https://stream.echo6.co/videos/watch/3f48ce53-27a2-45e0-994b-8b076b002e88 00:00 - Introduction 01:05 - Start of nmap 05:00 - Discovering the internal.analysis.htb subdomain 07:55 - Talking about why I want to run FeroxBuster here and showing the menu so we can stop crawling non-interesting directories (ex: js, css, img) 13:30 - Discovering list.php in users and fuzzing parameters 16:40 - Start of program to bruteforce usernames 21:55 - Got the first character of every username, get the full name 29:00 - Discovering the script it vulnerable to LDAP Injection 31:50 - Converting our ldap username bruteforcer to exploit this ldap injection and exfil fields 41:00 - Talking about having to deal with wildcards in the field 50:10 - Completing the script 55:50 - Discovering we can upload PHP Scripts using the SOC Report page 1:00:30 - Reverse shell returned 1:01:45 - Creating a PHP Script to dump the database, we could pivot with chisel but we've done that 100 times before 1:09:00 - Discovering Snort runs every 2 minutes, talking abou tthe DynamicProcessor and how if we can upload a DLL we can get RCE as Admin 1:19:10 - Getting JDOE's password from HTTP Access Logs and the registry Wed, 15 Apr 2026 09:27:45 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/3f48ce53-27a2-45e0-994b-8b076b002e88 All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.