00:00 - Introduction
01:00 - Start of nmap
04:30 - Discovering the version of LimeSurvey running by comparing the git with what is running
08:50 - Finding a File Disclosure in the export functionality of the RAILS App
10:10 - Using the File Disclosure to find the root by searching for Gemfile, then exporting the SQLite database
16:45 - Installing a malicious plugin for LimeSurvey to get shell on the box
21:30 - Getting the database password, then spraying it to get SSH Access to the box
26:45 - Discovering Consul is running on the box, finding an exploit and rooting the box