https://stream.echo6.co/videos/watch/f849bf99-a700-4b54-96f7-9a577521b615 00:00 - Intro 00:50 - Start of the box, showing a quick way to nmap 02:15 - Looking at web page 03:00 - Looking for Drupal Scanners 04:00 - Showing how I would fingerprint opensource apps if there was no scanner 06:30 - Using DroopeScan to scan the site 07:50 - Starting to use Drupalgeddon2 to get a shell 11:40 - Installing gems so DrupalGeddon works 12:15 - Drupalgeddon2 works, going from a webshell to reverse shell 16:00 - Confused about OSError: out of pty devices when improving the shell, give up eventually 17:50 - Looking for users on the box, then hunting for the Drupal configuration 21:00 - Cannot find the drupal configuration, going to google and asking for how to change the SQL Password 22:45 - Logging into the Drupal MySQL Database then dumping the Drupal Hash but have trouble getting it to work since we don't have a TTY 29:00 - Cracking the Joomla Password, then testing the password with ssh and logging in 30:00 - Our user can install Snap Packages with sudo, so building a malicious snap 31:20 - Installing FPM which lets us build packages, building a lot of bad packages until we find one that works 36:20 - Our malicious packages aren't working, switching to a non-malicious one to test the exploit 40:16 - Having our snap attempt to grab the root flag, turns out i was just impatient before 43:43 - Moving bash to avoid system directories and setting it to setuid 45:10 - Explaining what snap is Thu, 16 Apr 2026 09:24:20 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/f849bf99-a700-4b54-96f7-9a577521b615 All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.