41:38 is designed that way If the first character of the file name is ‘|’, the remainder of the argument is interpreted as a shell command. tnftp then forks a shell, using popen(3) with the argument supplied, and reads (writes) from the stdout (stdin). If the shell command includes spaces, the argument must be quoted; e.g. ‘"| ls -lt"’. A particularly useful example of this mechanism is: ‘dir "" |more’.

This one was so awesome. Loved all the different tricks.

You forgot to talk about incrontab at the end of the video. Thanks for the video !

sheer brilliancy, loved it :)

An good amount of trickery in this one! Thanks for the entertainment!

you were going to talk about that file that was like crontab. I cant remember what it was called, but you found it in the linpeas output.

Nice one, thanks you bruh

Awesome box and awesome walkthrough

Amazing as always :)

1st. Will watch the video later 🙏😀

This is very informative. 👍

its a talk about incrotab anyways nice vid again thank u

Amazing video, how and where did you learn all these things ? I find it hard to go on hack the box, scares the hell out of me..lol

Thank you, IppSec 👍

Nice video ippsec

thanks for everything. I see you as my master. I want to ask do you update oscp playlist?

Hey man a stupid question lol , how old are u if u don’t mind asking

Please do videos of pentesting other systems like mainframes and cloud environments

please try fingerprint box next. i've been stuck from when it has been released

please do fingerprint box next. ive been stuck from when it has been released

I have download this video watch in night