https://stream.echo6.co/videos/watch/a90fe001-62d1-49b7-bdf8-362fc18dcfa0 00:00 - Intro 00:55 - Start of nmap 01:45 - Checking out what version of Centos is running 03:20 - Running Feroxbuster and GoBuster 04:40 - Noticing a X-Backend-SErver header that leaks the virtual host Office.Paper 05:00 - Showing my favorite nmap script Banner-Plus 06:45 - Office.Paper is wordpress, running wp-scan 10:15 - Discovering a vulnerability that lets us read posts that are in drafts, finding a Rocket Chat Server 13:10 - Discovering a Rocker Chat Bot finding an LFI and getting a password which we can use to ssh 17:30 - Looking at the ps output of the server to see who the bot runs as 19:30 - Running LinPEAS 20:55 - Finding out it is vulnerable to CVE-2021-3560 Polkit Privilege Escalation 22:08 - Running the polkit exploit and creating a secnigma user Wed, 15 Apr 2026 09:27:20 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/a90fe001-62d1-49b7-bdf8-362fc18dcfa0 All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.