https://stream.echo6.co/videos/watch/ca617263-6bcc-4279-aa8f-8b792d8f269f 00:00 - Introduction 00:50 - Start of nmap 02:50 - Discovering the Weighted Grade Calculator which we will exploit 04:50 - Using FFUF to enumerate all bad characters and discovering we can't send any symbols 07:10 - Quick bash one liner with JQ to URL Encode each line of our wordlist 09:30 - Discovering a New Line character breaks the search for Bad Characters, then getting a shell on the box 14:40 - Shell returned, looking at the source code and seeing the "Bad Character" filter was really a regex whitelist 18:50 - Discovering mail that says the password format in the database 21:50 - Using hashcat Bruteforce mode to crack the password Wed, 15 Apr 2026 09:48:03 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/ca617263-6bcc-4279-aa8f-8b792d8f269f All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.