00:00 - Introduction
01:00 - Start of nmap, discovering potential username convention from SSL Certificate
04:10 - Checking out the website
07:15 - Examining the request being made to download the PDF and talking about how Metadata can leak if it came from disk or the webapp
09:45 - Discovering File Disclosure in the download script
12:00 - Downloading the hMailServer configuration file, to get credentials
15:15 - Discovering the credentials work with SMTP
17:24 - Talking about the Moniker Link (CVE-2024-21413) vulnerability and sending a malicious document to Maya to get NTLM Hash
24:30 - Discovering what Maya can do, nothing interesting in the share but she can WinRM to the server
29:00 - Discovering LibreOffice 7.4.0.1 is being ran, exploiting it with CVE-2023-2255 to get a shell as admin
Support the originator by clicking the read the rest link below.
