*Note: RationalLove was patched after I did this box. So mistakenly thought it was still vulnerable. Enjoy the fails/confusion!
01:15 - Begin of Recon
04:25 - Bruteforcing valid users
11:15 - Manually finding SQL Injection
13:13 - Using --string with SQLMap to aid Boolean Detection
15:41 - PHP Type Confusion ( == vs === with 0e12345) [Type Juggling]
18:35 - Attempting Wget Exploit with FTP Redirection (failed)
26:39 - Exploiting wget's maximum file length
33:30 - Reverse Shell Returned
36:19 - Linux Priv Checking Enum
41:00 - Checking web crap for passwords
44:00 - Grabbing the screenshot of tty
49:00 - Privesc via Yossi being in Disk Group (debugfs)
50:15 - Grabbing ssh root key off /dev/sda1
52:15 - Attempting RationLove (Fails, apparently machine got patched so notes were wrong /troll)
01:07:42 - Manually exploiting the SQL Injection! with Python