Home Site wide release of my semi-private exploit archive

Site wide release of my semi-private exploit archive

Exploit Pack

What is in this dump?

All of these exploits are originally coded by oxagast / Marshall Whittaker. Some of them were already known vulnerabilities that I took and re-evaluated then wrote an exploit for them that I thought was more functional or logical in some way. Some of these vulnerabiltiies are partial PoC exploits that will make something crash, but not actually get root. Some will straight drop you at a root shell. None of this code should ever under any circumstances be run in a production environment, or on a system that you do not have express permission to run a penetration test on.

Word of warning: some of this code breaks things. Read it before running it.


Also some other partials that I am proud of but were not assigned a CVE.

Shadow-utils long shell variable bug.
IPSet for netfilter buffer overflow.
A bash wildcard expansion abuse case.
Arbitrary file pushing via MITM’d network for AOL AIM.

There is also a GitHub repo that contains all of the above exploits and more.

Email me at marshall@oxagast.org for any questions, comments, or if you have an idea for an interesting target you may want to collaborate on!

I have been struggling to keep this site going! Servers, domains, and widget feeds cost money!
I work a day job, but work hard to bring people information security related topics.
You can donate via Bitcoin: 3Ht1soLAdcBXrxbZLDJ53vry819E3rw49d
Thank you!

This post is licensed under CC BY 4.0 by the author.

CVE-2019-15947 Bitcoin Core bitcoin-qt crash dumps contain wallets

Password cracking wordlists reprise

Comments powered by Disqus.