https://stream.echo6.co/videos/watch/766f8ee7-760e-4779-a2f6-6a17f7a09c63 00:00 - Introduction 00:50 - Start of nmap 02:45 - Using FFUF to fuzz for virtual hosts (sub domains) 05:00 - Discovering the LMS Sub Domain which hosts Chamilo, talking about enumerating versions of opensource applications 07:00 - Start of talking about pulling MD5's of every file in a .git, so we can see when a file got introduced 11:15 - The bash one-liner for searching git for an MD5 is done, looking at when the date of commit was. 12:30 - Turning our one-liner into a bash function then putting it in BashRC 15:30 - Hunting for an exploit, finding python script to see how it works. Just using curl to upload the file to make sure we understand what the python script is doing 18:25 - Shell returned, looking for the configuration, finding a user has the same password as the database password 23:15 - The MTZ User can run a bash script with sudo, looking at it and discovering it is vulnerable to symlinks 24:30 - Creating a symlink to sudoers, running sudo to give us write access, then allowing us to run sudo all 27:30 - Showing that we cannot replace SetUID Binaries because the SetUID permission gets removed when being written to by non-file owner 29:30 - Showing that cron will refuse to run tasks if the permissions are too open, modifying cron to allow us write then removing our access to get rce 33:40 - Showing we cannot edit symlinks if we cannot go into the directory the target file exists Mon, 13 Apr 2026 23:01:40 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/766f8ee7-760e-4779-a2f6-6a17f7a09c63 All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.