https://stream.echo6.co/videos/watch/1572a0bc-7da6-4b36-89a8-001a60ef09d9 00:00 - Introduction 00:50 - Start of nmap 02:00 - Taking look at the web application and fingerprinting the framework 03:50 - Using Jadx to decompile the APK File, then using grep to look for domains and discovering swagger 08:15 - Looking at the source code of the APK File and finding a hard-coded secret that allows us to make API Requests 10:30 - Finding a File Disclosure vulnerability in the Read Log functionality, grabbing a ssh key and logging in 14:30 - Looking at how apache is configured, which will show us where the webapp is. Then dumping the database 19:30 - Using Hashcat to crack Werkzeug hashes 23:00 - Taking a look at Solar-Putty in /opt/backups and cracking its config file Mon, 13 Apr 2026 22:57:39 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/1572a0bc-7da6-4b36-89a8-001a60ef09d9 All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.