Victor Fresk0
@hacefresko.com
Pinned
Victor Fresk0
@hacefresko.com
· Feb 26
A very fancy way to obtain RCE on a Solr server
www.hacefresko.com
Good news! I've uploaded a new post about the most complex and beautiful vulnerability I've ever found, involving patching and uploading deprecated .jar libraries to get RCE on a big target. It's a very technical post, but I hope you like it ! :)
www.hacefresko.com/posts/rce-on...
www.hacefresko.com/posts/rce-on...
Finally, the CVE for the buffer overflow I found on the TP-Link Archer AX50 router has been published! It has been assigned CVE-2025-40634 and I've also published the exploit that I made back then for it :)
github.com/hacefresko/C...
github.com/hacefresko/C...
GitHub - hacefresko/CVE-2025-40634: Exploit for stack-based buffer overflow found in the conn-indicator binary in the TP-Link Archer AX50 router
Exploit for stack-based buffer overflow found in the conn-indicator binary in the TP-Link Archer AX50 router - hacefresko/CVE-2025-40634
github.com
May 21, 2025 at 11:15 AM
Finally, the CVE for the buffer overflow I found on the TP-Link Archer AX50 router has been published! It has been assigned CVE-2025-40634 and I've also published the exploit that I made back then for it :)
github.com/hacefresko/C...
github.com/hacefresko/C...
Reposted by Victor Fresk0
Ep 158: MalwareTech
Yes @malwaretech.com joins us. Tells us one of the most insane stories ever. Do not miss this one.
darkentdiaries.com/episode/158
Yes @malwaretech.com joins us. Tells us one of the most insane stories ever. Do not miss this one.
darkentdiaries.com/episode/158
May 6, 2025 at 6:13 AM
Ep 158: MalwareTech
Yes @malwaretech.com joins us. Tells us one of the most insane stories ever. Do not miss this one.
darkentdiaries.com/episode/158
Yes @malwaretech.com joins us. Tells us one of the most insane stories ever. Do not miss this one.
darkentdiaries.com/episode/158
Reposted by Victor Fresk0
Paged Out! #6 is out!
pagedout.institute
Totally free, 80 pages, best issue so far!
'nuff said, enjoy!
(please repost to help spread out the news!)
pagedout.institute
Totally free, 80 pages, best issue so far!
'nuff said, enjoy!
(please repost to help spread out the news!)
March 29, 2025 at 12:08 PM
Paged Out! #6 is out!
pagedout.institute
Totally free, 80 pages, best issue so far!
'nuff said, enjoy!
(please repost to help spread out the news!)
pagedout.institute
Totally free, 80 pages, best issue so far!
'nuff said, enjoy!
(please repost to help spread out the news!)
Reposted by Victor Fresk0
Would you look at that, it's tmp.0ut Volume 4! Happy Friday, hope you enjoy this latest issue!
tmpout.sh/4/
tmpout.sh/4/
March 21, 2025 at 4:26 PM
Would you look at that, it's tmp.0ut Volume 4! Happy Friday, hope you enjoy this latest issue!
tmpout.sh/4/
tmpout.sh/4/
I want to get into mastodon. Any recommended hacking/bug hunting/vuln research server to join?
March 14, 2025 at 11:20 AM
I want to get into mastodon. Any recommended hacking/bug hunting/vuln research server to join?
Good news! I've uploaded a new post about the most complex and beautiful vulnerability I've ever found, involving patching and uploading deprecated .jar libraries to get RCE on a big target. It's a very technical post, but I hope you like it ! :)
www.hacefresko.com/posts/rce-on...
www.hacefresko.com/posts/rce-on...
A very fancy way to obtain RCE on a Solr server
www.hacefresko.com
February 26, 2025 at 4:40 PM
Good news! I've uploaded a new post about the most complex and beautiful vulnerability I've ever found, involving patching and uploading deprecated .jar libraries to get RCE on a big target. It's a very technical post, but I hope you like it ! :)
www.hacefresko.com/posts/rce-on...
www.hacefresko.com/posts/rce-on...
I've spent this weekend taking a closer look into Solr and ended up finding a bug in a big BB program which allowed me to modify the Solr database and configuration files via replication! I will spend the following days trying to escalate it to RCE
February 3, 2025 at 4:53 PM
I've spent this weekend taking a closer look into Solr and ended up finding a bug in a big BB program which allowed me to modify the Solr database and configuration files via replication! I will spend the following days trying to escalate it to RCE
Reposted by Victor Fresk0
20 years ago we were suing teenagers for millions of dollars because they were torrenting a single Metallica album and now billionaires are demanding the free right to every work in history, so that they can re-sell it.
The law only ever serves capital.
The law only ever serves capital.
‘Impossible’ to create AI tools like ChatGPT without copyrighted material, OpenAI says
‘Impossible’ to create AI tools like ChatGPT without copyrighted material, OpenAI says
Pressure grows on artificial intelligence firms over the content used to train their productsBusiness live – latest updatesThe developer OpenAI has said it would be impossible to create tools like its groundbreaking chatbot ChatGPT without access to copyrighted material, as pressure grows on artificial intelligence firms over the content used to train their products.Chatbots such as ChatGPT and image generators like Stable Diffusion are “trained” on a vast trove of data taken from the internet, with much of it covered by copyright – a legal protection against someone’s work being used without permission. Continue reading...
www.theguardian.com
January 8, 2024 at 4:34 PM
20 years ago we were suing teenagers for millions of dollars because they were torrenting a single Metallica album and now billionaires are demanding the free right to every work in history, so that they can re-sell it.
The law only ever serves capital.
The law only ever serves capital.
About to start a new save in Fallout New Vegas while I wait for Saturday, when I will take the CRTO exam. Also waiting for my local CVE provider to respond about a TP-Link RCE I reported back in October. Blog post coming soon :)
December 10, 2024 at 6:16 PM
About to start a new save in Fallout New Vegas while I wait for Saturday, when I will take the CRTO exam. Also waiting for my local CVE provider to respond about a TP-Link RCE I reported back in October. Blog post coming soon :)
Last week I got my first mechanical keyboard (a rainy 75) and the experience is being amazing. It feels really great to hack on this thing
December 1, 2024 at 5:59 PM
Last week I got my first mechanical keyboard (a rainy 75) and the experience is being amazing. It feels really great to hack on this thing
Finally uninstalled X for now :)
November 26, 2024 at 6:05 PM
Finally uninstalled X for now :)