https://hexpysya.github.io/tags/nmap/Recent content in Nmap on bubka hacks stuffHugo -- gohugo.ioen-usThu, 16 Apr 2026 00:00:00 +0000https://hexpysya.github.io/investigations/cdef-etherrat/Thu, 16 Apr 2026 00:00:00 +0000https://hexpysya.github.io/investigations/cdef-etherrat/An attacker breached Maromalix’s public-facing web application by exploiting CVE-2025-55182 (Next.js Deserialization RCE). They deployed a multi-stage implant dubbed EtherRAT, which utilizes a blockchain-based C2 mechanism via Ethereum smart contracts to dynamically resolve infrastructure. The attacker exfiltrated sensitive data, established multiple persistence mechanisms, and ultimately patched the vulnerability to lock out other actors.https://hexpysya.github.io/investigations/cdef-lockdown/Tue, 14 Apr 2026 00:00:00 +0000https://hexpysya.github.io/investigations/cdef-lockdown/An attacker performed SYN port scanning against an IIS server, enumerated open SMB shares, uploaded a webshell to the Documents share, triggered a reverse shell on port 4443, and established persistence via AgentTesla dropped into the Startup folder, which exfiltrated data via SMTP to cp8nl.hyperhost.ua.https://hexpysya.github.io/investigations/htb-conversor/Mon, 19 Jan 2026 00:00:00 +0000https://hexpysya.github.io/investigations/htb-conversor/Flask web application vulnerable to path traversal during file uploads. Exploited by uploading Python reverse shell to cron-executed directory → gained www-data shell → extracted MD5 hashes from SQLite database → cracked password for user fismathack → leveraged CVE-2024-48990 in needrestart 3.7 for privilege escalation to root.