https://0x5t.raptx.org Security research and CTF writeups by 0x5t (RaptX). en-us https://0x5t.raptx.org/assets/logo.png https://0x5t.raptx.org/ Tue, 25 Mar 2026 00:00:00 GMT https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b Tue, 18 Mar 2026 00:00:00 GMT Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges. CVE NoSQL Injection Privilege Escalation UniFi https://0x5t.raptx.org/posts/calibre-chm-rce.html https://0x5t.raptx.org/posts/calibre-chm-rce.html Fri, 06 Feb 2026 00:00:00 GMT Path traversal vulnerability in Calibre 9.1.0's CHM reader allows arbitrary file writes and code execution by dropping payloads into the Windows Startup folder. CVE RCE Path Traversal Calibre https://0x5t.raptx.org/posts/calibre-epub-rce.html https://0x5t.raptx.org/posts/calibre-epub-rce.html Fri, 06 Feb 2026 00:00:00 GMT Path traversal vulnerability in Calibre 9.1.0's EPUB conversion allows arbitrary file corruption and code execution via malicious ebook files. CVE RCE Path Traversal Calibre https://nvd.nist.gov/vuln/detail/CVE-2026-26065 https://nvd.nist.gov/vuln/detail/CVE-2026-26065 Wed, 19 Feb 2026 00:00:00 GMT Critical path traversal vulnerability in Calibre's PDB file readers (both 132-byte and 202-byte variants) allows arbitrary file writes with arbitrary extension and content anywhere the user has write permissions, enabling code execution or denial of service. Affects versions up to 9.2.1, fixed in 9.3.0. CVE Path Traversal Calibre PDB https://nvd.nist.gov/vuln/detail/CVE-2026-26064 https://nvd.nist.gov/vuln/detail/CVE-2026-26064 Wed, 19 Feb 2026 00:00:00 GMT Critical path traversal vulnerability in Calibre's extract_pictures() function fails to sanitize '..' sequences, allowing arbitrary file writes anywhere the user has write permissions. On Windows, attackers can achieve RCE by writing payloads to the Startup folder. Affects versions up to 9.2.1, fixed in 9.3.0. CVE Path Traversal RCE Calibre https://nvd.nist.gov/vuln/detail/CVE-2026-26075 https://nvd.nist.gov/vuln/detail/CVE-2026-26075 Wed, 19 Feb 2026 00:00:00 GMT Server-side request forgery vulnerability in FastGPT's web page acquisition and HTTP nodes allows exploitation through insufficient internal network address detection. Fixed in version 4.14.7. CVE SSRF FastGPT AI Security https://0x5t.raptx.org/posts/ghost-board-writeup.html https://0x5t.raptx.org/posts/ghost-board-writeup.html Sun, 25 Jan 2026 00:00:00 GMT Ghost Board is a web application built with Spring Boot and AngularJS that involves AngularJS CSTI, Thymeleaf SSTI, and H2 database exploitation to read the flag. CTF Web Exploitation SSTI 0xL4ugh https://0x5t.raptx.org/posts/0xnote-writeup.html https://0x5t.raptx.org/posts/0xnote-writeup.html Sun, 25 Jan 2026 00:00:00 GMT A PHP-based note-taking application with a premium color customization feature protected by nginx. Exploitation involves nginx bypass, arbitrary class instantiation, and CVE-2024-2961 for RCE. CTF Web Exploitation PHP 0xL4ugh https://nvd.nist.gov/vuln/detail/CVE-2026-25130 https://nvd.nist.gov/vuln/detail/CVE-2026-25130 Wed, 30 Jan 2026 00:00:00 GMT Critical command injection vulnerability (CVSS 9.7) discovered in the CAI (Cybersecurity AI) framework. The vulnerability allows Remote Code Execution through argument injection in the find_file agent tool, exploitable via prompt injection. CVE Command Injection AI Security RCE https://www.offensive-security.com/courses/oscp/ https://www.offensive-security.com/courses/oscp/ Wed, 22 Oct 2025 00:00:00 GMT Offensive Security Certified Professional is an ethical hacking certification offered by Offensive Security that teaches penetration testing methodologies and the use of the tools included with the Kali Linux distribution. Certification OSCP Offensive Security Penetration Testing https://0x5t.raptx.org/posts/scepter-writeup.html https://0x5t.raptx.org/posts/scepter-writeup.html Sun, 24 Aug 2025 00:00:00 GMT A hard Active Directory machine involving NFS share exploitation, certificate abuse, and multiple chained DACL vulnerabilities leading to full domain compromise through ADCS misconfigurations. HackTheBox Windows Active Directory https://0x5t.raptx.org/posts/haze-writeup.html https://0x5t.raptx.org/posts/haze-writeup.html Sun, 24 Aug 2025 00:00:00 GMT A hard Windows machine exploiting Splunk Arbitrary File Read vulnerability for initial access, leveraging Active Directory for lateral movement, and abusing SeImpersonatePrivilege for SYSTEM shell access. HackTheBox Windows Splunk https://0x5t.raptx.org/posts/down-writeup.html https://0x5t.raptx.org/posts/down-writeup.html Sun, 24 Aug 2025 00:00:00 GMT An easy machine exploiting an arbitrary file read vulnerability to achieve remote code execution and privilege escalation through a user's sudo permissions. HackTheBox Linux RCE https://0x5t.raptx.org/posts/cypher-writeup.html https://0x5t.raptx.org/posts/cypher-writeup.html Sun, 24 Aug 2025 00:00:00 GMT A medium-difficulty machine involving Cypher injection for authentication bypass, command injection in a custom Java method, and privilege escalation through sudo misconfiguration on the bbot utility. HackTheBox Linux Cypher https://0x5t.raptx.org/posts/code-writeup.html https://0x5t.raptx.org/posts/code-writeup.html Sun, 24 Aug 2025 00:00:00 GMT An easy Linux machine featuring remote code execution in a Python code editor web application and privilege escalation through SQLite credential cracking and command injection. HackTheBox Linux RCE https://0x5t.raptx.org/posts/cicada-writeup.html https://0x5t.raptx.org/posts/cicada-writeup.html Sun, 24 Aug 2025 00:00:00 GMT An easy Active Directory Windows machine demonstrating a classic domain compromise chain through SMB share enumeration, credential extraction, password spraying, and SeBackupPrivilege abuse. HackTheBox Windows Active Directory https://0x5t.raptx.org/posts/cap-writeup.html https://0x5t.raptx.org/posts/cap-writeup.html Sun, 24 Aug 2025 00:00:00 GMT An easy Linux machine demonstrating an insecure direct object reference vulnerability in an HTTP server for network traffic captures, exploitable through plaintext FTP credentials. HackTheBox Linux IDOR https://github.com/0x5t/DeepDives/tree/main/CVE-2025-31324 https://github.com/0x5t/DeepDives/tree/main/CVE-2025-31324 Mon, 25 Aug 2025 00:00:00 GMT SAP NetWeaver Visual Composer Unauthenticated File Upload vulnerability analysis. CVE RCE File Upload