France 24 – International breaking news, top stories and headlines France 24 – International breaking news, top stories and headlines https://www.france24.com/en/ GlobalNewsBot GlobalNewsBot
Panic in the streets, but relief for some: The mood in Iran
Iranians talk about what is happening inside the country, despite an almost total internet blackout.
Bored of Peace? Half of Donald Trump’s Board of Peace is at war
Donald Trumpโs grandly titled Board of Peace was supposed to be a Trumpian alternative to the United Nations, promising order, stability, and the end of endless wars. Instead, it resembles a Yes Minister casting call where the least qualified are hande…
Scenes of destruction in Iran after US-Israeli strikes
Footage from Tehran shows burned vehicles, wrecked buildings, towering plumes of smoke, and a massive crater.
Hack The Box: Guardian Machine Walkthrough โ Hard Difficulty
๐ User Flag โ Compromising the Application Layer
Successfully rooted the Guardian (Hard) machine on Hack The Box by chaining multiple real-world web vulnerabilities.Initial access was achieved through credential abuse and IDOR within the student portal. Leaked chat credentials exposed internal Gitea repositories containing hardcoded database secrets. A vulnerable XLSX file upload feature allowed formula injection โ XSS โ session hijacking. Leveraging CSRF, I created a rogue admin account and escalated privileges within the application. From there, an LFI vulnerability combined with a PHP filter chain led to Remote Code Execution. After gaining a shell as www-data, I reused leaked credentials to pivot laterally to user jamil, capturing the user flag.
๐ Root Flag โ From Code Injection to Full System Compromise
Privilege escalation started with sudo -l, revealing that jamil could execute a Python utility as user mark without a password. Since one of the Python files was writable, I injected code to spawn a shell as mark. Further enumeration uncovered a custom binary (safeapache2ctl) executable as root. A flawed validation mechanism in its Apache config parsing allowed path traversal and arbitrary file inclusion. By crafting a malicious shared object (evil.so) and abusing the wrapperโs improper include validation, I achieved root-level code execution and obtained a root shell.
The post Hack The Box: Guardian Machine Walkthrough โ Hard Difficulty appeared first on Threatninja.net.
US Calls Iran Strike “Operation Epic Fury”, After 2025’s “Midnight Hammer”
The United States carried out a major military strike on Iran, pledging to cripple the country’s armed forces, dismantle its nuclear programme and push for a change in leadership, US President Donald Trump said.
Oil Tankers Avoiding Vital Hormuz Strait After US Bombs Iran
submitted by /u/joe4942 [link] [comments]
Moment Iranian strike hits US military base in Bahrain
Black smoke rose over Manama after Iranโs Revolutionary Guard said it struck the US 5th Fleet in Bahrain in retaliation for joint US-Israel attacks. A centre at the headquarters of the US Fifth Fleet was hit by a ‘missile attack’, the country’s authori…
US and Israel attack Iran as Trump says US begins ‘major combat operations’
US President Donald Trump said on Saturday that Washington had begun “major combat operations” in Iran after Israel and the United States launched a joint attack on the Islamic Republic Saturday. In retaliation, Iran attacked Israel as well as several…
Dubai shuts airport & flights halted in Middle East leaving thousands stranded as Iran blitz sparks chaos for tourists
TOURISTS have been thrown into turmoil after a wave of flight cancellations between Western Europe and the Middle East following US and Israeli strikes on Iran. The โmajor combat operationโ announced by Donald Trump on Saturday morning triggered immedi…