No freakin' way I'd have ever figured out this box. It's scary and awesome at the same time as I am preparing for the OSCP currently. God bless me!

Learn more of of your videos than school, when I pass my OSCP I'll buy you a beer.

Your mistakes teach me even more on top of the already awesome techniques, thank you for each video.

Currently doing the OSCP, but damn this box is crazy, no way I could figure this out! Thanks for your great videos IppSec, keep it up! :)

no doubt of it, you are an absolutely talented guy!

I'd never have thought of looking at the certificate

I finally setup my john to have GPU support but it seems as though i have use the --format flag to set it to use opencl, I notice ipp does not use that flag is his john running the cpu only version or am i missing something simple?

in 2020 this is an easy HTB box based on what boxes are added nowadays

Amazing video ippsec!! Thank you for explaining this :)

I was stuck with odd length error for days and I gave up that box...damn🤦🏻‍♂️

Do you also read books i.e Art Of Exploitation PWK etc. to practise more and get better?

Thank you! I got user/root.txt. Is the OSCP like this? I have gone through about 30 of your tutorials now, and still feel like there is so much more to learn.

just found your channel :) this video is fucking amazing keep it up. loved seeing your thought process for this.

Damn.. you are a magician mate. Well done!

Is it possible to provide a structure to follow for a beginner and then we can deviate depending on enumeration and exploit , please

@ippsec really cool walkthrough for this machine. Just one thing, is there a way for me to get a shell as root on this box? It's always nice to declare you have got root once you get a root shell it. I don't know, just my opinion about it.

U do your best, Thanks

i assume these are virtual host configurations on apache?

Wait, I'm missing something here. Instead of going through all that nonsense to reverse/decrypt what encrypt.sage is doing, could you instead have just modified the encrypt.sage script to output the variable "password" before it even goes into the encryption routine since it's able to read the contents of /root/root.txt already? I never saw how the permissions structure was set up in the video I don't think.

This was very informative...

where is it configured that the proper nemonic has to be entered in the browser to get to teh proepr content? i would have thought the browser resolves the nemonic to the IP address before connecting? (which is what trying to connect with the IP address would do...only it doesn't show anything)...

If the first encrypted Orestis's post is bound to his signature, what is the encrypted admin's post bound with?

He is our Mr.ROBOT

anyone else have trouble with wpscan not working? Probably just me but it's super annoying that I can't scan the website myself.

Wow its fun to see ippsec struggle over simple stuff wow 3 year ago was a whole another area :)

Where can you get ssh2john python script?

I cant understand why you don't have tons o visits, your videos are very instructive and as a network admin who wants to change to cibersec (Red Team) and obtain the OSCP its just GOLD. I want to give you an advice: A lot of noobs as me want to learn pentesting and know the know-to's of the things, if you open a Patreon and teach this things you will have my money, and i am sure that for a lot of people too.

did anybody run the intro code... I got "ROBBIE" but he forgot one "

Ah yes. HTML is my favourite programming language to exploit WordPress

love it.. share other retired boxes dont work anymore..

Why was Robot.txt checked ?

3poulakia means 3birds in greeklish :P Nice video btw sir.

this box was 3 poylakia kathontan

can anyone tell me about "ssh kracken" what is that ?

I hate these CTF like boxes ... but great job btw. as always. :)

Doing great work :) noobs usually leave such CTFs when they can't find answer after all if they don't know the answer they don't put time in finding it, they should but once it gets too much stressful they Quit. Thanks to you they'll learn :) Keep it up make more ;)

wish me luck for the oscp journey

Hi there I herd you mention in your video if you want to learn more about cryptography to go? Trying to the part again.

hello @ippsec , yr video just cool but for noobs like me it's too much... can you recommend some other stuff i should do first to understand yr stuff.......

Is oscp as hard as this???

Thanks

Process gosting attack plz

Rip after this 💀

You could of edited the type=password to anything you want and it would show the password

From the point of ssh-ing to orestis, ippsec's voice doesn't match his actions and I was confused, refreshed the page and all but still nothing. I try to open watch this video on phone and everything is normal, BUT EVERYTHING he did while I was watching on my pc, is done differently on phone??? Plus the duration of the video on pc is 43 minutes, while on the phone 36 minutes?? Whole video is a brainfuck.

I'll use this code as for the security

You don't need to do any attack on that case for decrypting the rsa. If you have p, q and e you can easily get the private key.

Wait many comments here are from those going to get their OSCP, even I'm preparing for my OSCP in 3 - 4months from now I'm so stressed 😣😥

vim exit = :x

F*ck... i ran the code at the start and get the R then infinite loop.