https://stream.echo6.co/videos/watch/1a35e72e-c488-4631-92df-6d215f627fc1 00:00 - Introduction 01:00 - Start of nmap 04:20 - Examining Forgot Password to discover we can enumerate usernames and discover an SQL Error 05:04 - Showing why union injections aren't going to help us, then showing SQLMap 08:40 - Start of talking about error injection 11:20 - Dumping the database, table and column information from information_schema via errors caused by EXTRACTVALUE 21:50 - Logging into the website, not discovering anything really useful to us 22:30 - Testing our credentials against CACTI, which is version 1.2.26 and vulnerable to CVE-2024-25641 27:10 - Shell returned, dumping the cacti database to get more credentials 36:50 - Forwarding 8200 to us, and accessing duplicati's interface 39:00 - Discovering an auth bypass in duplicate when you have access to the database 44:50 - Backing up a crontab that has a reverse shell in it, then restoring it to the box and waiting for our shell to come Mon, 13 Apr 2026 22:50:58 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/1a35e72e-c488-4631-92df-6d215f627fc1 All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.