Skip to content
A number of exploits and tools I've written for CVEs accredited to Marshall Whittaker/oxagast
C Shell Ruby Perl
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


A number of exploits written by oxagast

Most of these CVEs are accreddited to oxagast as well


This is a fuzzer, written in C++, designed to find bugs in C/C++ programs.


This is a tool for building wordlists out of things known about a user.

This tool creates a list of all suid 0 executables from apt archives.

A tool that builds metasploit resource scripts from nmap scans.


Webmin <=1.29 remote root exploit

This exploit, lifts a Webmin cookie with a directory transversal and aritrary read exploit, then reuses the cookie to use an authenticated user exploit to get root remotely.


Perl pipe upload and shell for Miyabi CGI Tools <=1.02 and iOffice 0.1

This exploit uploads a perl program via buggy perl open reads (|). After pushing the program it chmods and spawns a shell. Should work regaurdless if the server is firewalled or not.


PK5001Z router remote root exploit

Uses known telnet user and root pass to log in as root.


UDisks <=2.8.0 DoS

This is example code that crashes udisks2 via malformed filesystem label that when mounted then logged a string format vulnerability exists allowing arbitrary read/write of memory as root.


Linux Kernel 4.15.x i915 driver NULL pointer dereference

This code demonstrates crafted ioctl calls to the i915 garphics driver that allow overwrite of CR2 register in kernel space triggering a NULL pointer dereference.


Bitcoin Core bitcoin-qt wallet.dat recoverable from .core dump

This exploit recovers wallet.dat's that were loaded at the time of a crash from bitcoin-qt .core crash dump files by grepping for a magic string at the beginning of the wallet, calculating the offset, then reconstructing the wallet.dat(s) with xxd.

You can’t perform that action at this time.