Home
oxasploits

SQLi, PHP, XPath, and LDAP injection bypass

Introduction to Authentication and Authorization One of the most obvious things us as hackers need to do is bypass authentication methods. As authentication and authorization are different, you ...

Deliverance Fuzzing File Descriptors

File Descriptors A file descriptor identifies where a file is opened in a computer system’s memory. File descriptors are most commonly used for reading and writing to files, usually on disk. The...

Cracking hashed passwords with John the Ripper

A John the Ripper tutorial So… you have finally rooted the server and aquired the coveted /etc/shadow file. You want to reassure your access later on. What do you do now? If installing a root...

CVE-2019-15947 Bitcoin Core crashes contain wallets

What is stored in crash dumps? The basic idea behind a crash dump is on abnormal program failure (a fault, or kill signal) the operating system will sometimes (depending on settings) dump core o...

Fuzzotron and Radamsa pcap testcases

What’s Da Fuzz One method of finding unknown vulnerabilties is simply shooting a bunch of trash data at a program to see how it reacts, and trapping any error codes. We can fuzz TCP or UDP serv...

Elasticsearch Elastic Agent and Kibana

Background What do you think when you think about custom log integrations? So sometimes it’s great to be able to take loads of data and condense them into a visualized queryable form. What I f...

I Hacked a Bank and Got Arrested in 2012

Knock Knock Seeing as a decade has passed, I finally need to do it for me, to put it on paper how it happened. How I got busted by the FBI. On a warm summer day in mid-2012, I was asleep in my bed...

Iptables Configuration Tips and Tricks

Intro The built-in (kernel level) linux firewall, iptables, can be daunting to attempt to use, however is a simple redirection filter in practice. I have used iptables from everything from secur...

Simple x86_64 buffer overflow in gdb

Background We will be debugging a C buffer overflow in gdb to attain higher privileges. The basic idea behind a C buffer overflow is pretty simple. You have a buffer, a chunk of memory reserved...

Bash wildcard expansion globbing abuse

Background A lot of my research into bugs goes unfounded, and very seldom do I find a bug by actually looking for it, so much as it was just a typo or something. So when I realized that the wildc...

A shadow-utils BoF whitepaper

Background A while back an old friend had asked me if I had a chfn bug. I could see why he wanted one, I mean, a suid 0 binary on every system? Wow yeah, but sadly no, at the time I did not have o...

Networks with OpenVPN and Suricata

Intro Most of my recent posts have been centered around red team security, but this article will be more from a blue team perspective of network security. I’ll cover setting up an offsite server...