https://stream.echo6.co/videos/watch/d333372f-e6f8-4e18-83de-57235c262ffe 00:00 - Intro 01:15 - Begin of nmap 03:30 - Examining the Message, pointing out the endpoint does not need authentication 06:15 - Using FFUF to fuzz the API End Point and show importence of Content-Type 12:00 - Starting SQLMAP then manually fuzzing this application 14:30 - SQLite Boolean Injection, with CASE IF/THEN/ERROR 20:00 - SQLite Boolean Injection, Enumerating Usernames 24:00 - SQLite Boolean Injection, Start of Dumping Password 26:10 - SQLite Boolean Injeciton, Optimization chat about UNICODE and SUBSTR 29:40 - Start of coding out python script to dump the hash 41:20 - This hash looks weird... Tons of troubleshooting 45:12 - Explaining the issue, we are hitting the 140 character limit... Switching script up to do SUBSTR 51:55 - Script completed to dump hashes. 53:15 - Static source code analysis, find its vulnerable to Hash Length Extension Attack 59:50 - Using HashPumpy to perform the Hash Length Extension Attack 1:11:30 - We base64'd the signing portion wrong 1:13:30 - Now we have access to /admin, can use its API to read files and directories, showing Sched_debug and /proc/net/tcp,udp,environ to get important information 1:23:30 - Finding a RW SNMP Community string and then using snmp-shell to get code execution 1:29:00 - Generating a SSH Key then copying it slowly to the box 1:35:00 - Doing a Local Port Forward with the Debian-SNMP User 1:37:20 - Binary Exploitation with Note_Server: Going over Source and recompiling with ggdb flag 1:41:00 - Binary Exploitation: Setting up PwnTools so we can interact with the binary 1:46:40 - Binary Exploitation: Defeating ASLR by leaking an address 1:56:20 - Binary Exploitation: Leaking LibC and Getting Code Execution 2:05:30 - Binary Exploitation: Creating offset's for our remote server to get it working Wed, 15 Apr 2026 11:05:20 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/d333372f-e6f8-4e18-83de-57235c262ffe All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.