Description
00:00 - Introduction
01:00 - Start of nmap
03:20 - Searching for vulnerabilities in Wing FTP Server
06:20 - Testing the RCE and running a command
09:30 - Weaponizing the POC to get a reverse shell
12:10 - Shell returned, grabbing the password hashes, discovering it uses a hard-coded salt and then cracking it
22:40 - Got the wacky password and can run a python script with sudo, searching for CVE's found one in tarfile
31:40 - Got our Elevated File Write working, finding safe files to get a shell, crontab did not work. But overwriting the script or sudoers.d file did work