01:25 - Begin of recon
02:20 - Wiresharking NMAP to identify fingerprint
05:53 - Checking the WebPage
09:15 - Finding /sync and why web browser has a 403
12:45 - Using wfuzz to find what arguments /sync takes
15:45 - The actual wfuzz command
20;30 - Finding Bad Characters with wfuzz
24:51 - Getting command execution
32:00 - Getting a reverse shell
43:40 - Privesc to root abusing custom script
#### Box Done
47:48 - Examining how NGINX/OpenResty was configured