https://stream.echo6.co/videos/watch/9d9fba96-f721-42f1-bde6-62fc74624b7d 00:00 - Introduction 00:31 - Begin of nmap 01:10 - Nmap shows it is BSD, going over some command differences 02:00 - Running GoBuster to find other PHP Scripts 04:30 - Looking at the includes directory and finding source code 10:14 - Reversing the Check_Auth binary with Ghidra, to see it doesn't decompile well 12:00 - Using VirusTotal to find out if this an old binary 13:20 - Using Cutter to decompile this binary, to see it does a better job than Ghidra! 17:50 - Finding some BSD Exploits related to authentication 20:00 - Putting SCHALLENGE as the username, causes a different error message. Then doing some code analysis around $_REQUEST 24:50 - Abusing the $_REQUEST() feature to overwrite the username file with a valid user and grab their SSH Key 26:10 - Showing how OpenBSD has some different command line switches 31:00 - Going back to the earlier CVE, since it showed a privesc aswell and explaining CVE-2019-19520 40:45 - EXTRA: Looking at the PHP Code to explain the $_REQUEST exploit again Mon, 13 Apr 2026 20:43:40 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/9d9fba96-f721-42f1-bde6-62fc74624b7d All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.