@Jonobi_Musashi

Completed this box today with help from the video. For some reason, the PHP web shell worked initially, got deleted by the script, and then stopped working entirely when trying to reupload (very odd). Used the php-reverse-shell script in the end and it worked consistently. Haven't owned a box for a year it shows. Fumbled over everything from upgrading the shell to dropping an SSH key into dash's authorized keys. It's crazy how quickly skills/knowledge can fade when not using them frequently. Thanks for the video, it helped loads.

@Horstlicious

I really, really love that you don't edit out your mistakes! I sometimes feel so unbelievable stupid when such things happen to me, but it really helps me to see that even people with much more skill still sometimes mess up!
I messed things up on this box (but at least i learned :D):
I did not properly use sqlmap, so the whole token/cookie thing did not work, therefore I have written my own python blind sql injection script from scratch. While at it, I learned about python thread polls to pwn in parallel \o/
After extracting the admin hash, john failed to crack it and very much later I learned about mysql equals (or like) not beeing case sensitive and my script therefore extracting the hash with mixed case...
So much pain, but a lot to learn even just extracting and cracking the password!
Thanks hackthebox for providing those machines!

@AsadAli-ye8ns

I m watching your videos since 4 years and it really helps alot in understanding

@AUBCodeII

Ipp is a certified hood classic

@Brownnoise443

🤣 love how I do the first 10 parts of teir 0 on the starting point, then it directs me to machines to try, and I'm like sure why not, oh hey a very easy one......I watched 10seconds of your video and I'm lost instantly.....very easy my a** 😂 great video though

@cybSe-u7n

it wasn't due to cookie timeout, as you saved the request data at wrong file "root.out" at 10:58 , and the sqlmap ran correctly after deleting the previous result data. (i unknowingly spoke loudly when you saved it at wrong file 😩)

@nikolanojic6861

Awesome ase per usual thanks for the vids !

@vjohnkunju

Awesome 👍

@SyBlast

Why is TTL important when running an nmap? Like I’m guessing you do it because you ran into an issue in the past that could’ve been avoided if you used the double verbose command. Just curious. Hoping you see this lol

@alanbusque6645

Thank you!

@StevenHokins

Nice one

@shazinct2200

Can you do a video about that hashcat box How i cam build my own???

@wire_surfer

10:48 RIP cookie :(

@tg7943

Push!

@colloqy

always good to watch these videos because i did end up rooting it but i did get stuck on the raw symlink not working (however creating a symlink to just, all of /root works) and now i know why ^_^

@bhag47

Does anyone got this error from sql map after saving request into a file and use that is "unable to find http header" anyone?

@0xYouTube

☹️slove hard and insane machine with guided mode

@sado_21a

:D

@Hexaphp

The easiest ctf in my whole life  i saw it

@AUBCodeII

Ipp doesn't like me anymore :(