https://hexpysya.github.io/tags/rce/Recent content in RCE on bubka hacks stuffHugo -- gohugo.ioen-usThu, 02 Apr 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/ld-whoami-command-detected-in-request-body/Thu, 02 Apr 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/ld-whoami-command-detected-in-request-body/An external attacker from a CHINANET-hosted IP (61.177.172.87) exploited a command injection vulnerability on WebServer1004, executing five OS commands via the ?c= parameter against /video/ - including cat /etc/passwd and cat /etc/shadow - all of which returned HTTP 200 with distinct response sizes, confirming successful remote code execution. The case was escalated to Tier 2.https://hexpysya.github.io/blue_team/ld-cve202553770-sharepoint-toolshell-auth-bypass-and-rce/Sun, 22 Mar 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/ld-cve202553770-sharepoint-toolshell-auth-bypass-and-rce/An attacker exploited CVE-2025-53770 against a SharePoint server, achieving unauthenticated RCE via .NET deserialization. The attacker extracted the MachineKey, compiled and dropped a payload, planted a webshell in the SharePoint layouts directory, and established a reverse connection to the attacker-controlled server.https://hexpysya.github.io/blue_team/ld-malicious-attachment-detected---phishing-alert/Mon, 16 Mar 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/ld-malicious-attachment-detected---phishing-alert/Investigation of a phishing email delivering a malicious Excel attachment exploiting CVE-2017-11882, leading to payload download and privilege escalation via JuicyPotato