Create a Reverse Shell Using a Fake MP4 File [Tutorial]

Really very good tutorial. Got to learn something new about "sudo !!". Keep posting such awesome tutorials.

HackWRLD

Wow, you're a real hacker! On 4:44 you enter the wrong ip address but it still worked!

thepianoaddict

Be cool to see this with a windows machine as the target as well. If something this simple works anyways...

RobertGallop

Earthlings blink while none earthlings don't blink you know thy self, nice tut bro

elvanmorris

U blinked 3 times under 10seconds. We cant accept you






Im sorry dont hack me lol

geertwilders

This must be from the future, considering that Mint is on v20.

Lmarca

That's quite scary, thank God for frequent security updates! Unfortunately there aren't many zero day exploits (hence the name) being published on YouTube, but that in itself is even more scary!

TheRobMozza

Nano is not for noobs... Just use what suits you best. Nice presentation btw. 🤜

Enigmatt_eu

Very select 'attack'. I wouldn't even call it one.
This is really basic and basically not working anywhere anymore, especially if you know how religiously linux desktop users update.
It's the equivalent of sending a windows shortcut file with a VB script / cmd exec.
It doesn't have to even be a video file, you can make it look like a PDF icon, or anything else.
The PDF is much more convincing and you can pad the .desktop file with garbage to give it some file size to fool more observant users.

Heck you can even make a little basic demo / game, pad your payload to the end of the launch script and send it over as part of a exclusive beta tester deal!
Works.

cybercat

COMPRESSION

I usually wince when receiving video files (MP3's etc) in compressed file formats. Seems a humous way of sending files that are generally uncompressable by their nature. Unless the "DO NOT COMPRESS" switch is used during their creation - which is helpful when sending multiple files and or password protection.

p.s. And as you know, compressing a file that is already highly compressed can actually increase its size.... blaw blaw I'm done 🤗

GREAT VIDEO as always 👍😎
Thank you
💜💙💛💚

ovalwingnut

You have to be in the same network as the user ... and it only works with a specific Linux ... pretty cool but a little underwhelming tbh 😅 great video though !!

PotaytoDestroyer

This is basically ratting, i prefer to do it on windows. Just build the client.exe file and bind it with a legit video or photo, change the extension with an extension spoofer and thats it, also crypt the file

jvcwxiz

I think this is what comes out when you try doing everything in one take

EpicGameJunkies

NULL BYTE IS BACK AFTER A LONG TIME....!!!!

hckv

It's very creative but it has to be on same network?

patdevine

It is not mp4 file, right? But desktop file

alexcricles

The tutorial mentions that Nemo is vulnerable to this attack, but at least the version on Arch Linux is NOT vulnerable (cause i tested it right now). I always have my file manager in list mode where i see the filesize though, so one would need to add a whole bunch of unnecessary data to the .desktop file to increase the filesize.

Charlie

Thanks for this - looks interesting. Would there be a way to remove the other .mp4 file entirely? Seems a little obvious that there is something wrong if there's two mp4 files both pointing to the same one.

kylo

You just look like spider man homecoming actor Tom Holland 😍

romanhossen

you know you dont need file extensions in linux, also any good blue teamer will always run file "filename" to see what type of file this is, they will see it is not a mp4 file and rm that so fast

mrmonday