00:00 - Introduction shorter than normal since I did this blind
00:15- Start of nmap
01:00 - Looking at the webpage, see CIF Analyzer
02:56 - Finding an exploit script, testing out with ping and getting a ping
06:00 - Having trouble getting a reverse shell, end up curling a file
11:00 - Reverse shell returned, playing around with the shell to try and figure out what happened
17:55 - Finding another webserver listening on 8080, can't access it
18:30 - Dumping the database, finding some other credentials
21:30 - Logging in as Rosa, my host didn't allow SSH Commandline, fixing it. Can now access port 8080
24:40 - Finding an oldversion of aiohttp 3.9.1 is running, that is vulnerable to path traversal, grabbing the root ssh key
29:30 - Showing the iptables rule that blocks a specific user from sending packets
Support the originator by clicking the read the rest link below.
