https://stream.echo6.co/videos/watch/f9983df5-e701-47e5-b151-fbf116bf8d70 00:00 - Introduction 01:00 - Start of nmap, discovering potential username convention from SSL Certificate 04:10 - Checking out the website 07:15 - Examining the request being made to download the PDF and talking about how Metadata can leak if it came from disk or the webapp 09:45 - Discovering File Disclosure in the download script 12:00 - Downloading the hMailServer configuration file, to get credentials 15:15 - Discovering the credentials work with SMTP 17:24 - Talking about the Moniker Link (CVE-2024-21413) vulnerability and sending a malicious document to Maya to get NTLM Hash 24:30 - Discovering what Maya can do, nothing interesting in the share but she can WinRM to the server 29:00 - Discovering LibreOffice 7.4.0.1 is being ran, exploiting it with CVE-2023-2255 to get a shell as admin Mon, 13 Apr 2026 13:14:51 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/f9983df5-e701-47e5-b151-fbf116bf8d70 All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.