https://stream.echo6.co/videos/watch/804ff495-5bbe-4aa9-b7ac-042590a596a6 00:00 - Introduciton 00:50 - Start of nmap, navigating to the page and identifying the framework based upon 404 02:30 - Playing around looking at javascript source, not getting anything 04:30 - Playing around with prd.m.rengering-api.interface.htb... I'm guessing file not found is the webserver, not actual code. 07:40 - Showing the difficulty of dirbusting API Servers 11:20 - Showing importance of updating FeroxBuster 15:00 - Playing with the HTML2PDF endpoint and discovering we need to send a POST with HTML as an argument 18:20 - The PDF Generated has dompdf 1.2.0 in the exif data searching for exploits 20:40 - Researching how CVE-2022-28368 works, then manually exploiting the vulnerabiltiy 28:50 - The CSS/Font is created, running the exploit and finding where the Font (PHP File) gets uploaded to 34:30 - Reverse shell returned 38:15 - Uploading pspy to examine how the box cleans itself up 40:20 - Discovering and exploiting Bash Arithmetic Injection Wed, 15 Apr 2026 11:43:01 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/804ff495-5bbe-4aa9-b7ac-042590a596a6 All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.