Description

00:00 - Introduction 01:00 - Start of nmap 03:20 - Searching for vulnerabilities in Wing FTP Server 06:20 - Testing the RCE and running a command 09:30 - Weaponizing the POC to get a reverse shell 12:10 - Shell returned, grabbing the password hashes, discovering it uses a hard-coded salt and then cracking it 22:40 - Got the wacky password and can run a python script with sudo, searching for CVE's found one in tarfile 31:40 - Got our Elevated File Write working, finding safe files to get a shell, crontab did not work. But overwriting the script or sudoers.d file did work