte tried that)
Maybe making it into some puzzle so that only people that aren't just some "average viewers" can access and that will be outside of YT so it won't promote any illegal activities?
@@broz36_ exactly.
This exploit seems to be just for adobe reader, so you can just use firefox or microsoft edge (which is the default pdf reader on windows) to view the pdf
where pdf is stored?
There’s is few of questions I need to ask you which can a iPhone be used to do ethical hacking using ISH or etc? What about even a Chromebook tablet? Also how can someone get data from the air?
Also forgot to ask is it possible for someone with ADHD to become one of the best hackers? Currently struggling honestly even trying to make decent living but not giving up hope yet. Thanks I feel like your the best person to answer this honestly and one of my favorite teachers here on TH-cam.
Its only happen when the firewall and antivirus is disabled right? So keep your firewall and antivirus active and updated.
Well, a virus can add itself to exception and bypass those stuff so who knows. Never safe to completely just trust your anti-virus
@@Motoxrides a virus can not add itself an exception, the user needs to allow that exception xd..so...
@@danawhite7361 you haven ever seen viruses that did that? "The PC Security Channel" talked about such a virus a few years back.
@@TVPInterpolation need admin! user needs to agree
this video is so misleading. he's also using Adobe Reader 8.1, which means June 2007!!!! can you believe that?!
HackerLoi you are my favorite Hacker to watch, you go through things quickly and precisely. Great job man.
Same
Please tell how to stop accessing the pc, like how can i stop accessing my own pc. ik its weird question but at least tell me.
@@zipp5022 If they already opened it that will do nothing.
@@addicted3105 You can go back to a previous version of your machine, assuming you're using windows.
Mr. Loi, i love this channel can you make a full explanation of how to use CVSS in every type of metric, thank you!.
You the best of the best .much love from South Africa
when i set the playload how can i know the playload's file location?
and how can i know the email send to the target (demo)
How long does it take to payload generation to complete? It seems for me it takes a very long time or is just looping indefinently both with ubuntu and kali linux
I thought it was only mine, I've tried several times but it keeps generating with no results for minutes/hour
@@vincentcj7548 yes
Amazing information. Love your videos. Regards from Sweden
If I use my Android Galaxy S9, rooted & with AFWall+ installed, will opening the pdf-file still be as malicious, as it was shown here?
I hope there will be a tutorial of how to detect if something happens to the user like this or a solution to avoid it like setting configuration or something. This makes me aware that not all doc/pdf files is safe. I wonder if this method is also applicable to videos. Like, when opening a video, it is also possible to get hacked.
I'm pretty sure that windows defender will block it
@@SunBlade4302 5:01 in the video.. he just accepts everything and OPENS it.. just read what you open guys :D
don't worry at all, this video is misleading. he was using Adobe Reader 8.1 (Release Date: June 2007). are you kidding me, 2007?
Yup even when opening an image
But its not that easy so not anyone can do it
And to be safe open unknown sources files on vps or rdp
Great man, learning a litle every vídeo....thanks
Loi we want tutorials about hacking android phones, because they are the most uesd phones in the space 😁.
Guys hit like to rise up my comment
he will not, he just showed you an outdated exploit, look at the video, he was using Adobe Reader 8.1 (Release Date: June 2007).
@@L2002 the fact that the viewer is outdated says literally nothing about the exploit itself
@@Daniel-yt7ry TYL3R DURD3N
Excellent Mr. Hackerloi. Your the best
Love you man, and thanks for yet another amazing video.
❤
Always motivated by your tutorials
3:30....after renaming the pdf file, how can I access it or find it??, so that I can mail it to user.
have you fixed?
@@ahinssu617 no still can't find the file, did you?
same problem, If you have fixed message me please :)
@@martinsuperfind7779 i think i figured it out i havent tested but your target has to be in the same exact network. you portfoward your network to avoid this. or host it on ngrok
@@mantavyapurohit1538 i think i figured it out i havent tested but your target has to be in the same exact network. you portfoward your network to avoid this. or host it on ngrok
this is just amazing than i expected, i love it
Loi, won't Antivirus programs stop any pdf with an exe or some pdfs with exe attached the Antivirus programs will allow to pass if you crypt it properly with a never before seen crypter? Loi please answer.
there are encrypters for pdf files
@@pervysage4595 Can you tell me the name of one or more pdf encrypters? So what do they do? They will literally encrypt the pdf and the exe and make it look like what type of file to Antivirus programs?
@@mikevinitsky8506 you need to know basics of coding here, u can’t just use skid software abs expect to bypass av
@@edmorris4720 I'm a programmer. What is skid software?
@@mikevinitsky8506 lmao it means script kiddie. someone who uses other ppls stuff to hack and doesn’t write there own. like this backdoor maker. it won’t bypass av
I Would Definitely open this file.
In my organization's production server.
RIP✋️💀
You are great boss. Love from Bangladesh :)
Sir, I don't know the path of the file "HACKERLOI.pdf" you created in the video.where is it....???
Me too i don't know where is the PDF file
I have the same question, someone know where is it?
@@felipearbelaez1360 just make a new document in the desktop and give it a name and embedd the payload inside that, thats it
Create black instead
Oh my boss im Just coming watched u ❤❤❤❤ 😂😂# Edy
I love your videos but it would be nice to mention that you will have to first convince the victim to disable windows defender or do it yourself in any way :)
Is there a work around so that windows defender does not pick it up?
a normal payload can bypass windows defender but for pdf idk
What is i close my oc after nake pdf and while closing my terget open the file so i get the access?
why you never use obfuscation, in the real world everybody has at least windows defender enabled.
and these payloads are easy to detect.
Can you tell where the file is stored so that I can send that pdf
bruh did you find out
i cant figure it out rip
For those figuring out where the generated pdf is saved, the path is /root/.set
Amazing content . Thts all we can do in virtual environment. How can we get a meterpreter session for a device that is connected to public network i,e the internet.
Next time I'm sending out CVs for job applications, I'm going to use this XP
🤣🤣🤣
I HAVE LINUX RUNNING IS A VM, WHERE DO I FIND THE PDF I CREATED??
Would love to hear a good tutorial on obfuscation, AV catches most of the stuff from SE
thats the where you need to learn to code comes in.
@@brodierobson4490 I'm guessing you work in education or a consultant or something. I agree that coding is important, but you can be in infosec with out being a strong coder. Obviously some python is important.
Do you know where the PDF file saved?
Handsome hacker indeed👀
Please tell how to stop accessing the pc, like how can i stop accessing my own pc. ik its weird question but at least tell me.
I want to know without showing the permission pop up , taking access of CMD is possible or not? I know its possible but how
What i do if i see you in my city
Run away
Just run don't look back
And hide your phone 😂
Everytime i get a payload is saves it to a root folder which i cant axcess any fixes?
it already gets detected by windows defender ,,,, no use
yeah bro every msfvenom payload gets detected by antivirus gotta find the new way
@@renderset2937 True
@@renderset2937 you can make the metaspliote payload undetected by obfuscation
Do you know where the file is being saved after renaming it. I can't find it bro.
@@Rahul-nw5rp Google it
I opened up the file but nothing appeared in the terminal
Thank you for your video. Can we have more details on the technical part ?
A pdf isn't supposed to be able to handle an .exe files.
How does the trick work ?
idk, but i think he's showing us an outdated exploit without any notes to gain views, if you look at the video carefully, he was using Adobe Reader 8.1 (Date: June 2007).??? 2007 Seriously???
@@L2002 this is for educational purposes only of course he wont teach stuff that you can exploit you should have common sense if you want to be a real hacker
@@OpenYoureyes304 i know that, but at least he should say if the exploit is outdated or now
Can an internet security or an antivirus be able to stop this attack ? Say Kaspersky or Macafee ?
Loi should be protected at all costs!
why? what he says can be learned from text sources
@@sbypasser819 not only that, he was using Adobe Reader 8.1 (Release Date: June 2007), 2007!!!
Yeah but if the adobe program is cloosed wouldn't we loose reverse shell?
Thanks for teaching us real hacking ❤
thats ethical hacking
It's good to know this stuff but, any script kiddie can do this just as we are learning it or using it as a quick reminder/reference. To be a real hacker takes much more then using someone else tools.
@@SK-me9by to be real hacker you need to enable screen blocking and you need to know the keybinds for opening the system prompt function in hai.dll
Did not see where to get the pdf after downloading it
the pdf is saved under /root/.set
is it detectable by windows defender or other antiviruses??
I am a newbie. I read a document saying that to be able to insert malicious code into a file such as pdf, it will have a format like: abc.pdf.exe in your video. I don't see the exe extension at all. Was the documentation I read completely wrong?
yes, me too, i think it doesn't worok on gmail
run the kali linux hacking os on any phone is no longer available bruh
And the port forwarding? Unless you do it, it will only work in a LAN...
I don't get session when PDF is open
But the pdf payload don’t work on all pdf reader, just old versions who don’t fix the exploit
you are right, he was using Adobe Reader 8.1 (Release Date: June 2007). this is ridiculous, he should have mentioned that the exploit is outdated. 2007?!
Another click bait. None of the guys commenting has tried it out and in order for this to work must be Adobe Reader 8.1. We are in 2022 cmon
Hi
can any one tell me where can i find the pdf that i just made.
I dont find it
If a hacker did this would a factory reset remove the problem?
@DDD9216A oh true
Old intro was dope. Bring it back please
4:52 how did u creat the pdf file ?
hey can anyone help ? ummmm i did what hackerloi did but it doesnt seems like is working , i put the path to a pdf file and after i done renaming it with setoolkit i copy that file and put it to window and it didnt work , is it because i dont have adobe reader on my windows ?
Due the issue of sending email Where can i find the new file
infinite message "Waiting for payload generation to complete..." Could you fix that issue??
When im sending it it says “unable to connect to mail server” how did you send it? Can someone help please
yes u can't with gmail
I would guess that this is not a persistent connection, right. Once the windows box is rebooted, the exploit dies unless pdf is opened again.
what is this tutorial for if the pdf is detected by all anti virus
I have a create question. What would happen if you were to open it on any kind of phone?
But the pdf file is fishy since it prompts with some suspicious message before opening. How to avoid this?
Does this only work on one network on even if the person is using another network and opens the pdf file?
See the most recent member-only video on how to host listeners on the Internet: th-cam.com/video/sXQCE5Ed9Xs/w-d-xo.html
Thanks you.
please I have a question
1. if the pdf file was opened on a smartphone it will be controllesd also?
What happens if you open a malicious Windows PDF on an Android device
Can you tell me how to do it with my own payload, I don’t want to have remote access just my exe to pass the Anti virus Softwares. (For ethical hacking only) We are tasked by our it school course in the realm of a project.
It doesn’t matter which exploit we use, the payload must do its job on target machine. The exploit adobe_pdf_embedded_exe doesn’t work since it’s for version 7.1 and we have version 21 at current times.
When you click that your machine showing a warning message that it could be a virus. So how to make it then it undetectable?
Where will be the renamed file stored or it just changes the original file name.
When we sending a pdf document like in the video should we wait on the Kali Linux terminal ? Or we can close our laptop then re-open Kali *imagine* 2 hours after the victim open the doc and will it work?
4:16 does this limit it to windows only?
Can I get rid of the problem by delete it or move to trash bin?
In my metasploit it says started reverse tcp handler on my IP, and that’s all, I can’t find where to go to the file
Thankyou so much sir for giving us these knowledgeable video
Do you have to click open on the Adobe pop-up?
I get stock waiting for payload creation to be complete why?
Which kit or tool we have to use for make pdf payload for Android
So if we do that how can we remove it? Can you force stop a process or something to end it ?
I got this error : Sorry. This feature is not yet supported in Windows or Metasploit was not found.
Any ideas please??
Setoolkit says it's done creating/editing the PDF but there is still no PDF anywhere. Why is this?
How to select my own payload for the injection ??
cmd "set payload " in msf console
@@ahinssu617 just name of the payload or the Payload path? I replace it at the moment when he generated the payload in his video?
Not to be bitching, because i really like your video. It's good that you inform the public about these things. Thanks! But a 6 character password you type in at sudo? Unless that's with special chars only (not in rainbow tables) it's pretty darn short.
How is the matter in Android used Termux +world list+numbers list
what to do now after I have opened such a pdf? is there a way to become secure again?
4:45 how you send pdf file on email address . Please explain
Would I be able to get a meterpreter shell on an iOS?
what happens if this pdf is opened with a browser like chrome?
What abt antivirus and windows defender scanning?
Do we need to disable them before running the downloaded file?
Loi, in this videos we have know the target IP address. How to reconaissance the IP address which the target is in internet such as using smartphone, tablet, etc. Thanks
Once we get the IP, we can run the nmap command with -O option for OS Detection
Will antivirus software be able to block hacks like this incase anyone clicks on the file
Why are you using an old version of roundcube?