Home
oxasploits
Cancel

A simple x86_64 stack based buffer overflow exploitation with gdb

Background The basic idea behind a C buffer overflow is pretty simple. You have a buffer, a chunk of memory reserved for the purpose of storing data. To the outside of this on the stack (which ...

A bash wildcard expansion to arbitrary command line arguments (globbing abuse) whitepaper

Background A lot of my research into bugs goes unfounded, and very seldom do I find a bug by actually looking for it, so much as it was just a typo or something. So when I realized that the wildc...

A case study whitepaper of the shadow-utils chfn, chsh, and userdel bug

Background A while back an old friend had asked me if I had a chfn bug. I could see why he wanted one, I mean, a suid 0 binary on every system? Wow yeah, but sadly no, at the time I did not have o...

Secured encrypted networks with OpenVPN and Suricata

Intro Most of my recent posts have been centered around red team security, but this article will be more from a blue team perspective of network security. I’ll cover setting up an offsite server...

The time I enumerated every GitHub admin

Finding the design flaw While playing with the GitHub API querying different things, I had a light bulb go off. If you can query any GitHub user via API, and see their administrator access level, ...

A skidalicious cheat sheet of web app exploitation techniques

Background This is intended to be a concise cheat sheet for common web application exploitation techniques. Most of these techniques are well known, but hopefully, this can serve as a place to b...

Advanced Fuzzing Techniques in ansvif

Prerequisites This article references both ansvif and radamsa which need to be downloaded from github and gitlab respectively and compiled for all this to work. Advanced techniques This is a tut...

Creating a secured terminal paste tool

Background Having a disuccsion with a friend about termbin and that the only viable improvement to the system would most probably be in/out encryption, (src hosted at github). Enter me, a bored...

From dirty Tor exit nodes to Bitcoin wallet.dat theft

Background While living at a halfway house, otherwise bored of being sober at the time, I decided I was going to run a Tor exit node. The neat thing about Tor exit nodes is, if you are an operat...

CVE-2017-5816 HP iMC PLAT RCE Whitepaper

Background The dbman.exe module out of HP iMC PLAT 7.3 listening on TCP/2810 tries to initiate a restart of some network services, whilst doing so running NET STOP on an asn.1 BER encoded ip addr...