https://stream.echo6.co/videos/watch/f761fb9e-3481-4fbe-aec0-a50d0cb82395 00:00 - Introduction shorter than normal since I did this blind 00:15- Start of nmap 01:00 - Looking at the webpage, see CIF Analyzer 02:56 - Finding an exploit script, testing out with ping and getting a ping 06:00 - Having trouble getting a reverse shell, end up curling a file 11:00 - Reverse shell returned, playing around with the shell to try and figure out what happened 17:55 - Finding another webserver listening on 8080, can't access it 18:30 - Dumping the database, finding some other credentials 21:30 - Logging in as Rosa, my host didn't allow SSH Commandline, fixing it. Can now access port 8080 24:40 - Finding an oldversion of aiohttp 3.9.1 is running, that is vulnerable to path traversal, grabbing the root ssh key 29:30 - Showing the iptables rule that blocks a specific user from sending packets Wed, 15 Apr 2026 09:27:19 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/f761fb9e-3481-4fbe-aec0-a50d0cb82395 All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.