https://stream.echo6.co/videos/watch/8217e7dd-3fde-4edb-acbb-68754c0f5405 00:00 - Introduction 01:00 - Start of nmap 03:00 - Seeing JSESSIONID and NGINX trying the off by slash exploit to get access to /manager, doesn't work here 04:30 - Dirbusting with FFUF because the lack of 404's messed with gobuster 07:40 - Discovering the OfBiz Version, looking for exploits 09:00 - Going over the Authentication Bypass in OfBiz 12:40 - Downloading YSOSERIAL and building a Docker so we don't have to worry about Java Versions 14:30 - Building a ReverseShell Payload that works with YSOSERIAL 18:40 - Reverse shell returned! Looking at OfBiz and finding out it uses the Derby Database 22:30 - Copy the Derby Database then using IJ from Derby-Tools to dump the data 26:40 - The hash in the database is a URL Base64 Encoded, decoding it reveals it has a length of 40 which is normal for Sha1Sum. Decoding it then cracking with hashcat Fri, 17 Apr 2026 08:58:42 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/8217e7dd-3fde-4edb-acbb-68754c0f5405 All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.