For 15:19, if ur gobuster version is 3.5, u'll need to add "--append-domain true" to the command for that the option is by default false. Otherwise, u won't get the subdomain name in the scan result.
Your awesome. Your guides are helping me understand so MUCH MORE! I am half way through my google classes and this is well past what I’m doing right now so I’m getting lost easily. It’s so much easier listening to you than following their write ups.
Awesome walk through, thank you for this. You did a great job of breaking down the "why" that a lot of others might take for granted or skip over, it's greatly appreciated.
Incredible video!! I was strugling with the parameters in the url and setting up the listener and this video really help me to understand everything, best of lucks. Hope to see you in the top channels one day!
Hey thank you so much for this tutorial. This box was very challenging for me especially because I'm a complete beginner and have no experience with Amazon. But your explanation on the working of the things in the backend, setting up a reverse shell made things clear. It was challenging to understand all this but hopefully I get better. Your explanation helped me understand this box so much better
Me uno al resto de comentarios. Solo he visto un video y puedo decir que tu forma de explicar es una maravilla. Voy a repasar los walkthroughs que ya habia terminado con tus videos ya que añaden mucha informacion extra e incluso a veces de forma mas practica. Enhorabuena!
For everyone that had the same problem as me that gobuster didn't showed the s3.thethoppers.htb subdomain. The problem comes from a change from gobuster 3.1.0 to 3.2.0. With the current version you have to include the flag --append-domain. So your command should now look like this: gobuster vhost --append-domain -u TARGET -w WORDLIST
Great explanation! However I think since we can put the php web shell to the bucket to run command on it, we can just pass the command "cat ../flag.txt" to get the flag without using reverse shell.
Yep you technically can! However it’s basically always best practice to escalate to a rev shell because it gives us an interactive session with the host and in a real world scenario you’d always want to try to take it a step further to see if you can fully compromise (privilege escalate) a server from an initial foothold! And you need an interactive session to do so! :)
Hi could someone please explain to me, why couldnt execute directly the content of shell.sh in the url instead of that curl command? Id be very glad, because it seems like an unnecessary step.
thanks a lot man im doing all of them and dont know how to thank you man! i wish you everything you wish, god bless you big brother. also sorry for the bad english
My Firefox flat out refuses to get the s3 subdomain to show up. I've added it to the etc/hosts. I discovered it in my gobuster but I just read through the walkthrough and skipped the step where I check if it's running
Hi! im having a issues with AWS, when I put the commanded in I get a error that reads "could not connect to the endpoint URL" would you know anything about this? Thanks!
Thank you for this walkthrough! The one in pdf on hack the box must have some errors because the python script refused to work. But I've followed your approach for the final step and everything works finally... gosh, what a tiresome machine for a "very easy" instance
I had a few issues along the way, and worked through them on my own with just the papwerwork from HTB and then at the very last step couldnt figure out what I was doing incorrectly at the stage of getting the reverse shell established. - Because i have a VM with kali, and the VPN established on the host, I sort of crashed through this, and have had a hard time wrapping my head around setting up my vm to perform all this - and actually get this all done from the VM
Hi Dude, could explain for me, why we necessary web server on python? Sorry if u explain in the video, but I'm Brazil and my listening is trash. Thx for that Bro, thx for the content!
i cant use comands in the url, i think its because the shell.php dont work it to me, maybe i have to write it of other way, please tell me how i can do it
Sorry for such a long wait! I was moving into a new apartment and it took me a while to get everything sorted out. I’m going to try to upload a lot more regularly now!
I love this guy, great teacher, well spoken, knowledgeable and takes the time to explain things in details
Your explanation made me understand this x10 better than the official HTB tutorial. Thank you!
Couldn't agree more! Keep up the good work @FindingUrPasswd!!!
For 15:19, if ur gobuster version is 3.5, u'll need to add "--append-domain true" to the command for that the option is by default false. Otherwise, u won't get the subdomain name in the scan result.
Thank you 🙏
Thank you, and Yes for gobuster version above 3.1 we need to use the option --append-domain to view sub domain
thanks you that wa the same issue l was having appreaciate your help
great job! Thanks
Merci
Your awesome. Your guides are helping me understand so MUCH MORE! I am half way through my google classes and this is well past what I’m doing right now so I’m getting lost easily. It’s so much easier listening to you than following their write ups.
Awesome walk through, thank you for this. You did a great job of breaking down the "why" that a lot of others might take for granted or skip over, it's greatly appreciated.
Best! I understood everything,I had watched many tutorials but didn't understand a thing. Cheers
Great explanation. Finally understood this gobuster thing after I spent 2 hours of useless search. Thank u ♥️
Incredible video!! I was strugling with the parameters in the url and setting up the listener and this video really help me to understand everything, best of lucks. Hope to see you in the top channels one day!
Hey thank you so much for this tutorial. This box was very challenging for me especially because I'm a complete beginner and have no experience with Amazon.
But your explanation on the working of the things in the backend, setting up a reverse shell made things clear. It was challenging to understand all this but hopefully I get better. Your explanation helped me understand this box so much better
This one was super confusing in the walk through, thank you for this video!
This is great man . Thank you for the writeup.
Nice walkthrough. Hope you enjoyed the box!
Great walkthrough! thank you! subscribed!
This is a great video. I finally got reverse shells!
Me uno al resto de comentarios. Solo he visto un video y puedo decir que tu forma de explicar es una maravilla. Voy a repasar los walkthroughs que ya habia terminado con tus videos ya que añaden mucha informacion extra e incluso a veces de forma mas practica. Enhorabuena!
You a G bro! Three days to figure this out and this vid was the one! Was literally 30 seconds from throwing my desktop out the window - appreciate you
A video that deserves million likes
For everyone that had the same problem as me that gobuster didn't showed the s3.thethoppers.htb subdomain.
The problem comes from a change from gobuster 3.1.0 to 3.2.0. With the current version you have to include the flag --append-domain.
So your command should now look like this:
gobuster vhost --append-domain -u TARGET -w WORDLIST
There's 2 dashes before append-domain, for those that couldn't see the space :-)
you win the internet today :D
My respects sir
thank you sir
Taz you a real one
Thank you for actually showing the reverse shell. Tutorial was off and have a better understanding of what's going on.
Amazing video, commenting for algo, keep it up. Its hard to find quality HTB videos and you are filling a void in the youtube market!!
This is my first htb walkthrough vid i watched. Haven’t done any of my own labs on the site yet. Very informative and well put together. Subscribing!
Great explanation! However I think since we can put the php web shell to the bucket to run command on it, we can just pass the command "cat ../flag.txt" to get the flag without using reverse shell.
Yep you technically can! However it’s basically always best practice to escalate to a rev shell because it gives us an interactive session with the host and in a real world scenario you’d always want to try to take it a step further to see if you can fully compromise (privilege escalate) a server from an initial foothold! And you need an interactive session to do so! :)
Best explanation ever. I really appreciate what you are doing bro
I really like your videos, it's very helpful for me as a noob,thx.
the --open tag for nmap is clutch, thanks for sharing!
man, great explanation! it was extremely helpful and you’re very talented in teaching!
Awesome video! I learned a few new methods such as your way of achieving a reverse shell :) love it!
im glad i found this video this will help me understand everything for the oscp test preparing very well explain keep up the good work👍
Thank you i was ready to give up untill i saw your tutorial.
Que forma tan clara de explicar. Muchas gracias!
Thank you! Please continue making more videos.
Absolutely! The next one is already in progress
you've earned my sub! please do more like this.
i always think shell and reverse shell a little bit confuse, but you make me understad better this way
you're amazing, man. Thank you for sharing your knowledge about the topic
it's difficult to do this machine without a walkthrough
you are an outstanding explainer haha thanks so much for the walkthrough!
Hello from Russia, I love you and your videos. I watch with auto subtitles and even in this case understand your explaining. Waiting for new content 👍
Your really amazing at explaining things ❤️
Thank you ❤️
🥳 Very good walkthrough my friend 🖖
Thank you so much for your videos. It's been really helpful
Absolutely! I’m glad they’ve been able to help out 😄
you are a legend sir
you are so underrated.
the walkthrough that HTB provided didn't get me the answer, your explanation got me to the flag, thank you
Hi could someone please explain to me, why couldnt execute directly the content of shell.sh in the url instead of that curl command? Id be very glad, because it seems like an unnecessary step.
thanks a lot man im doing all of them and dont know how to thank you man! i wish you everything you wish, god bless you big brother. also sorry for the bad english
no worries! The english is awesome! Glad you like the video :)
That's too tough...but at last understood 😃
My Firefox flat out refuses to get the s3 subdomain to show up. I've added it to the etc/hosts. I discovered it in my gobuster but I just read through the walkthrough and skipped the step where I check if it's running
My linux installation doesn't have a Dev/TCP directory, is there another way for me to run the reverse shell?
Hi!
im having a issues with AWS, when I put the commanded in I get a error that reads "could not connect to the endpoint URL" would you know anything about this? Thanks!
did you figure this out im experiencing this same issue
@@infiniteformless hey! I did. I had to reboot the box and that seemed to fix it. Hope you figure it out!
Bien explicado, se agradece.
Thank you for this walkthrough! The one in pdf on hack the box must have some errors because the python script refused to work. But I've followed your approach for the final step and everything works finally... gosh, what a tiresome machine for a "very easy" instance
After getting the listening command ID is not coming which is shown on the http window showing var/www/html $ then nothing can you help
I had a few issues along the way, and worked through them on my own with just the papwerwork from HTB and then at the very last step couldnt figure out what I was doing incorrectly at the stage of getting the reverse shell established. - Because i have a VM with kali, and the VPN established on the host, I sort of crashed through this, and have had a hard time wrapping my head around setting up my vm to perform all this - and actually get this all done from the VM
14:46 where you get a download the list seclists/ Discovery/DNS/... ?
Hi Dude, could explain for me, why we necessary web server on python? Sorry if u explain in the video, but I'm Brazil and my listening is trash. Thx for that Bro, thx for the content!
you are the best thank you
when i tried running that gobuster command i do not get the s3 sub domain and i have tried using different lists from the seclist repository
I am having the same issue. Have you found a resolution
I figured it out use the - - append-domain hope this helps
Try adding -append-domain
I can't find ifconfig tun0, do you know why?
the best
i don't know why netcat Don't catch up the connection
love you
very nice video. :)
Great videos! Any chance you'll be joining Odysee?
Broooo..Thankyou
Big Fan bro
thanks for the support! :)
Hello sir great video.. Can you make a video on htb red panda lab?
👀👀
my kali has no seclists =(
I didn't get the flag.
i cant use comands in the url, i think its because the shell.php dont work it to me, maybe i have to write it of other way, please tell me how i can do it
este comando subl no me sale
Waiting for so long . Why dont you upload regularly ?
Sorry for such a long wait! I was moving into a new apartment and it took me a while to get everything sorted out. I’m going to try to upload a lot more regularly now!
leaving my mark at subs:4.48K
aws cli isn't installing
What is the error you’re getting?
@@FindingUrPasswd can I send an email with a screenshot? Or on twitter?
@@FindingUrPasswd I’ve solved it. Thanks
i have used gobuster to find the s3 domain but i tried everything using ffuf can you tell me how to find the subdomain using fuff thanks :)
Please give us more videos like this 🥲 Your explanations are just great
great stuff man i was stuck on this one an was waiting for you to do this video thanks again man From Aus... FollowThewhiteRabbit
Found: 1 Status: 400 [Size: 306] I only get this because it should come out 03 thetoppers.htb