https://stream.echo6.co/videos/watch/de902cbe-993b-43a2-bfc0-48fb9bdea465 00:00 - Introduction 00:58 - Start of nmap 01:45 - Trying to identify the technology running the webapp, 404 page reveals it is likely tomcat 03:00 - Running Gobuster, then checking out the page 04:00 - Uploading an image and discovering an file disclosure vulnerability 05:15 - Talking about how File Disclosures in Java can reveal directory listings, and grabbing pom.xml 07:45 - Using Snyk to identify vulnerabilities, but first we have to install Maven 10:45 - Exploiting CVE-2022-22963 Manually 11:55 - Playing with the exploit getting a reverse shell by dropping a file on the box (easy), then doing it without touching disk 18:30 - Shell as Frank, finding a password in the .m2/settings.xml file 19:50 - Shell as Phil 22:00 - Using find to show files owned by a group and finding a /opt/automation/tasks directory with ansible stuff 24:10 - Running Pspy to identify ansible is running on a cron job and executing any playbook in the automation directory 26:30 - Creating a playbook that sends us a shell Wed, 15 Apr 2026 09:16:00 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/de902cbe-993b-43a2-bfc0-48fb9bdea465 All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.