00:00 - Intro
00:50 - Start of nmap and doing some recon against FTP
02:40 - Having trouble finding a release date, using WGET and examining metadata to see how old a page is
04:45 - Examining the web applicaiton
08:50 - Testing and finding the IDOR Vulnerability
10:00 - Examining the PCAP Downloaded through the IDOR Vulnerability to find FTP Creds
12:12 - SSHing into the box with the credentials from FTP
13:15 - Running LINPEAS, examining the source code of the webapp while it runs
16:45 - Going over the LINPEAS output finding python has the ability to setuid
21:40 - Using the os libary to setuid to root
23:30 - Showing off zeek which would help analyze larger pcaps
24:10 - Changing the Zeek FTP Configuration to show passwords.
Support the originator by clicking the read the rest link below.
