https://stream.echo6.co/videos/watch/b5c9c3c0-819a-4f9d-bbd2-a613b1e1c2e9 00:00 - Introduction 01:00 - Start of nmap 04:30 - Examining the Change Password functionality 06:20 - Discovering XSS In the Contact Form 11:15 - Building an XSS Cradle that manipulates the DOM to load an external JS file 18:35 - Creating an XSS that will send interact with the webchat and exfil messages back to us 26:30 - Discovering a new subdomain from the Online Chat 30:15 - Showing why we could not use Script SRC with our XSS Attack and why we used the DOM Technique 37:34 - Looking at the Git Auto Report Generating and discovering it uses simple-git v3.14 which has an RCE Vulnerability 44:40 - Shell on the box, dumping the mongo database 52:00 - Shell as Frank_Dorky 52:30 - Looking at the services running on the box to enumerate what each port is 55:30 - Showing bad permissions on the LibreNMS Directory which allows us to read and execute files in /opt/librenms 59:30 - Using the Templates in LibreNMS to get code execution 01:04:00 - Showing the intended way to exploit LibreNMS which is using a malicious SNMP Trap to attack an admin via XSS 1:17:30 - Exploiting the OpenOffice network port Wed, 15 Apr 2026 13:57:29 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/b5c9c3c0-819a-4f9d-bbd2-a613b1e1c2e9 All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.