oxasploits

Intro Most of my recent posts have been centered around red team security, but this article will be more from a blue team perspective of network security. I’ll cover setting up an offsite server...

Finding the design flaw While playing with the GitHub API querying different things, I had a light bulb go off. If you can query any GitHub user via API, and see their administrator access level...

Background This is intended to be a concise cheat sheet for common web application exploitation techniques. Most of these techniques are well known, but hopefully, this can serve as a place to b...

Prerequisites This article references both ansvif and radamsa which need to be downloaded from github and gitlab respectively and compiled for all this to work. Update: I have another artilce on ...

Background Having a disuccsion with a friend about termbin and that the only viable improvement to the system would most probably be in/out encryption, (src hosted at github). Enter me, a bored...

Background While living at a halfway house, otherwise bored of being sober at the time, I decided I was going to run a Tor exit node. The neat thing about Tor exit nodes is, if you are an oper...

Background The dbman.exe module out of HP iMC PLAT 7.3 listening on TCP/2810 tries to initiate a restart of some network services, whilst doing so running NET STOP on an asn.1 BER encoded ip addr...

Background Webmin contains two critical vulnerabilities within the perl codebase. The first, a directory traversal where you can read arbitrary files, including webmin’s logs. The second vulnera...