https://stream.echo6.co/videos/watch/7d0616dc-0d00-4173-8d05-04ee66e2ad06 00:00 - Introduction 00:55 - Start of nmap 03:10 - Running a VHOST enumeration scan 04:00 - Discovering the Metaview application which is an image upload 04:50 - Attempting to exploit the file upload, uploading non images. 07:00 - Editing the exif metadata to put PHP tags in the image, still failing to get code execution but find XSS 09:00 - Looking for public exploits against exiftool 10:10 - Creating a malicious image with CVE-2021-22204 against ExifTool, DjVu exploit 15:00 - Reverse shell returned, examining the application 18:30 - Discovering Convert_images directory, using grep to find out if anything uses it and finding a script 20:30 - Finding the convert_images script uses an old copy of mogrify which uses image magic and has a vulnerability 21:30 - Exploiting CVE-2020-29599 in mogrify/image magic 28:50 - Our user can run neofetch with sudo, and XDG_CONFIG_HOME is preserved. Exploiting it by putting a malicious config Wed, 15 Apr 2026 11:36:30 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/7d0616dc-0d00-4173-8d05-04ee66e2ad06 All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.