Home
oxasploits

Enumerating SUID files targeted for priv esc

Background One of the methods hackers utilize in getting root, or escelating of their priveleges on a system of some kind, is to explot system binaries that are set to run as a user other than t...

Lock binaries in memory using vmtouch cache

What does this really accomplish? Our goal here is to first look at reads on everything you commonly use when you use a linux computer, where be it common command line utilities, or GUI apps suc...

The importance of autonomous backups

Why do I need backups? The simple answer: You never know when you will need them, but when you need them, you really need them. With the internet rampet with viruses and worms infecting machines...

Password cracking wordlists update

Wordlists for Password Cracking I have updated the password wordlists section with two more, one very large list, rockyou2021.lst, and a very small list, top_100_in_order.lst for cracking rate l...

Anatomy of a hardened Apache2 configuration

Some Suggestions This guide applies to Apache 2.4+. I cover most things here, but anything else is easily found at the Apache2 documentation site. So first I want to suggest that you break up ...

Jekyll minification optimization

Jekyll Intro So as you can see, I build websites with Jekyll static site generator a lot. The problem with this is the jekyll implementation is usually used on GitHub for internal sites, so I c...

Chipmonk with NUT to event script power outages

Ah, shit. The power went out. So you just found the key, almost have the exploit at a PoC state where it fin… Wait what? The power went out! You just lost your last 10 minutes in between commit...

Bypass with SQLi, PHP, XPath, and LDAP injection

Introduction to Authentication and Authorization One of the most obvious things us as hackers need to do is bypass authentication methods. As authentication and authorization are different, you ...

Deliverance Fuzzing File Descriptors

File Descriptors A file descriptor identifies where a file is opened in a computer system’s memory. File descriptors are most commonly used for reading and writing to files, usually on disk. The...

Cracking hashed passwords with John the Ripper

So you’ve aquired a shadow file So… you have finally rooted the server and aquired the coveted /etc/shadow file. You want to reassure your access later on. What do you do now? If installing a...

Password cracking wordlists reprise

Wordlists for Password Cracking These wordlists are some of my favorite to use for password cracking. Generally the larger the wordlist the longer it will take to crack a password, but the high...

CVE-2019-15947 Bitcoin Core crash dumps contain wallets

What is stored in crash dumps? The basic idea behind a crash dump is on abnormal program failure (a fault, or kill signal) the operating system will sometimes (depending on settings) dump core o...