https://stream.echo6.co/videos/watch/c89f3c11-2737-42ff-9deb-7d7d0ea42bc8 00:00 - Introduction 00:47 - Start of nmap 02:00 - Discovering the webserver is likely running Flask 03:30 - Discovering a SSRF in the request to publish books, showing we could leak the servers IPv6 Address but its not too useful here 07:30 - Using FFUF to fuzz all open ports on localhost to discover port 5000 is open which is an API Server 11:25 - Looking at the messages endpoint, which discloses a password for dev which we can SSH With 17:10 - Discovering a git directory, searching git commits for the word prod and getting another password 19:40 - The Prod user can run a python script which is using the python git library, which has an RCE CVE. We can use the Shell Extension in the URL to execute code Mon, 13 Apr 2026 09:59:32 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/c89f3c11-2737-42ff-9deb-7d7d0ea42bc8 All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.