00:45 - Begin of NMAP
03:00 - GoBuster (Fails)
08:15 - Screw GoBuster, BurpSpider FTW
09:12 - Examing Routes File to find more pages
10:10 - Finding Credentials and downloading backup
14:45 - Cracking the zip with fcrackzip
16:45 - Finding more credentials (SSH) within MongoSource
21:50 - Privesc to Tom User
35:04 - Analyzing Backup Binary File
36:49 - Using strace to find binary password
40:25 - Finding blacklisted characters/words
50:00 - Unintended method one, abusing CWD
52:20 - Unintended method two, wildcards to bypass blacklist
54:45 - Unintended method three, command injection via new line
59:15 - Intended root Buffer Overflow ASLR Brute Force

If you want to see more detail on the ret2libc check out October: https://www.youtube.com/watch?v=K05mJ...