Man, I was struggling with the privilege escalation and now from this video I've learned something new, thank you so much Ippsec, your videos are such great educational material.

@03:00: ORS = Output Record Separator! Wtf never even heard of that! Thanks @ippsec !

the sql part of the box is arguably the most difficult bit....Thanks Ippsec for the demo, it makes much more sense now.

“This is a easy box” 😂😂 gg ippsec u are the best!

Thank you ippsec as always amazing video 💪

i was preparing for Hollywood movie but i found better one :)

When you discovered the admin_tasks.php, could you just have done command injection using the "tasks" parameter as part of the HTML request? @19:50 you might have been able to do like ?task=&& whoami or something like that?

It took way longer time in setting my own sql server to accept connections lol!

Hey there Ipp! Since your Patreon is paused due to the recent events: Is there any .way I can toss a few coins to you? I just want to thank you for the great content and all the things you've taught me so far :).

I got the reverse shell to work on my first try using pty.spawn() where you had p=subprocess.call(), so there might have been an issue with subprocess's availability (I can't test it since I don't have a subscription). pty tends to be so much more reliable on top of being easy to work with, so it's always my first choice for a shell. Also, you can use *args if you don't know how many arguments the function you're hijacking has.

this was very interesting one

Ooo the mic sounds crispy.

thanks again

I think the lazy eval() approach would work if you wrapped the content of the function in single quotes, eval() evaluates a string (and there already were double quotes somewhere). Not that the reverse shell worked anyway.

awesome video!

Had a go at this box today but unfortunately it retired while I was going at it. Foothold was such a pain, I couldn’t find anything for hours. I even checked all the images for any stego.. I ended up trying different wordlists on the /admin-dir directory and finally found that juicy file with the ftp creds. Managed to login over ftp and wanted to grab the files but the box wouldn’t let me because it got retired that instant :-(

I don't mean to be spammy, but I wrote a python script for that pentest monkey page called insta_shell. You supply the type of shell, the ip, and port and it fills out the correct syntax for you. Its on github.If anyone wants to try it, I can provide more info. Saves you the time of actually going to the website and finding the right shell to modify

how do you split the console like that, you are like a keyboard wizard with shortcuts...I have tried forever to tab out the standard parrot terminal and I cant. Additionally, I had to use terminator and right click for tabs. any help would be greatly appreciated. Love the vids

That's odd, I tried this box, but when I used nmap it showed me others ports open, like 25, and 80 was filtered

Since when did KZbin start adding two unskippable Ads???

Which linux distro are you using?

Good video. Where can we get that wordlist?

See You next week!

One question, when you got the user waldo and understood that you can execute a file with a sudo perm, you chose to get a shell, but could you just write a bash script to copy the root.txt to a new txt file in the waldo home dir? is it possible? If anyone else can answer i will appreciate it.

:)

I really enjoyed this box. I do not understand it's relatively bad rating.

Es q ell...oh boy

I really didnt like this box. It needed such a leap to run gobuster again on the utility scripts folder. and "the usual" wordlist didnt have what was required

That whole nmap "optimisation" thing at the start is totally uneccessary, nmap only runs scripts on open ports anyway

I found this program called ShellGen github.com/thejoker3000/ShellGen where you can create shells automatically. I use it sometimes and it comes in handy when I need a new shell. Someone called Th3J0k3r made it. Might want to take a look at it.

How to get so much knowledge like you

I always replace the reverse shell with "chmod +s /bin/bash" to just make /bin/bash and SUID instead of causing more egress traffic out... Hitting "bin/bash -p" then you are root... Reverse Shells are always buggy

Hi great explanation.. I know u r using parrot os .. i would like some help in tmux session.. u have ur ip address and u r running bash in zsh .. i would like to know how.. any help wil be great

I'm your admirer💋.

Fact: all great hackers are lazy, that's what makes them great