Home
oxasploits
Cancel

Chipmonk with NUT (Network UPS Tools) used to event script power outages

Ah, shit. The power went out. So you just found the key, almost have the exploit at a PoC state where it fin… Wait what? The power went out! You just lost your last 10 minutes in between commit...

Authentication Bypass Techniques using SQLi, PHP, XPath, and LDAP injection

Introduction to Authentication and Authorization One of the most obvious things us as hackers need to do is bypass authentication methods. As authentication and authorization are different, you ...

Fuzz testing program file descriptors with deliverance

File Descriptors A file descriptor identifies where a file is opened in a computer system’s memory. File descriptors are most commonly used for reading and writing to files, usually on disk. The...

A quick walkthrough of how to crack hashed passwords with John the Ripper

So you’ve aquired a shadow file So… you have finally rooted the server and aquired the coveted /etc/shadow file. You want to reassure your access later on. What do you do now? If installing a...

Password cracking wordlists reprise

Wordlists for Password Cracking These wordlists are some of my favorite to use for password cracking. Generally the larger the wordlist the longer it will take to crack a password, but the high...

Site wide release of my semi-private exploit archive

What is in this dump? All of these exploits are originally coded by oxagast / Marshall Whittaker. Some of them were already known vulnerabilities that I took and re-evaluated then wrote an expl...

CVE-2019-15947 Bitcoin Core bitcoin-qt crash dumps contain wallets

What is stored in crash dumps? The basic idea behind a crash dump is on abnormal program failure (a fault, or kill signal) the operating system will sometimes (depending on settings) dump core o...

Fuzzing network services with Fuzzotron and Radamsa modified pcap testcases

What’s Da Fuzz One method of finding unknown vulnerabilties is simply shooting a bunch of trash data at a program to see how it reacts, and trapping any error codes. We can fuzz TCP or UDP serv...

Crash course in Elasticsearch Elastic Agent and Kibana log aggregation

Background So sometimes it’s great to be able to take loads of data and condense them into a visualized queryable form. What I find the technology particularly usefor for, since I run things u...

I Hacked a Bank and Got Arrested in 2012

Knock Knock Seeing as a decade has passed, I finally need to do it for me, to put it on paper how it happened. How I got busted by the FBI. On a warm summer day in mid-2012, I was asleep in my bed...