https://hexpysya.github.io/tags/linux/Recent content in Linux on bubka hacks stuffHugo -- gohugo.ioen-usThu, 16 Apr 2026 00:00:00 +0000https://hexpysya.github.io/investigations/cdef-etherrat/Thu, 16 Apr 2026 00:00:00 +0000https://hexpysya.github.io/investigations/cdef-etherrat/An attacker breached Maromalix’s public-facing web application by exploiting CVE-2025-55182 (Next.js Deserialization RCE). They deployed a multi-stage implant dubbed EtherRAT, which utilizes a blockchain-based C2 mechanism via Ethereum smart contracts to dynamically resolve infrastructure. The attacker exfiltrated sensitive data, established multiple persistence mechanisms, and ultimately patched the vulnerability to lock out other actors.https://hexpysya.github.io/investigations/htb-lockpick3.0/Sun, 15 Mar 2026 00:00:00 +0000https://hexpysya.github.io/investigations/htb-lockpick3.0/A ELF64 ransomware binary uses XOR string obfuscation keyed on a CLI passphrase, contacts a DigitalOcean C2 to register and retrieve an AES-256-CBC key and IV, recursively encrypts target files in /share/ renaming them to .24bes, exfiltrates the originals via HTTP PUT, zeroes and removes the source files, and installs a systemd service for persistence.https://hexpysya.github.io/investigations/htb-luckyshot/Mon, 02 Feb 2026 00:00:00 +0000https://hexpysya.github.io/investigations/htb-luckyshot/https://hexpysya.github.io/investigations/htb-mongobleed/Fri, 30 Jan 2026 00:00:00 +0000https://hexpysya.github.io/investigations/htb-mongobleed/https://hexpysya.github.io/investigations/htb-wayback/Thu, 29 Jan 2026 00:00:00 +0000https://hexpysya.github.io/investigations/htb-wayback/https://hexpysya.github.io/investigations/htb-cyberpsychosis/Wed, 28 Jan 2026 00:00:00 +0000https://hexpysya.github.io/investigations/htb-cyberpsychosis/https://hexpysya.github.io/investigations/htb-rauth/Thu, 22 Jan 2026 00:00:00 +0000https://hexpysya.github.io/investigations/htb-rauth/https://hexpysya.github.io/investigations/htb-hubbub/Wed, 21 Jan 2026 00:00:00 +0000https://hexpysya.github.io/investigations/htb-hubbub/https://hexpysya.github.io/investigations/htb-obfsc4t10n2/Tue, 20 Jan 2026 00:00:00 +0000https://hexpysya.github.io/investigations/htb-obfsc4t10n2/https://hexpysya.github.io/investigations/htb-conversor/Mon, 19 Jan 2026 00:00:00 +0000https://hexpysya.github.io/investigations/htb-conversor/Flask web application vulnerable to path traversal during file uploads. Exploited by uploading Python reverse shell to cron-executed directory → gained www-data shell → extracted MD5 hashes from SQLite database → cracked password for user fismathack → leveraged CVE-2024-48990 in needrestart 3.7 for privilege escalation to root.