00:00 – Introduction
01:00 – Start of nmap
02:00 – Logging into RoudnCube with the assume breach credentials, getting the version and searching for exploits
05:00 – Running the CVE-2025-49113 POC to get a shell on the box
07:50 – Taking a step back and just examining the payload for the POC and talking about the attack a little
11:55 – Logging into MySQL and poking at the database
14:00 – Looking at the Sessions Table and discovering the password is stored encrypted in the session. Decrypting it with the Roundcube utility
19:00 – Showing how to decrypt the data manually via cyber chef
22:00 – Logged in, discovering we can run Below with Sudo, seeing the source code is on the box and looking at the version
24:15 – Exploiting Below version 0.8.0 via CVE-2025-27591
Comments