exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	79a4beaea4	DB: 2019-02-20 13 changes to exploits/shellcodes NetSetMan 4.7.1 - 'Workgroup' Denial of Service (PoC) Valentina Studio 9.0.4 - 'Host' Denial of Service (PoC) BulletProof FTP Server 2019.0.0.50 - 'SMTP Server' Denial of Service (PoC) MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 - File Permissions SYSTEM Privilege Escalation Find a Place CMS Directory 1.5 - 'assets/external/data_2.php cate' SQL Injection Listing Hub CMS 1.0 - 'pages.php id' SQL Injection Zuz Music 2.1 - 'zuzconsole/___contact ' Persistent Cross-Site Scripting eDirectory - SQL Injection XAMPP 5.6.8 - SQL Injection / Persistent Cross-Site Scripting Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal / Cross-Site Scripting Ask Expert Script 3.0.5 - Cross Site Scripting / SQL Injection Jenkins - Remote Code Execution	2019-02-20 05:01:54 +00:00
Offensive Security	cd868436ff	DB: 2019-02-19 25 changes to exploits/shellcodes Realterm Serial Terminal 2.0.0.70 - Denial of Service Realterm Serial Terminal 2.0.0.70 - Local Buffer Overflow (SEH) NBMonitor 1.6.5.0 - 'Key' Denial of Service (PoC) Oracle Java Runtime Environment - Heap Out-of-Bounds Read During OTF Font Rendering in glyph_CloseContour Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in OpenTypeLayoutEngine::adjustGlyphPositions Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in ExtractBitMap_blocClass Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::process mIRC < 7.55 - Remote Command Execution Using Argument Injection Through Custom URI Protocol Handlers qdPM 9.1 - 'type' Cross-Site Scripting qdPM 9.1 - 'search[keywords]' Cross-Site Scripting Master IP CAM 01 3.3.4.2103 - Remote Command Execution MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module CMSsite 1.0 - 'post' SQL Injection M/Monit 3.7.2 - Privilege Escalation Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload Apache CouchDB 2.3.0 - Cross-Site Scripting ArangoDB Community Edition 3.4.2-1 - Cross-Site Scripting Comodo Dome Firewall 2.7.0 - Cross-Site Scripting Zoho ManageEngine ServiceDesk Plus (SDP) < 10.0 build 10012 - Arbitrary File Upload WordPress Plugin WooCommerce - GloBee (cryptocurrency) Payment Gateway 1.1.1 - Payment Bypass / Unauthorized Order Status Spoofing macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes) macOS - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (129 bytes) macOS - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) macOS - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (123 bytes) macOS - execve(/bin/sh) + Null-Free Shellcode (31 bytes)	2019-02-19 05:02:08 +00:00
Offensive Security	d667cf901c	DB: 2019-02-06 11 changes to exploits/shellcodes Device Monitoring Studio 8.10.00.8925 - Denial of Service (PoC) River Past Audio Converter 7.7.16 - Denial of Service (PoC) ResourceSpace 8.6 - 'watched_searches.php' SQL Injection SuiteCRM 7.10.7 - 'parentTab' SQL Injection SuiteCRM 7.10.7 - 'record' SQL Injection ResourceSpace 8.6 - 'watched_searches.php' SQL Injection SuiteCRM 7.10.7 - 'parentTab' SQL Injection SuiteCRM 7.10.7 - 'record' SQL Injection BEWARD N100 H.264 VGA IP Camera M2.1.6 - RTSP Stream Disclosure BEWARD N100 H.264 VGA IP Camera M2.1.6 - Cross-Site Request Forgery (Add Admin) BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure devolo dLAN 550 duo+ Starter Kit - Cross-Site Request Forgery devolo dLAN 550 duo+ Starter Kit - Remote Code Execution Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery OpenMRS Platform < 2.24.0 - Insecure Object Deserialization Linux/x86 - Random Insertion Encoder and Decoder Shellcode (Generator)	2019-02-06 05:01:42 +00:00
Offensive Security	b68cbec24d	DB: 2019-01-29 26 changes to exploits/shellcodes Sricam gSOAP 2.8 - Denial of Service Smart VPN 1.1.3.0 - Denial of Service (PoC) MySQL User-Defined (Linux) x32 / x86_64 - sys_exec Function Local Privilege Escalation Easy Video to iPod Converter 1.6.20 - Buffer Overflow (SEH) R 3.4.4 XP SP3 - Buffer Overflow (Non SEH) BEWARD Intercom 2.3.1 - Credentials Disclosure Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH)(DEP Bypass) CloudMe Sync 1.11.2 Buffer Overflow - WoW64 - (DEP Bypass) Rundeck Community Edition < 3.0.13 - Persistent Cross-Site Scripting WordPress Plugin Ad Manager WD 1.0.11 - Arbitrary File Download AirTies Air5341 Modem 1.0.0.12 - Cross-Site Request Forgery LogonBox Limited / Hypersocket Nervepoint Access Manager - Unauthenticated Insecure Direct Object Reference CMSsite 1.0 - 'cat_id' SQL Injection CMSsite 1.0 - 'search' SQL Injection Cisco RV300 / RV320 - Information Disclosure Cisco Firepower Management Center 6.2.2.2 / 6.2.3 - Cross-Site Scripting Newsbull Haber Script 1.0.0 - 'search' SQL Injection Care2x 2.7 (HIS) Hospital Information System - Multiple SQL Injection Teameyo Project Management System 1.0 - SQL Injection Mess Management System 1.0 - SQL Injection MyBB IP History Logs Plugin 1.0.2 - Cross-Site Scripting ResourceSpace 8.6 - 'collection_edit.php' SQL Injection Linux/x86 - exit(0) Shellcode (5 bytes) Linux/x86 - Read /etc/passwd Shellcode (58 Bytes) (2) Linux/ARM - Reverse TCP (/bin/sh) - 192.168.1.124:4321 Shellcode (64 bytes) Linux/ARM - Bind TCP (/bin/sh)-0.0.0.0:4321 Null Free Shellcode (84 bytes)	2019-01-29 05:01:52 +00:00
Offensive Security	7cc86c322f	DB: 2018-12-01 8 changes to exploits/shellcodes Linux Kernel 4.8 (Ubuntu 16.04) - Leak sctp Kernel Pointer VBScript - 'OLEAUT32!VariantClear' and 'scrrun!VBADictionary::put_Item' Use-After-Free VBScript - 'rtFilter' Out-of-Bounds Read HTML5 Video Player 1.2.5 - Buffer Overflow (Metasploit) xorg-x11-server < 1.20.3 - 'modulepath' Local Privilege Escalation Apache Spark - Unauthenticated Command Execution (Metasploit) Schneider Electric PLC - Session Calculation Authentication Bypass Synaccess netBooter NP-02x/NP-08x 6.8 - Authentication Bypass	2018-12-01 05:01:40 +00:00
Offensive Security	1d25aee539	DB: 2018-11-15 15 changes to exploits/shellcodes AMPPS 2.7 - Denial of Service (PoC) Bosch Video Management System 8.0 - Configuration Client Denial of Service (PoC) ntpd 4.2.8p10 - Out-of-Bounds Read (PoC) SwitchVPN for macOS 2.1012.03 - Privilege Escalation Atlassian Jira - Authenticated Upload Code Execution (Metasploit) iServiceOnline 1.0 - 'r' SQL Injection Helpdezk 1.1.1 - 'query' SQL Injection Electricks eCommerce 1.0 - Cross-Site Request Forgery (Change Admin Password) EdTv 2 - 'id' SQL Injection Dell OpenManage Network Manager 6.2.0.51 SP3 - Multiple Vulnerabilities Advanced Comment System 1.0 - SQL Injection Rmedia SMS 1.0 - SQL Injection Pedidos 1.0 - SQL Injection Electricks eCommerce 1.0 - Persistent Cross-Site Scripting DoceboLMS 1.2 - SQL Injection / Arbitrary File Upload	2018-11-15 05:01:40 +00:00
Offensive Security	dac8dd4731	DB: 2018-10-25 15 changes to exploits/shellcodes Adult Filter 1.0 - Denial of Service (PoC) Microsoft Data Sharing - Local Privilege Escalation (PoC) Webmin 1.5 - Web Brute Force (CGI) exim 4.90 - Remote Code Execution School ERP Pro+Responsive 1.0 - 'fid' SQL Injection SIM-PKH 2.4.1 - 'id' SQL Injection MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection School ERP Pro+Responsive 1.0 - 'fid' SQL Injection SIM-PKH 2.4.1 - 'id' SQL Injection MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection SG ERP 1.0 - 'info' SQL Injection Fifa Master XLS 2.3.2 - 'usw' SQL Injection Axioscloud Sissiweb Registro Elettronico 7.0.0 - 'Error_desc' Cross-Site Scripting LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting Apache OFBiz 16.11.04 - XML External Entity Injection D-Link Routers - Command Injection D-Link Routers - Plaintext Password D-Link Routers - Directory Traversal Linux/x86 - execve(/bin/cat /etc/ssh/sshd_config) Shellcode 44 Bytes	2018-10-25 05:01:46 +00:00
Offensive Security	defa138d04	DB: 2018-10-23 17 changes to exploits/shellcodes Modbus Poll 7.2.2 - Denial of Service (PoC) AudaCity 2.3 - Denial of Service (PoC) Apple Intel GPU Driver - Use-After-Free/Double-Delete due to bad Locking Apple iOS/macOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem Apple iOS - Kernel Stack Memory Disclosure due to Failure to Check copyin Return Value Apple iOS/macOS - Sandbox Escape due to mach Message sent from Shared Memory Apple iOS/macOS - Kernel Memory Corruption due to Integer Overflow in IOHIDResourceQueue::enqueueReport Apple iOS Kernel - Use-After-Free due to bad Error Handling in Personas Windows - SetImeInfoEx Win32k NULL Pointer Dereference (Metasploit) Countly - Persistent Cross-Site Scripting Countly - Cross-Site Scripting MySQL Edit Table 1.0 - 'id' SQL Injection School ERP Ultimate 2018 - Arbitrary File Download Oracle Siebel CRM 8.1.1 - CSV Injection The Open ISES Project 3.30A - 'tick_lat' SQL Injection School ERP Ultimate 2018 - 'fid' SQL Injection eNdonesia Portal 8.7 - 'artid' SQL Injection The Open ISES Project 3.30A - Arbitrary File Download Viva Visitor & Volunteer ID Tracking 0.95.1 - 'fname' SQL Injection	2018-10-23 05:01:48 +00:00
Offensive Security	716ece3cc6	DB: 2018-10-02 13 changes to exploits/shellcodes Snes9K 0.0.9z - Denial of Service (PoC) Zahir Enterprise Plus 6 build 10b - Buffer Overflow (SEH) Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation H2 Database 1.4.196 - Remote Code Execution ManageEngine AssetExplorer 6.2.0 - Cross-Site Scripting Fork CMS 5.4.0 - Cross-Site Scripting Hotel Booking Engine 1.0 - 'h_room_type' SQL Injection Education Website 1.0 - 'subject' SQL Injection Singleleg MLM Software 1.0 - 'msg_id' SQL Injection Binary MLM Software 1.0 - 'pid' SQL Injection Flippa Marketplace Clone 1.0 - 'date_started' SQL Injection WUZHICMS 2.0 - Cross-Site Scripting Billion ADSL Router 400G 20151105641 - Cross-Site Scripting	2018-10-02 05:01:58 +00:00
Offensive Security	91ac09507e	DB: 2018-09-28 4 changes to exploits/shellcodes EE 4GEE Mini EE40_00_02.00_44 - Privilege Escalation iWay Data Quality Suite Web Console 10.6.1.ga - XML External Entity Injection ManageEngine Desktop Central 10.0.271 - Cross-Site Scripting Rausoft ID.prove 2.95 - 'Username' SQL injection Linux/x86 - Bind (5555/TCP) Shell Shellcode (98 bytes) Linux/x86 - Bind (5555/TCP) Shell (/bin/sh) Shellcode (98 bytes)	2018-09-28 05:01:59 +00:00
Offensive Security	ed0e1e4d44	DB: 2018-09-25 1979 changes to exploits/shellcodes Couchdb 1.5.0 - 'uuids' Denial of Service Apache CouchDB 1.5.0 - 'uuids' Denial of Service Beyond Remote 2.2.5.3 - Denial of Service (PoC) udisks2 2.8.0 - Denial of Service (PoC) Termite 3.4 - Denial of Service (PoC) SoftX FTP Client 3.3 - Denial of Service (PoC) Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection Silverstripe CMS 3.0.2 - Multiple Vulnerabilities SilverStripe CMS 3.0.2 - Multiple Vulnerabilities Silverstripe CMS 2.4 - File Renaming Security Bypass SilverStripe CMS 2.4 - File Renaming Security Bypass Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload Silverstripe CMS 2.4.x - 'BackURL' Open Redirection SilverStripe CMS 2.4.x - 'BackURL' Open Redirection Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure Silverstripe CMS - Multiple HTML Injection Vulnerabilities SilverStripe CMS - Multiple HTML Injection Vulnerabilities Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation Monstra CMS before 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (2) Monstra CMS < 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (1) Navigate CMS 2.8 - Cross-Site Scripting Collectric CMU 1.0 - 'lang' SQL injection Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection LG SuperSign EZ CMS 2.5 - Remote Code Execution MyBB Visual Editor 1.8.18 - Cross-Site Scripting Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection RICOH Aficio MP 301 Printer - Cross-Site Scripting Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection RICOH MP C6003 Printer - Cross-Site Scripting Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes) Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)	2018-09-25 05:01:51 +00:00
Offensive Security	f1d68507cd	DB: 2018-09-18 7 changes to exploits/shellcodes XAMPP Control Panel 3.2.2 - Denial of Service (PoC) Notebook Pro 2.0 - Denial Of Service (PoC) Oracle VirtualBox Manager 5.2.18 r124319 - 'Name Attribute' Denial of Service (PoC) Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service (PoC) CA Release Automation NiMi 6.5 - Remote Command Execution Gitweb 1.7.3.3 - Cross-Site Scripting gitWeb 1.7.3.3 - Cross-Site Scripting Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection Linux/x86 - Add User(r00t/blank) Polymorphic Shellcode (103 bytes) Linux/x86 - Read File (/etc/passwd) MSF Optimized Shellcode (61 bytes) Linux/86 - File Modification(/etc/hosts) Polymorphic Shellcode (99 bytes) Linux/x86 - Random Bytewise XOR + Insertion Encoder Shellcode (54 bytes) Linux/x86 - Add Root User (r00t/blank) + Polymorphic Shellcode (103 bytes) Linux/x86 - Read File (/etc/passwd) + MSF Optimized Shellcode (61 bytes) Linux/86 - File Modification (/etc/hosts 127.1.1.1 google.com) + Polymorphic Shellcode (99 bytes) Linux/x86 - echo _Hello World_ + Random Bytewise XOR + Insertion Encoder Shellcode (54 bytes)	2018-09-18 05:01:45 +00:00
Offensive Security	32f471140a	DB: 2018-09-06 18 changes to exploits/shellcodes Microsoft people 10.1807.2131.0 - Denial of service (PoC) GNU glibc < 2.27 - Local Buffer Overflow UltraISO 9.7.1.3519 - Buffer Overflow (SEH) JBoss 4.2.x/4.3.x - Information Disclosure Git < 2.17.1 - Remote Code Execution FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution FTPShell Server 6.80 - 'Add Account Name' Buffer Overflow (SEH) Monstra CMS 3.0.4 - Remote Code Execution OpenDaylight - SQL Injection Tenda ADSL Router D152 - Cross-Site Scripting Pivotal Spring Java Framework < 5.0 - Remote Code Execution	2018-09-06 05:01:55 +00:00
Offensive Security	e5c23cdd53	DB: 2018-08-13 4 changes to exploits/shellcodes LG NAS 3718.510.a0 - Remote Command Execution Monstra 3.0.4 - Cross-Site Scripting Wavemaker Studio 6.6 - Server-Side Request Forgery Monstra-Dev 3.0.4 - Cross-Site Request Forgery(Account Hijacking)	2018-08-13 05:01:45 +00:00
Offensive Security	addac3a875	DB: 2018-08-07 9 changes to exploits/shellcodes mySCADA myPRO 7 - Hard-Coded Credentials Cela Link CLR-M20 2.7.1.6 - Arbitrary File Upload Open-AudIT Community 2.2.6 - Cross-Site Scripting Subrion CMS 4.2.1 - Cross-Site Scripting LAMS < 3.1 - Cross-Site Scripting onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin) CMS ISWEB 3.5.3 - Directory Traversal Monstra 3.0.4 - Cross-Site Scripting	2018-08-07 05:01:44 +00:00
Offensive Security	a657b64301	DB: 2018-07-17 7 changes to exploits/shellcodes macOS/iOS - JavaScript Injection Bug in OfficeImporter Linux/Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass Microsoft Enterprise Mode Site List Manager - XML External Entity Injection Hadoop YARN ResourceManager - Unauthenticated Command Execution (Metasploit) Hadoop YARN ResourceManager - Command Execution (Metasploit) VelotiSmart WiFi B-380 Camera - Directory Traversal Fortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection WordPress Plugin Job Manager 4.1.0 - Cross-Site Scripting Linux/ARM - Bind (1234/TCP) Shell (/bin/sh) Shellcode (104 bytes)	2018-07-17 05:01:49 +00:00
Offensive Security	b374aca9a3	DB: 2018-07-14 10 changes to exploits/shellcodes G DATA Total Security 25.4.0.3 - Activex Buffer Overflow Microsoft Windows - POP/MOV SS Local Privilege Elevation (Metasploit) HID discoveryd - 'command_blink_on' Unauthenticated Remote Code Execution (Metasploit) HID discoveryd - 'command_blink_on' Remote Code Execution (Metasploit) IBM QRadar SIEM - Unauthenticated Remote Code Execution (Metasploit) IBM QRadar SIEM - Remote Code Execution (Metasploit) Manage Engine Exchange Reporter Plus - Remote Code Execution (Metasploit) Apache CouchDB - Arbitrary Command Execution (Metasploit) phpMyAdmin - (Authenticated) Remote Code Execution (Metasploit) Hadoop YARN ResourceManager - Unauthenticated Command Execution (Metasploit) Dolibarr 3.2.0 < Alpha - File Inclusion Dolibarr ERP/CRM 3.2.0 < Alpha - File Inclusion Dolibarr ERP/CRM - OS Command Injection Dolibarr ERP/CRM < 3.2.0 / < 3.1.1 - OS Command Injection Dolibarr ERP/CMS 3.4.0 - 'exportcsv.php?sondage' SQL Injection Dolibarr ERP/CRM 3.4.0 - 'exportcsv.php?sondage' SQL Injection Dolibarr CMS 3.5.3 - Multiple Vulnerabilities Dolibarr ERP/CRM 3.5.3 - Multiple Vulnerabilities Dolibarr CMS 3.0 - Local File Inclusion / Cross-Site Scripting Dolibarr ERP/CRM 3.0 - Local File Inclusion / Cross-Site Scripting Dolibarr ERP/CRM - '/user/index.php' Multiple SQL Injections Dolibarr ERP/CRM - '/user/info.php?id' SQL Injection Dolibarr ERP/CRM - '/admin/boxes.php?rowid' SQL Injection Dolibarr ERP/CRM 3.1.0 - '/user/index.php' Multiple SQL Injections Dolibarr ERP/CRM 3.1.0 - '/user/info.php?id' SQL Injection Dolibarr ERP/CRM 3.1.0 - '/admin/boxes.php?rowid' SQL Injection Dolibarr CMS 3.x - '/adherents/fiche.php' SQL Injection Dolibarr ERP/CRM 3.x - '/adherents/fiche.php' SQL Injection Dolibarr CMS 3.2 Alpha - Multiple Directory Traversal Vulnerabilities Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities Dolibarr 7.0.0 - SQL Injection Dolibarr ERP/CRM 7.0.0 - (Authenticated) SQL Injection Dolibarr ERP CRM < 7.0.3 - PHP Code Injection Dolibarr ERP/CRM < 7.0.3 - PHP Code Injection ManageEngine Exchange Reporter Plus < Build 5311 - Remote Code Execution WAGO e!DISPLAY 7300T - Multiple Vulnerabilities QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities Zeta Producer Desktop CMS 14.2.0 - Remote Code Execution / Local File Disclosure Grundig Smart Inter@ctive 3.0 - Cross-Site Request Forgery	2018-07-14 05:01:50 +00:00
Offensive Security	d659af98fd	DB: 2018-07-05 5 changes to exploits/shellcodes ManageEngine Exchange Reporter Plus < Build 5311 - Remote Code Execution CMS Made Simple 2.2.5 - Remote Code Execution Online Trade - Information Disclosure ShopNx - Arbitrary File Upload	2018-07-05 05:01:52 +00:00
Offensive Security	2c912f897c	DB: 2018-06-27 3 changes to exploits/shellcodes PoDoFo 0.9.5 - Buffer Overflow Liferay Portal < 7.0.4 - Server-Side Request Forgery	2018-06-27 05:01:48 +00:00
Offensive Security	ac267cb298	DB: 2018-06-21 11 changes to exploits/shellcodes Redis 5.0 - Denial of Service ntp 4.2.8p11 - Local Buffer Overflow (PoC) Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation Windows 10 - Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix Privilege Escalation Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution Mirasys DVMS Workstation 5.12.6 - Path Traversal MaDDash 2.0.2 - Directory Listing NewMark CMS 2.1 - 'sec_id' SQL Injection TP-Link TL-WA850RE - Remote Command Execution Apache CouchDB < 2.1.0 - Remote Code Execution IPConfigure Orchid VMS 2.0.5 - Directory Traversal Information Disclosure (Metasploit) VideoInsight WebClient 5 - SQL Injection	2018-06-21 05:01:44 +00:00
Offensive Security	61159b7f3e	DB: 2018-06-05 5 changes to exploits/shellcodes R 3.4.4 - Local Buffer Overflow RGui 3.4.4 - Local Buffer Overflow Zip-n-Go 4.9 - Buffer Overflow (SEH) Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit) CyberArk < 10 - Memory Disclosure GreenCMS 2.3.0603 - Cross-Site Request Forgery / Remote Code Execution GreenCMS 2.3.0603 - Cross-Site Request Forgery (Add Admin) GreenCMS 2.3.0603 - Cross-Site Request Forgery / Remote Code Execution GreenCMS 2.3.0603 - Cross-Site Request Forgery (Add Admin) SearchBlox 8.6.7 - XML External Entity Injection EMS Master Calendar < 8.0.0.20180520 - Reflected Cross-Site Scripting	2018-06-05 05:01:52 +00:00
Offensive Security	89ee92def8	DB: 2018-05-31 6 changes to exploits/shellcodes Siemens SIMATIC S7-300 CPU - Remote Denial of Service Procps-ng - Multiple Vulnerabilities SearchBlox 8.6.6 - Cross-Site Request Forgery Yosoro 1.0.4 - Remote Code Execution MachForm < 4.2.3 - SQL Injection / Path Traversal / Upload Bypass Dolibarr 7.0.0 - SQL Injection	2018-05-31 05:01:44 +00:00
Offensive Security	96e4f1686b	DB: 2018-05-30 9 changes to exploits/shellcodes GNU Barcode 0.99 - Buffer Overflow GNU Barcode 0.99 - Memory Leak IssueTrak 7.0 - SQL Injection Sitemakin SLAC 1.0 - 'my_item_search' SQL Injection NUUO NVRmini2 / NVRsolo - Arbitrary File Upload MyBB ChangUonDyU Plugin 1.0.2 - Cross-Site Scripting Pivotal Spring Java Framework < 5.0 - Remote Code Execution Facebook Clone Script 1.0.5 - 'search' SQL Injection Facebook Clone Script 1.0.5 - Cross-Site Request Forgery	2018-05-30 05:01:46 +00:00
Offensive Security	c0126aa27f	DB: 2018-05-25 16 changes to exploits/shellcodes DynoRoot DHCP - Client Command Injection DynoRoot DHCP Client - Command Injection Microsoft Internet Explorer 11 (Windows 7 x64/x86) - vbscript Code Execution Flash ActiveX 18.0.0.194 - Code Execution Microsoft Internet Explorer 11 - javascript Code Execution Flash ActiveX 28.0.0.137 - Code Execution (1) Flash ActiveX 28.0.0.137 - Code Execution (2) GNU glibc < 2.27 - Local Buffer Overflow NewsBee CMS 1.4 - Cross-Site Request Forgery ASP.NET jVideo Kit - 'query' SQL Injection PaulNews 1.0 - 'keyword' SQL Injection / Cross-Site Scripting OpenDaylight - SQL Injection Timber 1.1 - Cross-Site Request Forgery Honeywell XL Web Controller - Cross-Site Scripting EU MRV Regulatory Complete Solution 1 - Authentication Bypass Linux/x86 - Reverse (10.10.2.4:4444/TCP) Shell Shellcode (68 bytes) Linux/x86 - Reverse (10.0.7.17:4444/TCP) Shell (/bin/sh) Shellcode (101 Bytes)	2018-05-25 05:01:45 +00:00
Offensive Security	7bbc323854	DB: 2018-05-23 20 changes to exploits/shellcodes Siemens SIMATIC S7-1500 CPU - Remote Denial of Service Microsoft Edge Chakra JIT - Magic Value Type Confusion AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass Dell EMC RecoverPoint boxmgmt CLI < 5.1.2 - Arbitrary File Read MakeMyTrip 7.2.4 - Information Disclosure Linux 4.4.0 < 4.4.0-53 - AF_PACKET chocobo_root Privilege Escalation (Metasploit) Microsoft Windows - 'POP/MOV SS' Privilege Escalation Multiplayer BlackJack Online Casino Game 2.5 - Persistent Cross-Site Scripting Multiplayer BlackJack Online Casino Game 2.5 - Cross-Site Scripting Zechat 1.5 - SQL Injection / Cross-Site Request Forgery Healwire Online Pharmacy 3.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Healwire Online Pharmacy 3.0 - Cross-Site Scripting / Cross-Site Request Forgery Private Message PHP Script 2.0 - Persistent Cross-Site Scripting Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Private Message PHP Script 2.0 - Cross-Site Scripting Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Cross-Site Scripting / Cross-Site Request Forgery ManageEngine Recovery Manager Plus 5.3 - Persistent Cross-Site Scripting ManageEngine Recovery Manager Plus 5.3 - Cross-Site Scripting Auto Dealership & Vehicle Showroom WebSys 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Admin Panel Authentication Bypass Auto Dealership & Vehicle Showroom WebSys 1.0 - Multiple Vulnerabilities Model Agency Media House & Model Gallery 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Authentication Bypass Wchat PHP AJAX Chat Script 1.5 - Persistent Cross-Site Scripting Model Agency Media House & Model Gallery 1.0 - Multiple Vulnerabilities Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting Nordex N149/4.0-4.5 - SQL Injection WebSocket Live Chat - Cross-Site Scripting Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting PaulPrinting CMS Printing 1.0 - SQL Injection iSocial 1.2.0 - Cross-Site Scripting / Cross-Site Request Forgery ERPnext 11 - Cross-Site Scripting NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection Auto Car 1.2 - 'car_title' SQL Injection / Cross-Site Scripting NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection Feedy RSS News Ticker 2.0 - 'cat' SQL Injection NewsBee CMS 1.4 - 'download.php' SQL Injection Easy File Uploader 1.7 - SQL Injection / Cross-Site Scripting	2018-05-23 05:01:45 +00:00
Offensive Security	08c35595ed	DB: 2018-05-22 23 changes to exploits/shellcodes Linux 2.6.30 < 2.6.36-rc8 - Reliable Datagram Sockets (RDS) Privilege Escalation (Metasploit) R 3.4.4 - Local Buffer Overflow (DEP Bypass) KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection Adobe Enterprise Manager (AEM) < 6.3 - Remote Code Execution Superfood 1.0 - Multiple Vulnerabilities Private Message PHP Script 2.0 - Persistent Cross-Site Scripting Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Zenar Content Management System - Cross-Site Scripting GitBucket 4.23.1 - Remote Code Execution ManageEngine Recovery Manager Plus 5.3 - Persistent Cross-Site Scripting Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery Teradek VidiU Pro 3.0.3 - Cross-Site Request Forgery Teradek VidiU Pro 3.0.3 - Server-Side Request Forgery Teradek Cube 7.3.6 - Cross-Site Request Forgery Teradek Slice 7.3.15 - Cross-Site Request Forgery Schneider Electric PLCs - Cross-Site Request Forgery Auto Dealership & Vehicle Showroom WebSys 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Admin Panel Authentication Bypass Merge PACS 7.0 - Cross-Site Request Forgery Model Agency Media House & Model Gallery 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Authentication Bypass Wchat PHP AJAX Chat Script 1.5 - Persistent Cross-Site Scripting	2018-05-22 05:01:47 +00:00
Offensive Security	1873a7d234	DB: 2018-05-17 12 changes to exploits/shellcodes WhatsApp 2.18.31 - Memory Corruption Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation Libuser - roothelper Privilege Escalation (Metasploit) Inteno IOPSYS 2.0 - 4.2.0 p910nd - Remote Command Execution MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery VirtueMart 3.1.14 - Persistent Cross-Site Scripting Rockwell Scada System 27.011 - Cross-Site Scripting Multiplayer BlackJack Online Casino Game 2.5 - Persistent Cross-Site Scripting Horse Market Sell & Rent Portal Script 1.5.7 - Cross-Site Request Forgery totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery WordPress Plugin Metronet Tag Manager 1.2.7 - Cross-Site Request Forgery RSA Authentication Manager 8.2.1.4.0-build1394922 / < 8.3 P1 - XML External Entity Injection / Cross-Site Flashing / DOM Cross-Site Scripting	2018-05-17 05:01:47 +00:00
Offensive Security	e7bb9d2985	DB: 2018-05-11 7 changes to exploits/shellcodes Dell Touchpad - 'ApMsgFwd.exe' Denial of Service Mantis 1.1.3 - manage_proj_page PHP Code Execution (Metasploit) Fastweb FASTGate 0.00.47 - Cross-site Request Forgery ModbusPal 1.6b - XML External Entity Injection MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting Linux/x86 - Read /etc/passwd Shellcode (62 bytes)	2018-05-11 05:01:46 +00:00
Offensive Security	c249d94cb7	DB: 2018-04-25 28 changes to exploits/shellcodes gif2apng 1.9 - '.gif' Stack Buffer Overflow VLC Media Player/Kodi/PopcornTime 'Red Chimera' < 2.2.5 - Memory Corruption (PoC) Kaspersky KSN for Linux 5.2 - Memory Corruption Microsoft (Win 10) Internet Explorer 11.371.16299.0 - Denial Of Service Adobe Flash - Overflow when Playing Sound Adobe Flash - Overflow in Slab Rendering Adobe Flash - Info Leak in Image Inflation Adobe Flash - Out-of-Bounds Write in blur Filtering Chrome V8 JIT - 'NodeProperties::InferReceiverMaps' Type Confusion R 3.4.4 - Local Buffer Overflow Allok Video to DVD Burner 2.6.1217 - Buffer Overflow (SEH) lastore-daemon D-Bus - Privilege Escalation (Metasploit) Easy File Sharing Web Server 7.2 - 'UserID' Remote Buffer Overflow (DEP Bypass) ASUS infosvr - Auth Bypass Command Execution (Metasploit) UK Cookie Consent - Persistent Cross-Site Scripting WUZHI CMS 4.1.0 - Cross-Site Request Forgery Open-AudIT 2.1 - CSV Macro Injection Monstra CMS 3.0.4 - Arbitrary Folder Deletion Interspire Email Marketer < 6.1.6 - Remote Admin Authentication Bypass Ericsson-LG iPECS NMS A.1Ac - Cleartext Credential Disclosure WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion WSO2 Carbon / WSO2 Dashboard Server 5.3.0 - Persistent Cross-Site Scripting Linux/x86 - Bind TCP (1337/TCP) Shell + Null-Free Shellcode (92 bytes) Linux/x86 - Edit /etc/sudoers with NOPASSWD for ALL Shellcode Linux/x86 - Reverse TCP (5555/TCP) Shellcode - (73 Bytes) Linux/x86 - chmod 4755 /bin/dash Shellcode (33 bytes) Linux/x86 - cp /bin/sh /tmp/sh; chmod +s /tmp/sh Shellcode (74 bytes) Linux/x86 - execve /bin/sh Shellcode Encoded with ROT-13 + RShift-2 + XOR Encoded (44 bytes)	2018-04-25 05:01:39 +00:00
Offensive Security	c91cad5a90	DB: 2018-04-10 19 changes to exploits/shellcodes WebKit - WebAssembly Parsing Does not Correctly Check Section Order CyberArk Password Vault < 9.7 / < 10 - Memory Disclosure H2 Database - 'Alias' Arbitrary Code Execution GoldWave 5.70 - Local Buffer Overflow (SEH Unicode) PMS 0.42 - Local Stack-Based Overflow (ROP) Unitrends UEB 10.0 - Unauthenticated Root Remote Code Execution WolfCMS 0.8.3.1 - Cross Site Request Forgery Cobub Razor 0.7.2 - Add New Superuser Account MyBB Plugin Recent Threads On Index - Cross-Site Scripting WolfCMS 0.8.3.1 - Open Redirection Yahei PHP Prober 0.4.7 - Cross-Site Scripting WordPress Plugin Simple Fields 0.2 - 0.3.5 - Local/Remote File Inclusion / Remote Code Execution CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Execution KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection KYOCERA Net Admin 3.4 - Cross Site Request Forgery - Add Admin Exploit Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution WooCommerce CSV-Importer-Plugin 3.3.6 - Remote Code Execution iScripts SonicBB 1.0 - Reflected Cross-Site Scripting WordPress Plugin Google Drive 2.2 - Remote Code Execution	2018-04-10 05:01:53 +00:00
Offensive Security	80a6e65803	DB: 2018-03-16 3 changes to exploits/shellcodes WordPress Plugin Duplicator 1.2.32 - Cross-Site Scripting Spring Data REST < 2.6.9 (Ingalls SR9)_ 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution	2018-03-16 05:01:48 +00:00
Offensive Security	3f6d16d5c3	DB: 2018-03-13 8 changes to exploits/shellcodes Sony Playstation 4 (PS4) 1.76 - 'dlclose' Linux Loader Sony Playstation 4 (PS4) 1.76 - 'dlclose' Linux Kernel Loader SC 7.16 - Stack-Based Buffer Overflow DEWESoft X3 SP1 (64-bit) - Remote Command Execution Eclipse Equinoxe OSGi Console - Command Execution (Metasploit) ManageEngine Applications Manager 13.5 - Remote Code Execution (Metasploit) Prisma Industriale Checkweigher PrismaWEB 1.21 - Hard-Coded Credentials TextPattern 4.6.2 - 'qty' SQL Injection Advantech WebAccess < 8.3 - Directory Traversal / Remote Code Execution ACL Analytics 11.X - 13.0.0.579 - Arbitrary Code Execution	2018-03-13 05:01:46 +00:00
Offensive Security	a2480f5b98	DB: 2018-03-08 2 changes to exploits/shellcodes Redaxo CMS Addon MyEvents 2.2.1 - SQL Injection antMan 0.9.0c - Authentication Bypass	2018-03-08 05:01:46 +00:00
Offensive Security	7b401481a2	DB: 2018-02-13 7 changes to exploits/shellcodes Juju-run Agent - Privilege Escalation (Metasploit) glibc - '$ORIGIN' Expansion Privilege Escalation (Metasploit) glibc - 'LD_AUDIT' Arbitrary DSO Load Privilege Escalation (Metasploit) LibreOffice < 6.0.1 - '=WEBSERVICE' Remote Arbitrary File Disclosure LogicalDOC Enterprise 7.7.4 - Directory Traversal LogicalDOC Enterprise 7.7.4 - User Enumeration LogicalDOC Enterprise 7.7.4 - Root Remote Code Execution	2018-02-13 05:01:51 +00:00
Offensive Security	995a8906f1	DB: 2018-01-22 27 changes to exploits/shellcodes Oracle JDeveloper 11.1.x/12.x - Directory Traversal Shopware 5.2.5/5.3 - Cross-Site Scripting CentOS Web Panel 0.9.8.12 - Multiple Vulnerabilities PHPFreeChat 1.7 - Denial of Service OTRS 5.0.x/6.0.x - Remote Command Execution DarkComet (C2 Server) - File Upload BSDi/x86 - execve(/bin/sh) Shellcode (45 bytes) BSDi/x86 - execve(/bin/sh) Shellcode (46 bytes) BSDi/x86 - execve(/bin/sh) Shellcode (45 bytes) BSDi/x86 - execve(/bin/sh) Shellcode (46 bytes) FreeBSD x86 / x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes) Cisco IOS - New TTY + Privilege Level To 15 + Reverse (21/TCP) Virtual Terminal Shell Shellcode Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes) Cisco IOS - New TTY + Privilege Level To 15 + No Password Shellcode HP-UX - execve(/bin/sh) Shellcode (58 bytes) Cisco IOS - New TTY + Privilege Level To 15 + Reverse (21/TCP) Virtual Terminal Shell Shellcode Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes) Cisco IOS - New TTY + Privilege Level To 15 + No Password Shellcode HP-UX - execve(/bin/sh) Shellcode (58 bytes) Linux/x86 - execve(/bin/sh) + Re-Use Of Strings In .rodata Shellcode (16 bytes) Linux/x86 - execve(/bin/sh) + Re-Use Of Strings In .rodata Shellcode (16 bytes) Windows/x86 (XP SP2) (French) - cmd.exe Shellcode (32 bytes) Windows/x86 (XP SP2) (French) - cmd.exe Shellcode (32 bytes) Windows/x86 - PEB _Kernel32.dll_ ImageBase Finder + Alphanumeric Shellcode (67 bytes) Windows/x86 - PEB _Kernel32.dll_ ImageBase Finder + ASCII Printable Shellcode (49 bytes) Windows/x86 - Reverse Connection + Download A File + Save + Execute Shellcode Windows/x86 - PEB 'Kernel32.dll' ImageBase Finder + Alphanumeric Shellcode (67 bytes) Windows/x86 - PEB 'Kernel32.dll' ImageBase Finder + ASCII Printable Shellcode (49 bytes) Windows/x86 - Reverse TCP + Download A File + Save + Execute Shellcode Windows (9x/NT/2000/XP) - PEB method Shellcode (29 bytes) Windows (9x/NT/2000/XP) - PEB Method Shellcode (31 bytes) Windows (9x/NT/2000/XP) - PEB method Shellcode (35 bytes) Windows (9x/NT/2000/XP) - PEB Method Shellcode (29 bytes) Windows (9x/NT/2000/XP) - PEB Method Shellcode (31 bytes) Windows (9x/NT/2000/XP) - PEB Method Shellcode (35 bytes) Windows/x86 (XP SP2) (English / Arabic) - cmd.exe Shellcode (23 bytes) Windows/x86 (XP SP2) (English / Arabic) - cmd.exe Shellcode (23 bytes) Windows (XP Professional SP2) (English) - MessageBox + Null-Free Shellcode (16 bytes) Windows (XP Professional SP2) (English) - Wordpad + Null-Free Shellcode (12 bytes) Windows (XP Professional SP2) (English) - MessageBox + Null-Free Shellcode (16 bytes) Windows (XP Professional SP2) (English) - Wordpad.exe + Null-Free Shellcode (12 bytes) Windows/x86 (XP SP2) (French) - calc Shellcode (19 bytes) Windows/x86 (XP SP2) (French) - calc.exe Shellcode (19 bytes) Windows/x86 (XP SP3) (English) - cmd.exe Shellcode (26 bytes) Windows/x86 (XP SP3) (English) - cmd.exe Shellcode (26 bytes) Windows/x86 (XP SP2) - write.exe + ExitProcess WinExec Shellcode (16 bytes) Windows/x86 (XP SP2) - WinExec (write.exe) + ExitProcess Shellcode (16 bytes) Windows/x86 (XP SP3) (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes) Windows/x86 (XP SP3) (Russia) - WinExec(cmd.exe) + ExitProcess Shellcode (12 bytes) Linux/x86 - chmod 0777 /etc/shadow + sys_chmod syscall Shellcode (39 bytes) Linux/x86 - chmod 0777 /etc/shadow + sys_chmod syscall Shellcode (39 bytes) Windows/x86-64 (7) - cmd Shellcode (61 bytes) Windows/x86-64 (7) - cmd.exe Shellcode (61 bytes) Windows - cmd.exe + ExitProcess WinExec Shellcode (195 bytes) Windows - WinExec (cmd.exe) + ExitProcess Shellcode (195 bytes) Windows/ARM (Mobile 6.5 TR WinCE 5.2) - MessageBox Shellcode Windows/ARM (Mobile 6.5 TR WinCE 5.2) - MessageBox Shellcode Windows/x86 (XP Professional SP3) (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes) Windows/x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes) Windows/x86 (XP Professional SP3) (English) - Add Administrator User (secuid0/m0nk) Shellcode (113 bytes) Windows/x86 - Add Administrator User (secuid0/m0nk) Shellcode (326 bytes) Windows - Add Local Administrator User (RubberDuck/mudbath) + ExitProcess WinExec Shellcode (279 bytes) Windows - Add Administrator User (RubberDuck/mudbath) + ExitProcess WinExec Shellcode (279 bytes) Windows/x86-64 / x86 (2000/XP/7) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec + ExitProcess Shellcode Windows/x86-64 / x86 (2000/XP/7) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec() + ExitProcess Shellcode Windows/x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes) Windows/x86-64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes) Windows/x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + Stop Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes) Windows/x86-64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + Stop Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes) BSD / Linux / Windows x86/x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) BSD / Linux / Windows/x86-64/x86 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Linux/x86 - Reverse TCP (127.1.1.1:10) Xterm Shell Shellcode (68 bytes) Linux/x86 - Reverse TCP (127.1.1.1:10) Xterm Shell Shellcode (68 bytes) Linux/x86 - execve(/bin/sh_ -c_ ping localhost) Shellcode (55 bytes) Linux/x86 - execve(/bin/sh_ -c_ ping localhost) Shellcode (55 bytes) Linux/x86 - execve() Using JMP-FSTENV Shellcode (67 bytes) Linux/x86 - execve() Using JMP-FSTENV Shellcode (67 bytes) Linux/x86 - execve() + ROT-7 Shellcode (Encoder/Decoder) (74 bytes) Linux/x86 - execve() + ROT-7 Shellcode (Encoder/Decoder) (74 bytes) Windows/x86 - Create Admin User (X) Shellcode (304 bytes) Windows/x86 - Create Administrator User (X) Shellcode (304 bytes) Windows/x86 (XP Professional SP2) (English) - Wordpad Shellcode (15 bytes) Windows/x86 (XP Professional SP2) - calc Shellcode (57 bytes) Windows/x86 (XP Professional SP2) (English) - Wordpad.exe Shellcode (15 bytes) Windows/x86 (XP Professional SP2) - calc.exe Shellcode (57 bytes) Windows/x86 (XP SP3) (English) - calc Shellcode (16 bytes) Windows/x86 (XP SP3) (English) - calc.exe Shellcode (16 bytes) Windows/x86-64 - cmd.exe WinExec() Shellcode (93 bytes) Windows/x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes) Windows/x86-64 - WinExec(cmd.exe) Shellcode (93 bytes) Windows/x86 - Reverse UDP (www.example.com:4444/UDP) Keylogger Shellcode (493 bytes) Linux/x86-64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes) Linux/x86-64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes)	2018-01-22 05:01:45 +00:00
Offensive Security	8a2e4ff27a	DB: 2018-01-19 58 changes to exploits/shellcodes Smiths Medical Medfusion 4000 - 'DHCP' Denial of Service WebKit - 'WebCore::InputType::element' Use-After-Free WebKit - 'WebCore::InputType::element' Use-After-Free (1) WebKit - 'WebCore::InputType::element' Use-After-Free WebKit - 'WebCore::InputType::element' Use-After-Free (2) Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation (1) Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation (2) Rosoft Media Player 4.2.1 - Local Buffer Overflow Rosoft Media Player 4.2.1 (Windows XP SP2/3 French) - Local Buffer Overflow GNU Screen 4.5.0 - Local Privilege Escalation GNU Screen 4.5.0 - Local Privilege Escalation (PoC) glibc - 'getcwd()' Local Privilege Escalation JAD java Decompiler 1.5.8e - Local Buffer Overflow JAD Java Decompiler 1.5.8e - Local Buffer Overflow JAD Java Decompiler 1.5.8e - Local Buffer Overflow JAD Java Decompiler 1.5.8e - Local Buffer Overflow (NX Enabled) Ability Server 2.34 - Remote APPE Buffer Overflow Ability Server 2.34 - 'APPE' Remote Buffer Overflow CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit) CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit) (1) Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution (1) Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution (2) Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC) CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit) CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit) (2) Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow (1) Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow (2) Invision Power Board 2.0.3 - 'login.php' SQL Injection Invision Power Board 2.0.3 - 'login.php' SQL Injection (Tutorial) FOSS Gallery Public 1.0 - Arbitrary File Upload FOSS Gallery Public 1.0 - Arbitrary File Upload (PoC) Vastal I-Tech Agent Zone - SQL Injection Vastal I-Tech Agent Zone - 'view_listing.php' SQL Injection Netsweeper 4.0.8 - Authentication Bypass Netsweeper 4.0.8 - Authentication Bypass (via Disabling of IP Quarantine) Netsweeper 4.0.8 - Authentication Bypass Netsweeper 4.0.8 - Authentication Bypass (via New Profile Creation) Primefaces 5.x - Remote Code Execution (Metasploit) Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution (Metasploit) Trend Micro InterScan Messaging Security (Virtual Appliance) < 9.1.-1600 - Remote Code Execution (Metasploit) Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution (Metasploit) Trend Micro InterScan Messaging Security (Virtual Appliance) - 'Proxy.php' Remote Code Execution (Metasploit) Vastal I-Tech Agent Zone - SQL Injection Vastal I-Tech Agent Zone - 'searchCommercial.php' / 'searchResidential.php' SQL Injection BSDi/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (97 bytes) BSDi/x86 - execve(/bin/sh) + ToUpper Encoded Shellcode (97 bytes) FreeBSD/x86 - execve(/bin/cat /etc/master.passwd) Null-Free Shellcode (65 bytes) FreeBSD/x86 - execve(/bin/cat /etc/master.passwd) + Null-Free Shellcode (65 bytes) Linux/x86 - execve() Null-Free Shellcode (Generator) Linux/x86 - execve() + Null-Free Shellcode (Generator) Windows XP SP1 - Bind TCP Shell Shellcode (Generator) Windows (XP SP1) - Bind TCP Shell Shellcode (Generator) Linux/x86 - Command Generator Null-Free Shellcode (Generator) Linux/x86 - Command Generator + Null-Free Shellcode (Generator) (Generator) - HTTP/1.x Requests Shellcode (18+/26+ bytes) Windows x86 - Multi-Format Encoding Tool Shellcode (Generator) Linux/x86 - HTTP/1.x Requests Shellcode (18+/26+ bytes) (Generator) Windows/x86 - Multi-Format Encoding Tool Shellcode (Generator) Linux/x86 - PUSH reboot() Shellcode (30 bytes) Linux/x86 - Shellcode Obfuscator Null-Free (Generator) Linux/x86 - Reverse UDP tcpdump (54321/UDP) Live Packet Capture Shellcode (151 bytes) Linux/x86 - reboot() + PUSH Shellcode (30 bytes) Linux/x86 - Shellcode Obfuscator + Null-Free (Generator) Linux/x86 - Reverse UDP (54321/UDP) tcpdump Live Packet Capture Shellcode (151 bytes) Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Null-Free Shellcode (28 bytes) Linux/x86 - setuid(0) + execve(/bin/sh_0_0) + Null-Free Shellcode (28 bytes) Linux/x86 - Reverse Connection (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes) Linux/x86 - Reverse TCP (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes) Linux/x86 - execve() Read Shellcode (92 bytes) Linux/x86 - execve() + Read Shellcode (92 bytes) Linux/x86 - Download File (HTTP/1.x http://0xdeadbeef/A) + execve() Null-Free Shellcode (111+ bytes) Linux/x86 - setreuid + Executes Command Shellcode (49+ bytes) Linux/x86 - Download File (HTTP/1.x http://0xdeadbeef/A) + execve() + Null-Free Shellcode (111+ bytes) Linux/x86 - setreuid() + Executes Command Shellcode (49+ bytes) Linux/x86 - execve(/bin/sh) (Re-Use Of Strings In .rodata) Shellcode (16 bytes) Linux/x86 - execve(/bin/sh) + Re-Use Of Strings In .rodata Shellcode (16 bytes) Linux/x86 - execve() Diassembly Obfuscation Shellcode (32 bytes) Linux/x86 - execve() + Diassembly + Obfuscation Shellcode (32 bytes) Linux/x86 - TCP Proxy (192.168.1.16:1280/TCP) All Connect() Null-Free Shellcode (236 bytes) Linux/x86 - TCP Proxy (192.168.1.16:1280/TCP) All Connect() + Null-Free Shellcode (236 bytes) Linux/x86 (Intel x86 CPUID) - execve(/bin/sh) XORED Encoded Shellcode (41 bytes) Linux/x86 - execve(/bin/sh) Shellcode +1 Encoded (39 bytes) Linux/x86 (Intel x86 CPUID) - execve(/bin/sh) + XORED Encoded Shellcode (41 bytes) Linux/x86 - execve(/bin/sh) Shellcode + 1 Encoded (39 bytes) Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve(/bin/sh) Shellcode (39 bytes) Linux/x86 - execve(/bin/sh) + Anti-Debug Trick (INT 3h trap) Shellcode (39 bytes) Linux/x86 - Open CD-Rom Loop 24/7 (Follows /dev/cdrom Symlink) Shellcode (39 bytes) Linux/x86 - Eject CD-Rom Loop 24/7 (Follows /dev/cdrom Symlink) Shellcode (39 bytes) Linux/x86 - Quick (yet conditional_ eax != 0 and edx == 0) + exit() Shellcode (4 bytes) Linux/x86 - (eax != 0 and edx == 0) + exit() Shellcode (4 bytes) Linux/x86 - Snoop /dev/dsp Null-Free Shellcode (172 bytes) Linux/x86 - Snoop /dev/dsp + Null-Free Shellcode (172 bytes) Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (23 bytes) Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (27 bytes) Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (45 bytes) Linux/x86 - execve(/bin/sh) + sysenter Opcode Array Payload Shellcode (23 bytes) Linux/x86 - execve(/bin/sh) + sysenter Opcode Array Payload Shellcode (27 bytes) Linux/x86 - execve(/bin/sh) + sysenter Opcode Array Payload Shellcode (45 bytes) Linux/x86 - Alphanumeric Encoded (IMUL Method) Shellcode (88 bytes) Linux/x86 - Alphanumeric Encoded + IMUL Method Shellcode (88 bytes) Linux/IA32 - execve(/bin/sh) 0xff-Free Shellcode (45 bytes) Linux/IA32 - execve(/bin/sh) + 0xff-Free Shellcode (45 bytes) Linux/x86 - Reverse Telnet Shell (200.182.207.235) Shellcode (134 bytes) Linux/x86 - Reverse TCP (200.182.207.235/TCP) Telnet Shel Shellcode (134 bytes) Linux/x86 - execve(/bin/sh) XOR Encoded Shellcode (55 bytes) Linux/x86 - execve(/bin/sh) ToLower Encoded Shellcode (41 bytes) Linux/x86 - execve(/bin/sh) + XOR Encoded Shellcode (55 bytes) Linux/x86 - execve(/bin/sh) + ToLower Encoded Shellcode (41 bytes) Linux/x86 - execve(/bin/sh) ToLower Encoded Shellcode (55 bytes) Linux/x86 - execve(/bin/sh) + ToLower Encoded Shellcode (55 bytes) OSX/PPC - Reboot Shellcode (28 bytes) OSX/PPC - Reboot() Shellcode (28 bytes) Solaris/MIPS - Download (http://10.1.1.2:80/evil-dl) + Execute (/tmp/ff) Shellcode (278 bytes) Solaris/SPARC - setreuid + Executes Command Shellcode (92+ bytes) Solaris/MIPS - Download File (http://10.1.1.2:80/evil-dl) + Execute (/tmp/ff) Shellcode (278 bytes) Solaris/SPARC - setreuid() + Executes Command Shellcode (92+ bytes) Solaris/SPARC - setreuid + execve() Shellcode (56 bytes) Solaris/SPARC - setreuid() + execve() Shellcode (56 bytes) Solaris/x86 - setuid(0) + execve(/bin/sh) + exit(0) Null-Free Shellcode (39 bytes) Solaris/x86 - setuid(0) + execve(/bin/sh) + exit(0) + Null-Free Shellcode (39 bytes) Windows 5.0 < 7.0 x86 - Bind TCP (28876/TCP) Shell + Null-Free Shellcode Windows XP SP2 x86 (English) - cmd.exe Shellcode (23 bytes) Windows x86 - Egg Omelet SEH Shellcode Windows x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes) Windows x86 - PEB!NtGlobalFlags Shellcode (14 bytes) Windows XP SP2 x86 (French) - cmd.exe Shellcode (32 bytes) Windows XP SP2 x86 - cmd.exe Shellcode (57 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder + Alphanumeric Shellcode (67 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder (ASCII Printable) Shellcode (49 bytes) Windows x86 - Reverse Connection + Download A File + Save + Execute Shellcode Windows x86 - Download File + Execute Shellcode (Browsers Edition) (275+ bytes) (Generator) Windows x86 - Download File + Execute Shellcode (192 bytes) Windows x86 - Download File (http://127.0.0.1/file.exe) + Execute Shellcode (124 bytes) Windows NT/XP x86 - IsDebuggerPresent Shellcode (39 bytes) Windows SP1/SP2 x86 - Beep Shellcode (35 bytes) Windows XP SP2 x86 - MessageBox Shellcode (110 bytes) Windows x86 - Command WinExec() Shellcode (104+ bytes) Windows x86 - Download File (http://www.ph4nt0m.org/a.exe) + Execute (C:/a.exe) Shellcode (226+ bytes) Windows NT/2000/XP (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes) Windows 9x/NT/2000/XP - Reverse Generic without Loader (192.168.1.11:4919) Shellcode (249 bytes) Windows 9x/NT/2000/XP - PEB method Shellcode (29 bytes) Windows 9x/NT/2000/XP - PEB method Shellcode (31 bytes) Windows 9x/NT/2000/XP - PEB method Shellcode (35 bytes) Windows XP/2000/2003 - Reverse TCP (127.0.0.1:53/TCP) Shell Shellcode (275 bytes) (Generator) Windows XP/2000/2003 - Download File (http://127.0.0.1/test.exe) + Execute (%systemdir%/a.exe) Shellcode (241 bytes) Windows XP - Download File (http://www.elitehaven.net/ncat.exe) + Execute (nc.exe) Null-Free Shellcode Windows XP SP1 - Bind TCP (58821/TCP) Shell Shellcode (116 bytes) Windows/x86 (5.0 < 7.0) - Bind TCP (28876/TCP) Shell + Null-Free Shellcode Windows/x86 (XP SP2) (English) - cmd.exe Shellcode (23 bytes) Windows/x86 - Egg Omelet SEH Shellcode Windows/x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes) Windows/x86 - PEB!NtGlobalFlags Shellcode (14 bytes) Windows/x86 (XP SP2) (French) - cmd.exe Shellcode (32 bytes) Windows/x86 (XP SP2) - cmd.exe Shellcode (57 bytes) Windows/x86 - PEB _Kernel32.dll_ ImageBase Finder + Alphanumeric Shellcode (67 bytes) Windows/x86 - PEB _Kernel32.dll_ ImageBase Finder + ASCII Printable Shellcode (49 bytes) Windows/x86 - Reverse Connection + Download A File + Save + Execute Shellcode Windows/x86 - Download File + Execute Shellcode (Browsers Edition) (275+ bytes) (Generator) Windows/x86 - Download File + Execute Shellcode (192 bytes) Windows/x86 - Download File (http://127.0.0.1/file.exe) + Execute Shellcode (124 bytes) Windows/x86 (NT/XP) - IsDebuggerPresent Shellcode (39 bytes) Windows/x86 (SP1/SP2) - Beep Shellcode (35 bytes) Windows/x86 (XP SP2) - MessageBox Shellcode (110 bytes) Windows/x86 - Command WinExec() Shellcode (104+ bytes) Windows/x86 - Download File (http://www.ph4nt0m.org/a.exe) + Execute (C:/a.exe) Shellcode (226+ bytes) Windows (NT/2000/XP) (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes) Windows (9x/NT/2000/XP) - Reverse Generic Without Loader (192.168.1.11:4919) Shellcode (249 bytes) Windows (9x/NT/2000/XP) - PEB method Shellcode (29 bytes) Windows (9x/NT/2000/XP) - PEB Method Shellcode (31 bytes) Windows (9x/NT/2000/XP) - PEB method Shellcode (35 bytes) Windows (XP/2000/2003) - Reverse TCP (127.0.0.1:53/TCP) Shell Shellcode (275 bytes) (Generator) Windows (XP/2000/2003) - Download File (http://127.0.0.1/test.exe) + Execute (%systemdir%/a.exe) Shellcode (241 bytes) Windows (XP) - Download File (http://www.elitehaven.net/ncat.exe) + Execute (nc.exe) + Null-Free Shellcode Windows (XP SP1) - Bind TCP (58821/TCP) Shell Shellcode (116 bytes) Windows x64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe) + Execute Shellcode (218+ bytes) Windows/x86-64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe) + Execute Shellcode (218+ bytes) Linux/x86 - setuid(0) + execve(_/sbin/poweroff -f_) Shellcode (47 bytes) Linux/x86 - setuid(0) + execve(/sbin/poweroff -f) Shellcode (47 bytes) Windows XP SP2 - PEB ISbeingdebugged Beep Shellcode (56 bytes) Windows (XP SP2) - PEB ISbeingdebugged Beep Shellcode (56 bytes) Windows XP SP3 x86 - ShellExecuteA Shellcode Linux/x86 - setreuid (0_0) + execve(/bin/rm /etc/shadow) Shellcode Windows XP SP3 x86 - Add Firewall Rule (Allow 445/TCP) Traffic Shellcode Windows/x86 (XP SP3) - ShellExecuteA Shellcode Linux/x86 - setreuid(0_0) + execve(/bin/rm /etc/shadow) Shellcode Windows/x86 (XP SP3) - Add Firewall Rule (Allow 445/TCP) Shellcode Windows XP SP2 x86 - calc.exe Shellcode (45 bytes) Windows/x86 (XP SP2) - calc.exe Shellcode (45 bytes) Windows XP SP2 x86 (English / Arabic) - cmd.exe Shellcode (23 bytes) Windows/x86 (XP SP2) (English / Arabic) - cmd.exe Shellcode (23 bytes) Windows XP Professional SP2 (English) - MessageBox Null-Free Shellcode (16 bytes) Windows XP Professional SP2 (English) - Wordpad Null-Free Shellcode (12 bytes) Windows (XP Professional SP2) (English) - MessageBox + Null-Free Shellcode (16 bytes) Windows (XP Professional SP2) (English) - Wordpad + Null-Free Shellcode (12 bytes) Windows XP SP2 x86 (French) - calc Shellcode (19 bytes) Windows/x86 (XP SP2) (French) - calc Shellcode (19 bytes) Windows XP SP3 x86 (English) - cmd.exe Shellcode (26 bytes) Windows XP SP2 x86 (Turkish) - cmd.exe Shellcode (26 bytes) Windows/x86 (XP SP3) (English) - cmd.exe Shellcode (26 bytes) Windows/x86 (XP SP2) (Turkish) - cmd.exe Shellcode (26 bytes) Windows XP Home SP2 (English) - calc.exe Shellcode (37 bytes) Windows XP Home SP3 (English) - calc.exe Shellcode (37 bytes) Windows (XP Home SP2) (English) - calc.exe Shellcode (37 bytes) Windows (XP Home SP3) (English) - calc.exe Shellcode (37 bytes) Windows x86 - JITed Stage-0 Shellcode Windows x86 - JITed exec notepad Shellcode Windows XP Professional SP2 (Italian) - calc.exe Shellcode (36 bytes) Windows XP SP2 x86 - write.exe + ExitProcess WinExec Shellcode (16 bytes) Windows - Egghunter JITed Stage-0 Shellcode Windows XP SP3 x86 (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes) Windows x86 - MessageBox Shellcode (Metasploit) Windows XP/Vista/7 - Egghunter JITed Stage-0 Adjusted Universal Shellcode Windows/x86 - JITed Stage-0 Shellcode Windows/x86 - JITed exec notepad Shellcode Windows (XP Professional SP2) (Italian) - calc.exe Shellcode (36 bytes) Windows/x86 (XP SP2) - write.exe + ExitProcess WinExec Shellcode (16 bytes) Windows - Egghunter (0x07333531) JITed Stage-0 Shellcode Windows/x86 (XP SP3) (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes) Windows/x86 - MessageBox Shellcode (Metasploit) Windows (XP/Vista/7) - Egghunter (0x07333531) JITed Stage-0 Adjusted Universal Shellcode Linux/x86 - execve(/bin/sh) Shellcode (25 bytes) (2) Linux/x86 - execve(/bin/sh) Shellcode (25 bytes) Linux/x86 - execve(_a->/bin/sh_) Local-only Shellcode (14 bytes) Linux/x86 - execve(a->/bin/sh) + Local-only Shellcode (14 bytes) Linux/x86 - setreud(getuid()_ getuid()) + execve(_/bin/sh_) Shellcode (34 bytes) Linux/x86 - setreud(getuid()_ getuid()) + execve(/bin/sh) Shellcode (34 bytes) Windows XP SP2 (French) - Download File (http://www.site.com/nc.exe_) + Execute (c:\backdor.exe) Shellcode Windows (XP SP2) (French) - Download File (http://www.site.com/nc.exe) + Execute (c:\backdor.exe) Shellcode Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes) Linux/x86 - execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes) Windows 7 Professional SP1 x64 (FR) - Beep Shellcode (39 bytes) Windows/x86-64 (7 Professional SP1) (French) - Beep Shellcode (39 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes) Linux/x86 - chmod 0777 /etc/shadow + sys_chmod syscall Shellcode (39 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/passwd Shellcode (39 bytes) Linux/x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes) Linux/x86 - sys_setuid(0) + sys_setgid(0) + execve(_/bin/sh_) Shellcode (39 bytes) Windows 7 x64 - cmd Shellcode (61 bytes) Linux/x86 - unlink /etc/shadow Shellcode (33 bytes) Linux/x86 - chmod 0777 /etc/passwd + sys_chmod syscall Shellcode (39 bytes) Linux/x86 - execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes) Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh) Shellcode (39 bytes) Windows/x86-64 (7) - cmd Shellcode (61 bytes) Linux/x86 - unlink(/etc/shadow) Shellcode (33 bytes) Linux/x86-64 - Add Root User (shell-storm/leet) To /etc/{shadow_passwd} Shellcode (390 bytes) Windows XP SP3 (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) Linux/x86-64 - Add Root User (shell-storm/leet) To /etc/{passwd_shadow} Shellcode (390 bytes) Windows (XP SP3) (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) (Generator) Linux - setreuid(0_0) + execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes) Safari 4.0.5 < 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Null-Free Shellcode Linux - setreuid(0_0) + execve(_/bin/sh__NULL_NULL) + XOR Encoded Shellcode (62 bytes) Safari 4.0.5 < 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) + Null-Free Shellcode Windows x86 - Write-to-file ('pwned' ./f.txt) Null-Free Shellcode (278 bytes) Windows/x86 - Write-to-file ('pwned' ./f.txt) + Null-Free Shellcode (278 bytes) Linux/x86 - execve(/bin/sh) + Polymorphic Null-Free Shellcode (46 bytes) Windows XP SP3 (English) - MessageBoxA Shellcode (87 bytes) Linux/x86 - execve(/bin/sh) + Polymorphic + Null-Free Shellcode (46 bytes) Windows (XP SP3) (English) - MessageBoxA Shellcode (87 bytes) Windows x86 - Egghunter Checksum Routine Shellcode (18 bytes) Windows/x86 - Egghunter Checksum Routine Shellcode (18 bytes) Windows XP SP3 x86 (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes) Windows Mobile 6.5 TR (WinCE 5.2)/ARM - MessageBox Shellcode Windows Mobile 6.5 TR - Phone Call Shellcode Windows XP Professional SP3 x86 (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes) Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes) Windows/x86 (XP SP3) (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes) Windows/ARM (Mobile 6.5 TR WinCE 5.2) - MessageBox Shellcode Windows/ARM (Mobile 6.5 TR) - Phone Call Shellcode Windows/x86 (XP Professional SP3) (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes) Windows/x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes) Linux/ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode Linux/ARM - Bind TCP (0x1337/TCP) Listener + Receive Shellcode + Payload Loader Shellcode Windows 5.0 < 7.0 x86 - Speaking 'You got pwned!' Null-Free Shellcode Windows/x86 (5.0 < 7.0) - Speaking 'You got pwned!' + Null-Free Shellcode Windows x86 - Eggsearch Shellcode (33 bytes) Windows/x86 - Eggsearch Shellcode (33 bytes) Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit) Windows - Download File + Execute via DNS + IPv6 Shellcode (Generator) (Metasploit) Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes) Linux/x86 - Egghunter Null-Free Shellcode (29 bytes) Windows/x86 (PerfectXp-pc1/SP3 ) (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes) Linux/x86 - Egghunter + Null-Free Shellcode (29 bytes) Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd + No Password Polymorphic Shellcode Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd + No Password + Polymorphic Shellcode Windows x86 - Bind TCP Shell + Password (damn_it!$$##@;#) Shellcode (637 bytes) Windows XP Professional SP3 - calc.exe (C:/WINDOWS/system32/calc.exe) ROP Shellcode (428 bytes) Windows x64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes) Windows/x86 - Bind TCP Shell + Password (damn_it!$$##@;#) Shellcode (637 bytes) Windows (XP Professional SP3) - calc.exe (C:/WINDOWS/system32/calc.exe) ROP Shellcode (428 bytes) Windows/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes) Windows (2000/XP/7 x64/x86) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec + ExitProcess Shellcode Windows/x86-64 / x86 (2000/XP/7) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec + ExitProcess Shellcode Cisco ASA - Authentication Bypass _EXTRABACON_ (Improved Shellcode) (69 bytes) Cisco ASA - 'EXTRABACON' Authentication Bypass (Improved Shellcode) (69 bytes) Windows RT ARM - Bind TCP (4444/TCP) Shell Shellcode Linux/x86 - Egghunter Shellcode (31 bytes) Windows/ARM (RT) - Bind TCP (4444/TCP) Shell Shellcode Linux/x86 - Egghunter (0x56767606) Using fstenv + Obfuscation Shellcode (31 bytes) Windows x86 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Persistent Access Shellcode (494 bytes) Windows - MessageBox Null-Free Shellcode (113 bytes) Windows/x86 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Persistent Access Shellcode (494 bytes) Windows - MessageBox + Null-Free Shellcode (113 bytes) Windows 7 x86 - Bind TCP (4444/TCP) Shell Shellcode (357 bytes) Windows - Add Administrator User (BroK3n/BroK3n) Null-Free Shellcode (194 bytes) Windows/x86 (7) - Bind TCP (4444/TCP) Shell Shellcode (357 bytes) Windows - Add Administrator User (BroK3n/BroK3n) + Null-Free Shellcode (194 bytes) Linux/x86 - rmdir Shellcode (37 bytes) Linux/x86 - rmdir() Shellcode (37 bytes) Windows x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows/x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes) Windows/x86-64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes) Windows XP x86-64 - Download File + Execute Shellcode (Generator) Windows/x86-64 (XP) - Download File + Execute Shellcode Using Powershell (Generator) Linux/x86 - chmod 0777 /etc/shadow Obfuscated Shellcode (84 bytes) Linux/x86 - chmod 0777 /etc/shadow + Obfuscated Shellcode (84 bytes) Linux/x86 - execve(/bin/sh) Obfuscated Shellcode (40 bytes) Linux/x86 - execve(/bin/sh) + Obfuscated Shellcode (40 bytes) Linux/x86 - Egghunter Shellcode (20 bytes) Linux/x86 - Egghunter (0x5159) Shellcode (20 bytes) Linux/x86 - Create _my.txt_ In Working Directory Shellcode (37 bytes) Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) Shellcode (49 bytes) Linux/x86 - Create 'my.txt' In Working Directory Shellcode (37 bytes) Linux/x86 - setreuid(0_ 0) + execve(/sbin/halt) + exit(0) Shellcode (49 bytes) Windows XP SP3 x86 - Create (_file.txt_) Shellcode (83 bytes) Windows XP SP3 x86 - Restart Shellcode (57 bytes) Windows/x86 (XP SP3) - Create (file.txt) Shellcode (83 bytes) Windows/x86 (XP SP3) - Restart Shellcode (57 bytes) Linux/x86 - execve(/bin/sh) (Push Method) Shellcode (21 bytes) Linux/x86 - execve(/bin/sh) + Push Method Shellcode (21 bytes) Linux/x86-64 - execve(/bin/sh) Null-Free Shellcode (30 bytes) Linux/x86-64 - execve(/bin/sh) + Null-Free Shellcode (30 bytes) Linux/x86 - Reboot Shellcode (28 bytes) Linux/x86 - Reboot() Shellcode (28 bytes) Linux/x86 - execve(/bin/sh) ROT7 Encoded Shellcode Windows XP SP3 x86 (Turkish) - MessageBox Shellcode (24 bytes) Linux/x86 - Egghunter Shellcode (19 bytes) Windows x86 - user32!MessageBox _Hello World!_ Null-Free Shellcode (199 bytes) Linux/x86 - execve(/bin/sh) ROL/ROR Encoded Shellcode Windows 2003 x64 - Token Stealing Shellcode (59 bytes) OSX/x86-64 - execve(/bin/sh) Null-Free Shellcode (34 bytes) Linux/x86 - execve(/bin/sh) + ROT7 Encoded Shellcode Windows/x86 (XP SP3) (Turkish) - MessageBox Shellcode (24 bytes) Linux/x86 - Egghunter (0x50905090) Without Hardcoded Signature Shellcode (19 bytes) Windows/x86 - user32!MessageBox _Hello World!_ + Null-Free Shellcode (199 bytes) Linux/x86 - execve(/bin/sh) + ROL/ROR Encoded Shellcode Windows/x86-64 (2003) - Token Stealing Shellcode (59 bytes) OSX/x86-64 - execve(/bin/sh) + Null-Free Shellcode (34 bytes) Linux/x86-64 - Egghunter Shellcode (24 bytes) Linux/x86-64 - Egghunter (0x6b634068) Shellcode (24 bytes) Windows XP < 10 - Command Generator WinExec Null-Free Shellcode (Generator) Windows (XP < 10) - Command Generator WinExec + Null-Free Shellcode (Generator) Linux/x86-64 - Egghunter Shellcode (18 bytes) Linux/x86 - Egghunter Shellcode (13 bytes) Linux/x86-64 - execve() XOR/NOT/DIV Encoded Shellcode (54 bytes) Linux/x86-64 - Egghunter (0x50905090) Shellcode (18 bytes) Linux/x86 - Egghunter (0x4f904790) Shellcode (13 bytes) Linux/x86-64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes) Windows x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes) Windows/x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes) Windows x86 - URLDownloadToFileA() (http://192.168.86.130/sample.exe) + SetFileAttributesA() (pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes) Windows/x86 - URLDownloadToFileA() (http://192.168.86.130/sample.exe) + SetFileAttributesA() (pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes) Windows - Keylogger to File (./log.bin) Null-Free Shellcode (431 bytes) Windows .Net Framework x86 - Execute Native x86 Shellcode Windows - Keylogger to File (./log.bin) + Null-Free Shellcode (431 bytes) Windows/x86 (.Net Framework) - Execute Native x86 Shellcode Windows - Keylogger to File (%TEMP%/log.bin) Null-Free Shellcode (601 bytes) Windows - Keylogger to File (%TEMP%/log.bin) + Null-Free Shellcode (601 bytes) Linux/x86-64 - execve() XOR Encoded Shellcode (84 bytes) Linux/x86-64 - execve() + XOR Encoded Shellcode (84 bytes) Windows x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes) Windows/x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes) Windows x86 - system(_systeminfo_) Shellcode (224 bytes) Windows XP < 10 - Download File + Execute Shellcode Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode (250 bytes) Windows/x86 - system(systeminfo) Shellcode (224 bytes) Windows (XP < 10) - Download File + Execute Shellcode Windows/x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode (250 bytes) Linux/x86 - Reverse Xterm Shell (127.1.1.1:10) Shellcode (68 bytes) Linux/x86 - Reverse TCP (127.1.1.1:10) Xterm Shell Shellcode (68 bytes) Windows 7 x86 - localhost Port Scanner Shellcode (556 bytes) Linux/x86 - Bind Netcat Shell (98/TCP + UDP) Shellcode (44/52 bytes) Windows/x86 (7) - localhost Port Scanner Shellcode (556 bytes) Linux/x86 - Bind TCP/UDP (98/TCP + UDP) Netcat Shell Shellcode (44/52 bytes) Windows x86 - MessageBoxA Shellcode (242 bytes) Windows x86 - CreateProcessA cmd.exe Shellcode (253 bytes) Windows x86 - InitiateSystemShutdownA() Shellcode (599 bytes) Linux/x86-64 - Bind TCP (4444/TCP) + Stager + Egghunter Shellcode (157 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using open_write_close To /etc/{shadow_passwd} Shellcode (358 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd To /etc/{shadow_passwd} Shellcode (273 bytes) Windows/x86 - MessageBoxA Shellcode (242 bytes) Windows/x86 - CreateProcessA cmd.exe Shellcode (253 bytes) Windows/x86 - InitiateSystemShutdownA() Shellcode (599 bytes) Linux/x86-64 - Bind TCP (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using open_write_close To /etc/{passwd_shadow} Shellcode (358 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd To /etc/{passwd_shadow} Shellcode (273 bytes) Linux/x86-64 - Bind TCP (Random TCP Port) Shell Shellcode (57 bytes) Linux/x86-64 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) OSX/PPC - Stager Sock Find MSG_PEEK Shellcode OSX/PPC - Stager Sock Find MSG_PEEK + Null-Free Shellcode OSX/PPC - execve(/bin/sh) Shellcode OSX/PPC - execve(/bin/sh) + Null-Free Shellcode Linux/x86 - socket-proxy Shellcode (372 bytes) (Generator) Linux/x86 - Socket-proxy Shellcode (372 bytes) (Generator) Linux/x86 - rmdir(_/tmp/willdeleted_) Shellcode (41 bytes) Linux/x86 - setdomainname(_th1s s3rv3r h4s b33n h1j4ck3d !!_) Shellcode (58 bytes) Linux/x86 - rmdir(/tmp/willdeleted) Shellcode (41 bytes) Linux/x86 - setdomainname(th1s s3rv3r h4s b33n h1j4ck3d !!) Shellcode (58 bytes) Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (3) Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (5) Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (3) Linux/x86 - Bind TCP (1111/TCP) Shell + SO_REUSEADDR Set (Avoiding SIGSEGV) Shellcode (103 bytes) Linux/x86 - Reverse TCP (127.1.1.1:55555/TCP) Shell Shellcode (72 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell Shellcode (65 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell + GetPC/Call/Ret Method Shellcode (89 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell Shellcode (73 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell Shellcode (57 bytes) Linux/x86 - Egghunter Shellcode (38 bytes) Windows x64 - cmd.exe WinExec() Shellcode (93 bytes) Windows x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes) Windows x64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell + SO_REUSEADDR Set (Avoiding SIGSEGV) + Null-Free Shellcode (103 bytes) Linux/x86 - Reverse TCP (127.1.1.1:55555/TCP) Shell + Null-Free Shellcode (72 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (65 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell + GetPC/Call/Ret Method + Null-Free Shellcode (89 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell + Null-Free Shellcode (73 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) Linux/x86 - Egghunter (0x50905090) + Null-Free Shellcode (38 bytes) Linux/x86 - execve(/bin/sh) + Null-Free Shellcode (21 bytes) (6) Linux/x86 - Read /etc/passwd file + Null-Free Shellcode (51 bytes) Linux/x86 - Reboot() + Mutated + Null-Free Shellcode (55 bytes) Linux/x86 - Fork Bomb + Mutated + Null-Free Shellcode (15 bytes) Linux/x86 - execve wget + Mutated + Null-Free Shellcode (96 bytes) Linux/x86 - execve(/bin/sh) + Uzumaki Encoded + Null-Free Shellcode (50 bytes) Linux/x86 - Uzumaki Encryptor Shellcode (Generator) Linux/x86 - Bind TCP (31337/TCP) Shell Shellcode (108 bytes) Linux/x86 - /proc/sys/net/ipv4/ip_forward 0 + exit() Shellcode (83 bytes) Linux/x86 - Egghunter (0x5090) Shellcode (38 bytes) Linux/x86 - execve(/bin/sh) + Obfuscated Shellcode (30 bytes) Linux/x86 - Bind TCP Shell Shellcode (112 bytes) Linux/x86 - Reverse TCP (127.1.1.1:12345/TCP) cat /etc/passwd Shellcode (111 bytes) Linux/x86 - Download File (http://192.168.2.222/x) + chmod() + execute Shellcode (108 bytes) Linux/x86 - execve(/bin/sh) + Using jump/call/pop Shellcode (52 bytes) Linux/x86 - Copy /etc/passwd to /tmp/outfile Shellcode (97 bytes) Linux/x86 - shift-bit execve() Encoder Shellcode (114 bytes) Linux/x86 - execve() Using JMP-FSTENV Shellcode (67 bytes) Linux/x86 - chmod 0777 /etc/shadow + Obfuscated Shellcode (51 bytes) Linux/x86 - shutdown -h now Shellcode (56 bytes) Linux/x86 - Bind TCP (1337/TCP) Shell Shellcode (89 bytes) Linux/x86 - Reverse TCP (127.1.1.1:1337/TCP) Shell Shellcode (74 bytes) Linux/x86 - setreuid() + execve(/usr/bin/python) Shellcode (54 bytes) Linux/x86 - execve() + ROT-7 Shellcode (Encoder/Decoder) (74 bytes) Windows/x86 (NT/XP/2000/2003) - Bind TCP (8721/TCP) Shell Shellcode (356 bytes) Windows/x86 (2000) - Reverse TCP (192.168.0.247:8721/TCP) Connect + Vampiric Import Shellcode (179 bytes) Windows/x86 - Create Admin User (X) Shellcode (304 bytes) Windows/x86 (XP SP3) (French) - Sleep 90 Seconds Shellcode (14 bytes) Windows/x86 (XP Professional SP2) (English) - Wordpad Shellcode (15 bytes) Windows/x86 (XP Professional SP2) - calc Shellcode (57 bytes) Windows/x86 (XP Professional SP3) (French) - calc.exe Shellcode (31 bytes) Windows/x86 - Download File (http://skypher.com/dll) + LoadLibrary + Null-Free Shellcode (164 bytes) Windows/x86 - calc.exe + Null-Free Shellcode (100 bytes) Windows/x86 - Message Box + Null-Free Shellcode (140 bytes) Windows/x86 (XP SP3) (Turkish) - MessageBoxA Shellcode (109 bytes) Windows/x86 (XP SP3) (Turkish) - calc.exe Shellcode (53 bytes) Windows/x86 (XP SP3) (Turkish) - cmd.exe Shellcode (52 bytes) Windows/x86 (XP SP3) (Turkish) - cmd.exe Shellcode (42 bytes) Windows/x86 (XP SP3) (English) - calc Shellcode (16 bytes) Windows/x86 (XP SP3) - MessageBox Shellcode (11 bytes) Windows/x86-64 - cmd.exe WinExec() Shellcode (93 bytes) Windows/x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes) Windows/x86-64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes) Windows x64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes) Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Linux/x86 - execve(/bin/bash -c) Arbitrary Command Execution Null-Free Shellcode (72 bytes) Windows x64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes) Windows x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes) Linux/x86-64 - mkdir Shellcode (25 bytes) Windows/x86-64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes) Linux/x86 - Reverse TCP Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Linux/x86 - execve(/bin/bash -c) Arbitrary Command Execution + Null-Free Shellcode (72 bytes) Windows/x86-64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes) Windows/x86-64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes) Linux/x86-64 - mkdir() Shellcode (25 bytes) Windows x86 - SE_DACL_PROTECTED Protect Process Shellcode (229 bytes) Windows/x86 - SE_DACL_PROTECTED Protect Process Shellcode (229 bytes) Linux/x86-64 - Egghunter Shellcode (38 bytes) Windows x86 - Executable Directory Search Null-Free Shellcode (130 bytes) Linux/x86-64 - Egghunter (0xDEADC0DE) Shellcode (38 bytes) Windows/x86 - Executable Directory Search + Null-Free Shellcode (130 bytes) Windows x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes) Windows/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes) Windows x86 - Hide Console Window Shellcode (182 bytes) Windows/x86 - Hide Console Window Shellcode (182 bytes) Linux/ARM - chmod(_/etc/passwd__ 0777) Shellcode (39 bytes) Linux/ARM - chmod( /etc/passwd 0777) Shellcode (39 bytes) Linux/SPARC - setreuid(0_0) + standard execve() Shellcode (72 bytes) Linux/SPARC - setreuid(0_0) + execve() Shellcode (72 bytes) Linux/x86-64 - sys_access() Egghunter Shellcode (49 bytes) Linux/x86-64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes) Linux/x86 - exceve /bin/sh Encoded Shellcode (44 bytes) Linux/x86 - exceve(/bin/sh) + Encoded Shellcode (44 bytes) Linux/x86 - Insertion Decoder + Null-Free Shellcode (33+ bytes) Windows 10 x64 - Egghunter Shellcode (45 bytes) Windows/x86-64 (10) - Egghunter Shellcode (45 bytes) Linux/x86 - Egghunter Shellcode (18 bytes) Linux/x86 - Egghunter (0x50905090) + /bin/sh Shellcode (18 bytes) Windows x86/x64 - cmd.exe Shellcode (718 bytes) Windows/x86-64 / x86 - cmd.exe Shellcode (718 bytes) Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes) Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) + XOR Encoded Shellcode (66 bytes) Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) (4) Linux/x86-64 - mkdir() 'evil' Shellcode (30 bytes) Linux/x86-64 - mkdir(evil) Shellcode (30 bytes) Windows x64 - API Hooking Shellcode (117 bytes) Windows/x86-64 - API Hooking Shellcode (117 bytes)	2018-01-19 05:01:43 +00:00
Offensive Security	50c008ba06	DB: 2018-01-16 39 changes to exploits/shellcodes OBS studio 20.1.3 - Local Buffer Overflow Kingsoft Antivirus/Internet Security 9+ - Privilege Escalation Kingsoft Antivirus/Internet Security 9+ - Local Privilege Escalation SysGauge Server 3.6.18 - Buffer Overflow Disk Pulse Enterprise 10.1.18 - Buffer Overflow Synology Photo Station 6.8.2-3461 - 'SYNOPHOTO_Flickr_MultiUpload' Race Condition File Write Remote Code Execution ImgHosting 1.5 - Cross-Site Scripting Domains & Hostings Manager PRO 3.0 - Authentication Bypass PerfexCRM 1.9.7 - Arbitrary File Upload RISE 1.9 - 'search' SQL Injection Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect Adminer 4.3.1 - Server-Side Request Forgery Oracle PeopleSoft 8.5x - Remote Code Execution ILIAS < 5.2.4 - Cross-Site Scripting Flash Operator Panel 2.31.03 - Command Execution pfSense < 2.1.4 - 'status_rrd_graph_img.php' Command Injection BSD - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (124 bytes) BSD - Reverse TCP (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (124 bytes) BSD/x86 - setuid(0) + Bind TCP Shell (31337/TCP) Shellcode (94 bytes) BSD/x86 - setuid(0) + Bind TCP (31337/TCP) Shell Shellcode (94 bytes) BSD/x86 - Bind TCP Shell (31337/TCP) Shellcode (83 bytes) BSD/x86 - Bind TCP Shell (Random TCP Port) Shellcode (143 bytes) BSD/x86 - Bind TCP (31337/TCP) Shell Shellcode (83 bytes) BSD/x86 - Bind TCP (Random TCP Port) Shell Shellcode (143 bytes) BSD/x86 - Reverse TCP Shell (torootteam.host.sk:2222/TCP) Shellcode (93 bytes) BSD/x86 - Reverse TCP (torootteam.host.sk:2222/TCP) Shell Shellcode (93 bytes) BSD/x86 - Reverse TCP Shell (192.168.2.33:6969/TCP) Shellcode (129 bytes) BSD/x86 - Reverse TCP (192.168.2.33:6969/TCP) Shell Shellcode (129 bytes) FreeBSD/x86 - Reverse TCP cat /etc/passwd (192.168.1.33:8000/TCP) Shellcode (112 bytes) FreeBSD/x86 - Reverse TCP (192.168.1.33:8000/TCP) cat /etc/passwd Shellcode (112 bytes) FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:8000/TCP) Null-Free Shellcode (89 bytes) FreeBSD/x86 - Reverse TCP (127.0.0.1:8000/TCP) Shell (/bin/sh) + Null-Free Shellcode (89 bytes) FreeBSD/x86 - Bind TCP Password /bin/sh Shell (4883/TCP) Shellcode (222 bytes) FreeBSD/x86 - Bind TCP (4883/TCP) Shell (/bin/sh) + Password Shellcode (222 bytes) FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (102 bytes) FreeBSD/x86 - Reverse TCP (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (102 bytes) Windows - Reverse TCP Shell (127.0.0.1:123/TCP) Alphanumeric Shellcode (Encoder/Decoder) (Generator) Windows - Reverse TCP (127.0.0.1:123/TCP) Shell + Alphanumeric Shellcode (Encoder/Decoder) (Generator) Cisco IOS - New TTY + Privilege Level To 15 + Reverse Virtual Terminal Shell (21/TCP) Shellcode Cisco IOS - New TTY + Privilege Level To 15 + Reverse (21/TCP) Virtual Terminal Shell Shellcode Linux/x86-64 - Reverse TCP Semi-Stealth /bin/bash Shell Shellcode (88+ bytes) (Generator) Linux/MIPS (Linksys WRT54G/GL) - Bind TCP /bin/sh Shell (4919/TCP) Shellcode (276 bytes) Linux/x86-64 - Reverse TCP Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator) Linux/MIPS (Linksys WRT54G/GL) - Bind TCP (4919/TCP) Shell (/bin/sh) Shellcode (276 bytes) Linux/PPC - Reverse TCP /bin/sh Shell (192.168.1.1:31337/TCP) Shellcode (240 bytes) Linux/PPC - Reverse TCP (192.168.1.1:31337/TCP) Shell (/bin/sh) Shellcode (240 bytes) Linux/SPARC - Reverse TCP Shell (192.168.100.1:2313/TCP) Shellcode (216 bytes) Linux/SPARC - Bind TCP Shell (8975/TCP) Null-Free Shellcode (284 bytes) Linux/SPARC - Reverse TCP (192.168.100.1:2313/TCP) Shell Shellcode (216 bytes) Linux/SPARC - Bind TCP (8975/TCP) Shell + Null-Free Shellcode (284 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) XOR Encoded Shellcode (152 bytes) Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) + XOR Encoded Shellcode (152 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind TCP /bin/sh Shell (8000/TCP) Shellcode (179 bytes) Linux/x86 - Bind TCP (8000/TCP) Shell + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes) Linux/x86 - Bind TCP (8000/TCP) Shell + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind TCP (8000/TCP) Shell (/bin/sh) Shellcode (179 bytes) Linux/x86 - Reverse TCP cat /etc/shadow (8192/TCP) Shellcode (155 bytes) Linux/x86 - Reverse TCP (8192/TCP) cat /etc/shadow Shellcode (155 bytes) Linux/x86 - Raw-Socket ICMP/Checksum /bin/sh Shell Shellcode (235 bytes) Linux/x86 - Raw-Socket ICMP/Checksum Shell (/bin/sh) Shellcode (235 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + setuid Shellcode (96 bytes) Linux/x86 - Bind TCP Shell (2707/TCP) Shellcode (84 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + setuid Shellcode (96 bytes) Linux/x86 - Bind TCP (2707/TCP) Shell Shellcode (84 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (100 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.13.22:31337/TCP) Shellcode (82 bytes) (Generator) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (100 bytes) Linux/x86 - Reverse TCP (192.168.13.22:31337/TCP) Shell (/bin/sh) Shellcode (82 bytes) (Generator) Linux/x86 - Reverse TCP Shell (127.0.0.1:80/TCP) XOR Encoded Shellcode (371 bytes) Linux/x86 - Reverse TCP (127.0.0.1:80/TCP) Shell + XOR Encoded Shellcode (371 bytes) Linux/x86 - Bind TCP /bin/sh Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64713/TCP) Shellcode (86 bytes) Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) + Password (gotfault) Shellcode (166 bytes) Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) Shellcode (86 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (80 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + fork() Shellcode (98 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (80 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + fork() Shellcode (98 bytes) Linux/x86 - Reverse TCP Shell (127.0.0.1:31337/TCP) Shellcode (74 bytes) Linux/x86 - Reverse TCP (127.0.0.1:31337/TCP) Shell Shellcode (74 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) ToUpper Encoded Shellcode (226 bytes) Linux/x86 - Bind TCP (5074/TCP) Shell + ToUpper Encoded Shellcode (226 bytes) Linux/x86 - Reverse TCP /bin/sh Shell Shellcode (120 bytes) Linux/x86 - Reverse TCP Shell (/bin/sh) Shellcode (120 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) Shellcode (92 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) + fork() Shellcode (130 bytes) Linux/x86 - Bind TCP (5074/TCP) Shell Shellcode (92 bytes) Linux/x86 - Bind TCP (5074/TCP) Shell + fork() Shellcode (130 bytes) Linux/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (132 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (132 bytes) NetBSD/x86 - Reverse TCP Shell (6666/TCP) Shellcode (83 bytes) NetBSD/x86 - setreuid(0_ 0) + execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes) NetBSD/x86 - setreuid(0_ 0) + execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes) NetBSD/x86 - Reverse TCP (6666/TCP) Shell Shellcode (83 bytes) NetBSD/x86 - setreuid(0_ 0) + execve(_/bin//sh__ ..._ NULL) Shellcode (29 bytes) NetBSD/x86 - setreuid(0_ 0) + execve(_/bin//sh__ ..._ NULL) Shellcode (30 bytes) OpenBSD/x86 - Bind TCP Shell (6969/TCP) Shellcode (148 bytes) OpenBSD/x86 - Bind TCP (6969/TCP) Shell Shellcode (148 bytes) Solaris/SPARC - Reverse TCP Shell (44434/TCP) XNOR Encoded Shellcode (600 bytes) (Generator) Solaris/SPARC - Reverse TCP (44434/TCP) Shell + XNOR Encoded Shellcode (600 bytes) (Generator) Solaris/SPARC - Bind TCP Shell (6666/TCP) Shellcode (240 bytes) Solaris/SPARC - Bind TCP (6666/TCP) Shell Shellcode (240 bytes) Solaris/SPARC - Bind TCP /bin/sh Shell (6789/TCP) Shellcode (228 bytes) Solaris/SPARC - Reverse TCP /bin/sh Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes) Solaris/SPARC - Bind TCP (6789/TCP) Shell (/bin/sh) Shellcode (228 bytes) Solaris/SPARC - Reverse TCP (192.168.1.4:5678/TCP) Shell (/bin/sh) Shellcode (204 bytes) Windows 5.0 < 7.0 x86 - Bind TCP Shell (28876/TCP) Null-Free Shellcode Windows 5.0 < 7.0 x86 - Bind TCP (28876/TCP) Shell + Null-Free Shellcode Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53/TCP) Shellcode (275 bytes) (Generator) Windows XP/2000/2003 - Reverse TCP (127.0.0.1:53/TCP) Shell Shellcode (275 bytes) (Generator) Windows XP SP1 - Bind TCP Shell (58821/TCP) Shellcode (116 bytes) Windows XP SP1 - Bind TCP (58821/TCP) Shell Shellcode (116 bytes) FreeBSD/x86 - Bind TCP /bin/sh Shell (1337/TCP) Shellcode (167 bytes) FreeBSD/x86 - Bind TCP (1337/TCP) Shell (/bin/sh) Shellcode (167 bytes) Linux/x86 - Bind Netcat Shell (13377/TCP) Shellcode Linux/x86 - Bind TCP (13377/TCP) Netcat Shell Shellcode Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes) Linux/x86 - Reverse TCP (8080/TCP) Netcat Shell Shellcode (76 bytes) Linux/x86 - Bind TCP Shell (31337/TCP) + setreuid(0_0) Polymorphic Shellcode (131 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell + setreuid(0_0) + Polymorphic Shellcode (131 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64533/TCP) Shellcode (97 bytes) Linux/x86 - Bind TCP (64533/TCP) Shell (/bin/sh) Shellcode (97 bytes) Linux - Bind TCP Shell (6778/TCP) XOR Encoded Polymorphic Shellcode (125 bytes) Linux - Bind Netcat Shell (31337/TCP) Polymorphic Shellcode (91 bytes) Linux - Bind TCP (6778/TCP) Shell + XOR Encoded Polymorphic Shellcode (125 bytes) Linux - Bind TCP (31337/TCP) Netcat Shell + Polymorphic Shellcode (91 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (8080/TCP) Shellcode (75 bytes) Linux/x86 - Bind TCP (8080/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (75 bytes) BSD/x86 - Bind TCP Shell (2525/TCP) Shellcode (167 bytes) BSD/x86 - Bind TCP (2525/TCP) Shell Shellcode (167 bytes) Linux/ARM - Bind TCP Shell (0x1337/TCP) Shellcode Linux/ARM - Bind UDP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode Linux/ARM - Bind TCP (0x1337/TCP) Shell Shellcode Linux/ARM - Bind UDP (68/UDP) Listener + Reverse TCP (192.168.0.1:67/TCP) Shell Shellcode FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:1337/TCP) Shellcode (81 bytes) (Generator) FreeBSD/x86 - Bind TCP /bin/sh Shell (31337/TCP) + Fork Shellcode (111 bytes) FreeBSD/x86 - Reverse TCP (127.0.0.1:1337/TCP) Shell (/bin/sh) Shellcode (81 bytes) (Generator) FreeBSD/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + Fork Shellcode (111 bytes) Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69/93 bytes) OSX/Intel x86-64 - Reverse TCP /bin/sh Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes) Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic XOR Encoded Shellcode (69/93 bytes) OSX/Intel x86-64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86 - Reverse TCP SSL Shell (localhost:8080/TCP) Shellcode (422 bytes) Linux/x86 - Reverse TCP (localhost:8080/TCP) Shell + SSL Shellcode (422 bytes) Linux/MIPS - Reverse TCP Shell (0x7a69/TCP) Shellcode (168 bytes) Linux/MIPS - Reverse TCP (0x7a69/TCP) Shell Shellcode (168 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP /bin/sh Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP (10.1.1.2:0x1337/TCP) Shell (/bin/sh) Shellcode (72 bytes) Windows x86 - Bind TCP Password (damn_it!$$##@;#) Shell Shellcode (637 bytes) Windows x86 - Bind TCP Shell + Password (damn_it!$$##@;#) Shellcode (637 bytes) Windows x64 - Bind TCP Shell (4444/TCP) Shellcode (508 bytes) Windows x64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes) Linux/x86 - Reverse TCP Shell (192.168.1.10:31337/TCP) Shellcode (92 bytes) Linux/x86 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (92 bytes) Windows RT ARM - Bind TCP Shell (4444/TCP) Shellcode Windows RT ARM - Bind TCP (4444/TCP) Shell Shellcode Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse TCP /bin/sh Shell (192.168.122.1:43981/TCP) Shellcode Windows x86 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Persistent Access Shellcode (494 bytes) Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse TCP (192.168.122.1:43981/TCP) Shell (/bin/sh) Shellcode Windows x86 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Persistent Access Shellcode (494 bytes) Linux/MIPS (Little Endian) - Reverse TCP /bin/sh Shell (192.168.1.177:31337/TCP) Shellcode (200 bytes) Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 bytes) Linux/MIPS (Little Endian) - Reverse TCP (192.168.1.177:31337/TCP) Shell (/bin/sh) Shellcode (200 bytes) Windows 7 x86 - Bind TCP (4444/TCP) Shell Shellcode (357 bytes) Linux/x86-64 - Reverse TCP /bin/bash Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes) Linux/x86-64 - Reverse TCP (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) + Password (Z~r0) Null-Free Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP Password (Z~r0) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.1.133:33333/TCP) Shellcode (72 bytes) Linux/x86 - Bind TCP /bin/sh Shell (33333/TCP) Shellcode (96 bytes) Linux/x86 - Reverse TCP (192.168.1.133:33333/TCP) Shell (/bin/sh) Shellcode (72 bytes) Linux/x86 - Bind TCP (33333/TCP) Shell (/bin/sh) Shellcode (96 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (17771/TCP) Shellcode (58 bytes) Linux/x86 - Bind TCP (17771/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (58 bytes) Linux/x86 - Bind Netcat Shell (5555/TCP) Shellcode (60 bytes) Linux/x86 - Bind TCP (5555/TCP) Netcat Shell Shellcode (60 bytes) Mainframe/System Z - Bind TCP Shell (12345/TCP) Null-Free Shellcode (2488 bytes) Mainframe/System Z - Bind TCP (12345/TCP) Shell + Null-Free Shellcode (2488 bytes) OSX/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (144 bytes) OSX/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes) Google Android - Bind Telnetd Shell (1035/TCP) + Environment / Parameters Shellcode (248 bytes) Google Android - Bind TCP (1035/TCP) Telnetd Shell + Environment/Parameters Shellcode (248 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (1234) Shell (31173/TCP) Shellcode (92 bytes) Linux/x86-64 - Bind TCP (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (103 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (hack) Shell (4444/TCP) Null-Free Shellcode (162 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free Shellcode (151 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes) Linux x86/x86-64 - Reverse TCP Shell (192.168.1.29:4444/TCP) Shellcode (195 bytes) Linux x86/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (251 bytes) Linux x86/x86-64 - Reverse TCP (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes) Linux x86/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (251 bytes) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (122 bytes) Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (135 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes) Linux/ARM - Reverse TCP /bin/sh Shell (10.0.0.10:1337/TCP) Shellcode (95 bytes) Linux/ARM - Reverse TCP (10.0.0.10:1337/TCP) Shell (/bin/sh) Shellcode (95 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.2:1234/TCP) Shellcode (134 bytes) Linux/x86-64 - Reverse TCP (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (81 bytes) Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (81 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (86 bytes) Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (86 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes) Linux/x86 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (1250 bytes) Linux/x86 - Reverse TCP (::ffff:192.168.64.129:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (159 bytes) Linux/x86 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (1250 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (199 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes) Linux/x86-64 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes) Linux/x86-64 - Reverse TCP (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes) Linux/x86 - Bind TCP /bin/sh Shell (1234/TCP) Shellcode (87 bytes) (Generator) Linux/x86 - Bind TCP (1234/TCP) Shell (/bin/sh) Shellcode (87 bytes) (Generator) Linux/x86 - Bind TCP /bin/bash Shell (4444/TCP) Shellcode (656 bytes) Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/bash) Shellcode (656 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (13337/TCP) Shellcode (56 bytes) Linux/x86 - Bind TCP (13337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (56 bytes) Linux/x86-64 - Reverse TCP cat /etc/passwd (192.168.86.128:1472/TCP) Shellcode (164 bytes) Linux/x86-64 - Bind Netcat Shell Null-Free Shellcode (64 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (98 bytes) Linux/x86-64 - Bind Ncat Shell (4442/TCP) / SSL / Multi-Channel (4444-4447/TCP) / Persistant / Fork / IPv4/6 / Password Null-Free Shellcode (176 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.227.129:4444/TCP) Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Null-Free Shellcode (172 bytes) Linux/x86-64 - Reverse TCP (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes) Linux/x86-64 - Bind TCP Netcat Shell + Null-Free Shellcode (64 bytes) Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) Shellcode (98 bytes) Linux/x86-64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + Fork + IPv4/6 + Password + Null-Free Shellcode (176 bytes) Linux/x86 - Reverse TCP (192.168.227.129:4444/TCP) Shell (/bin/sh) Shellcode (75 bytes) Linux/x86-64 - Reverse TCP (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes) Linux/x86-64 - Bind TCP Shell (4442/TCP) / Syscall Persistent / Multi-Terminal (4444-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes) Linux/CRISv32 Axis Communication - Reverse TCP /bin/sh Shell (192.168.57.1:443/TCP) Shellcode (189 bytes) Linux/x86-64 - Bind TCP (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes) Linux/CRISv32 Axis Communication - Reverse TCP (192.168.57.1:443/TCP) Shell (/bin/sh) Shellcode (189 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4:46357/TCP) / Subtle Probing / Timer / Burst / Password (la crips) / Multi-Terminal Shellcode (84/122/172 bytes) Linux/x86-64 - Reverse TCP (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes) Linux/x86 - Bind TCP /bin/zsh Shell (9090/TCP) Shellcode (96 bytes) Linux/x86 - Reverse TCP /bin/zsh Shell (127.255.255.254:9090/TCP) Shellcode (80 bytes) Linux/x86 - Bind TCP (9090/TCP) Shell (/bin/zsh) Shellcode (96 bytes) Linux/x86 - Reverse TCP (127.255.255.254:9090/TCP) Shell (/bin/zsh) Shellcode (80 bytes) Linux/x86-64 - Bind TCP Stager (4444/TCP) + Egghunter Shellcode (157 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using open_write_close Shellcode (358 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd Shellcode (273 bytes) Linux/x86-64 - Read /etc/passwd Shellcode (82 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes) Linux/x86-64 - Reverse TCP (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes) Linux/x86-64 - Bind TCP (Random TCP Port) Shell Shellcode (57 bytes) Linux/x86-64 - Bind TCP (31337/TCP) Shell Shellcode (150 bytes) Linux/x86-64 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes) Linux/x86-64 - Bind TCP (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes) Linux/x86-64 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (85 bytes) Linux/x86-64 - setreuid(0_0) + execve(/bin/csh_ [/bin/csh_ NULL]) + XOR Encoded Shellcode (87 bytes) Linux/x86-64 - setreuid(0_0) + execve(/bin/ksh_ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (87 bytes) Linux/x86-64 - setreuid(0_0) + execve(/bin/zsh_ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (87 bytes) Linux/x86-64 - sethostname(Rooted !) + killall Shellcode (33 bytes) OpenBSD/x86 - reboot() Shellcode (15 bytes) Windows x64 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Injection Shellcode (694 bytes) Windows x64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes) Windows x64 - Bind TCP Password (h271508F) Shell (2493/TCP) Shellcode (825 bytes) Windows x64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (87 bytes) Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (87 bytes) Linux - Reverse TCP Multi/Dual Mode Shell Shellcode (129 bytes) (Generator) Linux/x86 - Reverse TCP /bin/sh Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes) Linux - Bind TCP Dual/Multi Mode Shell Shellcode (156 bytes) Linux - Reverse TCP Shell + Multi/Dual Mode Shellcode (129 bytes) (Generator) Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Alphanumeric + Staged Shellcode (103 bytes) Linux - Bind TCP Shell + Dual/Multi Mode Shellcode (156 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (54 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.45:4444/TCP) Shellcode (84 bytes) Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 bytes) Linux/x86-64 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes) Linux/x86-64 - Reverse TCP (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes) Windows x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (127.1.1.1:8888/TCP) Null-Free Shellcode (67/69 bytes) Linux/x86 - Reverse TCP (127.1.1.1:8888/TCP) Shell (/bin/sh) + Null-Free Shellcode (67/69 bytes) Linux/ARM (Raspberry Pi) - Bind TCP /bin/sh Shell (0.0.0.0:4444/TCP) Null-Free Shellcode (112 bytes) Linux/ARM (Raspberry Pi) - Bind TCP (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (112 bytes) FreeBSD/x86-64 - Bind TCP Password (R2CBw0cr) /bin/sh Shell Shellcode (127 bytes) FreeBSD/x86-64 - Bind TCP Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes) FreeBSD/x86 - Bind TCP /bin/sh Shell (41254/TCP) Shellcode (115 bytes) FreeBSD/x86 - Bind TCP (41254/TCP) Shell (/bin/sh) Shellcode (115 bytes) IRIX - Bind TCP /bin/sh Shell Shellcode (364 bytes) IRIX - Bind TCP Shell (/bin/sh) Shellcode (364 bytes) Android/ARM - Reverse TCP /system/bin/sh Shell (10.0.2.2:0x3412/TCP) Shellcode (79 bytes) Android/ARM - Reverse TCP (10.0.2.2:0x3412/TCP) Shell (/system/bin/sh) Shellcode (79 bytes) Linux/StrongARM - Bind TCP /bin/sh Shell Shellcode (203 bytes) Linux/StrongARM - Bind TCP Shell (/bin/sh) Shellcode (203 bytes) Linux/SuperH (sh4) - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (132 bytes) Linux/SuperH (sh4) - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (132 bytes) Linux/x86-64 - sys_access() Egghunter Shellcode (49 bytes) Linux/x86-64 - shutdown -h now Shellcode (65 bytes) Linux/x86-64 - shutdown -h now Shellcode (64 bytes) Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (105 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes) Linux/x86-64 - Add Root User (shell-storm/leet) Polymorphic Shellcode (273 bytes) Linux/x86 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (44 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (44 bytes) Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Null-Free Shellcode (67 bytes) Linux/x86 - Reverse TCP /bin/bash Shell (192.168.3.119:54321/TCP) Shellcode (110 bytes) Linux/x86 - Reverse TCP (127.1.1.1:11111/TCP) Shell + Null-Free Shellcode (67 bytes) Linux/x86 - Reverse TCP (192.168.3.119:54321/TCP) Shell (/bin/bash) Shellcode (110 bytes) Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Null-Free Shellcode (113 bytes) Linux/x86-64 - Reverse TCP (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes) Linux/x86 - Reverse UDP /bin/sh Shell (127.0.0.1:53/UDP) Shellcode (668 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.8:4444/TCP) Shellcode (104 bytes) Linux x86 - execve /bin/sh Shellcode (24 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.2:4444/TCP) Shellcode (153 bytes) Linux/x86 - Reverse UDP (127.0.0.1:53/UDP) Shell (/bin/sh) Shellcode (668 bytes) Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (75 bytes) Linux/x86-64 - Reverse TCP (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes) Linux/x86 - execve /bin/sh Shellcode (24 bytes) Linux/x86-64 - Reverse TCP (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes) Linux/ARM (Raspberry Pi) - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (192 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP /bin/sh Shell (192.168.0.12:4444/TCP) Shellcode (160 bytes) Linux/ARM (Raspberry Pi) - Bind TCP (4444/TCP) Shell (/bin/sh) Shellcode (192 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP (192.168.0.12:4444/TCP) Shell (/bin/sh) Shellcode (160 bytes)	2018-01-16 05:02:18 +00:00
Offensive Security	d304cc3d3e	DB: 2017-11-24 116602 new exploits Too many to list!	2017-11-24 20:56:23 +00:00

1 2 3

138 commits