exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	d63de06c7a	DB: 2022-11-10 2776 changes to exploits/shellcodes/ghdb	2022-11-10 16:39:50 +00:00
Offensive Security	b4c96a5864	DB: 2021-09-03 28807 changes to exploits/shellcodes	2021-09-03 20:19:21 +00:00
Offensive Security	36c084c351	DB: 2021-09-03 45419 changes to exploits/shellcodes 2 new exploits/shellcodes Too many to list!	2021-09-03 13:39:06 +00:00
Offensive Security	720fabd066	DB: 2020-07-28 114 changes to exploits/shellcodes Notepad++ < 7.7 (x64) - Denial of Service winrar 5.80 64bit - Denial of Service WinRAR 5.80 (x64) - Denial of Service Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter target_offset Out-of-Bounds Privilege Escalation Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter 'target_offset' Out-of-Bounds Privilege Escalation TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Change Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017) Microsoft Windows 7 SP1 (x86) - GDI Palette Objects Local Privilege Escalation (MS17-017) Microsoft Word 2007 (x86) - Information Disclosure IKARUS anti.virus 2.16.7 - 'ntguard_x64' Local Privilege Escalation ASX to MP3 Converter 1.82.50 (Windows 2003 x86) - '.asx' Local Stack Overflow Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation Linux Kernel < 3.16.39 (Debian 8 x64) - 'inotfiy' Local Privilege Escalation Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation Linux Kernel < 3.16.39 (Debian 8 x64) - 'inotfiy' Local Privilege Escalation Microsoft Internet Explorer 11 (Windows 7 x64/x86) - vbscript Code Execution Microsoft Internet Explorer 11 (Windows 7 x86/x64) - vbscript Code Execution Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation R 3.4.4 (Windows 10 x64) - Buffer Overflow (DEP/ASLR Bypass) MySQL User-Defined (Linux) (x32/x86_64) - 'sys_exec' Local Privilege Escalation MySQL User-Defined (Linux) (x86) - 'sys_exec' Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) Microsoft Windows (x84/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation Microsoft Windows (x86/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation Microsoft Windows (x86) - Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation R 3.4.4 (Windows 10 x64) - Buffer Overflow SEH (DEP/ASLR Bypass) Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x64) - 'AF_PACKET' Race Condition Privilege Escalation Microsoft Windows 7 build 7601 (x86) - Local Privilege Escalation Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Unicode Stack Overflow (SEH) Atomic Alarm Clock x86 6.3 - 'AtomicAlarmClock' Unquoted Service Path DEWESoft X3 SP1 (64-bit) - Remote Command Execution DEWESoft X3 SP1 (x64) - Remote Command Execution CompleteFTP Professional 12.1.3 - Remote Code Execution TeamCity Agent XML-RPC 10.0 - Remote Code Execution eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution FreeBSD x86 / x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes) FreeBSD x86/x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes) Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes) Linux/x86 - Kill All Processes Shellcode (14 bytes) Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes) Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes) Linux/x86 - execve /bin/sh Shellcode (25 bytes) Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode (91 bytes) Linux/x86 - execve(/bin/sh) socket reuse Shellcode (42 bytes) Linux/x86 - (NOT\|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes) Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes) Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes) Linux/x86 - execve /bin/sh Shellcode (25 bytes) Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode (91 bytes) Linux/x86 - execve(/bin/sh) socket reuse Shellcode (42 bytes) Linux/x86 - (NOT\|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes) Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes) Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes) Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes) Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes) Windows/x86 - Dynamic Bind Shell + Null-Free Shellcode (571 Bytes) Linux/x86 - Bind Shell Generator Shellcode (114 bytes) Windows/x86 - Dynamic Bind Shell + Null-Free Shellcode (571 Bytes) Linux/x86 - Bind Shell Generator Shellcode (114 bytes) Windows/x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes) Linux\x86 - 'reboot' polymorphic Shellcode (26 bytes) Windows/x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes) Linux/x86 - 'reboot' polymorphic Shellcode (26 bytes) Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes) Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes) Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes) Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)	2020-07-28 05:01:59 +00:00
Offensive Security	ccea007282	DB: 2020-05-01 81 changes to exploits/shellcodes WordPress 2.9 - Denial of Service WordPress Core 2.9 - Denial of Service Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) PoC) Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) (PoC) IBM AIX 4.3.1 - 'adb' Denial of Service Jzip - Buffer Overflow (PoC) (SEH Unicode) Jzip - Buffer Overflow (PoC) (SEH Unicode) WordPress 4.0 - Denial of Service WordPress < 4.0.1 - Denial of Service WordPress Core 4.0 - Denial of Service WordPress Core < 4.0.1 - Denial of Service Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite) Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite) Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service PHPFreeChat 1.7 - Denial of Service XenForo 2 - CSS Loader Denial of Service MikroTik 6.41.4 - FTP daemon Denial of Service (PoC) Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC) Wansview 1.0.2 - Denial of Service (PoC) StyleWriter 4 1.0 - Denial of Service (PoC) Any Sound Recorder 2.93 - Denial of Service (PoC) Snes9K 0.0.9z - Denial of Service (PoC) Virgin Media Hub 3.0 Router - Denial of Service (PoC) Intelbras IWR 3000N - Denial of Service (Remote Reboot) Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service (PoC) Windows PowerShell - Unsanitized Filename Command Execution Microsoft Windows PowerShell - Unsanitized Filename Command Execution QEMU - Denial of Service Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC) Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File Microsoft Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter Microsoft Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File Bematech Printer MP-4200 - Denial of Service Cisco WLC 2504 8.9 - Denial of Service (PoC) FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH) FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH) WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service FTPGetter Professional 5.97.0.223 - Denial of Service (PoC) FTPGetter Professional 5.97.0.223 - Denial of Service (PoC) Tautulli 2.1.9 - Denial of Service (Metasploit) Microtik SSH Daemon 6.44.3 - Denial of Service (PoC) TP-Link Archer C50 3 - Denial of Service (PoC) Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC) Cisco IP Phone 11.7 - Denial of service (PoC) PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass IBM AIX 4.3.1 - 'adb' Denial of Service Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation Vm86 - Syscall Task Switch Kernel Panic (Denial of Service) / Privilege Escalation Vm86 - Syscall Task Switch Kernel Panic Denial of Service / Privilege Escalation Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow PoC Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow (PoC) AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC) Wansview 1.0.2 - Denial of Service (PoC) StyleWriter 4 1.0 - Denial of Service (PoC) Any Sound Recorder 2.93 - Denial of Service (PoC) Snes9K 0.0.9z - Denial of Service (PoC) Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit) Microsoft Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit) Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass Microsoft Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass Windows NTFS - Privileged File Access Enumeration Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) (Metasploit) Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry (Metasploit) Microsoft Windows NTFS - Privileged File Access Enumeration Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) (Metasploit) Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) and Registry (Metasploit) Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC) _GCafé 3.0 - 'gbClienService' Unquoted Service Path _GCafé 3.0 - 'gbClienService' Unquoted Service Path Wondershare Application Framework Service - _WsAppService_ Unquote Service Path Wondershare Application Framework Service - _WsAppService_ Unquote Service Path Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit) Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit) Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit) Microsoft Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit) Bash 5.0 Patch 11 - SUID Priv Drop Exploit Bash 5.0 Patch 11 - SUID Priv Drop Exploit Windows - Shell COM Server Registrar Local Privilege Escalation Microsoft Windows - Shell COM Server Registrar Local Privilege Escalation Windows Kernel - Information Disclosure Microsoft Windows Kernel - Information Disclosure NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path Chilkat IMAP ActiveX 7.9 - File Execution / IE Denial of Service Chilkat IMAP ActiveX 7.9 - File Execution / Denial of Service Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting WordPress PHPMailer 4.6 - Host Header Command Injection (Metasploit) WordPress Plugin PHPMailer 4.6 - Host Header Command Injection (Metasploit) WordPress 5.0.0 - Crop-image Shell Upload (Metasploit) WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit) Windows PowerShell ISE - Remote Code Execution Microsoft Windows PowerShell ISE - Remote Code Execution QEMU - Denial of Service Microtik SSH Daemon 6.44.3 - Denial of Service (PoC) WordPress 1.2 - HTTP Splitting WordPress Core 1.2 - HTTP Splitting WordPress 1.5.1.1 - SQL Injection WordPress Core 1.5.1.1 - SQL Injection WordPress 1.5.1.1 - 'add new admin' SQL Injection WordPress Core 1.5.1.1 - 'add new admin' SQL Injection WordPress 1.5.1.2 - 'xmlrpc' Interface SQL Injection WordPress Core 1.5.1.2 - 'xmlrpc' Interface SQL Injection WordPress 1.5.1.3 - Remote Code Execution WordPress 1.5.1.3 - Remote Code Execution (Metasploit) WordPress Core 1.5.1.3 - Remote Code Execution WordPress Core 1.5.1.3 - Remote Code Execution (Metasploit) WordPress 2.0.5 - Trackback UTF-7 SQL Injection WordPress Core 2.0.5 - Trackback UTF-7 SQL Injection WordPress 2.0.6 - 'wp-trackback.php' SQL Injection WordPress Core 2.0.6 - 'wp-trackback.php' SQL Injection WordPress 2.1.2 - 'xmlrpc' SQL Injection WordPress Core 2.1.2 - 'xmlrpc' SQL Injection WordPress 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing WordPress Core 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing WordPress 2.2 - 'xmlrpc.php' SQL Injection WordPress Core 2.2 - 'xmlrpc.php' SQL Injection WordPress 2.2 - 'wp-app.php' Arbitrary File Upload WordPress Core 2.2 - 'wp-app.php' Arbitrary File Upload WordPress 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities WordPress Core 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities WordPress 2.3.1 - Charset SQL Injection WordPress Core 2.3.1 - Charset SQL Injection Joomla! Component iJoomla News Portal 1.0 - 'itemID' SQL Injection Joomla! Component iJoomla! News Portal 1.0 - 'itemID' SQL Injection WordPress 2.6.1 - SQL Column Truncation WordPress Core 2.6.1 - SQL Column Truncation WordPress 2.6.1 - Admin Takeover (SQL Column Truncation) WordPress Core 2.6.1 - Admin Takeover (SQL Column Truncation) WordPress 2.8.1 - 'url' Cross-Site Scripting WordPress Core 2.8.1 - 'url' Cross-Site Scripting WordPress 2.8.3 - Remote Admin Reset Password WordPress Core 2.8.3 - Remote Admin Reset Password WordPress 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass WordPress < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution WordPress Core 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass WordPress Core < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution WordPress 2.9 - Failure to Restrict URL Access WordPress Core 2.9 - Failure to Restrict URL Access Joomla! Component Joomla Flickr 1.0 - Local File Inclusion Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion Joomla! Component Wap4Joomla - 'wapmain.php' SQL Injection Joomla! Component Wap4Joomla! - 'wapmain.php' SQL Injection Joomla! Component Minify4Joomla - Arbitrary File Upload / Persistent Cross-Site Scripting Joomla! Component Minify4Joomla! - Arbitrary File Upload / Persistent Cross-Site Scripting Joomla! Component iJoomla Magazine 3.0.1 - Remote File Inclusion Joomla! Component iJoomla! Magazine 3.0.1 - Remote File Inclusion WordPress 3.0.1 - 'do_trackbacks()' SQL Injection WordPress Core 3.0.1 - 'do_trackbacks()' SQL Injection WordPress 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1) WordPress Core 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1) WordPress 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit) WordPress Core 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit) WordPress 3.1.3 - SQL Injection WordPress Core 3.1.3 - SQL Injection WordPress 3.3.1 - Multiple Vulnerabilities WordPress Core 3.3.1 - Multiple Vulnerabilities WordPress 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities WordPress Core 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting WordPress 0.6/0.7 - 'Blog.header.php' SQL Injection WordPress Core 0.6/0.7 - 'Blog.header.php' SQL Injection WordPress 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting WordPress 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2 - 'categories.php?cat_ID' Cross-Site Scripting WordPress 1.2 - 'edit.php?s' Cross-Site Scripting WordPress 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting WordPress Core 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2 - 'categories.php?cat_ID' Cross-Site Scripting WordPress Core 1.2 - 'edit.php?s' Cross-Site Scripting WordPress Core 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2 - 'wp-login.php' HTTP Response Splitting WordPress Core 1.2 - 'wp-login.php' HTTP Response Splitting WordPress 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting WordPress 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting WordPress 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting WordPress 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting WordPress 1.5 - 'post.php' Cross-Site Scripting WordPress Core 1.5 - 'post.php' Cross-Site Scripting WordPress 2.0 - Comment Post HTML Injection WordPress Core 2.0 - Comment Post HTML Injection WordPress 2.0.5 - 'functions.php' Remote File Inclusion WordPress Core 2.0.5 - 'functions.php' Remote File Inclusion WordPress 1.x/2.0.x - 'template.php' HTML Injection WordPress Core 1.x/2.0.x - 'template.php' HTML Injection WordPress 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure WordPress Core 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure WordPress 2.1.1 - 'post.php' Cross-Site Scripting WordPress 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities WordPress Core 2.1.1 - 'post.php' Cross-Site Scripting WordPress Core 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities WordPress 1.x/2.0.x - 'Templates.php' Cross-Site Scripting WordPress Core 1.x/2.0.x - 'Templates.php' Cross-Site Scripting WordPress 2.1.1 - Arbitrary Command Execution WordPress 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution WordPress Core 2.1.1 - Arbitrary Command Execution WordPress Core 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution WordPress < 2.1.2 - 'PHP_Self' Cross-Site Scripting WordPress Core < 2.1.2 - 'PHP_Self' Cross-Site Scripting WordPress 2.2 - 'Request_URI' Cross-Site Scripting WordPress Core 2.2 - 'Request_URI' Cross-Site Scripting WordPress 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting WordPress Core 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting WordPress 1.0.7 - 'Pool index.php' Cross-Site Scripting WordPress Core 1.0.7 - 'Pool index.php' Cross-Site Scripting WordPress 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting WordPress Core 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting WordPress 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting WordPress Core 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting WordPress 2.3.1 - Unauthorized Post Access WordPress Core 2.3.1 - Unauthorized Post Access WordPress 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting WordPress Core 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting WordPress 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting WordPress 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting WordPress Core 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting WordPress Core 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting WordPress 2.3.3 - 'cat' Directory Traversal WordPress Core 2.3.3 - 'cat' Directory Traversal WordPress 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 4.2 - Persistent Cross-Site Scripting WordPress Core 4.2 - Persistent Cross-Site Scripting WordPress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities WordPress Core 3.4.2 - Multiple Path Disclosure Vulnerabilities WordPress 3.4.2 - Cross-Site Request Forgery WordPress Core 3.4.2 - Cross-Site Request Forgery Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service WordPress 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery WordPress Core 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery WordPress 4.5.3 - Directory Traversal / Denial of Service WordPress Core 4.5.3 - Directory Traversal / Denial of Service PHPFreeChat 1.7 - Denial of Service WordPress 4.7.0/4.7.1 - Content Injection (Python) WordPress 4.7.0/4.7.1 - Content Injection (Ruby) WordPress Core 4.7.0/4.7.1 - Content Injection (Python) WordPress Core 4.7.0/4.7.1 - Content Injection (Ruby) WordPress < 4.7.1 - Username Enumeration WordPress Core < 4.7.1 - Username Enumeration WordPress Multiple Plugins - Arbitrary File Upload Multiple WordPress Plugins - Arbitrary File Upload Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download WordPress Plugin Membership Simplified 1.58 - Arbitrary File Download Joomla! Component Picture Calendar for Joomla 3.1.4 - Directory Traversal Joomla! Component Picture Calendar for Joomla! 3.1.4 - Directory Traversal Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - 'alias' SQL Injection Joomla! Component Timetable Responsive Schedule For Joomla! 1.5 - 'alias' SQL Injection Joomla Component ccNewsletter 2.x.x 'id' - SQL Injection Joomla! Component ccNewsletter 2.x.x 'id' - SQL Injection WordPress 4.6 - Remote Code Execution WordPress < 4.7.4 - Unauthorized Password Reset WordPress Core 4.6 - Remote Code Execution WordPress Core < 4.7.4 - Unauthorized Password Reset XenForo 2 - CSS Loader Denial of Service Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion WordPress Plugin Site Editor 1.1.1 - Local File Inclusion Joomla Component Fields - SQLi Remote Code Execution (Metasploit) Joomla! Component Fields - SQLi Remote Code Execution (Metasploit) Wordpress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting WordPress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection) Joomla! Convert Forms version 2.0.3 - Formula Injection (CSV Injection) MikroTik 6.41.4 - FTP daemon Denial of Service PoC Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting WordPress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting Joomla Component Ek Rishta 2.10 - SQL Injection Joomla! Component Ek Rishta 2.10 - SQL Injection Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection WordPress Plugin Ninja Forms 3.3.13 - CSV Injection Wordpress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection Joomla! Component JCK Editor 6.4.4 - 'parent' SQL Injection Joomla Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection Joomla! Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection Virgin Media Hub 3.0 Router - Denial of Service (PoC) Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting WordPress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting WordPress CherryFramework Themes 3.1.4 - Backup File Download WordPress Theme CherryFramework 3.1.4 - Backup File Download WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting WordPress Plugin Easy Testimonials 3.2 - Cross-Site Scripting Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation WordPress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing WordPress Plugin Wisechat 2.6.3 - Reverse Tabnabbing Jenkins 2.150.2 - Remote Command Execution (Metasploit) Jenkins 2.150.2 - Remote Command Execution (Metasploit) Simple Online Hotel Reservation System - SQL Injection Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin) Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin) Simple Online Hotel Reservation System - SQL Injection Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin) Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin) phpBB 3.2.3 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution 60CycleCMS - 'news.php' SQL Injection 60CycleCMS - 'news.php' SQL Injection Joomla Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion Joomla! Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion Intelbras IWR 3000N - Denial of Service (Remote Reboot) Wordpress Plugin Social Warfare < 3.5.3 - Remote Code Execution WordPress Plugin Social Warfare < 3.5.3 - Remote Code Execution Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting Centreon 19.04 - Remote Code Execution Centreon 19.04 - Remote Code Execution WordPress Add Mime Types Plugin 2.2.1 - Cross-Site Request Forgery WordPress Plugin Add Mime Types 2.2.1 - Cross-Site Request Forgery Wordpress Plugin Event Tickets 4.10.7.1 - CSV Injection WordPress Plugin Event Tickets 4.10.7.1 - CSV Injection WordPress 5.2.3 - Cross-Site Host Modification WordPress Core 5.2.3 - Cross-Site Host Modification Joomla 3.4.6 - 'configuration.php' Remote Code Execution Joomla! 3.4.6 - 'configuration.php' Remote Code Execution WordPress Arforms 3.7.1 - Directory Traversal WordPress Plugin Arforms 3.7.1 - Directory Traversal WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting Restaurant Management System 1.0 - Remote Code Execution WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting Restaurant Management System 1.0 - Remote Code Execution Joomla 3.9.13 - 'Host' Header Injection Joomla! 3.9.13 - 'Host' Header Injection Bematech Printer MP-4200 - Denial of Service Cisco WLC 2504 8.9 - Denial of Service (PoC) NopCommerce 4.2.0 - Privilege Escalation NopCommerce 4.2.0 - Privilege Escalation WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass WordPress Plugin Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass Online Book Store 1.0 - 'bookisbn' SQL Injection Huawei HG255 - Directory Traversal ( Metasploit ) Online Book Store 1.0 - 'bookisbn' SQL Injection Huawei HG255 - Directory Traversal (Metasploit) Tautulli 2.1.9 - Denial of Service ( Metasploit ) Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass WordPress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass WordPress Plugin Time Capsule 1.21.16 - Authentication Bypass LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting WordPress Plugin LearnDash LMS 3.1.2 - Reflective Cross-Site Scripting WordPress InfiniteWP - Client Authentication Bypass (Metasploit) WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit) Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting WordPress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting Cacti 1.2.8 - Authenticated Remote Code Execution Cacti 1.2.8 - Authenticated Remote Code Execution Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User) WordPress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User) Wordpress Plugin Search Meter 2.13.2 - CSV injection WordPress Plugin Search Meter 2.13.2 - CSV injection Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting WordPress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting TP-Link Archer C50 3 - Denial of Service (PoC) Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC) Wordpress Plugin Media Library Assistant 2.81 - Local File Inclusion WordPress Plugin Media Library Assistant 2.81 - Local File Inclusion Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution Cisco IP Phone 11.7 - Denial of service (PoC) Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes) Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes) Linux/x86 - Rabbit Encoder Shellcode (200 bytes) Linux/x86 - Rabbit Encoder Shellcode (200 bytes)	2020-05-01 05:02:03 +00:00
Offensive Security	880bbe402e	DB: 2019-03-08 14991 changes to exploits/shellcodes HTC Touch - vCard over IP Denial of Service TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities PeerBlock 1.1 - Blue Screen of Death WS10 Data Server - SCADA Overflow (PoC) Symantec Endpoint Protection 12.1.4013 - Service Disabling Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow man-db 2.4.1 - 'open_cat_stream()' Local uid=man CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation CDRecord's ReadCD - Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) FreeBSD - Intel SYSRET Privilege Escalation (Metasploit) CCProxy 6.2 - 'ping' Remote Buffer Overflow Savant Web Server 3.1 - Remote Buffer Overflow (2) Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit) Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit) Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit) Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) TeamCity < 9.0.2 - Disabled Registration Bypass OpenSSH SCP Client - Write Arbitrary Files Kados R10 GreenBee - Multiple SQL Injection WordPress Core 5.0 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)	2019-03-08 05:01:50 +00:00
Offensive Security	e8dcb9f022	DB: 2019-01-03 12 changes to exploits/shellcodes EZ CD Audio Converter 8.0.7 - Denial of Service (PoC) NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC) NBMonitor Network Bandwidth Monitor 1.6.5.0 - 'Name' Denial of Service (PoC) WebKit JSC - 'AbstractValue::set' Use-After-Free WebKit JSC - 'JSArray::shiftCountWithArrayStorage' Out-of-Bounds Read/Write Ayukov NFTP FTP Client 2.0 - Buffer Overflow Hashicorp Consul - Remote Command Execution via Rexec (Metasploit) Hashicorp Consul - Remote Command Execution via Services API (Metasploit) WordPress Plugin Adicon Server 1.2 - 'selectedPlace' SQL Injection Frog CMS 0.9.5 - Cross-Site Scripting ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts) WSTMart 2.0.8 - Cross-Site Scripting ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts) WSTMart 2.0.8 - Cross-Site Scripting FrontAccounting 2.4.5 - 'SubmitUser' SQL Injection Craft CMS 3.0.25 - Cross-Site Scripting bludit Pages Editor 3.0.0 - Arbitrary File Upload WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload bludit Pages Editor 3.0.0 - Arbitrary File Upload WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload Vtiger CRM 7.1.0 - Remote Code Execution	2019-01-03 05:01:43 +00:00
Offensive Security	a6aa1db161	DB: 2018-12-28 10 changes to exploits/shellcodes Product Key Explorer 4.0.9 - Denial of Service (PoC) NetShareWatcher 1.5.8 - Denial of Service (PoC) ShareAlarmPro 2.1.4 - Denial of Service (PoC) MAGIX Music Editor 3.1 - Buffer Overflow (SEH) Terminal Services Manager 3.1 - Local Buffer Overflow (SEH) Iperius Backup 5.8.1 - Buffer Overflow (SEH) Craft CMS 3.0.25 - Cross-Site Scripting WordPress Plugin Audio Record 1.0 - Arbitrary File Upload bludit Pages Editor 3.0.0 - Arbitrary File Upload WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload	2018-12-28 05:01:43 +00:00
Offensive Security	1ddc5edd5d	DB: 2018-12-21 6 changes to exploits/shellcodes VBScript - VbsErase Reference Leak Use-After-Free VBScript - MSXML Execution Policy Bypass LanSpy 2.0.1.159 - Buffer Overflow (SEH) (Egghunter) XMPlay 3.8.3 - '.m3u' Local Stack Overflow Code Execution Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH) Erlang - Port Mapper Daemon Cookie RCE (Metasploit)	2018-12-21 05:01:52 +00:00
Offensive Security	dfd1e454e1	DB: 2018-11-28 10 changes to exploits/shellcodes MariaDB Client 10.1.26 - Denial of Service (PoC) Arm Whois 3.11 - Buffer Overflow (ASLR) Xorg X11 Server - SUID privilege escalation (Metasploit) ELBA5 5.8.0 - Remote Code Execution Netgear Devices - Unauthenticated Remote Command Execution (Metasploit) Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting Ticketly 1.0 - 'kind_id' SQL Injection No-Cms 1.0 - 'order_by' SQL Injection Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal	2018-11-28 11:08:29 +00:00
Offensive Security	dcc75fdf49	DB: 2018-11-20 3 changes to exploits/shellcodes XMPlay 3.8.3 - '.m3u' Denial of Service (PoC) Microsoft Edge Chakra - OP_Memset Type Confusion HTML Video Player 1.2.5 - Buffer-Overflow (SEH)	2018-11-20 05:01:39 +00:00
Offensive Security	11366ca935	DB: 2018-11-07 18 changes to exploits/shellcodes FaceTime - RTP Video Processing Heap Corruption FaceTime - 'readSPSandGetDecoderParams' Stack Corruption FaceTime - 'VCPDecompressionDecodeFrame' Memory Corruption Blue Server 1.1 - Denial of Service (PoC) eToolz 3.4.8.0 - Denial of Service (PoC) VSAXESS V2.6.2.70 build20171226_053 - 'organization' Denial of Service (PoC) Arm Whois 3.11 - Buffer Overflow (SEH) libiec61850 1.3 - Stack Based Buffer Overflow Morris Worm - sendmail Debug Mode Shell Escape (Metasploit) blueimp's jQuery 9.22.0 - (Arbitrary) File Upload (Metasploit) Morris Worm - fingerd Stack Buffer Overflow (Metasploit) PHP Proxy 3.0.3 - Local File Inclusion Voovi Social Networking Script 1.0 - 'user' SQL Injection CMS Made Simple 2.2.7 - Remote Code Execution OOP CMS BLOG 1.0 - Cross-Site Request Forgery (Add Admin) Grocery crud 1.6.1 - 'search_field' SQL Injection OOP CMS BLOG 1.0 - 'search' SQL Injection OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection LibreHealth 2.0.0 - Arbitrary File Actions	2018-11-07 05:01:44 +00:00
Offensive Security	15b77b5965	DB: 2018-10-30 33 changes to exploits/shellcodes Navicat 12.0.29 - 'SSH' Denial of Service (PoC) AlienIP 2.41 - Denial of Service (PoC) Local Server 1.0.9 - Denial of Service (PoC) systemd - reexec State Injection systemd - chown_one() can Dereference Symlinks ASRock Drivers - Privilege Escalation Modbus Slave 7.0.0 - Denial of Service (PoC) School Equipment Monitoring System 1.0 - 'login' SQL Injection Modbus Slave PLC 7 - '.msw' Buffer Overflow (PoC) Paramiko 2.4.1 - Authentication Bypass Open Faculty Evaluation System 5.6 - 'batch_name' SQL Injection Grapixel New Media 2 - 'pageref' SQL Injection Library Management System 1.0 - 'frmListBooks' SQL Injection Open Faculty Evaluation System 7 - 'batch_name' SQL Injection Card Payment 1.0 - Cross-Site Request Forgery (Update Admin) MTGAS MOGG Web Simulator Script - SQL Injection Aplaya Beach Resort Online Reservation System 1.0 - SQL Injection / Cross-Site Request Forgery Curriculum Evaluation System 1.0 - SQL Injection Bakeshop Inventory System in VB.Net and MS Access Database 1.0 - SQL Injection Point of Sales (POS) in VB.Net MySQL Database 1.0 - SQL Injection School Event Management System 1.0 - SQL Injection School Event Management System 1.0 - Arbitrary File Upload School Event Management System 1.0 - Cross-Site Request Forgery (Update Admin) School Attendance Monitoring System 1.0 - Cross-Site Request Forgery (Update Admin) School Attendance Monitoring System 1.0 - Arbitrary File Upload School Attendance Monitoring System 1.0 - SQL Injection PayPal-Credit Card-Debit Card Payment 1.0 - SQL Injection RhinOS CMS 3.x - Arbitrary File Download E-Negosyo System 1.0 - SQL Injection SaltOS Erp Crm 3.1 r8126 - SQL Injection SaltOS Erp Crm 3.1 r8126 - SQL Injection (2) SaltOS Erp Crm 3.1 r8126 - Database File Download K-iwi Framework 1775 - SQL Injection	2018-10-30 05:01:46 +00:00
Offensive Security	832a222df4	DB: 2018-10-26 21 changes to exploits/shellcodes ServersCheck Monitoring Software 14.3.3 - Denial of Service (PoC) BORGChat 1.0.0 build 438 - Denial of Service (PoC) libtiff 4.0.9 - Decodes Arbitrarily Sized JBIG into a Target Buffer Adult Filter 1.0 - Buffer Overflow (SEH) WebEx - Local Service Permissions Exploit (Metasploit) exim 4.90 - Remote Code Execution ServersCheck Monitoring Software 14.3.3 - Arbitrary File Write exim 4.90 - Remote Code Execution WebExec - Authenticated User Code Execution (Metasploit) ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution Ekushey Project Manager CRM 3.1 - Cross-Site Scripting phptpoint Pharmacy Management System 1.0 - 'username' SQL injection phptpoint Hospital Management System 1.0 - 'user' SQL injection Simple Chat System 1.0 - 'id' SQL Injection Delta Sql 1.8.2 - Arbitrary File Upload User Management 1.1 - Cross-Site Scripting ClipBucket 2.8 - 'id' SQL Injection Simple POS and Inventory 1.0 - 'cat' SQL Injection AiOPMSD Final 1.0.0 - 'q' SQL Injection AjentiCP 1.2.23.13 - Cross-Site Scripting MPS Box 0.1.8.0 - 'uuid' SQL Injection Open STA Manager 2.3 - Arbitrary File Download	2018-10-26 05:01:46 +00:00
Offensive Security	635345499a	DB: 2018-10-18 15 changes to exploits/shellcodes Git Submodule - Arbitrary Code Execution Git Submodule - Arbitrary Code Execution (PoC) Any Sound Recorder 2.93 - Buffer Overflow (SEH) Git Submodule - Arbitrary Code Execution Microsoft Windows Server 2008 R2 (x64) - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010) Microsoft Windows Windows 7/2008 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010) Microsoft Windows Windows 7/2008 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010) FLIR AX8 Thermal Camera 1.32.16 - Hard-Coded Credentials BigTree CMS 4.2.23 - Cross-Site Scripting Time and Expense Management System 3.0 - Cross-Site Request Forgery (Add Admin) TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure Time and Expense Management System 3.0 - 'table' SQL Injection	2018-10-18 05:01:46 +00:00
Offensive Security	731dd0f423	DB: 2018-10-16 22 changes to exploits/shellcodes Snes9K 0.0.9z - Buffer Overflow (SEH) NoMachine < 5.3.27 - Remote Code Execution MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection FLIR Brickstream 3D+ - RTSP Stream Disclosure FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure CAMALEON CMS 2.4 - Cross-Site Scripting Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin) AlchemyCMS 4.1 - Cross-Site Scripting FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution College Notes Management System 1.0 - 'user' SQL Injection Advanced HRM 1.6 - Remote Code Execution Centos Web Panel 0.9.8.480 - Multiple Vulnerabilities Academic Timetable Final Build 7.0 - Information Disclosure KORA 2.7.0 - 'cid' SQL Injection	2018-10-16 05:01:45 +00:00
Offensive Security	89530e070b	DB: 2018-10-05 5 changes to exploits/shellcodes virtualenv 16.0.0 - Sandbox Escape NICO-FTP 3.0.1.19 - Buffer Overflow (SEH)(ASLR) LayerBB Forum 1.1.1 - 'search_query' SQL Injection Linux/x86 - execve(/bin/sh) + NOT +SHIFT-N+ XOR-N Encoded Shellcode (50 byes)	2018-10-05 05:02:07 +00:00
Offensive Security	716ece3cc6	DB: 2018-10-02 13 changes to exploits/shellcodes Snes9K 0.0.9z - Denial of Service (PoC) Zahir Enterprise Plus 6 build 10b - Buffer Overflow (SEH) Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation H2 Database 1.4.196 - Remote Code Execution ManageEngine AssetExplorer 6.2.0 - Cross-Site Scripting Fork CMS 5.4.0 - Cross-Site Scripting Hotel Booking Engine 1.0 - 'h_room_type' SQL Injection Education Website 1.0 - 'subject' SQL Injection Singleleg MLM Software 1.0 - 'msg_id' SQL Injection Binary MLM Software 1.0 - 'pid' SQL Injection Flippa Marketplace Clone 1.0 - 'date_started' SQL Injection WUZHICMS 2.0 - Cross-Site Scripting Billion ADSL Router 400G 20151105641 - Cross-Site Scripting	2018-10-02 05:01:58 +00:00
Offensive Security	4e39fa0f91	DB: 2018-09-26 35 changes to exploits/shellcodes WebKit - 'WebCore::SVGAnimateElementBase::resetAnimatedType' Use-After-Free WebKit - 'WebCore::AXObjectCache::handleMenuItemSelected' Use-After-Free WebKit - 'WebCore::Node::ensureRareData' Use-After-Free WebKit - 'WebCore::InlineTextBox::paint' Out-of-Bounds Read WebKit - 'WebCore::RenderMultiColumnSet::updateMinimumColumnHeight' Use-After-Free WebKit - 'WebCore::SVGTRefElement::updateReferencedText' Use-After-Free WebKit - 'WebCore::RenderLayer::updateDescendantDependentFlags' Use-After-Free WebKit - 'WebCore::SVGTextLayoutAttributes::context' Use-After-Free WebKit - 'WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded' Use-After-Free Easy PhoroResQ 1.0 - Buffer Overflow Solaris - 'EXTREMEPARR' dtappgather Privilege Escalation (Metasploit) Faleemi Desktop Software 1.8.2 - 'Device alias' Local Buffer Overflow (SEH) Collectric CMU 1.0 - 'lang' SQL injection Collectric CMU 1.0 - 'lang' Hard-Coded Credentials / SQL injection RICOH MP C2003 Printer - Cross-Site Scripting Joomla! Component Dutch Auction Factory 2.0.2 - 'filter_order_Dir' SQL Injection Super Cms Blog Pro 1.0 - SQL Injection Joomla! Component Raffle Factory 3.5.2 - SQL Injection Joomla! Component Music Collection 3.0.3 - SQL Injection Joomla! Component Penny Auction Factory 2.0.4 - SQL Injection Joomla! Component Questions 1.4.3 - SQL Injection Joomla! Component Jobs Factory 2.0.4 - SQL Injection Joomla! Component Social Factory 3.8.3 - SQL Injection RICOH MP C6503 Plus Printer - Cross-Site Scripting Joomla Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection Joomla! Component Swap Factory 2.2.1 - SQL Injection Joomla! Component Collection Factory 4.1.9 - SQL Injection Joomla! Component Reverse Auction Factory 4.3.8 - SQL Injection Joomla! Component AlphaIndex Dictionaries 1.0 - SQL Injection Joomla! Component Article Factory Manager 4.3.9 - SQL Injection Joomla! Component Timetable Schedule 3.6.8 - SQL Injection RICOH MP 305+ Printer - Cross-Site Scripting RICOH MP C406Z Printer - Cross-Site Scripting Joomla! Component Responsive Portfolio 1.6.1 - 'filter_order_Dir' SQL Injection Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes) Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) + sigaction() Shellcode (52 Bytes)	2018-09-26 05:02:43 +00:00
Offensive Security	ed0e1e4d44	DB: 2018-09-25 1979 changes to exploits/shellcodes Couchdb 1.5.0 - 'uuids' Denial of Service Apache CouchDB 1.5.0 - 'uuids' Denial of Service Beyond Remote 2.2.5.3 - Denial of Service (PoC) udisks2 2.8.0 - Denial of Service (PoC) Termite 3.4 - Denial of Service (PoC) SoftX FTP Client 3.3 - Denial of Service (PoC) Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection Silverstripe CMS 3.0.2 - Multiple Vulnerabilities SilverStripe CMS 3.0.2 - Multiple Vulnerabilities Silverstripe CMS 2.4 - File Renaming Security Bypass SilverStripe CMS 2.4 - File Renaming Security Bypass Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload Silverstripe CMS 2.4.x - 'BackURL' Open Redirection SilverStripe CMS 2.4.x - 'BackURL' Open Redirection Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure Silverstripe CMS - Multiple HTML Injection Vulnerabilities SilverStripe CMS - Multiple HTML Injection Vulnerabilities Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation Monstra CMS before 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (2) Monstra CMS < 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (1) Navigate CMS 2.8 - Cross-Site Scripting Collectric CMU 1.0 - 'lang' SQL injection Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection LG SuperSign EZ CMS 2.5 - Remote Code Execution MyBB Visual Editor 1.8.18 - Cross-Site Scripting Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection RICOH Aficio MP 301 Printer - Cross-Site Scripting Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection RICOH MP C6003 Printer - Cross-Site Scripting Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes) Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)	2018-09-25 05:01:51 +00:00
Offensive Security	3bbc91c16a	DB: 2018-09-21 2 changes to exploits/shellcodes NICO-FTP 3.0.1.19 - Buffer Overflow (SEH) Linux/x86 - Egghunter (0x50905090) + sigaction() Shellcode (27 bytes)	2018-09-21 05:01:43 +00:00
Offensive Security	c1b7aa12fc	DB: 2018-09-15 10 changes to exploits/shellcodes CdBurnerXP 4.5.8.6795 - 'File Name' Denial of Service (PoC) InfraRecorder 0.53 - '.txt' Denial of Service (PoC) Faleemi Plus 1.0.2 - Denial of Service (PoC) Free MP3 CD Ripper 2.6 - '.wma' Local Buffer Overflow (SEH) Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution (Metasploit) Wordpress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection Linux/x86 - Add User(r00t/blank) Polymorphic Shellcode (103 bytes) Linux/x86 - Read File (/etc/passwd) MSF Optimized Shellcode (61 bytes) Linux/86 - File Modification(/etc/hosts) Polymorphic Shellcode (99 bytes) Linux/x86 - Random Bytewise XOR + Insertion Encoder Shellcode (54 bytes)	2018-09-15 05:01:52 +00:00
Offensive Security	2785d40187	DB: 2018-09-14 12 changes to exploits/shellcodes Clone2Go Video to iPod Converter 2.5.0 - Denial of Service (PoC) MediaTek Wirless Utility rt2870 - Denial of Service (PoC) TeamViewer App 13.0.100.0 - Denial of Service (PoC) Linux 4.18 - Arbitrary Kernel Read into dmesg via Missing Address Check in segfault Handler InduSoft Web Studio 8.1 SP1 - 'Tag Name' Buffer Overflow (SEH) STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation Faleemi Desktop Software 1.8.2 - 'SavePath for ScreenShots' Buffer Overflow (SEH) Free MP3 CD Ripper 2.6 - '.mp3' Buffer Overflow (SEH) Socusoft Photo to Video Converter 8.07 - 'Registration Name' Buffer Overflow Chrome OS 10820.0.0 dev-channel - app->VM via garcon TCP Command Socket MyBB 1.8.17 - Cross-Site Scripting Apache Portals Pluto 3.0.0 - Remote Code Execution Apache Syncope 2.0.7 - Remote Code Execution	2018-09-14 05:01:54 +00:00
Offensive Security	d7fa449452	DB: 2018-09-12 7 changes to exploits/shellcodes Zenmap (Nmap) 7.70 - Denial of Service (PoC) HTML5 Video Player 1.2.5 - Denial of Service (PoC) Zenmap (Nmap) 7.70 - Denial of Service (PoC) InTouch Machine Edition 8.1 SP1 - 'Nombre del Tag' Buffer Overflow (SEH) Android - 'zygote->init;' Chain from USB Privilege Escalation Monstra CMS 3.0.4 - Arbitrary File Upload / Remote Code Execution Monstra CMS 3.0.4 - (Authenticated) Arbitrary File Upload / Remote Code Execution CMS Made Simple 2.2.5 - Remote Code Execution CMS Made Simple 2.2.5 - (Authenticated) Remote Code Execution OpenEMR < 5.0.1 - Remote Code Execution OpenEMR < 5.0.1 - (Authenticated) Remote Code Execution Jorani Leave Management 0.6.5 - 'startdate' SQL Injection Jorani Leave Management 0.6.5 - (Authenticated) 'startdate' SQL Injection OpenEMR 5.0.1.3 - Arbitrary File Actions OpenEMR 5.0.1.3 - (Authenticated) Arbitrary File Actions WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection WordPress Plugin Gift Voucher 1.0.5 - (Authenticated) 'template_id' SQL Injection Bayanno Hospital Management System 4.0 - Cross-Site Scripting	2018-09-12 05:01:53 +00:00
Offensive Security	87053f010c	DB: 2018-09-11 12 changes to exploits/shellcodes SocuSoft iPod Photo Slideshow 8.05 - Buffer Overflow (SEH) Socusoft 3GP Photo Slideshow 8.05 - Buffer Overflow (SEH) Photo To Video Converter Professional 8.07 - Buffer Overflow (SEH) Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection Flash Slideshow Maker Professional 5.20 - Buffer Overflow (SEH) Any Sound Recorder 2.93 - Denial of Service (PoC) Zenmap (Nmap) 7.70 - Denial of Service (PoC) Ghostscript - Failed Restore Command Execution (Metasploit) VirtualBox 5.2.6.r120293 - VM Escape Apache Struts 2 - Namespace Redirect OGNL Injection (Metasploit) RPi Cam Control <= 6.3.14 - Multiple Vulnerabilities RPi Cam Control < 6.3.14 - Multiple Vulnerabilities LW-N605R 12.20.2.1486 - Remote Code Execution RPi Cam Control < 6.4.25 - 'preview.php' Remote Command Execution	2018-09-11 05:01:54 +00:00
Offensive Security	76af808136	DB: 2018-09-08 6 changes to exploits/shellcodes DVD Photo Slideshow Professional 8.07 - Buffer Overflow (SEH) iSmartViewPro 1.5 - 'SavePath for ScreenShots' Local Buffer Overflow (SEH) Tenable WAS-Scanner 7.4.1708 - Remote Command Execution D-Link Dir-600M N150 - Cross-Site Scripting MedDream PACS Server Premium 6.7.1.1 - 'email' SQL Injection Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal QNAP Photo Station 5.7.0 - Cross-Site Scripting	2018-09-08 05:01:54 +00:00
Offensive Security	14bdc56535	DB: 2018-09-05 6 changes to exploits/shellcodes iSmartViewPro 1.5 - 'DDNS' Buffer Overflow Logicspice FAQ Script 2.9.7 - Remote Code Execution PHP File Browser Script 1 - Directory Traversal Simple POS 4.0.24 - 'columns[0][search][value]' SQL Injection mooSocial Store Plugin 2.6 - SQL Injection Linux/ARM - read(0_ buf_ 0xff) stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (20 Bytes)	2018-09-05 05:01:52 +00:00
Offensive Security	a0f0afa2de	DB: 2018-09-01 5 changes to exploits/shellcodes Acunetix WVS Reporter 10.0 - Denial of Service (PoC) Argus Surveillance DVR 4.0.0.0 - Privilege Escalation Network Manager VPNC - Username Privilege Escalation (Metasploit) Vox TG790 ADSL Router - Cross-Site Scripting DamiCMS 6.0.0 - Cross-Site Request Forgery (Change Admin Password)	2018-09-01 05:01:55 +00:00
Offensive Security	18e2848633	DB: 2018-08-28 25 changes to exploits/shellcodes Firefox 55.0.3 - Denial of Service (PoC) Trend Micro Enterprise Mobile Security 2.0.0.1700 - 'Servidor' Denial of Service (PoC) Libpango 1.40.8 - Denial of Service (PoC) Adobe Flash - AVC Processing Out-of-Bounds Read Foxit Reader 9.0.1.1049 - Buffer Overflow (ASLR)(DEP) CuteFTP 5.0 - Buffer Overflow Foxit PDF Reader 9.0.1.1049 - Pointer Overwrite Use-After-Free (Metasploit) OpenSSH 7.7 - Username Enumeration OpenSSH 2.3 < 7.7 - Username Enumeration Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (1) Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (2) Node.JS - 'node-serialize' Remote Code Execution Electron WebPreferences - Remote Code Execution HP Jetdirect - Path Traversal Arbitrary Code Execution (Metasploit) Auditor Website 2.0.1 - Cross-Site Scripting Basic B2B Script 2.0.0 - Cross-Site Scripting Entrepreneur Job Portal Script 3.0.1 - Cross-Site Scripting Sentrifugo HRMS 3.2 - 'deptid' SQL Injection WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting Gleez CMS 1.2.0 - Cross-Site Request Forgery (Add Admin) RICOH MP C4504ex Printer - Cross-Site Request Forgery (Add Admin) LiteCart 2.1.2 - Arbitrary File Upload Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection Responsive FileManager < 9.13.4 - Directory Traversal WordPress Plugin Plainview Activity Monitor 20161228 - Command Injection	2018-08-28 05:01:59 +00:00
Offensive Security	4d43b968d8	DB: 2018-08-24 7 changes to exploits/shellcodes CuteFTP 8.3.1 - Denial of Service (PoC) Epiphany Web Browser 3.28.1 - Denial of Service (PoC) StyleWriter 4 1.0 - Denial of Service (PoC) CMS ISWEB 3.5.3 - Directory Traversal Twitter-Clone 1 - 'code' SQL Injection PCViewer vt1000 - Directory Traversal	2018-08-24 05:01:53 +00:00
Offensive Security	b81a1d9d72	DB: 2018-08-23 12 changes to exploits/shellcodes Textpad 7.6.4 - Denial Of Service (PoC) UltraISO 9.7.1.3519 - Denial Of Service (PoC) Easyboot 6.6.0 - Denial Of Service (PoC) Softdisk 3.0.3 - Denial Of Service (PoC) Soroush IM Desktop App 0.17.0 - Authentication Bypass Project64 2.3.2 - Buffer Overflow (SEH) Ghostscript - Multiple Vulnerabilities Windows 10 Diagnostics Hub Standard Collector Service - Privilege Escalation OpenSSH 2.3 < 7.4 - Username Enumeration (PoC) OpenSSH 2.3 < 7.7 - Username Enumeration (PoC) Geutebrueck re_porter 7.8.974.20 - Credential Disclosure ZyXEL VMG3312-B10B - Cross-Site Scripting KingMedia 4.1 - Remote Code Execution Geutebrueck re_porter 16 - Cross-Site Scripting	2018-08-23 05:01:49 +00:00
Offensive Security	1e34c2b6a5	DB: 2018-08-14 11 changes to exploits/shellcodes IP Finder 1.5 - Denial of Service (PoC) Acunetix WVS 10.0 Build 20150623 - Denial of Service (PoC) PLC Wireless Router GPN2.4P21-C-CN - Denial of Service Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service (PoC) Monitoring software iSmartViewPro 1.5 - 'SavePath for ScreenShots' Buffer Overflow PostgreSQL 9.4-0.5.3 - Privilege Escalation Android - Directory Traversal over USB via Injection in blkid Output Microsoft DirectX SDK - 'Xact.exe' Remote Code Execution Oracle Weblogic Server - Deserialization Remote Code Execution (Metasploit) Monstra-Dev 3.0.4 - Cross-Site Request Forgery(Account Hijacking) Monstra-Dev 3.0.4 - Cross-Site Request Forgery (Account Hijacking) IBM Sterling B2B Integrator 5.2.0.1/5.2.6.3 - Cross-Site Scripting Linux/x64 - Add Root User (toor/toor) Shellcode (99 bytes)	2018-08-14 05:01:45 +00:00
Offensive Security	4af1687693	DB: 2018-06-08 5 changes to exploits/shellcodes macOS Kernel - Use-After-Free Due to Lack of Locking in nvidia GeForce Driver macOS/iOS Kernel - Heap Overflow Due to Lack of Lower Size Check in getvolattrlist Apple macOS Kernel - Use-After-Free Due to Lack of Locking in nvidia GeForce Driver Apple macOS/iOS Kernel - Heap Overflow Due to Lack of Lower Size Check in getvolattrlist Forticlient 5.2.3 (Windows 10 x64 Pre Anniversary) - Local Privilege Escalation Forticlient 5.2.3 (Windows 10 x64 Post Anniversary) - Local Privilege Escalation Fortinet FortiClient 5.2.3 (Windows 10 x64 Pre-Anniversary) - Local Privilege Escalation Fortinet FortiClient 5.2.3 (Windows 10 x64 Post-Anniversary) - Local Privilege Escalation Fortinet FortiClient 5.2.3 (Windows 10 x86) - Local Privilege Escalation Ftp Server 1.32 - Credential Disclosure WordPress Form Maker Plugin 1.12.24 - SQL Injection WordPress Contact Form Maker Plugin 1.12.20 - SQL Injection Monstra CMS < 3.0.4 - Cross-Site Scripting Automation	2018-06-08 05:01:44 +00:00
Offensive Security	ad4b4f15f3	DB: 2018-06-06 11 changes to exploits/shellcodes Linux Kernel < 4.16.11 - 'ext4_read_inline_data()' Memory Corruption Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit) Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit) Clone2GO Video converter 2.8.2 - Buffer Overflow 10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH) 10-Strike Network Inventory Explorer 8.54 - 'Registration Key' Buffer Overflow (SEH) 10-Strike Network Scanner 3.0 - Local Buffer Overflow (SEH) WebKitGTK+ < 2.21.3 - Crash (PoC) WebKit - not_number defineProperties UAF (Metasploit) EMS Master Calendar < 8.0.0.20180520 - Reflected Cross-Site Scripting EMS Master Calendar < 8.0.0.20180520 - Cross-Site Scripting MyBB Recent Threads Plugin 1.0 - Cross-Site Scripting Pagekit < 1.0.13 - Cross-Site Scripting Code Generator Brother HL Series Printers 1.15 - Cross-Site Scripting Jenkins Mailer Plugin < 1.20 - Cross-Site Request Forgery (Send Email)	2018-06-06 05:01:46 +00:00
Offensive Security	9fd8680103	DB: 2018-05-29 11 changes to exploits/shellcodes ALFTP 5.31 - Local Buffer Overflow (SEH Bypass) CloudMe Sync < 1.11.0 - Buffer Overflow (SEH) (DEP Bypass) Wordpress Plugin Events Calendar - SQL Injection / Cross-Site Scripting Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting TP-Link TL-WR840N/TL-WR841N - Authenticaton Bypass DomainMod 4.09.03 - 'oid' Cross-Site Scripting DomainMod 4.09.03 - 'sslpaid' Cross-Site Scripting Wordpress Plugin Events Calendar - SQL Injection Joomla! Component Full Social 1.1.0 - 'search_query' SQL Injection Joomla! Component jCart for OpenCart 2.3.0.2 - Cross-Site Request Forgery Joomla! Component JoomOCShop 1.0 - Cross-Site Request Forgery wityCMS 0.6.1 - Cross-Site Scripting Linux/x86 - Bind (5555/TCP) Shell Shellcode (98 bytes)	2018-05-29 05:01:46 +00:00
Offensive Security	08c35595ed	DB: 2018-05-22 23 changes to exploits/shellcodes Linux 2.6.30 < 2.6.36-rc8 - Reliable Datagram Sockets (RDS) Privilege Escalation (Metasploit) R 3.4.4 - Local Buffer Overflow (DEP Bypass) KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection Adobe Enterprise Manager (AEM) < 6.3 - Remote Code Execution Superfood 1.0 - Multiple Vulnerabilities Private Message PHP Script 2.0 - Persistent Cross-Site Scripting Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Zenar Content Management System - Cross-Site Scripting GitBucket 4.23.1 - Remote Code Execution ManageEngine Recovery Manager Plus 5.3 - Persistent Cross-Site Scripting Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery Teradek VidiU Pro 3.0.3 - Cross-Site Request Forgery Teradek VidiU Pro 3.0.3 - Server-Side Request Forgery Teradek Cube 7.3.6 - Cross-Site Request Forgery Teradek Slice 7.3.15 - Cross-Site Request Forgery Schneider Electric PLCs - Cross-Site Request Forgery Auto Dealership & Vehicle Showroom WebSys 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Admin Panel Authentication Bypass Merge PACS 7.0 - Cross-Site Request Forgery Model Agency Media House & Model Gallery 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Authentication Bypass Wchat PHP AJAX Chat Script 1.5 - Persistent Cross-Site Scripting	2018-05-22 05:01:47 +00:00
Offensive Security	b1f00227f1	DB: 2018-04-27 12 changes to exploits/shellcodes Free Download Manager 2.0 Built 417 - Local Buffer Overflow (SEH) Allok AVI to DVD SVCD VCD Converter 4.0.1217 - Buffer Overflow (SEH) Eudora Qualcomm WorldMail 9.0.333.0 - IMAPd Service UID Buffer Overflow Shopy Point of Sale v1.0 - CSV Injection Shopy Point of Sale 1.0 - CSV Injection Drupal < 7.58 - 'drupalgeddon3' Authenticated Remote Code Execution (PoC) Blog Master Pro v1.0 - CSV Injection HRSALE The Ultimate HRM v1.0.2 - CSV Injection HRSALE The Ultimate HRM v1.0.2 - 'award_id' SQL Injection Blog Master Pro 1.0 - CSV Injection HRSALE The Ultimate HRM 1.0.2 - CSV Injection HRSALE The Ultimate HRM 1.0.2 - 'award_id' SQL Injection HRSALE The Ultimate HRM v1.0.2 - Local File Inclusion HRSALE The Ultimate HRM 1.0.2 - Local File Inclusion Jfrog Artifactory < 4.16 - Unauthenticated Arbitrary File Upload / Remote Command Execution WordPress Plugin WP with Spritz 1.0 - Remote File Inclusion SickRage < v2018.03.09 - Clear-Text Credentials HTTP Response October CMS User Plugin 1.4.5 - Persistent Cross-Site Scripting MyBB Threads to Link Plugin 1.3 - Cross-Site Scripting GitList 0.6 - Unauthenticated Remote Code Execution TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Unauthenticated Remote Reboot Frog CMS 0.9.5 - Persistent Cross-Site Scripting	2018-04-27 05:01:49 +00:00
Offensive Security	2090553629	DB: 2018-04-26 12 changes to exploits/shellcodes VMware Workstations 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read VMware Workstation 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read Microsoft (Win 10) Internet Explorer 11.371.16299.0 - Denial Of Service Microsoft Internet Explorer 11.371.16299.0 (Windows 10) - Denial Of Service VMware Workstation 12.5.2 - Drag n Drop Use-After-Free (Pwn2Own 2017) (PoC) Chrome V8 JIT - 'AwaitedPromise' Update Bug Chrome V8 JIT - Arrow Function Scope Fixing Bug Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow PoC Shopy Point of Sale v1.0 - CSV Injection Blog Master Pro v1.0 - CSV Injection HRSALE The Ultimate HRM v1.0.2 - CSV Injection HRSALE The Ultimate HRM v1.0.2 - 'award_id' SQL Injection HRSALE The Ultimate HRM 1.0.2 - Authenticated Cross-Site Scripting HRSALE The Ultimate HRM v1.0.2 - Local File Inclusion Linux/x86 - Bind TCP (1337/TCP) Shell + Null-Free Shellcode (92 bytes) Linux/x86 - Edit /etc/sudoers with NOPASSWD for ALL Shellcode Linux/x86 - Reverse TCP (5555/TCP) Shellcode - (73 Bytes) Linux/x86 - Bind TCP (1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 bytes) Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) For Full Access + Null-Free Shellcode (79 bytes) Linux/x86 - Reverse TCP (127.1.1.1:5555/TCP) Shell Shellcode (73 Bytes) Linux/x86 - cp /bin/sh /tmp/sh; chmod +s /tmp/sh Shellcode (74 bytes) Linux/x86 - execve /bin/sh Shellcode Encoded with ROT-13 + RShift-2 + XOR Encoded (44 bytes) Linux/x86 - execve(cp /bin/sh /tmp/sh; chmod +s /tmp/sh) + Null-Free Shellcode (74 bytes) Linux/x86 - execve(/bin/sh) + ROT-13 + RShift-2 + XOR Encoded Shellcode (44 bytes)	2018-04-26 05:01:48 +00:00
Offensive Security	d0cba5625f	DB: 2018-04-18 12 changes to exploits/shellcodes Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service AMD Plays.tv 1.27.5.0 - 'plays_service.exe' Arbitrary File Execution Microsoft Window Manager (Windows 7 x86) - Menu Management Component UAF Privilege Elevation Microsoft Windows Kernel (Windows 7 x86) - Local Privilege Escalation (MS17-017) Microsoft Windows Kernel (Windows 7 x86) - Local Privilege Escalation (MS16-039) D-Link DIR-615 Wireless Router - Persistent Cross Site Scripting Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (Metasploit) Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC) Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC) Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution Joomla! Component jDownloads 3.2.58 - Cross Site Scripting	2018-04-18 05:01:47 +00:00
Offensive Security	08c1a4df45	DB: 2018-04-11 9 changes to exploits/shellcodes Google Chrome V8 JIT - 'LoadElimination::ReduceTransitionElementsKind' Type Confusion DVD X Player Standard 5.5.3.9 - Buffer Overflow iScripts Easycreate 3.2.1 - Stored Cross-Site Scripting Wordpress Plugin Activity Log 2.4.0 - Stored Cross Site Scripting WUZHI CMS 4.1.0 - ‘Add Admin Account’ Cross-Site Request Forgery WUZHI CMS 4.1.0 - ‘Add User Account’ Cross-Site Request Forgery Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager - Invalid Access Control WordPress File Upload Plugin 4.3.2 - Stored Cross Site Scripting WordPress Plugin WordPress File Upload 4.3.3 - Stored XSS	2018-04-11 05:01:46 +00:00
Offensive Security	7a33f5d0bf	DB: 2018-02-23 15 changes to exploits/shellcodes NoMachine x86 < 6.0.80 - 'nxfuse' Privilege Escalation NoMachine x64 < 6.0.80 - 'nxfuse' Privilege Escalation Armadito Antivirus 0.12.7.2 - Detection Bypass Joomla! Component CW Tags 2.0.6 - SQL Injection Joomla! Component Proclaim 9.1.1 - Backup File Download Joomla! Component PrayerCenter 3.0.2 - 'sessionid' SQL Injection Joomla! Component Ek Rishta 2.9 - SQL Injection Joomla! Component Alexandria Book Library 3.1.2 - 'letter' SQL Injection Joomla! Component CheckList 1.1.1 - SQL Injection Joomla! Component Proclaim 9.1.1 - Arbitrary File Upload Joomla! Component OS Property Real Estate 3.12.7 - SQL Injection Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities Learning and Examination Management System - Cross-Site Scripting Alibaba Clone Script 1.0.2 - Cross-Site Scripting Groupon Clone Script 3.0.2 - Cross-Site Scripting	2018-02-23 05:01:47 +00:00
Offensive Security	f589361686	DB: 2018-01-13 1949 changes to exploits/shellcodes Bird Chat 1.61 - Denial of Service Quake 3 Engine Client (Windows x86) - CS_ITEms Remote Overflow Mercur IMAPD 5.00.14 (Windows x86) - Remote Denial of Service PHP 5.2.0 (Windows x86) - 'PHP_win32sti' Local Buffer Overflow PHP 5.2.0 (Windows x86) - 'PHP_iisfunc.dll' Local Buffer Overflow 32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow (PoC) Apple Safari 3.2.3 (Windows x86) - JavaScript 'eval' Remote Denial of Service Apple Safari 4.0.3 (Windows x86) - 'CSS' Remote Denial of Service (1) Apple Safari 4.0.3 (Windows x86) - 'CSS' Remote Denial of Service (2) HP Data Protector Media Operations - Null Pointer Dereference Remote Denial of Service AnyDVD 6.7.1.0 - Denial of Service Microsoft Windows - Win32k Pointer Dereferencement (PoC) (MS10-098) Apple Safari - GdiDrawStream Blue Screen of Death Oracle VM VirtualBox 4.1 - Local Denial of Service Linux Kernel 2.6.x (x64) - Personality Handling Local Denial of Service Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free / Memory Corruption (PoC) (MS14-035) VMware Workstations 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read Linux Kernel 3.17.5 - IRET Instruction #SS Fault Handling Crash (PoC) Samba < 3.6.2 (x86) - Denial of Service (PoC) Adobe Flash (Linux x64) - Bad Dereference at 0x23c Adobe Flash - XMLSocket Destructor Not Cleared Before Setting User Data in connect Adobe Flash - Heap Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec Adobe Flash - Heap Buffer Overflow Due to Indexing Error When Loading FLV File Adobe Flash - Shared Object Type Confusion Adobe Flash - Heap Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec Adobe Flash - Heap Buffer Overflow Due to Indexing Error When Loading FLV File Adobe Flash - Shared Object Type Confusion ActiveState Perl.exe x64 Client 5.20.2 - Crash (PoC) Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2) Microsoft Windows Kernel - 'DeferWindowPos' Use-After-Free (MS15-073) Microsoft Windows Kernel - 'UserCommitDesktopMemory' Use-After-Free (MS15-073) Microsoft Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061) Microsoft Windows Kernel - 'HmgAllocateObjectAttr' Use-After-Free (MS15-061) Microsoft Windows Kernel - 'win32k!vSolidFillRect' Buffer Overflow (MS15-061) Microsoft Windows Kernel - 'SURFOBJ' Null Pointer Dereference (MS15-061) Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2) Microsoft Windows Kernel - 'DeferWindowPos' Use-After-Free (MS15-073) Microsoft Windows Kernel - 'UserCommitDesktopMemory' Use-After-Free (MS15-073) Microsoft Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061) Microsoft Windows Kernel - 'HmgAllocateObjectAttr' Use-After-Free (MS15-061) Microsoft Windows Kernel - 'win32k!vSolidFillRect' Buffer Overflow (MS15-061) Microsoft Windows Kernel - 'SURFOBJ' Null Pointer Dereference (MS15-061) Microsoft Windows Kernel - WindowStation Use-After-Free (MS15-061) Microsoft Windows Kernel - Null Pointer Dereference with Window Station and Clipboard (MS15-061) Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1) Microsoft Windows Kernel - 'FlashWindowEx' Memory Corruption (MS15-097) Microsoft Windows Kernel - 'bGetRealizedBrush' Use-After-Free (MS15-097) Microsoft Windows Kernel - Use-After-Free with Cursor Object (MS15-097) Microsoft Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097) Microsoft Windows Kernel - 'NtGdiStretchBlt' Pool Buffer Overflow (MS15-097) Microsoft Windows Kernel - WindowStation Use-After-Free (MS15-061) Microsoft Windows Kernel - Null Pointer Dereference with Window Station and Clipboard (MS15-061) Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1) Microsoft Windows Kernel - 'FlashWindowEx' Memory Corruption (MS15-097) Microsoft Windows Kernel - 'bGetRealizedBrush' Use-After-Free (MS15-097) Microsoft Windows Kernel - Use-After-Free with Cursor Object (MS15-097) Microsoft Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097) Microsoft Windows Kernel - 'NtGdiStretchBlt' Pool Buffer Overflow (MS15-097) Microsoft Windows Kernel - 'NtGdiBitBlt' Buffer Overflow (MS15-097) Tomabo MP4 Converter 3.10.12 < 3.11.12 - '.m3u' File Crush Application (Denial of Service) Google Chrome - open-vcdiff Out-of-Bounds Read in Browser Process Integer Overflow win32k Desktop and Clipboard - Null Pointer Dereference win32k Clipboard Bitmap - Use-After-Free win32k Desktop and Clipboard - Null Pointer Dereference win32k Clipboard Bitmap - Use-After-Free Adobe Flash Selection.SetSelection - Use-After-Free Adobe Flash Sound.setTransform - Use-After-Free Adobe Flash - Use-After-Free When Setting Stage Linux (x86) - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited Microsoft Windows Kernel - DrawMenuBarTemp Wild-Write (MS16-039) Core FTP Server 32-bit Build 587 - Heap Overflow Microsoft Windows - Custom Font Disable Policy Bypass Wireshark 2.0.0 < 2.0.4 - CORBA IDL Dissectors Denial of Service Evostream Media Server 1.7.1 (x64) - Denial of Service Kentico CMS 11.0 - Buffer Overflow PyroBatchFTP < 3.19 - Buffer Overflow Microsoft Edge 38.14393.1066.0 - 'textarea.defaultValue' Memory Disclosure Navicat Premium 11.2.11 (x64) - Local Database Password Disclosure PrivateTunnel Client 2.7.0 (x64) - Local Credentials Disclosure Oracle 10g (Windows x86) - 'PROCESS_DUP_HANDLE' Local Privilege Escalation GIMP 2.2.14 (Windows x86) - '.ras' Download/Execute Buffer Overflow Notepad++ 4.1 (Windows x86) - '.ruby' File Processing Buffer Overflow Linux Kernel 2.4/2.6 (x86-64) - System Call Emulation Privilege Escalation PHP 5.2.9 (Windows x86) - Local Safemod Bypass Linux Kernel 2.6.24_16-23/2.6.27_7-10/2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - 'set_selection()' UTF-8 Off-by-One Privilege Escalation Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - 'ip_append_data()' Ring0 Privilege Escalation (1) HTMLDOC 1.9.x-r1629 (Windows x86) - '.html' Local Buffer Overflow RadASM - '.rap' file Local Buffer Overflow Mini-stream RM-MP3 Converter 3.1.2.1 - '.pls' Local Stack Buffer Overflow Universal Audiotran 1.4.2.4 - Local Overflow (SEH) Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation Linux Kernel 2.6.27 < 2.6.36 (RedHat x86-64) - 'compat' Local Privilege Escalation Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation Linux Kernel 2.6.27 < 2.6.36 (RedHat x86-64) - 'compat' Local Privilege Escalation Linux Kernel < 2.6.34 (Ubuntu 10.10 x86) - 'CAP_SYS_ADMIN' Local Privilege Escalation (1) Linux Kernel 4.6.3 (x86) - 'Netfilter' Local Privilege Escalation (Metasploit) VideoLAN VLC Client (Windows x86) - 'smb://' URI Buffer Overflow (Metasploit) QQPLAYER Player 3.2 - PICT PnSize Buffer Overflow Windows (ASLR + DEP Bypass) (Metasploit) PHP 5.4.3 (Windows x86 Polish) - Code Execution Microsoft Windows Kernel - Intel x64 SYSRET (MS12-042) Dropbox Desktop Client 9.4.49 (x64) - Local Credentials Disclosure Linux Kernel 3.3.x < 3.7.x (Arch Linux x86-64) - 'sock_diag_handlers[]' Local Privilege Escalation (1) Linux Kernel 3.7.10 (Ubuntu 12.10 x64) - 'sock_diag_handlers' Local Privilege Escalation (2) Linux Kernel < 3.8.9 (x86-64) - 'perf_swevent_init' Local Privilege Escalation (2) Novell Client 2 SP3 - 'nicm.sys' Local Privilege Escalation (Metasploit) Solaris Recommended Patch Cluster 6/19 (x86) - Local Privilege Escalation Nvidia (nvsvc) Display Driver Service - Local Privilege Escalation (Metasploit) Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10 x64) - 'CONFIG_X86_X32=y' Local Privilege Escalation (3) LogMeIn Client 1.3.2462 (x64) - Local Credentials Disclosure Systrace 1.x (x64) - Aware Linux Kernel Privilege Escalation Microsoft Windows - NTUserMessageCall Win32k Kernel Pool Overflow 'schlamperei.x86.dll' (MS13-053) (Metasploit) Linux Kernel 3.14-rc1 < 3.15-rc4 (x64) - Raw Mode PTY Echo Race Condition Privilege Escalation Linux Kernel 3.2.0-23/3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Local Privilege Escalation (3) TeamViewer 11.0.65452 (x64) - Local Credentials Disclosure OpenVPN Private Tunnel Core Service - Unquoted Service Path Privilege Escalation Linux Kernel < 3.2.0-23 (Ubuntu 12.04 x64) - 'ptrace/sysret' Local Privilege Escalation Microsoft Windows XP SP3 - 'MQAC.sys' Arbitrary Write Privilege Escalation (Metasploit) Linux Kernel < 3.2.0-23 (Ubuntu 12.04 x64) - 'ptrace/sysret' Local Privilege Escalation Microsoft Windows XP SP3 - 'MQAC.sys' Arbitrary Write Privilege Escalation (Metasploit) Microsoft Bluetooth Personal Area Networking - 'BthPan.sys' Local Privilege Escalation (Metasploit) Microsoft Windows - OLE Package Manager Code Execution (MS14-060) (Metasploit) Offset2lib - Bypassing Full ASLR On 64 bit Linux Linux Kernel (x86-64) - Rowhammer Privilege Escalation Rowhammer - NaCl Sandbox Escape Linux Kernel (x86-64) - Rowhammer Privilege Escalation Rowhammer - NaCl Sandbox Escape Microsoft Windows 8.0/8.1 (x64) - 'TrackPopupMenu' Local Privilege Escalation (MS14-058) Linux espfix64 - Nested NMIs Interrupting Privilege Escalation Linux (x86) - Memory Sinkhole Privilege Escalation Linux espfix64 - Nested NMIs Interrupting Privilege Escalation Linux (x86) - Memory Sinkhole Privilege Escalation Microsoft Windows XP SP3 (x86) / 2003 SP2 (x86) - 'NDProxy' Local Privilege Escalation (MS14-002) Microsoft Windows - Font Driver Buffer Overflow (MS15-078) (Metasploit) TrueCrypt 7 / VeraCrypt 1.13 - Drive Letter Symbolic Link Creation Privilege Escalation Microsoft Windows 8.1 - 'win32k' Local Privilege Escalation (MS15-010) MySQL 5.5.45 (x64) - Local Credentials Disclosure Microsoft Windows 7 SP1 (x86) - 'WebDAV' Local Privilege Escalation (MS16-016) (1) Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) Secret Net 7 and Secret Net Studio 8 - Local Privilege Escalation Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) Microsoft Windows 8.1/10 (x86) - Secondary Logon Standard Handles Missing Sanitization Privilege Escalation (MS16-032) ACROS Security 0patch 2016.05.19.539 - '0PatchServicex64.exe' Unquoted Service Path Privilege Escalation Microsoft Windows 7 SP1 (x86) - Local Privilege Escalation (MS16-014) Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter target_offset Out-of-Bounds Privilege Escalation Street Fighter 5 - 'Capcom.sys' Kernel Execution (Metasploit) Microsoft Windows (x86) - 'afd.sys' Local Privilege Escalation (MS11-046) Microsoft Windows (x86) - 'NDISTAPI' Local Privilege Escalation (MS11-062) Linux Kernel 2.6.32-rc1 (x86-64) - Register Leak Linux Kernel 4.4.0 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation Microsoft Windows 8.1 (x64) - 'RGNOBJ' Integer Overflow (MS16-098) PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Local Privilege Escalation Forticlient 5.2.3 (Windows 10 x64 Pre Anniversary) - Local Privilege Escalation Forticlient 5.2.3 (Windows 10 x64 Post Anniversary) - Local Privilege Escalation Forticlient 5.2.3 (Windows 10 x64 Pre Anniversary) - Local Privilege Escalation Forticlient 5.2.3 (Windows 10 x64 Post Anniversary) - Local Privilege Escalation Oracle VM VirtualBox 5.0.32 r112930 (x64) - Windows Process COM Injection Privilege Escalation Linux Kernel - 'offset2lib' Stack Clash Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege Escalation Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation Linux Kernel - 'offset2lib' Stack Clash Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege Escalation Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation Razer Synapse 2.20.15.1104 - rzpnk.sys ZwOpenProcess (Metasploit) Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098) (2) Microsoft Windows 10 RS2 (x64) - 'win32kfull!bFill' Pool Overflow Microsoft Windows 10 Creators Update (version 1703) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation BeroFTPD 1.3.4(1) (Linux x86) - Remote Code Execution Microsoft Windows (x86) - Metafile '.emf' Heap Overflow (MS04-032) Veritas NetBackup 6.0 (Windows x86) - 'bpjava-msvc' Remote Command Execution gpsdrive 2.09 (x86) - 'friendsd2' Remote Format String PrivateWire Gateway 3.7 (Windows x86) - Remote Buffer Overflow (Metasploit) dproxy-nexgen (Linux x86) - Remote Buffer Overflow Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow 3proxy 0.5.3g (Windows x86) - 'proxy.c logurl()' Remote Buffer Overflow 3proxy 0.5.3g (Windows x86) - 'logurl()' Remote Buffer Overflow (Perl) SapLPD 6.28 (Windows x86) - Remote Buffer Overflow Apache 2.0 mod_jk2 2.0.2 (Windows x86) - Remote Buffer Overflow Apache mod_jk 1.2.19 (Windows x86) - Remote Buffer Overflow 32bit FTP (09.04.24) - 'CWD Response' Remote Buffer Overflow 32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow 32bit FTP (09.04.24) - 'CWD Response' Universal Overwrite (SEH) 32bit FTP - 'PASV' Reply Client Remote Overflow (Metasploit) 32bit FTP (09.04.24) - 'CWD Response' Remote Buffer Overflow 32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow 32bit FTP (09.04.24) - 'CWD Response' Universal Overwrite (SEH) 32bit FTP - 'PASV' Reply Client Remote Overflow (Metasploit) Microsoft Internet Explorer 6/7/8 - 'winhlp32.exe MsgBox()' Remote Code Execution Integard Home and Pro 2 - Remote HTTP Buffer Overflow Knox Arkeia Backup Client Type 77 (Windows x86) - Remote Overflow (Metasploit) Oracle 9i XDB (Windows x86) - FTP UNLOCK Overflow (Metasploit) Oracle 9i XDB (Windows x86) - FTP PASS Overflow (Metasploit) AASync 2.2.1.0 (Windows x86) - Remote Stack Buffer Overflow 'LIST' (Metasploit) 32bit FTP Client - Remote Stack Buffer Overflow (Metasploit) SHOUTcast DNAS/Win32 1.9.4 - File Request Format String Overflow (Metasploit) SHTTPD 1.34 (Windows x86) - URI-Encoded POST Request Overflow (Metasploit) Icecast 2.0.1 (Windows x86) - Header Overwrite (Metasploit) Apache (Windows x86) - Chunked Encoding (Metasploit) McAfee ePolicy Orchestrator / ProtectionPilot - Remote Overflow (Metasploit) Apache (Windows x86) - Chunked Encoding (Metasploit) McAfee ePolicy Orchestrator / ProtectionPilot - Remote Overflow (Metasploit) PeerCast 0.1216 (Windows x86) - URL Handling Buffer Overflow (Metasploit) Oracle 9i XDB (Windows x86) - HTTP PASS Overflow (Metasploit) CA CAM (Windows x86) - 'log_security()' Remote Stack Buffer Overflow (Metasploit) Samba 3.3.12 (Linux x86) - 'chain_reply' Memory Corruption (Metasploit) Samba 2.2.8 (Linux x86) - 'trans2open' Remote Overflow (Metasploit) Samba 3.3.12 (Linux x86) - 'chain_reply' Memory Corruption (Metasploit) Samba 2.2.8 (Linux x86) - 'trans2open' Remote Overflow (Metasploit) WU-FTPD 2.4.2/2.5 .0/2.6.0 - Remote Format String Stack Overwrite (3) Nginx 1.3.9/1.4.0 (x86) - Brute Force Nginx 1.4.0 (Generic Linux x64) - Remote Overflow Oracle VM VirtualBox 4.3.6 - 3D Acceleration Virtual Machine Escape (Metasploit) Symantec Endpoint Protection Manager - Authentication Bypass / Code Execution (Metasploit) Symantec pcAnywhere 12.5.0 (Windows x86) - Remote Code Execution PCMan FTP Server 2.0.7 - 'RENAME' Remote Buffer Overflow (Metasploit) PCMan FTP Server 2.0.7 - 'ls' Remote Buffer Overflow (Metasploit) ALLMediaServer 0.95 - Buffer Overflow Microsoft Windows Windows 8/8.1/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010) Microsoft Windows Windows 7/2008 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010) Microsoft Internet Explorer - 'mshtml.dll' Remote Code Execution (MS17-007) Rancher Server - Docker Daemon Code Execution (Metasploit) Unitrends UEB 9 - http api/storage Remote Root (Metasploit) Unitrends UEB 9 - bpserverd Authentication Bypass Remote Command Execution (Metasploit) Unitrends UEB 9 - http api/storage Remote Root (Metasploit) Unitrends UEB 9 - bpserverd Authentication Bypass Remote Command Execution (Metasploit) Microsoft Internet Explorer 11 (Windows 7 x86) - 'mshtml.dll' Remote Code Execution (MS17-007) PHP-Nuke 8.1 SEO Arabic - Remote File Inclusion Joomla! Component Elite Experts - SQL Injection Traidnt UP - Cross-Site Request Forgery (Add Admin) Allpc 2.5 osCommerce - SQL Injection / Cross-Site Scripting Infoblox 6.8.2.11 - OS Command Injection Xnami 1.0 - Cross-Site Scripting Taxi Booking Script 1.0 - Cross-site Scripting FreeBSD/x86 - ConnectBack (172.17.0.9:8000/TCP) + Receive Shellcode + Payload Loader + Return Results Null-Free Shellcode (90 bytes) FreeBSD/x86 - Reverse Connection (172.17.0.9:8000/TCP) + Receive Shellcode + Payload Loader + Return Results Null-Free Shellcode (90 bytes) FreeBSD/x86 - setuid(0); + execve(ipf -Fa); Shellcode (57 bytes) FreeBSD/x86 - setuid(0) + execve(ipf -Fa) Shellcode (57 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes) Linux/MIPS (Linksys WRT54G/GL) - execve(_/bin/sh__[_/bin/sh_]_[]); Shellcode (60 bytes) Linux/MIPS - execve /bin/sh Shellcode (56 bytes) Linux/MIPS (Linksys WRT54G/GL) - execve(_/bin/sh__[_/bin/sh_]_[]) Shellcode (60 bytes) Linux/MIPS (Little Endian) - execve(/bin/sh) Shellcode (56 bytes) Linux/x86 - Self-Modifying Anti-IDS /bin/sh Shellcode (35/64 bytes) Linux/x86 - HTTP Server (8800/TCP) + Fork Shellcode (166 bytes) Linux/x86 - Bind TCP Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes) Linux/x86 - Disable Network Card Polymorphic Shellcode (75 bytes) Linux/x86 - killall5 Polymorphic Shellcode (61 bytes) Linux/x86 - execve /bin/sh Polymorphic Shellcode (48 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) XOR Encoded Shellcode (152 bytes) Linux/x86 - reboot() Polymorphic Shellcode (57 bytes) Linux/x86 - chmod 666 /etc/shadow Polymorphic Shellcode (54 bytes) Linux/x86 - setreuid(geteuid()_ geteuid()) + execve(_/bin/sh__0_0) Shellcode (34 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind TCP /bin/sh Shell (8000/TCP) Shellcode (179 bytes) Linux/x86-64 - setuid(0) + execve(/bin/sh) Shellcode (49 bytes) Linux/x86 - Serial Port Shell Binding (/dev/ttyS0) + busybox Launching Null-Free Shellcode (82 bytes) Linux/x86 - File Unlinker Shellcode (18+ bytes) Linux/x86 - Perl Script Execution Shellcode (99+ bytes) Linux/x86 - Read /etc/passwd Shellcode (65+ bytes) Linux/x86 - chmod 666 /etc/shadow + exit(0) Shellcode (30 bytes) Linux/x86 - killall5 Shellcode (34 bytes) Linux/x86 - PUSH reboot() Shellcode (30 bytes) Linux/x86 - Self-Modifying Anti-IDS /bin/sh Shellcode (35/64 bytes) Linux/x86 - HTTP Server (8800/TCP) + Fork Shellcode (166 bytes) Linux/x86 - Bind TCP Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes) Linux/x86 - Disable Network Card Polymorphic Shellcode (75 bytes) Linux/x86 - killall5 Polymorphic Shellcode (61 bytes) Linux/x86 - execve /bin/sh Polymorphic Shellcode (48 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) XOR Encoded Shellcode (152 bytes) Linux/x86 - reboot() Polymorphic Shellcode (57 bytes) Linux/x86 - chmod 666 /etc/shadow Polymorphic Shellcode (54 bytes) Linux/x86 - setreuid(geteuid()_ geteuid()) + execve(_/bin/sh__0_0) Shellcode (34 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind TCP /bin/sh Shell (8000/TCP) Shellcode (179 bytes) Linux/x86-64 - setuid(0) + execve(/bin/sh) Shellcode (49 bytes) Linux/x86 - Serial Port Shell Binding (/dev/ttyS0) + busybox Launching Null-Free Shellcode (82 bytes) Linux/x86 - File Unlinker Shellcode (18+ bytes) Linux/x86 - Perl Script Execution Shellcode (99+ bytes) Linux/x86 - Read /etc/passwd Shellcode (65+ bytes) Linux/x86 - chmod 666 /etc/shadow + exit(0) Shellcode (30 bytes) Linux/x86 - killall5 Shellcode (34 bytes) Linux/x86 - PUSH reboot() Shellcode (30 bytes) Linux/x86 - Reverse UDP tcpdump (54321/UDP) Live Packet Capture Shellcode (151 bytes) Linux/x86 - Append RSA key to /root/.ssh/authorized_keys2 Shellcode (295 bytes) Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) For Full Access Shellcode (86 bytes) Linux/x86 - Promiscuous Mode Detector Shellcode (56 bytes) Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Null-Free Shellcode (28 bytes) Linux/x86 - setresuid(0_0_0) + /bin/sh Shellcode (35 bytes) Linux/x86 - iopl(3); asm(cli); while(1){} Shellcode (12 bytes) Linux/x86 - System Beep Shellcode (45 bytes) Linux/x86 - ConnectBack (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes) Linux/x86 - setreuid(geteuid_ geteuid) + execve(/bin/sh) Shellcode (39 bytes) Linux/x86 - Reverse TCP cat /etc/shadow (8192/TCP) Shellcode (155 bytes) Linux/x86 - Reverse PHP (Writes to /var/www/cb.php On The Filesystem) Shell Shellcode (508 bytes) Linux/x86 - /bin/rm -rf / + Attempts To Block The Process From Being Stopped Shellcode (132 bytes) Linux/x86 - setuid(0) + setgid(0) + aslr_off (Disable ASLR Security) Shellcode (79 bytes) Linux/x86 - Raw-Socket ICMP/Checksum /bin/sh Shell Shellcode (235 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes) Linux/x86 - Kill All Processes Shellcode (11 bytes) Linux/x86 - execve read Shellcode (92 bytes) Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (40 bytes) Linux/x86 - Set System Time to 0 + exit Shellcode (12 bytes) Linux/x86 - Add Root User (r00t) To /etc/passwd Shellcode (69 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit Shellcode (36 bytes) Linux/x86 - Fork Bomb Shellcode (7 bytes) Linux/x86 - execve(rm -rf /) Shellcode (45 bytes) Linux/x86 - setuid(0) + execve /bin/sh Shellcode (28 bytes) Linux/x86 - execve /bin/sh Shellcode (22 bytes) Linux/x86 - Download File (HTTP/1.x http://0xdeadbeef/A) + execve() Null-Free Shellcode (111+ bytes) Linux/x86 - setreuid + Executes Command Shellcode (49+ bytes) Linux/x86 - stdin re-open + /bin/sh exec Shellcode (39 bytes) Linux/x86 - execve /bin/sh (Re-Use Of Strings In .rodata) Shellcode (16 bytes) Linux/x86 - setuid(0) + /bin/sh execve() Shellcode (30 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + setuid Shellcode (96 bytes) Linux/x86 - Bind TCP Shell (2707/TCP) Shellcode (84 bytes) Linux/x86 - execve Diassembly Obfuscation Shellcode (32 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (100 bytes) Linux/x86 - Reverse UDP tcpdump (54321/UDP) Live Packet Capture Shellcode (151 bytes) Linux/x86 - Append RSA key to /root/.ssh/authorized_keys2 Shellcode (295 bytes) Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) For Full Access Shellcode (86 bytes) Linux/x86 - Promiscuous Mode Detector Shellcode (56 bytes) Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Null-Free Shellcode (28 bytes) Linux/x86 - setresuid(0_0_0) + /bin/sh Shellcode (35 bytes) Linux/x86 - iopl(3) + asm(cli) + while(1){} Shellcode (12 bytes) Linux/x86 - System Beep Shellcode (45 bytes) Linux/x86 - Reverse Connection (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes) Linux/x86 - setreuid(geteuid_ geteuid) + execve(/bin/sh) Shellcode (39 bytes) Linux/x86 - Reverse TCP cat /etc/shadow (8192/TCP) Shellcode (155 bytes) Linux/x86 - Reverse PHP (Writes to /var/www/cb.php On The Filesystem) Shell Shellcode (508 bytes) Linux/x86 - /bin/rm -rf / + Attempts To Block The Process From Being Stopped Shellcode (132 bytes) Linux/x86 - setuid(0) + setgid(0) + aslr_off (Disable ASLR Security) Shellcode (79 bytes) Linux/x86 - Raw-Socket ICMP/Checksum /bin/sh Shell Shellcode (235 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes) Linux/x86 - Kill All Processes Shellcode (11 bytes) Linux/x86 - execve read Shellcode (92 bytes) Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (40 bytes) Linux/x86 - Set System Time to 0 + exit Shellcode (12 bytes) Linux/x86 - Add Root User (r00t) To /etc/passwd Shellcode (69 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit Shellcode (36 bytes) Linux/x86 - Fork Bomb Shellcode (7 bytes) Linux/x86 - execve(rm -rf /) Shellcode (45 bytes) Linux/x86 - setuid(0) + execve /bin/sh Shellcode (28 bytes) Linux/x86 - execve /bin/sh Shellcode (22 bytes) Linux/x86 - Download File (HTTP/1.x http://0xdeadbeef/A) + execve() Null-Free Shellcode (111+ bytes) Linux/x86 - setreuid + Executes Command Shellcode (49+ bytes) Linux/x86 - stdin re-open + /bin/sh exec Shellcode (39 bytes) Linux/x86 - execve /bin/sh (Re-Use Of Strings In .rodata) Shellcode (16 bytes) Linux/x86 - setuid(0) + /bin/sh execve() Shellcode (30 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + setuid Shellcode (96 bytes) Linux/x86 - Bind TCP Shell (2707/TCP) Shellcode (84 bytes) Linux/x86 - execve Diassembly Obfuscation Shellcode (32 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (100 bytes) Linux/x86 - execve /bin/sh Shellcode (24 bytes) (2) Linux/x86 - Reverse TCP Shell (127.0.0.1:80/TCP) XOR Encoded Shellcode (371 bytes) Linux/x86 - execve /bin/sh + '.ZIP' Header Shellcode (28 bytes) Linux/x86 - execve /bin/sh + '.RTF' Header Shellcode (30 bytes) Linux/x86 - execve /bin/sh + '.RIFF' Header Shellcode (28 bytes) Linux/x86 - execve /bin/sh + '.BMP' Bitmap Header Shellcode (27 bytes) Linux/x86 - Read SWAP + Write To /tmp/swr Shellcode (109 bytes) Linux/x86 - Read /tmp/sws + Store In SWAP Shellcode (99 bytes) Linux/x86 - Bind TCP /bin/sh Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64713/TCP) Shellcode (86 bytes) Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (25 bytes) Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (23 bytes) Linux/x86 - setuid(0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (31 bytes) Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh_ [/bin/sh_ NULL]) Shellcode (37 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes) Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin) + Receive Shellcode + Payload Loader Shellcode (68+ bytes) Linux/x86 - TCP Proxy (192.168.1.16:1280/TCP) All Connect() Null-Free Shellcode (236 bytes) Linux/x86 - execve /bin/sh Anti-IDS Shellcode (40 bytes) Linux/x86 (Intel x86 CPUID) - execve /bin/sh XORED Encoded Shellcode (41 bytes) Linux/x86 - execve /bin/sh Shellcode +1 Encoded (39 bytes) Linux/x86 - Add Root User (xtz) To /etc/passwd Shellcode (59 bytes) Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (80 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + fork() Shellcode (98 bytes) Linux/x86 - Open CD-Rom Loop 24/7 (Follows /dev/cdrom Symlink) Shellcode (39 bytes) Linux/x86 - Eject CD-Rom (Follows /dev/cdrom Symlink) + exit() Shellcode (40 bytes) Linux/x86 - Eject/Close CD-Rom Loop (Follows /dev/cdrom Symlink) Shellcode (45 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (32 bytes) Linux/x86 - Reverse TCP Shell (127.0.0.1:31337/TCP) Shellcode (74 bytes) Linux/x86 - Normal Exit With Random (So To Speak) Return Value Shellcode (5 bytes) Linux/x86 - getppid() + execve(/proc/pid/exe) Shellcode (51 bytes) Linux/x86 - Quick (yet conditional_ eax != 0 and edx == 0) exit Shellcode (4 bytes) Linux/x86 - reboot() Shellcode (20 bytes) Linux/x86 - setreuid(0_ 0) + execve /bin/sh Shellcode (31 bytes) Linux/x86 - execve /bin/sh + PUSH Shellcode (23 bytes) Linux/x86 - cat /dev/urandom > /dev/console Shellcode (63 bytes) Linux/x86 - execve /bin/sh Shellcode (24 bytes) (2) Linux/x86 - Reverse TCP Shell (127.0.0.1:80/TCP) XOR Encoded Shellcode (371 bytes) Linux/x86 - execve /bin/sh + '.ZIP' Header Shellcode (28 bytes) Linux/x86 - execve /bin/sh + '.RTF' Header Shellcode (30 bytes) Linux/x86 - execve /bin/sh + '.RIFF' Header Shellcode (28 bytes) Linux/x86 - execve /bin/sh + '.BMP' Bitmap Header Shellcode (27 bytes) Linux/x86 - Read SWAP + Write To /tmp/swr Shellcode (109 bytes) Linux/x86 - Read /tmp/sws + Store In SWAP Shellcode (99 bytes) Linux/x86 - Bind TCP /bin/sh Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64713/TCP) Shellcode (86 bytes) Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (25 bytes) Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (23 bytes) Linux/x86 - setuid(0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (31 bytes) Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh_ [/bin/sh_ NULL]) Shellcode (37 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes) Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin) + Receive Shellcode + Payload Loader Shellcode (68+ bytes) Linux/x86 - TCP Proxy (192.168.1.16:1280/TCP) All Connect() Null-Free Shellcode (236 bytes) Linux/x86 - execve /bin/sh Anti-IDS Shellcode (40 bytes) Linux/x86 (Intel x86 CPUID) - execve /bin/sh XORED Encoded Shellcode (41 bytes) Linux/x86 - execve /bin/sh Shellcode +1 Encoded (39 bytes) Linux/x86 - Add Root User (xtz) To /etc/passwd Shellcode (59 bytes) Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (80 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + fork() Shellcode (98 bytes) Linux/x86 - Open CD-Rom Loop 24/7 (Follows /dev/cdrom Symlink) Shellcode (39 bytes) Linux/x86 - Eject CD-Rom (Follows /dev/cdrom Symlink) + exit() Shellcode (40 bytes) Linux/x86 - Eject/Close CD-Rom Loop (Follows /dev/cdrom Symlink) Shellcode (45 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (32 bytes) Linux/x86 - Reverse TCP Shell (127.0.0.1:31337/TCP) Shellcode (74 bytes) Linux/x86 - Normal Exit With Random (So To Speak) Return Value Shellcode (5 bytes) Linux/x86 - getppid() + execve(/proc/pid/exe) Shellcode (51 bytes) Linux/x86 - Quick (yet conditional_ eax != 0 and edx == 0) exit Shellcode (4 bytes) Linux/x86 - reboot() Shellcode (20 bytes) Linux/x86 - setreuid(0_ 0) + execve /bin/sh Shellcode (31 bytes) Linux/x86 - execve /bin/sh + PUSH Shellcode (23 bytes) Linux/x86 - cat /dev/urandom > /dev/console Shellcode (63 bytes) Linux/x86 - Socket-Proxy (31337:11.22.33.44:80) Shellcode (372 bytes) Linux/x86 - dup2(0_0); dup2(0_1); dup2(0_2); Shellcode (15 bytes) Linux/x86 - if(read(fd_buf_512)<=2) _exit(1) else buf(); Shellcode (29 bytes) Linux/x86 - _exit(1); Shellcode (7 bytes) Linux/x86 - read(0_buf_2541); + chmod(buf_4755); Shellcode (23 bytes) Linux/x86 - write(0__Hello core!\n__12); Exit Shellcode (36/43 bytes) Linux/x86 - Snoop /dev/dsp Null-Free Shellcode (172 bytes) Linux/x86 - execve /bin/sh Standard Opcode Array Payload Shellcode (21 bytes) Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes) (2) Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes) (1) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes) Linux/x86 - Break chroot (../ 20x Loop) + execve /bin/sh Shellcode (66 bytes) Linux/x86 - upload + exec Shellcode (189 bytes) Linux/x86 - setreuid + execve Shellcode (31 bytes) Linux/x86 - Alphanumeric Encoded Shellcode (64 bytes) Linux/x86 - Alphanumeric Encoder (IMUL Method) Shellcode (88 bytes) Linux/x86 - Self-Modifying Radical Shellcode (70 bytes) Linux/x86 - Self-Modifying Magic Byte /bin/sh Shellcode (76 bytes) Linux/x86 - execve code Shellcode (23 bytes) Linux/x86 - execve(_/bin/ash__0_0); Shellcode (21 bytes) Linux/x86 - execve /bin/sh Alphanumeric Shellcode (392 bytes) Linux/IA32 - execve /bin/sh 0xff-Free Shellcode (45 bytes) Linux/x86 - symlink /bin/sh xoring Shellcode (56 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) ToUpper Encoded Shellcode (226 bytes) Linux/x86 - Add Root User (t00r) Anti-IDS Shellcode (116 bytes) Linux/x86 - chmod 666 /etc/shadow Anti-IDS Shellcode (75 bytes) Linux/x86 - symlink . /bin/sh Shellcode (32 bytes) Linux/x86 - Kill Snort Shellcode (151 bytes) Linux/x86 - Execute At Shared Memory Shellcode (50 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes) Linux/x86 - Reverse Telnet Shell (200.182.207.235) Shellcode (134 bytes) Linux/x86 - Reverse TCP /bin/sh Shell Shellcode (120 bytes) Linux/x86 - chmod 666 /etc/shadow Shellcode (41 bytes) Linux/x86 - cp /bin/sh /tmp/katy ; + chmod 4555 katy Shellcode (126 bytes) Linux/x86 - Eject /dev/cdrom Shellcode (64 bytes) Linux/x86 - xterm -ut -display 1270.0.0.1:0 Shellcode (132 bytes) Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (49 bytes) Linux/x86 - chmod 666 /etc/shadow Shellcode (82 bytes) Linux/x86 - execve /bin/sh Shellcode (29 bytes) Linux/x86 - execve /bin/sh Shellcode (24 bytes) (3) Linux/x86 - execve /bin/sh Shellcode (38 bytes) Linux/x86 - execve /bin/sh Shellcode (30 bytes) Linux/x86 - execve /bin/sh + setreuid(12_12) Shellcode (50 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) Shellcode (92 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) + fork() Shellcode (130 bytes) Linux/x86 - Add Root User (t00r) Shellcode (82 bytes) Linux/x86 - Add Root User Shellcode (104 bytes) Linux/x86 - Break chroot (../ 10x Loop) Shellcode (34 bytes) Linux/x86 - Break chroot (../ 10x Loop) Shellcode (46 bytes) Linux/x86 - Break chroot + execve /bin/sh Shellcode (80 bytes) Linux/x86 - execve /bin/sh Anti-IDS Shellcode (58 bytes) Linux/x86 - execve /bin/sh XOR Encoded Shellcode (55 bytes) Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (41 bytes) Linux/x86 - setreuid(0_0) + execve /bin/sh Shellcode (46+ bytes) Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (55 bytes) Linux/x86 - Add Root User (z) Shellcode (70 bytes) Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve /bin/sh Shellcode (132 bytes) Linux/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (132 bytes) Linux/x86-64 - execve /bin/sh Shellcode (33 bytes) Linux/x86 - Socket-Proxy (31337:11.22.33.44:80) Shellcode (372 bytes) Linux/x86 - dup2(0_0) + dup2(0_1) + dup2(0_2) Shellcode (15 bytes) Linux/x86 - if(read(fd_buf_512)<=2) _exit(1) else buf() Shellcode (29 bytes) Linux/x86 - _exit(1) Shellcode (7 bytes) Linux/x86 - read(0_buf_2541) + chmod(buf_4755) Shellcode (23 bytes) Linux/x86 - write(0__Hello core!\n__12) + Exit Shellcode (36/43 bytes) Linux/x86 - Snoop /dev/dsp Null-Free Shellcode (172 bytes) Linux/x86 - execve /bin/sh Standard Opcode Array Payload Shellcode (21 bytes) Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes) (2) Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes) (1) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes) Linux/x86 - Break chroot (../ 20x Loop) + execve /bin/sh Shellcode (66 bytes) Linux/x86 - upload + exec Shellcode (189 bytes) Linux/x86 - setreuid + execve Shellcode (31 bytes) Linux/x86 - Alphanumeric Encoded Shellcode (64 bytes) Linux/x86 - Alphanumeric Encoder (IMUL Method) Shellcode (88 bytes) Linux/x86 - Self-Modifying Radical Shellcode (70 bytes) Linux/x86 - Self-Modifying Magic Byte /bin/sh Shellcode (76 bytes) Linux/x86 - execve code Shellcode (23 bytes) Linux/x86 - execve(_/bin/ash__0_0) Shellcode (21 bytes) Linux/x86 - execve /bin/sh Alphanumeric Shellcode (392 bytes) Linux/IA32 - execve /bin/sh 0xff-Free Shellcode (45 bytes) Linux/x86 - symlink /bin/sh xoring Shellcode (56 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) ToUpper Encoded Shellcode (226 bytes) Linux/x86 - Add Root User (t00r) Anti-IDS Shellcode (116 bytes) Linux/x86 - chmod 666 /etc/shadow Anti-IDS Shellcode (75 bytes) Linux/x86 - symlink . /bin/sh Shellcode (32 bytes) Linux/x86 - Kill Snort Shellcode (151 bytes) Linux/x86 - Execute At Shared Memory Shellcode (50 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes) Linux/x86 - Reverse Telnet Shell (200.182.207.235) Shellcode (134 bytes) Linux/x86 - Reverse TCP /bin/sh Shell Shellcode (120 bytes) Linux/x86 - chmod 666 /etc/shadow Shellcode (41 bytes) Linux/x86 - cp /bin/sh /tmp/katy + chmod 4555 katy Shellcode (126 bytes) Linux/x86 - Eject /dev/cdrom Shellcode (64 bytes) Linux/x86 - xterm -ut -display 1270.0.0.1:0 Shellcode (132 bytes) Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (49 bytes) Linux/x86 - chmod 666 /etc/shadow Shellcode (82 bytes) Linux/x86 - execve /bin/sh Shellcode (29 bytes) Linux/x86 - execve /bin/sh Shellcode (24 bytes) (3) Linux/x86 - execve /bin/sh Shellcode (38 bytes) Linux/x86 - execve /bin/sh Shellcode (30 bytes) Linux/x86 - execve /bin/sh + setreuid(12_12) Shellcode (50 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) Shellcode (92 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) + fork() Shellcode (130 bytes) Linux/x86 - Add Root User (t00r) Shellcode (82 bytes) Linux/x86 - Add Root User Shellcode (104 bytes) Linux/x86 - Break chroot (../ 10x Loop) Shellcode (34 bytes) Linux/x86 - Break chroot (../ 10x Loop) Shellcode (46 bytes) Linux/x86 - Break chroot + execve /bin/sh Shellcode (80 bytes) Linux/x86 - execve /bin/sh Anti-IDS Shellcode (58 bytes) Linux/x86 - execve /bin/sh XOR Encoded Shellcode (55 bytes) Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (41 bytes) Linux/x86 - setreuid(0_0) + execve /bin/sh Shellcode (46+ bytes) Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (55 bytes) Linux/x86 - Add Root User (z) Shellcode (70 bytes) Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve /bin/sh Shellcode (132 bytes) Linux/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (132 bytes) Linux/x86-64 - execve /bin/sh Shellcode (33 bytes) NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes) NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes) NetBSD/x86 - setreuid(0_ 0) + execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes) NetBSD/x86 - setreuid(0_ 0) + execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes) SCO/x86 - execve(_/bin/sh__ ..._ NULL); Shellcode (43 bytes) SCO/x86 - execve(_/bin/sh__ ..._ NULL) Shellcode (43 bytes) Solaris/x86 - setuid(0) + execve(//bin/sh); + exit(0) Null-Free Shellcode (39 bytes) Solaris/x86 - setuid(0) + execve(//bin/sh) + exit(0) Null-Free Shellcode (39 bytes) Windows 5.0 < 7.0 x86 - Bind TCP Shell (28876/TCP) Null-Free Shellcode Windows XP SP2 x86 (English) - cmd.exe Shellcode (23 bytes) Windows x86 - Egg Omelet SEH Shellcode Windows x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes) Windows x86 - PEB!NtGlobalFlags Shellcode (14 bytes) Windows XP SP2 x86 (French) - cmd.exe Shellcode (32 bytes) Windows XP SP2 x86 - cmd.exe Shellcode (57 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder Alphanumeric Shellcode (67 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder (ASCII Printable) Shellcode (49 bytes) Windows x86 - ConnectBack + Download A File + Save + Execute Shellcode Windows 5.0 < 7.0 x86 - Bind TCP Shell (28876/TCP) Null-Free Shellcode Windows XP SP2 x86 (English) - cmd.exe Shellcode (23 bytes) Windows x86 - Egg Omelet SEH Shellcode Windows x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes) Windows x86 - PEB!NtGlobalFlags Shellcode (14 bytes) Windows XP SP2 x86 (French) - cmd.exe Shellcode (32 bytes) Windows XP SP2 x86 - cmd.exe Shellcode (57 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder Alphanumeric Shellcode (67 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder (ASCII Printable) Shellcode (49 bytes) Windows x86 - Reverse Connection + Download A File + Save + Execute Shellcode Windows x86 - Download File + Execute Shellcode (192 bytes) Windows x86 - Download File (http://127.0.0.1/file.exe) + Execute Shellcode (124 bytes) Windows NT/XP x86 - IsDebuggerPresent Shellcode (39 bytes) Windows SP1/SP2 x86 - Beep Shellcode (35 bytes) Windows XP SP2 x86 - MessageBox Shellcode (110 bytes) Windows x86 - Command WinExec() Shellcode (104+ bytes) Windows x86 - Download File (http://www.ph4nt0m.org/a.exe) + Execute (C:/a.exe) Shellcode (226+ bytes) Windows NT/2000/XP (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes) Windows 9x/NT/2000/XP - Reverse Generic without Loader (192.168.1.11:4919) Shellcode (249 bytes) Windows 9x/NT/2000/XP - PEB method Shellcode (29 bytes) Windows 9x/NT/2000/XP - PEB method Shellcode (31 bytes) Windows 9x/NT/2000/XP - PEB method Shellcode (35 bytes) Windows x86 - Download File + Execute Shellcode (192 bytes) Windows x86 - Download File (http://127.0.0.1/file.exe) + Execute Shellcode (124 bytes) Windows NT/XP x86 - IsDebuggerPresent Shellcode (39 bytes) Windows SP1/SP2 x86 - Beep Shellcode (35 bytes) Windows XP SP2 x86 - MessageBox Shellcode (110 bytes) Windows x86 - Command WinExec() Shellcode (104+ bytes) Windows x86 - Download File (http://www.ph4nt0m.org/a.exe) + Execute (C:/a.exe) Shellcode (226+ bytes) Windows NT/2000/XP (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes) Windows 9x/NT/2000/XP - Reverse Generic without Loader (192.168.1.11:4919) Shellcode (249 bytes) Windows 9x/NT/2000/XP - PEB method Shellcode (29 bytes) Windows 9x/NT/2000/XP - PEB method Shellcode (31 bytes) Windows 9x/NT/2000/XP - PEB method Shellcode (35 bytes) Windows XP/2000/2003 - Download File (http://127.0.0.1/test.exe) + Execute (%systemdir%/a.exe) Shellcode (241 bytes) Windows XP - Download File (http://www.elitehaven.net/ncat.exe) + Execute (nc.exe) Null-Free Shellcode Windows XP SP1 - Bind TCP Shell (58821/TCP) Shellcode (116 bytes) Windows - DCOM RPC2 Universal Shellcode Windows x64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe) + Execute Shellcode (218+ bytes) Linux/x86 - Kill All Processes Shellcode (9 bytes) Linux/x86 - setuid(0) + execve(_/sbin/poweroff -f_) Shellcode (47 bytes) Linux/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (49 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - execve Shellcode (51 bytes) Windows XP/2000/2003 - Download File (http://127.0.0.1/test.exe) + Execute (%systemdir%/a.exe) Shellcode (241 bytes) Windows XP - Download File (http://www.elitehaven.net/ncat.exe) + Execute (nc.exe) Null-Free Shellcode Windows XP SP1 - Bind TCP Shell (58821/TCP) Shellcode (116 bytes) Windows - DCOM RPC2 Universal Shellcode Windows x64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe) + Execute Shellcode (218+ bytes) Linux/x86 - Kill All Processes Shellcode (9 bytes) Linux/x86 - setuid(0) + execve(_/sbin/poweroff -f_) Shellcode (47 bytes) Linux/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (49 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - execve Shellcode (51 bytes) Linux/x86 - Overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes) Windows XP SP3 x86 - ShellExecuteA Shellcode Linux/x86 - setreuid (0_0) + execve(/bin/rm /etc/shadow) Shellcode Windows XP SP3 x86 - Add Firewall Rule (Allow 445/TCP) Traffic Shellcode Linux/x86 - Overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes) Windows XP SP3 x86 - ShellExecuteA Shellcode Linux/x86 - setreuid (0_0) + execve(/bin/rm /etc/shadow) Shellcode Windows XP SP3 x86 - Add Firewall Rule (Allow 445/TCP) Traffic Shellcode Windows XP SP2 x86 - calc.exe Shellcode (45 bytes) Linux/x86 - unlink(/etc/passwd) + exit() Shellcode (35 bytes) Windows XP SP2 x86 (English / Arabic) - cmd.exe Shellcode (23 bytes) Linux/x86 - chmod 666 /etc/shadow Shellcode (27 bytes) Linux/x86 - setuid + Break chroot (mkdir/chdir/chroot '...') + execve /bin/sh Shellcode (79 bytes) Linux/x86 - Fork Bomb Shellcode (6 bytes) (1) Linux/x86 - Add Root User (toor) To /etc/passwd + exit() Shellcode (107 bytes) Windows XP SP2 x86 - calc.exe Shellcode (45 bytes) Linux/x86 - unlink(/etc/passwd) + exit() Shellcode (35 bytes) Windows XP SP2 x86 (English / Arabic) - cmd.exe Shellcode (23 bytes) Linux/x86 - chmod 666 /etc/shadow Shellcode (27 bytes) Linux/x86 - setuid + Break chroot (mkdir/chdir/chroot '...') + execve /bin/sh Shellcode (79 bytes) Linux/x86 - Fork Bomb Shellcode (6 bytes) (1) Linux/x86 - Add Root User (toor) To /etc/passwd + exit() Shellcode (107 bytes) Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes) Windows XP SP2 x86 (French) - calc Shellcode (19 bytes) Linux/x86 - ip6tables -F Polymorphic Shellcode (71 bytes) Linux/x86 - ip6tables -F Shellcode (47 bytes) Linux/i686 - pacman -S <package> (default package: backdoor) Shellcode (64 bytes) Linux/i686 - pacman -R <package> Shellcode (59 bytes) Linux/x86 - execve /bin/cat /etc/passwd Shellcode (43 bytes) Windows XP SP3 x86 (English) - cmd.exe Shellcode (26 bytes) Windows XP SP2 x86 (Turkish) - cmd.exe Shellcode (26 bytes) Linux/x86 - execve /bin/sh Shellcode (8 bytes) Linux/x86 - execve /bin/sh Shellcode (21 bytes) (2) Windows XP Home SP2 (English) - calc.exe Shellcode (37 bytes) Windows XP Home SP3 (English) - calc.exe Shellcode (37 bytes) Linux/x86 - Disable modsecurity Shellcode (64 bytes) Windows x86 - JITed Stage-0 Shellcode Windows x86 - JITed exec notepad Shellcode Windows XP Professional SP2 (Italian) - calc.exe Shellcode (36 bytes) Windows XP SP2 x86 - write.exe + ExitProcess WinExec Shellcode (16 bytes) Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes) Windows XP SP2 x86 (French) - calc Shellcode (19 bytes) Linux/x86 - ip6tables -F Polymorphic Shellcode (71 bytes) Linux/x86 - ip6tables -F Shellcode (47 bytes) Linux/i686 - pacman -S <package> (default package: backdoor) Shellcode (64 bytes) Linux/i686 - pacman -R <package> Shellcode (59 bytes) Linux/x86 - execve /bin/cat /etc/passwd Shellcode (43 bytes) Windows XP SP3 x86 (English) - cmd.exe Shellcode (26 bytes) Windows XP SP2 x86 (Turkish) - cmd.exe Shellcode (26 bytes) Linux/x86 - execve /bin/sh Shellcode (8 bytes) Linux/x86 - execve /bin/sh Shellcode (21 bytes) (2) Windows XP Home SP2 (English) - calc.exe Shellcode (37 bytes) Windows XP Home SP3 (English) - calc.exe Shellcode (37 bytes) Linux/x86 - Disable modsecurity Shellcode (64 bytes) Windows x86 - JITed Stage-0 Shellcode Windows x86 - JITed exec notepad Shellcode Windows XP Professional SP2 (Italian) - calc.exe Shellcode (36 bytes) Windows XP SP2 x86 - write.exe + ExitProcess WinExec Shellcode (16 bytes) Windows XP SP3 x86 (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes) Windows x86 - MessageBox Shellcode (Metasploit) Windows XP SP3 x86 (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes) Windows x86 - MessageBox Shellcode (Metasploit) Linux/x86 - Bind Netcat Shell (13377/TCP) Shellcode Linux/x86 - chmod 0666 /etc/shadow Shellcode (36 bytes) Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (2) Linux/x86 - DoS Badger Game Shellcode (6 bytes) Linux/x86 - DoS SLoc Shellcode (55 bytes) Linux/x86 - execve(_a->/bin/sh_) Local-only Shellcode (14 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (29 bytes) Linux/x86 - Bind Netcat Shell (13377/TCP) Shellcode Linux/x86 - chmod 0666 /etc/shadow Shellcode (36 bytes) Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (2) Linux/x86 - DoS Badger Game Shellcode (6 bytes) Linux/x86 - DoS SLoc Shellcode (55 bytes) Linux/x86 - execve(_a->/bin/sh_) Local-only Shellcode (14 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (29 bytes) Linux/x86 - Fork Bomb Polymorphic Shellcode (30 bytes) Linux/x86 - Fork Bomb Shellcode (6 bytes) (2) Linux/x86 - setreud(getuid()_ getuid()) + execve(_/bin/sh_) Shellcode (34 bytes) Linux/x86-64 - reboot(POWER_OFF) Shellcode (19 bytes) Linux/x86-64 - execve /bin/sh Shellcode (30 bytes) Linux/x86 - Sends 'Phuck3d!' To All Terminals Shellcode (60 bytes) Linux/x86 - execve(_/bin/bash___-p__NULL) Shellcode (33 bytes) Linux/x86 - execve(_/bin/bash___-p__NULL) Polymorphic Shellcode (57 bytes) Windows XP SP2 (French) - Download File (http://www.site.com/nc.exe_) + Execute (c:\backdor.exe) Shellcode Linux/x86 - execve(_/usr/bin/wget__ _aaaa_); Shellcode (42 bytes) Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes) Linux/x86 - Fork Bomb Polymorphic Shellcode (30 bytes) Linux/x86 - Fork Bomb Shellcode (6 bytes) (2) Linux/x86 - setreud(getuid()_ getuid()) + execve(_/bin/sh_) Shellcode (34 bytes) Linux/x86-64 - reboot(POWER_OFF) Shellcode (19 bytes) Linux/x86-64 - execve /bin/sh Shellcode (30 bytes) Linux/x86 - Sends 'Phuck3d!' To All Terminals Shellcode (60 bytes) Linux/x86 - execve(_/bin/bash___-p__NULL) Shellcode (33 bytes) Linux/x86 - execve(_/bin/bash___-p__NULL) Polymorphic Shellcode (57 bytes) Windows XP SP2 (French) - Download File (http://www.site.com/nc.exe_) + Execute (c:\backdor.exe) Shellcode Linux/x86 - execve(_/usr/bin/wget__ _aaaa_) Shellcode (42 bytes) Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes) Linux/x86 - Disable ASLR Security Shellcode (106 bytes) Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode (83 bytes) Linux/x86 - Fork Bomb Alphanumeric Shellcode (117 bytes) Windows 7 Professional SP1 x64 (FR) - Beep Shellcode (39 bytes) Linux/x86 - setuid(0) + chmod 0666 /etc/shadow Polymorphic Shellcode (61 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes) Linux/x86 - Kill All Running Process Shellcode (11 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/passwd Shellcode (39 bytes) Linux/x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes) Linux/x86 - sys_setuid(0) + sys_setgid(0) + execve (_/bin/sh_) Shellcode (39 bytes) Windows 7 x64 - cmd Shellcode (61 bytes) Linux/x86 - unlink _/etc/shadow_ Shellcode (33 bytes) Linux/x86 - Hard Reboot Shellcode (29 bytes) Linux/x86 - Hard Reboot Shellcode (33 bytes) Linux/x86 - Disable ASLR Security Shellcode (106 bytes) Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode (83 bytes) Linux/x86 - Fork Bomb Alphanumeric Shellcode (117 bytes) Windows 7 Professional SP1 x64 (FR) - Beep Shellcode (39 bytes) Linux/x86 - setuid(0) + chmod 0666 /etc/shadow Polymorphic Shellcode (61 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes) Linux/x86 - Kill All Running Process Shellcode (11 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/passwd Shellcode (39 bytes) Linux/x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes) Linux/x86 - sys_setuid(0) + sys_setgid(0) + execve (_/bin/sh_) Shellcode (39 bytes) Windows 7 x64 - cmd Shellcode (61 bytes) Linux/x86 - unlink _/etc/shadow_ Shellcode (33 bytes) Linux/x86 - Hard Reboot Shellcode (29 bytes) Linux/x86 - Hard Reboot Shellcode (33 bytes) Linux/x86 - chown root:root /bin/sh Shellcode (48 bytes) Linux/x86 - Give All Users Root Access When Executing /bin/sh Shellcode (45 bytes) Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes) Linux/x86 - chown root:root /bin/sh Shellcode (48 bytes) Linux/x86 - Give All Users Root Access When Executing /bin/sh Shellcode (45 bytes) Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes) Linux/x86-64 - Disable ASLR Security Shellcode (143 bytes) Linux/x86 - Bind TCP Shell (31337/TCP) + setreuid(0_0) Polymorphic Shellcode (131 bytes) Linux/x86-64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes) Linux/x86-64 - Add Root User (shell-storm/leet) Shellcode (390 bytes) Windows XP SP3 (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) Linux/x86-64 - Disable ASLR Security Shellcode (143 bytes) Linux/x86 - Bind TCP Shell (31337/TCP) + setreuid(0_0) Polymorphic Shellcode (131 bytes) Linux/x86-64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes) Linux/x86-64 - Add Root User (shell-storm/leet) Shellcode (390 bytes) Windows XP SP3 (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) Linux/x86 - execve /bin/sh Polymorphic Shellcode (116 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); XOR 88 Encoded Polymorphic Shellcode (78 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64533/TCP) Shellcode (97 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) XOR 88 Encoded Polymorphic Shellcode (78 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64533/TCP) Shellcode (97 bytes) ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator) Windows x86 - Write-to-file ('pwned' ./f.txt) Null-Free Shellcode (278 bytes) Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) Shellcode (49 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (8080/TCP) Shellcode (75 bytes) Linux/x86 - execve /bin/sh Polymorphic Null-Free Shellcode (46 bytes) Windows x86 - Write-to-file ('pwned' ./f.txt) Null-Free Shellcode (278 bytes) Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) Shellcode (49 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (8080/TCP) Shellcode (75 bytes) Linux/x86 - execve /bin/sh Polymorphic Null-Free Shellcode (46 bytes) Windows x86 - Egghunter Checksum Routine Shellcode (18 bytes) Windows XP SP3 x86 (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes) Windows XP Professional SP3 x86 (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes) Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes) Windows XP Professional SP3 x86 (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes) Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes) Linux/ARM - Bind TCP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode Linux/ARM - Bind UDP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode Windows 5.0 < 7.0 x86 - Speaking 'You got pwned!' Null-Free Shellcode Windows x86 - Eggsearch Shellcode (33 bytes) Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes) Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69/93 bytes) Windows x86 - Eggsearch Shellcode (33 bytes) Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes) Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69/93 bytes) Linux/x86 - Disable ASLR Security Shellcode (83 bytes) Linux/x86 - Reverse TCP SSL Shell (localhost:8080/TCP) Shellcode (422 bytes) Linux/SuperH (sh4) - Add Root User (shell-storm/toor) Shellcode (143 bytes) Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes) Linux/x86 - Egghunter Null-Free Shellcode (29 bytes) Linux/x86 - Reverse TCP SSL Shell (localhost:8080/TCP) Shellcode (422 bytes) Linux/SuperH (sh4) - Add Root User (shell-storm/toor) Shellcode (143 bytes) Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes) Linux/x86 - Egghunter Null-Free Shellcode (29 bytes) Linux/SuperH (sh4) - setuid(0); + execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes) Linux/SuperH (sh4) - setuid(0) + execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes) Linux/x86-64 - execve /bin/sh Shellcode (52 bytes) Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd Polymorphic Shellcode Linux/x86 - Search For '.PHP'/'.HTML' Writable Files + Add Code Shellcode (380+ bytes) Linux/x86-64 - Add Root User (t0r/Winner) Shellcode (189 bytes) Linux/x86 - execve /bin/dash Shellcode (42 bytes) Linux/x86 - chmod 666 /etc/passwd + /etc/shadow Shellcode (57 bytes) Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd Polymorphic Shellcode Linux/x86 - Search For '.PHP'/'.HTML' Writable Files + Add Code Shellcode (380+ bytes) Linux/x86-64 - Add Root User (t0r/Winner) Shellcode (189 bytes) Linux/x86 - execve /bin/dash Shellcode (42 bytes) Linux/x86 - chmod 666 /etc/passwd + /etc/shadow Shellcode (57 bytes) Windows x86 - Bind TCP Password (damn_it!$$##@;*#) Shell Shellcode (637 bytes) Windows x64 - Bind TCP Shell (4444/TCP) Shellcode (508 bytes) Linux/x86 - Remote Port Forwarding (ssh -R 9999:localhost:22 192.168.0.226) Shellcode (87 bytes) Windows x64 - Bind TCP Shell (4444/TCP) Shellcode (508 bytes) Linux/x86 - Remote Port Forwarding (ssh -R 9999:localhost:22 192.168.0.226) Shellcode (87 bytes) Linux/x86 - Reverse TCP Shell (192.168.1.10:31337/TCP) Shellcode (92 bytes) MIPS (Little Endian) - system() Shellcode (80 bytes) Linux/MIPS (Little Endian) - system() Shellcode (80 bytes) Linux/x86 - Egghunter Shellcode (31 bytes) Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse TCP /bin/sh Shell (192.168.122.1:43981/TCP) Shellcode Windows x86 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Persistent Access Shellcode (494 bytes) Linux/x86 - Egghunter Shellcode (31 bytes) Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse TCP /bin/sh Shell (192.168.122.1:43981/TCP) Shellcode Windows x86 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Persistent Access Shellcode (494 bytes) Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 bytes) Linux/x86 - execve /bin/sh + Socket Re-Use Shellcode (50 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86-64 - Reverse TCP /bin/bash Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes) Linux/x86 - Add Map (google.com 127.1.1.1) In /etc/hosts Shellcode (77 bytes) Linux/x86-64 - execve(_/bin/sh\0__NULL_NULL); Position Independent Alphanumeric Shellcode (87 bytes) Linux/x86 - rmdir Shellcode (37 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) + Password (Z~r0) Null-Free Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP Password (Z~r0) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Windows x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Linux/x86 - execve /bin/sh + Socket Re-Use Shellcode (50 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86-64 - Reverse TCP /bin/bash Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes) Linux/x86 - Add Map (127.1.1.1 google.com) In /etc/hosts Shellcode (77 bytes) Linux/x86-64 - execve(_/bin/sh\0__NULL_NULL) Position Independent Alphanumeric Shellcode (87 bytes) Linux/x86 - rmdir Shellcode (37 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) + Password (Z~r0) Null-Free Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP Password (Z~r0) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Windows x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes) Linux/x86 - execve /bin/sh ROT13 Encoded Shellcode (68 bytes) Linux/x86 - chmod 0777 /etc/shadow Obfuscated Shellcode (84 bytes) Linux/x86 - Add Map (google.com 127.1.1.1) In /etc/hosts Obfuscated Shellcode (98 bytes) Linux/x86 - execve /bin/sh Obfuscated Shellcode (40 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.1.133:33333/TCP) Shellcode (72 bytes) Linux/x86 - Bind TCP /bin/sh Shell (33333/TCP) Shellcode (96 bytes) Linux/x86 - Disable ASLR Security Shellcode (84 bytes) Linux/x86 - Egghunter Shellcode (20 bytes) Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes) Linux/x86 - execve /bin/sh ROT13 Encoded Shellcode (68 bytes) Linux/x86 - chmod 0777 /etc/shadow Obfuscated Shellcode (84 bytes) Linux/x86 - Add Map (127.1.1.1 google.com) In /etc/hosts Obfuscated Shellcode (98 bytes) Linux/x86 - execve /bin/sh Obfuscated Shellcode (40 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.1.133:33333/TCP) Shellcode (72 bytes) Linux/x86 - Bind TCP /bin/sh Shell (33333/TCP) Shellcode (96 bytes) Linux/x86 - Disable ASLR Security Shellcode (84 bytes) Linux/x86 - Egghunter Shellcode (20 bytes) Linux/x86 - Create _my.txt_ In Working Directory Shellcode (37 bytes) Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) Shellcode (49 bytes) Linux/x86 - execve /bin/sh Shellcode (35 bytes) Windows XP SP3 x86 - Create (_file.txt_) Shellcode (83 bytes) Windows XP SP3 x86 - Restart Shellcode (57 bytes) Linux/x86 - Create _my.txt_ In Working Directory Shellcode (37 bytes) Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) Shellcode (49 bytes) Linux/x86 - execve /bin/sh Shellcode (35 bytes) Windows XP SP3 x86 - Create (_file.txt_) Shellcode (83 bytes) Windows XP SP3 x86 - Restart Shellcode (57 bytes) Linux/x86 - execve /bin/sh (Push Method) Shellcode (21 bytes) Linux/x86-64 - execve /bin/sh Via Push Shellcode (23 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (17771/TCP) Shellcode (58 bytes) Linux/x86 - exit(0) Shellcode (6 bytes) Linux/x86 - execve /bin/sh Shellcode (26 bytes) Linux/x86 - execve /bin/sh Shellcode (21 bytes) (1) Linux/x86 - chmod 777 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - Shutdown(init 0) Shellcode (30 bytes) Linux/x86 - Read /etc/passwd Shellcode (58 bytes) Linux/x86 - mkdir HACK + chmod 777 + exit(0) Shellcode (29 bytes) Linux/x86 - Bind Netcat Shell (5555/TCP) Shellcode (60 bytes) Linux/x86-64 - execve /bin/sh Null-Free Shellcode (30 bytes) Linux/x86 - Download File + Execute Shellcode Linux/x86 - Reboot Shellcode (28 bytes) Linux/x86 - execve /bin/sh Shellcode (23 bytes) Linux/x86 - chmod 0777 /etc/passwd Shellcode (42 bytes) Linux/x86 - chmod /etc/gshadow Shellcode (37 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (42 bytes) Linux/x86 - exec /bin/dash Shellcode (45 bytes) Linux/x86-64 - execve Encoded Shellcode (57 bytes) Linux/x86 - execve /bin/sh ROT7 Encoded Shellcode Windows XP SP3 x86 (Turkish) - MessageBox Shellcode (24 bytes) Linux/x86 - Egghunter Shellcode (19 bytes) Windows x86 - user32!MessageBox _Hello World!_ Null-Free Shellcode (199 bytes) Linux/x86 - execve /bin/sh ROL/ROR Encoded Shellcode Windows 2003 x64 - Token Stealing Shellcode (59 bytes) Linux/x86 - execve /bin/sh (Push Method) Shellcode (21 bytes) Linux/x86-64 - execve /bin/sh Via Push Shellcode (23 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (17771/TCP) Shellcode (58 bytes) Linux/x86 - exit(0) Shellcode (6 bytes) Linux/x86 - execve /bin/sh Shellcode (26 bytes) Linux/x86 - execve /bin/sh Shellcode (21 bytes) (1) Linux/x86 - chmod 777 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - Shutdown(init 0) Shellcode (30 bytes) Linux/x86 - Read /etc/passwd Shellcode (58 bytes) Linux/x86 - mkdir HACK + chmod 777 + exit(0) Shellcode (29 bytes) Linux/x86 - Bind Netcat Shell (5555/TCP) Shellcode (60 bytes) Linux/x86-64 - execve /bin/sh Null-Free Shellcode (30 bytes) Linux/x86 - Download File + Execute Shellcode Linux/x86 - Reboot Shellcode (28 bytes) Linux/x86 - execve /bin/sh Shellcode (23 bytes) Linux/x86 - chmod 0777 /etc/passwd Shellcode (42 bytes) Linux/x86 - chmod /etc/gshadow Shellcode (37 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (42 bytes) Linux/x86 - exec /bin/dash Shellcode (45 bytes) Linux/x86-64 - execve Encoded Shellcode (57 bytes) Linux/x86 - execve /bin/sh ROT7 Encoded Shellcode Windows XP SP3 x86 (Turkish) - MessageBox Shellcode (24 bytes) Linux/x86 - Egghunter Shellcode (19 bytes) Windows x86 - user32!MessageBox _Hello World!_ Null-Free Shellcode (199 bytes) Linux/x86 - execve /bin/sh ROL/ROR Encoded Shellcode Windows 2003 x64 - Token Stealing Shellcode (59 bytes) Linux/x86 - execve /bin/bash Shellcode (31 bytes) Linux/x86 - execve(_/bin/cat__ [_/bin/cat__ _/etc/passwd_]_ NULL) Shellcode (75 bytes) Linux/x86-64 - execve /bin/sh Shellcode (34 bytes) Linux/x86-64 - execve Shellcode (22 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (1234) Shell (31173/TCP) Shellcode (92 bytes) Linux/x86-64 - Egghunter Shellcode (24 bytes) Linux/x86-64 - execve Polymorphic Shellcode (31 bytes) Linux/x86-64 - execve Shellcode (22 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (1234) Shell (31173/TCP) Shellcode (92 bytes) Linux/x86-64 - Egghunter Shellcode (24 bytes) Linux/x86-64 - execve Polymorphic Shellcode (31 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (103 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (hack) Shell (4444/TCP) Null-Free Shellcode (162 bytes) Linux/x86 - execve /bin/sh Shellcode (24 bytes) (1) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free Shellcode (151 bytes) Linux/x86-64 - Egghunter Shellcode (18 bytes) Linux/x86 - Egghunter Shellcode (13 bytes) Linux/x86-64 - execve XOR/NOT/DIV Encoded Shellcode (54 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (103 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (hack) Shell (4444/TCP) Null-Free Shellcode (162 bytes) Linux/x86 - execve /bin/sh Shellcode (24 bytes) (1) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free Shellcode (151 bytes) Linux/x86-64 - Egghunter Shellcode (18 bytes) Linux/x86 - Egghunter Shellcode (13 bytes) Linux/x86-64 - execve XOR/NOT/DIV Encoded Shellcode (54 bytes) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (122 bytes) Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (135 bytes) Linux/x86 - Download File + Execute Shellcode (135 bytes) Linux/x86-64 - execve Stack Polymorphic Shellcode (47 bytes) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (122 bytes) Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (135 bytes) Linux/x86 - Download File + Execute Shellcode (135 bytes) Linux/x86-64 - execve Stack Polymorphic Shellcode (47 bytes) Windows x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.2:1234/TCP) Shellcode (134 bytes) Linux/x86-64 - execve /bin/sh Shellcode (26 bytes) Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (1) Linux/x86-64 - execve /bin/bash Shellcode (33 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (81 bytes) Linux/x86-64 - Read /etc/passwd Shellcode (65 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (86 bytes) Windows x86 - URLDownloadToFileA() (http://192.168.86.130/sample.exe) + SetFileAttributesA() (pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes) Linux/x86 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (1250 bytes) Windows x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.2:1234/TCP) Shellcode (134 bytes) Linux/x86-64 - execve /bin/sh Shellcode (26 bytes) Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (1) Linux/x86-64 - execve /bin/bash Shellcode (33 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (81 bytes) Linux/x86-64 - Read /etc/passwd Shellcode (65 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (86 bytes) Windows x86 - URLDownloadToFileA() (http://192.168.86.130/sample.exe) + SetFileAttributesA() (pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes) Linux/x86 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (1250 bytes) Windows .Net Framework x86 - Execute Native x86 Shellcode Linux/x86-64 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (199 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes) Windows .Net Framework x86 - Execute Native x86 Shellcode Linux/x86-64 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (199 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes) Linux/x86-64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes) Linux/x86 - Bind TCP /bin/bash Shell (4444/TCP) Shellcode (656 bytes) Linux/x86-64 - execve XOR Encoded Shellcode (84 bytes) Linux/x86-64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes) Linux/x86 - Bind TCP /bin/bash Shell (4444/TCP) Shellcode (656 bytes) Linux/x86-64 - execve XOR Encoded Shellcode (84 bytes) Windows x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (13337/TCP) Shellcode (56 bytes) Windows x86 - system(_systeminfo_) Shellcode (224 bytes) Windows x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (13337/TCP) Shellcode (56 bytes) Windows x86 - system(_systeminfo_) Shellcode (224 bytes) Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode (250 bytes) Linux/x86 - execve /bin/sh + ASLR Bruteforce Shellcode Linux/x86-64 - Reverse TCP cat /etc/passwd (192.168.86.128:1472/TCP) Shellcode (164 bytes) Linux/x86-64 - Bind Netcat Shell Null-Free Shellcode (64 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (98 bytes) Linux/x86-64 - Bind Ncat Shell (4442/TCP) / SSL / Multi-Channel (4444-4447/TCP) / Persistant / Fork / IPv4/6 / Password Null-Free Shellcode (176 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.227.129:4444/TCP) Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Null-Free Shellcode (172 bytes) Linux/x86 - Reverse Xterm Shell (127.1.1.1:10) Shellcode (68 bytes) Linux/x86-64 - Bind TCP Shell (4442/TCP) / Syscall Persistent / Multi-Terminal (4444-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes) Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode (250 bytes) Linux/x86 - execve /bin/sh + ASLR Bruteforce Shellcode Linux/x86-64 - Reverse TCP cat /etc/passwd (192.168.86.128:1472/TCP) Shellcode (164 bytes) Linux/x86-64 - Bind Netcat Shell Null-Free Shellcode (64 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (98 bytes) Linux/x86-64 - Bind Ncat Shell (4442/TCP) / SSL / Multi-Channel (4444-4447/TCP) / Persistant / Fork / IPv4/6 / Password Null-Free Shellcode (176 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.227.129:4444/TCP) Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Null-Free Shellcode (172 bytes) Linux/x86 - Reverse Xterm Shell (127.1.1.1:10) Shellcode (68 bytes) Linux/x86-64 - Bind TCP Shell (4442/TCP) / Syscall Persistent / Multi-Terminal (4444-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes) Linux/x86 - execve /bin/sh Shellcode (19 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4:46357/TCP) / Subtle Probing / Timer / Burst / Password (la crips) / Multi-Terminal Shellcode (84/122/172 bytes) Windows 7 x86 - localhost Port Scanner Shellcode (556 bytes) Linux/x86 - Bind Netcat Shell (98/TCP + UDP) Shellcode (44/52 bytes) Linux/x86 - Bind TCP /bin/zsh Shell (9090/TCP) Shellcode (96 bytes) Linux/x86 - Reverse TCP /bin/zsh Shell (127.255.255.254:9090/TCP) Shellcode (80 bytes) Windows x86 - MessageBoxA Shellcode (242 bytes) Windows x86 - CreateProcessA cmd.exe Shellcode (253 bytes) Windows x86 - InitiateSystemShutdownA() Shellcode (599 bytes) Windows x64 - cmd.exe WinExec() Shellcode (93 bytes) Windows x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes) Windows x64 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Injection Shellcode (694 bytes) Linux/x86-64 - execve /bin/sh -c reboot Shellcode (89 bytes) Windows x64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes) Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Linux/x86 - execve /bin/bash -c Arbitrary Command Execution Null-Free Shellcode (72 bytes) Windows x64 - Bind TCP Password (h271508F) Shell (2493/TCP) Shellcode (825 bytes) Windows x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes) Linux/x86-64 - mkdir Shellcode (25 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (87 bytes) Linux/x86-64 - execve /bin/sh Shellcode (22 bytes) Linux/x86 - execve /bin/sh Shellcode (19 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4:46357/TCP) / Subtle Probing / Timer / Burst / Password (la crips) / Multi-Terminal Shellcode (84/122/172 bytes) Windows 7 x86 - localhost Port Scanner Shellcode (556 bytes) Linux/x86 - Bind Netcat Shell (98/TCP + UDP) Shellcode (44/52 bytes) Linux/x86 - Bind TCP /bin/zsh Shell (9090/TCP) Shellcode (96 bytes) Linux/x86 - Reverse TCP /bin/zsh Shell (127.255.255.254:9090/TCP) Shellcode (80 bytes) Windows x86 - MessageBoxA Shellcode (242 bytes) Windows x86 - CreateProcessA cmd.exe Shellcode (253 bytes) Windows x86 - InitiateSystemShutdownA() Shellcode (599 bytes) Windows x64 - cmd.exe WinExec() Shellcode (93 bytes) Windows x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes) Windows x64 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Injection Shellcode (694 bytes) Linux/x86-64 - execve /bin/sh -c reboot Shellcode (89 bytes) Windows x64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes) Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Linux/x86 - execve /bin/bash -c Arbitrary Command Execution Null-Free Shellcode (72 bytes) Windows x64 - Bind TCP Password (h271508F) Shell (2493/TCP) Shellcode (825 bytes) Windows x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes) Linux/x86-64 - mkdir Shellcode (25 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (87 bytes) Linux/x86-64 - execve /bin/sh Shellcode (22 bytes) Linux/x86 - Reverse TCP /bin/sh Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes) Windows x86 - SE_DACL_PROTECTED Protect Process Shellcode (229 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes) Linux/x86 - SELinux Permissive Mode Switcher Shellcode (45 bytes) Linux/x86-64 - Egghunter Shellcode (38 bytes) Windows x86 - Executable Directory Search Null-Free Shellcode (130 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (54 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.45:4444/TCP) Shellcode (84 bytes) Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 bytes) Linux/x86-64 - setuid(0) + execve(/bin/sh) Polymorphic Shellcode (31 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Polymorphic Shellcode (47 bytes) Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1337) Shellcode (72 bytes) Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) Polymorphic Shellcode (106 bytes) Windows x86 - Hide Console Window Shellcode (182 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (127.1.1.1:8888/TCP) Null-Free Shellcode (67/69 bytes) Linux/x86 - execve /bin/dash Shellcode (30 bytes) Windows x86 - SE_DACL_PROTECTED Protect Process Shellcode (229 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes) Linux/x86 - SELinux Permissive Mode Switcher Shellcode (45 bytes) Linux/x86-64 - Egghunter Shellcode (38 bytes) Windows x86 - Executable Directory Search Null-Free Shellcode (130 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (54 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.45:4444/TCP) Shellcode (84 bytes) Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 bytes) Linux/x86-64 - setuid(0) + execve(/bin/sh) Polymorphic Shellcode (31 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Polymorphic Shellcode (47 bytes) Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1337) Shellcode (72 bytes) Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) Polymorphic Shellcode (106 bytes) Windows x86 - Hide Console Window Shellcode (182 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (127.1.1.1:8888/TCP) Null-Free Shellcode (67/69 bytes) Linux/x86 - execve /bin/dash Shellcode (30 bytes) Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (53 bytes) Linux/x86 - exceve /bin/sh Encoded Shellcode (44 bytes) Linux/x86 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (44 bytes) Linux/x86 - Read /etc/passwd Shellcode (54 bytes) Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Null-Free Shellcode (67 bytes) Linux/x86 - Reverse TCP /bin/bash Shell (192.168.3.119:54321/TCP) Shellcode (110 bytes) Linux/x86-64 - execve /bin/sh Shellcode (21 bytes) Linux/x86 - execve /bin/sh Shellcode (21 bytes) Windows 10 x64 - Egghunter Shellcode (45 bytes) Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (2) Linux/x86 - Egghunter Shellcode (18 bytes) Linux/x86 - Disable ASLR Security Shellcode (80 bytes) Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Null-Free Shellcode (113 bytes) Linux/ARM - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (79 bytes) Linux/ARM - chmod(_/etc/passwd__ 0777) Shellcode (39 bytes) Linux/ARM - creat(_/root/pwned__ 0777) Shellcode (39 bytes) Linux/ARM - execve(_/bin/sh__ []_ [0 vars]) Shellcode (35 bytes) Linux/ARM - execve(_/bin/sh__NULL_0) Shellcode (31 bytes) Android/ARM - Reverse TCP /system/bin/sh Shell (10.0.2.2:0x3412/TCP) Shellcode (79 bytes) Linux/StrongARM - setuid() Shellcode (20 bytes) Linux/StrongARM - execve(/bin/sh) Shellcode (47 bytes) Linux/StrongARM - Bind TCP /bin/sh Shell Shellcode (203 bytes) Linux/SPARC - setreuid(0_0) + execve(/bin/sh) Shellcode (64 bytes) Linux/SuperH (sh4) - execve(_/bin/sh__ 0_ 0) Shellcode (19 bytes) Linux/SuperH (sh4) - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (132 bytes) Linux/SPARC - setreuid(0_0) + standard execve() Shellcode (72 bytes) Linux/x86-64 - Execute /bin/sh Shellcode (27 bytes) Linux/x86-64 - Execute /bin/sh Shellcode (24 bytes) Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes) Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes) Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) Shellcode (43 bytes) Linux/x86 - exceve /bin/sh Encoded Shellcode (44 bytes) Linux/x86 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (44 bytes) Linux/x86 - Read /etc/passwd Shellcode (54 bytes) Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Null-Free Shellcode (67 bytes) Linux/x86 - Reverse TCP /bin/bash Shell (192.168.3.119:54321/TCP) Shellcode (110 bytes) Linux/x86-64 - execve /bin/sh Shellcode (21 bytes) Linux/x86 - execve /bin/sh Shellcode (21 bytes) Windows 10 x64 - Egghunter Shellcode (45 bytes) Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (2) Linux/x86 - Egghunter Shellcode (18 bytes) Linux/x86 - Disable ASLR Security Shellcode (80 bytes) Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Null-Free Shellcode (113 bytes) Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (1) Linux/x86 - execve /bin/sh + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes) Linux/x86-64 - execve /bin/sh Shellcode (24 bytes) Linux/x86 - Reverse UDP /bin/sh Shell (127.0.0.1:53/UDP) Shellcode (668 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.8:4444/TCP) Shellcode (104 bytes) Linux x86 - execve /bin/sh Shellcode (24 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.2:4444/TCP) Shellcode (153 bytes) Linux/x86-64 - Kill All Processes Shellcode (19 bytes) Linux/x86-64 - Fork Bomb Shellcode (11 bytes) Linux/x86 - Fork Bomb Shellcode (9 bytes) Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (1) Linux/x86 - execve /bin/sh + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes) Linux/x86-64 - execve /bin/sh Shellcode (24 bytes) Linux/x86 - Reverse UDP /bin/sh Shell (127.0.0.1:53/UDP) Shellcode (668 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.8:4444/TCP) Shellcode (104 bytes) Linux x86 - execve /bin/sh Shellcode (24 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.2:4444/TCP) Shellcode (153 bytes) Linux/x86-64 - Kill All Processes Shellcode (19 bytes) Linux/x86-64 - Fork Bomb Shellcode (11 bytes) Linux/x86 - Fork Bomb Shellcode (9 bytes) Linux/x86-64 - mkdir() 'evil' Shellcode (30 bytes) Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (30 bytes) Windows x64 - API Hooking Shellcode (117 bytes) Linux/x86-64 - mkdir() 'evil' Shellcode (30 bytes) Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (30 bytes) Windows x64 - API Hooking Shellcode (117 bytes)	2018-01-13 05:02:13 +00:00

42 commits