I love this guy, great teacher, well spoken, knowledgeable and takes the time to explain things in details

Your explanation made me understand this x10 better than the official HTB tutorial. Thank you!

For 15:19, if ur gobuster version is 3.5, u'll need to add "--append-domain true" to the command for that the option is by default false. Otherwise, u won't get the subdomain name in the scan result.

Awesome walk through, thank you for this. You did a great job of breaking down the "why" that a lot of others might take for granted or skip over, it's greatly appreciated.

Your awesome. Your guides are helping me understand so MUCH MORE! I am half way through my google classes and this is well past what I’m doing right now so I’m getting lost easily. It’s so much easier listening to you than following their write ups.

Hey thank you so much for this tutorial. This box was very challenging for me especially because I'm a complete beginner and have no experience with Amazon. But your explanation on the working of the things in the backend, setting up a reverse shell made things clear. It was challenging to understand all this but hopefully I get better. Your explanation helped me understand this box so much better

Best! I understood everything,I had watched many tutorials but didn't understand a thing. Cheers

Great explanation. Finally understood this gobuster thing after I spent 2 hours of useless search. Thank u ♥️

For everyone that had the same problem as me that gobuster didn't showed the s3.thethoppers.htb subdomain. The problem comes from a change from gobuster 3.1.0 to 3.2.0. With the current version you have to include the flag --append-domain. So your command should now look like this: gobuster vhost --append-domain -u TARGET -w WORDLIST

Incredible video!! I was strugling with the parameters in the url and setting up the listener and this video really help me to understand everything, best of lucks. Hope to see you in the top channels one day!

You a G bro! Three days to figure this out and this vid was the one! Was literally 30 seconds from throwing my desktop out the window - appreciate you

This is my first htb walkthrough vid i watched. Haven’t done any of my own labs on the site yet. Very informative and well put together. Subscribing!

Me uno al resto de comentarios. Solo he visto un video y puedo decir que tu forma de explicar es una maravilla. Voy a repasar los walkthroughs que ya habia terminado con tus videos ya que añaden mucha informacion extra e incluso a veces de forma mas practica. Enhorabuena!

Great walkthrough! thank you! subscribed!

Amazing video, commenting for algo, keep it up. Its hard to find quality HTB videos and you are filling a void in the youtube market!!

This is great man . Thank you for the writeup.

This is a great video. I finally got reverse shells!

Nice walkthrough. Hope you enjoyed the box!

This one was super confusing in the walk through, thank you for this video!

man, great explanation! it was extremely helpful and you’re very talented in teaching!

Awesome video! I learned a few new methods such as your way of achieving a reverse shell :) love it!

I really like your videos, it's very helpful for me as a noob,thx.

im glad i found this video this will help me understand everything for the oscp test preparing very well explain keep up the good work👍

Thank you for actually showing the reverse shell. Tutorial was off and have a better understanding of what's going on.

Best explanation ever. I really appreciate what you are doing bro

the --open tag for nmap is clutch, thanks for sharing!

Que forma tan clara de explicar. Muchas gracias!

you're amazing, man. Thank you for sharing your knowledge about the topic

you are an outstanding explainer haha thanks so much for the walkthrough!

you've earned my sub! please do more like this.

A video that deserves million likes

Thank you so much for your videos. It's been really helpful

Thank you! Please continue making more videos.

Great explanation! However I think since we can put the php web shell to the bucket to run command on it, we can just pass the command "cat ../flag.txt" to get the flag without using reverse shell.

Hello from Russia, I love you and your videos. I watch with auto subtitles and even in this case understand your explaining. Waiting for new content 👍

Your really amazing at explaining things ❤️

Thank you i was ready to give up untill i saw your tutorial.

thanks a lot man im doing all of them and dont know how to thank you man! i wish you everything you wish, god bless you big brother. also sorry for the bad english

🥳 Very good walkthrough my friend 🖖

i always think shell and reverse shell a little bit confuse, but you make me understad better this way

you are a legend sir

the walkthrough that HTB provided didn't get me the answer, your explanation got me to the flag, thank you

Hi could someone please explain to me, why couldnt execute directly the content of shell.sh in the url instead of that curl command? Id be very glad, because it seems like an unnecessary step.

My Firefox flat out refuses to get the s3 subdomain to show up. I've added it to the etc/hosts. I discovered it in my gobuster but I just read through the walkthrough and skipped the step where I check if it's running

it's difficult to do this machine without a walkthrough

14:46 where you get a download the list seclists/ Discovery/DNS/... ?

you are so underrated.

This is an awesome tutorial! But my netcat can't pick up the command, I can't figure out the issue :(

My linux installation doesn't have a Dev/TCP directory, is there another way for me to run the reverse shell?

when i tried running that gobuster command i do not get the s3 sub domain and i have tried using different lists from the seclist repository

Hi! im having a issues with AWS, when I put the commanded in I get a error that reads "could not connect to the endpoint URL" would you know anything about this? Thanks!

That's too tough...but at last understood 😃

I had a few issues along the way, and worked through them on my own with just the papwerwork from HTB and then at the very last step couldnt figure out what I was doing incorrectly at the stage of getting the reverse shell established. - Because i have a VM with kali, and the VPN established on the host, I sort of crashed through this, and have had a hard time wrapping my head around setting up my vm to perform all this - and actually get this all done from the VM

Hi Dude, could explain for me, why we necessary web server on python? Sorry if u explain in the video, but I'm Brazil and my listening is trash. Thx for that Bro, thx for the content!

Bien explicado, se agradece.

i don't know why netcat Don't catch up the connection

After getting the listening command ID is not coming which is shown on the http window showing var/www/html $ then nothing can you help

Thank you for this walkthrough! The one in pdf on hack the box must have some errors because the python script refused to work. But I've followed your approach for the final step and everything works finally... gosh, what a tiresome machine for a "very easy" instance

you are the best thank you

very nice video. :)

Broooo..Thankyou

I can't find ifconfig tun0, do you know why?

the best

love you

Hello sir great video.. Can you make a video on htb red panda lab?

my kali has no seclists =(

Great videos! Any chance you'll be joining Odysee?

I didn't get the flag.

Big Fan bro

este comando subl no me sale

Waiting for so long . Why dont you upload regularly ?

aws cli isn't installing

i cant use comands in the url, i think its because the shell.php dont work it to me, maybe i have to write it of other way, please tell me how i can do it

i have used gobuster to find the s3 domain but i tried everything using ffuf can you tell me how to find the subdomain using fuff thanks :)

great stuff man i was stuck on this one an was waiting for you to do this video thanks again man From Aus... FollowThewhiteRabbit

Please give us more videos like this 🥲 Your explanations are just great

Found: 1 Status: 400 [Size: 306] I only get this because it should come out 03 thetoppers.htb