https://stream.echo6.co/videos/watch/ba149916-f727-42fa-94d4-81d287c4cf6e 00:00 - Intro 00:57 - Start of nmap 02:40 - Registering an account 02:55 - Enumerating valid usernames based upon error message 05:30 - Using ffuf to match regex to enumerate valid usernames 07:10 - Poking at the web applicaiton trying IDOR/SSTI and failing 08:50 - Looking at the cookie given by the application and discovering it is a Flask Session Cookie 10:45 - Trying to crack the Flask Session with Hashcat. It fails because I think the payload is too long for hashcat. 16:50 - Using Flask-Unsign to crack the session 18:45 - Using flask-unsign to forge a cookie that says we are the Blue User 22:30 - Logged into the application as Blue, get the ftp_admin password 25:10 - Unzipping the source code that came from the ftp server and using diff to compare the two versions 27:50 - Failing to exploit a command injection vulnerability in the export note function 32:40 - Going deeper in the export note function to discover it uses a node library md-to-pdf which is vulnerable to RCE 43:10 - Running LinPEAS 48:20 - Start of the Raptor Exploit, we pulled a bad version so it isn't immediately going to work for us 55:20 - Running Show Variables like '%plugin%' which will tell us where we should drop the raptor_udf library file 1:00:30 - Using a different version of raptor which has a do_system_init function, this one lets us execute code Wed, 15 Apr 2026 13:45:31 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/ba149916-f727-42fa-94d4-81d287c4cf6e All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.