https://stream.echo6.co/videos/watch/92daf206-6fd9-483f-a231-c3126258d8ff 00:00 - Introduction 01:00 - Start of nmap, attempting to login with FTP then going to the website 02:45 - Running WPScan with enumerate all plugins in aggressive mode 04:00 - Taking a look at the site while WPScan runs and finding a plugin (BookingPress-Appointment-Booking) and finding an exploit 06:15 - Replacing the NONCE in the exploit to get it working 09:00 - Using SQLMap to dump everything, while we attempt to get only the data we think we are interested in. 11:00 - Manually dumping the WP_USERS table with the SQL Injection 13:25 - Cracking the wordpress hashes to get a user credential 16:57 - EDIT: Playing with SQLMap to get it to dump this database 23:30 - Searching for Wordpress 5.6.2 exploits, discovering an XXE in WAV Files 25:20 - Using the XXE to exfil files off the webserver 30:20 - Discovering FTP Credentials in the WP Config, logging into the FTP Server and finding SSH Credentials 32:40 - Logging in as JNelson and seeing PassPie, which is a CLI Password Manager that uses PGP/GPG Keys 34:30 - Cracking to PGP/GPG Key with John and getting root Wed, 15 Apr 2026 17:19:38 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/92daf206-6fd9-483f-a231-c3126258d8ff All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.