Here are some additional notes I think are important: 1. When running pspy, observe the timestamps. After each minute that passes, you will see the 'curl' command being run as indicated by the output of pspy. It will keep popping up in the output of pspy every minute. This is how we know that the 'curl' command is running every minute. 2. If you are having trouble with reading the root.txt file with the 'cat' command, use either the 'strings' command or 'less' command. The commands "strings root.txt" and "less root.txt" worked for me. Alternatively, you can copy the root.txt file to the '/tmp' directory and then do "cat root.txt" on the root.txt file which you copied to the '/tmp' directory. 3. At 27:47, observe that 'UID=0', which indicates the process is running as root. 4. mKingdom is rated as 'Easy' and not 'Medium', although in my view the 'Medium' rating is more appropriate.

Thanks a lot,you have a great talent as a teacher,keeo up!

Legend!!!!

Fire video my guy keep up the good work!

If you are using Nmap and dont know what FTP ist, you should stop using Nmap and do something else.

Great video again! Already commented on how I enjoyed going along with your thought process on another video, but this is next-level ! I can't stress how useful these videos are for me, thank you !

Another one!

Brilliant,appreciation,very clear and consise

Good luck on your journey, success

Great video, it is nice to hear your thought process out loud, it truly helps more than you know. Thank you

I usually don't comment videos but yours have been very helpful for me in my learning process ever since I discovered them. Do you write anywhere about these boxes or other things that one can learn? If you had a blog or something similar I'd read it 100% Greetings

An important clarification: Around 13:00, when I say that the user accounts of customers or their companies are a part of the attack surface, I mean from the perspective of the malicious actor and an objective view of the attack surface. In a real engagement, client consent and valid legal agreements MUST be made. Personal accounts of employees or other businesses that did not consent to the penetration test would not be in-scope, and therefore must not be attacked. Only if there is a valid legal agreement can a penetration test proceed, and only those defined parameters which are consented to can be attacked. Furthermore, some attacks may be out-of-scope as well (like a denial-of-service attack for example). But a malicious actor does not care and, from an objective point-of-view, the information could be used to expand the attack surface. That is the point I was aiming to convey and should have clarified. So in a real-world engagement it can help to convey the possibilities to the client even if we are not attacking/exploiting those extra areas of the attack surface. From the perspective of, say, someone who is in it for political motives or financial gain, they will use whatever information and means they can find to exploit people or businesses. Of course, malicious actors don't care about the law so it doesn't matter to them. In this case there are no user accounts, but what if there were? What information is given that could extend a malicious actor's attack surface? These are important questions, in my respectful view at least. I make this clarification because it is necessary for us to recognize the precise boundaries of a penetration test and that we always stay within the confines of the law.

Great video, keep them coming!

You inspire me to start my own content… Great stuff 💯

Keep doing what you're doing you will come out on top buddy i am in process of also doing same type of yt channel i nerd out on anything cyber security

Like the videos just stumbled upon your yt ive been learning/studying/practicing for a couple years now i have built-up a passion for cyber security i never comment on peoples videos but because your new still i kno you will see and probly respond to my comment i like what your doing keep it up planning on starting my own channel my self

Im loving this series, keep going my friend!

Just getting into pen testing. Informative video, liked how you explained some flags. Watched it at 2x speed, should fix the squeeky mouse.

Amazing video - the explanation / post-box talk through is golden! Thank you

Hey man, im very new to this but this video is pretty helpful!

At around 9:10 and 9:30 in the video, you will see a 401 unauthorized, which is in contrast to the 403 access denied we saw with the admin:admin credentials. I think you get the 401 unauthorized when you press "Cancel" where you're asked to sign-in. You can also see the default credentials in this 401 unauthorized page just as we saw in the 403 access denied page. It may not matter much for this particular box, but observing the different outputs we get, regardless of how small those differences may seem, is important because there may be something there for us. I hope that helps! :D

Love how your mouse wheel squeeks lol

I forgot to demonstrate the anonymous FTP login. To do that, input the following command: ftp [insert target IP address here]. Then, when prompted for a username type in the following: anonymous. Press enter. Then, when prompted for a password, do not supply a password and simply press enter. You will then be logged in. Run the following command once in: ls -la. You will find that nothing of interest appears in the output, and therefore another path must be tried (like finding public exploits as I showed in this video.) Type the following command to exit out of FTP: exit.

Hey everyone, I'll be sure to zoom in on the terminal next time so the text can be more easily readable. You'll have to full screen the video to properly see it. Thanks!