The CSRF Video I refer to is here: https://www.youtube.com/watch?v=d2nVD... at 42m

01:20 - Start of Recon, nmap + dump web users
03:35 - Writing Python Program to dump uers.
12:00 - Dumping Users/Group done. Now to dump PW Hints
24:00 - Python coding done.
24:57 - Examining the PW Reset Functionality, reset King (Unintended)
29:40 - Start of examining File Upload
33:37 - Finding local user + Exploiting File Upload
35:45 - Unintended Privilege Kernel Escalation (CVE-2017-16995)
----- Box Done, Rest is extra content -----
41:45 - Stealing CoolDude89's Cookie to gain Moderator Access
01:01:00 - Playing with moderator function to promote user to Admin
01:09:50 - Using Admin Permission to unmod admin and gain access to PM's
01:14:50 - Poking around the box looking for intended PrivEsc
01:22:50 - Exploiting Calc NodeJS App on Port 88
01:36:45 - Final Exploits of Calc App

VM Download: https://www.vulnhub.com/entry/trollca...