00:40 - Begin of the box
03:20 - Checking the HTTP Ports out
04:38 - Using wfuzz to bruteforce a login on port 80
08:15 - Begin examining port 8080, use wfuzz to bruteforce a cookie
11:30 - Using wfuzz to enumerate the WAF and determine bad characters
14:40 - Doing a SSRF Like attack with wfuzz and enumerating open ports on localhost.
16:50 - Begin examining port 11211 (MemCache)
18:00 - Dumping data from Memcache
23:50 - Using CVE-2018-15473 to enumerate valid users over SSH
27:35 - Cracking the users hash and logging into the box
29:00 - Using R2 to analyzing rabbit hole application "try_harder"
33:30 - Going through LinEnum
38:30 - Using r2 to examine myexec to find password
40:13 - Using r2 to examine libseclogin.so
41:30 - Examining ld.so.conf.d to identify if we can use ldconfig to hijack a library
42:10 - Creating a malicious library to hijack seclogin()
45:10 - Lets bypass the login by hijacking printf()