01:26 - Start of Recon
03:25 - Notice SSH configured for Pub Key Only. Hint at what to grab later!
03:50 - Grabbing test.txt off ftp server via anonymous auth
04:07 - Determining if I want to go down the "Exploit VSFTPD" rabbit hole
05:54 - Viewing test.txt and hosts.php
06:48 - Figuring out how hosts.php works and discovering XXE
08:58 - Start of XXE Discovery
10:16 - Making the XXE Output /etc/passwd
11:33 - Encoding output in Base64 in order to view PHP Files
12:58 - Using Burp Intruder to BruteForce Files
16:20 - Creating a program to bruteforce home directories
26:41 - Program Finished. Finding SSH ID_RSA Key
28:15 - Low Priv Access Granted
30:24 - LinEnum.sh shows Wordpress CHMOD'd to 777
31:05 - Examining Wordpress Site (big hint left by author)
32:10 - Enumerating MySQL Database
35:15 - Giving up on MySQL, lets edit PHP Files to dump passwords!
36:50 - Identifying the file we want to backdoor
37:51 - Placing our PHP Code
42:06 - Got the password!