Hackers Abuse Zero-Day Exploit for CrushFTP

57,453

1,185 0

Published 2024-04-26

jh.live/flare || You can track down shady sellers, hunt for cybercrime, or manage threat intelligence and your exposed attack surface with Flare! Try a free trial and see what info is out there: jh.live/flare

Learn Cybersecurity - Name Your Price Training with John Hammond: nameyourpricetraining.com/
Read The Hacker Mindset by Garret Gee: jh.live/hackermindset

📧JOIN MY NEWSLETTER ➡ jh.live/email
🙏SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/discord ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subs

All Comments (21)

@mu11668B 11 days ago

I still find it funny that quite often people goes for paid products with fancy presentations and unnecessary black-box automations. We use OpenSSH sftp with Linux access control and rarely do we have to worry about random 10/10 RCEs.
@Palmit_ 11 days ago

Flare looks very interesting. however, the pricing is elite and well crafted 0-day. I ain't buyin to something even for a trial to find out it's extortionate pricing. the FREE trial is not free. They should be open with their pricing.
@dukeofwelington yesterday

John are you going to be in the people's call center this year?
@akashaki11 7 days ago

Hello @john hammond, recently my Discord was hacked by someone who used it to send phishing links in the NahamSec general discussion group. I’ve resolved the issue, but now I’m unable to rejoin your Discord. Could you please allow me back in?
@hgvhjfcjdudrsxhxj yesterday

hey i have a question Jhon, what virtual machine manager u use Vb or vmware?
@trisnguyen4625 11 days ago

Thanks for the demonstration. Very helpful !!!
@juandig 11 days ago

Flare doesn't show their pricing on their website... I hate that
@kettlestew 11 days ago

Nice "enterprise grade" software you got there.
@Napert 11 days ago

can we like calm the fuck down with all the vulnerabilities this year?
@mrdkaaa 7 days ago

24:25 "almost in a sense server side template injection sort of" Almost sort of. That's exactly what it is!
@deidara_8598 10 days ago

April has been a crazy month, so many criticals
@Rachaelshaw7 6 days ago

Hi! If you can please create a video on the brokewell malware thx 😊
@nickcarnevalino7462 10 days ago

cant stand places that have a "start free trial" button with no price given for full ver
@TheMAZZTer 11 days ago

This is nuts. It seems like they don't have a proper security model in place if it's just that easy. Also the CrushFTP desktop UI doesn't instill me with confidence lol. At least the web UI looks decent.
@BakersBuilds23 11 days ago

Great Vid!
@hamzarashid7579 10 days ago

I'm surprised that you didn't talked about Linux XZ malware.
@kintag4459 11 days ago

Thank you
@pixl_xip 11 days ago

another vulnerability this april‽‽
@Lino1259 11 days ago

Servers will get crushed, get it?
@harald4game 11 days ago

Die sitzen in ihrer Ideologieblase und sind anderem gegenüber Beratungsresistent. Selbst wenn der jemand gefragt hätte aus seiner Umgebung hätte er keine Kritik bekommenm