https://stream.echo6.co/videos/watch/c9406c46-1b95-44a3-93d6-c7030074aca5 00:00 - Introduction 00:50 - Start of nmap 02:00 - Discovering the page is Laravel based upon cookies 05:30 - Discovering the SQL Injection in Reset Password, then running SQLMap screwing up our results because we logged out in middle of SQLMap 18:50 - Cracking the user out of admin_users 20:00 - Logging into admin.usage.htb and discovering a vulnerable Laravel Admin, which is vulnerable to PHP File Upload in the avatar 24:10 - Shell returned on the box 28:30 - Discovering we can run 7z with sudo and the Wildcard Spare Trick will let us read files Mon, 13 Apr 2026 20:43:59 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/c9406c46-1b95-44a3-93d6-c7030074aca5 All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.