https://stream.echo6.co/videos/watch/bd3a81fe-b957-4fca-ad83-30f54c555b2d 00:00 - Introduction 01:00 - Start of nmap 03:00 - Showing the Shop Subdomain via ffuf 04:45 - Performing a gobuster attack, need to update the user agent because everything returns 403 at first (WAF) 07:30 - Discover .git, then running git-dumper to download the .git directory and discover the unique admin directory 09:47 - Discovering Prestashop 8.1.5 which is vulnerable to CVE-2024-34716, downloading and running the XSS/CSRF Exploit 16:00 - Finding the Prestashop configuration file, dumping password hashes, use information_schema table to identify tables that contain the column password 22:30 - Cracked James password, ssh into the box, forward a port and discover a new web application ChangeDetection 28:10 - Building a SSTI Payload for CVE-2024-32651 in ChangeDetection to get a shell on docke 36:36 - Discovering the Datastore directory in the docker container, it has backup files compressed with Brotli, downloading and decompressing 39:50 - Discovering Adam's password, who can sudo with PrusaSlicer, finding a RCE in it 46:25 - Changing the filename of PrusaSlicer, then getting a root shell Wed, 15 Apr 2026 09:27:34 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/bd3a81fe-b957-4fca-ad83-30f54c555b2d All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.