More results...
“The big set of open-source graphics driver updates for Linux 6.15 have been merged,” writes Phoronix, “but Linux creator Linus Torvalds isn’t particularly happy with the pull request.”
The new “hdrtest” code is for the Intel Xe kernel driver and is a…
This walkthrough examines the BlockBlock machine from Hack The Box, classified as a medium-difficulty challenge. The assessment began with the exploitation of an XSS vulnerability, which facilitated credential theft through the Ethereum JSON-RPC API, granting SSH access. Privilege escalation was achieved by leveraging the forge binary to obtain higher privileges, followed by exploiting a misconfigured pacman package manager to gain root access. This engagement underscores the critical importance of securing APIs, implementing robust input validation, and enforcing strict privilege escalation controls to mitigate security risks.
#HackTheBox #CyberSecurity #PenetrationTesting #CTF #EthicalHacking #XSS #PrivilegeEscalation #BlockchainSecurity
The post Hack The Box: BlockBlock Machine Walkthrough – Hard Difficulty appeared first on Threatninja.net.
Researchers at QiAnXin XLab have uncovered a sophisticated Linux-based backdoor dubbed OrpaCrab, specifically targeting industrial systems associated with ORPAK, a company involved in gas stations and oil transportation. The malware, which was uploaded…
Researchers have introduced ARACNE, a fully autonomous Large Language Model (LLM)-based pentesting agent designed to interact with SSH services on real Linux shell systems. ARACNE is engineered to execute commands autonomously, marking a significant ad…
Linus Torvalds released the Linux 6.14 kernel today after an unexpected quiet day yesterday, marking a new milestone in the Linux ecosystem. This version is set to power several upcoming Linux distribution releases, including Ubuntu 25.04 and Fedora 42…
A recent report from Trend Micro has revealed that a new variant of the Albabat ransomware now targets Linux and macOS platforms, marking a significant expansion in its capabilities. Previously limited to Windows systems, this updated strain demonstrat…
A recent development in Linux kernel security has led to the creation of a Rust-based kernel module designed to detect rootkits, a type of malware that can hide itself and other malicious activities from system administrators. This project, part of an …
VanHelsingRaaS, a newly launched ransomware-as-a-service (RaaS) program, has quickly gained traction in the cybercrime ecosystem. Introduced on March 7, 2025, this RaaS platform offers affiliates a cross-platform ransomware tool capable of targeting di…
We discovered an XSS vulnerability in .md file uploads and the Contacts tab. By embedding an XSS payload and sharing the link, we extracted data from messages.php, revealing a file parameter vulnerable to LFI. This led us to /var/www/statistics.alert.htb/.htpasswd, which contained a hashed password. Using hashid, we identified it as MD5 (APR1-MD5) and cracked it with Hashcat, retrieving the password ManchesterUnited. With these credentials, we accessed the system and captured the user flag.
After logging into statistics.alert.htb, we found port 8080 open. Using SSH port forwarding, we accessed a monitoring site but needed to locate its directory. Checking ps aux, we found it in /opt/website-monitor. We confirmed file access by testing a basic PHP file, which worked. We then uploaded a PentestMonkey reverse shell, but it didn’t execute. To ensure success, we crafted a reliable PHP shell, triggered it, and gained root access.
🔍 #CyberSecurity #BugBounty #EthicalHacking #PenTesting #CTF #HTB #WebSecurity #XSS #LFI #PrivilegeEscalation #Hacking
The post Hack The Box: Alert Machine Walkthrough – Easy Difficulty appeared first on Threatninja.net.
Recent research by Trend Micro has uncovered a significant evolution in the Albabat ransomware, which now targets not only Windows but also Linux and macOS systems. This expansion highlights the increasing sophistication of ransomware groups in exploit…