Aggregator

本年度最后一次HVV记录，也是取得成果最多的一次

本文记录了 HackTheBox 靶机 OneTwoSeven 的完整渗透过程。攻击链从端口扫描与 Web 信息搜集开始，发现目标开放 SSH、HTTP 以及仅允许本地访问的 60080 管理端口。随后利用 SFTP 提供的软链接功能绕过目录限制，读取系统敏感文件与 Vim swap 文件，恢复后台登录源码并获得管理员凭据。通过 SSH 本地端口转发访问内部管理后台后，进一步分析插件管理逻辑，利用

攻防旺季，助力红队

本篇文章完整解析了黄河流域全部逆向题目，涉及的考点包括手动脱壳，控制流劫持，父子进程 ptrace，花指令混淆，python VM，HarmonyOS逆向 ArkTS + NAPI

很荣幸可以主导这个比赛pwn方向的命题，结合核心知识点进行了命题

Nginx ACL 绕过 SSRF php反序列化

测试用的Android实体机借给朋友了，所以就打算在Android Studio上搭建一套最新的APP渗透环境。

第四届黄河流域挑战赛web方向部分wp，包含原型链污染，ECDSA 签名漏洞，yaml， Thymeleaf SSTI

如果 Freund 那天选择早点睡觉——这个后门会在全球数以百万计的 Linux 服务器上安静地等待激活。

Submit #838560 / VDB-374494

Submit #838559 / VDB-374493

A vulnerability was found in Linux Kernel up to 6.12.90/6.18.32/7.0.9. It has been classified as critical. This vulnerability affects the function pci_epc_deinit_notify of the component PCI. The manipulation leads to reachable assertion. This vulnerability is listed as CVE-2026-53051. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.1.174/6.6.140/6.12.90/6.18.32/7.0.9. This affects an unknown part of the component ASoC. Such manipulation leads to privilege escalation. This vulnerability is referenced as CVE-2026-53052. The attack needs to be initiated within the local network. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 7.0.9. This issue affects the function gfs2_log_flush of the component gfs2. Such manipulation of the argument sd_jdesc leads to null pointer dereference. This vulnerability is listed as CVE-2026-53048. The attack must be carried out from within the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 7.0.9. It has been declared as critical. Affected by this vulnerability is the function dquot_scan_active of the component quota. The manipulation results in improper locking. This vulnerability was named CVE-2026-53050. The attack needs to be approached within the local network. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 7.0.9. It has been rated as critical. Affected by this issue is the function gfs2_logd of the component gfs2. This manipulation of the argument sd_log_flush_lock causes improper locking. The identification of this vulnerability is CVE-2026-53049. The attack needs to be done within the local network. There is no exploit available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 7.0.9 and classified as critical. This affects the function ksmbd_crypt_message of the file fs/smb/client/smb2ops.c of the component ksmbd. Executing a manipulation can lead to use after free. This vulnerability is tracked as CVE-2026-53046. The attack is only possible within the local network. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 7.0.9. This issue affects the function krealloc of the component efi. The manipulation of the argument phys results in heap-based buffer overflow. This vulnerability is identified as CVE-2026-53047. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is recommended.