https://stream.echo6.co/videos/watch/e9f30429-f5bf-4e71-9db4-61a39881205d 00:00 - Introduction 00:50 - Start of nmap 02:00 - Website is opensource, taking a look at the source code 04:15 - The website uses js2py and the version running is vulnerable to CVE-2024-28397, which is a sandbox escape 08:00 - Shell returned on the website, dumping the SQLite database to get Marco's password 10:00 - Marco can run npbackup-cli via sudo, looking into it briefly 12:15 - Backing up and restoring the root directory Mon, 13 Apr 2026 22:51:20 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/e9f30429-f5bf-4e71-9db4-61a39881205d All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.