https://stream.echo6.co/videos/watch/3d77d12d-3bc8-487c-8c26-48f48b5c7f51 00:00 - Introduction 01:00 - Start of nmap 03:30 - Discovering SQLPad 06:20 - Discovering a SSRF in SQLPad when adding connections. Sending to FFUF, use a time filter to show timeouts 10:01 - Finding the SQLPad Version (6.10.0), which has a template injection vulnerability getting a shell 14:25 - Shell returned, extracting the SQLPad database 17:45 - Cracking the shadow file of the docker container to get michaels password 21:05 - Shell as Michael, discovering headless chrome is running forwarding ports to access it 26:55 - Logging into froxlor, getting RCE as root by changing PHP-FPM Configuration 32:40 - Doing the box the intended way, getting Froxlor Cookie via XSS 44:30 - Changing the Web1 users password so we can FTP Into the box 49:00 - Cracking the Keepass database to get root ssh key Mon, 13 Apr 2026 22:54:48 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/3d77d12d-3bc8-487c-8c26-48f48b5c7f51 All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.