Home Site wide release of my semi-private exploit archive
Post
Cancel

Site wide release of my semi-private exploit archive

Exploit Pack

What is in this dump?

All of these exploits are originally coded by oxagast / Marshall Whittaker. Some of them were already known vulnerabilities that I took and re-evaluated then wrote an exploit for them that I thought was more functional or logical in some way. Some of these vulnerabiltiies are partial PoC exploits that will make something crash, but not actually get root. Some will straight drop you at a root shell. None of this code should ever under any circumstances be run in a production environment, or on a system that you do not have express permission to run a penetration test on.

Word of warning: some of this code breaks things. Read it before running it.

CVE-2006-3392
CVE-2010-2626
CVE-2016-10401
CVE-2017-5816
CVE-2018-17336
CVE-2019-12881
CVE-2019-15947
CVE-2019-18684
CVE-2021-3560

Also some other partials that I am proud of but were not assigned a CVE.

Shadow-utils long shell variable bug.
IPSet for netfilter buffer overflow.
A bash wildcard expansion abuse case.
Arbitrary file pushing via MITM’d network for AOL AIM.

There is also a GitHub repo that contains all of the above exploits and more.

Email me at marshall@oxagast.org for any questions, comments, or if you have an idea for an interesting target you may want to collaborate on!

This post is licensed under CC BY 4.0 by the author.

CVE-2019-15947 Bitcoin Core bitcoin-qt crash dumps contain wallets

Password cracking wordlists reprise

Comments powered by Disqus.