Finally, the CVE for the buffer overflow I found on the TP-Link Archer AX50 router has been published! It has been assigned CVE-2025-40634 and I've also published the exploit that I made back then for it :)
github.com/hacefresko/C...
Ep 158: MalwareTech
Yes @malwaretech.com joins us. Tells us one of the most insane stories ever. Do not miss this one.
darkentdiaries.com/episode/158
Paged Out! #6 is out!
pagedout.institute
Totally free, 80 pages, best issue so far!
'nuff said, enjoy!
(please repost to help spread out the news!)
table of contents for tmp.0ut volume 4
Would you look at that, it's tmp.0ut Volume 4! Happy Friday, hope you enjoy this latest issue!
tmpout.sh/4/
I want to get into mastodon. Any recommended hacking/bug hunting/vuln research server to join?
Wow! Thanks so much :)
Good news! I've uploaded a new post about the most complex and beautiful vulnerability I've ever found, involving patching and uploading deprecated .jar libraries to get RCE on a big target. It's a very technical post, but I hope you like it ! :)
www.hacefresko.com/posts/rce-on...
π₯°π₯°πΎπΎ
I've spent this weekend taking a closer look into Solr and ended up finding a bug in a big BB program which allowed me to modify the Solr database and configuration files via replication! I will spend the following days trying to escalate it to RCE
20 years ago we were suing teenagers for millions of dollars because they were torrenting a single Metallica album and now billionaires are demanding the free right to every work in history, so that they can re-sell it.
The law only ever serves capital.
About to start a new save in Fallout New Vegas while I wait for Saturday, when I will take the CRTO exam. Also waiting for my local CVE provider to respond about a TP-Link RCE I reported back in October. Blog post coming soon :)
Last week I got my first mechanical keyboard (a rainy 75) and the experience is being amazing. It feels really great to hack on this thing
Finally uninstalled X for now :)
