https://stream.echo6.co/videos/watch/542c29fb-5a66-4343-b26f-2f6892c637a3 00:00 - Introduction 01:03 - Start of nmap 02:27 - Setting Squid up to do a portscan while we work on something else 07:00 - Poking at RSYNC and seeing we can download encrypted config backups 09:40 - Examining files downloaded from RSYNC, specifically looking at entropy to validate encryption 14:30 - Finding the EncFS Config file, and then using John to Crack it 18:15 - Decrypting the config directory and finding a squid password and some hostnames 22:30 - Examining the new website exposed to us, configuring BurpSuite to use the squid proxy 24:00 - Showing the Intranet-Host header is changing, then accessing Squid Cache Manager to find some more ip addresses 26:15 - Using curl to view Squid Cache Information 28:25 - Finding a new IP Address for a decomissioned server. Looks like this one has a vulnerability 32:15 - Poking at the login form on the intranet-host1, looks like its vulnerable to SQL Injection 37:30 - Trying SQL Injection in the Password Field since the User was behaving weirdly.. Password behaving slightly differently 38:20 - Examining what XPATH Injection is 39:15 - Confirming it is XPATH Injection by using standard XPATH Payloads 44:10 - Using a XPATH Payload to extract the password length for a user 46:00 - Using XPATH Injection to bruteforce the password one character at a time 48:40 - Using Python to Automate the XPATH Injection to dump passwords 1:01:30 - Script near done, grabbing the password for all users 1:06:40 - Using Hydra to find one of the users had SSH Access 1:08:30 - Reading the TODO and finding pi-hole by checking arp with ip neigh 1:10:10 - Creating an SSH Port Forward to access Pi-Hole 1:13:55 - Finding Pi-Hole Exploits 1:15:00 - Using FFUF to bruteforce the Pi Hole login form 1:17:50 - Failing to use public exploits for this 1:19:45 - Finding a blog post to examine how this exploit works 1:21:45 - Using CyberChef to edit the payload for our Pi Hole exploit 1:23:55 - Manually sending the exploit and getting a shell 1:25:00 - Finding the root password in a config file, then using SU to get root Mon, 13 Apr 2026 23:03:21 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/542c29fb-5a66-4343-b26f-2f6892c637a3 All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.