https://stream.echo6.co/videos/watch/cdf7a2eb-c313-4d00-9759-b3d8a9e0a421 00:00 - Introduction 01:00 - Start of nmap 03:20 - Enumerating the Link_Share for Directory Traversal, coming up with nothing 05:10 - Discovering XSS in the Contact Us Form 07:30 - Playing with the XSS, we keep getting extra URL Encoded data turns out its not XSS but instead the admin is clicking links 10:50 - Sending only a link, discovering they click it. Now we need to find XSS in a page so manipulate their browser. Playing with the Markdown converter 13:45 - Creating an XSS Payload that will navigate to a page and send us the page and discovering a messages page 22:30 - The page shows us there is a messages.php file, showing other ways to see this. Then finding a file disclosure vulnerability 30:00 - Downloading the HTPASSWD from our File Disclosure vulnerability, then cracking it 34:14 - SSH into the box as Albert, looking for any databases we can exfil 37:55 - Discovering there is a PHP Webserver running as root in /opt/website-monitor and we can write files to the config. Dropping a php script to get root Wed, 15 Apr 2026 09:43:32 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/cdf7a2eb-c313-4d00-9759-b3d8a9e0a421 All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.